|
|
@ -1,29 +1,44 @@ |
|
|
|
#!/bin/bash |
|
|
|
#!/bin/bash |
|
|
|
set -euo pipefail |
|
|
|
die() { echo >&2 "gitea: ERROR $*" ; exit 1 ; } |
|
|
|
die() { echo >&2 "$@" ; exit 1 ; } |
|
|
|
info() { echo >&2 "gitea: $*" ; } |
|
|
|
|
|
|
|
|
|
|
|
DIRNAME="$(dirname $0)" |
|
|
|
DIRNAME="$(dirname $0)" |
|
|
|
cd "$DIRNAME" |
|
|
|
cd "$DIRNAME" |
|
|
|
|
|
|
|
|
|
|
|
docker-compose down |
|
|
|
source ../env.production || die "no top level environment" |
|
|
|
|
|
|
|
source ./env.production || die "no local environment" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DATA="../data/gitea" |
|
|
|
|
|
|
|
SECRETS="$DATA/env.secrets" |
|
|
|
|
|
|
|
INI="$DATA/gitea/conf/app.ini" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -r "$SECRETS" ]; then |
|
|
|
|
|
|
|
docker-compose up -d || die "unable to start" |
|
|
|
|
|
|
|
exit 0 |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
../keycloak/client-delete gitea |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
GITEA_CLIENT_SECRET="$(openssl rand -hex 32)" |
|
|
|
GITEA_CLIENT_SECRET="$(openssl rand -hex 32)" |
|
|
|
|
|
|
|
|
|
|
|
rm -f env.secrets |
|
|
|
info "creating new secrets $SECRETS" |
|
|
|
cat <<EOF > env.secrets |
|
|
|
|
|
|
|
|
|
|
|
mkdir -p "$DATA" |
|
|
|
|
|
|
|
cat <<EOF > "$SECRETS" |
|
|
|
# DO NOT CHECK IN |
|
|
|
# DO NOT CHECK IN |
|
|
|
#GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET |
|
|
|
GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET |
|
|
|
EOF |
|
|
|
EOF |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
docker-compose down 2>/dev/null |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
../keycloak/client-delete gitea 2>/dev/null |
|
|
|
../keycloak/client-create <<EOF || die "unable to create gitea client" |
|
|
|
../keycloak/client-create <<EOF || die "unable to create gitea client" |
|
|
|
{ |
|
|
|
{ |
|
|
|
"clientId": "gitea", |
|
|
|
"clientId": "gitea", |
|
|
|
"rootUrl": "https://$GITEA_HOSTNAME", |
|
|
|
"rootUrl": "https://$GITEA_HOSTNAME", |
|
|
|
"adminUrl": "https://$GITEA_HOSTNAME", |
|
|
|
"adminUrl": "https://$GITEA_HOSTNAME", |
|
|
|
"redirectUris": [ "https://$GITEA_HOSTNAME/*" ], |
|
|
|
"redirectUris": [ "https://$GITEA_HOSTNAME/*" ], |
|
|
|
"webOrigins": [ "https://$GITEA_HOSTNAME" ] |
|
|
|
"webOrigins": [ "https://$GITEA_HOSTNAME" ], |
|
|
|
"clientAuthenticatorType": "client-secret", |
|
|
|
"clientAuthenticatorType": "client-secret", |
|
|
|
"secret": "$GITEA_CLIENT_SECRET" |
|
|
|
"secret": "$GITEA_CLIENT_SECRET" |
|
|
|
} |
|
|
|
} |
|
|
@ -32,12 +47,13 @@ EOF |
|
|
|
docker-compose up -d || die "unable to start container" |
|
|
|
docker-compose up -d || die "unable to start container" |
|
|
|
|
|
|
|
|
|
|
|
echo SLEEPING |
|
|
|
echo SLEEPING |
|
|
|
sleep 30 |
|
|
|
sleep 10 |
|
|
|
|
|
|
|
|
|
|
|
test -f ./data/app.ini || die "missing data/app.ini" |
|
|
|
test -f "$INI" || die "missing $INI" |
|
|
|
|
|
|
|
|
|
|
|
grep --quiet '\[openid\]' ./data/app.ini || { |
|
|
|
info "enabling OpenID in $INI" |
|
|
|
echo <<EOF >>./data/app.ini || die "unable to enable OpenID in app.ini" |
|
|
|
grep --quiet '\[openid\]' "$INI" || { |
|
|
|
|
|
|
|
echo <<EOF >> "$INI" || die "unable to enable OpenID in $INI" |
|
|
|
;service] |
|
|
|
;service] |
|
|
|
; Only allow registering via OpenID |
|
|
|
; Only allow registering via OpenID |
|
|
|
;DISABLE_REGISTRATION = false |
|
|
|
;DISABLE_REGISTRATION = false |
|
|
@ -50,5 +66,6 @@ ENABLE_OPENID_SIGNUP = true |
|
|
|
EOF |
|
|
|
EOF |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
echo "TODO: Configure openID by visiting login.${DOMAIN_NAME}/ |
|
|
|
info "restarting" |
|
|
|
|
|
|
|
docker-compose down |
|
|
|
|
|
|
|
docker-compose up -d || die "unable to start container" |
|
|
|