stove/dataset
3
0
Fork 1
Code Issues 2 Pull requests Projects Releases Wiki Activity

gitea to forgejo

Browse source
This commit is contained in:
egarette@silique.fr 2023-01-03 11:36:37 +01:00
parent b77d7d5784
commit f369998d15
23 changed files with 237 additions and 426 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
seed/forgejo/DEBUG.md Normal file
View file

@ -0,0 +1,10 @@
Créer un utilisateur
=====================
su - forgejo -s /bin/bash -c "forgejo admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/forgejo/app.ini"
DEBUG
=====
sed -i 's/info/debug/g' /etc/forgejo/app.ini
systemctl restart forgejo

4
seed/gitea/applicationservice.yml → seed/forgejo/applicationservice.yml
View file

@ -1,6 +1,6 @@
format: '0.1'
description: Gitea, a community managed lightweight code hosting solution
website: https://gitea.io/
description: Forgejo, a community managed lightweight code hosting solution
website: https://forgejo.org/
depends:
- base-fedora-36
- postgresql-client

40
seed/gitea/dictionaries/31_gitea.xml → seed/forgejo/dictionaries/31_forgejo.xml
View file

@ -1,11 +1,11 @@
<?xml version='1.0' encoding='UTF-8'?>
<rougail version="0.10">
<services>
<service name="gitea" target="multi-user" engine="cheetah">
<file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
<file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
<file>/etc/gitea/app.ini</file>
<file>/tests/gitea.yml</file>
<service name="forgejo" target="multi-user" engine="cheetah">
<file engine="none" source="sysuser-forgejo.conf">/sysusers.d/0forgejo.conf</file>
<file engine="none" source="tmpfile-forgejo.conf">/tmpfiles.d/0forgejo.conf</file>
<file>/etc/forgejo/app.ini</file>
<file>/tests/forgejo.yml</file>
</service>
</services>
<variables>
@ -16,17 +16,17 @@
</family>
<family name="redis" description="Redis">
<variable name="redis_client_key_owner" redefine="True">
<value>gitea</value>
<value>forgejo</value>
</variable>
</family>
<family name="gitea" description="Gitea" help="Git forge Gitea">
<variable name="gitea_title" mandatory="True" description="Titre de la forge">
<family name="forgejo" description="Gitea" help="Git forge Gitea">
<variable name="forgejo_title" mandatory="True" description="Titre de la forge">
<value>Gitea: Git avec une tasse de thé</value>
</variable>
<variable name="gitea_mail_sender" type="mail" description="Les courriels sont envoyés à partir de cet adresse" mandatory="True"/>
<variable name="gitea_secret_key" type="password" hidden="True"/>
<variable name="gitea_internal_token" type="password" hidden="True"/>
<variable name="gitea_lfs_jwt_secret" type="password" hidden="True"/>
<variable name="forgejo_mail_sender" type="mail" description="Les courriels sont envoyés à partir de cet adresse" mandatory="True"/>
<variable name="forgejo_secret_key" type="password" hidden="True"/>
<variable name="forgejo_internal_token" type="password" hidden="True"/>
<variable name="forgejo_lfs_jwt_secret" type="password" hidden="True"/>
</family>
<family name="revprox">
<family name="revprox_client">
@ -38,10 +38,10 @@
<value>3000</value>
</variable>
<variable name="revprox_client_cert_owner" redefine="True">
<value>gitea</value>
<value>forgejo</value>
</variable>
<variable name="revprox_client_cert_group" redefine="True">
<value>gitea</value>
<value>forgejo</value>
</variable>
</family>
<family name="oauth2_client">
@ -72,29 +72,29 @@
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">secret_key</param>
<param name="description">gitea</param>
<param name="description">forgejo</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="length" type="number">105</param>
<target>gitea_secret_key</target>
<target>forgejo_secret_key</target>
</fill>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">internal_token</param>
<param name="description">gitea</param>
<param name="description">forgejo</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="length" type="number">105</param>
<target>gitea_internal_token</target>
<target>forgejo_internal_token</target>
</fill>
<fill name="get_password">
<param name="server_name" type="variable">domain_name_eth0</param>
<param name="username">lfs_jwt_secret</param>
<param name="description">gitea</param>
<param name="description">forgejo</param>
<param name="type">cleartext</param>
<param name="hide" type="variable">hide_secret</param>
<param name="length" type="number">43</param>
<target>gitea_lfs_jwt_secret</target>
<target>forgejo_lfs_jwt_secret</target>
</fill>
<fill name="calc_oauth2_client_login">
<param type="variable" optional="True">revprox_client_external_domainnames</param>

