gitea/install
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix: persist secrets

Browse Source 
optional ssh and gpg keys init
This commit is contained in:
Iliyan Ivanov 2019-06-26 03:12:49 +03:00
parent c0b4570a6f
commit f544aef439
Signed by: iliyan
GPG Key ID: 135E33BCD89F5FFD
3 changed files with 42 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.defaults.sh
View File

@ -8,10 +8,6 @@ ROOT_URL=${ROOT_URL:-"http://127.0.0.1:3000"}
SSH_DOMAIN=${SSH_DOMAIN:-"127.0.0.1"} SSH_DOMAIN=${SSH_DOMAIN:-"127.0.0.1"}
SSH_PORT=${SSH_PORT:-"3022"} SSH_PORT=${SSH_PORT:-"3022"}
DISABLE_SSH=${DISABLE_SSH:-"false"} DISABLE_SSH=${DISABLE_SSH:-"false"}
LFS_JWT_SECRET=${LFS_JWT_SECRET:-"$(head /dev/urandom | tr -dc 'A-Za-z0-9_' | head -c 32)"}
SECRET_KEY=${SECRET_KEY:-"$(head /dev/urandom | tr -dc 'A-Za-z0-9_' | head -c 32)"}
INTERNAL_TOKEN=${INTERNAL_TOKEN:-"$(head /dev/urandom | tr -dc 'A-Za-z0-9_' | head -c 64)"}
JWT_SECRET=${JWT_SECRET:-"$(head /dev/urandom | tr -dc 'A-Za-z0-9_' | head -c 32)"}
# global settings # global settings
[ -z "${A_DEFAULT_SETTINGS}" ] \ [ -z "${A_DEFAULT_SETTINGS}" ] \

1
.defaults/server.sh
View File

@ -9,6 +9,7 @@ ROOT_URL = {{%ROOT_URL%}}
DISABLE_SSH = {{%DISABLE_SSH%}} DISABLE_SSH = {{%DISABLE_SSH%}}
START_SSH_SERVER = true START_SSH_SERVER = true
SSH_PORT = {{%SSH_PORT%}} SSH_PORT = {{%SSH_PORT%}}
SSH_ROOT_PATH = {{%MAIN_DIR%}}/data/ssh
LFS_CONTENT_PATH = {{%MAIN_DIR%}}/data/git/lfs LFS_CONTENT_PATH = {{%MAIN_DIR%}}/data/git/lfs
DOMAIN = localhost DOMAIN = localhost
LFS_START_SERVER = true LFS_START_SERVER = true

