bundles/gitea: add a ssh key, enable git hooks for htz.ex42-1048908
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
8f4023c1c5
commit
75fea7aa34
6 changed files with 25 additions and 6 deletions
|
@ -46,7 +46,7 @@ INTERNAL_TOKEN = ${internal_token}
|
||||||
INSTALL_LOCK = true
|
INSTALL_LOCK = true
|
||||||
SECRET_KEY = ${security_secret_key}
|
SECRET_KEY = ${security_secret_key}
|
||||||
LOGIN_REMEMBER_DAYS = 30
|
LOGIN_REMEMBER_DAYS = 30
|
||||||
DISABLE_GIT_HOOKS = true
|
DISABLE_GIT_HOOKS = ${str(not enable_git_hooks).lower()}
|
||||||
|
|
||||||
[openid]
|
[openid]
|
||||||
ENABLE_OPENID_SIGNIN = false
|
ENABLE_OPENID_SIGNIN = false
|
||||||
|
|
|
@ -58,6 +58,14 @@ files = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if node.metadata['gitea'].get('install_ssh_key', False):
|
||||||
|
files['/home/git/.ssh/id_ed25519'] = {
|
||||||
|
'content': repo.vault.decrypt_file(f'gitea/files/ssh-keys/{node.name}.key.vault'),
|
||||||
|
'mode': '0600',
|
||||||
|
'owner': 'git',
|
||||||
|
'group': 'git',
|
||||||
|
}
|
||||||
|
|
||||||
svc_systemd = {
|
svc_systemd = {
|
||||||
'gitea': {
|
'gitea': {
|
||||||
'needs': {
|
'needs': {
|
||||||
|
|
|
@ -5,17 +5,18 @@ defaults = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'gitea': {
|
'gitea': {
|
||||||
|
'app_name': 'Gitea',
|
||||||
'database': {
|
'database': {
|
||||||
'username': 'gitea',
|
'username': 'gitea',
|
||||||
'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
|
'password': repo.vault.password_for('{} postgresql gitea'.format(node.name)),
|
||||||
'database': 'gitea',
|
'database': 'gitea',
|
||||||
},
|
},
|
||||||
'app_name': 'Gitea',
|
|
||||||
'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
|
|
||||||
'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
|
|
||||||
'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
|
|
||||||
'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
|
|
||||||
'email_domain_blocklist': set(),
|
'email_domain_blocklist': set(),
|
||||||
|
'enable_git_hooks': False,
|
||||||
|
'internal_token': repo.vault.password_for('{} gitea internal_token'.format(node.name)),
|
||||||
|
'lfs_secret_key': repo.vault.password_for('{} gitea lfs_secret_key'.format(node.name)),
|
||||||
|
'oauth_secret_key': repo.vault.password_for('{} gitea oauth_secret_key'.format(node.name)),
|
||||||
|
'security_secret_key': repo.vault.password_for('{} gitea security_secret_key'.format(node.name)),
|
||||||
},
|
},
|
||||||
'icinga2_api': {
|
'icinga2_api': {
|
||||||
'gitea': {
|
'gitea': {
|
||||||
|
|
1
data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault
Normal file
1
data/gitea/files/ssh-keys/htz.ex42-1048908.key.vault
Normal file
|
@ -0,0 +1 @@
|
||||||
|
encrypt$gAAAAABgjT0nJgjC8E160hANcCAW9MlA5WDMFsb9FHfEHTvSuX6u3JgELdyQcv8jM76d_i6SHuUeo1Dy7bbKKsNzR5PAPZHSjcnXYWg-E5Y_zQfE3hvkIIseankXYUwbDskgtWs4IYKp3ANJ8eZrT82YM56Gh0qZ6T6JFSiv15M6b2DHBi3RmYSkpeif0AJshUx13S_rH0S2SBCo5Ecshb41p__wgA55irQ7PF62vd-Ow5JpSq-hr--zuuC5YOvFybM2ipy8heh_uMkm4Bvl2lyZiPD5d6QhkeIOowmbF3omDtoV3S0MuIfMf2jERf7sukWDHqp8sA5P5KgCM3QoBK467jIrbp6ZU9urezLS412_oH2KPOGfmre99QKjB059rezeGEWG4XehdoG3uo8cNm4z8y8yWKdQBeYGk-VS4fDpVfFCAnS1bVgTxXVNaWRuM2OJbioMXi986X7JU7-3NYRlk0_JMxTaVaUT3duWeK6OzSSsQwg37343NmaZZTuLn4Wy2wJYqoblrq3LB4g0v9JZJ_d8oHgzrnjVe-asBDgjiXoHFZcbU0s8eG2n5xViGaKcZivjFR6qhx9OmtbAzywDhLvfb0IkPxqmFiWT1bEnRqbEPJ3GYi3hdtdWyrcwfxMbQk8N9nZ3
|
1
data/gitea/files/ssh-keys/htz.ex42-1048908.pub
Normal file
1
data/gitea/files/ssh-keys/htz.ex42-1048908.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3aj7Ij9aIgSBgIAyIPAQa/w++7eVKIxbK0iFuVvjeH
|
|
@ -120,7 +120,15 @@ nodes['htz.ex42-1048908'] = {
|
||||||
'email_domain_blocklist': {
|
'email_domain_blocklist': {
|
||||||
'gmail.com',
|
'gmail.com',
|
||||||
'yahoo.com',
|
'yahoo.com',
|
||||||
|
'aol.com',
|
||||||
|
'comcast.net',
|
||||||
|
'verizon.net',
|
||||||
|
'hotmail.com',
|
||||||
|
'cox.net',
|
||||||
|
'msn.com',
|
||||||
},
|
},
|
||||||
|
'enable_git_hooks': True,
|
||||||
|
'install_ssh_key': True,
|
||||||
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
|
'internal_token': vault.decrypt('encrypt$gAAAAABfPncYwCX-NdBr9LdxLyGqmjRJqhmwMnWsdZy6kVOWdKrScW78xaqbJ1tpL1J4qa2hcZ7TQj3l-2mkyJNJOenGzU3TsI-gYMj9vC4m8Bhur5zboxjD4dQXaJbD1WSyHJ9sPJYsWP3Gjg6I19xeq9xMlAI6xaS9vOfuoI8nZnnQPx1NjfQEj03Jxf8a0-3F20sfICst1xRa5K48bpq1PFkK_oRojg=='),
|
||||||
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
|
'lfs_secret_key': vault.decrypt('encrypt$gAAAAABfPnd1vgNDt86-91YhviQw8Z0djSp4f_tBt76klDv-ZcwxP1ryJzqJ7qnfaTe_6DYCfc82gEzvVDsyBlCoAkGpt1AI2_LCKetuSCnDPjtGvwdQl3A53lFEdG2UJl1uUiR7f8Vr'),
|
||||||
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
|
'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
|
||||||
|
|
Loading…
Reference in a new issue