Add Gitea to scabbers.

pillar/secrets/gitea.sls.sample

@@ -0,0 +1,3 @@
+gitea:
+  lfs_jwt_secret: 'xyzzy'
+  internal_token: 'plugh'

pillar/top.sls

@@ -1,4 +1,5 @@
 base:
   'scabbers.lunch.org.uk':
     - secrets/dnsapi
+    - secrets/gitea
 

states/certificates/dehydrated/dnsapi.config.txt

@@ -10,6 +10,7 @@ www.bear-cave.org.uk {{ keyid }} {{ secret }}
 {#- -#}
 lunch.org.uk {{ keyid }} {{ secret }}
 www.lunch.org.uk {{ keyid }} {{ secret }}
+git.lunch.org.uk {{ keyid }} {{ secret }}
 hg.lunch.org.uk {{ keyid }} {{ secret }}
 jenkins.lunch.org.uk {{ keyid }} {{ secret }}
 lists.lunch.org.uk {{ keyid }} {{ secret }}

states/certificates/dehydrated/domains.txt

@@ -1,5 +1,6 @@
 bear-cave.org.uk www.bear-cave.org.uk
 lunch.org.uk www.lunch.org.uk
+git.lunch.org.uk
 hg.lunch.org.uk
 jenkins.lunch.org.uk
 mail.lunch.org.uk

states/gitea/app.ini

@@ -0,0 +1,79 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = git
+RUN_MODE = prod
+
+[database]
+DB_TYPE  = sqlite3
+HOST     = 127.0.0.1:5432
+NAME     = gitea
+USER     = gitea
+PASSWD   = 
+SCHEMA   = 
+SSL_MODE = disable
+CHARSET  = utf8
+PATH     = /var/lib/gitea/data/gitea.db
+LOG_SQL  = false
+
+[repository]
+ROOT = /var/lib/gitea/data/gitea-repositories
+
+[server]
+SSH_DOMAIN       = git.lunch.org.uk
+DOMAIN           = git.lunch.org.uk
+HTTP_PORT        = 3000
+ROOT_URL         = https://git.lunch.org.uk/
+DISABLE_SSH      = false
+LFS_START_SERVER = true
+LFS_JWT_SECRET   = {{ pillar['gitea']['lfs_jwt_secret'] }}
+OFFLINE_MODE     = false
+
+[lfs]
+PATH = /var/lib/gitea/data/lfs
+
+[mailer]
+ENABLED = true
+HOST    = mail.lunch.org.uk:587
+FROM    = git@lunch.org.uk
+USER    = 
+PASSWD  = 
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+DISABLE_REGISTRATION              = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.lunch.org.uk
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = console
+LEVEL     = info
+ROOT_PATH = /var/lib/gitea/log
+ROUTER    = console
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[security]
+INSTALL_LOCK       = true
+INTERNAL_TOKEN     = {{ pillar['gitea']['internal_token'] }}
+PASSWORD_HASH_ALGO = pbkdf2
+

states/gitea/git.lunch.org.uk.conf

@@ -0,0 +1,47 @@
+<IfModule mod_ssl.c>
+
+<VirtualHost *:443>
+        ServerName git.lunch.org.uk
+
+        ErrorLog /var/log/apache2/git-error.log
+        CustomLog /var/log/apache2/git-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        # Jenkins
+        ProxyPass         /  http://localhost:3000/
+        ProxyPassReverse  /  http://localhost:3000
+        ProxyRequests     Off
+        AllowEncodedSlashes NoDecode
+
+        # Local reverse proxy authorization override
+        # Most unix distribution deny proxy by default
+        <Proxy http://localhost:3000/*>
+                Order deny,allow
+                Allow from all
+        </Proxy>
+
+	SSLEngine on
+	SSLCertificateFile /var/lib/dehydrated/certs/git.lunch.org.uk/fullchain.pem
+	SSLCertificateKeyFile /var/lib/dehydrated/certs/git.lunch.org.uk/privkey.pem
+</VirtualHost>
+
+</IfModule>
+
+<VirtualHost *:80>
+        ServerName git.lunch.org.uk
+
+        ErrorLog /var/log/apache2/git-error.log
+        CustomLog /var/log/apache2/git-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        <IfModule rewrite_module>
+                #
+                # This redirects all accesses to the HTTPS version of the site.
+                #
+                RewriteEngine On
+
+                RewriteRule ^/?(.*) https://git.lunch.org.uk/$1 [R=301,L]
+        </IfModule>
+</VirtualHost>

states/gitea/init.sls

@@ -0,0 +1,47 @@
+gitea_repo:
+  pkgrepo.managed:
+    - name: deb http://mirrors.dotsrc.org/osdn/storage/g/r/ra/raspbian-addons/debian precise main
+    - key_url: https://apt.raspbian-addons.org/KEY.gpg
+    - file: /etc/apt/sources.list.d/respbian-addons.list
+
+gitea:
+  pkg.installed
+
+gitea_app_ini:
+  file.managed:
+    - name: /etc/gitea/app.ini
+    - source: salt://gitea/app.ini
+    - template: jinja
+  service.running:
+    - name: gitea
+    - restart: true
+    - watch:
+      - file: /etc/gitea/app.ini
+
+var_lib_gitea_directory:
+  file.directory:
+    - name: /var/lib/gitea
+    - user: git
+    - group: git
+    - recurse:
+      - user
+      - group
+
+gitea_web:
+  file.managed:
+    - require:
+      - sls: apache
+      - sls: certificates
+    - names:
+      - /etc/apache2/sites-available/git.lunch.org.uk.conf:
+        - source: salt://gitea/git.lunch.org.uk.conf
+  apache_site.enabled:
+    - require:
+      - file: /etc/apache2/sites-available/git.lunch.org.uk.conf
+    - name: git.lunch.org.uk
+  service.running:
+    - name: apache2
+    - reload: true
+    - watch:
+      - file: /etc/apache2/sites-available/git.lunch.org.uk.conf
+

states/top.sls

@@ -13,6 +13,7 @@ base:
     - apache
     - fail2ban
     - firewalls/scabbers
+    - gitea
     - jenkins
     - jenkins/worker
     - mercurial