gitea-app/start.sh

#!/bin/bash

set -eu -o pipefail

mkdir -p /run/gitea/tmp/uploads

setup_ldap_source() {
    set -eu

    # Wait for gitea to finish db setup, before we insert ldap source in db
    while ! curl --fail http://localhost:3000/healthcheck; do
        echo "Waiting for gitea to come up"
        sleep 1
    done

    now=$(date +%s)

    # Get the existing LDAP source status. This allows the user to disable LDAP
    ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
    [[ -z "${ldap_status}" ]] && ldap_status="1"

    if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
        echo "LDAP Authentication was setup with status ${ldap_status}"
    else
        echo "Failed to setup LDAP authentication"
        exit 1
    fi
}

# SSH_PORT can be unset to disable SSH
disable_ssh="false"
if [[ -z "${SSH_PORT:-}" ]]; then
    echo "SSH disabled"
    SSH_PORT=29418 # arbitrary port to keep sshd happy
    disable_ssh="true"
fi

if [[ ! -f "/app/data/sshd/ssh_host_ed25519_key" ]]; then
    echo "Generating ssh host keys"
    mkdir -p /app/data/sshd
    ssh-keygen -qt rsa -N '' -f /app/data/sshd/ssh_host_rsa_key
    ssh-keygen -qt dsa -N '' -f /app/data/sshd/ssh_host_dsa_key
    ssh-keygen -qt ecdsa -N '' -f /app/data/sshd/ssh_host_ecdsa_key
    ssh-keygen -qt ed25519 -N '' -f /app/data/sshd/ssh_host_ed25519_key
else
    echo "Reusing existing host keys"
fi

chmod 0600 /app/data/sshd/*_key
chmod 0644 /app/data/sshd/*.pub

sed -e "s/^Port .*/Port ${SSH_PORT}/" \
    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
    /etc/ssh/sshd_config > /run/gitea/sshd_config

sed -e "s/##DOMAIN/${APP_DOMAIN}/g" \
    -e "s/##SSH_PORT/${SSH_PORT}/g" \
    -e "s/##DISABLE_SSH/${disable_ssh}/g" \
    -e "s/##MYSQL_HOST/${MYSQL_HOST}/g" \
    -e "s/##MYSQL_PORT/${MYSQL_PORT}/g" \
    -e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/g" \
    -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/g" \
    -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/g" \
    -e "s/##MAIL_SERVER/${MAIL_SMTP_SERVER}/g" \
    -e "s/##MAIL_PORT/${MAIL_SMTP_PORT}/g" \
    -e "s/##MAIL_FROM/${MAIL_FROM}/g" \
    -e "s/##MAIL_SMTP_USERNAME/${MAIL_SMTP_USERNAME}/g" \
    -e "s/##MAIL_SMTP_PASSWORD/${MAIL_SMTP_PASSWORD}/g" \
    -e "s/##SECRET_KEY/$(pwgen -1 -s)/g" \
    /home/git/app.ini.template > "/run/gitea/app.ini"

# merge any user config file
[[ -f /app/data/app.ini ]] && cat "/app/data/app.ini" >> "/run/gitea/app.ini"

mkdir -p /app/data/repository /app/data/ssh

chown -R git:git /app/data /run/gitea

( setup_ldap_source ) &

exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
Initial version 2015-04-26 19:45:32 +00:00			`#!/bin/bash`

			`set -eu -o pipefail`

First working version, tests follow 2017-06-02 08:32:24 +00:00			`mkdir -p /run/gitea/tmp/uploads`
setup appdata directory fixes #3 and #4 2017-04-05 04:42:26 +00:00
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`setup_ldap_source() {`
Check if ldap setup succeeded 2015-11-24 19:53:21 +00:00			`set -eu`

First working version, tests follow 2017-06-02 08:32:24 +00:00			`# Wait for gitea to finish db setup, before we insert ldap source in db`
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`while ! curl --fail http://localhost:3000/healthcheck; do`
First working version, tests follow 2017-06-02 08:32:24 +00:00			`echo "Waiting for gitea to come up"`
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`sleep 1`
			`done`
Make it work 2015-04-29 04:57:58 +00:00
use username or email to login 2016-04-11 19:21:59 +00:00			`now=$(date +%s)`
do not overwrite LDAP status 2016-08-27 04:51:49 +00:00
			`# Get the existing LDAP source status. This allows the user to disable LDAP`
			`ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")`
			`[[ -z "${ldap_status}" ]] && ldap_status="1"`

