templated gitea state

2021-12-29 16:56:39 +01:00 · 2021-12-29 16:56:39 +01:00 · 93a00a2f73
commit 93a00a2f73
parent 8663641632
9 changed files with 259 additions and 227 deletions
--- a/states/gitea/config.sls
+++ b/states/gitea/config.sls
@ -1,10 +1,10 @@
-# -*- coding: utf-8 -*-
 # vim: ft=sls
-
+---
 {% from "gitea/map.jinja" import gitea with context %}

-/var/lib/gitea/custom/conf/app.ini:
+gitea-config:
  file.managed:
+    - name: {{ gitea.configfile }}
    - source: salt://gitea/files/app.ini.j2
    - template: jinja
    - user: git
--- a/states/gitea/defaults.yaml
+++ b/states/gitea/defaults.yaml
@ -1,69 +1,92 @@
 ---
 gitea:
-  config: /var/lib/gitea/custom/conf/app.ini
+  workingdir: /var/lib/gitea
+  configfile: /var/lib/gitea/custom/conf/app.ini
+  user: git
+  group: git
  version: "1.0.2"
  arch: "amd64"
-  database:
-    type: postgres
-    host: 127.0.0.1:5432
-    name: gitea
-    user: gitea
-    password: databaseSecretPassword
-    ssl: false
-    path: data/gitea.db
-  repository:
-    root: /var/lib/gitea/gitea-repositories
-  server:
-    domain: git.example.com
-    http_addr: 0.0.0.0
-    http_port: 3000
-    https: true
-    disable_ssh: true
-    start_ssh_server: false
-    ssh_port: 2222
-    ssh_listen_port: 2222
-    offline_mode: false
-    lfs_start_server: false
-    lfs_content_path: data/lfs
-    lfs_jwt_secret: createYourOwnJWTSecret
-    enable_gzip: false
-    landing_page: home
-  cache:
-    enabled: true
-    adapter: redis
-    host: redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s
-  mailer:
-    enable: true
-    hostname: mail.example.com
-    hostandport: mail.example.com:587
-    from_address: git@example.com
-    smtp_user: git@example.com
-    smtp_password: secretPassword1234
-    skip_verify: false
-  service:
-    name: gitea
-    app_name: Gitea - Git with a cup of tea
-    register_email_confirm: true
-    disable_registration: true
-    require_signin_view: true
-    enable_captcha: true
-    enable_notify_mail: true
-  picture:
-    disable_gravatar: false
-  attachment:
-    enabled: true
-    path: data/attachments
-    allowed_types: image/jpeg|image/png
-    max_size: 8
-    max_files: 5
-  log:
-    mode: file
-    level: Info
-  security:
-    install_lock: true
-    remember_password_days: 30
-    secret_key: myUniqueSecretKey
-    internal_token: myUniqueInternalToken
-  other:
-    show_footer_branding: true
-    show_footer_version: true
+  config:
+    global:
+      app_name: Gitea - Git with a cup of tea
+      run_user: git
+      run_mode: prod
+    database:
+      db_type: postgres
+      host: 127.0.0.1:5432
+      name: gitea
+      user: gitea
+      passwd: databaseSecretPassword
+      ssl_mode: enable
+      path: data/gitea.db
+    repository:
+      root: /var/lib/gitea/gitea-repositories
+    server:
+      domain: git.example.com
+      http_addr: 0.0.0.0
+      http_port: 3000
+      root_url: https://git.example.com/
+      disable_ssh: true
+      start_ssh_server: false
+      ssh_port: 2222
+      ssh_listen_port: 2222
+      offline_mode: false
+      lfs_start_server: false
+      lfs_content_path: data/lfs
