bundles/gitea: add a ssh key, enable git hooks for htz.ex42-1048908

bundles/gitea/files/app.ini

@@ -46,7 +46,7 @@ INTERNAL_TOKEN = ${internal_token}
 INSTALL_LOCK = true
 SECRET_KEY = ${security_secret_key}
 LOGIN_REMEMBER_DAYS = 30
-DISABLE_GIT_HOOKS = true
+DISABLE_GIT_HOOKS = ${str(not enable_git_hooks).lower()}
 
 [openid]
 ENABLE_OPENID_SIGNIN = false

bundles/gitea/items.py

@@ -58,6 +58,14 @@ files = {
     },
 }
 
+if node.metadata['gitea'].get('install_ssh_key', False):
+    files['/home/git/.ssh/id_ed25519'] = {
+        'content': repo.vault.decrypt_file(f'gitea/files/ssh-keys/{node.name}.key.vault'),
+        'mode': '0600',
+        'owner': 'git',
+        'group': 'git',
+    }
+
 svc_systemd = {
     'gitea': {
         'needs': {

bundles/gitea/metadata.py

@@ -5,17 +5,18 @@ defaults = {
         },
     },
     'gitea': {
+        'app_name': 'Gitea',
         'database': {
             'username': 'gitea',
             'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
             'database': 'gitea',
         },
-        'app_name': 'Gitea',
-        'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
-        'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
-        'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
-        'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
         'email_domain_blocklist': set(),
+        'enable_git_hooks': False,
+        'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
+        'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
+        'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
+        'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
     },
     'icinga2_api': {
         'gitea': {