From 76103ad83178e1b00eedc1cbabd8029b4bb22aa5 Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Sun, 7 Mar 2021 13:24:39 +0000 Subject: [PATCH] Add redacted gitea config and functions for replacing strings in configs --- .gitignore | 2 +- config/APKBUILD-config.common | 10 +++- config/gitea/APKBUILD | 25 ++++++-- config/gitea/redxen.ini | 106 ++++++++++++++++++++++++++++++++++ 4 files changed, 136 insertions(+), 7 deletions(-) create mode 100644 config/gitea/redxen.ini diff --git a/.gitignore b/.gitignore index 5af8599..a8b5b32 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ src/ pkg/ +secrets .rootbld-repositories secret/nginx-httpauth secret/letsencrypt/private.key @@ -8,7 +9,6 @@ config/murmur/murmur.ini config/transmission-daemon/settings.json config/wireguard/main.conf config/grafana/main.ini -config/gitea/redxen.ini config/dovecot/pgsql.conf config/postfix/pgsql-aliases.cf config/postfix/pgsql-users.cf diff --git a/config/APKBUILD-config.common b/config/APKBUILD-config.common index b9044b3..450843b 100644 --- a/config/APKBUILD-config.common +++ b/config/APKBUILD-config.common @@ -6,14 +6,22 @@ license="none" pkgdesc="RedXen service config for $_svcname" options="!check" builddir="$srcdir" +_cfgpath="${_configpath:-/etc/${_svcname}}" package_copy_configs() { for i in ${1:-$source}; do - install -Dm"${_cfgumask:-644}" "$i" "$pkgdir"/"${_configpath:-/etc/${_svcname}}"/"$i" + package_copy_cfg done } +package_copy_cfg() { + install -Dm"${COPYCFG_MASK:-${_cfgumask:-644}}" "${COPYCFG_SRC:-$i}" "${COPYCFG_DEST:-${pkgdir}/${_cfgpath}/${COPYCFG_FNAME_DEST:-$i}}" +} + package() { package_copy_configs } +replace_in_file() { + sed -i -- "s/$1/$(echo "$2" | sed 's/[&/\]/\\&/g')/g" "$3" +} diff --git a/config/gitea/APKBUILD b/config/gitea/APKBUILD index f6ba1a2..5b26910 100644 --- a/config/gitea/APKBUILD +++ b/config/gitea/APKBUILD @@ -4,14 +4,29 @@ _svcname=gitea . ../APKBUILD-config.common -pkgver=2021.02.09 -pkgrel=0 +pkgver=2021.03.07 +pkgrel=3 depends="redxen-data-gitea-theme" -source="redxen.ini" +source=" + redxen.ini + secrets +" + +prepare() { + default_prepare + install -D "redxen.ini" "redxen-mod.ini" + . secrets + replace_in_file "POSTGRESQL_GITEA_PASSWORD" "$POSTGRESQL_GITEA_PASSWORD" "redxen-mod.ini" + replace_in_file "GITEA_SECRET_KEY" "$GITEA_SECRET_KEY" "redxen-mod.ini" + replace_in_file "GITEA_INTERNAL_TOKEN" "$GITEA_INTERNAL_TOKEN" "redxen-mod.ini" + replace_in_file "GITEA_MAILER_PASSWD" "$GITEA_MAILER_PASSWD" "redxen-mod.ini" + replace_in_file "GITEA_OAUTH_JWT_TOKEN" "$GITEA_OAUTH_JWT_TOKEN" "redxen-mod.ini" +} package() { - package_copy_configs + COPYCFG_SRC="redxen-mod.ini" COPYCFG_FNAME_DEST="redxen.ini" package_copy_cfg mkdir -p "$pkgdir"/var/lib/gitea } -sha512sums="8d34bd29fead331e31ad37a6e764d47f04e43ce8a16fb3990eea02dbd19b1b758ecc4f23750e1f14e7398f7c40d3773247140e119de6c42f6393e86f8348b14c redxen.ini" +sha512sums="d5f69031a628c3b6f8d0ab35410cc8ec3a607132573396a048d79ec0f7a551fc77ee441c483e1602655e365549d1208a5a035b397cc837a3708dac37be6f6645 redxen.ini +012d489c5d71864cda4b99ec16b3d6edbf83d18ea14d2104afe70e320937f4dd223572e384fba040cb3d43ced8ca7267e434756e4a1cd8bd41bb6f9092ad4b9d secrets" diff --git a/config/gitea/redxen.ini b/config/gitea/redxen.ini new file mode 100644 index 0000000..f281d5d --- /dev/null +++ b/config/gitea/redxen.ini @@ -0,0 +1,106 @@ +APP_NAME = RedXen Git +RUN_MODE = prod + +[server] +APP_DATA_PATH = /var/lib/gitea +SSH_DOMAIN = git.redxen.eu +SSH_PORT = 2442 +SSH_LISTEN_PORT = 7571 +HTTP_ADDR = :: +HTTP_PORT = 7570 +ROOT_URL = https://git.redxen.eu/ +DISABLE_SSH = false +START_SSH_SERVER = true +BUILTIN_SSH_SERVER_USER = git +LANDING_PAGE = explore + +[repository] +ROOT = repositories +MAX_CREATION_LIMIT = 0 +ENABLE_PUSH_CREATE_USER = true +ENABLE_PUSH_CREATE_ORG = true + +[repository.upload] +TEMP_PATH = uploads + +[repository.local] +LOCAL_COPY_PATH = tmp/local-repo + +[lfs] +CONTENT_PATH = lfs + +[database] +DB_TYPE = postgres +HOST = postgresql.routinginfo.redxen.localhost:7550 +NAME = gitea +USER = gitea +PASSWD = POSTGRESQL_GITEA_PASSWORD + +[ui] +THEMES = gitea,arc-green,redxen +DEFAULT_THEME = redxen + +[ui.meta] +AUTHOR = RedXen Git - Where code is a currency +DESCRIPTION = The RedXen git is the center of development of the RedXen community. + +[indexer] +REPO_INDEXER_ENABLED = true +ISSUE_INDEXER_TYPE = bleve +REPO_INDEXER_TYPE = bleve + +[queue.issue_indexer] +TYPE = redis +CONN_STR = redis://redis.routinginfo.redxen.localhost:7551/?db=7&pool_size=100&idle_timeout=180s + +[session] +PROVIDER = redis +PROVIDER_CONFIG = redis://redis.routinginfo.redxen.localhost:7551/?db=6&pool_size=100&idle_timeout=180s +COOKIE_SECURE = true + +[picture] +AVATAR_UPLOAD_PATH = avatars +REPOSITORY_AVATAR_UPLOAD_PATH = repo-avatars + +[attachment] +PATH = attachments + +[security] +INSTALL_LOCK = true +SECRET_KEY = GITEA_SECRET_KEY +INTERNAL_TOKEN = GITEA_INTERNAL_TOKEN +IMPORT_LOCAL_PATHS = false +PASSWORD_COMPLEXITY = lower,upper,digit +PASSWORD_CHECK_PWN = true + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = true +NO_REPLY_ADDRESS = noreply.redxen.eu +ENABLE_USER_HEATMAP = true + +[mailer] +ENABLED = true +HOST = mail.redxen.eu:465 +FROM = "Gitea" +USER = gitea +PASSWD = GITEA_MAILER_PASSWD +MAILER_TYPE = smtp +IS_TLS_ENABLED = true + +[log] +MODE = console + +[cache] +ADAPTER = redis +HOST = redis://redis.routinginfo.redxen.localhost:7551/?db=5&pool_size=100&idle_timeout=180s + +[oauth2] +JWT_SECRET = GITEA_OAUTH_JWT_TOKEN + +[cron] +ENABLED = true + +[metrics] +ENABLED = false