helm-chart/templates/gitea/config.yaml

apiVersion: v1
kind: Secret
metadata:
  name: {{ include "gitea.fullname" . }}-inline-config
  labels:
    {{- include "gitea.labels" . | nindent 4 }}
type: Opaque
stringData:
  {{- include "gitea.inline_configuration" . | nindent 2 }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "gitea.fullname" . }}
  labels:
    {{- include "gitea.labels" . | nindent 4 }}
type: Opaque
stringData:
  config_environment.sh: |-
    #!/usr/bin/env bash
    set -euo pipefail

    function env2ini::log() {
      printf "${1}\n"
    }

    function env2ini::read_config_to_env() {
      local section="${1}"
      local line="${2}"

      if [[ -z "${line}" ]]; then
        # skip empty line
        return
      fi
      
      # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
      local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"

      if [[ -z "${setting}" ]]; then
        env2ini::log '  ! invalid setting'
        exit 1
      fi

      local value=''
      local regex="^${setting}(\s*)=(\s*)(.*)"
      if [[ $line =~ $regex ]]; then
        value="${BASH_REMATCH[3]}"
      else
        env2ini::log '  ! invalid setting'
        exit 1
      fi

      env2ini::log "    + '${setting}'"

      if [[ -z "${section}" ]]; then
        export "ENV_TO_INI____${setting^^}=${value}"                           # '^^' makes the variable content uppercase
        return
      fi

      local masked_section="${section//./_0X2E_}"                            # '//' instructs to replace all matches
      masked_section="${masked_section//-/_0X2D_}"

      export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}"        # '^^' makes the variable content uppercase
    }

    function env2ini::reload_preset_envs() {
      env2ini::log "Reloading preset envs..."

      while read -r line; do
        if [[ -z "${line}" ]]; then
          # skip empty line
          return
        fi

        # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line
        local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)"

        if [[ -z "${setting}" ]]; then
          env2ini::log '  ! invalid setting'
          exit 1
        fi

        local value=''
        local regex="^${setting}(\s*)=(\s*)(.*)"
        if [[ $line =~ $regex ]]; then
          value="${BASH_REMATCH[3]}"
        else
          env2ini::log '  ! invalid setting'
          exit 1
        fi

        env2ini::log "  + '${setting}'"

        export "${setting^^}=${value}"                           # '^^' makes the variable content uppercase
      done < "/tmp/existing-envs"

      rm /tmp/existing-envs
    }


    function env2ini::process_config_file() {
      local config_file="${1}"
      local section="$(basename "${config_file}")"

      if [[ $section == '_generals_' ]]; then
        env2ini::log "  [ini root]"
        section=''
      else
        env2ini::log "  ${section}"
      fi

      while read -r line; do
        env2ini::read_config_to_env "${section}" "${line}"
      done < <(awk 1 "${config_file}")                             # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading
    }

    function env2ini::load_config_sources() {
      local path="${1}"

      env2ini::log "Processing $(basename "${path}")..."

      while read -d '' configFile; do
        env2ini::process_config_file "${configFile}"
      done < <(find "${path}" -type l -not -name '..data' -print0)

      env2ini::log "\n"
    }

    function env2ini::generate_initial_secrets() {
      # These environment variables will either be
      #   - overwritten with user defined values,
      #   - initially used to set up Gitea
      # Anyway, they won't harm existing app.ini files

      export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
      export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
      export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)

      env2ini::log "...Initial secrets generated\n"
    }

    env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs
    
    # MUST BE CALLED BEFORE OTHER CONFIGURATION
    env2ini::generate_initial_secrets

    env2ini::load_config_sources '/env-to-ini-mounts/inlines/'
    env2ini::load_config_sources '/env-to-ini-mounts/additionals/'

    # load existing envs to override auto generated envs
    env2ini::reload_preset_envs

    env2ini::log "=== All configuration sources loaded ===\n"

    # safety to prevent rewrite of secret keys if an app.ini already exists
    if [ -f ${GITEA_APP_INI} ]; then
      env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'
      env2ini::log '  - security.INTERNAL_TOKEN'
      env2ini::log '  - security.SECRET_KEY'
      env2ini::log '  - oauth2.JWT_SECRET'

      unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN
      unset ENV_TO_INI__SECURITY__SECRET_KEY
      unset ENV_TO_INI__OAUTH2__JWT_SECRET
    fi

    environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io> 2020-08-23 12:56:55 -05:00			`apiVersion: v1`
Move all password related data to secrets (#28) Bump Chart version Move all password related data to secrets Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/28 Reviewed-by: techknowlogick <techknowlogick@gitea.io> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> 2020-09-25 08:37:55 -05:00			`kind: Secret`
Generic way for configuring Gitea app.ini (#240) With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources. These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps. - Fixes #243 - Fixes #174 - Fixes #260 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io> 2021-12-22 04:44:04 -06:00			`metadata:`
			`name: {{ include "gitea.fullname" . }}-inline-config`
			`labels:`
			`{{- include "gitea.labels" . \| nindent 4 }}`
			`type: Opaque`
			`stringData:`
			`{{- include "gitea.inline_configuration" . \| nindent 2 }}`
			`---`
			`apiVersion: v1`
			`kind: Secret`
Integrate NOVUM-RGI chart into the official helm chart. (#7) Fix ssh port settings Remove blank line from LICENSE file add check for admin user set PROTOCOL default to http Add Konrad Lother as Maintainer Update readme with generic values make app.ini generic - app.ini is now configurable via dictionary in values.yaml - database and server configuration is autogenerated if not defined - http and ssh services now use gitea config settings for targetPort - add default security value INSTALL_LOCK = true - clean up builtin cache settings bump gitea version Add values and Remove vscode TOC comments - values enablePushCreateOrg and enablePushCreateUser have been added to repository settings fix naming order of license and maintainers Multiple improvements for the chart: - add terminationGracePeriodSeconds to shutdown the statefulset gracefully on error - add guard for loadbalancer settings in ssh service - use mysql from bitnami, since they update the version much more frequent (old mysql only uses mysql ~6) - init container now also provisions mysql and external database correctly Fix PVC mounting issues for longhorn storageClass Add examples to readme Fix port setting for ssh Fix and operator for newer helm versions update values to support most configuration gitea offers Replace Readme update license file Update helpers with dependencies, update NOTES.txt update Chart.yaml with dependencies Requirements.yaml removed, since this is deprecated and moved to Chart.yaml Remove now unused dependencies and deployments - init is no longer used since databases are initialized on original charts and managed with dependency - ingress.yaml moved to templates/gitea - deployment.yaml no longer used and replaced with templates/gitea/statefulset.yaml - memcached also handled with helm dependency and initialized in original chart Add initial test for gitea helm chart Rework templates for helm chart. - app.ini configurable via config - admin user and ldap settings configurable via config - using statefulset to handle pvc - update helpers for new dependencies remove helm build artifacts since they are not needed in this repository Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Co-authored-by: Konrad Lother <konrad.lother@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/7 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: techknowlogick <techknowlogick@gitea.io> 2020-08-23 12:56:55 -05:00			`metadata:`
			`name: {{ include "gitea.fullname" . }}`
			`labels:`
			`{{- include "gitea.labels" . \| nindent 4 }}`
Move all password related data to secrets (#28) Bump Chart version Move all password related data to secrets Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/28 Reviewed-by: techknowlogick <techknowlogick@gitea.io> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> 2020-09-25 08:37:55 -05:00			`type: Opaque`
			`stringData:`
Rework app.ini generation (#239) App ini is now generated by environment-to-ini This should prevent some of the problems we had earlier with persisting the app.ini Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io> 2021-11-19 15:15:45 -06:00			`config_environment.sh: \|-`
			`#!/usr/bin/env bash`
			`set -euo pipefail`

Generic way for configuring Gitea app.ini (#240) With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources. These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps. - Fixes #243 - Fixes #174 - Fixes #260 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io> 2021-12-22 04:44:04 -06:00			`function env2ini::log() {`
			`printf "${1}\n"`
			`}`

			`function env2ini::read_config_to_env() {`
			`local section="${1}"`
			`local line="${2}"`

			`if [[ -z "${line}" ]]; then`
			`# skip empty line`
			`return`
			`fi`

			`# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line`
			`local setting="$(awk -F '=' '{print $1}' <<< "${line}" \| xargs echo -n)"`

			`if [[ -z "${setting}" ]]; then`
			`env2ini::log ' ! invalid setting'`
			`exit 1`
			`fi`

			`local value=''`
			`local regex="^${setting}(\s)=(\s)(.*)"`
			`if [[ $line =~ $regex ]]; then`
			`value="${BASH_REMATCH[3]}"`
			`else`
			`env2ini::log ' ! invalid setting'`
			`exit 1`
			`fi`

			`env2ini::log " + '${setting}'"`

			`if [[ -z "${section}" ]]; then`
			`export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase`
			`return`
			`fi`

			`local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches`
			`masked_section="${masked_section//-/_0X2D_}"`

			`export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase`
			`}`

Consider environment variables during app.ini creation (#298) This PR improves the handling and injection into _app.ini_ of user defined environment variables via env-to-ini script. Fixes #297 Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/298 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> 2022-03-09 00:47:55 -06:00			`function env2ini::reload_preset_envs() {`
			`env2ini::log "Reloading preset envs..."`

			`while read -r line; do`
			`if [[ -z "${line}" ]]; then`
			`# skip empty line`
			`return`
			`fi`

			`# 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line`
			`local setting="$(awk -F '=' '{print $1}' <<< "${line}" \| xargs echo -n)"`

			`if [[ -z "${setting}" ]]; then`
			`env2ini::log ' ! invalid setting'`
			`exit 1`
			`fi`

			`local value=''`
			`local regex="^${setting}(\s)=(\s)(.*)"`
			`if [[ $line =~ $regex ]]; then`
			`value="${BASH_REMATCH[3]}"`
			`else`
			`env2ini::log ' ! invalid setting'`
			`exit 1`
			`fi`

			`env2ini::log " + '${setting}'"`

			`export "${setting^^}=${value}" # '^^' makes the variable content uppercase`
			`done < "/tmp/existing-envs"`

			`rm /tmp/existing-envs`
			`}`


Generic way for configuring Gitea app.ini (#240) With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources. These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps. - Fixes #243 - Fixes #174 - Fixes #260 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io> 2021-12-22 04:44:04 -06:00			`function env2ini::process_config_file() {`
			`local config_file="${1}"`
			`local section="$(basename "${config_file}")"`

			`if [[ $section == '_generals_' ]]; then`
			`env2ini::log " [ini root]"`
			`section=''`
			`else`
			`env2ini::log " ${section}"`
			`fi`

			`while read -r line; do`
			`env2ini::read_config_to_env "${section}" "${line}"`
			`done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading`
			`}`

			`function env2ini::load_config_sources() {`
			`local path="${1}"`

			`env2ini::log "Processing $(basename "${path}")..."`

			`while read -d '' configFile; do`
			`env2ini::process_config_file "${configFile}"`
			`done < <(find "${path}" -type l -not -name '..data' -print0)`

			`env2ini::log "\n"`
			`}`

			`function env2ini::generate_initial_secrets() {`
			`# These environment variables will either be`
			`# - overwritten with user defined values,`
			`# - initially used to set up Gitea`
			`# Anyway, they won't harm existing app.ini files`

			`export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)`
			`export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)`
			`export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)`

			`env2ini::log "...Initial secrets generated\n"`
			`}`

Consider environment variables during app.ini creation (#298) This PR improves the handling and injection into _app.ini_ of user defined environment variables via env-to-ini script. Fixes #297 Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/298 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> 2022-03-09 00:47:55 -06:00			`env \| (grep ENV_TO_INI \|\| [[ $? == 1 ]]) > /tmp/existing-envs`

Generic way for configuring Gitea app.ini (#240) With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources. These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps. - Fixes #243 - Fixes #174 - Fixes #260 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io> 2021-12-22 04:44:04 -06:00			`# MUST BE CALLED BEFORE OTHER CONFIGURATION`
			`env2ini::generate_initial_secrets`

			`env2ini::load_config_sources '/env-to-ini-mounts/inlines/'`
			`env2ini::load_config_sources '/env-to-ini-mounts/additionals/'`

Consider environment variables during app.ini creation (#298) This PR improves the handling and injection into _app.ini_ of user defined environment variables via env-to-ini script. Fixes #297 Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/298 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> 2022-03-09 00:47:55 -06:00			`# load existing envs to override auto generated envs`
			`env2ini::reload_preset_envs`

Generic way for configuring Gitea app.ini (#240) With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources. These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps. - Fixes #243 - Fixes #174 - Fixes #260 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io> 2021-12-22 04:44:04 -06:00			`env2ini::log "=== All configuration sources loaded ===\n"`
Rework app.ini generation (#239) App ini is now generated by environment-to-ini This should prevent some of the problems we had earlier with persisting the app.ini Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io> 2021-11-19 15:15:45 -06:00
			`# safety to prevent rewrite of secret keys if an app.ini already exists`
			`if [ -f ${GITEA_APP_INI} ]; then`
Generic way for configuring Gitea app.ini (#240) With the result of PR #239 it is much easier to provide additional values to the _app.ini_ configuration from different sources. These changes adds an _additionalConfigSources_ field where the users can define such sources. This enables the users to choose on their own whether to store values in _values.yaml_ or load them from Kuberetes Secrets or ConfigMaps. - Fixes #243 - Fixes #174 - Fixes #260 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/240 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: wxiaoguang <wxiaoguang@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io> 2021-12-22 04:44:04 -06:00			`env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:'`
			`env2ini::log ' - security.INTERNAL_TOKEN'`
			`env2ini::log ' - security.SECRET_KEY'`
			`env2ini::log ' - oauth2.JWT_SECRET'`

Rework app.ini generation (#239) App ini is now generated by environment-to-ini This should prevent some of the problems we had earlier with persisting the app.ini Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/239 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io> 2021-11-19 15:15:45 -06:00			`unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN`
			`unset ENV_TO_INI__SECURITY__SECRET_KEY`
			`unset ENV_TO_INI__OAUTH2__JWT_SECRET`
			`fi`

			`environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI`