From 36eed2a709cd72183e54ab79be74e044f5614ea8 Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Tue, 23 Jun 2020 11:27:33 +0200 Subject: [PATCH] Migrating to swarm --- CHECKS | 5 - Dockerfile | 23 ----- README.md | 24 +---- app.ini.tmpl | 43 +++++++++ compose.yml | 97 +++++++++++++++++++ deploy.d/config.yml | 54 ----------- deploy.d/plays/postdeploy.yml | 80 ---------------- deploy.d/plays/predeploy.yml | 45 --------- deploy.d/templates/gitea.j2 | 7 -- deploy.d/vault/autonomic_admin_pass.yml | 9 -- deploy.d/vault/autonomic_admin_user.yml | 8 -- deploy.d/vault/db_passwd.yml | 9 -- deploy.d/vault/jwt_secret.yml | 9 -- deploy.d/vault/root_db_passwd.yml | 9 -- deploy.d/vault/secret_key.yml | 9 -- deploy.d/vault/smtp_passwd.yml | 8 -- docker-compose.override.yml | 10 -- docker-compose.production.yml | 30 ------ docker-compose.yml | 8 -- renovate.json | 6 -- requirements.txt | 1 - sbin/entrypoint.sh | 120 ------------------------ 22 files changed, 142 insertions(+), 472 deletions(-) delete mode 100644 CHECKS delete mode 100644 Dockerfile create mode 100644 app.ini.tmpl create mode 100644 compose.yml delete mode 100644 deploy.d/config.yml delete mode 100644 deploy.d/plays/postdeploy.yml delete mode 100644 deploy.d/plays/predeploy.yml delete mode 100755 deploy.d/templates/gitea.j2 delete mode 100644 deploy.d/vault/autonomic_admin_pass.yml delete mode 100644 deploy.d/vault/autonomic_admin_user.yml delete mode 100644 deploy.d/vault/db_passwd.yml delete mode 100644 deploy.d/vault/jwt_secret.yml delete mode 100644 deploy.d/vault/root_db_passwd.yml delete mode 100644 deploy.d/vault/secret_key.yml delete mode 100644 deploy.d/vault/smtp_passwd.yml delete mode 100644 docker-compose.override.yml delete mode 100644 docker-compose.production.yml delete mode 100644 docker-compose.yml delete mode 100644 renovate.json delete mode 100644 requirements.txt delete mode 100755 sbin/entrypoint.sh diff --git a/CHECKS b/CHECKS deleted file mode 100644 index 5d61ba2..0000000 --- a/CHECKS +++ /dev/null @@ -1,5 +0,0 @@ -WAIT=3 -TIMEOUT=3 -ATTEMPTS=5 - -/healthcheck diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 2febe27..0000000 --- a/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -FROM gitea/gitea:1.12.0 - -EXPOSE 3020 -EXPOSE 2222 - -COPY . ${WORKDIR} - -COPY sbin/* /sbin/ - -RUN apk --no-cache add \ - ca-certificates \ - mysql-client \ - py3-docutils \ - py3-pip - -RUN pip3 install --upgrade \ - pip==20.0.2 - -# Note(decentral1se): https://github.com/pixelb/crudini/issues/58 -RUN pip3 install --no-cache-dir \ - "git+http://github.com/pixelb/crudini.git@0.9.3#egg=crudini" - -ENTRYPOINT ["/sbin/entrypoint.sh"] diff --git a/README.md b/README.md index 1d779e9..ed027f4 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,5 @@ -# gitea +# git.autonomic.zone -[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/gitea/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/gitea) - -> https://gitea.io/ +[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/git.autonomic.zone/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/git.autonomic.zone) > https://git.autonomic.zone - -## Development - -```bash -$ git clone https://git.autonomic.zone/autonomic-cooperative/gitea && cd gitea -$ python3 -m venv .venv && source .venv/bin/activate -$ pip install -r requirements.txt -$ docker-compose up -``` - -Gitea dashboard: - -> http://localhost:3000 - -## Production - -1. Our [drone.autonomic.zone](https://drone.autonomic.zone/autonomic-cooperative/gitea/) configuration automatically deploys. -1. For a manual deploy guide, see [this documentation](https://git.autonomic.zone/autonomic-cooperative/organising/wiki/working-with-docker-swarm). diff --git a/app.ini.tmpl b/app.ini.tmpl new file mode 100644 index 0000000..1d332bc --- /dev/null +++ b/app.ini.tmpl @@ -0,0 +1,43 @@ +APP_NAME = {{ env "GITEA_APP_NAME" }} +RUN_MODE = prod + +[database] +DB_TYPE = {{ env "GITEA_DB_TYPE" }} +HOST = {{ env "GITEA_DB_HOST" }} +NAME = {{ env "GITEA_DB_NAME" }} +PASSWD = {{ secret "db_passwd" }} +USER = {{ env "GITEA_DB_USER" }} + +[indexer] +STARTUP_TIMEOUT = 0 + +[server] +DOMAIN = {{ env "GITEA_DOMAIN" }} +ROOT_URL = https://%(DOMAIN)s/ +SSH_DOMAIN = {{ env "GITEA_DOMAIN" }} +SSH_LISTEN_PORT = {{ env "GITEA_SSH_PORT" }} +SSH_PORT = {{ env "GITEA_SSH_PORT" }} +START_SSH_SERVER = true + +[security] +INSTALL_LOCK = true +INTERNAL_TOKEN = {{ secret "internal_token" }} +SECRET_KEY = {{ secret "secret_key" }} + +[oauth2] +JWT_SECRET = {{ secret "jwt_secret" }} + +[mailer] +ENABLED = true +FROM = noreply@autonomic.zone +HOST = mail.gandi.net:465 +USER = noreply@autonomic.zone +PASSWD = {{ secret "smtp_passwd" }} +MAILER_TYPE = smtp +IS_TLS_ENABLED = true + +[markup.restructuredtext] +ENABLED = true +FILE_EXTENSIONS = .rst +RENDER_COMMAND = rst2html +IS_INPUT_FILE = false diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..d1bdafd --- /dev/null +++ b/compose.yml @@ -0,0 +1,97 @@ +--- +version: "3.8" + +services: + gitea: + image: "gitea/gitea:1.12.1" + configs: + - source: app_ini + target: /data/gitea/conf/app.ini + secrets: + - db_passwd + - internal_token + - jwt_secret + - secret_key + - smtp_passwd + environment: + - GITEA_APP_NAME="Git with solidaritea" + - GITEA_DB_HOST="mariadb:3306" + - GITEA_DB_NAME="gitea" + - GITEA_DB_TYPE="mysql" + - GITEA_DB_USER="gitea" + - GITEA_DOMAIN="git.autonomic.zone" + - GITEA_SSH_PORT="2222" + volumes: + - "git:/data" + networks: + - proxy + - internal + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000"] + interval: 15s + timeout: 10s + retries: 10 + start_period: 30s + deploy: + update_config: + failure_action: rollback + order: start-first + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitea.rule=Host(`git.autonomic.zone`)" + - "traefik.http.routers.gitea.entrypoints=web-secure" + - "traefik.http.services.gitea.loadbalancer.server.port=3000" + - "traefik.http.routers.gitea.tls.certresolver=production" + - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)" + - "traefik.tcp.routers.gitea-ssh.entrypoints=gitea-ssh" + - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=2222" + + mariadb: + image: "mariadb:10.5" + environment: + - MYSQL_DATABASE=gitea + - MYSQL_USER=gitea + - MYSQL_PASSWORD_FILE=/run/secrets/db_passwd + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd + secrets: + - db_passwd + - db_root_passwd + volumes: + - "mariadb:/var/lib/mysql" + networks: + - internal + +networks: + internal: + proxy: + external: true + +configs: + app_ini: + name: gitea_app_ini_v1 + file: app.ini.tmpl + template_driver: golang + +secrets: + db_passwd: + name: gitea_db_passwd_v1 + external: true + db_root_passwd: + name: gitea_db_root_passwd_v1 + external: true + internal_token: + name: gitea_internal_token_v1 + external: true + jwt_secret: + name: gitea_jwt_secret_v1 + external: true + secret_key: + name: gitea_secret_key_v1 + external: true + smtp_passwd: + name: gitea_smtp_passwd_v1 + external: true + +volumes: + git: + mariadb: diff --git a/deploy.d/config.yml b/deploy.d/config.yml deleted file mode 100644 index a6a0ac8..0000000 --- a/deploy.d/config.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -vars: - port: "3020" - domain: "git.autonomic.zone" - ssh_listen_port: "2222" - -volumes: - - /var/lib/gitea:/data - - /var/lib/gitea/git/.ssh:/data/git/.ssh - - /etc/timezone:/etc/timezone:ro - - /etc/localtime:/etc/localtime:ro - -db: - - type: "mariadb" - passwd: "{{ vault.db_passwd }}" - root_passwd: "{{ vault.root_db_passwd }}" - -env: - ADMIN_MAIL: "helo@autonomic.zone" - ADMIN_PASS: "{{ vault.autonomic_admin_pass }}" - ADMIN_USER: "{{ vault.autonomic_admin_user }}" - ALLOW_ONLY_EXTERNAL_REGISTRATION: "true" - APP_NAME: "Gitea: Git with solidaritea" - AUTHOR: "Gitea: Git with solidaritea" - DB_HOST: "{{ dokku.mariadb_addr }}" - DB_NAME: "gitea" - DB_PASSWD: "{{ vault.db_passwd }}" - DB_TYPE: "mysql" - DB_USER: "{{ dokku.mariadb_user }}" - DESCRIPTION: "Git hosting for conrads" - DISABLE_REGISTRATION: "false" - DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone" - DOMAIN: "{{ vars.domain }}" - ENABLE_NOTIFY_MAIL: "true" - ENABLE_OPENID_SIGNIN: "true" - ENABLE_OPENID_SIGNUP: "true" - GITEA_THEME: "arc-green" - HTTP_PORT: "{{ vars.port }}" - INSTALL_LOCK: "true" - JWT_SECRET: "{{ vault.jwt_secret }}" - LANGING_PAGE: "organizations" - MAILER_ENABLED: "true" - RUN_MODE: "prod" - SECRET_KEY: "{{ vault.secret_key }}" - SMTP_FROM: "noreply@autonomic.zone" - SMTP_HOST: "mail.gandi.net:465" - SMTP_MAILER_TYPE: "smtp" - SMTP_PASSWD: "{{ vault.smtp_passwd }}" - SMTP_TLS_ENABLED: "true" - SMTP_USER: "noreply@autonomic.zone" - SSH_DOMAIN: "{{ vars.domain }}" - SSH_LISTEN_PORT: "{{ vars.ssh_listen_port }}" - SSH_PORT: "222" - STARTUP_TIMEOUT: "0" diff --git a/deploy.d/plays/postdeploy.yml b/deploy.d/plays/postdeploy.yml deleted file mode 100644 index a56aa2c..0000000 --- a/deploy.d/plays/postdeploy.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- name: Remove automatically configured ports - dokku_ports: - app: gitea - mappings: - - "http:3000:3000" - - "http:2222:2222" - state: absent - -- name: Ensure system jq package is installed - become: true - apt: - name: jq - state: present - -- name: Retrieve application docker container IP address - shell: "dokku ps:inspect {{ dokku.app }} | jq -r .[0].NetworkSettings.IPAddress" - register: dokku_ps_inspect - -- name: Setup the SSH system -> container passthrough script - become: true - vars: - dokku_container_ip: "{{ dokku_ps_inspect.stdout }}" - template: - src: "{{ app_config_root }}/templates/gitea.j2" - dest: /app/gitea/gitea - owner: git - group: git - mode: "+x" - force: true - -- name: Store the git user public key - become: true - shell: cat /home/git/.ssh/id_rsa.pub - register: git_id_rsa_pub - -- name: Store the gitea authorized_keys file - become: true - shell: cat /var/lib/gitea/git/.ssh/authorized_keys - register: git_auth_keys - -- name: Check if the public key is already in place - become: true - command: 'grep -Fxq "{{ git_id_rsa_pub.stdout}}" /var/lib/gitea/git/.ssh/authorized_keys' - check_mode: false - ignore_errors: true - changed_when: false - register: git_id_rsa_pub_check - -- name: Ensure git public key is in the gitea loaded authorized_keys - become: true - blockinfile: - path: /var/lib/gitea/git/.ssh/authorized_keys - block: "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {{ git_id_rsa_pub.stdout }}" - state: present - owner: git - group: git - create: true - insertbefore: BOF - backup: true - marker: "# ansible inserted git <-> gitea public key" - when: git_id_rsa_pub_check.rc == 0 - -- name: Symlink the gitea authorized keys configuration to the host git user - become: true - file: - src: /var/lib/gitea/git/.ssh/authorized_keys - dest: /home/git/.ssh/authorized_keys - state: link - force: true - owner: git - group: git - -- name: Add git user to AllowUsers SSH configuration - become: true - replace: - backup: true - dest: /etc/ssh/sshd_config - regexp: '^(AllowUsers(?!.*\bgit\b).*)$' - replace: '\1 git' diff --git a/deploy.d/plays/predeploy.yml b/deploy.d/plays/predeploy.yml deleted file mode 100644 index 6aa94eb..0000000 --- a/deploy.d/plays/predeploy.