26
seed/forgejo/manual/image/postinstall/forgejo.sh Normal file
View file

@ -0,0 +1,26 @@
#!/bin/bash
set -ex
gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
JSON==$(wget -q 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?draft=false&pre-release=false&limit=1' --header 'accept: application/json' -O -)
VERS=$(echo JSON| jq -r '.[0].name')
mkdir -p ~/forgejo/
if [ ! -f ~/"forgejo/forgejo-$VERS-linux-amd64.xz" ]; then
rm -rf ~/"forgejo/forgejo-*-linux-amd64.xz"
wget $(echo $JSON | jq -r '.[0].assets | map(select(.name | endswith("linux-amd64.xz"))) | .[0].browser_download_url') -O ~/"forgejo/forgejo-$VERS-linux-amd64.xz"
fi
if [ ! -f ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" ]; then
rm -rf ~/"forgejo/forgejo-*-linux-amd64.xz.asc"
wget $(echo $JSON | jq -r '.[0].assets | map(select(.name | endswith("linux-amd64.xz"))) | .[0].browser_download_url') -O ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc"
fi
gpg --verify ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" ~/"forgejo/forgejo-$VERS-linux-amd64.xz"
cp -a ~/"forgejo/forgejo-$VERS-linux-amd64.xz" .
xz -d "forgejo-$VERS-linux-amd64.xz"
mv "forgejo-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/forgejo"
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/forgejo"

0
seed/gitea/manual/image/preinstall/gitea.sh → seed/forgejo/manual/image/preinstall/forgejo.sh
View file

35
seed/gitea/templates/app.ini → seed/forgejo/templates/app.ini
View file

@ -1,6 +1,6 @@
# GNUNUX https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
APP_NAME = %%gitea_title
RUN_USER = gitea
# GNUNUX https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/custom/conf/app.example.ini
APP_NAME = %%forgejo_title
RUN_USER = forgejo
RUN_MODE = prod
[database]
@ -15,34 +15,37 @@ CHARSET = utf8
LOG_SQL = false
[repository]
ROOT = /srv/gitea/lib/data/gitea-repositories
ROOT = /srv/forgejo/lib/data/forgejo-repositories
DEFAULT_BRANCH = main
[server]
SSH_DOMAIN = %%revprox_client_external_domainnames[0]
DOMAIN = %%revprox_client_external_domainnames[0]
HTTP_PORT = 3000
ROOT_URL = https://%%revprox_client_external_domainnames[0]/gitea/
ROOT_URL = https://%%revprox_client_external_domainnames[0]%%revprox_client_external_domainnames[0]revprox_client_location
LOCAL_ROOT_URL = https://%%domain_name_eth0:3000/
DISABLE_SSH = false
START_SSH_SERVER = true
SSH_LISTEN_PORT = 2222
SSH_PORT = 2222
LFS_START_SERVER = true
LFS_CONTENT_PATH = /srv/gitea/lib/data/lfs
LFS_JWT_SECRET = %%gitea_lfs_jwt_secret
LFS_JWT_SECRET = %%forgejo_lfs_jwt_secret
OFFLINE_MODE = true
PROTOCOL = https
CERT_FILE = %%revprox_client_cert_file
KEY_FILE = %%revprox_client_key_file
[lfs]
PATH = /srv/forgejo/lib/data/lfs
[mailer]
ENABLED = true
HOST = %%smtp_relay_address
FROM = %%gitea_mail_sender
USER = %%smtp_relay_user@%%ip_eth0
PASSWD = %%smtp_relay_password
IS_TLS_ENABLED = true
ENABLED = true
SMTP_ADDR = %%smtp_relay_address
SMTP_PORT = 25
FROM = %%forgejo_mail_sender
USER = %%smtp_relay_user@%%ip_eth0
PASSWD = %%smtp_relay_password
PROTOCOL = smtp+starttls
;USE_CERTIFICATE = false
;CERT_FILE = custom/mailer/cert.pem
;KEY_FILE = custom/mailer/key.pem
@ -97,11 +100,11 @@ HOST = network=tcp,addr=%%redis_client_server_domainname:6379,username=%%redis_c
[log]
MODE = console
LEVEL = info
ROOT_PATH = /srv/gitea/lib/log
ROOT_PATH = /srv/forgejo/lib/log
ROUTER = console
[security]
INSTALL_LOCK = true
SECRET_KEY = %%gitea_secret_key
INTERNAL_TOKEN = %%gitea_internal_token
SECRET_KEY = %%forgejo_secret_key
INTERNAL_TOKEN = %%forgejo_internal_token
PASSWORD_HASH_ALGO = pbkdf2

