Migrated appini-configmap to appini-env-configmap
We now have a basic config for our gitea installation. We might want to have a closer look on the security config. Also updated tests and gitea.cljc code with params and formating.
This commit is contained in:
parent
e6866cd591
commit
7510589e47
4 changed files with 144 additions and 18 deletions
|
@ -43,14 +43,23 @@
|
|||
(defn-spec generate-appini-env pred/map-or-seq?
|
||||
; TODO: fix this to require the merged spec of auth and config instead of any
|
||||
[config any?]
|
||||
(let [{:keys [fqdn mailer-from mailer-host-port service-whitelist-domains]} config]
|
||||
(let [{:keys [
|
||||
default-app-name
|
||||
fqdn
|
||||
mailer-from
|
||||
mailer-host-port
|
||||
service-whitelist-domains
|
||||
service-noreply-address]}
|
||||
config]
|
||||
(->
|
||||
(yaml/load-as-edn "gitea/appini-env-configmap.yaml")
|
||||
(cm/replace-all-matching-values-by-new-value "APPNAME" default-app-name)
|
||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn)
|
||||
(cm/replace-all-matching-values-by-new-value "URL" (str "https://" fqdn))
|
||||
(cm/replace-all-matching-values-by-new-value "FROM" mailer-from)
|
||||
(cm/replace-all-matching-values-by-new-value "HOSTANDPORT" mailer-host-port)
|
||||
(cm/replace-all-matching-values-by-new-value "WHITELISTDOMAINS" service-whitelist-domains)
|
||||
(cm/replace-all-matching-values-by-new-value "NOREPLY" service-noreply-address)
|
||||
)))
|
||||
|
||||
(defn-spec generate-secrets pred/map-or-seq?
|
||||
|
|
|
@ -4,19 +4,66 @@ metadata:
|
|||
name: gitea-env
|
||||
namespace: default
|
||||
data:
|
||||
#[attachments]
|
||||
GITEA__attachments__PATH: /data/gitea/attachments
|
||||
|
||||
#[databaser]
|
||||
GITEA__database__DB_TYPE: "postgres"
|
||||
GITEA__database__HOST: "postgresql-service:5432" # Service.Namespace.svc.cluster.local
|
||||
GITEA__database__NAME: gitea
|
||||
GITEA__database__LOG_SQL: "false"
|
||||
GITEA__database__SSL_MODE: disable
|
||||
GITEA__database__CHARSET: utf8
|
||||
|
||||
GITEA__server__DOMAIN: FQDN
|
||||
GITEA__server__ROOT_URL: URL
|
||||
#[DEFAULT]
|
||||
GITEA__DEFAULT__APP_NAME: APPNAME # TODO: konfigurierbar machen
|
||||
GITEA__DEFAULT__RUN_MODE: prod
|
||||
GITEA__DEFAULT__RUN_USER: git
|
||||
|
||||
#federation]
|
||||
GITEA__federation__ENABLED: "true"
|
||||
|
||||
#[indexer]
|
||||
GITEA__indexer__ISSUE_INDEXER_PATH: /data/gitea/indexers/issues.bleve
|
||||
|
||||
#[log]
|
||||
GITEA__log__MODE: console,file
|
||||
GITEA__log__LEVEL: Info
|
||||
GITEA__log__ROOT_PATH: /data/gitea/log
|
||||
|
||||
#[mailer]
|
||||
GITEA__mailer__ENABLED: "true"
|
||||
GITEA__mailer__FROM: FROM
|
||||
GITEA__mailer__MAILER_TYPE: smtp
|
||||
GITEA__mailer__HOST: HOSTANDPORT
|
||||
GITEA__mailer__IS_TLS_ENABLED: "true"
|
||||
|
||||
#[oauth2]
|
||||
GITEA__oauth2__ENABLE: "false"
|
||||
|
||||
#[picture]
|
||||
GITEA__picture__AVATAR_UPLOAD_PATH: /data/gitea/avatars
|
||||
GITEA__picture__REPOSITORY_AVATAR_UPLOAD_PATH: /data/gitea/repo-avatars
|
||||
GITEA__picture__DISABLE_GRAVATAR: "true"
|
||||
GITEA__picture__ENABLE_FEDERATED_AVATAR: "true"
|
||||
|
||||
#[repository]
|
||||
GITEA__repository__ROOT: /data/git/repositories
|
||||
GITEA__repository__DEFAULT_PRIVATE: last
|
||||
GITEA__repository__LOCAL_COPY_PATH: /data/gitea/tmp/local-repo
|
||||
GITEA__repository__TEMP_PATH: /data/gitea/uploads
|
||||
|
||||
#[security]
|
||||
GITEA__security__INSTALL_LOCK: "false"
|
||||
|
||||
#[server]
|
||||
GITEA__server__DOMAIN: FQDN
|
||||
GITEA__server__SSH_DOMAIN: FQDN
|
||||
GITEA__server__ROOT_URL: URL
|
||||
GITEA__server__HTTP_PORT: 3000
|
||||
GITEA__server__SSH_PORT: 22
|
||||
|
||||
#[service]
|
||||
GITEA__service__DISABLE_REGISTRATION: "true"
|
||||
GITEA__service__REQUIRE_SIGNIN_VIEW: "false"
|
||||
GITEA__service__REGISTER_EMAIL_CONFIRM: "false"
|
||||
|
@ -27,4 +74,24 @@ data:
|
|||
GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
|
||||
GITEA__service__DEFAULT_ALLOW_CREATE_ORGANIZATION: "true"
|
||||
GITEA__service__DEFAULT_ENABLE_TIMETRACKING: "true"
|
||||
GITEA__service__NO_REPLY_ADDRESS: noreply
|
||||
GITEA__service__NO_REPLY_ADDRESS: NOREPLY
|
||||
|
||||
