gitea config

gitea/app_defaults.yaml

@@ -0,0 +1,50 @@
+global:
+  APP_NAME: 'Gitea: Git with a cup of tea'
+  RUN_USER: gitea
+  RUN_MODE: prod
+sections:
+  database:
+    DB_TYPE: mysql
+    HOST: 127.0.0.1:3306
+    SSL_MODE: disable
+    # ignored with DB_TYPE MySQL
+    PATH: data/gitea.db
+  repository:
+    ROOT: gitea-repositories
+  server:
+    START_SSH_SERVER: 'false'
+    SSH_DOMAIN: localhost
+    SSH_PORT: 9022
+    DOMAIN: localhost
+    HTTP_PORT: 3000
+    ROOT_URL: https://localhost/
+    DISABLE_SSH: 'true'
+    LFS_START_SERVER: 'false'
+    LFS_CONTENT_PATH: data/lfs
+    OFFLINE_MODE: 'true'
+  mailer:
+    ENABLED: 'false'
+  service:
+    REGISTER_EMAIL_CONFIRM: 'false'
+    ENABLE_NOTIFY_MAIL: 'false'
+    DISABLE_REGISTRATION: 'true'
+    ALLOW_ONLY_EXTERNAL_REGISTRATION: 'false'
+    ENABLE_CAPTCHA: 'false'
+    REQUIRE_SIGNIN_VIEW: 'false'
+    DEFAULT_KEEP_EMAIL_PRIVATE: 'true'
+    DEFAULT_ALLOW_CREATE_ORGANIZATION: 'true'
+    DEFAULT_ENABLE_TIMETRACKING: 'true'
+    NO_REPLY_ADDRESS: noreply.example.org
+  picture:
+    DISABLE_GRAVATAR: 'false'
+    ENABLE_FEDERATED_AVATAR: 'false'
+  openid:
+    ENABLE_OPENID_SIGNIN: 'false'
+    ENABLE_OPENID_SIGNUP: 'false'
+  session:
+    PROVIDER: file
+  log:
+    MODE: file
+    LEVEL: Info
+    ROOT_PATH: log
+

gitea/files/app_ini.jinja

@@ -0,0 +1,36 @@
+# Managed by salt
+{% import_yaml 'gitea/app_defaults.yaml' as defaults -%}
+{% set secrets = salt.file.read(pillar['gitea']['path'] + '/etc/secrets.json') | load_json -%}
+{% set pillar_global = salt.pillar.get('gitea:config:global', {}) -%}
+{% set pillar_sections = salt.pillar.get('gitea:config:sections', {}) -%}
+
+{% for key in defaults['global'].keys() -%}
+{%   if key in pillar_global -%}
+{{key}} = {{pillar_global[key]}}
+{%   else -%}
+{{key}} = {{defaults['global'][key]}}
+{%   endif -%}
+{% endfor %}
+
+[security]
+INTERNAL_TOKEN = {{secrets['INTERNAL_TOKEN']}}
+INSTALL_LOCK = true
+SECRET_KEY = {{secrets['SECRET_KEY']}}
+
+{% for section in defaults['sections'].keys() -%}
+[{{section}}]
+{%   if section == 'server' -%}
+LFS_JWT_SECRET = {{secrets['LFS_JWT_SECRET']}}
+{%   elif section == 'database' -%}
+NAME = {{pillar_sections['database']['NAME']}}
+USER = {{pillar_sections['database']['USER']}}
+PASSWD = `{{pillar_sections['database']['PASSWD']}}`
+{%   endif -%}
+{%   for key in defaults['sections'][section] -%}
+{%     if section in pillar_sections and key in pillar_sections[section] -%}
+{{key}} = {{pillar_sections[section][key]}}
+{%     else -%}
+{{key}} = {{defaults['sections'][section][key]}}
+{%     endif -%}
+{%   endfor -%}
+{% endfor %}

gitea/files/secrets_json.jinja

@@ -0,0 +1,5 @@
+{{ {
+    'INTERNAL_TOKEN': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret INTERNAL_TOKEN'),
+    'LFS_JWT_SECRET': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret LFS_JWT_SECRET'),
+    'SECRET_KEY': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret SECRET_KEY')
+} | tojson }}

gitea/install.sls

@@ -4,11 +4,35 @@
 %}
 {% set basepath = salt.pillar.get('gitea:path')  %}
 
-wget {{ url }} -O {{ basepath }}/bin/gitea && chmod +x {{ basepath }}/bin/gitea && echo {{ ver }} > {{ basepath }}/VERSION:
+'download gitea':
   cmd.run:
+    - name: 'wget {{ url }} -O {{ basepath }}/bin/gitea && chmod +x {{ basepath }}/bin/gitea && echo {{ ver }} > {{ basepath }}/VERSION'
     - unless: grep -P '^{{ ver }}$' {{ basepath }}/VERSION
     - runas: {{ salt.pillar.get('gitea:user') }}
     - require:
       - sls: gitea.dirs
 
-# need to setup etc/
+{{basepath}}/etc/secrets.json:
+  file.managed:
+    - user: {{ salt.pillar.get('gitea:user') }}
+    - group: {{ salt.pillar.get('gitea:user') }}
+    - mode: 400
+{% if not salt.file.contains(basepath + '/etc/secrets.json', 'INTERNAL_TOKEN') %}
+    - source: 'salt://gitea/files/secrets_json.jinja'
+    - template: jinja
+{% else %}
+    - replace: False
+{% endif %}
+    - require:
+      - cmd: download gitea
+
+{{basepath}}/etc/app.ini:
+  file.managed:
+    - source: salt://gitea/files/app_ini.jinja
+    - template: jinja
+    - user: {{ salt.pillar.get('gitea:user') }}
+    - group: {{ salt.pillar.get('gitea:user') }}
+    - mode: 640
+    - require:
+      - file: {{basepath}}/etc/secrets.json
+

gitea/systemd.sls

@@ -8,15 +8,10 @@
     - require:
       - sls: gitea.install
 
-# systemctl daemon-reload
-service.systemctl_reload:
-  module.run:
-    - onchanges:
-      - file: /etc/systemd/system/gitea.service
-
 gitea:
   service.running:
     - enable: True
     - watch:
       - file: /etc/systemd/system/gitea.service
+      - file: {{ salt.pillar.get('gitea:path') }}/etc/app.ini