paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

templated gitea state

Browse Source
This commit is contained in:
Paul 2021-12-29 16:56:39 +01:00
parent 8663641632
commit 93a00a2f73
9 changed files with 259 additions and 227 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
states/gitea/config.sls
View File

@ -1,10 +1,10 @@
# -*- coding: utf-8 -*-
# vim: ft=sls # vim: ft=sls
---
{% from "gitea/map.jinja" import gitea with context %} {% from "gitea/map.jinja" import gitea with context %}
/var/lib/gitea/custom/conf/app.ini: gitea-config:
file.managed: file.managed:
- name: {{ gitea.configfile }}
- source: salt://gitea/files/app.ini.j2 - source: salt://gitea/files/app.ini.j2
- template: jinja - template: jinja
- user: git - user: git

153
states/gitea/defaults.yaml
View File

@ -1,69 +1,92 @@
--- ---
gitea: gitea:
config: /var/lib/gitea/custom/conf/app.ini workingdir: /var/lib/gitea
configfile: /var/lib/gitea/custom/conf/app.ini
user: git
group: git
version: "1.0.2" version: "1.0.2"
arch: "amd64" arch: "amd64"
database: config:
type: postgres global:
host: 127.0.0.1:5432 app_name: Gitea - Git with a cup of tea
name: gitea run_user: git
user: gitea run_mode: prod
password: databaseSecretPassword database:
ssl: false db_type: postgres
path: data/gitea.db host: 127.0.0.1:5432
repository: name: gitea
root: /var/lib/gitea/gitea-repositories user: gitea
server: passwd: databaseSecretPassword
domain: git.example.com ssl_mode: enable
http_addr: 0.0.0.0 path: data/gitea.db
http_port: 3000 repository:
https: true root: /var/lib/gitea/gitea-repositories
disable_ssh: true server:
start_ssh_server: false domain: git.example.com
ssh_port: 2222 http_addr: 0.0.0.0
ssh_listen_port: 2222 http_port: 3000
offline_mode: false root_url: https://git.example.com/
lfs_start_server: false disable_ssh: true
lfs_content_path: data/lfs start_ssh_server: false
lfs_jwt_secret: createYourOwnJWTSecret ssh_port: 2222
enable_gzip: false ssh_listen_port: 2222
landing_page: home offline_mode: false
cache: lfs_start_server: false
enabled: true lfs_content_path: data/lfs
adapter: redis lfs_jwt_secret: createYourOwnJWTSecret
host: redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s enable_gzip: false
mailer: landing_page: home
enable: true cache:
hostname: mail.example.com enabled: true
hostandport: mail.example.com:587 adapter: redis
from_address: git@example.com host: redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s
smtp_user: git@example.com mailer:
smtp_password: secretPassword1234 enable: true
skip_verify: false hostname: mail.example.com
service: hostandport: mail.example.com:587
name: gitea from_address: git@example.com
app_name: Gitea - Git with a cup of tea smtp_user: git@example.com
register_email_confirm: true smtp_password: secretPassword1234
disable_registration: true skip_verify: false
require_signin_view: true service:
enable_captcha: true register_email_confirm: true
enable_notify_mail: true disable_registration: true
picture: require_signin_view: true
disable_gravatar: false enable_captcha: true
attachment: enable_notify_mail: true
enabled: true picture:
path: data/attachments disable_gravatar: false
allowed_types: image/jpeg|image/png attachment:
max_size: 8 enabled: true
max_files: 5 path: data/attachments
log: allowed_types: image/jpeg|image/png
mode: file max_size: 8
level: Info max_files: 5
security: cron:
install_lock: true enabled: true
remember_password_days: 30 run_at_start: false
secret_key: myUniqueSecretKey cron.update_mirrors:
internal_token: myUniqueInternalToken schedule: "0 12 3 * * *"
other: cron.archive_cleanup:
show_footer_branding: true enabled: false
show_footer_version: true cron.delete_repo_archives:
enabled: false
session:
provider: file
cookie_secure: true
cookie_name: i_like_gitea
log:
mode: file
level: Info
security:
install_lock:
secret_key: twogirlsonecup
login_remember_days: 30
cookie_username: giteauser
cookie_remember_name: giteausersession
internal_token: motherfuckingtoken
other:
show_footer_branding: true
show_footer_version: true
oauth2:
jwt_secret: createYourOwnJWTSecret

