gitea: rework setup for new file layout

single-dockerfile
Trammell Hudson 3 years ago
parent b328453644
commit d23ff66f6d
  1. 4
      gitea/docker-compose.yaml
  2. 1
      gitea/env.production
  3. 45
      gitea/setup
  4. 2
      nginx/certbot-renew
  5. 11
      nginx/nginx/templates/git.conf.template

@ -10,14 +10,14 @@ services:
env_file:
- ../env.production
- env.production
- env.secrets
- ../data/gitea/env.secrets
environment:
- USER_UID=1000
- USER_GID=1000
networks:
- gitea
volumes:
- ./data/gitea:/data
- ../data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:

@ -0,0 +1 @@
# gitea config

@ -1,29 +1,44 @@
#!/bin/bash
set -euo pipefail
die() { echo >&2 "$@" ; exit 1 ; }
die() { echo >&2 "gitea: ERROR $*" ; exit 1 ; }
info() { echo >&2 "gitea: $*" ; }
DIRNAME="$(dirname $0)"
cd "$DIRNAME"
docker-compose down
source ../env.production || die "no top level environment"
source ./env.production || die "no local environment"
DATA="../data/gitea"
SECRETS="$DATA/env.secrets"
INI="$DATA/gitea/conf/app.ini"
if [ -r "$SECRETS" ]; then
docker-compose up -d || die "unable to start"
exit 0
fi
../keycloak/client-delete gitea
GITEA_CLIENT_SECRET="$(openssl rand -hex 32)"
rm -f env.secrets
cat <<EOF > env.secrets
info "creating new secrets $SECRETS"
mkdir -p "$DATA"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN
#GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
EOF
docker-compose down 2>/dev/null
../keycloak/client-delete gitea 2>/dev/null
../keycloak/client-create <<EOF || die "unable to create gitea client"
{
"clientId": "gitea",
"rootUrl": "https://$GITEA_HOSTNAME",
"adminUrl": "https://$GITEA_HOSTNAME",
"redirectUris": [ "https://$GITEA_HOSTNAME/*" ],
"webOrigins": [ "https://$GITEA_HOSTNAME" ]
"webOrigins": [ "https://$GITEA_HOSTNAME" ],
"clientAuthenticatorType": "client-secret",
"secret": "$GITEA_CLIENT_SECRET"
}
@ -32,12 +47,13 @@ EOF
docker-compose up -d || die "unable to start container"
echo SLEEPING
sleep 30
sleep 10
test -f ./data/app.ini || die "missing data/app.ini"
test -f "$INI" || die "missing $INI"
grep --quiet '\[openid\]' ./data/app.ini || {
echo <<EOF >>./data/app.ini || die "unable to enable OpenID in app.ini"
info "enabling OpenID in $INI"
grep --quiet '\[openid\]' "$INI" || {
echo <<EOF >> "$INI" || die "unable to enable OpenID in $INI"
;service]
; Only allow registering via OpenID
;DISABLE_REGISTRATION = false
@ -50,5 +66,6 @@ ENABLE_OPENID_SIGNUP = true
EOF
}
echo "TODO: Configure openID by visiting login.${DOMAIN_NAME}/
info "restarting"
docker-compose down
docker-compose up -d || die "unable to start container"

@ -7,7 +7,7 @@ cd "$DIRNAME"
source ../env.production
source ./env.production
domain_args="-d $DOMAIN_NAME,$KEYCLOAK_HOSTNAME,$HEDGEDOC_HOSTNAME,$MASTODON_HOSTNAME,$NEXTCLOUD_HOSTNAME,$GRAFANA_HOSTNAME,$MATRIX_HOSTNAME"
domain_args="-d $DOMAIN_NAME,$KEYCLOAK_HOSTNAME,$HEDGEDOC_HOSTNAME,$MASTODON_HOSTNAME,$NEXTCLOUD_HOSTNAME,$GRAFANA_HOSTNAME,$MATRIX_HOSTNAME,$GITEA_HOSTNAME"
rsa_key_size=2048
set -x

@ -1,8 +1,3 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name ${GITEA_HOSTNAME};
client_max_body_size 128m;
@ -27,9 +22,9 @@ server {
}
# login with OIDC
location /user/login {
return 302 https://login.hackerspace.zone/;
}
# location /user/login {
# return 302 https://login.hackerspace.zone/;
# }
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;

Loading…
Cancel
Save