mirror of
https://git.cloudron.io/cloudron/gitea-app.git
synced 2024-11-21 23:50:59 +00:00
Bring in various gogs features
better custom app.ini optional sso support always create root user
This commit is contained in:
parent
0d2e1cfff0
commit
e566c94b43
4 changed files with 58 additions and 28 deletions
|
@ -24,6 +24,7 @@
|
||||||
"website": "https://gitea.io",
|
"website": "https://gitea.io",
|
||||||
"contactEmail": "apps@cloudron.io",
|
"contactEmail": "apps@cloudron.io",
|
||||||
"icon": "file://logo.png",
|
"icon": "file://logo.png",
|
||||||
|
"optionalSso": true,
|
||||||
"mediaLinks": [
|
"mediaLinks": [
|
||||||
"https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/1.png",
|
"https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/1.png",
|
||||||
"https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/2.png",
|
"https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/2.png",
|
||||||
|
|
|
@ -13,6 +13,7 @@ RUN adduser --disabled-login --gecos 'Gitea' git
|
||||||
RUN passwd -d git
|
RUN passwd -d git
|
||||||
|
|
||||||
RUN mkdir -p /home/git/gitea
|
RUN mkdir -p /home/git/gitea
|
||||||
|
WORKDIR /home/git
|
||||||
RUN curl -L https://dl.gitea.io/gitea/1.8.2/gitea-1.8.2-linux-amd64 -o /home/git/gitea/gitea \
|
RUN curl -L https://dl.gitea.io/gitea/1.8.2/gitea-1.8.2-linux-amd64 -o /home/git/gitea/gitea \
|
||||||
&& chmod +x /home/git/gitea/gitea
|
&& chmod +x /home/git/gitea/gitea
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
This app integrates with the Cloudron SSO. Admins on Cloudron automatically
|
A default admin user has been setup with the following credentials (use the `Local` authentication source when logging in):
|
||||||
become admins on Gitea.
|
|
||||||
|
|
||||||
If you want to disable Cloudron SSO, do the following:
|
```
|
||||||
|
username: root
|
||||||
|
password: changeme
|
||||||
|
```
|
||||||
|
|
||||||
* Admin Panel -> Authentication -> 'cloudron' -> Uncheck 'This authentication is activated'
|
**Note:** Please change the password and email immediately after installation.
|
||||||
* Admin Panel -> Users -> Change Authentication Source to 'Local' and also give a password
|
|
||||||
|
|
||||||
You can edit `/app/data/app.ini` and add any custom configuration. See the
|
<sso>
|
||||||
[configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet)
|
This app integrates with the Cloudron SSO. Cloudron users can login and use Gitea
|
||||||
for more information.
|
using the `Cloudron` authentication source.
|
||||||
|
</sso>
|
||||||
|
|
||||||
|
|
66
start.sh
66
start.sh
|
@ -7,27 +7,56 @@ mkdir -p /run/gitea/tmp/uploads /run/sshd
|
||||||
setup_ldap_source() {
|
setup_ldap_source() {
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
# Wait for gitea to finish db setup, before we insert ldap source in db
|
|
||||||
while ! curl --fail http://localhost:3000/healthcheck; do
|
|
||||||
echo "Waiting for gitea to come up"
|
|
||||||
sleep 1
|
|
||||||
done
|
|
||||||
|
|
||||||
now=$(date +%s)
|
|
||||||
|
|
||||||
# Get the existing LDAP source status. This allows the user to disable LDAP
|
# Get the existing LDAP source status. This allows the user to disable LDAP
|
||||||
|
# Note that this method is deprecated since this app now supports optionalSso
|
||||||
ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
|
ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
|
||||||
[[ -z "${ldap_status}" ]] && ldap_status="1"
|
[[ -z "${ldap_status}" ]] && ldap_status="1"
|
||||||
|
|
||||||
|
now=$(date +%s)
|
||||||
|
|
||||||
if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
|
if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
|
||||||
-e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
|
-e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
|
||||||
echo "LDAP Authentication was setup with status ${ldap_status}"
|
echo "==> LDAP Authentication was setup with activation status ${ldap_status}"
|
||||||
else
|
else
|
||||||
echo "Failed to setup LDAP authentication"
|
echo "==> Failed to setup LDAP authentication"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setup_root_user() {
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
if sudo -H -u git /home/git/gitea/gitea admin create-user --name root --password changeme --email test@cloudron.io --admin -c /run/gitea/app.ini; then
|
||||||
|
echo "==> root user added"
|
||||||
|
else
|
||||||
|
echo "==> Failed to add root user"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_auth() {
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
# Wait for gitea to finish db setup, before we do any db operations
|
||||||
|
while ! curl --fail http://localhost:3000/healthcheck; do
|
||||||
|
echo "==> Waiting for gitea to come up"
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "==> Gitea is up, setting up auth"
|
||||||
|
|
||||||
|
if [[ -n "${LDAP_SERVER:-}" ]]; then
|
||||||
|
setup_ldap_source
|
||||||
|
fi
|
||||||
|
|
||||||
|
user_count=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;")
|
||||||
|
# be careful, not to create root user for existing LDAP based installs
|
||||||
|
if [[ "${user_count}" == "0" ]]; then
|
||||||
|
echo "==> Setting up root user for first run"
|
||||||
|
setup_root_user
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# SSH_PORT can be unset to disable SSH
|
# SSH_PORT can be unset to disable SSH
|
||||||
disable_ssh="false"
|
disable_ssh="false"
|
||||||
if [[ -z "${SSH_PORT:-}" ]]; then
|
if [[ -z "${SSH_PORT:-}" ]]; then
|
||||||
|
@ -52,19 +81,15 @@ chmod 0644 /app/data/sshd/*.pub
|
||||||
|
|
||||||
sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config
|
sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config
|
||||||
|
|
||||||
cp /home/git/app.ini.template "/run/gitea/app.ini"
|
if [[ ! -f /app/data/app.ini ]]; then
|
||||||
|
echo -e "; Add customizations here - https://docs.gitea.io/en-us/config-cheat-sheet/" > /app/data/app.ini
|
||||||
|
|
||||||
# create default user config file
|
echo "==> Generating new SECRET_KEY"
|
||||||
if ! [ -f /app/data/app.ini ]; then
|
|
||||||
cp /home/git/app.ini.template /app/data/app.ini
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$(crudini --get /app/data/app.ini security SECRET_KEY)" == "##SECRET_KEY" ]; then
|
|
||||||
echo "Generating new SECRET_KEY"
|
|
||||||
crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
|
crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# merge user config file
|
# merge user config file
|
||||||
|
cp /home/git/app.ini.template "/run/gitea/app.ini"
|
||||||
crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
|
crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
|
||||||
|
|
||||||
# override important values
|
# override important values
|
||||||
|
@ -94,11 +119,12 @@ crudini --set "/run/gitea/app.ini" log MODE "console"
|
||||||
crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
|
crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
|
||||||
crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
|
crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
|
||||||
|
|
||||||
|
echo "==> Creating dirs and changing permissions"
|
||||||
mkdir -p /app/data/repository /app/data/ssh /app/data/custom
|
mkdir -p /app/data/repository /app/data/ssh /app/data/custom
|
||||||
|
|
||||||
chown -R git:git /app/data /run/gitea
|
chown -R git:git /app/data /run/gitea
|
||||||
|
|
||||||
( setup_ldap_source ) &
|
# this expects app.ini to be available
|
||||||
|
( setup_auth ) &
|
||||||
|
|
||||||
exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
|
exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue