karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add gitea admin

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-07-25 15:24:27 +01:00
parent 1f89f09159
commit d38be7625c
6 changed files with 104 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix
View File

@@ -74,6 +74,7 @@ in
"gitea/internalToken".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/internalToken".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/jwtSecret".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/jwtSecret".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/lfsJwtSecret".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/lfsJwtSecret".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/authelia/password".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/authelia/password".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/authelia/digest".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/authelia/digest".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
}; };
@@ -85,6 +86,7 @@ in
gitea-env.content = '' gitea-env.content = ''
GITEA_OAUTH_SECRET=${hmConfig.sops.placeholder."gitea/authelia/password"} GITEA_OAUTH_SECRET=${hmConfig.sops.placeholder."gitea/authelia/password"}
GITEA_ADMIN_PASSWORD=${hmConfig.sops.placeholder."gitea/admin"}
''; '';
gitea.content = builtins.readFile ( gitea.content = builtins.readFile (
@@ -204,45 +206,47 @@ in
}; };
containers = { containers = {
gitea = gitea = {
let containerConfig = {
entrypoint = pkgs.writeTextFile { image = "docker-archive:${selfPkgs.docker-gitea}";
name = "entrypoint.sh"; networks = [
executable = true; networks.gitea.ref
text = builtins.readFile ./entrypoint.sh; networks.traefik.ref
}; ];
in volumes =
{ let
containerConfig = { preStart = pkgs.writeTextFile {
image = "docker-archive:${selfPkgs.docker-gitea}"; name = "pre-start.sh";
networks = [ executable = true;
networks.gitea.ref text = builtins.readFile ./pre-start.sh;
networks.traefik.ref };
]; in
volumes = [ [
"${volumes.gitea.ref}:/var/lib/gitea/data" "${volumes.gitea.ref}:/var/lib/gitea/data"
"/mnt/storage/private/storm/containers/storage/volumes/gitea-lfs/_data:/var/lib/gitea/data/lfs" "/mnt/storage/private/storm/containers/storage/volumes/gitea-lfs/_data:/var/lib/gitea/data/lfs"
"${hmConfig.sops.templates.gitea.path}:/etc/gitea/app.ini:ro" "${hmConfig.sops.templates.gitea.path}:/etc/gitea/app.ini:ro"
"${entrypoint}:/entrypoint.sh:ro" "${preStart}:/etc/gitea/pre-start.sh:ro"
];
environments.GITEA_OAUTH_KEY = autheliaClientId;
environmentFiles = [ hmConfig.sops.templates.gitea-env.path ];
entrypoint = "/entrypoint.sh";
labels = [
"traefik.enable=true"
"traefik.http.routers.gitea.rule=Host(`git.karaolidis.com`)"
]; ];
environments = {
GITEA_OAUTH_KEY = autheliaClientId;
GITEA_ADMIN_EMAIL = "jupiter@karaolidis.com";
}; };
environmentFiles = [ hmConfig.sops.templates.gitea-env.path ];
unitConfig = { labels = [
After = [ "traefik.enable=true"
"${containers.gitea-postgresql._serviceName}.service" "traefik.http.routers.gitea.rule=Host(`git.karaolidis.com`)"
"sops-nix.service" ];
];
Requires = [ "${containers.gitea-postgresql._serviceName}.service" ];
};
}; };
unitConfig = {
After = [
"${containers.gitea-postgresql._serviceName}.service"
"sops-nix.service"
];
Requires = [ "${containers.gitea-postgresql._serviceName}.service" ];
};
};
gitea-postgresql = { gitea-postgresql = {
containerConfig = { containerConfig = {
image = "docker-archive:${selfPkgs.docker-postgresql}"; image = "docker-archive:${selfPkgs.docker-postgresql}";

17
hosts/jupiter/users/storm/configs/console/podman/gitea/entrypoint.sh
View File

@@ -1,17 +0,0 @@
#!/bin/sh
gitea migrate -c /etc/gitea/app.ini
gitea admin auth add-oauth \
-c /etc/gitea/app.ini \
--name=authelia \
--provider=openidConnect \
--key="$GITEA_OAUTH_KEY" \
--secret="$GITEA_OAUTH_SECRET" \
--auto-discover-url=https://id.karaolidis.com/.well-known/openid-configuration \
--scopes='openid email profile groups' \
--skip-local-2fa \
--group-claim-name=groups \
--admin-group=admin 2>&1 || true
exec gitea web -c /etc/gitea/app.ini

44
hosts/jupiter/users/storm/configs/console/podman/gitea/pre-start.sh Normal file
View File

@@ -0,0 +1,44 @@
# shellcheck shell=sh
authelia_id="$(gitea admin -c /etc/gitea/app.ini auth list | awk '$2 == "authelia" { print $1 }')"
if [ -z "${authelia_id:-}" ]; then
gitea admin auth add-oauth \
-c /etc/gitea/app.ini \
--name=authelia \
--provider=openidConnect \
--key="$GITEA_OAUTH_KEY" \
--secret="$GITEA_OAUTH_SECRET" \
--auto-discover-url=https://id.karaolidis.com/.well-known/openid-configuration \
--scopes='openid email profile groups' \
--skip-local-2fa \
--group-claim-name=groups \
--admin-group=admin
else
gitea admin auth update-oauth \
-c /etc/gitea/app.ini \
--id="$authelia_id" \
--name=authelia \
--provider=openidConnect \
--key="$GITEA_OAUTH_KEY" \
--secret="$GITEA_OAUTH_SECRET" \
--auto-discover-url=https://id.karaolidis.com/.well-known/openid-configuration \
--scopes='openid email profile groups' \
--skip-local-2fa \
--group-claim-name=groups \
--admin-group=admin
fi
admin="$(gitea admin -c /etc/gitea/app.ini user list | awk '$2 == "admin" { print $2 }')"
if [ -z "${admin:-}" ]; then
gitea admin user create \
-c /etc/gitea/app.ini \
--username="admin" \
--password="$GITEA_ADMIN_PASSWORD" \
--email="$GITEA_ADMIN_EMAIL" \
--admin \
--must-change-password=false
fi
exec gitea web -c /etc/gitea/app.ini

16
packages/docker/gitea/default.nix
View File

@@ -1,4 +1,12 @@
{ pkgs, ... }: { pkgs, ... }:
let
entrypoint = pkgs.writeTextFile {
name = "entrypoint";
executable = true;
destination = "/bin/entrypoint";
text = builtins.readFile ./entrypoint.sh;
};
in
pkgs.dockerTools.buildImage { pkgs.dockerTools.buildImage {
name = "gitea"; name = "gitea";
fromImage = import ../base { inherit pkgs; }; fromImage = import ../base { inherit pkgs; };
@@ -6,6 +14,7 @@ pkgs.dockerTools.buildImage {
copyToRoot = pkgs.buildEnv { copyToRoot = pkgs.buildEnv {
name = "root"; name = "root";
paths = with pkgs; [ paths = with pkgs; [
entrypoint
gitea gitea
git git
]; ];
@@ -13,12 +22,7 @@ pkgs.dockerTools.buildImage {
}; };
config = { config = {
Entrypoint = [ "gitea" ]; Entrypoint = [ "entrypoint" ];
Cmd = [
"web"
"-c"
"/etc/gitea/app.ini"
];
ExposedPorts = { ExposedPorts = {
"3000/tcp" = { }; "3000/tcp" = { };
}; };

13
packages/docker/gitea/entrypoint.sh Normal file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env sh
set -o errexit
set -o nounset
gitea migrate -c /etc/gitea/app.ini
if [ -f /etc/gitea/pre-start.sh ]; then
# shellcheck disable=SC1091
. /etc/gitea/pre-start.sh
fi
exec gitea web -c /etc/gitea/app.ini "$@"

2
secrets

Submodule secrets updated: 8e179ed096...cf0eec50d0