forked from Drift/pvv-nixos-config
bekkalokk/gitea: misc changes
- change domain from git2 to git1 - enable internal SSH serer - enable code search - add custom logos - update import-user-script to ignore GECOS fields
This commit is contained in:
parent
f567199604
commit
b4b6b4971a
|
@ -1,7 +1,7 @@
|
||||||
{ config, values, pkgs, ... }:
|
{ config, values, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.gitea;
|
cfg = config.services.gitea;
|
||||||
domain = "git2.pvv.ntnu.no";
|
domain = "git.pvv.ntnu.no";
|
||||||
sshPort = 2222;
|
sshPort = 2222;
|
||||||
in {
|
in {
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
|
@ -33,6 +33,10 @@ in {
|
||||||
ROOT_URL = "https://${domain}/";
|
ROOT_URL = "https://${domain}/";
|
||||||
PROTOCOL = "http+unix";
|
PROTOCOL = "http+unix";
|
||||||
SSH_PORT = sshPort;
|
SSH_PORT = sshPort;
|
||||||
|
START_SSH_SERVER = true;
|
||||||
|
};
|
||||||
|
indexer = {
|
||||||
|
REPO_INDEXER_ENABLED = true;
|
||||||
};
|
};
|
||||||
service.DISABLE_REGISTRATION = true;
|
service.DISABLE_REGISTRATION = true;
|
||||||
session.COOKIE_SECURE = true;
|
session.COOKIE_SECURE = true;
|
||||||
|
@ -41,9 +45,12 @@ in {
|
||||||
DISABLE_GRAVATAR = true;
|
DISABLE_GRAVATAR = true;
|
||||||
ENABLE_FEDERATED_AVATAR = false;
|
ENABLE_FEDERATED_AVATAR = false;
|
||||||
};
|
};
|
||||||
|
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
@ -83,4 +90,13 @@ in {
|
||||||
Unit = "gitea-import-users.service";
|
Unit = "gitea-import-users.service";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.activationScripts.linkGiteaLogo.text = let
|
||||||
|
logo-svg = ../../../../assets/logo_blue_regular.svg;
|
||||||
|
logo-png = ../../../../assets/logo_blue_regular.png;
|
||||||
|
in ''
|
||||||
|
install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg
|
||||||
|
install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png
|
||||||
|
install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ if API_TOKEN is None:
|
||||||
|
|
||||||
GITEA_API_URL = os.getenv('GITEA_API_URL')
|
GITEA_API_URL = os.getenv('GITEA_API_URL')
|
||||||
if GITEA_API_URL is None:
|
if GITEA_API_URL is None:
|
||||||
GITEA_API_URL = 'https://git2.pvv.ntnu.no/api/v1'
|
GITEA_API_URL = 'https://git.pvv.ntnu.no/api/v1'
|
||||||
|
|
||||||
BANNED_SHELLS = [
|
BANNED_SHELLS = [
|
||||||
"/usr/bin/nologin",
|
"/usr/bin/nologin",
|
||||||
|
@ -22,44 +22,56 @@ BANNED_SHELLS = [
|
||||||
"/bin/msgsh",
|
"/bin/msgsh",
|
||||||
]
|
]
|
||||||
|
|
||||||
existing_users = []
|
existing_users = {}
|
||||||
|
|
||||||
|
|
||||||
|
# This function should only ever be called when adding users
|
||||||
|
# from the passwd file
|
||||||
def add_user(username, name):
|
def add_user(username, name):
|
||||||
if username in existing_users:
|
|
||||||
return
|
|
||||||
|
|
||||||
user = {
|
user = {
|
||||||
"email": username + '@' + EMAIL_DOMAIN,
|
|
||||||
"full_name": name,
|
"full_name": name,
|
||||||
"login_name": username,
|
|
||||||
"password": secrets.token_urlsafe(32),
|
|
||||||
"source_id": 1, # 1 = SMTP
|
|
||||||
"username": username,
|
"username": username,
|
||||||
"must_change_password": False,
|
"login_name": username,
|
||||||
"visibility": "private",
|
"visibility": "public",
|
||||||
|
"source_id": 1, # 1 = SMTP
|
||||||
}
|
}
|
||||||
|
|
||||||
r = requests.post(GITEA_API_URL + '/admin/users', json=user,
|
if username not in existing_users:
|
||||||
headers={'Authorization': 'token ' + API_TOKEN})
|
user["password"] = secrets.token_urlsafe(32)
|
||||||
if r.status_code != 201:
|
user["must_change_password"] = False
|
||||||
print('ERR: Failed to create user ' + username + ': ' + r.text)
|
user["visibility"] = "private"
|
||||||
return
|
user["email"] = username + '@' + EMAIL_DOMAIN
|
||||||
|
|
||||||
print('Created user ' + username)
|
r = requests.post(GITEA_API_URL + '/admin/users', json=user,
|
||||||
existing_users.append(username)
|
headers={'Authorization': 'token ' + API_TOKEN})
|
||||||
|
if r.status_code != 201:
|
||||||
|
print('ERR: Failed to create user ' + username + ': ' + r.text)
|
||||||
|
return
|
||||||
|
|
||||||
|
print('Created user ' + username)
|
||||||
|
existing_users[username] = user
|
||||||
|
|
||||||
|
else:
|
||||||
|
r = requests.patch(GITEA_API_URL + f'/admin/users/{username}',
|
||||||
|
json=user,
|
||||||
|
headers={'Authorization': 'token ' + API_TOKEN})
|
||||||
|
if r.status_code != 200:
|
||||||
|
print('ERR: Failed to update user ' + username + ': ' + r.text)
|
||||||
|
return
|
||||||
|
|
||||||
|
print('Updated user ' + username)
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
|
||||||
# Fetch existing users
|
# Fetch existing users
|
||||||
r = requests.get(GITEA_API_URL + '/admin/users',
|
r = requests.get(GITEA_API_URL + '/admin/users',
|
||||||
headers={'Authorization': 'token ' + API_TOKEN})
|
headers={'Authorization': 'token ' + API_TOKEN})
|
||||||
|
|
||||||
if r.status_code != 200:
|
if r.status_code != 200:
|
||||||
raise Exception('Failed to get users: ' + r.text)
|
raise Exception('Failed to get users: ' + r.text)
|
||||||
|
|
||||||
for user in r.json():
|
for user in r.json():
|
||||||
existing_users.append(user['login'])
|
existing_users[user['login']] = user
|
||||||
|
|
||||||
# Read the file, add each user
|
# Read the file, add each user
|
||||||
with open("/tmp/passwd-import", 'r') as f:
|
with open("/tmp/passwd-import", 'r') as f:
|
||||||
|
@ -73,7 +85,7 @@ def main():
|
||||||
continue
|
continue
|
||||||
|
|
||||||
username = line.split(':')[0]
|
username = line.split(':')[0]
|
||||||
name = line.split(':')[4]
|
name = line.split(':')[4].split(',')[0]
|
||||||
|
|
||||||
add_user(username, name)
|
add_user(username, name)
|
||||||
|
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 1.1 MiB |
Loading…
Reference in New Issue