2015-04-26 19:45:32 +00:00
#!/bin/bash
set -eu -o pipefail
2019-08-19 23:54:25 +00:00
mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
2017-04-05 04:42:26 +00:00
2015-10-13 22:27:09 +00:00
setup_ldap_source( ) {
2015-11-24 19:53:21 +00:00
set -eu
2022-01-31 12:43:01 +00:00
echo "==> Setup LDAP source"
2016-08-27 04:51:49 +00:00
# Get the existing LDAP source status. This allows the user to disable LDAP
2019-06-05 00:14:29 +00:00
# Note that this method is deprecated since this app now supports optionalSso
2022-01-31 12:43:01 +00:00
ldap_status = $( mysql -u" ${ CLOUDRON_MYSQL_USERNAME } " -p" ${ CLOUDRON_MYSQL_PASSWORD } " -h mysql --database= " ${ CLOUDRON_MYSQL_DATABASE } " -N -B -e "select is_active from login_source WHERE name='cloudron';" )
2016-08-27 04:51:49 +00:00
[ [ -z " ${ ldap_status } " ] ] && ldap_status = "1"
2019-06-05 00:14:29 +00:00
now = $( date +%s)
2019-06-17 21:30:49 +00:00
if mysql -u" ${ CLOUDRON_MYSQL_USERNAME } " -p" ${ CLOUDRON_MYSQL_PASSWORD } " -h mysql --database= " ${ CLOUDRON_MYSQL_DATABASE } " \
2022-01-31 12:43:01 +00:00
-e " REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron', ${ ldap_status } ,'{\"Name\":\"cloudron\",\"Host\":\" ${ CLOUDRON_LDAP_SERVER } \",\"Port\": ${ CLOUDRON_LDAP_PORT } ,\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\" ${ CLOUDRON_LDAP_BIND_DN } \",\"BindPassword\":\" ${ CLOUDRON_LDAP_BIND_PASSWORD } \",\"UserBase\":\" ${ CLOUDRON_LDAP_USERS_BASE_DN } \",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}',' ${ now } ',' ${ now } '); " ; then
2019-06-05 00:14:29 +00:00
echo " ==> LDAP Authentication was setup with activation status ${ ldap_status } "
2015-11-24 19:53:21 +00:00
else
2019-06-05 00:14:29 +00:00
echo "==> Failed to setup LDAP authentication"
2015-11-24 19:53:21 +00:00
exit 1
fi
2015-10-13 22:27:09 +00:00
}
2015-06-24 21:26:43 +00:00
2023-09-26 11:30:53 +00:00
migrate_ldap_users_to_oidc( ) {
set -eu
echo "==> migrate LDAP to OIDC"
mysql -u" ${ CLOUDRON_MYSQL_USERNAME } " -p" ${ CLOUDRON_MYSQL_PASSWORD } " -h mysql --database= " ${ CLOUDRON_MYSQL_DATABASE } " -N -B -e \
"UPDATE user u, (select id from login_source WHERE name='cloudron' and type='6') ls SET u.login_type=6, u.login_source=u.id WHERE u.login_type=2 AND u.login_source=1"
}
setup_oidc_source( ) {
set -eu
echo "==> Setup OIDC source"
now = $( date +%s)
mysql -u" ${ CLOUDRON_MYSQL_USERNAME } " -p" ${ CLOUDRON_MYSQL_PASSWORD } " -h mysql --database= " ${ CLOUDRON_MYSQL_DATABASE } " -e \
" REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\" ${ CLOUDRON_OIDC_CLIENT_ID } \",\"ClientSecret\":\" ${ CLOUDRON_OIDC_CLIENT_SECRET } \",\"OpenIDConnectAutoDiscoveryURL\":\" ${ CLOUDRON_OIDC_ISSUER } /.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}',' ${ now } ',' ${ now } ') "
}
2019-06-05 00:14:29 +00:00
setup_root_user( ) {
set -eu
2022-11-07 14:41:11 +00:00
if sudo -H -u git /home/git/gitea/gitea admin user create --username root --password changeme --email admin@cloudron.local --admin -c /run/gitea/app.ini; then
2019-06-05 00:14:29 +00:00
echo "==> root user added"
else
echo "==> Failed to add root user"
exit 1
fi
}
setup_auth( ) {
set -eu
# Wait for gitea to finish db setup, before we do any db operations
2021-04-12 16:35:32 +00:00
while ! curl --fail http://localhost:3000/explore; do
2019-06-05 00:14:29 +00:00
echo "==> Waiting for gitea to come up"
sleep 1
done
echo "==> Gitea is up, setting up auth"
2019-06-17 21:30:49 +00:00
if [ [ -n " ${ CLOUDRON_LDAP_SERVER :- } " ] ] ; then
2019-06-05 00:14:29 +00:00
setup_ldap_source
fi
2023-09-26 11:30:53 +00:00
if [ [ -n " ${ CLOUDRON_OIDC_ISSUER :- } " ] ] ; then
setup_oidc_source
ldap_users_to_migrate = $( mysql -u" ${ CLOUDRON_MYSQL_USERNAME } " -p" ${ CLOUDRON_MYSQL_PASSWORD } " -h mysql --database= " ${ CLOUDRON_MYSQL_DATABASE } " -N -B -e "select count(*) from user WHERE login_type=2 AND login_source=1" )
if [ " ${ ldap_users_to_migrate : 0 } " -gt 0 ] ; then
migrate_ldap_users_to_oidc
fi
fi
user_count = $( mysql -u" ${ CLOUDRON_MYSQL_USERNAME } " -p" ${ CLOUDRON_MYSQL_PASSWORD } " -h mysql --database= " ${ CLOUDRON_MYSQL_DATABASE } " -N -B -e "SELECT count(*) FROM user" )
2019-06-05 00:14:29 +00:00
# be careful, not to create root user for existing LDAP based installs
if [ [ " ${ user_count } " = = "0" ] ] ; then
