Migrated appini-configmap to appini-env-configmap

We now have a basic config for our gitea installation.
We might want to have a closer look on the security config.

Also updated tests and gitea.cljc code with params and formating.
This commit is contained in:
erik 2022-07-20 15:56:37 +02:00
parent e6866cd591
commit 7510589e47
4 changed files with 144 additions and 18 deletions

View file

@ -43,14 +43,23 @@
(defn-spec generate-appini-env pred/map-or-seq?
; TODO: fix this to require the merged spec of auth and config instead of any
[config any?]
(let [{:keys [fqdn mailer-from mailer-host-port service-whitelist-domains]} config]
(let [{:keys [
default-app-name
fqdn
mailer-from
mailer-host-port
service-whitelist-domains
service-noreply-address]}
config]
(->
(yaml/load-as-edn "gitea/appini-env-configmap.yaml")
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)
(cm/replace-all-matching-values-by-new-value "URL" (str "https://" fqdn))
(cm/replace-all-matching-values-by-new-value "FROM" mailer-from)
(cm/replace-all-matching-values-by-new-value "HOSTANDPORT" mailer-host-port)
(cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-whitelist-domains)
(cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)
)))
(defn-spec generate-secrets pred/map-or-seq?

View file

@ -4,19 +4,66 @@ metadata:
name: gitea-env
namespace: default
data:
#[attachments]
GITEA__attachments__PATH: /data/gitea/attachments
#[databaser]
GITEA__database__DB_TYPE: "postgres"
GITEA__database__HOST: "postgresql-service:5432" # Service.Namespace.svc.cluster.local
GITEA__database__NAME: gitea
GITEA__server__DOMAIN: FQDN
GITEA__server__ROOT_URL: URL
GITEA__database__LOG_SQL: "false"
GITEA__database__SSL_MODE: disable
GITEA__database__CHARSET: utf8
#[DEFAULT]
GITEA__DEFAULT__APP_NAME: APPNAME # TODO: konfigurierbar machen
GITEA__DEFAULT__RUN_MODE: prod
GITEA__DEFAULT__RUN_USER: git
#federation]
GITEA__federation__ENABLED: "true"
#[indexer]
GITEA__indexer__ISSUE_INDEXER_PATH: /data/gitea/indexers/issues.bleve
#[log]
GITEA__log__MODE: console,file
GITEA__log__LEVEL: Info
GITEA__log__ROOT_PATH: /data/gitea/log
#[mailer]
GITEA__mailer__ENABLED: "true"
GITEA__mailer__FROM: FROM
GITEA__mailer__MAILER_TYPE: smtp
GITEA__mailer__HOST: HOSTANDPORT
GITEA__mailer__IS_TLS_ENABLED: "true"
GITEA__mailer__IS_TLS_ENABLED: "true"
#[oauth2]
GITEA__oauth2__ENABLE: "false"
#[picture]
GITEA__picture__AVATAR_UPLOAD_PATH: /data/gitea/avatars
GITEA__picture__REPOSITORY_AVATAR_UPLOAD_PATH: /data/gitea/repo-avatars
GITEA__picture__DISABLE_GRAVATAR: "true"
GITEA__picture__ENABLE_FEDERATED_AVATAR: "true"
#[repository]
GITEA__repository__ROOT: /data/git/repositories
GITEA__repository__DEFAULT_PRIVATE: last
GITEA__repository__LOCAL_COPY_PATH: /data/gitea/tmp/local-repo
GITEA__repository__TEMP_PATH: /data/gitea/uploads
#[security]
GITEA__security__INSTALL_LOCK: "false"
#[server]
GITEA__server__DOMAIN: FQDN
GITEA__server__SSH_DOMAIN: FQDN
GITEA__server__ROOT_URL: URL
GITEA__server__HTTP_PORT: 3000
GITEA__server__SSH_PORT: 22
#[service]
GITEA__service__DISABLE_REGISTRATION: "true"
GITEA__service__REQUIRE_SIGNIN_VIEW: "false"
GITEA__service__REGISTER_EMAIL_CONFIRM: "false"
@ -27,4 +74,24 @@ data:
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "true"
GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "true"
GITEA__service__NO_REPLY_ADDRESS: noreply
GITEA__service__NO_REPLY_ADDRESS: NOREPLY
#[session]
GITEA__session__PROVIDER_CONFIG: /data/gitea/sessions
GITEA__session__PROVIDER: file

View file

@ -12,24 +12,35 @@
(st/instrument `cut/generate-secrets)
(deftest should-generate-appini-env
(is (= {:GITEA__server__DOMAIN-c1 "",
:GITEA__server__DOMAIN-c2 "test.com",
:GITEA__server__ROOT_URL-c1 "https://",
:GITEA__server__ROOT_URL-c2 "https://test.com",
(is (= {:GITEA__DEFAULT__APP_NAME-c1 "",
:GITEA__DEFAULT__APP_NAME-c2 "test gitea",
:GITEA__mailer__FROM-c1 "",
:GITEA__mailer__FROM-c2 "test@test.com",
:GITEA__mailer__HOST-c1 "",
:GITEA__mailer__HOST-c2 "mail.test.com:123",
:GITEA__server__DOMAIN-c1 "",
:GITEA__server__DOMAIN-c2 "test.com",
:GITEA__server__ROOT_URL-c1 "https://",
:GITEA__server__ROOT_URL-c2 "https://test.com",
:GITEA__server__SSH_DOMAIN-c1 "",
:GITEA__server__SSH_DOMAIN-c2 "test.com",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "abc.com,def.com"}
(ct/map-diff (cut/generate-appini-env {:fqdn ""
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
:GITEA__service__NO_REPLY_ADDRESS-c1 "",
:GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
(ct/map-diff (cut/generate-appini-env {:default-app-name ""
:fqdn ""
:mailer-from ""
:mailer-host-port ""
:service-whitelist-domains ""})
(cut/generate-appini-env {:fqdn "test.com"
:service-whitelist-domains ""
:service-noreply-address ""
})
(cut/generate-appini-env {:default-app-name "test gitea"
:fqdn "test.com"
:mailer-from "test@test.com"
:mailer-host-port "mail.test.com:123"
:service-whitelist-domains "abc.com,def.com"
:service-whitelist-domains "test.com,test.net"
:service-noreply-address "noreply@test.com"
})))))
(deftest should-generate-certificate
@ -56,3 +67,36 @@
:mailer-pw "mailerpw"})))))
(not
(=
{:GITEA__server__DOMAIN-c2 "test.com",
:GITEA__mailer__FROM-c1 "",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "",
:GITEA__mailer__HOST-c1 "",
:GITEA__service__NO_REPLY_ADDRESS-c1 "",
:GITEA__mailer__FROM-c2 "test@test.com",
:GITEA__mailer__HOST-c2 "mail.test.com:123",
:GITEA__server__ROOT_URL-c2 "https://test.com",
:GITEA__server__ROOT_URL-c1 "https://",
:GITEA__DEFAULT__APP_NAME-c2 "test gitea",
:GITEA__server__DOMAIN-c1 "",
:GITEA__DEFAULT__APP_NAME-c1 "",
:GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
{:GITEA__server__DOMAIN-c2 "test.com",
:GITEA__mailer__FROM-c1 "",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "",
:GITEA__mailer__HOST-c1 "",
:GITEA__service__NO_REPLY_ADDRESS-c1 "",
:GITEA__mailer__FROM-c2 "test@test.com",
:GITEA__mailer__HOST-c2 "mail.test.com:123",
:GITEA__server__ROOT_URL-c2 "https://test.com",
:GITEA__server__SSH_DOMAIN-c1 "",
:GITEA__server__ROOT_URL-c1 "https://",
:GITEA__DEFAULT__APP_NAME-c2 "test gitea",
:GITEA__server__SSH_DOMAIN-c2 "test.com",
:GITEA__server__DOMAIN-c1 "",
:GITEA__DEFAULT__APP_NAME-c1 "",
:GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}))

View file

@ -1,3 +1,9 @@
{:fqdn "repo.test.meissa-gmbh.de"
:issuer "staging"
:postgres-data-volume-path "/var/postgres"}
{
:default-app-name "Meissas awesome gitea"
:fqdn "$fqdn"
:issuer "$letsencrypt_endpoint"
:mailer-from "$mailer_from"
:mailer-host-port "$mailer_host_port"
:service-whitelist-domains "$service_whitelist_domains"
:service-noreply-address "$service_noreply_address"
}