+      lfs_jwt_secret: createYourOwnJWTSecret
+      enable_gzip: false
+      landing_page: home
+    cache:
+      enabled: true
+      adapter: redis
+      host: redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s
+    mailer:
+      enable: true
+      hostname: mail.example.com
+      hostandport: mail.example.com:587
+      from_address: git@example.com
+      smtp_user: git@example.com
+      smtp_password: secretPassword1234
+      skip_verify: false
+    service:
+      register_email_confirm: true
+      disable_registration: true
+      require_signin_view: true
+      enable_captcha: true
+      enable_notify_mail: true
+    picture:
+      disable_gravatar: false
+    attachment:
+      enabled: true
+      path: data/attachments
+      allowed_types: image/jpeg|image/png
+      max_size: 8
+      max_files: 5
+    cron:
+      enabled: true
+      run_at_start: false
+    cron.update_mirrors:
+      schedule: "0 12 3 * * *"
+    cron.archive_cleanup:
+      enabled: false
+    cron.delete_repo_archives:
+      enabled: false
+    session:
+      provider: file
+      cookie_secure: true
+      cookie_name: i_like_gitea
+    log:
+      mode: file
+      level: Info
+    security:
+      install_lock: 
+      secret_key: twogirlsonecup
+      login_remember_days: 30
+      cookie_username: giteauser
+      cookie_remember_name: giteausersession
+      internal_token: motherfuckingtoken
+    other:
+      show_footer_branding: true
+      show_footer_version: true
+    oauth2:
+      jwt_secret: createYourOwnJWTSecret
--- a/states/gitea/files/app.ini.j2
+++ b/states/gitea/files/app.ini.j2
@ -1,118 +1,14 @@
-## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
-
 {% from "gitea/map.jinja" import gitea with context %}
-APP_NAME = {{ gitea.service.app_name }}
-RUN_USER = git
-RUN_MODE = prod

-[database]
-DB_TYPE  = {{ gitea.database.type }}
-HOST     = {{ gitea.database.host }}
-NAME     = {{ gitea.database.name }}
-USER     = {{ gitea.database.user }}
-PASSWD   = {{ gitea.database.password }}
-{%- if gitea.database.ssl %}
-SSL_MODE = enable
-{%- else %}
-SSL_MODE = disable
-{%- endif %}
-PATH     = {{ gitea.database.path }}
-
-[repository]
-ROOT = {{ gitea.repository.root }}
-
-[server]
-DOMAIN           = {{ gitea.server.domain }}
-HTTP_ADDR        = {{ gitea.server.http_addr }}
-HTTP_PORT        = {{ gitea.server.http_port }}
-{%- if gitea.server.https %}
-ROOT_URL         = https://{{ gitea.server.domain }}/
-{%- else %}
-ROOT_URL         = http://{{ gitea.server.domain }}/
-{%- endif %}
-DISABLE_SSH      = {{ gitea.server.disable_ssh }}
-START_SSH_SERVER = {{ gitea.server.start_ssh_server }}
-SSH_DOMAIN       = {{ gitea.server.domain }}
-SSH_PORT         = {{ gitea.server.ssh_port }}
-SSH_LISTEN_PORT  = {{ gitea.server.ssh_listen_port }}
-OFFLINE_MODE     = {{ gitea.server.offline_mode }}
-LFS_START_SERVER = {{ gitea.server.lfs_start_server }}
-LFS_CONTENT_PATH = {{ gitea.server.lfs_content_path }}
-LFS_JWT_SECRET   = {{ gitea.server.lfs_jwt_secret }}
-ENABLE_GZIP      = {{ gitea.server.enable_gzip }}
-LANDING_PAGE     = {{ gitea.server.landing_page }}
-
-[cache]
