bundles/gitea: add a ssh key, enable git hooks for htz.ex42-1048908

bundles/gitea/files/app.ini

@@ -46,7 +46,7 @@ INTERNAL_TOKEN = ${internal_token}
 INSTALL_LOCK = true
 SECRET_KEY = ${security_secret_key}
 LOGIN_REMEMBER_DAYS = 30
-DISABLE_GIT_HOOKS = true
+DISABLE_GIT_HOOKS = ${str(not enable_git_hooks).lower()}
 
 [openid]
 ENABLE_OPENID_SIGNIN = false

bundles/gitea/items.py

@@ -58,6 +58,14 @@ files = {
     },
 }
 
+if node.metadata['gitea'].get('install_ssh_key', False):
+    files['/home/git/.ssh/id_ed25519'] = {
+        'content': repo.vault.decrypt_file(f'gitea/files/ssh-keys/{node.name}.key.vault'),
+        'mode': '0600',
+        'owner': 'git',
+        'group': 'git',
+    }
+
 svc_systemd = {
     'gitea': {
         'needs': {

bundles/gitea/metadata.py

@@ -5,17 +5,18 @@ defaults = {
         },
     },
     'gitea': {
+        'app_name': 'Gitea',
         'database': {
             'username': 'gitea',
             'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
             'database': 'gitea',
         },
-        'app_name': 'Gitea',
-        'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
-        'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
-        'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
-        'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
         'email_domain_blocklist': set(),
+        'enable_git_hooks': False,
+        'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
+        'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
+        'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
+        'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
     },
     'icinga2_api': {
         'gitea': {

data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault

@@ -0,0 +1 @@
+encrypt$gAAAAABgjT0nJgjC8E160hANcCAW9MlA5WDMFsb9FHfEHTvSuX6u3JgELdyQcv8jM76d_i6SHuUeo1Dy7bbKKsNzR5PAPZHSjcnXYWg-E5Y_zQfE3hvkIIseankXYUwbDskgtWs4IYKp3ANJ8eZrT82YM56Gh0qZ6T6JFSiv15M6b2DHBi3RmYSkpeif0AJshUx13S_rH0S2SBCo5Ecshb41p__wgA55irQ7PF62vd-Ow5JpSq-hr--zuuC5YOvFybM2ipy8heh_uMkm4Bvl2lyZiPD5d6QhkeIOowmbF3omDtoV3S0MuIfMf2jERf7sukWDHqp8sA5P5KgCM3QoBK467jIrbp6ZU9urezLS412_oH2KPOGfmre99QKjB059rezeGEWG4XehdoG3uo8cNm4z8y8yWKdQBeYGk-VS4fDpVfFCAnS1bVgTxXVNaWRuM2OJbioMXi986X7JU7-3NYRlk0_JMxTaVaUT3duWeK6OzSSsQwg37343NmaZZTuLn4Wy2wJYqoblrq3LB4g0v9JZJ_d8oHgzrnjVe-asBDgjiXoHFZcbU0s8eG2n5xViGaKcZivjFR6qhx9OmtbAzywDhLvfb0IkPxqmFiWT1bEnRqbEPJ3GYi3hdtdWyrcwfxMbQk8N9nZ3

data/gitea/files/ssh-keys/htz.ex42-1048908.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3aj7Ij9aIgSBgIAyIPAQa/w++7eVKIxbK0iFuVvjeH

nodes/htz/ex42-1048908.py

@@ -120,7 +120,15 @@ nodes['htz.ex42-1048908'] = {
             'email_domain_blocklist': {
                 'gmail.com',
                 'yahoo.com',
+                'aol.com',
+                'comcast.net',
+                'verizon.net',
+                'hotmail.com',
+                'cox.net',
+                'msn.com',
             },
+            'enable_git_hooks': True,
+            'install_ssh_key': True,
             'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
             'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
             'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),