Fix linter

2022-04-01 22:54:46 +02:00 · 2022-04-01 22:54:46 +02:00 · fc1befe9f8
parent d43bc11857
commit fc1befe9f8
11 changed files with 107 additions and 82 deletions
--- a/conf/app.ini
+++ b/conf/app.ini
@ -21,7 +21,7 @@ FORCE_PRIVATE = false
 DOMAIN       = __DOMAIN__
 HTTP_PORT    = __PORT__
 HTTP_ADDR    = 127.0.0.1
-ROOT_URL     = https://__URL__/
+ROOT_URL     = https://__DOMAIN____PATH_URL__
 DISABLE_SSH  = false
 SSH_PORT     = __SSH_PORT__
 OFFLINE_MODE = false
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -6,11 +6,6 @@ location __PATH__/ {
    client_max_body_size        200M;
    proxy_set_header X-Real-IP $remote_addr;

-    # Force https
-    if ($scheme = http) {
-        rewrite ^ https://$server_name$request_uri? permanent;
-     }
-
    # Include SSOWAT user panel.
    include conf.d/yunohost_panel.conf.inc;
 }
--- a/doc/DESCRIPTION.md
+++ b/doc/DESCRIPTION.md
@ -0,0 +1 @@
+Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github.
--- a/doc/DISCLAIMER.md
+++ b/doc/DISCLAIMER.md
@ -0,0 +1,77 @@
+Additional informations
+-----------------------
+
+### Notes on SSH usage
+
+If you want to use Gitea with ssh and be able to pull/push with you ssh key, your ssh daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gitea:
+
+```bash
+PubkeyAuthentication yes
+AuthorizedKeysFile /home/%u/.ssh/authorized_keys
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+UsePAM no
+```
+
+You also need to add your public key to your Gitea profile.
+
+If you use ssh on another port than 22, you need to add theses lines to your ssh config in `~/.ssh/config`:
+
+```bash
+Host domain.tld
+    port 2222 # change this with the port you use
+```
+
+### Upgrade
+
+By default a backup is made before the upgrade. To avoid this you have theses following possibilites:
+- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. By example `NO_BACKUP_UPGRADE=1 yunohost app upgrade gitea`.
+- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command:
+
+`yunohost app setting gitea disable_backup_before_upgrade -v 1`
+
+After this settings will be applied for **all** next upgrade.
+
+From command line:
+
+`yunohost app upgrade gitea`
+
+### Backup
+
+This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
+
+- Stop gitea service with theses following command:
+
+`systemctl stop gitea.service`
+
+- Launch the backup of gitea with this following command:
+
+`yunohost backup create --app gitea`
+
+- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/gitea`.
+- Restart the gitea service with theses command:
+
+`systemctl start gitea.service`
+
+### Remove
+
+Due of the backup core only feature the data directory in `/home/gitea` **is not removed**. It need to be removed manually to purge app user data.
+
+### LFS setup
+To use a repository with an `LFS` setup, you need to activate-it on `/opt/gitea/custom/conf/app.ini`
+```ini
+[server]
+LFS_START_SERVER = true
+LFS_HTTP_AUTH_EXPIRY = 20m
+```
+By default Nginx is setup with a max value to updload files at 200 Mo. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`.
+```
+client_max_body_size 200M;
+```
+Don't forget to restart Gitea `sudo systemctl restart gitea.service`.
+
+> This settings are restored to the default config when Gitea is updated. Don't forget to restore your setup after all updates.
+
+### Git command access with HTTPS
+
+If you want to use the git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**.
--- a/manifest.json
+++ b/manifest.json
@ -6,6 +6,12 @@
        "en": "Lightweight Git forge",
        "fr": "Forge Git légère"
    },
+    "upstream": {
+        "license": "free",
+        "website": "https://gitea.io/",
+        "admindoc": "https://docs.gitea.io/",
+        "code": "https://github.com/go-gitea/gitea"
+    },
    "url": "http://gitea.io",
    "license": "MIT",
    "version": "1.16.5~ynh1",
@ -29,39 +35,20 @@
        "install" : [
            {
                "name": "domain",
-                "type": "domain",
-                "ask": {
-                    "en": "Choose a domain for Gitea",
-                    "fr": "Choisissez un domaine pour Gitea"
-                },
-                "example": "domain.org"
+                "type": "domain"
            },
            {
                "name": "path",
                "type": "path",
-                "ask": {
-                    "en": "Choose a path for Gitea",
-                    "fr": "Choisissez un chemin pour Gitea"
-                },
-                "example": "/gitea",
                "default": "/gitea"
            },
            {
                "name": "admin",
-                "type": "user",
-                "ask": {
-                    "en": "Choose the Gitea administrator (must be an existing YunoHost user)",
-                    "fr": "Choisissez l'administrateur de Gitea (doit être un utilisateur YunoHost existant)"
-                },
-                "example": "johndoe"
+                "type": "user"
            },
            {
                "name": "is_public",
                "type": "boolean",
-                "ask": {
-                    "en": "Is it a public site?",
-                    "fr": "Est-ce un site public ?"
-                },
 				"help": { 
 					"en": "A public server means that everybody is able to access to the main page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote Git command (clone, pull, push) with HTTP and to use the API by (by example with a smartphone), you need to set this application as public.",
 					"fr": "Un serveur public signifie que tout le monde peut accéder à la page principale de la forge, au profil public des utilisateurs et aux dépôts publics. Vous pouvez également définir les dépôts comme étant privés. Notez que pour pouvoir utiliser les commandes Git distantes (clone, pull, push) avec HTTP et pour pouvoir utiliser l'API (par exemple avec un smartphone), vous devez paramétrer cette application comme étant publique."
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -4,7 +4,7 @@