39
seed/forgejo/templates/forgejo.service Normal file
View file

@ -0,0 +1,39 @@
#GNUNUX https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/contrib/systemd/forgejo.service
[Unit]
Description=Forgejo (Beyond coding. We forge.)
After=syslog.target
After=network.target
#>GNUNUX
After=risotto.target
#<GNUNUX
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=forgejo
Group=forgejo
WorkingDirectory=/srv/forgejo/lib/
ExecStart=/usr/bin/forgejo web --config /etc/forgejo/app.ini
ExecStartPre=/bin/bash -c '%slurp
/usr/bin/forgejo migrate --config /etc/forgejo/app.ini;%slurp
if /usr/bin/forgejo admin auth list --config /etc/forgejo/app.ini | grep "OAuth2"; then %slurp
echo "UPDATE";%slurp
id=$(/usr/bin/forgejo --config /etc/forgejo/app.ini admin auth list |tail -n 1|awk "{ print \$1}");%slurp
/usr/bin/forgejo admin auth update-oauth --id $id --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/forgejo/app.ini;%slurp
else %slurp
echo "CONFIGURE";%slurp
/usr/bin/forgejo admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/forgejo/app.ini;%slurp
fi;%slurp
sleep 2;%slurp
echo "CONFIGURATION DONE"'
Restart=always
Environment=GITEA_WORK_DIR=/srv/forgejo/lib
[Install]
WantedBy=multi-user.target

2
seed/gitea/templates/gitea.yml → seed/forgejo/templates/forgejo.yml
View file

@ -7,4 +7,4 @@ auth_url: %%oauth2_client_external[0]
auth_server: %%oauth2_server_domainname
username: %%username
password: %%get_password(server_name='test', username=%%username, description='test', type="cleartext", hide=%%hide_secret, temporary=True)
gitea_title: "%%gitea_title"
forgejo_title: "%%forgejo_title"

2
seed/forgejo/templates/sysuser-forgejo.conf Normal file
View file

@ -0,0 +1,2 @@
g forgejo 999 -
u forgejo 999:999 "Git Version Control" /srv/forgejo/home /bin/nologin

4
seed/forgejo/templates/tmpfile-forgejo.conf Normal file
View file

@ -0,0 +1,4 @@
d /srv/forgejo/lib/custom 750 forgejo forgejo - -
d /srv/forgejo/lib/data 750 forgejo forgejo - -
d /srv/forgejo/lib/log 750 forgejo forgejo - -
d /srv/forgejo/home 750 forgejo forgejo - -

165
seed/gitea/tests/test_gitea.py → seed/forgejo/tests/test_forgejo.py
View file

