From dc716f477cfa94838f0602dfcc0ac2eac3720ce7 Mon Sep 17 00:00:00 2001 From: keiran Date: Sat, 30 Mar 2019 20:18:01 -0400 Subject: [PATCH] gitea config --- gitea/app_defaults.yaml | 50 ++++++++++++++++++++++++++++++++++ gitea/files/app_ini.jinja | 36 ++++++++++++++++++++++++ gitea/files/secrets_json.jinja | 5 ++++ gitea/install.sls | 28 +++++++++++++++++-- gitea/systemd.sls | 7 +---- 5 files changed, 118 insertions(+), 8 deletions(-) create mode 100644 gitea/app_defaults.yaml create mode 100644 gitea/files/app_ini.jinja create mode 100644 gitea/files/secrets_json.jinja diff --git a/gitea/app_defaults.yaml b/gitea/app_defaults.yaml new file mode 100644 index 0000000..e1fdfa7 --- /dev/null +++ b/gitea/app_defaults.yaml @@ -0,0 +1,50 @@ +global: + APP_NAME: 'Gitea: Git with a cup of tea' + RUN_USER: gitea + RUN_MODE: prod +sections: + database: + DB_TYPE: mysql + HOST: 127.0.0.1:3306 + SSL_MODE: disable + # ignored with DB_TYPE MySQL + PATH: data/gitea.db + repository: + ROOT: gitea-repositories + server: + START_SSH_SERVER: 'false' + SSH_DOMAIN: localhost + SSH_PORT: 9022 + DOMAIN: localhost + HTTP_PORT: 3000 + ROOT_URL: https://localhost/ + DISABLE_SSH: 'true' + LFS_START_SERVER: 'false' + LFS_CONTENT_PATH: data/lfs + OFFLINE_MODE: 'true' + mailer: + ENABLED: 'false' + service: + REGISTER_EMAIL_CONFIRM: 'false' + ENABLE_NOTIFY_MAIL: 'false' + DISABLE_REGISTRATION: 'true' + ALLOW_ONLY_EXTERNAL_REGISTRATION: 'false' + ENABLE_CAPTCHA: 'false' + REQUIRE_SIGNIN_VIEW: 'false' + DEFAULT_KEEP_EMAIL_PRIVATE: 'true' + DEFAULT_ALLOW_CREATE_ORGANIZATION: 'true' + DEFAULT_ENABLE_TIMETRACKING: 'true' + NO_REPLY_ADDRESS: noreply.example.org + picture: + DISABLE_GRAVATAR: 'false' + ENABLE_FEDERATED_AVATAR: 'false' + openid: + ENABLE_OPENID_SIGNIN: 'false' + ENABLE_OPENID_SIGNUP: 'false' + session: + PROVIDER: file + log: + MODE: file + LEVEL: Info + ROOT_PATH: log + diff --git a/gitea/files/app_ini.jinja b/gitea/files/app_ini.jinja new file mode 100644 index 0000000..b370fcf --- /dev/null +++ b/gitea/files/app_ini.jinja @@ -0,0 +1,36 @@ +# Managed by salt +{% import_yaml 'gitea/app_defaults.yaml' as defaults -%} +{% set secrets = salt.file.read(pillar['gitea']['path'] + '/etc/secrets.json') | load_json -%} +{% set pillar_global = salt.pillar.get('gitea:config:global', {}) -%} +{% set pillar_sections = salt.pillar.get('gitea:config:sections', {}) -%} + +{% for key in defaults['global'].keys() -%} +{% if key in pillar_global -%} +{{key}} = {{pillar_global[key]}} +{% else -%} +{{key}} = {{defaults['global'][key]}} +{% endif -%} +{% endfor %} + +[security] +INTERNAL_TOKEN = {{secrets['INTERNAL_TOKEN']}} +INSTALL_LOCK = true +SECRET_KEY = {{secrets['SECRET_KEY']}} + +{% for section in defaults['sections'].keys() -%} +[{{section}}] +{% if section == 'server' -%} +LFS_JWT_SECRET = {{secrets['LFS_JWT_SECRET']}} +{% elif section == 'database' -%} +NAME = {{pillar_sections['database']['NAME']}} +USER = {{pillar_sections['database']['USER']}} +PASSWD = `{{pillar_sections['database']['PASSWD']}}` +{% endif -%} +{% for key in defaults['sections'][section] -%} +{% if section in pillar_sections and key in pillar_sections[section] -%} +{{key}} = {{pillar_sections[section][key]}} +{% else -%} +{{key}} = {{defaults['sections'][section][key]}} +{% endif -%} +{% endfor -%} +{% endfor %} diff --git a/gitea/files/secrets_json.jinja b/gitea/files/secrets_json.jinja new file mode 100644 index 0000000..2e4632e --- /dev/null +++ b/gitea/files/secrets_json.jinja @@ -0,0 +1,5 @@ +{{ { + 'INTERNAL_TOKEN': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret INTERNAL_TOKEN'), + 'LFS_JWT_SECRET': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret LFS_JWT_SECRET'), + 'SECRET_KEY': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret SECRET_KEY') +} | tojson }} diff --git a/gitea/install.sls b/gitea/install.sls index 6e0e1ae..132bc56 100644 --- a/gitea/install.sls +++ b/gitea/install.sls @@ -4,11 +4,35 @@ %} {% set basepath = salt.pillar.get('gitea:path') %} -wget {{ url }} -O {{ basepath }}/bin/gitea && chmod +x {{ basepath }}/bin/gitea && echo {{ ver }} > {{ basepath }}/VERSION: +'download gitea': cmd.run: + - name: 'wget {{ url }} -O {{ basepath }}/bin/gitea && chmod +x {{ basepath }}/bin/gitea && echo {{ ver }} > {{ basepath }}/VERSION' - unless: grep -P '^{{ ver }}$' {{ basepath }}/VERSION - runas: {{ salt.pillar.get('gitea:user') }} - require: - sls: gitea.dirs -# need to setup etc/ +{{basepath}}/etc/secrets.json: + file.managed: + - user: {{ salt.pillar.get('gitea:user') }} + - group: {{ salt.pillar.get('gitea:user') }} + - mode: 400 +{% if not salt.file.contains(basepath + '/etc/secrets.json', 'INTERNAL_TOKEN') %} + - source: 'salt://gitea/files/secrets_json.jinja' + - template: jinja +{% else %} + - replace: False +{% endif %} + - require: + - cmd: download gitea + +{{basepath}}/etc/app.ini: + file.managed: + - source: salt://gitea/files/app_ini.jinja + - template: jinja + - user: {{ salt.pillar.get('gitea:user') }} + - group: {{ salt.pillar.get('gitea:user') }} + - mode: 640 + - require: + - file: {{basepath}}/etc/secrets.json + diff --git a/gitea/systemd.sls b/gitea/systemd.sls index 5dd7750..cc5e91a 100644 --- a/gitea/systemd.sls +++ b/gitea/systemd.sls @@ -8,15 +8,10 @@ - require: - sls: gitea.install -# systemctl daemon-reload -service.systemctl_reload: - module.run: - - onchanges: - - file: /etc/systemd/system/gitea.service - gitea: service.running: - enable: True - watch: - file: /etc/systemd/system/gitea.service + - file: {{ salt.pillar.get('gitea:path') }}/etc/app.ini