54
setup.sh
View File

@ -12,23 +12,26 @@ set_in_file() {
# ensure there is a line with $1=$2 in file $3 # ensure there is a line with $1=$2 in file $3
grep -q "^$1=" "$3" && sed "s/^$1=.*/$1=$2/" -i "$3" \ grep -q "^$1=" "$3" && sed "s/^$1=.*/$1=$2/" -i "$3" \
|| echo "$1=$2" >> "$3" || echo "$1=$2" >> "$3"
} }
gen_app_ini() { gen_app_ini() {
source "$curp/.defaults.sh" source "$curp/.defaults.sh"
tempini="$curp/custom/conf/app.ini.temp"
realini="$curp/custom/conf/app.ini"
for x in $(find "$curp/.defaults" -type f -name "*.sh"); do for x in $(find "$curp/.defaults" -type f -name "*.sh"); do
source "$x" source "$x"
done done
truncate -s 0 "$curp/custom/conf/app.ini" truncate -s 0 "$tempini"
# first build the template # first build the template
for x in $( ( set -o posix ; set ) |grep -o '^A_DEFAULT_SETTINGS.*=' | cut -d '=' -f1); do for x in $( ( set -o posix ; set ) |grep -o '^A_DEFAULT_SETTINGS.*=' | cut -d '=' -f1); do
echo -e "${!x}\n" >> "$curp/custom/conf/app.ini" echo -e "${!x}\n" >> "$tempini"
done done
# then replace variables in the template # then replace variables in the template
for x in $(cat "$curp/custom/conf/app.ini" | grep -o '{{%.*%}}' | sed -e 's/^{{%//' -e 's/%}}//' | sort | uniq); do for x in $(cat "$tempini" | grep -o '{{%.*%}}' | sed -e 's/^{{%//' -e 's/%}}//' | sort | uniq); do
sed -i -e "s#{{%$x%}}#$(echo -n "${!x}"|sed -z 's/\n/\\n/g')#" "$curp/custom/conf/app.ini" sed -i -e "s#{{%$x%}}#$(echo -n "${!x}"|sed -z 's/\n/\\n/g')#" "$tempini"
done done
[[ "$(sha1sum "$tempini" | cut -d ' ' -f1 | tr -d '\n')" != "$(sha1sum "$realini" | cut -d ' ' -f1 | tr -d '\n')" ]] \
&& mv "$tempini" "$realini" || rm "$tempini"
} }
create_admin() { create_admin() {
if [ -z "${ADMIN_PASSWORD}" ]; then if [ -z "${ADMIN_PASSWORD}" ]; then
@ -56,19 +59,21 @@ create_admin() {
fi fi
} }
create_org() { create_org() {
curl --silent -X POST "${apiurl}/orgs" \ orgid=$(curl --silent -X POST "${apiurl}/orgs" \
-H "Authorization: token ${ADMIN_TOKEN}" \ -H "Authorization: token ${ADMIN_TOKEN}" \
-H "accept: application/json" \ -H "accept: application/json" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d "{ \"username\": \"$1\", \"visibility\": \"limited\"}" 1>&2 -d "{ \"username\": \"$1\", \"visibility\": \"limited\"}" | jq -r '.id')
[[ "$orgid" != "null" ]] && sleep 1 || true
} }
create_repo() { create_repo() {
curl --silent -X POST "${apiurl}$2" \ repoid=$(curl --silent -X POST "${apiurl}$2" \
-H "Authorization: token ${ADMIN_TOKEN}" \ -H "Authorization: token ${ADMIN_TOKEN}" \
-H "accept: application/json" \ -H "accept: application/json" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d "{\"auto_init\": false, \"private\": true, \"name\": \"$1\"}" 1>&2 -d "{\"auto_init\": false, \"private\": true, \"name\": \"$1\"}" | jq -r '.id')
[[ "$repoid" != "null" ]] && sleep 5 || true
} }
# load local file # load local file
@ -81,6 +86,15 @@ if [ -z "${ADMIN_EMAIL}" ]; then
set_in_file "ADMIN_EMAIL" "${ADMIN_EMAIL}" "$curp/.custom_defaults.sh" set_in_file "ADMIN_EMAIL" "${ADMIN_EMAIL}" "$curp/.custom_defaults.sh"
fi fi
for x in LFS_JWT_SECRET SECRET_KEY INTERNAL_TOKEN JWT_SECRET; do
# https://github.com/go-gitea/gitea/issues/3246
# these variables need to be the same every run !!!
if [ -z "${!x}" ]; then
declare "$x"="$(head /dev/urandom | tr -dc 'A-Za-z0-9_' | head -c 40)"
fi
set_in_file "$x" "${!x}" "$curp/.custom_defaults.sh"
done
mkdir -p "$curp/custom/conf/" "$curp/log" mkdir -p "$curp/custom/conf/" "$curp/log"
[ -z "$ADMIN_USER" ] && ADMIN_USER="$USER" [ -z "$ADMIN_USER" ] && ADMIN_USER="$USER"
@ -114,6 +128,23 @@ source "$curp/.custom_defaults.sh"
serverurl="$(cat custom/conf/app.ini | grep '^ROOT_URL.*=' | rev | cut -d '=' -f1 | rev | tr -d '[:space:]')" serverurl="$(cat custom/conf/app.ini | grep '^ROOT_URL.*=' | rev | cut -d '=' -f1 | rev | tr -d '[:space:]')"
pushuri="$(echo "$serverurl" | perl -pe "s#(https?://)#\${1}${ADMIN_USER}:${ADMIN_PASSWORD}@#" )" pushuri="$(echo "$serverurl" | perl -pe "s#(https?://)#\${1}${ADMIN_USER}:${ADMIN_PASSWORD}@#" )"
apiurl="$serverurl/api/v1" apiurl="$serverurl/api/v1"
# setup GPG keys
for x in $GPGIDS; do
curl --silent -X POST "$apiurl/user/gpg_keys" \
-H "Authorization: token ${ADMIN_TOKEN}" \
-H "accept: application/json" -H "Content-Type: application/json" \
-d "{ \"armored_public_key\": $(gpg --export --armor $x | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))')}"
done
# setup ssh keys @TODO: per repo deploy keys
for x in $SSHKEYFILES; do
curl --silent -X POST "$apiurl/admin/users/${ADMIN_USER}/keys" \
-H "Authorization: token ${ADMIN_TOKEN}" \
-H "accept: application/json" -H "Content-Type: application/json" \
-d "{ \"key\": $(cat "$x" | cut -d ' ' -f1,2 | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))'), \"read_only\": false ,\"title\":\"$(cat "$x" | cut -d ' ' -f3)\"}"
done
# init ripos # init ripos
for REPO in ${REPOS}; do for REPO in ${REPOS}; do
repoPath="$(echo "$REPO" | cut -d ':' -f1 | tr -d '[:space:]')" repoPath="$(echo "$REPO" | cut -d ':' -f1 | tr -d '[:space:]')"
@ -125,15 +156,12 @@ for REPO in ${REPOS}; do
repoOwner="${ADMIN_USER}" repoOwner="${ADMIN_USER}"
else else
create_org "$repoOrg" create_org "$repoOrg"
sleep 1
repoAPIEP="/org/$repoOrg/repos" repoAPIEP="/org/$repoOrg/repos"
repoOwner="$repoOrg" repoOwner="$repoOrg"
fi fi
create_repo "${repoName}" "${repoAPIEP}" 1>&2 create_repo "${repoName}" "${repoAPIEP}" 1>&2
( (
cd "$repoPath" cd "$repoPath"
git remote add gitea-debug-dev "$pushuri/${repoOwner}/${repoName}.git" || true git push "$pushuri/${repoOwner}/${repoName}.git" master
git push "gitea-debug-dev" master
) )
exit
done done