Compare commits

...

2 Commits

Author SHA1 Message Date
Oystein Kristoffer Tveit 0887286832
bekkalokk/gitea: misc changes
- change domain from git2 to git1
- enable internal SSH serer
- enable code search
- add custom logos
- update import-user-script to ignore GECOS fields
2023-09-07 18:41:52 +02:00
Oystein Kristoffer Tveit f567199604
bekkalokk/gitea: update API key for import-user-script 2023-09-07 18:41:41 +02:00
4 changed files with 52 additions and 24 deletions

View File

@ -1,7 +1,7 @@
{ config, values, pkgs, ... }: { config, values, pkgs, ... }:
let let
cfg = config.services.gitea; cfg = config.services.gitea;
domain = "git2.pvv.ntnu.no"; domain = "git.pvv.ntnu.no";
sshPort = 2222; sshPort = 2222;
in { in {
sops.secrets = { sops.secrets = {
@ -33,6 +33,10 @@ in {
ROOT_URL = "https://${domain}/"; ROOT_URL = "https://${domain}/";
PROTOCOL = "http+unix"; PROTOCOL = "http+unix";
SSH_PORT = sshPort; SSH_PORT = sshPort;
START_SSH_SERVER = true;
};
indexer = {
REPO_INDEXER_ENABLED = true;
}; };
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
@ -41,9 +45,12 @@ in {
DISABLE_GRAVATAR = true; DISABLE_GRAVATAR = true;
ENABLE_FEDERATED_AVATAR = false; ENABLE_FEDERATED_AVATAR = false;
}; };
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
}; };
}; };
environment.systemPackages = [ cfg.package ];
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -83,4 +90,13 @@ in {
Unit = "gitea-import-users.service"; Unit = "gitea-import-users.service";
}; };
}; };
system.activationScripts.linkGiteaLogo.text = let
logo-svg = ../../../../assets/logo_blue_regular.svg;
logo-png = ../../../../assets/logo_blue_regular.png;
in ''
install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg
install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png
'';
} }

View File

@ -22,24 +22,26 @@ BANNED_SHELLS = [
"/bin/msgsh", "/bin/msgsh",
] ]
existing_users = [] existing_users = {}
# This function should only ever be called when adding users
# from the passwd file
def add_user(username, name): def add_user(username, name):
if username in existing_users:
return
user = { user = {
"email": username + '@' + EMAIL_DOMAIN,
"full_name": name, "full_name": name,
"login_name": username,
"password": secrets.token_urlsafe(32),
"source_id": 1, # 1 = SMTP
"username": username, "username": username,
"must_change_password": False, "login_name": username,
"visibility": "private", "visibility": "public",
"source_id": 1, # 1 = SMTP
} }
if username not in existing_users:
user["password"] = secrets.token_urlsafe(32)
user["must_change_password"] = False
user["visibility"] = "private"
user["email"] = username + '@' + EMAIL_DOMAIN
r = requests.post(GITEA_API_URL + '/admin/users', json=user, r = requests.post(GITEA_API_URL + '/admin/users', json=user,
headers={'Authorization': 'token ' + API_TOKEN}) headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 201: if r.status_code != 201:
@ -47,19 +49,29 @@ def add_user(username, name):
return return
print('Created user ' + username) print('Created user ' + username)
existing_users.append(username) existing_users[username] = user
else:
r = requests.patch(GITEA_API_URL + f'/admin/users/{username}',
json=user,
headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 200:
print('ERR: Failed to update user ' + username + ': ' + r.text)
return
print('Updated user ' + username)
def main(): def main():
# Fetch existing users # Fetch existing users
r = requests.get(GITEA_API_URL + '/admin/users', r = requests.get(GITEA_API_URL + '/admin/users',
headers={'Authorization': 'token ' + API_TOKEN}) headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 200: if r.status_code != 200:
raise Exception('Failed to get users: ' + r.text) raise Exception('Failed to get users: ' + r.text)
for user in r.json(): for user in r.json():
existing_users.append(user['login']) existing_users[user['login']] = user
# Read the file, add each user # Read the file, add each user
with open("/tmp/passwd-import", 'r') as f: with open("/tmp/passwd-import", 'r') as f:
@ -73,7 +85,7 @@ def main():
continue continue
username = line.split(':')[0] username = line.split(':')[0]
name = line.split(':')[4] name = line.split(':')[4].split(',')[0]
add_user(username, name) add_user(username, name)