-ENABLED       = {{ gitea.cache.enabled }}
-ADAPTER       = {{ gitea.cache.adapter }}
-HOST          = {{ gitea.cache.host }}
-
-[mailer]
-ENABLED        = {{ gitea.mailer.enable }}
-HELO_HOSTNAME  = {{ gitea.mailer.hostname }}
-HOST           = {{ gitea.mailer.hostandport }}
-IS_TLS_ENABLED = {{ gitea.mailer.is_tls_enabled }}
-FROM           = {{ gitea.mailer.from_address }}
-USER           = {{ gitea.mailer.smtp_user }}
-PASSWD         = {{ gitea.mailer.smtp_password }}
-SKIP_VERIFY    = {{ gitea.mailer.skip_verify }}
-
-[service]
-REGISTER_EMAIL_CONFIRM = {{ gitea.service.register_email_confirm }}
-DISABLE_REGISTRATION   = {{ gitea.service.disable_registration }}
-ENABLE_CAPTCHA         = {{ gitea.service.enable_captcha }}
-REQUIRE_SIGNIN_VIEW    = {{ gitea.service.require_signin_view }}
-ENABLE_NOTIFY_MAIL     = {{ gitea.service.enable_notify_mail }}
-
-[picture]
-DISABLE_GRAVATAR = {{ gitea.picture.disable_gravatar }}
-
-[attachment]
-ENABLED       = {{ gitea.attachment.enabled }}
-PATH          = {{ gitea.attachment.path }}
-ALLOWED_TYPES = {{ gitea.attachment.allowed_types }}
-MAX_SIZE      = {{ gitea.attachment.max_size }}
-MAX_FILES     = {{ gitea.attachment.max_files }}
-
-[cron]
-ENABLED  = true
-RUN_AT_START = false
-
-[cron.update_mirrors]
-SCHEDULE = "0 12 3 * * *"
-
-[cron.archive_cleanup]
-ENABLED = false
-
-[cron.delete_repo_archives]
-ENABLED = false
-
-[session]
-PROVIDER      = file
-COOKIE_SECURE = {{ gitea.server.https }}
-COOKIE_NAME   = i_like_gitea
-
-[log]
-MODE  = {{ gitea.log.mode }}
-LEVEL = {{ gitea.log.level }}
-
-[security]
-INSTALL_LOCK         = {{ gitea.security.install_lock }}
-SECRET_KEY           = {{ gitea.get('security.secret_key', salt['grains.get_or_set_hash'](
-    'gitea:security_secret_key',
-    length=15,
-    chars=('abcdefghijklmnopqrstuvwxyz' +
-           'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
-           '12345678790')
-)) }}
-LOGIN_REMEMBER_DAYS  = {{ gitea.security.remember_password_days }}
-COOKIE_USERNAME      = giteauser
-COOKIE_REMEMBER_NAME = giteausersession
-INTERNAL_TOKEN       = {{ gitea.security.internal_token }}
-
-[other]
-SHOW_FOOTER_BRANDING = {{ gitea.other.show_footer_branding }}
-SHOW_FOOTER_VERSION  = {{ gitea.other.show_footer_version }}
-
-[oauth2]
-JWT_SECRET = {{ gitea.server.lfs_jwt_secret }}
+{%- for k,v in gitea.config.items() -%}
+{%- if k == "global" %}
+{%- for subkey,subval in v.items() -%}
+{{ subkey|upper() }} = {{ subval }}
+{% endfor -%}
+{% else -%}
+[{{ k }}]
+{% for subkey,subval in v.items() -%}
+{{ subkey|upper() }} = {{ subval }}
+{% endfor -%}
+{% endif %}
+{% endfor -%}
--- a/states/gitea/files/app.ini.old.j2
+++ b/states/gitea/files/app.ini.old.j2
@ -0,0 +1,118 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+
+{% from "gitea/map.jinja" import gitea with context %}
+APP_NAME = {{ gitea.service.app_name }}
+RUN_USER = git
+RUN_MODE = prod
+
+[database]
+DB_TYPE  = {{ gitea.database.type }}
+HOST     = {{ gitea.database.host }}
+NAME     = {{ gitea.database.name }}
+USER     = {{ gitea.database.user }}
+PASSWD   = {{ gitea.database.password }}
+{%- if gitea.database.ssl %}
+SSL_MODE = enable
+{%- else %}
