From 75fea7aa34b9814d151b8e35ad6b44d1632db4b5 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sat, 1 May 2021 14:27:31 +0200
Subject: [PATCH] bundles/gitea: add a ssh key, enable git hooks for
 htz.ex42-1048908

---
 bundles/gitea/files/app.ini                          |  2 +-
 bundles/gitea/items.py                               |  8 ++++++++
 bundles/gitea/metadata.py                            | 11 ++++++-----
 data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault |  1 +
 data/gitea/files/ssh-keys/htz.ex42-1048908.pub       |  1 +
 nodes/htz/ex42-1048908.py                            |  8 ++++++++
 6 files changed, 25 insertions(+), 6 deletions(-)
 create mode 100644 data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault
 create mode 100644 data/gitea/files/ssh-keys/htz.ex42-1048908.pub

diff --git a/bundles/gitea/files/app.ini b/bundles/gitea/files/app.ini
index fe6b1e0..36d0f46 100644
--- a/bundles/gitea/files/app.ini
+++ b/bundles/gitea/files/app.ini
@@ -46,7 +46,7 @@ INTERNAL_TOKEN = ${internal_token}
 INSTALL_LOCK = true
 SECRET_KEY = ${security_secret_key}
 LOGIN_REMEMBER_DAYS = 30
-DISABLE_GIT_HOOKS = true
+DISABLE_GIT_HOOKS = ${str(not enable_git_hooks).lower()}
 
 [openid]
 ENABLE_OPENID_SIGNIN = false
diff --git a/bundles/gitea/items.py b/bundles/gitea/items.py
index 023e3f9..f24768f 100644
--- a/bundles/gitea/items.py
+++ b/bundles/gitea/items.py
@@ -58,6 +58,14 @@ files = {
     },
 }
 
+if node.metadata['gitea'].get('install_ssh_key', False):
+    files['/home/git/.ssh/id_ed25519'] = {
+        'content': repo.vault.decrypt_file(f'gitea/files/ssh-keys/{node.name}.key.vault'),
+        'mode': '0600',
+        'owner': 'git',
+        'group': 'git',
+    }
+
 svc_systemd = {
     'gitea': {
         'needs': {
diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py
index 6c61d78..978369c 100644
--- a/bundles/gitea/metadata.py
+++ b/bundles/gitea/metadata.py
@@ -5,17 +5,18 @@ defaults = {
         },
     },
     'gitea': {
+        'app_name': 'Gitea',
         'database': {
             'username': 'gitea',
             'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
             'database': 'gitea',
         },
-        'app_name': 'Gitea',
-        'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
-        'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
-        'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
-        'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
         'email_domain_blocklist': set(),
+        'enable_git_hooks': False,
+        'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
+        'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
+        'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
+        'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
     },
     'icinga2_api': {
         'gitea': {
diff --git a/data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault b/data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault
new file mode 100644
index 0000000..51008f7
--- /dev/null
+++ b/data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault
@@ -0,0 +1 @@
+encrypt$gAAAAABgjT0nJgjC8E160hANcCAW9MlA5WDMFsb9FHfEHTvSuX6u3JgELdyQcv8jM76d_i6SHuUeo1Dy7bbKKsNzR5PAPZHSjcnXYWg-E5Y_zQfE3hvkIIseankXYUwbDskgtWs4IYKp3ANJ8eZrT82YM56Gh0qZ6T6JFSiv15M6b2DHBi3RmYSkpeif0AJshUx13S_rH0S2SBCo5Ecshb41p__wgA55irQ7PF62vd-Ow5JpSq-hr--zuuC5YOvFybM2ipy8heh_uMkm4Bvl2lyZiPD5d6QhkeIOowmbF3omDtoV3S0MuIfMf2jERf7sukWDHqp8sA5P5KgCM3QoBK467jIrbp6ZU9urezLS412_oH2KPOGfmre99QKjB059rezeGEWG4XehdoG3uo8cNm4z8y8yWKdQBeYGk-VS4fDpVfFCAnS1bVgTxXVNaWRuM2OJbioMXi986X7JU7-3NYRlk0_JMxTaVaUT3duWeK6OzSSsQwg37343NmaZZTuLn4Wy2wJYqoblrq3LB4g0v9JZJ_d8oHgzrnjVe-asBDgjiXoHFZcbU0s8eG2n5xViGaKcZivjFR6qhx9OmtbAzywDhLvfb0IkPxqmFiWT1bEnRqbEPJ3GYi3hdtdWyrcwfxMbQk8N9nZ3
\ No newline at end of file
diff --git a/data/gitea/files/ssh-keys/htz.ex42-1048908.pub b/data/gitea/files/ssh-keys/htz.ex42-1048908.pub
new file mode 100644
index 0000000..cc948b3
--- /dev/null
+++ b/data/gitea/files/ssh-keys/htz.ex42-1048908.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3aj7Ij9aIgSBgIAyIPAQa/w++7eVKIxbK0iFuVvjeH
diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py
index b70a51d..f18389b 100644
--- a/nodes/htz/ex42-1048908.py
+++ b/nodes/htz/ex42-1048908.py
@@ -120,7 +120,15 @@ nodes['htz.ex42-1048908'] = {
             'email_domain_blocklist': {
                 'gmail.com',
                 'yahoo.com',
+                'aol.com',
+                'comcast.net',
+                'verizon.net',
+                'hotmail.com',
+                'cox.net',
+                'msn.com',
             },
+            'enable_git_hooks': True,
+            'install_ssh_key': True,
             'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
             'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
             'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),