fix: use forgejo binary to generate application secrets
This commit is contained in:
parent
df510686b4
commit
52d696f941
5 changed files with 70 additions and 55 deletions
70
conf/app.ini
70
conf/app.ini
|
@ -1,51 +1,52 @@
|
||||||
;https://codeberg.org/forgejo/forgejo/src/branch/forgejo/custom/conf/app.example.ini
|
; https://codeberg.org/forgejo/forgejo/src/branch/forgejo/custom/conf/app.example.ini
|
||||||
APP_NAME = Forgejo
|
APP_NAME = Forgejo
|
||||||
RUN_USER = __APP__
|
RUN_USER = __APP__
|
||||||
RUN_MODE = prod
|
RUN_MODE = prod
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
DB_TYPE = postgres
|
DB_TYPE = postgres
|
||||||
HOST = 127.0.0.1:5432
|
HOST = 127.0.0.1:5432
|
||||||
NAME = __DB_NAME__
|
NAME = __DB_NAME__
|
||||||
USER = __DB_USER__
|
USER = __DB_USER__
|
||||||
PASSWD = __DB_PWD__
|
PASSWD = __DB_PWD__
|
||||||
SSL_MODE = disable
|
SSL_MODE = disable
|
||||||
LOG_SQL = false
|
LOG_SQL = false
|
||||||
|
|
||||||
[repository]
|
[repository]
|
||||||
ROOT = __DATADIR__/repositories
|
ROOT = __DATADIR__/repositories
|
||||||
FORCE_PRIVATE = false
|
FORCE_PRIVATE = false
|
||||||
|
|
||||||
[server]
|
[server]
|
||||||
DOMAIN = __DOMAIN__
|
DOMAIN = __DOMAIN__
|
||||||
HTTP_PORT = __PORT__
|
HTTP_PORT = __PORT__
|
||||||
HTTP_ADDR = 127.0.0.1
|
HTTP_ADDR = 127.0.0.1
|
||||||
ROOT_URL = https://__DOMAIN____PATH_URL__
|
ROOT_URL = https://__DOMAIN____PATH_URL__
|
||||||
DISABLE_SSH = false
|
DISABLE_SSH = false
|
||||||
SSH_PORT = __SSH_PORT__
|
SSH_PORT = __SSH_PORT__
|
||||||
OFFLINE_MODE = false
|
OFFLINE_MODE = false
|
||||||
APP_DATA_PATH = __DATADIR__/data
|
APP_DATA_PATH = __DATADIR__/data
|
||||||
LANDING_PAGE = explore
|
LANDING_PAGE = explore
|
||||||
LFS_START_SERVER = true
|
LFS_START_SERVER = true
|
||||||
LFS_JWT_SECRET = __LFS_KEY__
|
LFS_JWT_SECRET = __LFS_JWT_SECRET__
|
||||||
|
LOCAL_ROOT_URL = http://127.0.0.1:__PORT__/
|
||||||
|
|
||||||
[mailer]
|
[mailer]
|
||||||
ENABLED = true
|
ENABLED = true
|
||||||
HOST = 127.0.0.1:25
|
HOST = 127.0.0.1:25
|
||||||
FROM = "Forgejo" <forgejo-noreply@__DOMAIN__>
|
FROM = "Forgejo" <forgejo-noreply@__DOMAIN__>
|
||||||
SKIP_VERIFY = true
|
SKIP_VERIFY = true
|
||||||
|
|
||||||
[service]
|
[service]
|
||||||
REGISTER_EMAIL_CONFIRM = false
|
REGISTER_EMAIL_CONFIRM = false
|
||||||
ENABLE_NOTIFY_MAIL = true
|
ENABLE_NOTIFY_MAIL = true
|
||||||
DISABLE_REGISTRATION = true
|
DISABLE_REGISTRATION = true
|
||||||
ENABLE_CAPTCHA = false
|
ENABLE_CAPTCHA = false
|
||||||
REQUIRE_SIGNIN_VIEW = false
|
REQUIRE_SIGNIN_VIEW = false
|
||||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
|
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
|
||||||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true
|
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true
|
||||||
|
|
||||||
[picture]
|
[picture]
|
||||||
AVATAR_UPLOAD_PATH = __DATADIR__/data/avatars
|
AVATAR_UPLOAD_PATH = __DATADIR__/data/avatars
|
||||||
REPOSITORY_AVATAR_UPLOAD_PATH = __DATADIR__/data/repo-avatars
|
REPOSITORY_AVATAR_UPLOAD_PATH = __DATADIR__/data/repo-avatars
|
||||||
|
|
||||||
[attachment]
|
[attachment]
|
||||||
|
@ -55,19 +56,15 @@ PATH = __DATADIR__/attachments
|
||||||
PROVIDER = memory
|
PROVIDER = memory
|
||||||
|
|
||||||
[log]
|
[log]
|
||||||
MODE = file
|
MODE = file
|
||||||
LEVEL = Info
|
LEVEL = Info
|
||||||
ROOT_PATH = /var/log/__APP__
|
ROOT_PATH = /var/log/__APP__
|
||||||
|
|
