gitea to forgejo

2023-01-03 11:36:37 +01:00 · 2023-01-03 11:36:37 +01:00 · f369998d15
commit f369998d15
parent b77d7d5784
23 changed files with 237 additions and 426 deletions
--- a/seed/forgejo/DEBUG.md
+++ b/seed/forgejo/DEBUG.md
@ -0,0 +1,10 @@
 Créer un utilisateur
 =====================
 su - forgejo -s /bin/bash -c "forgejo admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/forgejo/app.ini"
 DEBUG
 =====
 sed -i 's/info/debug/g' /etc/forgejo/app.ini 
 systemctl restart forgejo
--- a/seed/forgejo/applicationservice.yml
+++ b/seed/forgejo/applicationservice.yml
@ -1,6 +1,6 @@
 format: '0.1'
-description: Gitea, a community managed lightweight code hosting solution
+description: Forgejo, a community managed lightweight code hosting solution
-website: https://gitea.io/
+website: https://forgejo.org/
 depends:
  - base-fedora-36
  - postgresql-client
--- a/seed/forgejo/dictionaries/31_forgejo.xml
+++ b/seed/forgejo/dictionaries/31_forgejo.xml
@ -1,11 +1,11 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <rougail version="0.10">
  <services>
-    <service name="gitea" target="multi-user" engine="cheetah">
+    <service name="forgejo" target="multi-user" engine="cheetah">
-      <file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
+      <file engine="none" source="sysuser-forgejo.conf">/sysusers.d/0forgejo.conf</file>
-      <file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
+      <file engine="none" source="tmpfile-forgejo.conf">/tmpfiles.d/0forgejo.conf</file>
-      <file>/etc/gitea/app.ini</file>
+      <file>/etc/forgejo/app.ini</file>
-      <file>/tests/gitea.yml</file>
+      <file>/tests/forgejo.yml</file>
    </service>
  </services>
  <variables>
@ -16,17 +16,17 @@
    </family>
    <family name="redis" description="Redis">
      <variable name="redis_client_key_owner" redefine="True">
-        <value>gitea</value>
+        <value>forgejo</value>
      </variable>
    </family>
-    <family name="gitea" description="Gitea" help="Git forge Gitea">
+    <family name="forgejo" description="Gitea" help="Git forge Gitea">
-      <variable name="gitea_title" mandatory="True" description="Titre de la forge">
+      <variable name="forgejo_title" mandatory="True" description="Titre de la forge">
        <value>Gitea: Git avec une tasse de thé</value>
      </variable>
-      <variable name="gitea_mail_sender" type="mail" description="Les courriels sont envoyés à partir de cet adresse" mandatory="True"/>
+      <variable name="forgejo_mail_sender" type="mail" description="Les courriels sont envoyés à partir de cet adresse" mandatory="True"/>
-      <variable name="gitea_secret_key" type="password" hidden="True"/>
+      <variable name="forgejo_secret_key" type="password" hidden="True"/>
-      <variable name="gitea_internal_token" type="password" hidden="True"/>
+      <variable name="forgejo_internal_token" type="password" hidden="True"/>
-      <variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
+      <variable name="forgejo_lfs_jwt_secret" type="password" hidden="True"/>
    </family>
    <family name="revprox">
      <family name="revprox_client">
@ -38,10 +38,10 @@
        <value>3000</value>
      </variable>
      <variable name="revprox_client_cert_owner" redefine="True">
-        <value>gitea</value>
+        <value>forgejo</value>
      </variable>
      <variable name="revprox_client_cert_group" redefine="True">
-        <value>gitea</value>
+        <value>forgejo</value>
      </variable>
    </family>
    <family name="oauth2_client">
@ -72,29 +72,29 @@
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username">secret_key</param>
-      <param name="description">gitea</param>
+      <param name="description">forgejo</param>
      <param name="type">cleartext</param>
      <param name="hide" type="variable">hide_secret</param>
      <param name="length" type="number">105</param>
-      <target>gitea_secret_key</target>
+      <target>forgejo_secret_key</target>
    </fill>
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username">internal_token</param>