+SSL_MODE = disable
+{%- endif %}
+PATH     = {{ gitea.database.path }}
+
+[repository]
+ROOT = {{ gitea.repository.root }}
+
+[server]
+DOMAIN           = {{ gitea.server.domain }}
+HTTP_ADDR        = {{ gitea.server.http_addr }}
+HTTP_PORT        = {{ gitea.server.http_port }}
+{%- if gitea.server.https %}
+ROOT_URL         = https://{{ gitea.server.domain }}/
+{%- else %}
+ROOT_URL         = http://{{ gitea.server.domain }}/
+{%- endif %}
+DISABLE_SSH      = {{ gitea.server.disable_ssh }}
+START_SSH_SERVER = {{ gitea.server.start_ssh_server }}
+SSH_DOMAIN       = {{ gitea.server.domain }}
+SSH_PORT         = {{ gitea.server.ssh_port }}
+SSH_LISTEN_PORT  = {{ gitea.server.ssh_listen_port }}
+OFFLINE_MODE     = {{ gitea.server.offline_mode }}
+LFS_START_SERVER = {{ gitea.server.lfs_start_server }}
+LFS_CONTENT_PATH = {{ gitea.server.lfs_content_path }}
+LFS_JWT_SECRET   = {{ gitea.server.lfs_jwt_secret }}
+ENABLE_GZIP      = {{ gitea.server.enable_gzip }}
+LANDING_PAGE     = {{ gitea.server.landing_page }}
+
+[cache]
+ENABLED       = {{ gitea.cache.enabled }}
+ADAPTER       = {{ gitea.cache.adapter }}
+HOST          = {{ gitea.cache.host }}
+
+[mailer]
+ENABLED        = {{ gitea.mailer.enable }}
+HELO_HOSTNAME  = {{ gitea.mailer.hostname }}
+HOST           = {{ gitea.mailer.hostandport }}
+IS_TLS_ENABLED = {{ gitea.mailer.is_tls_enabled }}
+FROM           = {{ gitea.mailer.from_address }}
+USER           = {{ gitea.mailer.smtp_user }}
+PASSWD         = {{ gitea.mailer.smtp_password }}
+SKIP_VERIFY    = {{ gitea.mailer.skip_verify }}
+
+[service]
+REGISTER_EMAIL_CONFIRM = {{ gitea.service.register_email_confirm }}
+DISABLE_REGISTRATION   = {{ gitea.service.disable_registration }}
+ENABLE_CAPTCHA         = {{ gitea.service.enable_captcha }}
+REQUIRE_SIGNIN_VIEW    = {{ gitea.service.require_signin_view }}
+ENABLE_NOTIFY_MAIL     = {{ gitea.service.enable_notify_mail }}
+
+[picture]
+DISABLE_GRAVATAR = {{ gitea.picture.disable_gravatar }}
+
+[attachment]
+ENABLED       = {{ gitea.attachment.enabled }}
+PATH          = {{ gitea.attachment.path }}
+ALLOWED_TYPES = {{ gitea.attachment.allowed_types }}
+MAX_SIZE      = {{ gitea.attachment.max_size }}
+MAX_FILES     = {{ gitea.attachment.max_files }}
+
+[cron]
+ENABLED  = true
+RUN_AT_START = false
+
+[cron.update_mirrors]
+SCHEDULE = "0 12 3 * * *"
+
+[cron.archive_cleanup]
+ENABLED = false
+
+[cron.delete_repo_archives]
+ENABLED = false
+
+[session]
+PROVIDER      = file
+COOKIE_SECURE = {{ gitea.server.https }}
+COOKIE_NAME   = i_like_gitea
+
+[log]
+MODE  = {{ gitea.log.mode }}
+LEVEL = {{ gitea.log.level }}
+
+[security]
+INSTALL_LOCK         = {{ gitea.security.install_lock }}
+SECRET_KEY           = {{ gitea.get('security.secret_key', salt['grains.get_or_set_hash'](
+    'gitea:security_secret_key',
+    length=15,
+    chars=('abcdefghijklmnopqrstuvwxyz' +
+           'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
+           '12345678790')
+)) }}
+LOGIN_REMEMBER_DAYS  = {{ gitea.security.remember_password_days }}
+COOKIE_USERNAME      = giteauser
+COOKIE_REMEMBER_NAME = giteausersession
+INTERNAL_TOKEN       = {{ gitea.security.internal_token }}
+