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- name: Setup system level git user - become: true - user: - name: git - comment: gitea user - create_home: true - home: /home/git - group: git - system: true - generate_ssh_key: true - ssh_key_bits: 2048 - ssh_key_file: .ssh/id_rsa - state: present - -- name: Create gitea application directories - become: true - file: - path: "{{ item }}" - state: directory - owner: git - group: git - with_items: - - /app - - /app/gitea - - /var/lib/gitea - -- name: Get uid/guid of the git user - become: true - getent: - database: passwd - key: git - split: ":" - -- name: Prepare git user information dictionary - set_fact: - git_user_info: - { - "USER_UID": "{{ getent_passwd['git'][1] }}", - "USER_GID": "{{ getent_passwd['git'][2] }}", - } - -- name: Store gitea git user uid/guid in config.env dictionary - set_fact: - config: "{{ config | update_env(git_user_info) }}" diff --git a/deploy.d/templates/gitea.j2 b/deploy.d/templates/gitea.j2 deleted file mode 100755 index bc268bc..0000000 --- a/deploy.d/templates/gitea.j2 +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -ssh \ - -p {{ config.vars.ssh_listen_port }} \ - -o StrictHostKeyChecking=no \ - git@{{ dokku_container_ip }} \ - "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@" diff --git a/deploy.d/vault/autonomic_admin_pass.yml b/deploy.d/vault/autonomic_admin_pass.yml deleted file mode 100644 index 7fb696b..0000000 --- a/deploy.d/vault/autonomic_admin_pass.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -autonomic_admin_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33343266306166393035613932643765643432663438646538633263353066376434373839373366 - 3061663435646232326362373164616235383535643364620a346661383363353036363038646437 - 33636135663332313932346437383639613266326465333161633965623836653661326638313563 - 3839333033323931360a343261656135343733326364656662643833313462373832656265623263 - 63383030646337653831633934383234313437623431326334633330366138346239623931643666 - 3337646231653764643966643465626637393637376265303633 diff --git a/deploy.d/vault/autonomic_admin_user.yml b/deploy.d/vault/autonomic_admin_user.yml deleted file mode 100644 index 492a61c..0000000 --- a/deploy.d/vault/autonomic_admin_user.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -autonomic_admin_user: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33386531383234306262333864303735323863643366366131323766643165306234616432396564 - 3930613064643131643038393133323034623938383763660a323562623931656433313563303930 - 66626663393161653431303465323735326633663531386263653938393364306562613362663335 - 3737323730313737640a323339353033326363656566363662343665333230306333663664316461 - 6265 diff --git a/deploy.d/vault/db_passwd.yml b/deploy.d/vault/db_passwd.yml deleted file mode 100644 index 0374266..0000000 --- a/deploy.d/vault/db_passwd.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -db_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34323835366138326265396239643765366436643662363936336539303166313132333930643939 - 3039626462393931653032313531393732623839386566630a666464323365343962363536636432 - 31373232383363336165363864666436396566633264663232366433663066633066663936623266 - 3432393832373964620a393663316539643836306261373763346538623438383534313563643130 - 64396537303333363537396263363366613230313134626238643232633838663536323139336130 - 3335333962663761643937666366316533623338353566643831 diff --git a/deploy.d/vault/jwt_secret.yml b/deploy.d/vault/jwt_secret.yml deleted file mode 100644 index 3ec6e23..0000000 --- a/deploy.d/vault/jwt_secret.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -jwt_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62643162316234346463336334663337386439316634663761333463633837336263356433623330 - 6336613336626363346138636566353039373534346265640a333961396534666334303161643364 - 61646431633530626234323539323666636235383063663533366264396662666536316132613966 - 3334383861373436620a383136613364333363643432313362643131376439643831636462653430 - 34356237363365303736656432343062616635616139666436343638626238313764306261363334 - 6139633235633033643838313633373466383737646130313563 diff --git a/deploy.d/vault/root_db_passwd.yml b/deploy.d/vault/root_db_passwd.yml deleted file mode 100644 index c94573d..0000000 --- a/deploy.d/vault/root_db_passwd.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -root_db_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33613461626432343264636630313037323230636266306566633136376562366234663630393135 - 6136626236303261363138306361623365346431333730660a373032393062656231336633656337 - 39353839653234656532383137623538663166353531653937366231343965366165626163653032 - 3033633739636464630a316365336537393663303932396439316635353431623334386561333563 - 32613934343539396632653664383064626230396433316437343861316439356231353662333936 - 6431633666333564363366323334633963623864633836343565 diff --git a/deploy.d/vault/secret_key.yml b/deploy.d/vault/secret_key.yml deleted file mode 100644 index 16c5b7a..0000000 --- a/deploy.d/vault/secret_key.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -secret_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31626137626638346139373365363365366463373462323037333037386534343261376332653437 - 6234623530613230653466616664306363313662623237340a376266323534633433646234386539 - 30373233623531626462643332633564616539336339336439366333623435366236643030326364 - 3539663363363639380a313863636235326434313563616132333061646332346437626131343336 - 32663132643261646538663134633661393932613762346661633331376539386363306132306661 - 3335373530376236353565613836626235336233653537393762 diff --git a/deploy.d/vault/smtp_passwd.yml b/deploy.d/vault/smtp_passwd.yml deleted file mode 100644 index 959793a..0000000 --- a/deploy.d/vault/smtp_passwd.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -smtp_passwd: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33613836356565356663343737383034356630353562386334393362383931306338626265343737 - 3634646563396666386533316130333930343866316264370a346530653430356164333963353362 - 62363736383032626263313339616566333531613862633030343732393739376633323663326561 - 3164303636396432310a346338396132626564663237333661656131616333363431303535636365 - 38396639313134636336396230653732343936643164613437376136386236306265 diff --git a/docker-compose.override.yml b/docker-compose.override.yml deleted file mode 100644 index 09daa10..0000000 --- a/docker-compose.override.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -version: "3.7" - -services: - gitea: - volumes: - - git:/data - -volumes: - git: diff --git a/docker-compose.production.yml b/docker-compose.production.yml deleted file mode 100644 index d7fddba..0000000 --- a/docker-compose.production.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -version: "3.7" - -services: - gitea: - volumes: - - git:/data - networks: - - proxy - deploy: - mode: replicated - replicas: 1 - update_config: - failure_action: rollback - placement: - constraints: - - node.role == manager - labels: - - "traefik.enable=true" - - "traefik.http.services.gitea.loadbalancer.server.port=3000" - - "traefik.http.routers.gitea.rule=Host(`gitea.swarm.autonomic.zone`)" - - "traefik.http.routers.gitea.entrypoints=web-secure" - - "traefik.http.routers.gitea.tls.certresolver=staging" - -networks: - proxy: - external: true - -volumes: - git: diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 32163e3..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -version: "3.7" - -services: - gitea: - image: gitea/gitea:1.11.6 - ports: - - "3000:3000" diff --git a/renovate.json b/renovate.json deleted file mode 100644 index 39a2b6e..0000000 --- a/renovate.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "config:base" - ] -} diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index e2fcb03..0000000 --- a/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -docker-compose==1.25.5 diff --git a/sbin/entrypoint.sh b/sbin/entrypoint.sh deleted file mode 100755 index 7e1a47b..0000000 --- a/sbin/entrypoint.