-      <param name="description">gitea</param>
+      <param name="description">forgejo</param>
      <param name="type">cleartext</param>
      <param name="hide" type="variable">hide_secret</param>
      <param name="length" type="number">105</param>
-      <target>gitea_internal_token</target>
+      <target>forgejo_internal_token</target>
    </fill>
    <fill name="get_password">
      <param name="server_name" type="variable">domain_name_eth0</param>
      <param name="username">lfs_jwt_secret</param>
-      <param name="description">gitea</param>
+      <param name="description">forgejo</param>
      <param name="type">cleartext</param>
      <param name="hide" type="variable">hide_secret</param>
      <param name="length" type="number">43</param>
-      <target>gitea_lfs_jwt_secret</target>
+      <target>forgejo_lfs_jwt_secret</target>
    </fill>
    <fill name="calc_oauth2_client_login">
      <param type="variable" optional="True">revprox_client_external_domainnames</param>
--- a/seed/forgejo/manual/image/postinstall/forgejo.sh
+++ b/seed/forgejo/manual/image/postinstall/forgejo.sh
@ -0,0 +1,26 @@
 #!/bin/bash
 set -ex
 gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
 JSON==$(wget -q 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?draft=false&pre-release=false&limit=1' --header 'accept: application/json' -O -)
 VERS=$(echo JSON| jq -r '.[0].name')
 mkdir -p ~/forgejo/
 if [ ! -f ~/"forgejo/forgejo-$VERS-linux-amd64.xz" ]; then
    rm -rf ~/"forgejo/forgejo-*-linux-amd64.xz"
    wget $(echo $JSON | jq -r '.[0].assets | map(select(.name | endswith("linux-amd64.xz"))) | .[0].browser_download_url') -O ~/"forgejo/forgejo-$VERS-linux-amd64.xz"
 fi
 if [ ! -f ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" ]; then
    rm -rf ~/"forgejo/forgejo-*-linux-amd64.xz.asc"
    wget $(echo $JSON | jq -r '.[0].assets | map(select(.name | endswith("linux-amd64.xz"))) | .[0].browser_download_url') -O ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc"
 fi
 gpg --verify ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" ~/"forgejo/forgejo-$VERS-linux-amd64.xz"
 cp -a ~/"forgejo/forgejo-$VERS-linux-amd64.xz" .
 xz -d "forgejo-$VERS-linux-amd64.xz"
 mv "forgejo-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/forgejo"
 chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/forgejo"
--- a/seed/forgejo/manual/image/preinstall/forgejo.sh
+++ b/seed/forgejo/manual/image/preinstall/forgejo.sh
--- a/seed/forgejo/templates/app.ini
+++ b/seed/forgejo/templates/app.ini
@ -1,6 +1,6 @@
-# GNUNUX https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
+# GNUNUX https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/custom/conf/app.example.ini
-APP_NAME = %%gitea_title
+APP_NAME = %%forgejo_title
-RUN_USER = gitea
+RUN_USER = forgejo
 RUN_MODE = prod
 [database]
@ -15,34 +15,37 @@ CHARSET  = utf8
 LOG_SQL  = false
 [repository]
-ROOT = /srv/gitea/lib/data/gitea-repositories
+ROOT = /srv/forgejo/lib/data/forgejo-repositories
 DEFAULT_BRANCH = main
 [server]
 SSH_DOMAIN       = %%revprox_client_external_domainnames[0]
 DOMAIN           = %%revprox_client_external_domainnames[0]
 HTTP_PORT        = 3000
-ROOT_URL         = https://%%revprox_client_external_domainnames[0]/gitea/
+ROOT_URL         = https://%%revprox_client_external_domainnames[0]%%revprox_client_external_domainnames[0]revprox_client_location
 LOCAL_ROOT_URL   = https://%%domain_name_eth0:3000/
 DISABLE_SSH      = false
 START_SSH_SERVER = true
 SSH_LISTEN_PORT  = 2222
 SSH_PORT         = 2222
 LFS_START_SERVER = true
-LFS_CONTENT_PATH = /srv/gitea/lib/data/lfs
+LFS_JWT_SECRET   = %%forgejo_lfs_jwt_secret
 LFS_JWT_SECRET   = %%gitea_lfs_jwt_secret
 OFFLINE_MODE     = true
 PROTOCOL         = https
 CERT_FILE        = %%revprox_client_cert_file
 KEY_FILE         = %%revprox_client_key_file
 [lfs]
 PATH = /srv/forgejo/lib/data/lfs
 [mailer]
-ENABLED = true
+ENABLED   = true
-HOST    = %%smtp_relay_address
+SMTP_ADDR = %%smtp_relay_address
-FROM    = %%gitea_mail_sender
+SMTP_PORT = 25
-USER    = %%smtp_relay_user@%%ip_eth0