@ -1,11 +1,12 @@
from yaml import load, SafeLoader
from os import environ, makedirs
from os import environ, makedirs, unlink
from os.path import expandvars, isfile, isdir, dirname, join
from re import search
from dulwich.porcelain import init, clone, add, commit, push
from shutil import move
from glob import glob
from tempfile import TemporaryDirectory
from subprocess import run
from dulwich.porcelain import init, clone, add, commit, push
from revprox import Authentication
@ -13,8 +14,14 @@ from mookdns import MookDnsSystem
PORT = '3000'
GITEA_USERNAME = 'gitea'
KEY_FILE = expandvars("$HOME/tests/risotto")
GITEA_USERNAME = 'forgejo'
GITEA_PORT = '2222'
KEY_FILE = '/var/lib/risotto/srv/hosts/forgejo'
# transition between gitea and forgejo
GITEA_KEY_FILE = '/var/lib/risotto/srv/hosts/gitea'
KNOWN_KEY = expandvars('$HOME/.ssh/known_hosts')
CONFIG_SSH = expandvars('$HOME/.ssh/config')
CONFIG_GIT = expandvars('$HOME/.gitconfig')
AUTHENTICATION = None
@ -24,7 +31,7 @@ DATA = None
def get_data():
global DATA
if not DATA:
conf_file = f'{environ["MACHINE_TEST_DIR"]}/gitea.yml'
conf_file = f'{environ["MACHINE_TEST_DIR"]}/forgejo.yml'
with open(conf_file) as yaml:
DATA = load(yaml, Loader=SafeLoader)
return DATA
@ -38,11 +45,54 @@ def get_authentication(data):
data['revprox_ip'],
data['username'],
data['password'],
f'<title>{data["username"]} - Dashboard - {data["gitea_title"]}</title>',
# f'<title>{data["username"]} - Tableau de bord - {data["forgejo_title"]}</title>',
f'<title>{data["username"]} - Dashboard - {data["forgejo_title"]}</title>',
)
return AUTHENTICATION
class SSHConfig:
def __enter__(self):
self.old_file = '{CONFIG_SSH}.old'
if isfile(CONFIG_SSH) and not isfile(self.old_file):
move(CONFIG_SSH, self.old_file)
with open(CONFIG_SSH, 'w') as fh:
fh.write(f"""Host *
User forgejo
PubkeyAcceptedKeyTypes +ssh-rsa
StrictHostKeyChecking no
IdentityFile {KEY_FILE}
""")
def __exit__(self, *args):
if isfile(self.old_file):
move(self.old_file, CONFIG_SSH)
else:
unlink(CONFIG_SSH)
class GITConfig:
def __enter__(self):
self.old_file = '{CONFIG_GIT}.old'
if isfile(CONFIG_GIT) and not isfile(self.old_file):
move(CONFIG_GIT, self.old_file)
with open(CONFIG_GIT, 'w') as fh:
conf_file = f'{environ["MACHINE_TEST_DIR"]}/reverse-proxy.yml'
with open(conf_file) as yaml:
data = load(yaml, Loader=SafeLoader)
path = join(environ["MACHINE_TEST_DIR"], data["ca_certificate"])
cert = glob(path)
fh.write(f"""[http]
sslCAInfo = {cert[0]}
""")
def __exit__(self, *args):
if isfile(self.old_file):
move(self.old_file, CONFIG_GIT)
else:
unlink(CONFIG_GIT)
def get_info(authentication,
url,
with_uid=False,
@ -77,7 +127,7 @@ def get_info(authentication,
def add_ssh_key(authentication, data):
# Send key to gitea
# Send key to forgejo
url = f'{data["base_url"]}user/settings/keys'
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
if is_already_key:
@ -87,7 +137,7 @@ def add_ssh_key(authentication, data):
key_dir = dirname(KEY_FILE)
if not isdir(key_dir):
makedirs(key_dir)
cmd = ['/usr/bin/ssh-keygen', '-N', '', '-f', KEY_FILE]
cmd = ['/usr/bin/ssh-keygen', '-t', 'rsa', '-N', '', '-f', KEY_FILE]
run(cmd)
with open(f'{KEY_FILE}.pub') as fh:
key = fh.read()
@ -104,12 +154,12 @@ def delete_ssh_key(authentication, data):
is_already_key, csrf = get_info(authentication, url, found_string='test_key_risotto')
def test_gitea():
def test_forgejo():
data = get_data()
get_authentication(data)
def test_gitea_repos():
