From 81b589f95c015b45fb3e3efe715a1690d370e5fb Mon Sep 17 00:00:00 2001
From: Mar Alegre <mar@mar.alemor.org>
Date: Sat, 1 Jan 2022 15:56:09 -0500
Subject: [PATCH] added handling for host config and secrets config files in
 data

---
 gitea/Containerfile                           | 31 ++++++++++---------
 .../{app.ini.esh.esh => app.config.ini}       | 14 +--------
 gitea/{ => assets}/bugfix/cronfix             |  0
 gitea/assets/gitea.service                    |  2 +-
 gitea/data/app.host.ini                       |  8 +++++
 gitea/data/app.secret.ini                     | 10 ++++++
 6 files changed, 37 insertions(+), 28 deletions(-)
 rename gitea/assets/{app.ini.esh.esh => app.config.ini} (72%)
 rename gitea/{ => assets}/bugfix/cronfix (100%)
 create mode 100644 gitea/data/app.host.ini
 create mode 100644 gitea/data/app.secret.ini

diff --git a/gitea/Containerfile b/gitea/Containerfile
index 270c223..30adf88 100644
--- a/gitea/Containerfile
+++ b/gitea/Containerfile
@@ -1,7 +1,7 @@
 ###
 ### Build Variables
 ###
-FROM localhost/debian:latest
+FROM localhost/debian
 
 # deploy options
 # -p (port) and -v (volume) both go host:container
@@ -75,12 +75,6 @@ RUN mv pg_hba.conf /etc/postgresql/${PSQLV:?}/main/pg_hba.conf
 ### Gitea
 ###
 
-# Install templating engine
-RUN wget https://raw.githubusercontent.com/jirutka/esh/master/esh && \
-    chmod +x esh && \
-    mkdir -p /usr/local/lib/esh && \
-    mv esh /usr/local/lib/esh
-
 # dowload gitea
 RUN wget https://dl.gitea.io/gitea/${GITEAV:?}/gitea-${GITEAV:?}-linux-amd64 && \
     mv gitea-${GITEAV:?}-linux-amd64 /usr/local/bin/gitea && \
@@ -93,21 +87,30 @@ RUN mkdir -p /var/lib/gitea/data/ /var/log/gitea /etc/gitea && \
     ln -s /var/log/gitea /var/lib/gitea/log && \
     ln -s /vol/data/custom /var/lib/gitea/custom
 
-# template config file
-COPY assets/app.ini.esh.esh /etc/gitea/
-RUN cd /etc/gitea && \
-    esh app.ini.esh.esh && \
-    rm app.ini.esh.esh && \
-    chmod -R +r /etc/gitea
+# copy config file
+COPY assets/app.config.ini /etc/gitea/
 
+# copy gitea service
 COPY assets/gitea.service /etc/systemd/system/
 
 # make alias for running admin commands from command line easily
 RUN echo "alias gitea='sudo -u gitea gitea --config /etc/gitea/app.ini'" >> /root/.bashrc
 
+###
+### Data
+###
+
+WORKDIR /vol/data
+
+# copy config files
+COPY data/ /vol/data/
+# template secrets file to generate secrets
+RUN eval "echo \"$(cat app.secret.ini)\"" > app.secret.ini
+
 ###
 ### Crontab
 ###
+
 COPY assets/crontab /root/
 RUN crontab -u gitea /root/crontab
 
@@ -116,5 +119,5 @@ RUN crontab -u gitea /root/crontab
 ###
 
 # bugfix for cron
-COPY bugfix/cronfix /root/
+COPY assets/bugfix/cronfix /root/
 RUN chmod +x /root/cronfix && /root/cronfix
diff --git a/gitea/assets/app.ini.esh.esh b/gitea/assets/app.config.ini
similarity index 72%
rename from gitea/assets/app.ini.esh.esh
rename to gitea/assets/app.config.ini
index 27c764c..1a602f7 100644
--- a/gitea/assets/app.ini.esh.esh
+++ b/gitea/assets/app.config.ini
@@ -1,15 +1,8 @@
-<%% . /vol/data/hostvars -%>
-APP_NAME = <%%= $pagename %>
+[DEFAULT]
 RUN_USER = gitea
 RUN_MODE = prod
 
-[oauth2]
-JWT_SECRET = <%= $(gitea generate secret JWT_SECRET) %>
-
 [security]
-INTERNAL_TOKEN = <%= $(gitea generate secret INTERNAL_TOKEN) %>
-INSTALL_LOCK   = true
-SECRET_KEY     = <%= $(gitea generate secret SECRET_KEY) %>
 ; disable password complexity checks
 PASSWORD_COMPLEXITY = off
 
@@ -27,16 +20,11 @@ PATH     = /var/lib/gitea/data/gitea.db
 ROOT = /vol/git/repos
 
 [server]
-DOMAIN           = <%% $domain %>
-ROOT_URL         = https://<%% $domain %>/
-HTTP_PORT        = 80
 START_SSH_SERVER = false
-SSH_PORT         = <%% $sshport %%>
 SSH_CREATE_AUTHORIZED_KEYS_FILE = true
 SSH_AUTHORIZED_KEYS_BACKUP = false
 LFS_START_SERVER = true
 LFS_CONTENT_PATH = /vol/git/lfs
-LFS_JWT_SECRET   = <%= $(gitea generate secret JWT_SECRET) %>
 OFFLINE_MODE     = true
 
 [mailer]
diff --git a/gitea/bugfix/cronfix b/gitea/assets/bugfix/cronfix
similarity index 100%
rename from gitea/bugfix/cronfix
rename to gitea/assets/bugfix/cronfix
diff --git a/gitea/assets/gitea.service b/gitea/assets/gitea.service
index 6780d43..c703d95 100644
--- a/gitea/assets/gitea.service
+++ b/gitea/assets/gitea.service
@@ -19,7 +19,7 @@ WorkingDirectory=/var/lib/gitea/
 # If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
 # (manually creating /run/gitea doesn't work, because it would not persist across reboots)
 #RuntimeDirectory=gitea
-ExecStartPre=/usr/local/bin/esh /etc/gitea/app.ini.esh
+ExecStartPre=/bin/bash -c "cat /vol/data/app.host.ini /vol/data/app.secret.ini /etc/gitea/app.config.ini > /etc/gitea/app.ini"
 ExecStartPre=/usr/local/bin/gitea --config /etc/gitea/app.ini admin regenerate keys
 ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
 Restart=always
diff --git a/gitea/data/app.host.ini b/gitea/data/app.host.ini
new file mode 100644
index 0000000..37ba62a
--- /dev/null
+++ b/gitea/data/app.host.ini
@@ -0,0 +1,8 @@
+[DEFAULT]
+APP_NAME = My Title Page Name
+
+[server]
+DOMAIN           = git.example.com
+ROOT_URL         = https://git.example.com/
+HTTP_PORT        = 80
+SSH_PORT         = 22
diff --git a/gitea/data/app.secret.ini b/gitea/data/app.secret.ini
new file mode 100644
index 0000000..b4fc202
--- /dev/null
+++ b/gitea/data/app.secret.ini
@@ -0,0 +1,10 @@
+[oauth2]
+JWT_SECRET = $(gitea generate secret JWT_SECRET)
+
+[security]
+INTERNAL_TOKEN = $(gitea generate secret INTERNAL_TOKEN)
+SECRET_KEY     = $(gitea generate secret SECRET_KEY)
+INSTALL_LOCK   = true
+
+[server]
+LFS_JWT_SECRET   = $(gitea generate secret JWT_SECRET)