gitea direct config metadata

bundles/gitea/files/app.ini

@@ -1,3 +1,4 @@
+[DEFAULT]
 APP_NAME = ckn-gitea
 RUN_USER = git
 RUN_MODE = prod
@@ -13,40 +14,24 @@ MEMBERS_PAGING_NUM = 100
 
 [server]
 PROTOCOL = http
-SSH_DOMAIN = ${domain}
-DOMAIN = ${domain}
 HTTP_ADDR = 0.0.0.0
 HTTP_PORT = 3500
-ROOT_URL = https://${domain}/
 DISABLE_SSH = true
 SSH_PORT = 22
 LFS_START_SERVER = true
 LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
-LFS_JWT_SECRET = ${lfs_secret_key}
 OFFLINE_MODE = true
 START_SSH_SERVER = false
 DISABLE_ROUTER_LOG = true
 LANDING_PAGE = explore
 
-[database]
-DB_TYPE = postgres
-HOST = ${database.get('host')}:${database.get('port')}
-NAME = ${database.get('database')}
-USER = ${database.get('username')}
-PASSWD = ${database.get('password')}
-SSL_MODE = disable
-LOG_SQL = false
-
 [admin]
 DEFAULT_EMAIL_NOTIFICATIONS = onmention
 DISABLE_REGULAR_ORG_CREATION = true
 
 [security]
-INTERNAL_TOKEN = ${internal_token}
 INSTALL_LOCK = true
-SECRET_KEY = ${security_secret_key}
 LOGIN_REMEMBER_DAYS = 30
-DISABLE_GIT_HOOKS = ${str(not enable_git_hooks).lower()}
 
 [openid]
 ENABLE_OPENID_SIGNIN = false
@@ -62,12 +47,6 @@ REQUIRE_SIGNIN_VIEW = false
 DEFAULT_KEEP_EMAIL_PRIVATE = true
 DEFAULT_ALLOW_CREATE_ORGANIZATION = false
 DEFAULT_ENABLE_TIMETRACKING = true
-NO_REPLY_ADDRESS = noreply.${domain}
-
-[mailer]
-ENABLED = true
-MAILER_TYPE = sendmail
-FROM = "${app_name}" <noreply@${domain}>
 
 [session]
 PROVIDER = file
@@ -80,9 +59,6 @@ ENABLE_FEDERATED_AVATAR = false
 MODE = console
 LEVEL = warn
 
-[oauth2]
-JWT_SECRET = ${oauth_secret_key}
-
 [other]
 SHOW_FOOTER_BRANDING = true
 SHOW_FOOTER_TEMPLATE_LOAD_TIME = false

bundles/gitea/items.py

@@ -1,3 +1,7 @@
+from os.path import join
+from bundlewrap.utils.dicts import merge_dict
+
+
 version = version=node.metadata.get('gitea/version')
 
 downloads['/usr/local/bin/gitea'] = {
@@ -34,7 +38,12 @@ actions = {
 }
 
 files['/etc/gitea/app.ini'] = {
-    'content_type': 'mako',
+    'content': repo.libs.ini.dumps(
+        merge_dict(
+            repo.libs.ini.parse(open(join(repo.path, 'bundles', 'gitea', 'files', 'app.ini')).read()),
+            node.metadata.get('gitea/conf'),
+        ),
+    ),
     'owner': 'git',
     'context': node.metadata['gitea'],
     'triggers': {

bundles/gitea/metadata.py

@@ -11,18 +11,7 @@ defaults = {
         },
     },
     'gitea': {
-        'database': {
-            'host': 'localhost',
-            'port': '5432',
-            'username': 'gitea',
-            'password': database_password,
-            'database': 'gitea',
-        },
-        'app_name': 'Gitea',
-        'lfs_secret_key': repo.vault.password_for(f'{node.name} gitea lfs_secret_key', length=43),
-        'security_secret_key': repo.vault.password_for(f'{node.name} gitea security_secret_key'),
-        'oauth_secret_key': repo.vault.password_for(f'{node.name} gitea oauth_secret_key', length=43),
-        'internal_token': repo.vault.password_for(f'{node.name} gitea internal_token'),
+        'conf': {},
     },
     'postgresql': {
         'roles': {
@@ -69,6 +58,45 @@ defaults = {
 }
 
 
+@metadata_reactor.provides(
+    'gitea/conf',
+)
+def conf(metadata):
+    domain = metadata.get('gitea/domain')
+
+    return {
+        'gitea': {
+            'conf': {
+                'server': {
+                    'SSH_DOMAIN': domain,
+                    'DOMAIN': domain,
+                    'ROOT_URL': f'https://{domain}/',
+                    'LFS_JWT_SECRET': repo.vault.password_for(f'{node.name} gitea lfs_secret_key', length=43),
+                },
+                'security': {
+                    'INTERNAL_TOKEN': repo.vault.password_for(f'{node.name} gitea internal_token'),
+                    'SECRET_KEY': repo.vault.password_for(f'{node.name} gitea security_secret_key'),
+                },
+                'database': {
+                    'DB_TYPE': 'postgres',
+                    'HOST': 'localhost:5432',
+                    'NAME': 'gitea',
+                    'USER': 'gitea',
+                    'PASSWD': database_password,
+                    'SSL_MODE': 'disable',
+                    'LOG_SQL': 'false',
+                },
+                'service': {
+                    'NO_REPLY_ADDRESS': f'noreply.{domain}',
+                },
+                'oauth2': {
+                    'JWT_SECRET': repo.vault.password_for(f'{node.name} gitea oauth_secret_key', length=43),
+                },
+            },
+        },
+    }
+
+
 @metadata_reactor.provides(
     'zfs/datasets',
 )

libs/ini.py

@@ -1,5 +1,7 @@
 from configparser import ConfigParser
 import json
+from bundlewrap.metadata import MetadataJSONEncoder
+
 
 class Writable():
     data = ''
@@ -14,14 +16,14 @@ class CaseSensitiveConfigParser(ConfigParser):
 def parse(text):
     config = CaseSensitiveConfigParser()
     config.read_string(text)
-    
+
     return {
         section: dict(config.items(section))
             for section in config.sections()
     }
 
 def dumps(dict):
-    sorted_dict = json.loads(json.dumps(dict, sort_keys=True))
+    sorted_dict = json.loads(json.dumps(dict, sort_keys=True, cls=MetadataJSONEncoder))
 
     parser = CaseSensitiveConfigParser()
     parser.read_dict(sorted_dict)

nodes/home.server.py

@@ -63,6 +63,16 @@
             'version': '1.17.1',
             'sha256': 'eafd476ee2a303d758448314272add00898d045439ab0d353ff4286c5e63496f',
             'domain': 'git.sublimity.de',
+            'conf': {
+                'mailer': {
+                    'ENABLED': True,
+                    'FROM': 'gitea@sublimity.de',
+                    'MAILER_TYPE': 'smtp',
+                    'HOST': 'mail.sublimity.de:587',
+                    'USER': 'gitea@sublimity.de',
+                    'PASSWD': '!decrypt:encrypt$gAAAAABjIlbZprmcIe_YktYgTU85VRSRz1MkyA7lNSDptWzGMrZ1N_YUXWoAIjWp4Lrmi8J0XYH9Pazhmz1vaIGUqUEsEnJXNh5n6-0Z0gcpePFC7x-Aj_M=',
+                },
+            },
         },
         'gollum': {
             'domain': 'wiki.sublimity.de',