kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Compare commits

base: kosmos:master
Branches Tags
kosmos:master kosmos:feature/237-gitea_ssh_signing kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish
..
compare: kosmos:feature/237-gitea_ssh_signing
Branches Tags
kosmos:feature/237-gitea_ssh_signing kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish

2 Commits
master ... feature/23

Author SHA1 Message Date
Râu Cao
161b78be97 Configure Gitea commit signing with SSH key 2026-02-13 17:29:23 +04:00
Râu Cao
6e83384da5 Use more attributes for Gitea config 2026-02-13 16:07:24 +04:00
3 changed files with 44 additions and 3 deletions
Expand all files Collapse all files

1
site-cookbooks/kosmos_gitea/attributes/default.rb
View File

@@ -6,6 +6,7 @@ node.default["gitea"]["working_directory"] = "/var/lib/gitea"
node.default["gitea"]["port"] = 3000
node.default["gitea"]["postgresql_host"] = "localhost:5432"
node.default["gitea"]["domain"] = "gitea.kosmos.org"
node.default["gitea"]["email"] = "gitea@kosmos.org"
node.default["gitea"]["config"] = {
"log": {

30
site-cookbooks/kosmos_gitea/recipes/default.rb
View File

@@ -19,6 +19,17 @@ jwt_secret = gitea_data_bag_item["jwt_secret"]
internal_token = gitea_data_bag_item["internal_token"]
secret_key = gitea_data_bag_item["secret_key"]
apt_repository "git-core-ppa" do
uri "http://ppa.launchpad.net/git-core/ppa/ubuntu"
components ["main"]
key "E1DF1F24"
action :add
only_if do
node['platform'] == 'ubuntu' &&
Gem::Version.new(node['platform_version']) < Gem::Version.new('22.04')
end
end
package "git"
user "git" do
@@ -26,6 +37,13 @@ user "git" do
home "/home/git"
end
directory "/home/git/.ssh" do
owner "git"
group "git"
mode "0700"
recursive true
end
directory working_directory do
owner "git"
group "git"
@@ -78,6 +96,8 @@ if node.chef_environment == "production"
end
config_variables = {
domain: node["gitea"]["domain"],
email: node["gitea"]["email"],
working_directory: working_directory,
git_home_directory: git_home_directory,
repository_root_directory: repository_root_directory,
@@ -98,6 +118,16 @@ config_variables = {
s3_bucket: gitea_data_bag_item["s3_bucket"]
}
bash "Generate git ed25519 keypair" do
user "git"
group "git"
cwd git_home_directory
code <<-EOH
ssh-keygen -t ed25519 -f #{git_home_directory}/.ssh/id_ed25519
EOH
creates "#{git_home_directory}/.ssh/id_ed25519"
end
template "#{config_directory}/app.ini" do
source "app.ini.erb"
owner "git"

16
site-cookbooks/kosmos_gitea/templates/default/app.ini.erb
View File

@@ -2,12 +2,12 @@ APP_NAME = Gitea
RUN_MODE = prod
[server]
SSH_DOMAIN = gitea.kosmos.org
SSH_DOMAIN = <%= @domain %>
HTTP_PORT = 3000
DISABLE_SSH = false
SSH_PORT = 22
PROTOCOL = http
DOMAIN = gitea.kosmos.org
DOMAIN = <%= @domain %>
# Gitea is running behind an nginx reverse load balancer, use an HTTPS root URL
ROOT_URL = https://%(DOMAIN)s
# REDIRECT_OTHER_PORT = true
@@ -30,6 +30,16 @@ MAX_OPEN_CONNS = 20
ROOT = <%= @repository_root_directory %>
DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
[repository.signing]
SIGNING_KEY = <%= @git_home_directory %>/.ssh/id_ed25519.pub
SIGNING_NAME = Gitea
SIGNING_EMAIL = git@<%= @domain %>
SIGNING_FORMAT = ssh
INITIAL_COMMIT = always
CRUD_ACTIONS = always
WIKI = always
MERGES = always
# [indexer]
# ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
@@ -46,7 +56,7 @@ SMTP_ADDR = <%= @smtp_addr %>
SMTP_PORT = <%= @smtp_port %>
USER = <%= @smtp_user %>
PASSWD = <%= @smtp_password %>
FROM = gitea@kosmos.org
FROM = <%= @email %>
[security]
INTERNAL_TOKEN = <%= @internal_token %>