Generic way for configuring Gitea app.ini #240
|
@ -135,6 +135,8 @@ MD044:
|
|||
- MySQL
|
||||
- Memcached
|
||||
- Prometheus
|
||||
- Git
|
||||
- GitOps
|
||||
# Include code blocks
|
||||
code_blocks: false
|
||||
|
||||
|
@ -146,4 +148,4 @@ MD046:
|
|||
# MD048/code-fence-style - Code fence style
|
||||
MD048:
|
||||
# Code fence syle
|
||||
style: "backtick"
|
||||
style: "backtick"
|
||||
|
|
46
README.md
46
README.md
|
@ -272,6 +272,52 @@ The Prometheus `/metrics` endpoint is disabled by default.
|
|||
ENABLED = false
|
||||
```
|
||||
|
||||
### Additional _app.ini_ settings
|
||||
|
||||
> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default)
|
||||
section cannot be defined that way.**
|
||||
|
||||
Some settings inside _app.ini_ (like passwords or whole authentication configurations)
|
||||
must be considered sensitive and therefore should not be passed via plain text
|
||||
inside the _values.yaml_ file. In times of _GitOps_ the values.yaml could be stored
|
||||
in a Git repository where sensitive data should never be accessible.
|
||||
|
||||
The Helm Chart supports this approach and let the user define custom sources like
|
||||
Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation
|
||||
or update.
|
||||
|
||||
```yaml
|
||||
gitea:
|
||||
additionalConfigSources:
|
||||
- secret:
|
||||
secretName: gitea-app-ini-oauth
|
||||
- configMap:
|
||||
name: gitea-app-ini-plaintext
|
||||
```
|
||||
|
||||
This would mount the two additional volumes (`oauth` and `some-additionals`)
|
||||
from different sources to the init containerwhere the _app.ini_ gets updated.
|
||||
All files mounted that way will be read and converted to environment variables
|
||||
and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini).
|
||||
|
||||
The key of such additional source represents the section inside the _app.ini_.
|
||||
The value for each key can be multiline ini-like definitions.
|
||||
|
||||
In example, the referenced `gitea-app-ini-plaintext` could look like this.
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: gitea-app-ini-plaintext
|
||||
data:
|
||||
session: |
|
||||
PROVIDER=memory
|
||||
SAME_SITE=strict
|
||||
cron.archive_cleanup: |
|
||||
ENABLED=true
|
||||
```
|
||||
|
||||
### External Database
|
||||
|
||||
An external Database can be used instead of builtIn PostgreSQL or MySQL.
|
||||
|
|
|
@ -155,3 +155,157 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration" -}}
|
||||
{{- include "gitea.inline_configuration.init" . -}}
|
||||
{{- include "gitea.inline_configuration.defaults" . -}}
|
||||
|
||||
{{- $generals := list -}}
|
||||
{{- $inlines := dict -}}
|
||||
|
||||
{{- range $key, $value := .Values.gitea.config }}
|
||||
{{- if kindIs "map" $value }}
|
||||
{{- if gt (len $value) 0 }}
|
||||
{{- $section := default list (get $inlines $key) -}}
|
||||
{{- range $n_key, $n_value := $value }}
|
||||
{{- $section = append $section (printf "%s=%v" $n_key $n_value) -}}
|
||||
{{- end }}
|
||||
{{- $_ := set $inlines $key (join "\n" $section) -}}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
{{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") -}}
|
||||
{{- $generals = append $generals (printf "%s=%s" $key $value) -}}
|
||||
{{- else -}}
|
||||
{{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- $_ := set $inlines "_generals_" (join "\n" $generals) -}}
|
||||
{{- toYaml $inlines -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.init" -}}
|
||||
{{- if not (hasKey .Values.gitea.config "cache") -}}
|
||||
{{- $_ := set .Values.gitea.config "cache" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "server") -}}
|
||||
{{- $_ := set .Values.gitea.config "server" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "metrics") -}}
|
||||
{{- $_ := set .Values.gitea.config "metrics" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "database") -}}
|
||||
{{- $_ := set .Values.gitea.config "database" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "security") -}}
|
||||
{{- $_ := set .Values.gitea.config "security" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.repository -}}
|
||||
{{- $_ := set .Values.gitea.config "repository" dict -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
|
||||
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults" -}}
|
||||
{{- include "gitea.inline_configuration.defaults.server" . -}}
|
||||
{{- include "gitea.inline_configuration.defaults.database" . -}}
|
||||
|
||||
{{- if not .Values.gitea.config.repository.ROOT -}}
|
||||
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
|
||||
{{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
||||
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.gitea.cache.builtIn.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
|
||||
{{- if not (.Values.gitea.config.cache.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults.server" -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
|
||||
{{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.PROTOCOL -}}
|
||||
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
|
||||
{{- end -}}
|
||||
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- if gt (len .Values.ingress.hosts) 0 -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.ROOT_URL -}}
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- if gt (len .Values.ingress.tls) 0 -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0).host) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.SSH_PORT -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
|
||||
{{- if not .Values.image.rootless -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}}
|
||||
{{- if .Values.image.rootless -}}
|
||||
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
|
||||
{{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "gitea.inline_configuration.defaults.database" -}}
|
||||
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}}
|
||||
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
|
||||
{{- else if .Values.gitea.database.builtIn.mysql.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}}
|
||||
{{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}}
|
||||
{{- else if .Values.gitea.database.builtIn.mariadb.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}}
|
||||
{{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -1,5 +1,15 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}-inline-config
|
||||
labels:
|
||||
{{- include "gitea.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
{{- include "gitea.inline_configuration" . | nindent 2 }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "gitea.fullname" . }}
|
||||
labels:
|
||||
|
@ -10,160 +20,105 @@ stringData:
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
{{- if not (hasKey .Values.gitea.config "cache") -}}
|
||||
{{- $_ := set .Values.gitea.config "cache" dict -}}
|
||||
{{- end -}}
|
||||
function env2ini::log() {
|
||||
justusbunsi marked this conversation as resolved
Outdated
|
||||
printf "${1}\n"
|
||||
}
|
||||
|
||||
{{- if not (hasKey .Values.gitea.config "server") -}}
|
||||
{{- $_ := set .Values.gitea.config "server" dict -}}
|
||||
{{- end -}}
|
||||
function env2ini::read_config_to_env() {
|
||||
local section="${1}"
|
||||
local line="${2}"
|
||||
|
||||
{{- if not (hasKey .Values.gitea.config "metrics") -}}
|
||||
{{- $_ := set .Values.gitea.config "metrics" dict -}}
|
||||
{{- end -}}
|
||||
if [[ -z "${line}" ]]; then
|
||||
# skip empty line
|
||||
return
|
||||
fi
|
||||
|
||||
justusbunsi marked this conversation as resolved
Outdated
justusbunsi
commented
Users can have spaces around the Users can have spaces around the `=` character in their config sources. Just like it is possible within `app.ini`. This regex takes this into account when stripping the setting name from the line to parse.
|
||||
# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
|
||||
local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"
|
||||
|
||||
{{- if not (hasKey .Values.gitea.config "database") -}}
|
||||
{{- $_ := set .Values.gitea.config "database" dict -}}
|
||||
{{- end -}}
|
||||
if [[ -z "${setting}" ]]; then
|
||||
env2ini::log ' ! invalid setting'
|
||||
justusbunsi marked this conversation as resolved
Outdated
justusbunsi
commented
I've decided to let the script fail in case any line is not processable. That way the user is required to fix their configuration before the currently applied breaks somehow. Open for discussion here. I've decided to let the script fail in case any line is not processable. That way the user is required to fix their configuration before the currently applied breaks somehow. Open for discussion here.
