diff --git a/src/main/cljc/dda/c4k_gitea/gitea.cljc b/src/main/cljc/dda/c4k_gitea/gitea.cljc index b37849f..55039c6 100644 --- a/src/main/cljc/dda/c4k_gitea/gitea.cljc +++ b/src/main/cljc/dda/c4k_gitea/gitea.cljc @@ -6,6 +6,7 @@ :cljs [orchestra.core :refer-macros [defn-spec]]) [dda.c4k-common.yaml :as yaml] [dda.c4k-common.common :as cm] + [dda.c4k-common.base64 :as b64] [dda.c4k-common.predicate :as pred] [dda.c4k-common.postgres :as postgres])) @@ -27,6 +28,7 @@ "gitea/deployment.yaml" (rc/inline "gitea/deployment.yaml") "gitea/certificate.yaml" (rc/inline "gitea/certificate.yaml") "gitea/ingress.yaml" (rc/inline "gitea/ingress.yaml") + "gitea/secrets.yaml" (rc/inline "gitea/secrets.yaml") "gitea/services.yaml" (rc/inline "gitea/services.yaml") "gitea/traefik-middleware.yaml" (rc/inline "gitea/traefik-middleware.yaml") "gitea/volumes.yaml" (rc/inline "gitea/volumes.yaml") @@ -47,6 +49,15 @@ (cm/replace-all-matching-values-by-new-value "DBUSER" postgres-db-user) (cm/replace-all-matching-values-by-new-value "DBPW" postgres-db-password)))) +(defn-spec generate-secrets pred/map-or-seq? + [config config?] + (let [{:keys [mailer-user mailer-pw]} config] + (-> + (yaml/load-as-edn "gitea/secrets.yaml") + (cm/replace-all-matching-values-by-new-value "MAILERUSER" (b64/encode mailer-user)) + (cm/replace-all-matching-values-by-new-value "MAILERPW" (b64/encode mailer-pw)) + ))) + (defn-spec generate-ingress pred/map-or-seq? [config config?] (let [{:keys [fqdn issuer]} config] diff --git a/src/main/resources/gitea/appini-configmap.yaml b/src/main/resources/gitea/appini-configmap.yaml index 89e9541..b5ecc4d 100644 --- a/src/main/resources/gitea/appini-configmap.yaml +++ b/src/main/resources/gitea/appini-configmap.yaml @@ -55,7 +55,7 @@ data: [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars - DISABLE_GRAVATAR = false + DISABLE_GRAVATAR = true # do we want our gitea talking to gravatar? ENABLE_FEDERATED_AVATAR = true [attachment] @@ -91,7 +91,13 @@ data: ;JWT_SECRET = [mailer] - ENABLED = false + ENABLED = false + FROM = gitea@meissa-gmbh.de + MAILER_TYPE = smtp + HOST = mail.routing.net:587 + IS_TLS_ENABLED = true + USER = + PASSWD = [openid] ENABLE_OPENID_SIGNIN = true diff --git a/src/main/resources/gitea/deployment.yaml b/src/main/resources/gitea/deployment.yaml index 8d9387c..b54a337 100644 --- a/src/main/resources/gitea/deployment.yaml +++ b/src/main/resources/gitea/deployment.yaml @@ -24,6 +24,8 @@ spec: envFrom: - configMapRef: name: gitea-env + - secretRef: + name: gitea-secrets volumeMounts: - name: app-ini-config-volume mountPath: "/tmp/app.ini" @@ -32,6 +34,8 @@ spec: mountPath: "/var/lib/gitea" - name: gitea-data-volume mountPath: "/data" + - name: gitea-secret-volume + mountPath: "/run/secrets" ports: - containerPort: 22 name: git-ssh @@ -47,3 +51,7 @@ spec: - name: gitea-data-volume persistentVolumeClaim: claimName: gitea-data-pvc + - name: gitea-secret-volume + secret: + secretName: gitea-secrets + diff --git a/src/main/resources/gitea/secrets.yaml b/src/main/resources/gitea/secrets.yaml new file mode 100644 index 0000000..0ec9d9c --- /dev/null +++ b/src/main/resources/gitea/secrets.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: gitea-secrets +data: + GITEA__mailer__USER: MAILERUSER + GITEA__mailer__PASSWD: MAILERPW + \ No newline at end of file