128
states/gitea/files/app.ini.j2
View File

@ -1,118 +1,14 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{% from "gitea/map.jinja" import gitea with context %} {% from "gitea/map.jinja" import gitea with context %}
APP_NAME = {{ gitea.service.app_name }}
RUN_USER = git
RUN_MODE = prod
[database] {%- for k,v in gitea.config.items() -%}
DB_TYPE = {{ gitea.database.type }} {%- if k == "global" %}
HOST = {{ gitea.database.host }} {%- for subkey,subval in v.items() -%}
NAME = {{ gitea.database.name }} {{ subkey|upper() }} = {{ subval }}
USER = {{ gitea.database.user }} {% endfor -%}
PASSWD = {{ gitea.database.password }} {% else -%}
{%- if gitea.database.ssl %} [{{ k }}]
SSL_MODE = enable {% for subkey,subval in v.items() -%}
{%- else %} {{ subkey|upper() }} = {{ subval }}
SSL_MODE = disable {% endfor -%}
{%- endif %} {% endif %}
PATH = {{ gitea.database.path }} {% endfor -%}
[repository]
ROOT = {{ gitea.repository.root }}
[server]
DOMAIN = {{ gitea.server.domain }}
HTTP_ADDR = {{ gitea.server.http_addr }}
HTTP_PORT = {{ gitea.server.http_port }}
{%- if gitea.server.https %}
ROOT_URL = https://{{ gitea.server.domain }}/
{%- else %}
ROOT_URL = http://{{ gitea.server.domain }}/
{%- endif %}
DISABLE_SSH = {{ gitea.server.disable_ssh }}
START_SSH_SERVER = {{ gitea.server.start_ssh_server }}
SSH_DOMAIN = {{ gitea.server.domain }}
SSH_PORT = {{ gitea.server.ssh_port }}
SSH_LISTEN_PORT = {{ gitea.server.ssh_listen_port }}
OFFLINE_MODE = {{ gitea.server.offline_mode }}
LFS_START_SERVER = {{ gitea.server.lfs_start_server }}
LFS_CONTENT_PATH = {{ gitea.server.lfs_content_path }}
LFS_JWT_SECRET = {{ gitea.server.lfs_jwt_secret }}
ENABLE_GZIP = {{ gitea.server.enable_gzip }}
LANDING_PAGE = {{ gitea.server.landing_page }}
[cache]
ENABLED = {{ gitea.cache.enabled }}
ADAPTER = {{ gitea.cache.adapter }}
HOST = {{ gitea.cache.host }}
[mailer]
ENABLED = {{ gitea.mailer.enable }}
HELO_HOSTNAME = {{ gitea.mailer.hostname }}
HOST = {{ gitea.mailer.hostandport }}
IS_TLS_ENABLED = {{ gitea.mailer.is_tls_enabled }}
FROM = {{ gitea.mailer.from_address }}
USER = {{ gitea.mailer.smtp_user }}
PASSWD = {{ gitea.mailer.smtp_password }}
SKIP_VERIFY = {{ gitea.mailer.skip_verify }}
[service]
REGISTER_EMAIL_CONFIRM = {{ gitea.service.register_email_confirm }}
DISABLE_REGISTRATION = {{ gitea.service.disable_registration }}
ENABLE_CAPTCHA = {{ gitea.service.enable_captcha }}
REQUIRE_SIGNIN_VIEW = {{ gitea.service.require_signin_view }}
ENABLE_NOTIFY_MAIL = {{ gitea.service.enable_notify_mail }}
[picture]
DISABLE_GRAVATAR = {{ gitea.picture.disable_gravatar }}
[attachment]
ENABLED = {{ gitea.attachment.enabled }}
PATH = {{ gitea.attachment.path }}
ALLOWED_TYPES = {{ gitea.attachment.allowed_types }}
MAX_SIZE = {{ gitea.attachment.max_size }}
MAX_FILES = {{ gitea.attachment.max_files }}
[cron]
ENABLED = true
RUN_AT_START = false
[cron.update_mirrors]
SCHEDULE = "0 12 3 * * *"
[cron.archive_cleanup]
ENABLED = false
[cron.delete_repo_archives]
ENABLED = false
[session]
PROVIDER = file
COOKIE_SECURE = {{ gitea.server.https }}
COOKIE_NAME = i_like_gitea
[log]
MODE = {{ gitea.log.mode }}
LEVEL = {{ gitea.log.level }}
[security]
INSTALL_LOCK = {{ gitea.security.install_lock }}
SECRET_KEY = {{ gitea.get('security.secret_key', salt['grains.get_or_set_hash'](
'gitea:security_secret_key',
length=15,
chars=('abcdefghijklmnopqrstuvwxyz' +
'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
'12345678790')
)) }}
LOGIN_REMEMBER_DAYS = {{ gitea.security.remember_password_days }}
COOKIE_USERNAME = giteauser
COOKIE_REMEMBER_NAME = giteausersession
INTERNAL_TOKEN = {{ gitea.security.internal_token }}
[other]
SHOW_FOOTER_BRANDING = {{ gitea.other.show_footer_branding }}
SHOW_FOOTER_VERSION = {{ gitea.other.show_footer_version }}
[oauth2]
JWT_SECRET = {{ gitea.server.lfs_jwt_secret }}