|
||||
exit 1
|
||||
fi
|
||||
|
||||
{{- if not (hasKey .Values.gitea.config "security") -}}
|
||||
{{- $_ := set .Values.gitea.config "security" dict -}}
|
||||
{{- end -}}
|
||||
local value=''
|
||||
local regex="^${setting}(\s*)=(\s*)(.*)"
|
||||
if [[ $line =~ $regex ]]; then
|
||||
value="${BASH_REMATCH[3]}"
|
||||
else
|
||||
env2ini::log ' ! invalid setting'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
{{- if not .Values.gitea.config.repository -}}
|
||||
{{- $_ := set .Values.gitea.config "repository" dict -}}
|
||||
{{- end -}}
|
||||
env2ini::log " + '${setting}'"
|
||||
|
||||
{{- if not (hasKey .Values.gitea.config "oauth2") -}}
|
||||
{{- $_ := set .Values.gitea.config "oauth2" dict -}}
|
||||
{{- end -}}
|
||||
if [[ -z "${section}" ]]; then
|
||||
export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||
justusbunsi marked this conversation as resolved
Outdated
justusbunsi
commented
This broke with the switch to `____` ensures that global settings inside app.ini are actually taken into account and stored at the correct ini level.
This broke with the switch to `environment-to-ini` tool.
|
||||
return
|
||||
fi
|
||||
|
||||
{{- /* repository default settings */ -}}
|
||||
{{- if not .Values.gitea.config.repository.ROOT -}}
|
||||
{{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}}
|
||||
{{- end -}}
|
||||
local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches
|
||||
masked_section="${masked_section//-/_0X2D_}"
|
||||
|
||||
{{- /* security default settings */ -}}
|
||||
{{- if not .Values.gitea.config.security.INSTALL_LOCK -}}
|
||||
{{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}}
|
||||
{{- end -}}
|
||||
export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase
|
||||
}
|
||||
|
||||
{{- /* server default settings */ -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}}
|
||||
{{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.PROTOCOL -}}
|
||||
{{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}}
|
||||
{{- end -}}
|
||||
{{- if not (.Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- if gt (len .Values.ingress.hosts) 0 -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.ROOT_URL -}}
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- if gt (len .Values.ingress.tls) 0 -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index (index .Values.ingress.tls 0).hosts 0)) -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL (index .Values.ingress.hosts 0).host) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" .Values.gitea.config.server.PROTOCOL .Values.gitea.config.server.DOMAIN) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.SSH_DOMAIN -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.gitea.config.server.SSH_PORT -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}}
|
||||
{{- if not .Values.image.rootless -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}}
|
||||
{{- if .Values.image.rootless -}}
|
||||
{{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}}
|
||||
{{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}}
|
||||
{{- end -}}
|
||||
{{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}}
|
||||
{{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}}
|
||||
{{- end -}}
|
||||
function env2ini::process_config_file() {
|
||||
local config_file="${1}"
|
||||
local section="$(basename "${config_file}")"
|
||||
|
||||
{{- /* metrics default settings */ -}}
|
||||
{{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}}
|
||||
{{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}}
|
||||
{{- end -}}
|
||||
if [[ $section == '_generals_' ]]; then
|
||||
env2ini::log " [ini root]"
|
||||
section=''
|
||||
else
|
||||
env2ini::log " ${section}"
|
||||
fi
|
||||
|
||||
{{- /* database default settings */ -}}
|
||||
{{- if .Values.gitea.database.builtIn.postgresql.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}}
|
||||
{{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}}
|
||||
{{ else if .Values.gitea.database.builtIn.mysql.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}}
|
||||
{{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}}
|
||||
{{ else if .Values.gitea.database.builtIn.mariadb.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}}
|
||||
{{- if not (.Values.gitea.config.database.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}}
|
||||
{{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}}
|
||||
{{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}}
|
||||
{{- end -}}
|
||||
while read -r line; do
|
||||
env2ini::read_config_to_env "${section}" "${line}"
|
||||
done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading
|
||||
}
|
||||
|
||||
{{- /* cache default settings */ -}}
|
||||
{{- if .Values.gitea.cache.builtIn.enabled -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}}
|
||||
{{- if not (.Values.gitea.config.cache.HOST) -}}
|
||||
{{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
function env2ini::load_config_sources() {
|
||||
local path="${1}"
|
||||
|
||||
{{- if not (hasKey .Values.gitea.config.security "INTERNAL_TOKEN") }}
|
||||
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
|
||||
{{- end }}
|
||||
{{- if not (hasKey .Values.gitea.config.security "SECRET_KEY") }}
|
||||
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
|
||||
{{- end }}
|
||||
{{- if not (hasKey .Values.gitea.config.oauth2 "JWT_SECRET") }}
|
||||
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
|
||||
{{- end }}
|
||||
env2ini::log "Processing $(basename "${path}")..."
