gitea config
This commit is contained in:
50
gitea/app_defaults.yaml
Normal file
50
gitea/app_defaults.yaml
Normal file
@@ -0,0 +1,50 @@
|
||||
global:
|
||||
APP_NAME: 'Gitea: Git with a cup of tea'
|
||||
RUN_USER: gitea
|
||||
RUN_MODE: prod
|
||||
sections:
|
||||
database:
|
||||
DB_TYPE: mysql
|
||||
HOST: 127.0.0.1:3306
|
||||
SSL_MODE: disable
|
||||
# ignored with DB_TYPE MySQL
|
||||
PATH: data/gitea.db
|
||||
repository:
|
||||
ROOT: gitea-repositories
|
||||
server:
|
||||
START_SSH_SERVER: 'false'
|
||||
SSH_DOMAIN: localhost
|
||||
SSH_PORT: 9022
|
||||
DOMAIN: localhost
|
||||
HTTP_PORT: 3000
|
||||
ROOT_URL: https://localhost/
|
||||
DISABLE_SSH: 'true'
|
||||
LFS_START_SERVER: 'false'
|
||||
LFS_CONTENT_PATH: data/lfs
|
||||
OFFLINE_MODE: 'true'
|
||||
mailer:
|
||||
ENABLED: 'false'
|
||||
service:
|
||||
REGISTER_EMAIL_CONFIRM: 'false'
|
||||
ENABLE_NOTIFY_MAIL: 'false'
|
||||
DISABLE_REGISTRATION: 'true'
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION: 'false'
|
||||
ENABLE_CAPTCHA: 'false'
|
||||
REQUIRE_SIGNIN_VIEW: 'false'
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE: 'true'
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION: 'true'
|
||||
DEFAULT_ENABLE_TIMETRACKING: 'true'
|
||||
NO_REPLY_ADDRESS: noreply.example.org
|
||||
picture:
|
||||
DISABLE_GRAVATAR: 'false'
|
||||
ENABLE_FEDERATED_AVATAR: 'false'
|
||||
openid:
|
||||
ENABLE_OPENID_SIGNIN: 'false'
|
||||
ENABLE_OPENID_SIGNUP: 'false'
|
||||
session:
|
||||
PROVIDER: file
|
||||
log:
|
||||
MODE: file
|
||||
LEVEL: Info
|
||||
ROOT_PATH: log
|
||||
|
||||
36
gitea/files/app_ini.jinja
Normal file
36
gitea/files/app_ini.jinja
Normal file
@@ -0,0 +1,36 @@
|
||||
# Managed by salt
|
||||
{% import_yaml 'gitea/app_defaults.yaml' as defaults -%}
|
||||
{% set secrets = salt.file.read(pillar['gitea']['path'] + '/etc/secrets.json') | load_json -%}
|
||||
{% set pillar_global = salt.pillar.get('gitea:config:global', {}) -%}
|
||||
{% set pillar_sections = salt.pillar.get('gitea:config:sections', {}) -%}
|
||||
|
||||
{% for key in defaults['global'].keys() -%}
|
||||
{% if key in pillar_global -%}
|
||||
{{key}} = {{pillar_global[key]}}
|
||||
{% else -%}
|
||||
{{key}} = {{defaults['global'][key]}}
|
||||
{% endif -%}
|
||||
{% endfor %}
|
||||
|
||||
[security]
|
||||
INTERNAL_TOKEN = {{secrets['INTERNAL_TOKEN']}}
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY = {{secrets['SECRET_KEY']}}
|
||||
|
||||
{% for section in defaults['sections'].keys() -%}
|
||||
[{{section}}]
|
||||
{% if section == 'server' -%}
|
||||
LFS_JWT_SECRET = {{secrets['LFS_JWT_SECRET']}}
|
||||
{% elif section == 'database' -%}
|
||||
NAME = {{pillar_sections['database']['NAME']}}
|
||||
USER = {{pillar_sections['database']['USER']}}
|
||||
PASSWD = `{{pillar_sections['database']['PASSWD']}}`
|
||||
{% endif -%}
|
||||
{% for key in defaults['sections'][section] -%}
|
||||
{% if section in pillar_sections and key in pillar_sections[section] -%}
|
||||
{{key}} = {{pillar_sections[section][key]}}
|
||||
{% else -%}
|
||||
{{key}} = {{defaults['sections'][section][key]}}
|
||||
{% endif -%}
|
||||
{% endfor -%}
|
||||
{% endfor %}
|
||||
5
gitea/files/secrets_json.jinja
Normal file
5
gitea/files/secrets_json.jinja
Normal file
@@ -0,0 +1,5 @@
|
||||
{{ {
|
||||
'INTERNAL_TOKEN': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret INTERNAL_TOKEN'),
|
||||
'LFS_JWT_SECRET': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret LFS_JWT_SECRET'),
|
||||
'SECRET_KEY': salt.cmd.run(pillar['gitea']['path'] + '/bin/gitea generate secret SECRET_KEY')
|
||||
} | tojson }}
|
||||
@@ -4,11 +4,35 @@
|
||||
%}
|
||||
{% set basepath = salt.pillar.get('gitea:path') %}
|
||||
|
||||
wget {{ url }} -O {{ basepath }}/bin/gitea && chmod +x {{ basepath }}/bin/gitea && echo {{ ver }} > {{ basepath }}/VERSION:
|
||||
'download gitea':
|
||||
cmd.run:
|
||||
- name: 'wget {{ url }} -O {{ basepath }}/bin/gitea && chmod +x {{ basepath }}/bin/gitea && echo {{ ver }} > {{ basepath }}/VERSION'
|
||||
- unless: grep -P '^{{ ver }}$' {{ basepath }}/VERSION
|
||||
- runas: {{ salt.pillar.get('gitea:user') }}
|
||||
- require:
|
||||
- sls: gitea.dirs
|
||||
|
||||
# need to setup etc/
|
||||
{{basepath}}/etc/secrets.json:
|
||||
file.managed:
|
||||
- user: {{ salt.pillar.get('gitea:user') }}
|
||||
- group: {{ salt.pillar.get('gitea:user') }}
|
||||
- mode: 400
|
||||
{% if not salt.file.contains(basepath + '/etc/secrets.json', 'INTERNAL_TOKEN') %}
|
||||
- source: 'salt://gitea/files/secrets_json.jinja'
|
||||
- template: jinja
|
||||
{% else %}
|
||||
- replace: False
|
||||
{% endif %}
|
||||
- require:
|
||||
- cmd: download gitea
|
||||
|
||||
{{basepath}}/etc/app.ini:
|
||||
file.managed:
|
||||
- source: salt://gitea/files/app_ini.jinja
|
||||
- template: jinja
|
||||
- user: {{ salt.pillar.get('gitea:user') }}
|
||||
- group: {{ salt.pillar.get('gitea:user') }}
|
||||
- mode: 640
|
||||
- require:
|
||||
- file: {{basepath}}/etc/secrets.json
|
||||
|
||||
|
||||
@@ -8,15 +8,10 @@
|
||||
- require:
|
||||
- sls: gitea.install
|
||||
|
||||
# systemctl daemon-reload
|
||||
service.systemctl_reload:
|
||||
module.run:
|
||||
- onchanges:
|
||||
- file: /etc/systemd/system/gitea.service
|
||||
|
||||
gitea:
|
||||
service.running:
|
||||
- enable: True
|
||||
- watch:
|
||||
- file: /etc/systemd/system/gitea.service
|
||||
- file: {{ salt.pillar.get('gitea:path') }}/etc/app.ini
|
||||
|
||||
|
||||
Reference in New Issue
Block a user