+FROM      = %%forgejo_mail_sender
-PASSWD  = %%smtp_relay_password
+USER      = %%smtp_relay_user@%%ip_eth0
-IS_TLS_ENABLED = true
+PASSWD    = %%smtp_relay_password
 PROTOCOL  = smtp+starttls
 ;USE_CERTIFICATE = false
 ;CERT_FILE = custom/mailer/cert.pem
 ;KEY_FILE = custom/mailer/key.pem
@ -97,11 +100,11 @@ HOST = network=tcp,addr=%%redis_client_server_domainname:6379,username=%%redis_c
 [log]
 MODE      = console
 LEVEL     = info
-ROOT_PATH = /srv/gitea/lib/log
+ROOT_PATH = /srv/forgejo/lib/log
 ROUTER    = console
 [security]
 INSTALL_LOCK       = true
-SECRET_KEY     = %%gitea_secret_key
+SECRET_KEY     = %%forgejo_secret_key
-INTERNAL_TOKEN     = %%gitea_internal_token
+INTERNAL_TOKEN     = %%forgejo_internal_token
 PASSWORD_HASH_ALGO = pbkdf2
--- a/seed/forgejo/templates/forgejo.service
+++ b/seed/forgejo/templates/forgejo.service
@ -0,0 +1,39 @@
 #GNUNUX https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/contrib/systemd/forgejo.service
 [Unit]
 Description=Forgejo (Beyond coding. We forge.)
 After=syslog.target
 After=network.target
 #>GNUNUX
 After=risotto.target
 #<GNUNUX
 [Service]
 # Modify these two values and uncomment them if you have
 # repos with lots of files and get an HTTP error 500 because
 # of that
 ###
 #LimitMEMLOCK=infinity
 #LimitNOFILE=65535
 RestartSec=2s
 Type=simple
 User=forgejo
 Group=forgejo
 WorkingDirectory=/srv/forgejo/lib/
 ExecStart=/usr/bin/forgejo web --config /etc/forgejo/app.ini
 ExecStartPre=/bin/bash -c '%slurp
 /usr/bin/forgejo migrate --config /etc/forgejo/app.ini;%slurp
 if /usr/bin/forgejo admin auth list --config /etc/forgejo/app.ini | grep "OAuth2"; then %slurp
  echo "UPDATE";%slurp
  id=$(/usr/bin/forgejo --config /etc/forgejo/app.ini admin auth list |tail -n 1|awk "{ print \$1}");%slurp
  /usr/bin/forgejo admin auth update-oauth --id $id --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/forgejo/app.ini;%slurp
 else %slurp
  echo "CONFIGURE";%slurp
  /usr/bin/forgejo admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/forgejo/app.ini;%slurp
 fi;%slurp
 sleep 2;%slurp
 echo "CONFIGURATION DONE"'
 Restart=always
 Environment=GITEA_WORK_DIR=/srv/forgejo/lib
 [Install]
 WantedBy=multi-user.target
--- a/seed/forgejo/templates/forgejo.yml
+++ b/seed/forgejo/templates/forgejo.yml
@ -7,4 +7,4 @@ auth_url: %%oauth2_client_external[0]
 auth_server: %%oauth2_server_domainname
 username: %%username
 password: %%get_password(server_name='test', username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
-gitea_title: "%%gitea_title"
+forgejo_title: "%%forgejo_title"
--- a/seed/forgejo/templates/sysuser-forgejo.conf
+++ b/seed/forgejo/templates/sysuser-forgejo.conf
@ -0,0 +1,2 @@
 g forgejo 999 -
 u forgejo 999:999 "Git Version Control" /srv/forgejo/home  /bin/nologin
--- a/seed/forgejo/templates/tmpfile-forgejo.conf
+++ b/seed/forgejo/templates/tmpfile-forgejo.conf
@ -0,0 +1,4 @@
 d /srv/forgejo/lib/custom 750 forgejo forgejo - -
 d /srv/forgejo/lib/data 750 forgejo forgejo - -
 d /srv/forgejo/lib/log 750 forgejo forgejo - -
 d /srv/forgejo/home 750 forgejo forgejo - -
--- a/seed/forgejo/tests/test_forgejo.py
+++ b/seed/forgejo/tests/test_forgejo.py
@ -1,11 +1,12 @@
 from yaml import load, SafeLoader
-from os import environ, makedirs
+from os import environ, makedirs, unlink
 from os.path import expandvars, isfile, isdir, dirname, join
 from re import search
-from dulwich.porcelain import init, clone, add, commit, push
+from shutil import move
-
+from glob import glob
 from tempfile import TemporaryDirectory
 from subprocess import run
 from dulwich.porcelain import init, clone, add, commit, push
 from revprox import Authentication
@ -13,8 +14,14 @@ from mookdns import MookDnsSystem
 PORT = '3000'
-GITEA_USERNAME = 'gitea'
+GITEA_USERNAME = 'forgejo'
-KEY_FILE = expandvars("$HOME/tests/risotto")
+GITEA_PORT = '2222'
 KEY_FILE = '/var/lib/risotto/srv/hosts/forgejo'
 # transition between gitea and forgejo
 GITEA_KEY_FILE = '/var/lib/risotto/srv/hosts/gitea'
 KNOWN_KEY = expandvars('$HOME/.ssh/known_hosts')
 CONFIG_SSH = expandvars('$HOME/.ssh/config')