|
||||
|
||||
{{- /* autogenerate app.ini environment values */ -}}
|
||||
{{- range $key, $value := .Values.gitea.config }}
|
||||
{{- if kindIs "map" $value }}
|
||||
{{- if gt (len $value) 0 }}
|
||||
{{- range $n_key, $n_value := $value }}
|
||||
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $n_key | upper }}={{ $n_value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
export ENV_TO_INI__{{ $key | upper | replace "." "_0X2E_" | replace "-" "_0X2D_" }}__{{ $key | upper }}={{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
while read -d '' configFile; do
|
||||
env2ini::process_config_file "${configFile}"
|
||||
done < <(find "${path}" -type l -not -name '..data' -print0)
|
||||
|
||||
env2ini::log "\n"
|
||||
}
|
||||
|
||||
function env2ini::generate_initial_secrets() {
|
||||
# These environment variables will either be
|
||||
# - overwritten with user defined values,
|
||||
# - initially used to set up Gitea
|
||||
# Anyway, they won't harm existing app.ini files
|
||||
|
||||
export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
|
||||
export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
|
||||
export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
|
||||
|
||||
env2ini::log "...Initial secrets generated\n"
|
||||
}
|
||||
|
||||
# MUST BE CALLED BEFORE OTHER CONFIGURATION
|
||||
env2ini::generate_initial_secrets
|
||||
|
||||
env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
|
||||
env2ini::load_config_sources '/env-to-ini-mounts/additionals/'
|
||||
|
||||
env2ini::log "=== All configuration sources loaded ===\n"
|
||||
|
||||
# safety to prevent rewrite of secret keys if an app.ini already exists
|
||||
if [ -f ${GITEA_APP_INI} ]; then
|
||||
env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
|
||||
env2ini::log ' - security.INTERNAL_TOKEN'
|
||||
env2ini::log ' - security.SECRET_KEY'
|
||||
env2ini::log ' - oauth2.JWT_SECRET'
|
||||
|
||||
unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
|
||||
unset ENV_TO_INI__SECURITY__SECRET_KEY
|
||||
unset ENV_TO_INI__OAUTH2__JWT_SECRET
|
||||
|
|
|
@ -97,6 +97,12 @@ spec:
|
|||
{{- if .Values.persistence.subPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
{{- end }}
|
||||
- name: inline-config-sources
|
||||
mountPath: /env-to-ini-mounts/inlines/
|
||||
{{- range $idx, $value := .Values.gitea.additionalConfigSources }}
|
||||
- name: additional-config-sources-{{ $idx }}
|
||||
mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/"
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumeMounts }}
|
||||
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
|
@ -284,6 +290,13 @@ spec:
|
|||
{{- if .Values.extraVolumes }}
|
||||
{{- toYaml .Values.extraVolumes | nindent 8 }}
|
||||
{{- end }}
|
||||
- name: inline-config-sources
|
||||
secret:
|
||||
secretName: {{ include "gitea.fullname" . }}-inline-config
|
||||
{{- range $idx, $value := .Values.gitea.additionalConfigSources }}
|
||||
- name: additional-config-sources-{{ $idx }}
|
||||
{{- toYaml $value | nindent 10 }}
|
||||
{{- end }}
|
||||
- name: temp
|
||||
emptyDir: {}
|
||||
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
|
||||
|
|
|
@ -205,6 +205,12 @@ gitea:
|
|||
# security:
|
||||
# PASSWORD_COMPLEXITY: spec
|
||||
|
||||
additionalConfigSources: []
|
||||
# - secret:
|
||||
# secretName: gitea-app-ini-oauth
|
||||
# - configMap:
|
||||
# name: gitea-app-ini-plaintext
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
database:
|
||||
|
|
Loading…
Reference in New Issue
Block a user
TODO: Proper handling for values with
=
and"
inside.