Bring in various gogs features

better custom app.ini
optional sso support
always create root user
This commit is contained in:
Girish Ramakrishnan 2019-06-04 17:14:29 -07:00
parent 0d2e1cfff0
commit e566c94b43
4 changed files with 58 additions and 28 deletions

View file

@ -24,6 +24,7 @@
"website": "https://gitea.io", "website": "https://gitea.io",
"contactEmail": "apps@cloudron.io", "contactEmail": "apps@cloudron.io",
"icon": "file://logo.png", "icon": "file://logo.png",
"optionalSso": true,
"mediaLinks": [ "mediaLinks": [
"https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/1.png", "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/1.png",
"https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/2.png", "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/2.png",

View file

@ -13,6 +13,7 @@ RUN adduser --disabled-login --gecos 'Gitea' git
RUN passwd -d git RUN passwd -d git
RUN mkdir -p /home/git/gitea RUN mkdir -p /home/git/gitea
WORKDIR /home/git
RUN curl -L https://dl.gitea.io/gitea/1.8.2/gitea-1.8.2-linux-amd64 -o /home/git/gitea/gitea \ RUN curl -L https://dl.gitea.io/gitea/1.8.2/gitea-1.8.2-linux-amd64 -o /home/git/gitea/gitea \
&& chmod +x /home/git/gitea/gitea && chmod +x /home/git/gitea/gitea

View file

@ -1,12 +1,14 @@
This app integrates with the Cloudron SSO. Admins on Cloudron automatically A default admin user has been setup with the following credentials (use the `Local` authentication source when logging in):
become admins on Gitea.
If you want to disable Cloudron SSO, do the following: ```
username: root
password: changeme
```
* Admin Panel -> Authentication -> 'cloudron' -> Uncheck 'This authentication is activated' **Note:** Please change the password and email immediately after installation.
* Admin Panel -> Users -> Change Authentication Source to 'Local' and also give a password
You can edit `/app/data/app.ini` and add any custom configuration. See the <sso>
[configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet) This app integrates with the Cloudron SSO. Cloudron users can login and use Gitea
for more information. using the `Cloudron` authentication source.
</sso>

View file

@ -7,27 +7,56 @@ mkdir -p /run/gitea/tmp/uploads /run/sshd
setup_ldap_source() { setup_ldap_source() {
set -eu set -eu
# Wait for gitea to finish db setup, before we insert ldap source in db
while ! curl --fail http://localhost:3000/healthcheck; do
echo "Waiting for gitea to come up"
sleep 1
done
now=$(date +%s)
# Get the existing LDAP source status. This allows the user to disable LDAP # Get the existing LDAP source status. This allows the user to disable LDAP
# Note that this method is deprecated since this app now supports optionalSso
ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';") ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
[[ -z "${ldap_status}" ]] && ldap_status="1" [[ -z "${ldap_status}" ]] && ldap_status="1"
now=$(date +%s)
if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \ if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
-e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
echo "LDAP Authentication was setup with status ${ldap_status}" echo "==> LDAP Authentication was setup with activation status ${ldap_status}"
else else
echo "Failed to setup LDAP authentication" echo "==> Failed to setup LDAP authentication"
exit 1 exit 1
fi fi
} }
setup_root_user() {
set -eu
if sudo -H -u git /home/git/gitea/gitea admin create-user --name root --password changeme --email test@cloudron.io --admin -c /run/gitea/app.ini; then
echo "==> root user added"
else
echo "==> Failed to add root user"
exit 1
fi
}
setup_auth() {
set -eu
# Wait for gitea to finish db setup, before we do any db operations
while ! curl --fail http://localhost:3000/healthcheck; do
echo "==> Waiting for gitea to come up"
sleep 1
done
echo "==> Gitea is up, setting up auth"
if [[ -n "${LDAP_SERVER:-}" ]]; then
setup_ldap_source
fi
user_count=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;")
# be careful, not to create root user for existing LDAP based installs
if [[ "${user_count}" == "0" ]]; then
echo "==> Setting up root user for first run"
setup_root_user
fi
}
# SSH_PORT can be unset to disable SSH # SSH_PORT can be unset to disable SSH
disable_ssh="false" disable_ssh="false"
if [[ -z "${SSH_PORT:-}" ]]; then if [[ -z "${SSH_PORT:-}" ]]; then
@ -52,19 +81,15 @@ chmod 0644 /app/data/sshd/*.pub
sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config
cp /home/git/app.ini.template "/run/gitea/app.ini" if [[ ! -f /app/data/app.ini ]]; then
echo -e "; Add customizations here - https://docs.gitea.io/en-us/config-cheat-sheet/" > /app/data/app.ini
# create default user config file echo "==> Generating new SECRET_KEY"
if ! [ -f /app/data/app.ini ]; then
cp /home/git/app.ini.template /app/data/app.ini
fi
if [ "$(crudini --get /app/data/app.ini security SECRET_KEY)" == "##SECRET_KEY" ]; then
echo "Generating new SECRET_KEY"
crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s) crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
fi fi
# merge user config file # merge user config file
cp /home/git/app.ini.template "/run/gitea/app.ini"
crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini" crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
# override important values # override important values
@ -94,11 +119,12 @@ crudini --set "/run/gitea/app.ini" log MODE "console"
crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea" crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve" crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
echo "==> Creating dirs and changing permissions"
mkdir -p /app/data/repository /app/data/ssh /app/data/custom mkdir -p /app/data/repository /app/data/ssh /app/data/custom
chown -R git:git /app/data /run/gitea chown -R git:git /app/data /run/gitea
( setup_ldap_source ) & # this expects app.ini to be available
( setup_auth ) &
exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea