# Source: gitea/templates/gitea/init.yaml apiVersion: v1 kind: Secret metadata: name: gitea-init labels: helm.sh/chart: gitea-9.5.1 app: gitea app.kubernetes.io/name: gitea app.kubernetes.io/instance: gitea app.kubernetes.io/version: "1.20.5" version: "1.20.5" app.kubernetes.io/managed-by: Helm type: Opaque stringData: configure_gpg_environment.sh: |- #!/usr/bin/env bash set -eu gpg --batch --import /raw/private.asc init_directory_structure.sh: |- #!/usr/bin/env bash set -euo pipefail set -x mkdir -p /data/git/.ssh chmod -R 700 /data/git/.ssh [ ! -d /data/gitea/conf ] && mkdir -p /data/gitea/conf # prepare temp directory structure mkdir -p "${GITEA_TEMP}" chmod ug+rwx "${GITEA_TEMP}" configure_gitea.sh: |- #!/usr/bin/env bash set -euo pipefail echo '==== BEGIN GITEA CONFIGURATION ====' { # try gitea migrate } || { # catch echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds" exit 1 } function test_redis_connection() { local RETRY=0 local MAX=30 echo 'Wait for redis to become avialable...' until [ "${RETRY}" -ge "${MAX}" ]; do nc -vz -w2 gitea-redis-cluster-headless.vynil-ci.svc.cluster.local 6379 && break RETRY=$[${RETRY}+1] echo "...not ready yet (${RETRY}/${MAX})" done if [ "${RETRY}" -ge "${MAX}" ]; then echo "Redis not reachable after '${MAX}' attempts!" exit 1 fi } test_redis_connection function configure_admin_user() { local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") if [[ -z "${ACCOUNT_ID}" ]]; then echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email "git-admin@local.com" --must-change-password=false echo '...created.' else echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" echo '...password sync done.' fi } configure_admin_user function configure_ldap() { local LDAP_NAME='Authentik' local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") if [[ -z "${GITEA_AUTH_ID}" ]]; then echo "No ldap configuration found with name "${LDAP_NAME}". Installing it now..." gitea admin auth add-ldap --admin-filter "${LDAP_ADMIN_FILTER}" --avatar-attribute 'jpegPhoto' --bind-dn "${GITEA_LDAP_BIND_DN_0}" --bind-password "${GITEA_LDAP_PASSWORD_0}" --email-attribute 'mail' --firstname-attribute 'givenname' --host "${LDAP_HOST}" --name 'Authentik' --port 389 --security-protocol 'unencrypted' --surname-attribute 'name' --user-filter "${LDAP_USER_FILTER}" --user-search-base "${LDAP_USER_SEARCH_BASE}" --username-attribute 'cn' echo '...installed.' else echo "Existing ldap configuration with name "${LDAP_NAME}": '${GITEA_AUTH_ID}'. Running update to sync settings..." gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" --admin-filter "${LDAP_ADMIN_FILTER}" --avatar-attribute 'jpegPhoto' --bind-dn "${GITEA_LDAP_BIND_DN_0}" --bind-password "${GITEA_LDAP_PASSWORD_0}" --email-attribute 'mail' --firstname-attribute 'givenname' --host "${LDAP_HOST}" --name 'Authentik' --port 389 --security-protocol 'unencrypted' --surname-attribute 'name' --user-filter "${LDAP_USER_FILTER}" --user-search-base "${LDAP_USER_SEARCH_BASE}" --username-attribute 'cn' echo '...sync settings done.' fi } configure_ldap function configure_oauth() { echo 'no oauth configuration... skipping.' } configure_oauth echo '==== END GITEA CONFIGURATION ===='