start.sh

#!/bin/bash

set -eu -o pipefail

mkdir -p /run/gitea/tmp/uploads

setup_ldap_source() {
    set -eu

    # Wait for gitea to finish db setup, before we insert ldap source in db
    while ! curl --fail http://localhost:3000/healthcheck; do
        echo "Waiting for gitea to come up"
        sleep 1
    done

    now=$(date +%s)

    # Get the existing LDAP source status. This allows the user to disable LDAP
    ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
    [[ -z "${ldap_status}" ]] && ldap_status="1"

    if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
        echo "LDAP Authentication was setup with status ${ldap_status}"
    else
        echo "Failed to setup LDAP authentication"
        exit 1
    fi
}

# SSH_PORT can be unset to disable SSH
disable_ssh="false"
if [[ -z "${SSH_PORT:-}" ]]; then
    echo "SSH disabled"
    SSH_PORT=29418 # arbitrary port to keep sshd happy
    disable_ssh="true"
fi

if [[ ! -f "/app/data/sshd/ssh_host_ed25519_key" ]]; then
    echo "Generating ssh host keys"
    mkdir -p /app/data/sshd
    ssh-keygen -qt rsa -N '' -f /app/data/sshd/ssh_host_rsa_key
    ssh-keygen -qt dsa -N '' -f /app/data/sshd/ssh_host_dsa_key
    ssh-keygen -qt ecdsa -N '' -f /app/data/sshd/ssh_host_ecdsa_key
    ssh-keygen -qt ed25519 -N '' -f /app/data/sshd/ssh_host_ed25519_key
else
    echo "Reusing existing host keys"
fi

chmod 0600 /app/data/sshd/*_key
chmod 0644 /app/data/sshd/*.pub

sed -e "s/^Port .*/Port ${SSH_PORT}/" \
    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
    /etc/ssh/sshd_config > /run/gitea/sshd_config

cp /home/git/app.ini.template "/run/gitea/app.ini"

# create default user config file
if ! [ -f /app/data/app.ini ]; then
    cp /home/git/app.ini.template /app/data/app.ini
fi

# merge user config file
crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"

# override important values
crudini --set "/run/gitea/app.ini" database DB_TYPE mysql
crudini --set "/run/gitea/app.ini" database HOST "${MYSQL_HOST}:${MYSQL_PORT}"
crudini --set "/run/gitea/app.ini" database NAME "${MYSQL_DATABASE}"
crudini --set "/run/gitea/app.ini" database USER "${MYSQL_USERNAME}"
crudini --set "/run/gitea/app.ini" database PASSWD "${MYSQL_PASSWORD}"
crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"
crudini --set "/run/gitea/app.ini" server PROTOCOL "http"
crudini --set "/run/gitea/app.ini" server DOMAIN "${APP_DOMAIN}"
crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"
crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""
crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"
crudini --set "/run/gitea/app.ini" server DISABLE_SSH "${disable_ssh}"
crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
crudini --set "/run/gitea/app.ini" mailer HOST "${MAIL_SMTP_SERVER}:${MAIL_SMTP_PORT}"
crudini --set "/run/gitea/app.ini" mailer USER "${MAIL_SMTP_USERNAME}"
crudini --set "/run/gitea/app.ini" mailer PASSWD "${MAIL_SMTP_PASSWORD}"
crudini --set "/run/gitea/app.ini" mailer FROM "${MAIL_FROM}"
crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
crudini --set "/run/gitea/app.ini" security SECRET_KEY $(pwgen -1 -s)
crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
crudini --set "/run/gitea/app.ini" log MODE "console"
crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"


mkdir -p /app/data/repository /app/data/ssh

chown -R git:git /app/data /run/gitea

( setup_ldap_source ) &

exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
Initial version 2015-04-26 12:45:32 -07:00			`#!/bin/bash`

			`set -eu -o pipefail`

First working version, tests follow 2017-06-02 10:32:24 +02:00			`mkdir -p /run/gitea/tmp/uploads`
setup appdata directory 2017-04-04 21:42:26 -07:00
make it work with readonly rootfs 2015-10-13 15:27:09 -07:00			`setup_ldap_source() {`
Check if ldap setup succeeded 2015-11-24 11:53:21 -08:00			`set -eu`

First working version, tests follow 2017-06-02 10:32:24 +02:00			`# Wait for gitea to finish db setup, before we insert ldap source in db`
make it work with readonly rootfs 2015-10-13 15:27:09 -07:00			`while ! curl --fail http://localhost:3000/healthcheck; do`
First working version, tests follow 2017-06-02 10:32:24 +02:00			`echo "Waiting for gitea to come up"`
make it work with readonly rootfs 2015-10-13 15:27:09 -07:00			`sleep 1`
			`done`
Make it work 2015-04-28 21:57:58 -07:00
use username or email to login 2016-04-11 12:21:59 -07:00			`now=$(date +%s)`
do not overwrite LDAP status 2016-08-26 21:51:49 -07:00
			`# Get the existing LDAP source status. This allows the user to disable LDAP`
			`ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")`
			`[[ -z "${ldap_status}" ]] && ldap_status="1"`