echo "==> Setting up root user for first run"
setup_root_user
fi
}
2016-04-11 17:44:43 +00:00
# SSH_PORT can be unset to disable SSH
disable_ssh = "false"
2016-04-11 18:46:57 +00:00
if [ [ -z " ${ SSH_PORT :- } " ] ] ; then
2016-04-11 17:44:43 +00:00
echo "SSH disabled"
SSH_PORT = 29418 # arbitrary port to keep sshd happy
2016-04-11 18:59:21 +00:00
disable_ssh = "true"
2016-04-11 17:44:43 +00:00
fi
2016-05-04 05:49:59 +00:00
if [ [ ! -f "/app/data/sshd/ssh_host_ed25519_key" ] ] ; then
echo "Generating ssh host keys"
mkdir -p /app/data/sshd
ssh-keygen -qt rsa -N '' -f /app/data/sshd/ssh_host_rsa_key
ssh-keygen -qt dsa -N '' -f /app/data/sshd/ssh_host_dsa_key
ssh-keygen -qt ecdsa -N '' -f /app/data/sshd/ssh_host_ecdsa_key
ssh-keygen -qt ed25519 -N '' -f /app/data/sshd/ssh_host_ed25519_key
else
echo "Reusing existing host keys"
fi
chmod 0600 /app/data/sshd/*_key
chmod 0644 /app/data/sshd/*.pub
2018-10-11 03:09:26 +00:00
sed -e " s/^Port .*/Port ${ SSH_PORT } / " /etc/ssh/sshd_config > /run/gitea/sshd_config
2015-06-24 18:36:12 +00:00
2019-06-05 00:14:29 +00:00
if [ [ ! -f /app/data/app.ini ] ] ; then
echo -e "; Add customizations here - https://docs.gitea.io/en-us/config-cheat-sheet/" > /app/data/app.ini
2017-08-09 05:06:23 +00:00
2019-06-05 00:14:29 +00:00
echo "==> Generating new SECRET_KEY"
2017-09-01 22:17:39 +00:00
crudini --set "/app/data/app.ini" security SECRET_KEY $( pwgen -1 -s)
fi
2017-08-09 05:06:23 +00:00
# merge user config file
2019-06-05 00:14:29 +00:00
cp /home/git/app.ini.template "/run/gitea/app.ini"
2017-08-09 05:06:23 +00:00
crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
# override important values
crudini --set "/run/gitea/app.ini" database DB_TYPE mysql
2019-06-17 21:30:49 +00:00
crudini --set "/run/gitea/app.ini" database HOST " ${ CLOUDRON_MYSQL_HOST } : ${ CLOUDRON_MYSQL_PORT } "
crudini --set "/run/gitea/app.ini" database NAME " ${ CLOUDRON_MYSQL_DATABASE } "
crudini --set "/run/gitea/app.ini" database USER " ${ CLOUDRON_MYSQL_USERNAME } "
crudini --set "/run/gitea/app.ini" database PASSWD " ${ CLOUDRON_MYSQL_PASSWORD } "
2017-08-09 05:06:23 +00:00
crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"
crudini --set "/run/gitea/app.ini" server PROTOCOL "http"
2019-06-17 21:30:49 +00:00
crudini --set "/run/gitea/app.ini" server DOMAIN " ${ CLOUDRON_APP_DOMAIN } "
2017-08-09 05:06:23 +00:00
crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"
crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""
crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"
crudini --set "/run/gitea/app.ini" server DISABLE_SSH " ${ disable_ssh } "
crudini --set "/run/gitea/app.ini" server SSH_PORT " ${ SSH_PORT } "
crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
2023-07-29 14:38:02 +00:00
crudini --set "/run/gitea/app.ini" mailer SMTP_ADDR " ${ CLOUDRON_MAIL_SMTP_SERVER } "
crudini --set "/run/gitea/app.ini" mailer SMTP_PORT " ${ CLOUDRON_MAIL_SMTPS_PORT } "
crudini --set "/run/gitea/app.ini" mailer PROTOCOL smtps
2019-06-17 21:30:49 +00:00
crudini --set "/run/gitea/app.ini" mailer USER " ${ CLOUDRON_MAIL_SMTP_USERNAME } "
crudini --set "/run/gitea/app.ini" mailer PASSWD " ${ CLOUDRON_MAIL_SMTP_PASSWORD } "
2023-02-20 09:35:53 +00:00
crudini --set "/run/gitea/app.ini" mailer FROM " ${ CLOUDRON_MAIL_FROM_DISPLAY_NAME :- Gitea } < ${ CLOUDRON_MAIL_FROM } > "
2023-07-29 14:38:02 +00:00
crudini --set "/run/gitea/app.ini" mailer FORCE_TRUST_SERVER_CERT "true"
2017-08-09 05:06:23 +00:00
crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
2022-12-28 09:53:57 +00:00
crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_LIMIT 1
crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_TRUSTED_PROXIES "*"
2017-08-09 05:06:23 +00:00
crudini --set "/run/gitea/app.ini" log MODE "console"
crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
2019-06-05 00:14:29 +00:00
echo "==> Creating dirs and changing permissions"
2022-11-08 15:30:14 +00:00
mkdir -p /app/data/repository /app/data/ssh /app/data/custom /app/data/gnupg
2017-06-02 08:32:24 +00:00
chown -R git:git /app/data /run/gitea
2015-08-18 20:44:26 +00:00
2019-06-05 00:14:29 +00:00
# this expects app.ini to be available
( setup_auth ) &
2015-06-24 18:01:16 +00:00
2017-06-02 08:32:24 +00:00
exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