#[session]
|
||||
GITEA__session__PROVIDER_CONFIG: /data/gitea/sessions
|
||||
GITEA__session__PROVIDER: file
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -12,24 +12,35 @@
|
|||
(st/instrument `cut/generate-secrets)
|
||||
|
||||
(deftest should-generate-appini-env
|
||||
(is (= {:GITEA__server__DOMAIN-c1 "",
|
||||
:GITEA__server__DOMAIN-c2 "test.com",
|
||||
:GITEA__server__ROOT_URL-c1 "https://",
|
||||
:GITEA__server__ROOT_URL-c2 "https://test.com",
|
||||
(is (= {:GITEA__DEFAULT__APP_NAME-c1 "",
|
||||
:GITEA__DEFAULT__APP_NAME-c2 "test gitea",
|
||||
:GITEA__mailer__FROM-c1 "",
|
||||
:GITEA__mailer__FROM-c2 "test@test.com",
|
||||
:GITEA__mailer__HOST-c1 "",
|
||||
:GITEA__mailer__HOST-c2 "mail.test.com:123",
|
||||
:GITEA__server__DOMAIN-c1 "",
|
||||
:GITEA__server__DOMAIN-c2 "test.com",
|
||||
:GITEA__server__ROOT_URL-c1 "https://",
|
||||
:GITEA__server__ROOT_URL-c2 "https://test.com",
|
||||
:GITEA__server__SSH_DOMAIN-c1 "",
|
||||
:GITEA__server__SSH_DOMAIN-c2 "test.com",
|
||||
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "",
|
||||
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "abc.com,def.com"}
|
||||
(ct/map-diff (cut/generate-appini-env {:fqdn ""
|
||||
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
|
||||
:GITEA__service__NO_REPLY_ADDRESS-c1 "",
|
||||
:GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
|
||||
(ct/map-diff (cut/generate-appini-env {:default-app-name ""
|
||||
:fqdn ""
|
||||
:mailer-from ""
|
||||
:mailer-host-port ""
|
||||
:service-whitelist-domains ""})
|
||||
(cut/generate-appini-env {:fqdn "test.com"
|
||||
:service-whitelist-domains ""
|
||||
:service-noreply-address ""
|
||||
})
|
||||
(cut/generate-appini-env {:default-app-name "test gitea"
|
||||
:fqdn "test.com"
|
||||
:mailer-from "test@test.com"
|
||||
:mailer-host-port "mail.test.com:123"
|
||||
:service-whitelist-domains "abc.com,def.com"
|
||||
:service-whitelist-domains "test.com,test.net"
|
||||
:service-noreply-address "noreply@test.com"
|
||||
})))))
|
||||
|
||||
(deftest should-generate-certificate
|
||||
|
@ -56,3 +67,36 @@
|
|||
:mailer-pw "mailerpw"})))))
|
||||
|
||||
|
||||
(not
|
||||
(=
|
||||
{:GITEA__server__DOMAIN-c2 "test.com",
|
||||
:GITEA__mailer__FROM-c1 "",
|
||||
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
|
||||
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "",
|
||||
:GITEA__mailer__HOST-c1 "",
|
||||
:GITEA__service__NO_REPLY_ADDRESS-c1 "",
|
||||
:GITEA__mailer__FROM-c2 "test@test.com",
|
||||
:GITEA__mailer__HOST-c2 "mail.test.com:123",
|
||||
:GITEA__server__ROOT_URL-c2 "https://test.com",
|
||||
:GITEA__server__ROOT_URL-c1 "https://",
|
||||
:GITEA__DEFAULT__APP_NAME-c2 "test gitea",
|
||||
:GITEA__server__DOMAIN-c1 "",
|
||||
:GITEA__DEFAULT__APP_NAME-c1 "",
|
||||
:GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}
|
||||
|
||||
{:GITEA__server__DOMAIN-c2 "test.com",
|
||||
:GITEA__mailer__FROM-c1 "",
|
||||
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c2 "test.com,test.net",
|
||||
:GITEA__service__EMAIL_DOMAIN_WHITELIST-c1 "",
|
||||
:GITEA__mailer__HOST-c1 "",
|
||||
:GITEA__service__NO_REPLY_ADDRESS-c1 "",
|
||||
:GITEA__mailer__FROM-c2 "test@test.com",
|
||||
:GITEA__mailer__HOST-c2 "mail.test.com:123",
|
||||
:GITEA__server__ROOT_URL-c2 "https://test.com",
|
||||
:GITEA__server__SSH_DOMAIN-c1 "",
|
||||
:GITEA__server__ROOT_URL-c1 "https://",
|
||||
:GITEA__DEFAULT__APP_NAME-c2 "test gitea",
|
||||
:GITEA__server__SSH_DOMAIN-c2 "test.com",
|
||||
:GITEA__server__DOMAIN-c1 "",
|
||||
:GITEA__DEFAULT__APP_NAME-c1 "",
|
||||
:GITEA__service__NO_REPLY_ADDRESS-c2 "noreply@test.com"}))
|
|
@ -1,3 +1,9 @@
|
|||
{:fqdn "repo.test.meissa-gmbh.de"
|
||||
:issuer "staging"
|
||||
:postgres-data-volume-path "/var/postgres"}
|
||||
{
|
||||
:default-app-name "Meissas awesome gitea"
|
||||
:fqdn "$fqdn"
|
||||
:issuer "$letsencrypt_endpoint"
|
||||
:mailer-from "$mailer_from"
|
||||
:mailer-host-port "$mailer_host_port"
|
||||
:service-whitelist-domains "$service_whitelist_domains"
|
||||
:service-noreply-address "$service_noreply_address"
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue