Configure Gitea commit signing with SSH key

Use more attributes for Gitea config
Upgrade act_runner
2026-02-13 17:29:23 +04:00 · 2026-02-13 16:07:24 +04:00 · 2026-02-13 16:06:08 +04:00 · 2026-02-13 10:18:36 +00:00 · 2026-02-13 11:15:07 +01:00
5 changed files with 50 additions and 16 deletions
--- a/nodes/gitea-2.json
+++ b/nodes/gitea-2.json
@@ -50,13 +50,6 @@
      "postfix::sasl_auth",
      "hostname::default",
      "firewall::default",
      "kosmos_gitea::compile_from_source",
      "git::default",
      "git::package",
      "kosmos-nodejs::default",
      "nodejs::nodejs_from_package",
      "nodejs::repo",
      "golang::default",
      "backup::default",
      "logrotate::default"
    ],
--- a/roles/gitea.rb
+++ b/roles/gitea.rb
@@ -8,8 +8,8 @@ run_list %w(
 override_attributes(
  "gitea" => {
-    "repo" => "https://github.com/67P/gitea.git",
+    # "repo" => "https://github.com/67P/gitea.git",
-    "revision" => "ldap_sync",
+    # "revision" => "ldap_sync",
    "log" => { "level" => "Info" }
  },
 )
--- a/site-cookbooks/kosmos_gitea/attributes/default.rb
+++ b/site-cookbooks/kosmos_gitea/attributes/default.rb
@@ -1,11 +1,12 @@
-node.default["gitea"]["version"] = "1.23.8"
+node.default["gitea"]["version"] = "1.25.4"
-node.default["gitea"]["checksum"] = "827037e7ca940866918abc62a7488736923396c467fcb4acd0dd9829bb6a6f4c"
+node.default["gitea"]["checksum"] = "a3031853e67c53714728ef705642c9046a11fb0ea356aff592e23efe6114607d"
 node.default["gitea"]["repo"] = nil
 node.default["gitea"]["revision"] = nil
 node.default["gitea"]["working_directory"] = "/var/lib/gitea"
 node.default["gitea"]["port"] = 3000
 node.default["gitea"]["postgresql_host"] = "localhost:5432"
 node.default["gitea"]["domain"] = "gitea.kosmos.org"
 node.default["gitea"]["email"] = "gitea@kosmos.org"
 node.default["gitea"]["config"] = {
  "log": {
@@ -22,5 +23,5 @@ node.default["gitea"]["config"] = {
  }
 }
-node.default["gitea"]["act_runner"]["version"] = "0.2.6"
+node.default["gitea"]["act_runner"]["version"] = "0.2.13"
-node.default["gitea"]["act_runner"]["checksum"] = "234c2bdb871e7b0bfb84697f353395bfc7819faf9f0c0443845868b64a041057"
+node.default["gitea"]["act_runner"]["checksum"] = "3acac8b506ac8cadc88a55155b5d6378f0fab0b8f62d1e0c0450f4ccd69733e2"
--- a/site-cookbooks/kosmos_gitea/recipes/default.rb
+++ b/site-cookbooks/kosmos_gitea/recipes/default.rb
@@ -19,6 +19,17 @@ jwt_secret                = gitea_data_bag_item["jwt_secret"]
 internal_token            = gitea_data_bag_item["internal_token"]
 secret_key                = gitea_data_bag_item["secret_key"]
 apt_repository "git-core-ppa" do
  uri "http://ppa.launchpad.net/git-core/ppa/ubuntu"
  components ["main"]
  key "E1DF1F24"
  action :add
  only_if do
    node['platform'] == 'ubuntu' &&
      Gem::Version.new(node['platform_version']) < Gem::Version.new('22.04')
  end
 end
 package "git"
 user "git" do
@@ -26,6 +37,13 @@ user "git" do
  home "/home/git"
 end
 directory "/home/git/.ssh" do
  owner "git"
  group "git"
  mode "0700"
  recursive true
 end
 directory working_directory do
  owner "git"
  group "git"
@@ -78,6 +96,8 @@ if node.chef_environment == "production"
 end
 config_variables = {
  domain: node["gitea"]["domain"],
  email: node["gitea"]["email"],
  working_directory: working_directory,
  git_home_directory: git_home_directory,
  repository_root_directory: repository_root_directory,
@@ -98,6 +118,16 @@ config_variables = {
  s3_bucket: gitea_data_bag_item["s3_bucket"]
 }
 bash "Generate git ed25519 keypair" do
  user "git"
  group "git"
  cwd git_home_directory
  code <<-EOH
    ssh-keygen -t ed25519 -f #{git_home_directory}/.ssh/id_ed25519
  EOH
  creates "#{git_home_directory}/.ssh/id_ed25519"
 end
 template "#{config_directory}/app.ini" do
  source "app.ini.erb"
  owner "git"
--- a/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
+++ b/site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
@@ -2,12 +2,12 @@ APP_NAME = Gitea
 RUN_MODE = prod
 [server]
-SSH_DOMAIN       = gitea.kosmos.org
+SSH_DOMAIN = <%= @domain %>
 HTTP_PORT        = 3000
 DISABLE_SSH      = false
 SSH_PORT         = 22
 PROTOCOL = http
-DOMAIN = gitea.kosmos.org
+DOMAIN = <%= @domain %>
 # Gitea is running behind an nginx reverse load balancer, use an HTTPS root URL
 ROOT_URL = https://%(DOMAIN)s
 # REDIRECT_OTHER_PORT = true
@@ -30,6 +30,16 @@ MAX_OPEN_CONNS = 20
 ROOT = <%= @repository_root_directory %>
 DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
 [repository.signing]
 SIGNING_KEY = <%= @git_home_directory %>/.ssh/id_ed25519.pub
 SIGNING_NAME = Gitea
 SIGNING_EMAIL = git@<%= @domain %>
 SIGNING_FORMAT = ssh
 INITIAL_COMMIT = always
 CRUD_ACTIONS = always
 WIKI = always
 MERGES = always
 # [indexer]
 # ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
@@ -46,7 +56,7 @@ SMTP_ADDR = <%= @smtp_addr %>
 SMTP_PORT = <%= @smtp_port %>
 USER = <%= @smtp_user %>
 PASSWD = <%= @smtp_password %>
-FROM = gitea@kosmos.org
+FROM = <%= @email %>
 [security]
 INTERNAL_TOKEN = <%= @internal_token %>
Author	SHA1	Message	Date
Râu Cao	161b78be97	Configure Gitea commit signing with SSH key	2026-02-13 17:29:23 +04:00
Râu Cao	6e83384da5	Use more attributes for Gitea config	2026-02-13 16:07:24 +04:00
Râu Cao	be8278fbdc	Upgrade act_runner	2026-02-13 16:06:08 +04:00
Râu Cao	ff3f05452f	Merge pull request 'Update Gitea to 1.25.4' (#622 ) from chore/upgrade_gitea into master Reviewed-on: #622 Reviewed-by: Râu Cao <raucao@kosmos.org>	2026-02-13 10:18:36 +00:00
Greg Karekinian	1fb66092fc	Update Gitea to 1.25.4 Back to using the binary from upstream releases	2026-02-13 11:15:07 +01:00