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.1 MiB

View File

@ -3,7 +3,7 @@ gitea:
database: ENC[AES256_GCM,data:UlS33IdCEyeSvT6ngpmnkBWHuSEqsB//DT+3b7C+UwbD8UXWJlsLf1X8/w==,iv:mPRW5ldyZaHP+y/0vC2JGSLZmlkhgmkvXPk4LazkSDs=,tag:gGk6Z/nbPvzE1zG+tJC8Sw==,type:str] database: ENC[AES256_GCM,data:UlS33IdCEyeSvT6ngpmnkBWHuSEqsB//DT+3b7C+UwbD8UXWJlsLf1X8/w==,iv:mPRW5ldyZaHP+y/0vC2JGSLZmlkhgmkvXPk4LazkSDs=,tag:gGk6Z/nbPvzE1zG+tJC8Sw==,type:str]
passwd-ssh-key: ENC[AES256_GCM,data:L0lF0wvpayss1NU9m3A45cH0bCMQzODTFVrq6EPd1JHx54wIcoaRBYLmxXKXASzBlCg9zlwXMUIk3OQcS3kdzMKL0iqcSL2iicAcKjFIHyrWLqXgwV5pRSP/tRPcVw8KW8gz0bh33EgESs5ReddZ3VZ0Cy1s2YupMRQvBXr89k1+Hv70OWB6P06hvxhv/zKcMGI1N/dWLroMgrQuT9imw4+/Q1RqwzTYeEU+eUn24AM9GjcBg4qf3OI+6g0nXUat/upIYE28iF5J3lbUSmDSmirBLc8xgHLdOyyJPTObWYWYxlSL78T7IqiMm9lI3rtBlpJDDcn/YxZpVqN5bg2154GISNK+uR0TVSLdJ+drdGHIfIX3G78XSxf2L9rbJyRn8MQlgStfdBIQicLavQKVMrmj+XQfvEMez23WbPLjH4oViBQFI+GrOHOGy/f16cz8Sn4n+69OcsOeTxs3tKYdfq6r1XLYSJ/fe/zvxBpaZiyGXljsuyEdIyBL2A8D6uSXe3Nd3/DAdBtceFfIdN1olCdutixzVWgxaJnrel161z5A/4w=,iv:Uy46yY3jFYSvpxrgCHxRMUksnWfhf5DViLMvCXVMMl4=,tag:wFEJ5+icFrOKkc56gY0A5g==,type:str] passwd-ssh-key: ENC[AES256_GCM,data:L0lF0wvpayss1NU9m3A45cH0bCMQzODTFVrq6EPd1JHx54wIcoaRBYLmxXKXASzBlCg9zlwXMUIk3OQcS3kdzMKL0iqcSL2iicAcKjFIHyrWLqXgwV5pRSP/tRPcVw8KW8gz0bh33EgESs5ReddZ3VZ0Cy1s2YupMRQvBXr89k1+Hv70OWB6P06hvxhv/zKcMGI1N/dWLroMgrQuT9imw4+/Q1RqwzTYeEU+eUn24AM9GjcBg4qf3OI+6g0nXUat/upIYE28iF5J3lbUSmDSmirBLc8xgHLdOyyJPTObWYWYxlSL78T7IqiMm9lI3rtBlpJDDcn/YxZpVqN5bg2154GISNK+uR0TVSLdJ+drdGHIfIX3G78XSxf2L9rbJyRn8MQlgStfdBIQicLavQKVMrmj+XQfvEMez23WbPLjH4oViBQFI+GrOHOGy/f16cz8Sn4n+69OcsOeTxs3tKYdfq6r1XLYSJ/fe/zvxBpaZiyGXljsuyEdIyBL2A8D6uSXe3Nd3/DAdBtceFfIdN1olCdutixzVWgxaJnrel161z5A/4w=,iv:Uy46yY3jFYSvpxrgCHxRMUksnWfhf5DViLMvCXVMMl4=,tag:wFEJ5+icFrOKkc56gY0A5g==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:zlRLoelQeumMxGqPmgMTB69X1RVWXIs2jWwc67lk0wrdNOHUs5UzV5TUA1JnQ43RslBU92+js7DkyvE5enGzw7zZE5F1ZYdGv/eCgvkTMC9BoLfzHzP6OzayPLYEt3xJ5PRocN8JUAD55cuu4LgsuebuydHPi2oWOfpbSUBKSeCh6dvk5Pp1XRDprPS5SzGLW8Xjq98QlzmfGv50meI9CDJZVF9Wq/72gkyfgtb3YVdr,iv:AF06TBitHegfWk6w07CdkHklh4ripQCmA45vswDQgss=,tag:zKh7WVXMJN2o9ZIwIkby3Q==,type:str] ssh-known-hosts: ENC[AES256_GCM,data:zlRLoelQeumMxGqPmgMTB69X1RVWXIs2jWwc67lk0wrdNOHUs5UzV5TUA1JnQ43RslBU92+js7DkyvE5enGzw7zZE5F1ZYdGv/eCgvkTMC9BoLfzHzP6OzayPLYEt3xJ5PRocN8JUAD55cuu4LgsuebuydHPi2oWOfpbSUBKSeCh6dvk5Pp1XRDprPS5SzGLW8Xjq98QlzmfGv50meI9CDJZVF9Wq/72gkyfgtb3YVdr,iv:AF06TBitHegfWk6w07CdkHklh4ripQCmA45vswDQgss=,tag:zKh7WVXMJN2o9ZIwIkby3Q==,type:str]
import-user-env: ENC[AES256_GCM,data:LNzlIOwN7pWMmq+2+OqDqt17/QFW6UB7gguB8FIKPa/AqE6P8M5LaUFRRd06u8KVWSU=,iv:epWfPmvpqHYnqUr0nlHqg6Hshtno+i2wiY4Z1LdDAQM=,tag:H0xwTcgIa48aycpllV1XEQ==,type:str] import-user-env: ENC[AES256_GCM,data:vfaqjGEnUM9VtOPvBurz7nFwzGZt3L2EqijrQej4wiOcGCrRA4tN6kBV6NmhHqlFPsw=,iv:viPGkyOOacCWcgTu25da4qH7DC4wz2qdeC1W2WcMUdI=,tag:BllNqGQoaxqUo3lTz9LGnw==,type:str]
mediawiki: mediawiki:
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str] password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str] database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str]
@ -42,8 +42,8 @@ sops:
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ== GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-04T03:40:15Z" lastmodified: "2023-09-03T19:12:38Z"
mac: ENC[AES256_GCM,data:b0/75mHIRm+rBpzaOEWVoN2v2WTNfLMUpiHqQY7xPehuMFHycGZZaqPXr+bxDXYDm940ufQHGy0KDN8IuG/ENbFby8AnG8PGPe0rM5Nf8zux/5jlyUQB+tjIvRNy/cg9eiqlYJPp2yOclBCFUmTmAjOU+Je1bV2VCgFCINMoSec=,iv:5Ejw1WLpiDbuiS6KQudbka7HYV9fDSM1vnghtjNjXzY=,tag:7eKPDmU+eG7c/3qj6tgb0Q==,type:str] mac: ENC[AES256_GCM,data:Zo6WD3n33nX7bUun9YqaidvqZjFmbIx7QTzOTGOanSbeDmrejRRdBgGMohWG07byxrdlYO6mQwBkz2xic7+Rh3k1UJ65FDNyM7EOrwuc/X7HJy2Tk9WQO0DDbwDh+OfCeLOhrpBWTlsVt9HpN6xU8xBDABVxBQzd47pm1GRs3Ig=,iv:ECl4h15AnDJPcR3eXZ/wXSTUP8QnAuYiWRWx+Ouazd4=,tag:ZkZ/kSrx/5HCDPQhCGuxLw==,type:str]
pgp: pgp:
- created_at: "2023-05-21T00:28:40Z" - created_at: "2023-05-21T00:28:40Z"
enc: | enc: |