||||||
REDIRECT_MACARON_LOG = true
|
REDIRECT_MACARON_LOG = true
|
||||||
MACARON = file
|
MACARON = file
|
||||||
|
|
||||||
ROUTER_LOG_LEVEL = Warn
|
ROUTER_LOG_LEVEL = Warn
|
||||||
ROUTER = file
|
ROUTER = file
|
||||||
|
|
||||||
ENABLE_ACCESS_LOG = Warn
|
ENABLE_ACCESS_LOG = Warn
|
||||||
ACCESS = file
|
ACCESS = file
|
||||||
|
|
||||||
ENABLE_XORM_LOG = Warn
|
ENABLE_XORM_LOG = Warn
|
||||||
XORM = file
|
XORM = file
|
||||||
|
|
||||||
|
@ -75,7 +72,8 @@ XORM = file
|
||||||
FILE_NAME = forgejo.log
|
FILE_NAME = forgejo.log
|
||||||
|
|
||||||
[security]
|
[security]
|
||||||
INSTALL_LOCK = true
|
INSTALL_LOCK = true
|
||||||
SECRET_KEY = __KEY__
|
SECRET_KEY = __SECRET_KEY__
|
||||||
REVERSE_PROXY_AUTHENTICATION_USER = REMOTE-USER
|
REVERSE_PROXY_AUTHENTICATION_USER = REMOTE-USER
|
||||||
REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
|
REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
|
||||||
|
INTERNAL_TOKEN = __INTERNAL_TOKEN__
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
},
|
},
|
||||||
"url": "https://forgejo.org",
|
"url": "https://forgejo.org",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"version": "1.18.0-1~ynh1",
|
"version": "1.18.0-1~ynh2",
|
||||||
"maintainer": {
|
"maintainer": {
|
||||||
"name": "Emmanuel Averty",
|
"name": "Emmanuel Averty",
|
||||||
"email": "emmanuel.averty@free.fr"
|
"email": "emmanuel.averty@free.fr"
|
||||||
|
|
|
@ -26,15 +26,16 @@ app=$YNH_APP_INSTANCE_NAME
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Loading installation settings..." --weight=1
|
ynh_script_progression --message="Loading installation settings..." --weight=1
|
||||||
|
|
||||||
# Needed for helper "ynh_add_nginx_config"
|
# Needed for helper "ynh_add_nginx_config and ynh_add_config"
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||||
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
db_user=$db_name
|
db_user=$db_name
|
||||||
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
|
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
|
||||||
key=$(ynh_app_setting_get --app=$app --key=key)
|
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||||
lfs_key=$(ynh_app_setting_get --app=$app --key=lfs_key)
|
lfs_jwt_secret=$(ynh_app_setting_get --app=$app --key=lfs_jwt_secret)
|
||||||
|
internal_token=$(ynh_app_setting_get --app=$app --key=internal_token)
|
||||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||||
|
|
||||||
|
|
|
@ -27,10 +27,6 @@ path_url=$YNH_APP_ARG_PATH
|
||||||
admin=$YNH_APP_ARG_ADMIN
|
admin=$YNH_APP_ARG_ADMIN
|
||||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||||
|
|
||||||
# Generate keys
|
|
||||||
key=$(ynh_string_random --length=24)
|
|
||||||
lfs_key=$(ynh_string_random --length=24)
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -54,8 +50,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
|
||||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||||
ynh_app_setting_set --app=$app --key=key --value=$key
|
|
||||||
ynh_app_setting_set --app=$app --key=lfs_key --value=$lfs_key
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD MODIFICATIONS
|
# STANDARD MODIFICATIONS
|
||||||
|
@ -112,6 +106,16 @@ chmod -R o-rwx "$final_path"
|
||||||
chown -R $app:$app "$final_path"
|
chown -R $app:$app "$final_path"
|
||||||
chmod +x "$final_path/forgejo"
|
chmod +x "$final_path/forgejo"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# KEYS GENERATION