 CONFIG_GIT = expandvars('$HOME/.gitconfig')
 AUTHENTICATION = None
@ -24,7 +31,7 @@ DATA = None
 def get_data():
    global DATA
    if not DATA:
-        conf_file = f'{environ["MACHINE_TEST_DIR"]}/gitea.yml'
+        conf_file = f'{environ["MACHINE_TEST_DIR"]}/forgejo.yml'
        with open(conf_file) as yaml:
            DATA = load(yaml, Loader=SafeLoader)
    return DATA
@ -38,11 +45,54 @@ def get_authentication(data):
                                        data['revprox_ip'],
                                        data['username'],
                                        data['password'],
-                                        f'<title>{data["username"]} - Dashboard -  {data["gitea_title"]}</title>',
+#                                        f'<title>{data["username"]} - Tableau de bord - {data["forgejo_title"]}</title>',
                                        f'<title>{data["username"]} - Dashboard - {data["forgejo_title"]}</title>',
                                        )
    return AUTHENTICATION
 class SSHConfig:
    def __enter__(self):
        self.old_file = '{CONFIG_SSH}.old'
        if isfile(CONFIG_SSH) and not isfile(self.old_file):
            move(CONFIG_SSH, self.old_file)
        with open(CONFIG_SSH, 'w') as fh:
            fh.write(f"""Host *
 User forgejo
 PubkeyAcceptedKeyTypes +ssh-rsa
 StrictHostKeyChecking no
 IdentityFile {KEY_FILE}
 """)
    def __exit__(self, *args):
        if isfile(self.old_file):
            move(self.old_file, CONFIG_SSH)
        else:
            unlink(CONFIG_SSH)
 class GITConfig:
    def __enter__(self):
        self.old_file = '{CONFIG_GIT}.old'
        if isfile(CONFIG_GIT) and not isfile(self.old_file):
            move(CONFIG_GIT, self.old_file)
        with open(CONFIG_GIT, 'w') as fh:
            conf_file = f'{environ["MACHINE_TEST_DIR"]}/reverse-proxy.yml'
            with open(conf_file) as yaml:
                data = load(yaml, Loader=SafeLoader)
            path = join(environ["MACHINE_TEST_DIR"], data["ca_certificate"])
            cert = glob(path)
            fh.write(f"""[http]
    sslCAInfo = {cert[0]}
 """)
    def __exit__(self, *args):
        if isfile(self.old_file):
            move(self.old_file, CONFIG_GIT)
        else:
            unlink(CONFIG_GIT)
 def get_info(authentication,
             url,
             with_uid=False,
@ -77,7 +127,7 @@ def get_info(authentication,
 def add_ssh_key(authentication, data):
-    # Send key to gitea
+    # Send key to forgejo
    url = f'{data["base_url"]}user/settings/keys'
    is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
    if is_already_key:
@ -87,7 +137,7 @@ def add_ssh_key(authentication, data):
        key_dir = dirname(KEY_FILE)
        if not isdir(key_dir):
            makedirs(key_dir)
-        cmd = ['/usr/bin/ssh-keygen', '-N', '', '-f', KEY_FILE]
+        cmd = ['/usr/bin/ssh-keygen', '-t', 'rsa', '-N', '', '-f', KEY_FILE]
        run(cmd)
    with open(f'{KEY_FILE}.pub') as fh:
        key = fh.read()
@ -104,12 +154,12 @@ def delete_ssh_key(authentication, data):
    is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
-def test_gitea():
+def test_forgejo():
    data = get_data()
    get_authentication(data)
-def test_gitea_repos():
+def test_forgejo_repos():
    data = get_data()
    authentication = get_authentication(data)
    if 'FIRST_RUN' in environ:
@ -124,7 +174,7 @@ def test_gitea_repos():
    assert json['data'][0]['full_name'] == f'{username}/test_persistent'
-def test_gitea_create_repo():
+def test_forgejo_create_repo():
    data = get_data()
    authentication = get_authentication(data)
    url = f'{data["base_url"]}repo/create'
@ -144,24 +194,31 @@ def test_repo():
    if 'FIRST_RUN' in environ:
    #    delete_ssh_key(authentication, data)
        add_ssh_key(authentication, data)
    if not isfile(KEY_FILE):
        if isfile(GITEA_KEY_FILE):
            move(GITEA_KEY_FILE, KEY_FILE)
            move(GITEA_KEY_FILE + '.pub', KEY_FILE + '.pub')
        else:
            raise Exception(f'cannot find ssh key "{KEY_FILE}", do you run with FIRST_RUN?')
    with TemporaryDirectory() as tmpdirname:
        username = data['username'].split('@', 1)[0]
        dns = data['base_url'].split('/', 3)[2]
-        ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test.git'
+        ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:{GITEA_PORT}/{username}/test.git'
-        with MookDnsSystem(dns, data['ip']):
+        with SSHConfig():
-            filename = join(tmpdirname, 'test.txt')
+            with MookDnsSystem(dns, data['ip']):
-            with open(filename, 'w') as fh:
+                filename = join(tmpdirname, 'test.txt')
-                fh.write('test')
+                with open(filename, 'w') as fh:
-            repo = init(tmpdirname)
+                    fh.write('test')
-            add(repo, filename)
+                repo = init(tmpdirname)
-            commit(repo, message=b'test commit')
+                add(repo, filename)
-            push(repo=repo,
+                commit(repo, message=b'test commit')
-                 remote_location=ssh_url,
+                push(repo=repo,
-                 refspecs='master',
+                     remote_location=ssh_url,
-            )
+                     refspecs='master',
-            lst = list(repo.get_walker())
+                )
-            assert len(lst) == 1
+                lst = list(repo.get_walker())
-            assert lst[0].commit.message == b'test commit'
+                assert len(lst) == 1
                assert lst[0].commit.message == b'test commit'
 def test_clone_http():
@ -174,14 +231,19 @@ def test_clone_http():
        username = data['username'].split('@', 1)[0]
        dns = data['base_url'].split('/', 3)[2]
        http_url = f'{data["base_url"]}{username}/test.git'
-        with MookDnsSystem(dns, data['revprox_ip']):
+        with SSHConfig():
-            repo = clone(http_url, tmpdirname)
+            with MookDnsSystem(dns, data['revprox_ip']):
-            lst = list(repo.get_walker())
+                try:
-            assert len(lst) == 1
+                    repo = clone(http_url, tmpdirname)
-            assert lst[0].commit.message == b'test commit'
+                except:
                    with GITConfig():
                        repo = clone(http_url, tmpdirname)
                lst = list(repo.get_walker())
                assert len(lst) == 1
                assert lst[0].commit.message == b'test commit'
-def test_gitea_delete_repo():
+def test_forgejo_delete_repo():
    repo_name = 'test'
    data = get_data()
    authentication = get_authentication(data)
@ -206,21 +268,22 @@ def test_repo_persistent():
    with TemporaryDirectory() as tmpdirname:
        username = data['username'].split('@', 1)[0]
        dns = data['base_url'].split('/', 3)[2]
-        ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test_persistent.git'
+        ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:{GITEA_PORT}/{username}/test_persistent.git'
-        with MookDnsSystem(dns, data['ip']):
+        with SSHConfig():
-            if 'FIRST_RUN' in environ:
+            with MookDnsSystem(dns, data['ip']):
-                filename = join(tmpdirname, 'test.txt')
+                if 'FIRST_RUN' in environ:
-                with open(filename, 'w') as fh:
+                    filename = join(tmpdirname, 'test.txt')
-                    fh.write('test')
+                    with open(filename, 'w') as fh:
-                repo = init(tmpdirname)
+                        fh.write('test')
-                add(repo, filename)
+                    repo = init(tmpdirname)
-                commit(repo, message=b'test commit')
+                    add(repo, filename)
-                push(repo=repo,
+                    commit(repo, message=b'test commit')
-                     remote_location=ssh_url,
+                    push(repo=repo,
-                     refspecs='master',
+                         remote_location=ssh_url,
-                )
+                         refspecs='master',
-            else:
+                    )
-                repo = clone(ssh_url, tmpdirname)
+                else:
-            lst = list(repo.get_walker())
+                    repo = clone(ssh_url, tmpdirname)
-            assert len(lst) == 1
+                lst = list(repo.get_walker())
-            assert lst[0].commit.message == b'test commit'
+                assert len(lst) == 1
                assert lst[0].commit.message == b'test commit'
--- a/seed/gitea/DEBUG.md
+++ b/seed/gitea/DEBUG.md
@ -1,10 +0,0 @@
 Créer un utilisateur
 =====================
 su - gitea -s /bin/bash -c "gitea admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/gitea/app.ini"
 DEBUG
 =====
 sed -i 's/info/debug/g' /etc/gitea/app.ini 
 systemctl restart gitea
--- a/seed/gitea/README.md
+++ b/seed/gitea/README.md
@ -1,88 +0,0 @@
 ---
 gitea: none
 include_toc: true
 ---
 # gitea
 [All applications services for this dataset.](../README.md)
 ## Description
 Gitea, a community managed lightweight code hosting solution.
 [For more informations](https://gitea.io/)
 ## Dependances
 - [base-fedora-36](../base-fedora-36/README.md)
  - [base-fedora](../base-fedora/README.md)
    - [systemd](../systemd/README.md)
      - [base-machine](../base-machine/README.md)
        - [base](../base/README.md)
        - [dns-local](../dns-local/README.md)
 - [postgresql-client](../postgresql-client/README.md)
 - [reverse-proxy-client](../reverse-proxy-client/README.md)
 - [relay-mail-client](../relay-mail-client/README.md)
 - [redis-client](../redis-client/README.md)
 - [oauth2-client](../oauth2-client/README.md)
 ## Variables
 ### Général (*general*)
 #### network (*general.network*)
 | Description                                       |   Values |
 |---------------------------------------------------|----------|
 | *[**incoming_ports**](dictionaries/31_gitea.xml)* |     2222 |
 #### Redis (*general.redis*)
 | Description                                               | Values   |
 |-----------------------------------------------------------|----------|
 | *[**redis_client_key_owner**](dictionaries/31_gitea.xml)* | gitea    |
 #### Gitea (*general.gitea*)
 Git forge Gitea
 | Description                                                                                               | Values                           | Type                                                                                                                   |
 |-----------------------------------------------------------------------------------------------------------|----------------------------------|------------------------------------------------------------------------------------------------------------------------|
 | **Titre de la forge** (*[gitea_title](dictionaries/31_gitea.xml)*)                                        | Gitea: Git avec une tasse de thé | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) |
 | **Les courriels sont envoyés à partir de cet adresse** (*[gitea_mail_sender](dictionaries/31_gitea.xml)*) |                                  | [mail](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable)   |
 #### revprox (*general.revprox*)
 | Description                                                  | Values   |
 |--------------------------------------------------------------|----------|
 | *[**revprox_client_port**](dictionaries/31_gitea.xml)*       | 3000     |
 | *[**revprox_client_cert_owner**](dictionaries/31_gitea.xml)* | gitea    |
 | *[**revprox_client_cert_group**](dictionaries/31_gitea.xml)* | gitea    |
 ##### revprox_client (*general.revprox.revprox_client*)
 | Description                                                      | Values   |
 |------------------------------------------------------------------|----------|
 | *[**revprox_client_local_location**](dictionaries/31_gitea.xml)* | /        |
 #### oauth2_client (*general.oauth2_client*)
 | Description                                                           | Values               |
 |-----------------------------------------------------------------------|----------------------|
 | *[**oauth2_is_client_application**](dictionaries/31_gitea.xml)*       | True                 |
 | *[**oauth2_client_name**](dictionaries/31_gitea.xml)*                 | Forge                |
 | *[**oauth2_client_description**](dictionaries/31_gitea.xml)*          | Forge logiciel Gitea |
 | *[**oauth2_client_category**](dictionaries/31_gitea.xml)*             | Développement        |
