kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

rename bundle:gitea to bundle:forgejo

Browse source
This commit is contained in:
Franzi 2023-08-02 16:37:48 +02:00
parent f1045172fd
commit b692b09c00
Signed by: kunsi
GPG key ID: 12E3D2136B818350
8 changed files with 91 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

89
bundles/forgejo/files/app.ini Normal file
View file

@ -0,0 +1,89 @@
APP_NAME = ${app_name}
RUN_USER = git
RUN_MODE = prod
WORK_PATH = /var/lib/forgejo
[repository]
ROOT = /var/lib/forgejo/repositories
MAX_CREATION_LIMIT = 0
DEFAULT_BRANCH = main
[ui]
ISSUE_PAGING_NUM = 50
MEMBERS_PAGING_NUM = 100
[server]
PROTOCOL = http
SSH_DOMAIN = ${domain}
DOMAIN = ${domain}
HTTP_ADDR = 127.0.0.1
HTTP_PORT = 22000
ROOT_URL = https://${domain}/
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = ${lfs_secret_key}
OFFLINE_MODE = true
START_SSH_SERVER = false
DISABLE_ROUTER_LOG = true
LANDING_PAGE = explore
[database]
DB_TYPE = postgres
HOST = ${database.get('host', 'localhost')}:5432
NAME = ${database['database']}
USER = ${database['username']}
PASSWD = ${database['password']}
SSL_MODE = disable
LOG_SQL = false
[admin]
DEFAULT_EMAIL_NOTIFICATIONS = onmention
DISABLE_REGULAR_ORG_CREATION = true
[security]
INTERNAL_TOKEN = ${internal_token}
INSTALL_LOCK = true
SECRET_KEY = ${security_secret_key}
LOGIN_REMEMBER_DAYS = 30
DISABLE_GIT_HOOKS = ${str(not enable_git_hooks).lower()}
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[service]
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
DISABLE_REGISTRATION = ${str(disable_registration).lower()}
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.${domain}
EMAIL_DOMAIN_BLOCKLIST = ${','.join(sorted(email_domain_blocklist))}
[mailer]
ENABLED = true
PROTOCOL = sendmail
FROM = "${app_name}" <noreply@${domain}>
[session]
PROVIDER = file
[picture]
DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false
[log]
MODE = console
LEVEL = warn
[oauth2]
JWT_SECRET = ${oauth_secret_key}
[other]
SHOW_FOOTER_BRANDING = true
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

17
bundles/forgejo/files/forgejo.service Normal file
View file

@ -0,0 +1,17 @@
[Unit]
Description=${app_name} at ${domain}
After=syslog.target
After=network.target
Requires=postgresql.service
[Service]
RestartSec=10
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/forgejo
ExecStart=/usr/local/bin/forgejo web -c /etc/forgejo/app.ini
Restart=always
[Install]
WantedBy=multi-user.target

65
bundles/forgejo/items.py Normal file
View file

@ -0,0 +1,65 @@
users = {
'git': {
'home': '/var/lib/forgejo',
},
}
directories = {
'/var/lib/forgejo/.ssh': {
'mode': '0700',
'owner': 'git',
'group': 'git',
},
'/var/lib/forgejo': {
'owner': 'git',
'mode': '0700',
'triggers': {
'svc_systemd:forgejo:restart',
},
},
}
files = {
'/usr/local/lib/systemd/system/forgejo.service': {
'content_type': 'mako',
'context': node.metadata.get('forgejo'),
'triggers': {
'action:systemd-reload',
'svc_systemd:forgejo:restart',
},
},
'/etc/forgejo/app.ini': {
'content_type': 'mako',
'context': node.metadata.get('forgejo'),
'triggers': {
'svc_systemd:forgejo:restart',
},
},
'/usr/local/bin/forgejo': {
'content_type': 'download',
'source': node.metadata.get('forgejo/url'),
'content_hash': node.metadata.get('forgejo/sha1', None),
'mode': '0755',
'triggers': {
'svc_systemd:forgejo:restart',
},
},
}
if node.metadata.get('forgejoinstall_ssh_key', False):
files['/var/lib/forgejo/.ssh/id_ed25519'] = {
'content': repo.vault.decrypt_file(f'forgejo/files/ssh-keys/{node.name}.key.vault'),
'mode': '0600',
'owner': 'git',
'group': 'git',
}
svc_systemd = {
'forgejo': {
'needs': {
'file:/etc/forgejo/app.ini',
'file:/usr/local/bin/forgejo',
'file:/usr/local/lib/systemd/system/forgejo.service',
},
},
}

91
bundles/forgejo/metadata.py Normal file
View file

@ -0,0 +1,91 @@
defaults = {
'backups': {
'paths': {
'/var/lib/forgejo',
},
},
'forgejo': {
'app_name': 'Forgejo',
'database': {
'username': 'forgejo',
'password': repo.vault.password_for('{} postgresql forgejo'.format(node.name)),
'database': 'forgejo',
},
'disable_registration': True,
'email_domain_blocklist': set(),
'enable_git_hooks': False,
'internal_token': repo.vault.password_for('{} forgejo internal_token'.format(node.name)),
'lfs_secret_key': repo.vault.password_for('{} forgejo lfs_secret_key'.format(node.name)),
'oauth_secret_key': repo.vault.password_for('{} forgejo oauth_secret_key'.format(node.name)),
'security_secret_key': repo.vault.password_for('{} forgejo security_secret_key'.format(node.name)),
},
'icinga2_api': {
'forgejo': {
'services': {
'FORGEJO PROCESS': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit forgejo',
},
'FORGEJO UPDATE': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_forgejo_for_new_release codeberg.org forgejo/forgejo v$(forgejo --version | cut -d" " -f3)',
'vars.notification.mail': True,
'check_interval': '60m',
},
},
},
},
'openssh': {
'allowed_users': {
'git',
},
},
'postgresql': {
'roles': {
'forgejo': {
'password': repo.vault.password_for('{} postgresql forgejo'.format(node.name)),
},
},
'databases': {
'forgejo': {
'owner': 'forgejo',
},
},
},
'zfs': {
'datasets': {
'tank/forgejo': {
'mountpoint': '/var/lib/forgejo',
'needed_by': {
'directory:/var/lib/forgejo',
},
},
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/forgejo',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
return {
'nginx': {
'vhosts': {
'forgejo': {
'domain': metadata.get('forgejo/domain'),
'locations': {
'/': {
'target': 'http://127.0.0.1:22000',
},
'/debug': {
'return': 403,
},
},
'website_check_path': '/user/login',
'website_check_string': 'Sign In',
},
},
},
}