def test_forgejo_repos():
data = get_data()
authentication = get_authentication(data)
if 'FIRST_RUN' in environ:
@ -124,7 +174,7 @@ def test_gitea_repos():
assert json['data'][0]['full_name'] == f'{username}/test_persistent'
def test_gitea_create_repo():
def test_forgejo_create_repo():
data = get_data()
authentication = get_authentication(data)
url = f'{data["base_url"]}repo/create'
@ -144,24 +194,31 @@ def test_repo():
if 'FIRST_RUN' in environ:
# delete_ssh_key(authentication, data)
add_ssh_key(authentication, data)
if not isfile(KEY_FILE):
if isfile(GITEA_KEY_FILE):
move(GITEA_KEY_FILE, KEY_FILE)
move(GITEA_KEY_FILE + '.pub', KEY_FILE + '.pub')
else:
raise Exception(f'cannot find ssh key "{KEY_FILE}", do you run with FIRST_RUN?')
with TemporaryDirectory() as tmpdirname:
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test.git'
with MookDnsSystem(dns, data['ip']):
filename = join(tmpdirname, 'test.txt')
with open(filename, 'w') as fh:
fh.write('test')
repo = init(tmpdirname)
add(repo, filename)
commit(repo, message=b'test commit')
push(repo=repo,
remote_location=ssh_url,
refspecs='master',
)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:{GITEA_PORT}/{username}/test.git'
with SSHConfig():
with MookDnsSystem(dns, data['ip']):
filename = join(tmpdirname, 'test.txt')
with open(filename, 'w') as fh:
fh.write('test')
repo = init(tmpdirname)
add(repo, filename)
commit(repo, message=b'test commit')
push(repo=repo,
remote_location=ssh_url,
refspecs='master',
)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
def test_clone_http():
@ -174,14 +231,19 @@ def test_clone_http():
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
http_url = f'{data["base_url"]}{username}/test.git'
with MookDnsSystem(dns, data['revprox_ip']):
repo = clone(http_url, tmpdirname)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
with SSHConfig():
with MookDnsSystem(dns, data['revprox_ip']):
try:
repo = clone(http_url, tmpdirname)
except:
with GITConfig():
repo = clone(http_url, tmpdirname)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
def test_gitea_delete_repo():
def test_forgejo_delete_repo():
repo_name = 'test'
data = get_data()
authentication = get_authentication(data)
@ -206,21 +268,22 @@ def test_repo_persistent():
with TemporaryDirectory() as tmpdirname:
username = data['username'].split('@', 1)[0]
dns = data['base_url'].split('/', 3)[2]
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:2222/{username}/test_persistent.git'
with MookDnsSystem(dns, data['ip']):
if 'FIRST_RUN' in environ:
filename = join(tmpdirname, 'test.txt')
with open(filename, 'w') as fh:
fh.write('test')
repo = init(tmpdirname)
add(repo, filename)
commit(repo, message=b'test commit')
push(repo=repo,
remote_location=ssh_url,
refspecs='master',
)
else:
repo = clone(ssh_url, tmpdirname)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'
ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:{GITEA_PORT}/{username}/test_persistent.git'
with SSHConfig():
with MookDnsSystem(dns, data['ip']):
if 'FIRST_RUN' in environ:
filename = join(tmpdirname, 'test.txt')
with open(filename, 'w') as fh:
fh.write('test')
repo = init(tmpdirname)
add(repo, filename)
commit(repo, message=b'test commit')
push(repo=repo,
remote_location=ssh_url,
refspecs='master',
)
else:
repo = clone(ssh_url, tmpdirname)
lst = list(repo.get_walker())
assert len(lst) == 1
assert lst[0].commit.message == b'test commit'