Check if ldap setup succeeded 2015-11-24 19:53:21 +00:00			`if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \`
do not overwrite LDAP status 2016-08-27 04:51:49 +00:00			-e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
			`echo "LDAP Authentication was setup with status ${ldap_status}"`
Check if ldap setup succeeded 2015-11-24 19:53:21 +00:00			`else`
			`echo "Failed to setup LDAP authentication"`
			`exit 1`
			`fi`
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`}`
Build from source again since we need patches 2015-06-24 21:26:43 +00:00
disable ssh when SSH_PORT is unset 2016-04-11 17:44:43 +00:00			`# SSH_PORT can be unset to disable SSH`
			`disable_ssh="false"`
check for unset variable correctly 2016-04-11 18:46:57 +00:00			`if [[ -z "${SSH_PORT:-}" ]]; then`
disable ssh when SSH_PORT is unset 2016-04-11 17:44:43 +00:00			`echo "SSH disabled"`
			`SSH_PORT=29418 # arbitrary port to keep sshd happy`
actually disable ssh 2016-04-11 18:59:21 +00:00			`disable_ssh="true"`
disable ssh when SSH_PORT is unset 2016-04-11 17:44:43 +00:00			`fi`

preserve ssh host keys across updates fixes #2 2016-05-04 05:49:59 +00:00			`if [[ ! -f "/app/data/sshd/ssh_host_ed25519_key" ]]; then`
			`echo "Generating ssh host keys"`
			`mkdir -p /app/data/sshd`
			`ssh-keygen -qt rsa -N '' -f /app/data/sshd/ssh_host_rsa_key`
			`ssh-keygen -qt dsa -N '' -f /app/data/sshd/ssh_host_dsa_key`
			`ssh-keygen -qt ecdsa -N '' -f /app/data/sshd/ssh_host_ecdsa_key`
			`ssh-keygen -qt ed25519 -N '' -f /app/data/sshd/ssh_host_ed25519_key`
			`else`
			`echo "Reusing existing host keys"`
			`fi`

			`chmod 0600 /app/data/sshd/*_key`
			`chmod 0644 /app/data/sshd/*.pub`

Make it work 2015-04-29 04:57:58 +00:00			`sed -e "s/^Port .*/Port ${SSH_PORT}/" \`
			`-e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \`
preserve ssh host keys across updates fixes #2 2016-05-04 05:49:59 +00:00			`-e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \`
First working version, tests follow 2017-06-02 08:32:24 +00:00			`/etc/ssh/sshd_config > /run/gitea/sshd_config`
Randomize the admin password 2015-06-24 18:36:12 +00:00
Use APP_DOMAIN instead of hostname -f 2015-11-24 20:16:34 +00:00			`sed -e "s/##DOMAIN/${APP_DOMAIN}/g" \`
Make it work 2015-04-29 00:12:16 +00:00			`-e "s/##SSH_PORT/${SSH_PORT}/g" \`
disable ssh when SSH_PORT is unset 2016-04-11 17:44:43 +00:00			`-e "s/##DISABLE_SSH/${disable_ssh}/g" \`
Make it work 2015-04-29 00:12:16 +00:00			`-e "s/##MYSQL_HOST/${MYSQL_HOST}/g" \`
			`-e "s/##MYSQL_PORT/${MYSQL_PORT}/g" \`
			`-e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/g" \`
			`-e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/g" \`
			`-e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/g" \`
			`-e "s/##MAIL_SERVER/${MAIL_SMTP_SERVER}/g" \`
Gogs actually needs sshd 2015-04-29 02:29:12 +00:00			`-e "s/##MAIL_PORT/${MAIL_SMTP_PORT}/g" \`
Use latest sendmail configuration 2016-05-06 06:07:17 +00:00			`-e "s/##MAIL_FROM/${MAIL_FROM}/g" \`
			`-e "s/##MAIL_SMTP_USERNAME/${MAIL_SMTP_USERNAME}/g" \`
			`-e "s/##MAIL_SMTP_PASSWORD/${MAIL_SMTP_PASSWORD}/g" \`
Make it work 2015-04-29 04:57:58 +00:00			`-e "s/##SECRET_KEY/$(pwgen -1 -s)/g" \`
First working version, tests follow 2017-06-02 08:32:24 +00:00			`/home/git/app.ini.template > "/run/gitea/app.ini"`
Make it work 2015-04-29 00:12:16 +00:00
merge user config file 2016-08-27 04:45:11 +00:00			`# merge any user config file`
First working version, tests follow 2017-06-02 08:32:24 +00:00			`[[ -f /app/data/app.ini ]] && cat "/app/data/app.ini" >> "/run/gitea/app.ini"`
merge user config file 2016-08-27 04:45:11 +00:00
Remove fallback for old code 2015-11-25 17:12:59 +00:00			`mkdir -p /app/data/repository /app/data/ssh`
migrate existing data 2015-10-14 07:46:53 +00:00
First working version, tests follow 2017-06-02 08:32:24 +00:00			`chown -R git:git /app/data /run/gitea`
Skip calling the install route The install route is just a convenience if app.ini has not been setup. gogs always sets up the db on startup if app.ini is setup correctly. 2015-08-18 20:44:26 +00:00
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`( setup_ldap_source ) &`
Add ldap settings to db directly 2015-06-24 18:01:16 +00:00
First working version, tests follow 2017-06-02 08:32:24 +00:00			`exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea`
Initial version 2015-04-26 19:45:32 +00:00