gitea-app/start.sh

#!/bin/bash

set -eu -o pipefail

mkdir -p /run/gitea/tmp/uploads

setup_ldap_source() {
    set -eu

    # Wait for gitea to finish db setup, before we insert ldap source in db
    while ! curl --fail http://localhost:3000/healthcheck; do
        echo "Waiting for gitea to come up"
        sleep 1
    done

    now=$(date +%s)

    # Get the existing LDAP source status. This allows the user to disable LDAP
    ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
    [[ -z "${ldap_status}" ]] && ldap_status="1"

    if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
        echo "LDAP Authentication was setup with status ${ldap_status}"
    else
        echo "Failed to setup LDAP authentication"
        exit 1
    fi
}

# SSH_PORT can be unset to disable SSH
disable_ssh="false"
if [[ -z "${SSH_PORT:-}" ]]; then
    echo "SSH disabled"
    SSH_PORT=29418 # arbitrary port to keep sshd happy
    disable_ssh="true"
fi

if [[ ! -f "/app/data/sshd/ssh_host_ed25519_key" ]]; then
    echo "Generating ssh host keys"
    mkdir -p /app/data/sshd
    ssh-keygen -qt rsa -N '' -f /app/data/sshd/ssh_host_rsa_key
    ssh-keygen -qt dsa -N '' -f /app/data/sshd/ssh_host_dsa_key
    ssh-keygen -qt ecdsa -N '' -f /app/data/sshd/ssh_host_ecdsa_key
    ssh-keygen -qt ed25519 -N '' -f /app/data/sshd/ssh_host_ed25519_key
else
    echo "Reusing existing host keys"
fi

chmod 0600 /app/data/sshd/*_key
chmod 0644 /app/data/sshd/*.pub

sed -e "s/^Port .*/Port ${SSH_PORT}/" \
    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
    /etc/ssh/sshd_config > /run/gitea/sshd_config

cp /home/git/app.ini.template "/run/gitea/app.ini"

# create default user config file
if ! [ -f /app/data/app.ini ]; then
    cp /home/git/app.ini.template /app/data/app.ini
fi

if [ "$(crudini --get /app/data/app.ini security SECRET_KEY)" == "##SECRET_KEY" ]; then
    echo "Generating new SECRET_KEY"
    crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
fi

# merge user config file
crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"

# override important values
crudini --set "/run/gitea/app.ini" database DB_TYPE mysql
crudini --set "/run/gitea/app.ini" database HOST "${MYSQL_HOST}:${MYSQL_PORT}"
crudini --set "/run/gitea/app.ini" database NAME "${MYSQL_DATABASE}"
crudini --set "/run/gitea/app.ini" database USER "${MYSQL_USERNAME}"
crudini --set "/run/gitea/app.ini" database PASSWD "${MYSQL_PASSWORD}"
crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"
crudini --set "/run/gitea/app.ini" server PROTOCOL "http"
crudini --set "/run/gitea/app.ini" server DOMAIN "${APP_DOMAIN}"
crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"
crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""
crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"
crudini --set "/run/gitea/app.ini" server DISABLE_SSH "${disable_ssh}"
crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
crudini --set "/run/gitea/app.ini" mailer HOST "${MAIL_SMTP_SERVER}:${MAIL_SMTP_PORT}"
crudini --set "/run/gitea/app.ini" mailer USER "${MAIL_SMTP_USERNAME}"
crudini --set "/run/gitea/app.ini" mailer PASSWD "${MAIL_SMTP_PASSWORD}"
crudini --set "/run/gitea/app.ini" mailer FROM "${MAIL_FROM}"
crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
crudini --set "/run/gitea/app.ini" log MODE "console"
crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"


mkdir -p /app/data/repository /app/data/ssh

chown -R git:git /app/data /run/gitea

( setup_ldap_source ) &

exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
Initial version 2015-04-26 19:45:32 +00:00			`#!/bin/bash`

			`set -eu -o pipefail`

First working version, tests follow 2017-06-02 08:32:24 +00:00			`mkdir -p /run/gitea/tmp/uploads`
setup appdata directory fixes #3 and #4 2017-04-05 04:42:26 +00:00
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`setup_ldap_source() {`
Check if ldap setup succeeded 2015-11-24 19:53:21 +00:00			`set -eu`

First working version, tests follow 2017-06-02 08:32:24 +00:00			`# Wait for gitea to finish db setup, before we insert ldap source in db`
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`while ! curl --fail http://localhost:3000/healthcheck; do`
First working version, tests follow 2017-06-02 08:32:24 +00:00			`echo "Waiting for gitea to come up"`
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`sleep 1`
			`done`
Make it work 2015-04-29 04:57:58 +00:00
use username or email to login 2016-04-11 19:21:59 +00:00			`now=$(date +%s)`
do not overwrite LDAP status 2016-08-27 04:51:49 +00:00
			`# Get the existing LDAP source status. This allows the user to disable LDAP`
			`ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")`
			`[[ -z "${ldap_status}" ]] && ldap_status="1"`

Check if ldap setup succeeded 2015-11-24 19:53:21 +00:00			`if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \`
do not overwrite LDAP status 2016-08-27 04:51:49 +00:00			-e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
			`echo "LDAP Authentication was setup with status ${ldap_status}"`
Check if ldap setup succeeded 2015-11-24 19:53:21 +00:00			`else`
			`echo "Failed to setup LDAP authentication"`
			`exit 1`
			`fi`
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`}`
Build from source again since we need patches 2015-06-24 21:26:43 +00:00
disable ssh when SSH_PORT is unset 2016-04-11 17:44:43 +00:00			`# SSH_PORT can be unset to disable SSH`
			`disable_ssh="false"`
check for unset variable correctly 2016-04-11 18:46:57 +00:00			`if [[ -z "${SSH_PORT:-}" ]]; then`
disable ssh when SSH_PORT is unset 2016-04-11 17:44:43 +00:00			`echo "SSH disabled"`
			`SSH_PORT=29418 # arbitrary port to keep sshd happy`
actually disable ssh 2016-04-11 18:59:21 +00:00			`disable_ssh="true"`
disable ssh when SSH_PORT is unset 2016-04-11 17:44:43 +00:00			`fi`

preserve ssh host keys across updates fixes #2 2016-05-04 05:49:59 +00:00			`if [[ ! -f "/app/data/sshd/ssh_host_ed25519_key" ]]; then`
			`echo "Generating ssh host keys"`
			`mkdir -p /app/data/sshd`
			`ssh-keygen -qt rsa -N '' -f /app/data/sshd/ssh_host_rsa_key`
			`ssh-keygen -qt dsa -N '' -f /app/data/sshd/ssh_host_dsa_key`
			`ssh-keygen -qt ecdsa -N '' -f /app/data/sshd/ssh_host_ecdsa_key`
			`ssh-keygen -qt ed25519 -N '' -f /app/data/sshd/ssh_host_ed25519_key`
			`else`
			`echo "Reusing existing host keys"`
			`fi`

			`chmod 0600 /app/data/sshd/*_key`
			`chmod 0644 /app/data/sshd/*.pub`

Make it work 2015-04-29 04:57:58 +00:00			`sed -e "s/^Port .*/Port ${SSH_PORT}/" \`
			`-e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \`
preserve ssh host keys across updates fixes #2 2016-05-04 05:49:59 +00:00			`-e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \`
First working version, tests follow 2017-06-02 08:32:24 +00:00			`/etc/ssh/sshd_config > /run/gitea/sshd_config`
Randomize the admin password 2015-06-24 18:36:12 +00:00
Using crudini for configuration merging 2017-08-09 05:06:23 +00:00			`cp /home/git/app.ini.template "/run/gitea/app.ini"`

			`# create default user config file`
			`if ! [ -f /app/data/app.ini ]; then`
			`cp /home/git/app.ini.template /app/data/app.ini`
			`fi`

Preserve SECRET_KEY across restarts fixes #2 2017-09-01 22:17:39 +00:00			`if [ "$(crudini --get /app/data/app.ini security SECRET_KEY)" == "##SECRET_KEY" ]; then`
			`echo "Generating new SECRET_KEY"`
			`crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)`
			`fi`

Using crudini for configuration merging 2017-08-09 05:06:23 +00:00			`# merge user config file`
			`crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"`

			`# override important values`
			`crudini --set "/run/gitea/app.ini" database DB_TYPE mysql`
			`crudini --set "/run/gitea/app.ini" database HOST "${MYSQL_HOST}:${MYSQL_PORT}"`
			`crudini --set "/run/gitea/app.ini" database NAME "${MYSQL_DATABASE}"`
			`crudini --set "/run/gitea/app.ini" database USER "${MYSQL_USERNAME}"`
			`crudini --set "/run/gitea/app.ini" database PASSWD "${MYSQL_PASSWORD}"`
			`crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"`
			`crudini --set "/run/gitea/app.ini" server PROTOCOL "http"`
			`crudini --set "/run/gitea/app.ini" server DOMAIN "${APP_DOMAIN}"`
			`crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"`
			`crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""`
			`crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"`
			`crudini --set "/run/gitea/app.ini" server DISABLE_SSH "${disable_ssh}"`
			`crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"`
			`crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"`
			`crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"`
			`crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"`
			`crudini --set "/run/gitea/app.ini" mailer HOST "${MAIL_SMTP_SERVER}:${MAIL_SMTP_PORT}"`
			`crudini --set "/run/gitea/app.ini" mailer USER "${MAIL_SMTP_USERNAME}"`
			`crudini --set "/run/gitea/app.ini" mailer PASSWD "${MAIL_SMTP_PASSWORD}"`
			`crudini --set "/run/gitea/app.ini" mailer FROM "${MAIL_FROM}"`
			`crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"`
			`crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"`
			`crudini --set "/run/gitea/app.ini" log MODE "console"`
			`crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"`
			`crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"`

merge user config file 2016-08-27 04:45:11 +00:00
Remove fallback for old code 2015-11-25 17:12:59 +00:00			`mkdir -p /app/data/repository /app/data/ssh`
migrate existing data 2015-10-14 07:46:53 +00:00
First working version, tests follow 2017-06-02 08:32:24 +00:00			`chown -R git:git /app/data /run/gitea`
Skip calling the install route The install route is just a convenience if app.ini has not been setup. gogs always sets up the db on startup if app.ini is setup correctly. 2015-08-18 20:44:26 +00:00
make it work with readonly rootfs 2015-10-13 22:27:09 +00:00			`( setup_ldap_source ) &`
Add ldap settings to db directly 2015-06-24 18:01:16 +00:00
First working version, tests follow 2017-06-02 08:32:24 +00:00			`exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea`
Initial version 2015-04-26 19:45:32 +00:00