 | *[**oauth2_client_logo**](dictionaries/31_gitea.xml)*                 | silique_note.png     |
 | *[**oauth2_client_token_signature_algo**](dictionaries/31_gitea.xml)* | RS256                |
 ##### external (*general.oauth2_client.external*)
 | Description                                           |
 |-------------------------------------------------------|
 | *[oauth2_client_external](dictionaries/31_gitea.xml)* |
 - [+]: variable is multiple
 - **bold**: variable is mandatory
--- a/seed/gitea/manual/image/postinstall/gitea.sh
+++ b/seed/gitea/manual/image/postinstall/gitea.sh
@ -1,25 +0,0 @@
 #!/bin/bash
 set -ex
 gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
 VERS=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.version')
 mkdir -p ~/gitea/
 if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz" ]; then
    rm -rf ~/"gitea/gitea-*-linux-amd64.xz"
    wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz" -O ~/"gitea/gitea-$VERS-linux-amd64.xz"
 fi
 if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ]; then
    rm -rf ~/"gitea/gitea-*-linux-amd64.xz.asc"
    wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERS-linux-amd64.xz.asc"
 fi
 gpg --verify ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ~/"gitea/gitea-$VERS-linux-amd64.xz"
 cp -a ~/"gitea/gitea-$VERS-linux-amd64.xz" .
 xz -d "gitea-$VERS-linux-amd64.xz"
 mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
 chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
--- a/seed/gitea/templates/gitea.service
+++ b/seed/gitea/templates/gitea.service
@ -1,24 +0,0 @@
 #ORIGIN https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/systemd/gitea.service
 [Unit]
 Description=Gitea (Git with a cup of tea)
 After=risotto.target
 [Service]
 # Modify these two values and uncomment them if you have
 # repos with lots of files and get an HTTP error 500 because
 # of that
 ###
 #LimitMEMLOCK=infinity
 #LimitNOFILE=65535
 RestartSec=2s
 Type=simple
 User=gitea
 Group=gitea
 WorkingDirectory=/srv/gitea/lib/
 ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini
 ExecStartPre=-/bin/bash -c 'if /usr/bin/gitea admin auth list --config /etc/gitea/app.ini | grep "OAuth2"; then echo "UPDATE";id=$(/usr/bin/gitea --config /etc/gitea/app.ini admin auth list |tail -n 1|awk "{ print \$1}");/usr/bin/gitea admin auth update-oauth --id $id --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;else echo "CONFIGURE"; /usr/bin/gitea admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;fi;sleep 2; echo "CONFIGURATION DONE"'
 Restart=always
 Environment=USER=gitea HOME=/srv/gitea/home GITEA_WORK_DIR=/srv/gitea/lib
 [Install]
 WantedBy=multi-user.target
--- a/seed/gitea/templates/sysuser-gitea.conf
+++ b/seed/gitea/templates/sysuser-gitea.conf
@ -1,2 +0,0 @@
 g gitea 999 -
 u gitea 999:999 "Git Version Control" /srv/gitea/home  /bin/nologin
--- a/seed/gitea/templates/tmpfile-gitea.conf
+++ b/seed/gitea/templates/tmpfile-gitea.conf
@ -1,4 +0,0 @@
 d /srv/gitea/lib/custom 750 gitea gitea - -
 d /srv/gitea/lib/data 750 gitea gitea - -
 d /srv/gitea/lib/log 750 gitea gitea - -
 d /srv/gitea/home 750 gitea gitea - -
--- a/seed/nginx-common/templates/nginx.conf
+++ b/seed/nginx-common/templates/nginx.conf
@ -1,115 +0,0 @@
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
 #   * Official Russian Documentation: http://nginx.org/ru/docs/
 %if %%os_name == 'Fedora'
 user nginx;
 %else
 user www-data;
 %end if
 worker_processes auto;
 #GNUNUX error_log /var/log/nginx/error.log;
 #>GNUNUX
 error_log syslog:server=unix:/dev/log;
 #<GNUNUX
 pid /run/nginx.pid;
 # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
 %if %%os_name == 'Fedora'
 include /usr/share/nginx/modules/*.conf;
 %else
 include /etc/nginx/modules-enabled/*.conf;
 %end if
 events {
    worker_connections 1024;
 }
 http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    #GNUNUX    access_log  /var/log/nginx/access.log  main;
    #>GNUNUX
    access_log syslog:server=unix:/dev/log combined;
    error_log syslog:server=unix:/dev/log error;
    #<GNUNUX
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
 %if %%nginx_default_http
    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         %%nginx_root;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