Check if ldap setup succeeded 2015-11-24 11:53:21 -08:00			`if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \`
do not overwrite LDAP status 2016-08-26 21:51:49 -07:00			-e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
			`echo "LDAP Authentication was setup with status ${ldap_status}"`
Check if ldap setup succeeded 2015-11-24 11:53:21 -08:00			`else`
			`echo "Failed to setup LDAP authentication"`
			`exit 1`
			`fi`
make it work with readonly rootfs 2015-10-13 15:27:09 -07:00			`}`
Build from source again since we need patches 2015-06-24 14:26:43 -07:00
disable ssh when SSH_PORT is unset 2016-04-11 10:44:43 -07:00			`# SSH_PORT can be unset to disable SSH`
			`disable_ssh="false"`
check for unset variable correctly 2016-04-11 11:46:57 -07:00			`if [[ -z "${SSH_PORT:-}" ]]; then`
disable ssh when SSH_PORT is unset 2016-04-11 10:44:43 -07:00			`echo "SSH disabled"`
			`SSH_PORT=29418 # arbitrary port to keep sshd happy`
actually disable ssh 2016-04-11 11:59:21 -07:00			`disable_ssh="true"`
disable ssh when SSH_PORT is unset 2016-04-11 10:44:43 -07:00			`fi`

preserve ssh host keys across updates 2016-05-03 22:49:59 -07:00			`if [[ ! -f "/app/data/sshd/ssh_host_ed25519_key" ]]; then`
			`echo "Generating ssh host keys"`
			`mkdir -p /app/data/sshd`
			`ssh-keygen -qt rsa -N '' -f /app/data/sshd/ssh_host_rsa_key`
			`ssh-keygen -qt dsa -N '' -f /app/data/sshd/ssh_host_dsa_key`
			`ssh-keygen -qt ecdsa -N '' -f /app/data/sshd/ssh_host_ecdsa_key`
			`ssh-keygen -qt ed25519 -N '' -f /app/data/sshd/ssh_host_ed25519_key`
			`else`
			`echo "Reusing existing host keys"`
			`fi`

			`chmod 0600 /app/data/sshd/*_key`
			`chmod 0644 /app/data/sshd/*.pub`

Make it work 2015-04-28 21:57:58 -07:00			`sed -e "s/^Port .*/Port ${SSH_PORT}/" \`
			`-e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \`
preserve ssh host keys across updates 2016-05-03 22:49:59 -07:00			`-e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \`
First working version, tests follow 2017-06-02 10:32:24 +02:00			`/etc/ssh/sshd_config > /run/gitea/sshd_config`
Randomize the admin password 2015-06-24 11:36:12 -07:00
Using crudini for configuration merging 2017-08-09 07:06:23 +02:00			`cp /home/git/app.ini.template "/run/gitea/app.ini"`

			`# create default user config file`
			`if ! [ -f /app/data/app.ini ]; then`
			`cp /home/git/app.ini.template /app/data/app.ini`
			`fi`

			`# merge user config file`
			`crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"`

			`# override important values`
			`crudini --set "/run/gitea/app.ini" database DB_TYPE mysql`
			`crudini --set "/run/gitea/app.ini" database HOST "${MYSQL_HOST}:${MYSQL_PORT}"`
			`crudini --set "/run/gitea/app.ini" database NAME "${MYSQL_DATABASE}"`
			`crudini --set "/run/gitea/app.ini" database USER "${MYSQL_USERNAME}"`
			`crudini --set "/run/gitea/app.ini" database PASSWD "${MYSQL_PASSWORD}"`
			`crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"`
			`crudini --set "/run/gitea/app.ini" server PROTOCOL "http"`
			`crudini --set "/run/gitea/app.ini" server DOMAIN "${APP_DOMAIN}"`
			`crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"`
			`crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""`
			`crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"`
			`crudini --set "/run/gitea/app.ini" server DISABLE_SSH "${disable_ssh}"`
			`crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"`
			`crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"`
			`crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"`
			`crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"`
			`crudini --set "/run/gitea/app.ini" mailer HOST "${MAIL_SMTP_SERVER}:${MAIL_SMTP_PORT}"`
			`crudini --set "/run/gitea/app.ini" mailer USER "${MAIL_SMTP_USERNAME}"`
			`crudini --set "/run/gitea/app.ini" mailer PASSWD "${MAIL_SMTP_PASSWORD}"`
			`crudini --set "/run/gitea/app.ini" mailer FROM "${MAIL_FROM}"`
			`crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"`
			`crudini --set "/run/gitea/app.ini" security SECRET_KEY $(pwgen -1 -s)`
			`crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"`
			`crudini --set "/run/gitea/app.ini" log MODE "console"`
			`crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"`
			`crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"`

merge user config file 2016-08-26 21:45:11 -07:00
Remove fallback for old code 2015-11-25 09:12:59 -08:00			`mkdir -p /app/data/repository /app/data/ssh`
migrate existing data 2015-10-14 00:46:53 -07:00
First working version, tests follow 2017-06-02 10:32:24 +02:00			`chown -R git:git /app/data /run/gitea`
Skip calling the install route 2015-08-18 13:44:26 -07:00
make it work with readonly rootfs 2015-10-13 15:27:09 -07:00			`( setup_ldap_source ) &`
Add ldap settings to db directly 2015-06-24 11:01:16 -07:00
First working version, tests follow 2017-06-02 10:32:24 +02:00			`exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea`
Initial version 2015-04-26 12:45:32 -07:00