From 93a00a2f73c3364b4e02e73a88efcec31fbdabe0 Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Wed, 29 Dec 2021 16:56:39 +0100 Subject: [PATCH] templated gitea state --- states/gitea/config.sls | 6 +- states/gitea/defaults.yaml | 153 ++++++++++++++++------------ states/gitea/files/app.ini.j2 | 128 +++-------------------- states/gitea/files/app.ini.old.j2 | 118 +++++++++++++++++++++ states/gitea/files/gitea.service | 23 ----- states/gitea/files/gitea.service.j2 | 18 ++++ states/gitea/init.sls | 3 +- states/gitea/install.sls | 12 +-- states/gitea/service.sls | 25 ++--- 9 files changed, 259 insertions(+), 227 deletions(-) create mode 100644 states/gitea/files/app.ini.old.j2 delete mode 100644 states/gitea/files/gitea.service create mode 100644 states/gitea/files/gitea.service.j2 diff --git a/states/gitea/config.sls b/states/gitea/config.sls index ee1325c..4299736 100644 --- a/states/gitea/config.sls +++ b/states/gitea/config.sls @@ -1,10 +1,10 @@ -# -*- coding: utf-8 -*- # vim: ft=sls - +--- {% from "gitea/map.jinja" import gitea with context %} -/var/lib/gitea/custom/conf/app.ini: +gitea-config: file.managed: + - name: {{ gitea.configfile }} - source: salt://gitea/files/app.ini.j2 - template: jinja - user: git diff --git a/states/gitea/defaults.yaml b/states/gitea/defaults.yaml index 8f8aa23..8cad8b3 100644 --- a/states/gitea/defaults.yaml +++ b/states/gitea/defaults.yaml @@ -1,69 +1,92 @@ --- gitea: - config: /var/lib/gitea/custom/conf/app.ini + workingdir: /var/lib/gitea + configfile: /var/lib/gitea/custom/conf/app.ini + user: git + group: git version: "1.0.2" arch: "amd64" - database: - type: postgres - host: 127.0.0.1:5432 - name: gitea - user: gitea - password: databaseSecretPassword - ssl: false - path: data/gitea.db - repository: - root: /var/lib/gitea/gitea-repositories - server: - domain: git.example.com - http_addr: 0.0.0.0 - http_port: 3000 - https: true - disable_ssh: true - start_ssh_server: false - ssh_port: 2222 - ssh_listen_port: 2222 - offline_mode: false - lfs_start_server: false - lfs_content_path: data/lfs - lfs_jwt_secret: createYourOwnJWTSecret - enable_gzip: false - landing_page: home - cache: - enabled: true - adapter: redis - host: redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s - mailer: - enable: true - hostname: mail.example.com - hostandport: mail.example.com:587 - from_address: git@example.com - smtp_user: git@example.com - smtp_password: secretPassword1234 - skip_verify: false - service: - name: gitea - app_name: Gitea - Git with a cup of tea - register_email_confirm: true - disable_registration: true - require_signin_view: true - enable_captcha: true - enable_notify_mail: true - picture: - disable_gravatar: false - attachment: - enabled: true - path: data/attachments - allowed_types: image/jpeg|image/png - max_size: 8 - max_files: 5 - log: - mode: file - level: Info - security: - install_lock: true - remember_password_days: 30 - secret_key: myUniqueSecretKey - internal_token: myUniqueInternalToken - other: - show_footer_branding: true - show_footer_version: true + config: + global: + app_name: Gitea - Git with a cup of tea + run_user: git + run_mode: prod + database: + db_type: postgres + host: 127.0.0.1:5432 + name: gitea + user: gitea + passwd: databaseSecretPassword + ssl_mode: enable + path: data/gitea.db + repository: + root: /var/lib/gitea/gitea-repositories + server: + domain: git.example.com + http_addr: 0.0.0.0 + http_port: 3000 + root_url: https://git.example.com/ + disable_ssh: true + start_ssh_server: false + ssh_port: 2222 + ssh_listen_port: 2222 + offline_mode: false + lfs_start_server: false + lfs_content_path: data/lfs + lfs_jwt_secret: createYourOwnJWTSecret + enable_gzip: false + landing_page: home + cache: + enabled: true + adapter: redis + host: redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s + mailer: + enable: true + hostname: mail.example.com + hostandport: mail.example.com:587 + from_address: git@example.com + smtp_user: git@example.com + smtp_password: secretPassword1234 + skip_verify: false + service: + register_email_confirm: true + disable_registration: true + require_signin_view: true + enable_captcha: true + enable_notify_mail: true + picture: + disable_gravatar: false + attachment: + enabled: true + path: data/attachments + allowed_types: image/jpeg|image/png + max_size: 8 + max_files: 5 + cron: + enabled: true + run_at_start: false + cron.update_mirrors: + schedule: "0 12 3 * * *" + cron.archive_cleanup: + enabled: false + cron.delete_repo_archives: + enabled: false + session: + provider: file + cookie_secure: true + cookie_name: i_like_gitea + log: + mode: file + level: Info + security: + install_lock: + secret_key: twogirlsonecup + login_remember_days: 30 + cookie_username: giteauser + cookie_remember_name: giteausersession + internal_token: motherfuckingtoken + other: + show_footer_branding: true + show_footer_version: true + oauth2: + jwt_secret: createYourOwnJWTSecret diff --git a/states/gitea/files/app.ini.j2 b/states/gitea/files/app.ini.j2 index c5d9d7f..a4d804f 100644 --- a/states/gitea/files/app.ini.j2 +++ b/states/gitea/files/app.ini.j2 @@ -1,118 +1,14 @@ -## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} - {% from "gitea/map.jinja" import gitea with context %} -APP_NAME = {{ gitea.service.app_name }} -RUN_USER = git -RUN_MODE = prod -[database] -DB_TYPE = {{ gitea.database.type }} -HOST = {{ gitea.database.host }} -NAME = {{ gitea.database.name }} -USER = {{ gitea.database.user }} -PASSWD = {{ gitea.database.password }} -{%- if gitea.database.ssl %} -SSL_MODE = enable -{%- else %} -SSL_MODE = disable -{%- endif %} -PATH = {{ gitea.database.path }} - -[repository] -ROOT = {{ gitea.repository.root }} - -[server] -DOMAIN = {{ gitea.server.domain }} -HTTP_ADDR = {{ gitea.server.http_addr }} -HTTP_PORT = {{ gitea.server.http_port }} -{%- if gitea.server.https %} -ROOT_URL = https://{{ gitea.server.domain }}/ -{%- else %} -ROOT_URL = http://{{ gitea.server.domain }}/ -{%- endif %} -DISABLE_SSH = {{ gitea.server.disable_ssh }} -START_SSH_SERVER = {{ gitea.server.start_ssh_server }} -SSH_DOMAIN = {{ gitea.server.domain }} -SSH_PORT = {{ gitea.server.ssh_port }} -SSH_LISTEN_PORT = {{ gitea.server.ssh_listen_port }} -OFFLINE_MODE = {{ gitea.server.offline_mode }} -LFS_START_SERVER = {{ gitea.server.lfs_start_server }} -LFS_CONTENT_PATH = {{ gitea.server.lfs_content_path }} -LFS_JWT_SECRET = {{ gitea.server.lfs_jwt_secret }} -ENABLE_GZIP = {{ gitea.server.enable_gzip }} -LANDING_PAGE = {{ gitea.server.landing_page }} - -[cache] -ENABLED = {{ gitea.cache.enabled }} -ADAPTER = {{ gitea.cache.adapter }} -HOST = {{ gitea.cache.host }} - -[mailer] -ENABLED = {{ gitea.mailer.enable }} -HELO_HOSTNAME = {{ gitea.mailer.hostname }} -HOST = {{ gitea.mailer.hostandport }} -IS_TLS_ENABLED = {{ gitea.mailer.is_tls_enabled }} -FROM = {{ gitea.mailer.from_address }} -USER = {{ gitea.mailer.smtp_user }} -PASSWD = {{ gitea.mailer.smtp_password }} -SKIP_VERIFY = {{ gitea.mailer.skip_verify }} - -[service] -REGISTER_EMAIL_CONFIRM = {{ gitea.service.register_email_confirm }} -DISABLE_REGISTRATION = {{ gitea.service.disable_registration }} -ENABLE_CAPTCHA = {{ gitea.service.enable_captcha }} -REQUIRE_SIGNIN_VIEW = {{ gitea.service.require_signin_view }} -ENABLE_NOTIFY_MAIL = {{ gitea.service.enable_notify_mail }} - -[picture] -DISABLE_GRAVATAR = {{ gitea.picture.disable_gravatar }} - -[attachment] -ENABLED = {{ gitea.attachment.enabled }} -PATH = {{ gitea.attachment.path }} -ALLOWED_TYPES = {{ gitea.attachment.allowed_types }} -MAX_SIZE = {{ gitea.attachment.max_size }} -MAX_FILES = {{ gitea.attachment.max_files }} - -[cron] -ENABLED = true -RUN_AT_START = false - -[cron.update_mirrors] -SCHEDULE = "0 12 3 * * *" - -[cron.archive_cleanup] -ENABLED = false - -[cron.delete_repo_archives] -ENABLED = false - -[session] -PROVIDER = file -COOKIE_SECURE = {{ gitea.server.https }} -COOKIE_NAME = i_like_gitea - -[log] -MODE = {{ gitea.log.mode }} -LEVEL = {{ gitea.log.level }} - -[security] -INSTALL_LOCK = {{ gitea.security.install_lock }} -SECRET_KEY = {{ gitea.get('security.secret_key', salt['grains.get_or_set_hash']( - 'gitea:security_secret_key', - length=15, - chars=('abcdefghijklmnopqrstuvwxyz' + - 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + - '12345678790') -)) }} -LOGIN_REMEMBER_DAYS = {{ gitea.security.remember_password_days }} -COOKIE_USERNAME = giteauser -COOKIE_REMEMBER_NAME = giteausersession -INTERNAL_TOKEN = {{ gitea.security.internal_token }} - -[other] -SHOW_FOOTER_BRANDING = {{ gitea.other.show_footer_branding }} -SHOW_FOOTER_VERSION = {{ gitea.other.show_footer_version }} - -[oauth2] -JWT_SECRET = {{ gitea.server.lfs_jwt_secret }} +{%- for k,v in gitea.config.items() -%} +{%- if k == "global" %} +{%- for subkey,subval in v.items() -%} +{{ subkey|upper() }} = {{ subval }} +{% endfor -%} +{% else -%} +[{{ k }}] +{% for subkey,subval in v.items() -%} +{{ subkey|upper() }} = {{ subval }} +{% endfor -%} +{% endif %} +{% endfor -%} \ No newline at end of file diff --git a/states/gitea/files/app.ini.old.j2 b/states/gitea/files/app.ini.old.j2 new file mode 100644 index 0000000..c5d9d7f --- /dev/null +++ b/states/gitea/files/app.ini.old.j2 @@ -0,0 +1,118 @@ +## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} + +{% from "gitea/map.jinja" import gitea with context %} +APP_NAME = {{ gitea.service.app_name }} +RUN_USER = git +RUN_MODE = prod + +[database] +DB_TYPE = {{ gitea.database.type }} +HOST = {{ gitea.database.host }} +NAME = {{ gitea.database.name }} +USER = {{ gitea.database.user }} +PASSWD = {{ gitea.database.password }} +{%- if gitea.database.ssl %} +SSL_MODE = enable +{%- else %} +SSL_MODE = disable +{%- endif %} +PATH = {{ gitea.database.path }} + +[repository] +ROOT = {{ gitea.repository.root }} + +[server] +DOMAIN = {{ gitea.server.domain }} +HTTP_ADDR = {{ gitea.server.http_addr }} +HTTP_PORT = {{ gitea.server.http_port }} +{%- if gitea.server.https %} +ROOT_URL = https://{{ gitea.server.domain }}/ +{%- else %} +ROOT_URL = http://{{ gitea.server.domain }}/ +{%- endif %} +DISABLE_SSH = {{ gitea.server.disable_ssh }} +START_SSH_SERVER = {{ gitea.server.start_ssh_server }} +SSH_DOMAIN = {{ gitea.server.domain }} +SSH_PORT = {{ gitea.server.ssh_port }} +SSH_LISTEN_PORT = {{ gitea.server.ssh_listen_port }} +OFFLINE_MODE = {{ gitea.server.offline_mode }} +LFS_START_SERVER = {{ gitea.server.lfs_start_server }} +LFS_CONTENT_PATH = {{ gitea.server.lfs_content_path }} +LFS_JWT_SECRET = {{ gitea.server.lfs_jwt_secret }} +ENABLE_GZIP = {{ gitea.server.enable_gzip }} +LANDING_PAGE = {{ gitea.server.landing_page }} + +[cache] +ENABLED = {{ gitea.cache.enabled }} +ADAPTER = {{ gitea.cache.adapter }} +HOST = {{ gitea.cache.host }} + +[mailer] +ENABLED = {{ gitea.mailer.enable }} +HELO_HOSTNAME = {{ gitea.mailer.hostname }} +HOST = {{ gitea.mailer.hostandport }} +IS_TLS_ENABLED = {{ gitea.mailer.is_tls_enabled }} +FROM = {{ gitea.mailer.from_address }} +USER = {{ gitea.mailer.smtp_user }} +PASSWD = {{ gitea.mailer.smtp_password }} +SKIP_VERIFY = {{ gitea.mailer.skip_verify }} + +[service] +REGISTER_EMAIL_CONFIRM = {{ gitea.service.register_email_confirm }} +DISABLE_REGISTRATION = {{ gitea.service.disable_registration }} +ENABLE_CAPTCHA = {{ gitea.service.enable_captcha }} +REQUIRE_SIGNIN_VIEW = {{ gitea.service.require_signin_view }} +ENABLE_NOTIFY_MAIL = {{ gitea.service.enable_notify_mail }} + +[picture] +DISABLE_GRAVATAR = {{ gitea.picture.disable_gravatar }} + +[attachment] +ENABLED = {{ gitea.attachment.enabled }} +PATH = {{ gitea.attachment.path }} +ALLOWED_TYPES = {{ gitea.attachment.allowed_types }} +MAX_SIZE = {{ gitea.attachment.max_size }} +MAX_FILES = {{ gitea.attachment.max_files }} + +[cron] +ENABLED = true +RUN_AT_START = false + +[cron.update_mirrors] +SCHEDULE = "0 12 3 * * *" + +[cron.archive_cleanup] +ENABLED = false + +[cron.delete_repo_archives] +ENABLED = false + +[session] +PROVIDER = file +COOKIE_SECURE = {{ gitea.server.https }} +COOKIE_NAME = i_like_gitea + +[log] +MODE = {{ gitea.log.mode }} +LEVEL = {{ gitea.log.level }} + +[security] +INSTALL_LOCK = {{ gitea.security.install_lock }} +SECRET_KEY = {{ gitea.get('security.secret_key', salt['grains.get_or_set_hash']( + 'gitea:security_secret_key', + length=15, + chars=('abcdefghijklmnopqrstuvwxyz' + + 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' + + '12345678790') +)) }} +LOGIN_REMEMBER_DAYS = {{ gitea.security.remember_password_days }} +COOKIE_USERNAME = giteauser +COOKIE_REMEMBER_NAME = giteausersession +INTERNAL_TOKEN = {{ gitea.security.internal_token }} + +[other] +SHOW_FOOTER_BRANDING = {{ gitea.other.show_footer_branding }} +SHOW_FOOTER_VERSION = {{ gitea.other.show_footer_version }} + +[oauth2] +JWT_SECRET = {{ gitea.server.lfs_jwt_secret }} diff --git a/states/gitea/files/gitea.service b/states/gitea/files/gitea.service deleted file mode 100644 index d5faaa8..0000000 --- a/states/gitea/files/gitea.service +++ /dev/null @@ -1,23 +0,0 @@ -[Unit] -Description=Gitea (Git with a cup of tea) -After=syslog.target -After=network.target -#After=postgresql.service - -[Service] -# Modify these two values and uncomment them if you have -# repos with lots of files and get an HTTP error 500 because -# of that -### -#LimitMEMLOCK=infinity -#LimitNOFILE=65535 -Type=simple -User=git -Group=git -WorkingDirectory=/var/lib/gitea -ExecStart=/var/lib/gitea/gitea web -Restart=always -Environment=USER=git HOME=/var/lib/gitea - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/states/gitea/files/gitea.service.j2 b/states/gitea/files/gitea.service.j2 new file mode 100644 index 0000000..18d466f --- /dev/null +++ b/states/gitea/files/gitea.service.j2 @@ -0,0 +1,18 @@ +{%- from "gitea/map.jinja" import gitea with context %} +[Unit] +Description=Gitea ({{ gitea.config.global.app_name }}) +After=syslog.target +After=network.target +After=postgresql.service + +[Service] +Type=simple +User={{ gitea.user }} +Group={{ gitea.user }} +WorkingDirectory={{ gitea.workingdir }} +ExecStart={{ gitea.workingdir }}/gitea web +Restart=always +Environment=USER={{ gitea.user }} HOME={{ gitea.workingdir }} + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/states/gitea/init.sls b/states/gitea/init.sls index cc2468a..857b905 100644 --- a/states/gitea/init.sls +++ b/states/gitea/init.sls @@ -1,6 +1,5 @@ -# -*- coding: utf-8 -*- # vim: ft=sls - +--- include: - .install - .config diff --git a/states/gitea/install.sls b/states/gitea/install.sls index 6915c2c..da42452 100644 --- a/states/gitea/install.sls +++ b/states/gitea/install.sls @@ -1,6 +1,5 @@ -# -*- coding: utf-8 -*- # vim: ft=sls - +--- {% from "gitea/map.jinja" import gitea with context %} git: @@ -8,16 +7,17 @@ git: - system: true user.present: - system: true - - home: /var/lib/gitea + - home: {{ gitea.workingdir }} - shell: /usr/sbin/nologin - groups: - - git + - {{ gitea.group }} - require: - - group: git + - group: {{ gitea.group }} pkg.installed: [] -/var/lib/gitea/gitea: +gitea-bin: file.managed: + - name: {{ gitea.workingdir }}/gitea - source: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-{{ gitea.arch }}" - source_hash: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-{{ gitea.arch }}.sha256" - user: git diff --git a/states/gitea/service.sls b/states/gitea/service.sls index 288e1f1..8793bdf 100644 --- a/states/gitea/service.sls +++ b/states/gitea/service.sls @@ -1,20 +1,21 @@ -# -*- coding: utf-8 -*- # vim: ft=sls - +--- {%- from "gitea/map.jinja" import gitea with context %} +gitea-service: + file.managed: + - name: /etc/systemd/system/gitea.service + - source: salt://gitea/files/gitea.service.j2 + - user: root + - group: root + - mode: 644 + - template: jinja + - makedirs: true + gitea: service.running: - enable: true - full_restart: true - watch: - - file: /var/lib/gitea/gitea - - file: /var/lib/gitea/custom/conf/app.ini - -/etc/systemd/system/gitea.service: - file.managed: - - source: salt://gitea/files/gitea.service - - user: root - - group: root - - mode: 644 - - makedirs: true \ No newline at end of file + - file: gitea-bin + - file: gitea-config