10
seed/gitea/DEBUG.md
View file

@ -1,10 +0,0 @@
Créer un utilisateur
=====================
su - gitea -s /bin/bash -c "gitea admin user create --username gnunux --password Njw_csh7DeeZtWDxC6WVXDdB-9A --email gnunux@gnunux.info --admin -c /etc/gitea/app.ini"
DEBUG
=====
sed -i 's/info/debug/g' /etc/gitea/app.ini
systemctl restart gitea

88
seed/gitea/README.md
View file

@ -1,88 +0,0 @@
---
gitea: none
include_toc: true
---
# gitea
[All applications services for this dataset.](../README.md)
## Description
Gitea, a community managed lightweight code hosting solution.
[For more informations](https://gitea.io/)
## Dependances
- [base-fedora-36](../base-fedora-36/README.md)
- [base-fedora](../base-fedora/README.md)
- [systemd](../systemd/README.md)
- [base-machine](../base-machine/README.md)
- [base](../base/README.md)
- [dns-local](../dns-local/README.md)
- [postgresql-client](../postgresql-client/README.md)
- [reverse-proxy-client](../reverse-proxy-client/README.md)
- [relay-mail-client](../relay-mail-client/README.md)
- [redis-client](../redis-client/README.md)
- [oauth2-client](../oauth2-client/README.md)
## Variables
### Général (*general*)
#### network (*general.network*)
| Description | Values |
|---------------------------------------------------|----------|
| *[**incoming_ports**](dictionaries/31_gitea.xml)* | 2222 |
#### Redis (*general.redis*)
| Description | Values |
|-----------------------------------------------------------|----------|
| *[**redis_client_key_owner**](dictionaries/31_gitea.xml)* | gitea |
#### Gitea (*general.gitea*)
Git forge Gitea
| Description | Values | Type |
|-----------------------------------------------------------------------------------------------------------|----------------------------------|------------------------------------------------------------------------------------------------------------------------|
| **Titre de la forge** (*[gitea_title](dictionaries/31_gitea.xml)*) | Gitea: Git avec une tasse de thé | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) |
| **Les courriels sont envoyés à partir de cet adresse** (*[gitea_mail_sender](dictionaries/31_gitea.xml)*) | | [mail](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) |
#### revprox (*general.revprox*)
| Description | Values |
|--------------------------------------------------------------|----------|
| *[**revprox_client_port**](dictionaries/31_gitea.xml)* | 3000 |
| *[**revprox_client_cert_owner**](dictionaries/31_gitea.xml)* | gitea |
| *[**revprox_client_cert_group**](dictionaries/31_gitea.xml)* | gitea |
##### revprox_client (*general.revprox.revprox_client*)
| Description | Values |
|------------------------------------------------------------------|----------|
| *[**revprox_client_local_location**](dictionaries/31_gitea.xml)* | / |
#### oauth2_client (*general.oauth2_client*)
| Description | Values |
|-----------------------------------------------------------------------|----------------------|
| *[**oauth2_is_client_application**](dictionaries/31_gitea.xml)* | True |
| *[**oauth2_client_name**](dictionaries/31_gitea.xml)* | Forge |
| *[**oauth2_client_description**](dictionaries/31_gitea.xml)* | Forge logiciel Gitea |
| *[**oauth2_client_category**](dictionaries/31_gitea.xml)* | Développement |
| *[**oauth2_client_logo**](dictionaries/31_gitea.xml)* | silique_note.png |
| *[**oauth2_client_token_signature_algo**](dictionaries/31_gitea.xml)* | RS256 |
##### external (*general.oauth2_client.external*)
| Description |
|-------------------------------------------------------|
| *[oauth2_client_external](dictionaries/31_gitea.xml)* |
- [+]: variable is multiple
- **bold**: variable is mandatory

25
seed/gitea/manual/image/postinstall/gitea.sh
View file

@ -1,25 +0,0 @@
#!/bin/bash
set -ex
gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
VERS=$(wget https://dl.gitea.io/gitea/version.json -q -O - | jq -r '.latest.version')
mkdir -p ~/gitea/
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz" ]; then
rm -rf ~/"gitea/gitea-*-linux-amd64.xz"
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz" -O ~/"gitea/gitea-$VERS-linux-amd64.xz"
fi
if [ ! -f ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ]; then
rm -rf ~/"gitea/gitea-*-linux-amd64.xz.asc"
wget "https://dl.gitea.io/gitea/$VERS/gitea-$VERS-linux-amd64.xz.asc" -O ~/"gitea/gitea-$VERS-linux-amd64.xz.asc"
fi
gpg --verify ~/"gitea/gitea-$VERS-linux-amd64.xz.asc" ~/"gitea/gitea-$VERS-linux-amd64.xz"
cp -a ~/"gitea/gitea-$VERS-linux-amd64.xz" .
xz -d "gitea-$VERS-linux-amd64.xz"
mv "gitea-$VERS-linux-amd64" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"
chmod +x "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/bin/gitea"

24
seed/gitea/templates/gitea.service
View file

@ -1,24 +0,0 @@
#ORIGIN https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/systemd/gitea.service
[Unit]
Description=Gitea (Git with a cup of tea)
After=risotto.target
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=gitea
Group=gitea
WorkingDirectory=/srv/gitea/lib/
ExecStart=/usr/bin/gitea web --config /etc/gitea/app.ini
ExecStartPre=-/bin/bash -c 'if /usr/bin/gitea admin auth list --config /etc/gitea/app.ini | grep "OAuth2"; then echo "UPDATE";id=$(/usr/bin/gitea --config /etc/gitea/app.ini admin auth list |tail -n 1|awk "{ print \$1}");/usr/bin/gitea admin auth update-oauth --id $id --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;else echo "CONFIGURE"; /usr/bin/gitea admin auth add-oauth --name "%%domain_name_eth0" --provider "openidConnect" --key "%%oauth2_client_id" --secret "%%oauth2_client_secret" --scopes "profile email" --auto-discover-url "https://%%oauth2_client_server_domainname/.well-known/openid-configuration" --config /etc/gitea/app.ini;fi;sleep 2; echo "CONFIGURATION DONE"'
Restart=always
Environment=USER=gitea HOME=/srv/gitea/home GITEA_WORK_DIR=/srv/gitea/lib
[Install]
WantedBy=multi-user.target

