From c67b3b23936cd6b721d6a63f455d736346495a31 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Thu, 15 Sep 2022 00:54:58 +0200 Subject: [PATCH] gitea direct config metadata --- bundles/gitea/files/app.ini | 26 +------------------ bundles/gitea/items.py | 11 +++++++- bundles/gitea/metadata.py | 52 ++++++++++++++++++++++++++++--------- libs/ini.py | 6 +++-- nodes/home.server.py | 10 +++++++ 5 files changed, 65 insertions(+), 40 deletions(-) diff --git a/bundles/gitea/files/app.ini b/bundles/gitea/files/app.ini index 9dc8921..71539cc 100644 --- a/bundles/gitea/files/app.ini +++ b/bundles/gitea/files/app.ini @@ -1,3 +1,4 @@ +[DEFAULT] APP_NAME = ckn-gitea RUN_USER = git RUN_MODE = prod @@ -13,40 +14,24 @@ MEMBERS_PAGING_NUM = 100 [server] PROTOCOL = http -SSH_DOMAIN = ${domain} -DOMAIN = ${domain} HTTP_ADDR = 0.0.0.0 HTTP_PORT = 3500 -ROOT_URL = https://${domain}/ DISABLE_SSH = true SSH_PORT = 22 LFS_START_SERVER = true LFS_CONTENT_PATH = /var/lib/gitea/data/lfs -LFS_JWT_SECRET = ${lfs_secret_key} OFFLINE_MODE = true START_SSH_SERVER = false DISABLE_ROUTER_LOG = true LANDING_PAGE = explore -[database] -DB_TYPE = postgres -HOST = ${database.get('host')}:${database.get('port')} -NAME = ${database.get('database')} -USER = ${database.get('username')} -PASSWD = ${database.get('password')} -SSL_MODE = disable -LOG_SQL = false - [admin] DEFAULT_EMAIL_NOTIFICATIONS = onmention DISABLE_REGULAR_ORG_CREATION = true [security] -INTERNAL_TOKEN = ${internal_token} INSTALL_LOCK = true -SECRET_KEY = ${security_secret_key} LOGIN_REMEMBER_DAYS = 30 -DISABLE_GIT_HOOKS = ${str(not enable_git_hooks).lower()} [openid] ENABLE_OPENID_SIGNIN = false @@ -62,12 +47,6 @@ REQUIRE_SIGNIN_VIEW = false DEFAULT_KEEP_EMAIL_PRIVATE = true DEFAULT_ALLOW_CREATE_ORGANIZATION = false DEFAULT_ENABLE_TIMETRACKING = true -NO_REPLY_ADDRESS = noreply.${domain} - -[mailer] -ENABLED = true -MAILER_TYPE = sendmail -FROM = "${app_name}" [session] PROVIDER = file @@ -80,9 +59,6 @@ ENABLE_FEDERATED_AVATAR = false MODE = console LEVEL = warn -[oauth2] -JWT_SECRET = ${oauth_secret_key} - [other] SHOW_FOOTER_BRANDING = true SHOW_FOOTER_TEMPLATE_LOAD_TIME = false diff --git a/bundles/gitea/items.py b/bundles/gitea/items.py index df48f01..c5bf653 100644 --- a/bundles/gitea/items.py +++ b/bundles/gitea/items.py @@ -1,3 +1,7 @@ +from os.path import join +from bundlewrap.utils.dicts import merge_dict + + version = version=node.metadata.get('gitea/version') downloads['/usr/local/bin/gitea'] = { @@ -34,7 +38,12 @@ actions = { } files['/etc/gitea/app.ini'] = { - 'content_type': 'mako', + 'content': repo.libs.ini.dumps( + merge_dict( + repo.libs.ini.parse(open(join(repo.path, 'bundles', 'gitea', 'files', 'app.ini')).read()), + node.metadata.get('gitea/conf'), + ), + ), 'owner': 'git', 'context': node.metadata['gitea'], 'triggers': { diff --git a/bundles/gitea/metadata.py b/bundles/gitea/metadata.py index c5db0b7..4d31a94 100644 --- a/bundles/gitea/metadata.py +++ b/bundles/gitea/metadata.py @@ -11,18 +11,7 @@ defaults = { }, }, 'gitea': { - 'database': { - 'host': 'localhost', - 'port': '5432', - 'username': 'gitea', - 'password': database_password, - 'database': 'gitea', - }, - 'app_name': 'Gitea', - 'lfs_secret_key': repo.vault.password_for(f'{node.name} gitea lfs_secret_key', length=43), - 'security_secret_key': repo.vault.password_for(f'{node.name} gitea security_secret_key'), - 'oauth_secret_key': repo.vault.password_for(f'{node.name} gitea oauth_secret_key', length=43), - 'internal_token': repo.vault.password_for(f'{node.name} gitea internal_token'), + 'conf': {}, }, 'postgresql': { 'roles': { @@ -69,6 +58,45 @@ defaults = { } +@metadata_reactor.provides( + 'gitea/conf', +) +def conf(metadata): + domain = metadata.get('gitea/domain') + + return { + 'gitea': { + 'conf': { + 'server': { + 'SSH_DOMAIN': domain, + 'DOMAIN': domain, + 'ROOT_URL': f'https://{domain}/', + 'LFS_JWT_SECRET': repo.vault.password_for(f'{node.name} gitea lfs_secret_key', length=43), + }, + 'security': { + 'INTERNAL_TOKEN': repo.vault.password_for(f'{node.name} gitea internal_token'), + 'SECRET_KEY': repo.vault.password_for(f'{node.name} gitea security_secret_key'), + }, + 'database': { + 'DB_TYPE': 'postgres', + 'HOST': 'localhost:5432', + 'NAME': 'gitea', + 'USER': 'gitea', + 'PASSWD': database_password, + 'SSL_MODE': 'disable', + 'LOG_SQL': 'false', + }, + 'service': { + 'NO_REPLY_ADDRESS': f'noreply.{domain}', + }, + 'oauth2': { + 'JWT_SECRET': repo.vault.password_for(f'{node.name} gitea oauth_secret_key', length=43), + }, + }, + }, + } + + @metadata_reactor.provides( 'zfs/datasets', ) diff --git a/libs/ini.py b/libs/ini.py index e94b3e2..f042569 100644 --- a/libs/ini.py +++ b/libs/ini.py @@ -1,5 +1,7 @@ from configparser import ConfigParser import json +from bundlewrap.metadata import MetadataJSONEncoder + class Writable(): data = '' @@ -14,14 +16,14 @@ class CaseSensitiveConfigParser(ConfigParser): def parse(text): config = CaseSensitiveConfigParser() config.read_string(text) - + return { section: dict(config.items(section)) for section in config.sections() } def dumps(dict): - sorted_dict = json.loads(json.dumps(dict, sort_keys=True)) + sorted_dict = json.loads(json.dumps(dict, sort_keys=True, cls=MetadataJSONEncoder)) parser = CaseSensitiveConfigParser() parser.read_dict(sorted_dict) diff --git a/nodes/home.server.py b/nodes/home.server.py index 12385ec..da8b691 100644 --- a/nodes/home.server.py +++ b/nodes/home.server.py @@ -63,6 +63,16 @@ 'version': '1.17.1', 'sha256': 'eafd476ee2a303d758448314272add00898d045439ab0d353ff4286c5e63496f', 'domain': 'git.sublimity.de', + 'conf': { + 'mailer': { + 'ENABLED': True, + 'FROM': 'gitea@sublimity.de', + 'MAILER_TYPE': 'smtp', + 'HOST': 'mail.sublimity.de:587', + 'USER': 'gitea@sublimity.de', + 'PASSWD': '!decrypt:encrypt$gAAAAABjIlbZprmcIe_YktYgTU85VRSRz1MkyA7lNSDptWzGMrZ1N_YUXWoAIjWp4Lrmi8J0XYH9Pazhmz1vaIGUqUEsEnJXNh5n6-0Z0gcpePFC7x-Aj_M=', + }, + }, }, 'gollum': { 'domain': 'wiki.sublimity.de',