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/bash - -set -eu -o pipefail - -# Install root administration user account on first installation -setup_root_user() { - set -eu - - if [ ! -f "/data/gitea/conf/app.ini" ]; then - echo "-----> Missing app.ini, not setting up root user" - return - fi - - user_count=$(mysql \ - -u"${DB_USER}" \ - -p"${DB_PASSWD}" \ - -h "${DOKKU_MARIADB_GITEA_PORT_3306_TCP_ADDR}" \ - --database="${DB_NAME}" \ - -N -B -e "SELECT count(*) FROM user;" \ - ) - - if [[ "${user_count}" == "0" ]]; then - echo "-----> Setting up root user for initial deployment" - - create_user=$(gitea \ - admin \ - create-user \ - --username "$ADMIN_USER" \ - --password "$ADMIN_PASS" \ - --email "$ADMIN_MAIL" \ - --admin \ - ) - - if "$create_user"; then - echo "-----> root user added" - else - echo "-----> Failed to add root user" - return - fi - fi -} - -# Pass Ansible based environment variables into the Gitea app.ini configuration -setup_app_ini() { - set -eu - - if [ ! -f "/data/gitea/conf/app.ini" ]; then - echo "-----> Missing app.ini, not setting up configuration" - return - fi - - declare app_ini="/data/gitea/conf/app.ini" - - echo "-----> Using crudini to setup configuration" - - crudini --set "$app_ini" "" APP_NAME "${APP_NAME}" - crudini --set "$app_ini" "" RUN_MODE "${RUN_MODE}" - - crudini --set "$app_ini" ui DEFAULT_THEME "${GITEA_THEME}" - - crudini --set "$app_ini" ui.meta AUTHOR "${AUTHOR}" - crudini --set "$app_ini" ui.meta DESCRIPTION "${DESCRIPTION}" - - crudini --del "$app_ini" database PATH - crudini --set "$app_ini" database DB_TYPE mysql - crudini --set "$app_ini" database HOST "${DB_HOST}" - crudini --set "$app_ini" database NAME "${DB_NAME}" - crudini --set "$app_ini" database USER "${DB_USER}" - crudini --set "$app_ini" database PASSWD "${DB_PASSWD}" - crudini --set "$app_ini" database SSL_MODE "disable" - - crudini --set "$app_ini" server PROTOCOL "http" - crudini --set "$app_ini" server DOMAIN "${DOMAIN}" - crudini --set "$app_ini" server ROOT_URL "https://%(DOMAIN)s/" - crudini --set "$app_ini" server HTTP_ADDR "" - crudini --set "$app_ini" server HTTP_PORT "${HTTP_PORT}" - crudini --set "$app_ini" server SSH_DOMAIN "${SSH_DOMAIN}" - crudini --set "$app_ini" server SSH_PORT "${SSH_PORT}" - crudini --set "$app_ini" server SSH_LISTEN_PORT "${SSH_LISTEN_PORT}" - crudini --set "$app_ini" server LANDING_PAGE "${LANGING_PAGE}" - - crudini --set "$app_ini" service DISABLE_REGISTRATION "${DISABLE_REGISTRATION}" - crudini --set "$app_ini" service ALLOW_ONLY_EXTERNAL_REGISTRATION "${ALLOW_ONLY_EXTERNAL_REGISTRATION}" - crudini --set "$app_ini" service ENABLE_NOTIFY_MAIL "${ENABLE_NOTIFY_MAIL}" - - crudini --set "$app_ini" security INSTALL_LOCK "${INSTALL_LOCK}" - crudini --set "$app_ini" security SECRET_KEY "${SECRET_KEY}" - - crudini --set "$app_ini" oauth2 JWT_SECRET "${JWT_SECRET}" - - crudini --set "$app_ini" openid ENABLE_OPENID_SIGNIN "${ENABLE_OPENID_SIGNIN}" - crudini --set "$app_ini" openid ENABLE_OPENID_SIGNUP "${ENABLE_OPENID_SIGNUP}" - - crudini --set "$app_ini" indexer STARTUP_TIMEOUT "${STARTUP_TIMEOUT}" - - crudini --set "$app_ini" mailer ENABLED "${MAILER_ENABLED}" - crudini --set "$app_ini" mailer FROM "${SMTP_FROM}" - crudini --set "$app_ini" mailer HOST "${SMTP_HOST}" - crudini --set "$app_ini" mailer USER "${SMTP_USER}" - crudini --set "$app_ini" mailer PASSWD "${SMTP_PASSWD}" - crudini --set "$app_ini" mailer MAILER_TYPE "${SMTP_MAILER_TYPE}" - crudini --set "$app_ini" mailer IS_TLS_ENABLED "${SMTP_TLS_ENABLED}" - - crudini --set "$app_ini" markup.restructuredtext ENABLED "true" - crudini --set "$app_ini" markup.restructuredtext FILE_EXTENSIONS ".rst" - crudini --set "$app_ini" markup.restructuredtext RENDER_COMMAND rst2html - crudini --set "$app_ini" markup.restructuredtext IS_INPUT_FILE "false" -} - -# Main entrypoint -main() { - set -eu - - setup_root_user - setup_app_ini -} - -main - -/usr/bin/entrypoint "$@"