Added plus support for gitea

2025-01-21 17:03:44 +00:00 · 2025-01-21 17:03:44 +00:00 · 34cdf5cc0b
commit 34cdf5cc0b
parent d9ff8287c5
1 changed files with 69 additions and 5 deletions
--- a/lib/gitea.sh
+++ b/lib/gitea.sh
@ -3,6 +3,7 @@
 # Gitea Service

 PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+. /etc/federated

 config_gitea() {
  echo -ne "* Configuring gitea container.."
@ -16,8 +17,6 @@ config_gitea() {
  get_appvars

 cat > /federated/apps/gitea/docker-compose.yml <<EOF
-version: "3.7"
-
 services:
  gitea:
    image: gitea/gitea:\${IMAGE_VERSION}
@ -55,6 +54,36 @@ EOF

 GITEA_SECRET=$(create_password);

+[[ "${PLUS}" = "true" ]] && sed -i "s/letsencrypt/httpresolver/g" /federated/apps/gitea/docker-compose.yml
+
+if [[ "${PLUS}" = "true" ]]; then
+cat > /federated/apps/gitea/.env <<EOF
+IMAGE_VERSION="1.19.0"
+USER_UID=1000
+USER_GID=1000
+GITEA__database__DB_TYPE=postgres
+GITEA__database__HOST=postgresql.$DOMAIN:5432
+GITEA__database__NAME=gitea
+GITEA__database__USER=gitea
+GITEA__database__PASSWD=$GITEA_SECRET
+GITEA__database__SSL_MODE=disable
+GITEA__mailer__ENABLED=true
+GITEA__mailer__FROM=gitea@gitea.$DOMAIN
+GITEA__mailer__MAILER_TYPE=smtp
+GITEA__mailer__SMTP_PORT=465
+GITEA__mailer__HOST=mail.$DOMAIN
+GITEA__mailer__IS_TLS_ENABLED=true
+GITEA__mailer__USER=fcore
+GITEA__mailer__PASSWD=$ADMINPASS
+GITEA__security__INSTALL_LOCK=true
+GITEA__server__ROOT_URL=https://gitea.$DOMAIN
+GITEA__server__DOMAIN=$DOMAIN
+GITEA__server__SSH_DOMAIN=$DOMAIN
+GITEA__server__SSH_PORT=2222
+GITEA__server__SSH_LISTEN_PORT=2222
+GITEA__service__DISABLE_REGISTRATION=true
+EOF
+else
 cat > /federated/apps/gitea/.env <<EOF
 IMAGE_VERSION="1.19.0"
 USER_UID=1000
@ -81,6 +110,7 @@ GITEA__server__SSH_PORT=2222
 GITEA__server__SSH_LISTEN_PORT=2222
 GITEA__service__DISABLE_REGISTRATION=true
 EOF
+fi
 chmod 600 /federated/apps/gitea/.env

 cat > /federated/apps/gitea/data/creategitea.sh <<EOF
@ -163,8 +193,6 @@ echo -ne "done.\n"
 }
 email_gitea() {
  echo -ne "* Sending email to customer.."
-  spin &
-  SPINPID=$!

 cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
 <html>
@ -236,7 +264,6 @@ EOF
  docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
  rm /federated/apps/mail/data/root/certs/mailfile

-  kill -9 $SPINPID &> /dev/null
  echo -ne "done.\n"
 }
 uninstall_gitea() {
@ -266,6 +293,8 @@ uninstall_gitea() {
    /federated/bin/start authelia
  fi

+  [[ "${PLUS}" != "true" ]] && docker exec pdns pdnsutil delete-rrset $DOMAIN gitea A &> /dev/null
+
  echo -ne "done.\n"
 }
 start_gitea() {
@ -292,9 +321,12 @@ start_gitea() {
  # Remove creategitea.sh
  rm /federated/apps/gitea/data/data/creategitea.sh

+  [[ "${PLUS}" != "true" ]] && docker exec pdns pdnsutil add-record $DOMAIN gitea A 86400 $EXTERNALIP &> /dev/null
+
  echo -ne "done.\n"
 }
 configsso_gitea() {
+  if [[ "${PLUS}" != "true" ]]; then
  echo -ne "* Configuring gitea container with SSO.."

  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
@ -335,6 +367,38 @@ EOF

  sed -i "s/GITEA__service__DISABLE_REGISTRATION=.*/GITEA__service__DISABLE_REGISTRATION=false/g" /federated/apps/gitea/.env

+cat >> /federated/apps/gitea/.env <<EOF
+GITEA__openid__ENABLE_OPENID_SIGNIN=false
+GITEA__openid__ENABLE_OPENID_SIGNUP=true
+GITEA__openid__WHITELISTED_URIS=$DOMAIN
+GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
+GITEA__service__SHOW_REGISTRATION_BUTTON=false
+GITEA__oauth2_client__USERNAME=email
+GITEA__oauth2_client__ACCOUNT_LINKING=login
+GITEA__oauth2_client__OPENID_CONNECT_SCOPES="openid profile email"
+EOF
+
+  run_command "/federated/bin/stop gitea"
+  run_command "/federated/bin/start gitea"
+
+  GITEA_RETRY="0"
+  until docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest" &>/dev/null; do
+    [[ "$GITEA_RETRY" -eq 60 ]] && echo "ERROR - Can't connect gitea add-oauth to authelia" && break
+    sleep 1
+    ((GITEA_RETRY++))
+done
+
+  echo -ne "done.\n"
+  fi
+}
+configsso_gitea_plus() {
+  GITEA_CLIENT_SECRET=$(cat /federated/apps/gitea/.gitea.client.secret)
+
+  run_command "/federated/bin/stop gitea"
+  run_command "/federated/bin/start gitea"
+
+  sed -i "s/GITEA__service__DISABLE_REGISTRATION=.*/GITEA__service__DISABLE_REGISTRATION=false/g" /federated/apps/gitea/.env
+
 cat >> /federated/apps/gitea/.env <<EOF
 GITEA__openid__ENABLE_OPENID_SIGNIN=false
 GITEA__openid__ENABLE_OPENID_SIGNUP=true