118
states/gitea/files/app.ini.old.j2 Normal file
View File

@ -0,0 +1,118 @@
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{% from "gitea/map.jinja" import gitea with context %}
APP_NAME = {{ gitea.service.app_name }}
RUN_USER = git
RUN_MODE = prod
[database]
DB_TYPE = {{ gitea.database.type }}
HOST = {{ gitea.database.host }}
NAME = {{ gitea.database.name }}
USER = {{ gitea.database.user }}
PASSWD = {{ gitea.database.password }}
{%- if gitea.database.ssl %}
SSL_MODE = enable
{%- else %}
SSL_MODE = disable
{%- endif %}
PATH = {{ gitea.database.path }}
[repository]
ROOT = {{ gitea.repository.root }}
[server]
DOMAIN = {{ gitea.server.domain }}
HTTP_ADDR = {{ gitea.server.http_addr }}
HTTP_PORT = {{ gitea.server.http_port }}
{%- if gitea.server.https %}
ROOT_URL = https://{{ gitea.server.domain }}/
{%- else %}
ROOT_URL = http://{{ gitea.server.domain }}/
{%- endif %}
DISABLE_SSH = {{ gitea.server.disable_ssh }}
START_SSH_SERVER = {{ gitea.server.start_ssh_server }}
SSH_DOMAIN = {{ gitea.server.domain }}
SSH_PORT = {{ gitea.server.ssh_port }}
SSH_LISTEN_PORT = {{ gitea.server.ssh_listen_port }}
OFFLINE_MODE = {{ gitea.server.offline_mode }}
LFS_START_SERVER = {{ gitea.server.lfs_start_server }}
LFS_CONTENT_PATH = {{ gitea.server.lfs_content_path }}
LFS_JWT_SECRET = {{ gitea.server.lfs_jwt_secret }}
ENABLE_GZIP = {{ gitea.server.enable_gzip }}
LANDING_PAGE = {{ gitea.server.landing_page }}
[cache]
ENABLED = {{ gitea.cache.enabled }}
ADAPTER = {{ gitea.cache.adapter }}
HOST = {{ gitea.cache.host }}
[mailer]
ENABLED = {{ gitea.mailer.enable }}
HELO_HOSTNAME = {{ gitea.mailer.hostname }}
HOST = {{ gitea.mailer.hostandport }}
IS_TLS_ENABLED = {{ gitea.mailer.is_tls_enabled }}
FROM = {{ gitea.mailer.from_address }}
USER = {{ gitea.mailer.smtp_user }}
PASSWD = {{ gitea.mailer.smtp_password }}
SKIP_VERIFY = {{ gitea.mailer.skip_verify }}
[service]
REGISTER_EMAIL_CONFIRM = {{ gitea.service.register_email_confirm }}
DISABLE_REGISTRATION = {{ gitea.service.disable_registration }}
ENABLE_CAPTCHA = {{ gitea.service.enable_captcha }}
REQUIRE_SIGNIN_VIEW = {{ gitea.service.require_signin_view }}
ENABLE_NOTIFY_MAIL = {{ gitea.service.enable_notify_mail }}
[picture]
DISABLE_GRAVATAR = {{ gitea.picture.disable_gravatar }}
[attachment]
ENABLED = {{ gitea.attachment.enabled }}
PATH = {{ gitea.attachment.path }}
ALLOWED_TYPES = {{ gitea.attachment.allowed_types }}
MAX_SIZE = {{ gitea.attachment.max_size }}
MAX_FILES = {{ gitea.attachment.max_files }}
[cron]
ENABLED = true
RUN_AT_START = false
[cron.update_mirrors]
SCHEDULE = "0 12 3 * * *"
[cron.archive_cleanup]
ENABLED = false
[cron.delete_repo_archives]
ENABLED = false
[session]
PROVIDER = file
COOKIE_SECURE = {{ gitea.server.https }}
COOKIE_NAME = i_like_gitea
[log]
MODE = {{ gitea.log.mode }}
LEVEL = {{ gitea.log.level }}
[security]
INSTALL_LOCK = {{ gitea.security.install_lock }}
SECRET_KEY = {{ gitea.get('security.secret_key', salt['grains.get_or_set_hash'](
'gitea:security_secret_key',
length=15,
chars=('abcdefghijklmnopqrstuvwxyz' +
'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
'12345678790')
)) }}
LOGIN_REMEMBER_DAYS = {{ gitea.security.remember_password_days }}
COOKIE_USERNAME = giteauser
COOKIE_REMEMBER_NAME = giteausersession
INTERNAL_TOKEN = {{ gitea.security.internal_token }}
[other]
SHOW_FOOTER_BRANDING = {{ gitea.other.show_footer_branding }}
SHOW_FOOTER_VERSION = {{ gitea.other.show_footer_version }}
[oauth2]
JWT_SECRET = {{ gitea.server.lfs_jwt_secret }}

