kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/site-cookbooks/kosmos_gitea/recipes/default.rb
Sebastian Kippe 24f94bdb02
Upgrade Gitea to 1.15.6 
Configures the JWT signing algorithm to be the old, less secure
algorithm, until we update the token for Drone CI (and any other OAuth
apps).

closes #338
2021-11-25 16:44:48 -06:00

138 lines
3.9 KiB
Ruby
Raw Blame History

#
# Cookbook:: kosmos_gitea
# Recipe:: default
#
include_recipe "kosmos-nginx"
domain = node["kosmos_gitea"]["nginx"]["domain"]
working_directory = node["kosmos_gitea"]["working_directory"]
git_home_directory = "/home/git"
repository_root_directory = "#{git_home_directory}/gitea-repositories"
config_directory = "/etc/gitea"
gitea_binary_path = "/usr/local/bin/gitea"
gitea_data_bag_item = data_bag_item("credentials", "gitea")
smtp_credentials = data_bag_item("credentials", "smtp")
jwt_secret = gitea_data_bag_item["jwt_secret"]
internal_token = gitea_data_bag_item["internal_token"]
secret_key = gitea_data_bag_item["secret_key"]
# Dependency
package "git"
user "git" do
manage_home true
home "/home/git"
end
directory working_directory do
owner "git"
group "git"
mode "0750"
end
%w(custom custom/options custom/options/label custom/templates custom/templates/custom).each do |path|
directory "#{working_directory}/#{path}" do
owner "git"
group "git"
mode "0750"
end
end
# Kosmos label set
cookbook_file "#{working_directory}/custom/options/label/Kosmos" do
source "custom/options/label/Kosmos"
owner "git"
group "git"
mode "0640"
notifies :restart, "service[gitea]", :delayed
end
# Kosmos header template
cookbook_file "#{working_directory}/custom/templates/custom/header.tmpl" do
source "custom/templates/custom/header.tmpl"
owner "git"
group "git"
mode "0640"
notifies :restart, "service[gitea]", :delayed
end
directory config_directory do
owner "git"
group "git"
mode "0750"
end
# Copy the self-signed root certificate to the system certificate store. Gitea
# will find it there automatically
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
root_cert_path = "/etc/ssl/certs/root.kosmos.org.crt"
file root_cert_path do
content postgresql_data_bag_item['ssl_root_cert']
mode "0644"
end
template "#{config_directory}/app.ini" do
source "app.ini.erb"
owner "git"
group "git"
mode "0600"
sensitive true
variables working_directory: working_directory,
git_home_directory: git_home_directory,
repository_root_directory: repository_root_directory,
config_directory: config_directory,
gitea_binary_path: gitea_binary_path,
jwt_secret: jwt_secret,
internal_token: internal_token,
secret_key: secret_key,
postgresql_host: "pg.kosmos.local:5432",
postgresql_password: gitea_data_bag_item["postgresql_password"],
smtp_host: smtp_credentials["relayhost"],
smtp_user: smtp_credentials["user_name"],
smtp_password: smtp_credentials["password"]
notifies :restart, "service[gitea]", :delayed
end
remote_file gitea_binary_path do
source node['kosmos_gitea']['binary_url']
checksum node['kosmos_gitea']['binary_checksum']
mode "0755"
notifies :restart, "service[gitea]", :delayed
end
execute "systemctl daemon-reload" do
action :nothing
end
template "/etc/systemd/system/gitea.service" do
source "gitea.service.erb"
variables working_directory: working_directory,
git_home_directory: git_home_directory,
config_directory: config_directory,
gitea_binary_path: gitea_binary_path
notifies :run, "execute[systemctl daemon-reload]", :delayed
end
service "gitea" do
action [:enable, :start]
end
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_port: 3000
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end
nginx_certbot_site domain
Reference in New Issue View Git Blame Copy Permalink