        location = /404.html {
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
 %end if
 # Settings for a TLS enabled server.
 #
 %if %%nginx_default_https
    server {
        listen       443 ssl http2;
 %if %%getVar('revprox_client_external_domainnames', None)
  %for %%domain in %%revprox_client_external_domainnames
        server_name %%domain;
  %end for
 %else
        server_name  _;
 %end if
        root         %%nginx_root;
        # ssl_certificate "/etc/pki/nginx/server.crt";
        # ssl_certificate_key "/etc/pki/nginx/private/server.key";
        ssl_certificate              %%revprox_crt_file;
        ssl_certificate_key          %%revprox_key_file;
 %if %%getVar('revprox_client_external_domainnames', None)
        ssl_client_certificate       %%revprox_ca_file;
 %else
        ssl_client_certificate       /etc/pki/ca-trust/source/anchors/ca_HTTP.crt;
 %end if
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
 %if %%os_name == 'Fedora'
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;
 %end if
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
        location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
 %end if
    include /etc/nginx/sites-enabled/*;
 }
--- a/seed/nginx-https/templates/nginx.index.html
+++ b/seed/nginx-https/templates/nginx.index.html
@ -1,10 +0,0 @@
 <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome</title>
 <style>
 </style>
 </head>
 <body>
 </body>
 </html>
--- a/seed/nginx-reverse-proxy/templates/error.html
+++ b/seed/nginx-reverse-proxy/templates/error.html
--- a/seed/nginx-reverse-proxy/templates/nginx.index.html
+++ b/seed/nginx-reverse-proxy/templates/nginx.index.html
@ -1,10 +0,0 @@
 <!DOCTYPE html>
 <html>
 <head>
 <title>Welcome</title>
 <style>
 </style>
 </head>
 <body>
 </body>
 </html>
--- a/seed/nginx-common/templates/nginx.index.html
+++ b/seed/nginx-common/templates/nginx.index.html
--- a/seed/openldap/templates/default.slapd
+++ b/seed/openldap/templates/default.slapd
@ -1,48 +0,0 @@
 # Location of the slapd configuration to use.  If using the cn=config
 # backend to store configuration in LDIF, set this variable to the
 # directory containing the cn=config data; otherwise set it to the location
 # of your slapd.conf file.  If empty, use the compiled-in default
 # (/etc/ldap/slapd.d).
 SLAPD_CONF="/etc/ldap/slapd.conf"
 # System account to run the slapd server under. If empty the server
 # will run as root.
 SLAPD_USER="openldap"
 # System group to run the slapd server under. If empty the server will
 # run in the primary group of its user.
 SLAPD_GROUP="openldap"
 # Path to the pid file of the slapd server. If not set the init.d script
 # will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
 # default)
 SLAPD_PIDFILE=
 # slapd normally serves ldap only on all TCP-ports 389. slapd can also
 # service requests on TCP-port 636 (ldaps) and requests via unix
 # sockets.
 # Example usage:
 # SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
 SLAPD_SERVICES="ldaps:///"
 # If SLAPD_NO_START is set, the init script will not start or restart
 # slapd (but stop will still work).  Uncomment this if you are
 # starting slapd via some other means or if you don't want slapd normally
 # started at boot.
 #SLAPD_NO_START=1
 # If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
 # the init script will not start or restart slapd (but stop will still
 # work).  Use this for temporarily disabling startup of slapd (when doing
 # maintenance, for example, or through a configuration management system)
 # when you don't want to edit a configuration file.
 SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
 # For Kerberos authentication (via SASL), slapd by default uses the system
 # keytab file (/etc/krb5.keytab).  To use a different keytab file,
 # uncomment this line and change the path.
 #export KRB5_KTNAME=/etc/krb5.keytab
 # Additional options to pass to slapd
 SLAPD_OPTIONS=""
		`@ -0,0 +1,2 @@`
							`g forgejo 999 -`
							`u forgejo 999:999 "Git Version Control" /srv/forgejo/home /bin/nologin`
		`@ -1,2 +0,0 @@`
			`g gitea 999 -`
			`u gitea 999:999 "Git Version Control" /srv/gitea/home /bin/nologin`