fix: use forgejo binary to generate application secrets

This commit is contained in:
Emmanuel Averty 2023-01-22 08:10:43 +01:00 committed by grosmanal
parent df510686b4
commit 52d696f941
5 changed files with 70 additions and 55 deletions

View file

@ -1,4 +1,4 @@
;https://codeberg.org/forgejo/forgejo/src/branch/forgejo/custom/conf/app.example.ini
; https://codeberg.org/forgejo/forgejo/src/branch/forgejo/custom/conf/app.example.ini
APP_NAME = Forgejo
RUN_USER = __APP__
RUN_MODE = prod
@ -27,7 +27,8 @@ OFFLINE_MODE = false
APP_DATA_PATH = __DATADIR__/data
LANDING_PAGE = explore
LFS_START_SERVER = true
LFS_JWT_SECRET = __LFS_KEY__
LFS_JWT_SECRET = __LFS_JWT_SECRET__
LOCAL_ROOT_URL = http://127.0.0.1:__PORT__/
[mailer]
ENABLED = true
@ -58,16 +59,12 @@ PROVIDER = memory
MODE = file
LEVEL = Info
ROOT_PATH = /var/log/__APP__
REDIRECT_MACARON_LOG = true
MACARON = file
ROUTER_LOG_LEVEL = Warn
ROUTER = file
ENABLE_ACCESS_LOG = Warn
ACCESS = file
ENABLE_XORM_LOG = Warn
XORM = file
@ -76,6 +73,7 @@ FILE_NAME = forgejo.log
[security]
INSTALL_LOCK = true
SECRET_KEY = __KEY__
SECRET_KEY = __SECRET_KEY__
REVERSE_PROXY_AUTHENTICATION_USER = REMOTE-USER
REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
INTERNAL_TOKEN = __INTERNAL_TOKEN__

View file

@ -14,7 +14,7 @@
},
"url": "https://forgejo.org",
"license": "MIT",
"version": "1.18.0-1~ynh1",
"version": "1.18.0-1~ynh2",
"maintainer": {
"name": "Emmanuel Averty",
"email": "emmanuel.averty@free.fr"

View file

@ -26,15 +26,16 @@ app=$YNH_APP_INSTANCE_NAME
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config"
# Needed for helper "ynh_add_nginx_config and ynh_add_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
admin=$(ynh_app_setting_get --app=$app --key=admin)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
key=$(ynh_app_setting_get --app=$app --key=key)
lfs_key=$(ynh_app_setting_get --app=$app --key=lfs_key)
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
lfs_jwt_secret=$(ynh_app_setting_get --app=$app --key=lfs_jwt_secret)
internal_token=$(ynh_app_setting_get --app=$app --key=internal_token)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
path_url=$(ynh_app_setting_get --app=$app --key=path)

View file

@ -27,10 +27,6 @@ path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
# Generate keys
key=$(ynh_string_random --length=24)
lfs_key=$(ynh_string_random --length=24)
app=$YNH_APP_INSTANCE_NAME
#=================================================
@ -54,8 +50,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=key --value=$key
ynh_app_setting_set --app=$app --key=lfs_key --value=$lfs_key
#=================================================
# STANDARD MODIFICATIONS
@ -112,6 +106,16 @@ chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
chmod +x "$final_path/forgejo"
#=================================================
# KEYS GENERATION
#=================================================
secret_key=$($final_path/forgejo generate secret SECRET_KEY)
lfs_jwt_secret=$($final_path/forgejo generate secret JWT_SECRET)
internal_token=$($final_path/forgejo generate secret INTERNAL_TOKEN)
ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key
ynh_app_setting_set --app=$app --key=lfs_jwt_secret --value=$lfs_jwt_secret
ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -130,7 +134,6 @@ if [ -e "$datadir" ]; then
fi
mkdir -p $datadir
# mkdir -p "$datadir/data/{repositories,avatars,attachments}" # TODO valider la création de ces répetoires
mkdir -p "$datadir/.ssh"
chmod 750 "$datadir"

View file

@ -25,8 +25,9 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
key=$(ynh_app_setting_get --app=$app --key=key)
lfs_key=$(ynh_app_setting_get --app=$app --key=lfs_key)
secret_key=$(ynh_app_setting_get --app=$app --key=secret_key)
lfs_jwt_secret=$(ynh_app_setting_get --app=$app --key=lfs_jwt_secret)
internal_token=$(ynh_app_setting_get --app=$app --key=internal_token)
#=================================================
# CHECK VERSION
@ -75,18 +76,30 @@ if [ -z "$port" ]; then
ynh_app_setting_set --app=$app --key=port --value=$port
fi
# If lfs_key doesn't exist, create it
if [ -z "$lfs_key" ]; then
lfs_key=$(ynh_string_random)
ynh_app_setting_set --app=$app --key=lfs_key --value=$lfs_key
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/opt/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
# If secret_key doesn't exist, create it
if [ -z "$secret_key" ]; then
secret_key=$($final_path/forgejo generate secret SECRET_KEY)
ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key
fi
# If lfs_jwt_secret doesn't exist, create it
if [ -z "$lfs_jwt_secret" ]; then
lfs_jwt_secret=$($final_path/forgejo generate secret JWT_SECRET)
ynh_app_setting_set --app=$app --key=lfs_jwt_secret --value=$lfs_jwt_secret
fi
# If internal_token doesn't exist, create it
if [ -z "$internal_token" ]; then
internal_token=$($final_path/forgejo generate secret INTERNAL_TOKEN)
ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token
fi
# If datadir doesn't exist, create it
if [ -z "$datadir" ]; then
datadir=/home/yunohost.app/$app