+[other]
+SHOW_FOOTER_BRANDING = {{ gitea.other.show_footer_branding }}
+SHOW_FOOTER_VERSION  = {{ gitea.other.show_footer_version }}
+
+[oauth2]
+JWT_SECRET = {{ gitea.server.lfs_jwt_secret }}
--- a/states/gitea/files/gitea.service
+++ b/states/gitea/files/gitea.service
@ -1,23 +0,0 @@
-[Unit]
-Description=Gitea (Git with a cup of tea)
-After=syslog.target
-After=network.target
-#After=postgresql.service
-
-[Service]
-# Modify these two values and uncomment them if you have
-# repos with lots of files and get an HTTP error 500 because
-# of that
-###
-#LimitMEMLOCK=infinity
-#LimitNOFILE=65535
-Type=simple
-User=git
-Group=git
-WorkingDirectory=/var/lib/gitea	
-ExecStart=/var/lib/gitea/gitea web
-Restart=always
-Environment=USER=git HOME=/var/lib/gitea
-
-[Install]
-WantedBy=multi-user.target
--- a/states/gitea/files/gitea.service.j2
+++ b/states/gitea/files/gitea.service.j2
@ -0,0 +1,18 @@
+{%- from "gitea/map.jinja" import gitea with context %}
+[Unit]
+Description=Gitea ({{ gitea.config.global.app_name }})
+After=syslog.target
+After=network.target
+After=postgresql.service
+
+[Service]
+Type=simple
+User={{ gitea.user }}
+Group={{ gitea.user }}
+WorkingDirectory={{ gitea.workingdir }}
+ExecStart={{ gitea.workingdir }}/gitea web
+Restart=always
+Environment=USER={{ gitea.user }} HOME={{ gitea.workingdir }}
+
+[Install]
+WantedBy=multi-user.target
--- a/states/gitea/init.sls
+++ b/states/gitea/init.sls
@ -1,6 +1,5 @@
-# -*- coding: utf-8 -*-
 # vim: ft=sls
-
+---
 include:
  - .install
  - .config
--- a/states/gitea/install.sls
+++ b/states/gitea/install.sls
@ -1,6 +1,5 @@
-# -*- coding: utf-8 -*-
 # vim: ft=sls
-
+---
 {% from "gitea/map.jinja" import gitea with context %}

 git:
@ -8,16 +7,17 @@ git:
    - system: true
  user.present:
    - system: true
-    - home: /var/lib/gitea
+    - home: {{ gitea.workingdir }}
    - shell: /usr/sbin/nologin
    - groups:
-      - git
+      - {{ gitea.group }}
    - require:
-      - group: git
+      - group: {{ gitea.group }}
  pkg.installed: []

-/var/lib/gitea/gitea:
+gitea-bin:
  file.managed:
+    - name: {{ gitea.workingdir }}/gitea
    - source: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-{{ gitea.arch }}"
    - source_hash: "https://dl.gitea.io/gitea/{{ gitea.version }}/gitea-{{ gitea.version }}-linux-{{ gitea.arch }}.sha256"
    - user: git
--- a/states/gitea/service.sls
+++ b/states/gitea/service.sls
@ -1,20 +1,21 @@
-# -*- coding: utf-8 -*-
 # vim: ft=sls
-
+---
 {%- from "gitea/map.jinja" import gitea with context %}

+gitea-service:
+  file.managed:
+    - name: /etc/systemd/system/gitea.service
+    - source: salt://gitea/files/gitea.service.j2
+    - user: root
+    - group: root
+    - mode: 644
+    - template: jinja
+    - makedirs: true
+
 gitea:
  service.running:
    - enable: true
    - full_restart: true
    - watch:
-      - file: /var/lib/gitea/gitea
-      - file: /var/lib/gitea/custom/conf/app.ini
-
-/etc/systemd/system/gitea.service:
-  file.managed:
-    - source: salt://gitea/files/gitea.service
-    - user: root
-    - group: root
-    - mode: 644
-    - makedirs: true
+      - file: gitea-bin
+      - file: gitea-config