|
||||||
|
#=================================================
|
||||||
|
secret_key=$($final_path/forgejo generate secret SECRET_KEY)
|
||||||
|
lfs_jwt_secret=$($final_path/forgejo generate secret JWT_SECRET)
|
||||||
|
internal_token=$($final_path/forgejo generate secret INTERNAL_TOKEN)
|
||||||
|
ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key
|
||||||
|
ynh_app_setting_set --app=$app --key=lfs_jwt_secret --value=$lfs_jwt_secret
|
||||||
|
ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# NGINX CONFIGURATION
|
# NGINX CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -130,7 +134,6 @@ if [ -e "$datadir" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mkdir -p $datadir
|
mkdir -p $datadir
|
||||||
# mkdir -p "$datadir/data/{repositories,avatars,attachments}" # TODO valider la création de ces répetoires
|
|
||||||
mkdir -p "$datadir/.ssh"
|
mkdir -p "$datadir/.ssh"
|
||||||
|
|
||||||
chmod 750 "$datadir"
|
chmod 750 "$datadir"
|
||||||
|
|
|
@ -25,8 +25,9 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
db_user=$db_name
|
db_user=$db_name
|
||||||
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
|
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
|
||||||
key=$(ynh_app_setting_get --app=$app --key=key)
|
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
|
||||||
lfs_key=$(ynh_app_setting_get --app=$app --key=lfs_key)
|
lfs_jwt_secret=$(ynh_app_setting_get --app=$app --key=lfs_jwt_secret)
|
||||||
|
internal_token=$(ynh_app_setting_get --app=$app --key=internal_token)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CHECK VERSION
|
# CHECK VERSION
|
||||||
|
@ -75,18 +76,30 @@ if [ -z "$port" ]; then
|
||||||
ynh_app_setting_set --app=$app --key=port --value=$port
|
ynh_app_setting_set --app=$app --key=port --value=$port
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If lfs_key doesn't exist, create it
|
|
||||||
if [ -z "$lfs_key" ]; then
|
|
||||||
lfs_key=$(ynh_string_random)
|
|
||||||
ynh_app_setting_set --app=$app --key=lfs_key --value=$lfs_key
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If final_path doesn't exist, create it
|
# If final_path doesn't exist, create it
|
||||||
if [ -z "$final_path" ]; then
|
if [ -z "$final_path" ]; then
|
||||||
final_path=/opt/$app
|
final_path=/opt/$app
|
||||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# If secret_key doesn't exist, create it
|
||||||
|
if [ -z "$secret_key" ]; then
|
||||||
|
secret_key=$($final_path/forgejo generate secret SECRET_KEY)
|
||||||
|
ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If lfs_jwt_secret doesn't exist, create it
|
||||||
|
if [ -z "$lfs_jwt_secret" ]; then
|
||||||
|
lfs_jwt_secret=$($final_path/forgejo generate secret JWT_SECRET)
|
||||||
|
ynh_app_setting_set --app=$app --key=lfs_jwt_secret --value=$lfs_jwt_secret
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If internal_token doesn't exist, create it
|
||||||
|
if [ -z "$internal_token" ]; then
|
||||||
|
internal_token=$($final_path/forgejo generate secret INTERNAL_TOKEN)
|
||||||
|
ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token
|
||||||
|
fi
|
||||||
|
|
||||||
# If datadir doesn't exist, create it
|
# If datadir doesn't exist, create it
|
||||||
if [ -z "$datadir" ]; then
|
if [ -z "$datadir" ]; then
|
||||||
datadir=/home/yunohost.app/$app
|
datadir=/home/yunohost.app/$app
|
||||||
|
|
Loading…
Reference in a new issue