2
seed/gitea/templates/sysuser-gitea.conf
View file

@ -1,2 +0,0 @@
g gitea 999 -
u gitea 999:999 "Git Version Control" /srv/gitea/home /bin/nologin

4
seed/gitea/templates/tmpfile-gitea.conf
View file

@ -1,4 +0,0 @@
d /srv/gitea/lib/custom 750 gitea gitea - -
d /srv/gitea/lib/data 750 gitea gitea - -
d /srv/gitea/lib/log 750 gitea gitea - -
d /srv/gitea/home 750 gitea gitea - -

115
seed/nginx-common/templates/nginx.conf
View file

@ -1,115 +0,0 @@
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
%if %%os_name == 'Fedora'
user nginx;
%else
user www-data;
%end if
worker_processes auto;
#GNUNUX error_log /var/log/nginx/error.log;
#>GNUNUX
error_log syslog:server=unix:/dev/log;
#<GNUNUX
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
%if %%os_name == 'Fedora'
include /usr/share/nginx/modules/*.conf;
%else
include /etc/nginx/modules-enabled/*.conf;
%end if
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#GNUNUX access_log /var/log/nginx/access.log main;
#>GNUNUX
access_log syslog:server=unix:/dev/log combined;
error_log syslog:server=unix:/dev/log error;
#<GNUNUX
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
%if %%nginx_default_http
server {
listen 80;
listen [::]:80;
server_name _;
root %%nginx_root;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
%end if
# Settings for a TLS enabled server.
#
%if %%nginx_default_https
server {
listen 443 ssl http2;
%if %%getVar('revprox_client_external_domainnames', None)
%for %%domain in %%revprox_client_external_domainnames
server_name %%domain;
%end for
%else
server_name _;
%end if
root %%nginx_root;
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_certificate %%revprox_crt_file;
ssl_certificate_key %%revprox_key_file;
%if %%getVar('revprox_client_external_domainnames', None)
ssl_client_certificate %%revprox_ca_file;
%else
ssl_client_certificate /etc/pki/ca-trust/source/anchors/ca_HTTP.crt;
%end if
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
%if %%os_name == 'Fedora'
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
%end if
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
%end if
include /etc/nginx/sites-enabled/*;
}

10
seed/nginx-https/templates/nginx.index.html
View file

@ -1,10 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome</title>
<style>
</style>
</head>
<body>
</body>
</html>

0
seed/nginx-common/templates/error.html → seed/nginx-reverse-proxy/templates/error.html
View file

10
seed/nginx-reverse-proxy/templates/nginx.index.html
View file

@ -1,10 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome</title>
<style>
</style>
</head>
<body>
</body>
</html>

0
seed/nginx-common/templates/nginx.index.html → seed/nginx-static/templates/index.html
View file

48
seed/openldap/templates/default.slapd
View file

@ -1,48 +0,0 @@
# Location of the slapd configuration to use. If using the cn=config
# backend to store configuration in LDIF, set this variable to the
# directory containing the cn=config data; otherwise set it to the location
# of your slapd.conf file. If empty, use the compiled-in default
# (/etc/ldap/slapd.d).
SLAPD_CONF="/etc/ldap/slapd.conf"
# System account to run the slapd server under. If empty the server
# will run as root.
SLAPD_USER="openldap"
# System group to run the slapd server under. If empty the server will
# run in the primary group of its user.
SLAPD_GROUP="openldap"
# Path to the pid file of the slapd server. If not set the init.d script
# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
# default)
SLAPD_PIDFILE=
# slapd normally serves ldap only on all TCP-ports 389. slapd can also
# service requests on TCP-port 636 (ldaps) and requests via unix
# sockets.
# Example usage:
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
SLAPD_SERVICES="ldaps:///"
# If SLAPD_NO_START is set, the init script will not start or restart
# slapd (but stop will still work). Uncomment this if you are
# starting slapd via some other means or if you don't want slapd normally
# started at boot.
#SLAPD_NO_START=1
# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
# the init script will not start or restart slapd (but stop will still
# work). Use this for temporarily disabling startup of slapd (when doing
# maintenance, for example, or through a configuration management system)
# when you don't want to edit a configuration file.
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
# For Kerberos authentication (via SASL), slapd by default uses the system
# keytab file (/etc/krb5.keytab). To use a different keytab file,
# uncomment this line and change the path.
#export KRB5_KTNAME=/etc/krb5.keytab
# Additional options to pass to slapd
SLAPD_OPTIONS=""