23
states/gitea/files/gitea.service
View File

@ -1,23 +0,0 @@
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
#After=postgresql.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea
ExecStart=/var/lib/gitea/gitea web
Restart=always
Environment=USER=git HOME=/var/lib/gitea
[Install]
WantedBy=multi-user.target

18
states/gitea/files/gitea.service.j2 Normal file
View File

@ -0,0 +1,18 @@
{%- from "gitea/map.jinja" import gitea with context %}
[Unit]
Description=Gitea ({{ gitea.config.global.app_name }})
After=syslog.target
After=network.target
After=postgresql.service
[Service]
Type=simple
User={{ gitea.user }}
Group={{ gitea.user }}
WorkingDirectory={{ gitea.workingdir }}
ExecStart={{ gitea.workingdir }}/gitea web
Restart=always
Environment=USER={{ gitea.user }} HOME={{ gitea.workingdir }}
[Install]
WantedBy=multi-user.target

3
states/gitea/init.sls
View File

@ -1,6 +1,5 @@
# -*- coding: utf-8 -*-
# vim: ft=sls # vim: ft=sls
---
include: include:
- .install - .install
- .config - .config

12
states/gitea/install.sls
View File

@ -1,6 +1,5 @@
# -*- coding: utf-8 -*-
# vim: ft=sls # vim: ft=sls
---
{% from "gitea/map.jinja" import gitea with context %} {% from "gitea/map.jinja" import gitea with context %}
git: git:
@ -8,16 +7,17 @@ git:
- system: true - system: true
user.present: user.present:
- system: true - system: true
- home: /var/lib/gitea - home: {{ gitea.workingdir }}
- shell: /usr/sbin/nologin - shell: /usr/sbin/nologin
- groups: - groups:
- git - {{ gitea.group }}
- require: - require:
- group: git - group: {{ gitea.group }}
pkg.installed: [] pkg.installed: []
/var/lib/gitea/gitea: gitea-bin:
file.managed: file.managed:
- name: {{ gitea.workingdir }}/gitea
- source: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-{{ gitea.arch }}" - source: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-{{ gitea.arch }}"
- source_hash: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-{{ gitea.arch }}.sha256" - source_hash: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-{{ gitea.arch }}.sha256"
- user: git - user: git

25
states/gitea/service.sls
View File

@ -1,20 +1,21 @@
# -*- coding: utf-8 -*-
# vim: ft=sls # vim: ft=sls
---
{%- from "gitea/map.jinja" import gitea with context %} {%- from "gitea/map.jinja" import gitea with context %}
gitea-service:
file.managed:
- name: /etc/systemd/system/gitea.service
- source: salt://gitea/files/gitea.service.j2
- user: root
- group: root
- mode: 644
- template: jinja
- makedirs: true
gitea: gitea:
service.running: service.running:
- enable: true - enable: true
- full_restart: true - full_restart: true
- watch: - watch:
- file: /var/lib/gitea/gitea - file: gitea-bin
- file: /var/lib/gitea/custom/conf/app.ini - file: gitea-config
/etc/systemd/system/gitea.service:
file.managed:
- source: salt://gitea/files/gitea.service
- user: root
- group: root
- mode: 644
- makedirs: true