kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

htz.ex42-1048908: can haz gitea?
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Franzi 2020-08-20 15:34:27 +02:00
parent 55d6257243
commit 1fb5787807
Signed by: kunsi
GPG key ID: 12E3D2136B818350
5 changed files with 202 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

88
bundles/gitea/files/app.ini Normal file
View file

@ -0,0 +1,88 @@
APP_NAME = ${app_name}
RUN_USER = git
RUN_MODE = prod
[repository]
ROOT = /home/git/gitea-repositories
MAX_CREATION_LIMIT = 0
DEFAULT_BRANCH = main
[ui]
ISSUE_PAGING_NUM = 50
MEMBERS_PAGING_NUM = 100
[server]
PROTOCOL = http
SSH_DOMAIN = ${domain}
DOMAIN = ${domain}
HTTP_ADDR = 127.0.0.1
HTTP_PORT = 3000
ROOT_URL = https://${domain}/
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
LFS_JWT_SECRET = ${lfs_secret_key}
OFFLINE_MODE = true
START_SSH_SERVER = false
DISABLE_ROUTER_LOG = true
LANDING_PAGE = explore
[database]
DB_TYPE = postgres
HOST = ${database.get('host', 'localhost')}:5432
NAME = ${database['database']}
USER = ${database['username']}
PASSWD = ${database['password']}
SSL_MODE = disable
LOG_SQL = false
[admin]
DEFAULT_EMAIL_NOTIFICATIONS = onmention
DISABLE_REGULAR_ORG_CREATION = true
[security]
INTERNAL_TOKEN = ${internal_token}
INSTALL_LOCK = true
SECRET_KEY = ${security_secret_key}
LOGIN_REMEMBER_DAYS = 30
DISABLE_GIT_HOOKS = true
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[service]
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.${domain}
[mailer]
ENABLED = true
MAILER_TYPE = sendmail
FROM = "${app_name}" <noreply@${domain}>
[session]
PROVIDER = file
[picture]
DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false
[log]
MODE = console
LEVEL = warn
[oauth2]
JWT_SECRET = ${oauth_secret_key}
[other]
SHOW_FOOTER_BRANDING = true
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

18
bundles/gitea/files/gitea.service Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=${app_name} at ${domain}
After=syslog.target
After=network.target
Requires=postgresql.service
[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
[Install]
WantedBy=multi-user.target

53
bundles/gitea/items.py Normal file
View file

@ -0,0 +1,53 @@
downloads = {
'/usr/local/bin/gitea': {
'url': 'https://dl.gitea.io/gitea/{version}/gitea-{version}-linux-amd64'.format(version=node.metadata['gitea']['version']),
'sha256': node.metadata['gitea']['sha256'],
},
}
directories = {
'/var/lib/gitea': {
'owner': 'git',
'mode': '0700',
'triggers': {
'action:chmod_gitea',
'svc_systemd:gitea:restart',
},
},
}
actions = {
'chmod_gitea': {
'command': 'chmod a+x /usr/local/bin/gitea',
'unless': 'test -x /usr/local/bin/gitea',
'triggered': True,
},
}
files = {
'/etc/systemd/system/gitea.service': {
'content_type': 'mako',
'context': node.metadata['gitea'],
'triggers': {
'action:systemd-reload',
},
},
'/etc/gitea/app.ini': {
'content_type': 'mako',
'context': node.metadata['gitea'],
'triggers': {
'svc_systemd:gitea:restart',
},
},
}
svc_systemd = {
'gitea': {
'needs': {
'action:chmod_gitea',
'download:/usr/local/bin/gitea',
'file:/etc/systemd/system/gitea.service',
'file:/etc/gitea/app.ini',
},
},
}

32
bundles/gitea/metadata.py Normal file
View file

@ -0,0 +1,32 @@
defaults = {
'users': {
'git': {
'deploy_configs': False,
'home-mode': '0755',
},
},
'gitea': {
'database': {
'username': 'gitea',
'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
'database': 'gitea',
},
'app_name': 'Gitea',
'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
},
'postgresql': {
'users': {
'gitea': {
'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
},
},
'databases': {
'gitea': {
'owner': 'gitea',
},
},
},
}

11
nodes/htz/ex42-1048908.py
View file

@ -1,5 +1,6 @@
nodes['htz.ex42-1048908'] = { nodes['htz.ex42-1048908'] = {
'bundles': { 'bundles': {
'gitea',
'jenkins-ci', 'jenkins-ci',
'matrix-synapse', 'matrix-synapse',
'mx-puppet-discord', 'mx-puppet-discord',
@ -67,6 +68,16 @@ nodes['htz.ex42-1048908'] = {
}, },
}, },
}, },
'gitea': {
'version': '1.12.3',
'sha256': '6bfda9a12dc248360d34954b087ca6319f7310c61dc32b34c5e0675fdd45e0f4',
'domain': 'git.kunsmann.eu',
# TODO find out if those secrets can be rotated without breaking stuff
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
},
'letsencrypt': { 'letsencrypt': {
'concat_and_deploy': { 'concat_and_deploy': {
'kunsi-weechat': { 'kunsi-weechat': {