Add Gitea to scabbers.

This commit is contained in:
Jim Hague 2023-02-27 18:02:28 +00:00
parent fd0714e00d
commit e7c3209a8a
8 changed files with 180 additions and 0 deletions

View File

@ -0,0 +1,3 @@
gitea:
lfs_jwt_secret: 'xyzzy'
internal_token: 'plugh'

View File

@ -1,4 +1,5 @@
base:
'scabbers.lunch.org.uk':
- secrets/dnsapi
- secrets/gitea

View File

@ -10,6 +10,7 @@ www.bear-cave.org.uk {{ keyid }} {{ secret }}
{#- -#}
lunch.org.uk {{ keyid }} {{ secret }}
www.lunch.org.uk {{ keyid }} {{ secret }}
git.lunch.org.uk {{ keyid }} {{ secret }}
hg.lunch.org.uk {{ keyid }} {{ secret }}
jenkins.lunch.org.uk {{ keyid }} {{ secret }}
lists.lunch.org.uk {{ keyid }} {{ secret }}

View File

@ -1,5 +1,6 @@
bear-cave.org.uk www.bear-cave.org.uk
lunch.org.uk www.lunch.org.uk
git.lunch.org.uk
hg.lunch.org.uk
jenkins.lunch.org.uk
mail.lunch.org.uk

79
states/gitea/app.ini Normal file
View File

@ -0,0 +1,79 @@
APP_NAME = Gitea: Git with a cup of tea
RUN_USER = git
RUN_MODE = prod
[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1:5432
NAME = gitea
USER = gitea
PASSWD =
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
PATH = /var/lib/gitea/data/gitea.db
LOG_SQL = false
[repository]
ROOT = /var/lib/gitea/data/gitea-repositories
[server]
SSH_DOMAIN = git.lunch.org.uk
DOMAIN = git.lunch.org.uk
HTTP_PORT = 3000
ROOT_URL = https://git.lunch.org.uk/
DISABLE_SSH = false
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ pillar['gitea']['lfs_jwt_secret'] }}
OFFLINE_MODE = false
[lfs]
PATH = /var/lib/gitea/data/lfs
[mailer]
ENABLED = true
HOST = mail.lunch.org.uk:587
FROM = git@lunch.org.uk
USER =
PASSWD =
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.lunch.org.uk
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[session]
PROVIDER = file
[log]
MODE = console
LEVEL = info
ROOT_PATH = /var/lib/gitea/log
ROUTER = console
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[security]
INSTALL_LOCK = true
INTERNAL_TOKEN = {{ pillar['gitea']['internal_token'] }}
PASSWORD_HASH_ALGO = pbkdf2

View File

@ -0,0 +1,47 @@
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName git.lunch.org.uk
ErrorLog /var/log/apache2/git-error.log
CustomLog /var/log/apache2/git-access.log combined
RemoteIPProxyProtocol On
# Jenkins
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000
ProxyRequests Off
AllowEncodedSlashes NoDecode
# Local reverse proxy authorization override
# Most unix distribution deny proxy by default
<Proxy http://localhost:3000/*>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile /var/lib/dehydrated/certs/git.lunch.org.uk/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/git.lunch.org.uk/privkey.pem
</VirtualHost>
</IfModule>
<VirtualHost *:80>
ServerName git.lunch.org.uk
ErrorLog /var/log/apache2/git-error.log
CustomLog /var/log/apache2/git-access.log combined
RemoteIPProxyProtocol On
<IfModule rewrite_module>
#
# This redirects all accesses to the HTTPS version of the site.
#
RewriteEngine On
RewriteRule ^/?(.*) https://git.lunch.org.uk/$1 [R=301,L]
</IfModule>
</VirtualHost>

47
states/gitea/init.sls Normal file
View File

@ -0,0 +1,47 @@
gitea_repo:
pkgrepo.managed:
- name: deb http://mirrors.dotsrc.org/osdn/storage/g/r/ra/raspbian-addons/debian precise main
- key_url: https://apt.raspbian-addons.org/KEY.gpg
- file: /etc/apt/sources.list.d/respbian-addons.list
gitea:
pkg.installed
gitea_app_ini:
file.managed:
- name: /etc/gitea/app.ini
- source: salt://gitea/app.ini
- template: jinja
service.running:
- name: gitea
- restart: true
- watch:
- file: /etc/gitea/app.ini
var_lib_gitea_directory:
file.directory:
- name: /var/lib/gitea
- user: git
- group: git
- recurse:
- user
- group
gitea_web:
file.managed:
- require:
- sls: apache
- sls: certificates
- names:
- /etc/apache2/sites-available/git.lunch.org.uk.conf:
- source: salt://gitea/git.lunch.org.uk.conf
apache_site.enabled:
- require:
- file: /etc/apache2/sites-available/git.lunch.org.uk.conf
- name: git.lunch.org.uk
service.running:
- name: apache2
- reload: true
- watch:
- file: /etc/apache2/sites-available/git.lunch.org.uk.conf

View File

@ -13,6 +13,7 @@ base:
- apache
- fail2ban
- firewalls/scabbers
- gitea
- jenkins
- jenkins/worker
- mercurial