 app=$YNH_APP_INSTANCE_NAME
 dbname=$app
-dbuser=$app
+db_user=$app
 final_path="/opt/$app"
 DATADIR="/home/$app"
 REPO_PATH="$DATADIR/repositories"
@ -53,29 +53,7 @@ config_nginx() {

 config_gitea() {
    ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
-    ynh_backup_if_checksum_is_different --file "$final_path/custom/conf/app.ini"
-
-    cp ../conf/app.ini "$final_path/custom/conf"
-    usermod -s /bin/bash $app
-
-    if [ "$path_url" = "/" ]
-    then
-        ynh_replace_string --match_string __URL__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini"
-    else
-        ynh_replace_string --match_string __URL__ --replace_string "$domain${path_url%/}" --target_file "$final_path/custom/conf/app.ini"
-    fi
-
-    ynh_replace_string --match_string __REPOS_PATH__ --replace_string "$REPO_PATH" --target_file "$final_path/custom/conf/app.ini"
-    ynh_replace_string --match_string __DB_PASSWORD__ --replace_string "$dbpass" --target_file "$final_path/custom/conf/app.ini"
-    ynh_replace_string --match_string __DB_USER__ --replace_string "$dbuser" --target_file "$final_path/custom/conf/app.ini"
-    ynh_replace_string --match_string __DOMAIN__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini"
-    ynh_replace_string --match_string __KEY__ --replace_string "$key" --target_file "$final_path/custom/conf/app.ini"
-    ynh_replace_string --match_string __DATA_PATH__ --replace_string "$DATA_PATH" --target_file "$final_path/custom/conf/app.ini"
-    ynh_replace_string --match_string __PORT__ --replace_string $port --target_file "$final_path/custom/conf/app.ini"
-    ynh_replace_string --match_string __APP__ --replace_string $app --target_file "$final_path/custom/conf/app.ini"
-    ynh_replace_string --match_string __SSH_PORT__ --replace_string $ssh_port --target_file "$final_path/custom/conf/app.ini"
-
-    ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"
+    ynh_add_config --template="app.ini" --destination="$final_path/custom/conf/app.ini"
 }

 set_permission() {
@ -89,10 +67,3 @@ set_permission() {
    chmod u=rwX,g=rX,o= "/home/$app"
    chmod u=rwX,g=rX,o= "/var/log/$app"
 }
-
-set_access_settings() {
-    if [ "$is_public" == '1' ];
-    then
-        ynh_permission_update --permission "main" --add "visitors"
-    fi
-}
--- a/scripts/change_url
+++ b/scripts/change_url
@ -22,7 +22,7 @@ domain=$YNH_APP_NEW_DOMAIN
 path_url=$(ynh_normalize_url_path --path_url ${YNH_APP_NEW_PATH:-'/'})
 app=$YNH_APP_INSTANCE_NAME

-dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
+DB_PASSWORD=$(ynh_app_setting_get --app $app --key mysqlpwd)
 admin=$(ynh_app_setting_get --app $app --key adminusername)
 key=$(ynh_app_setting_get --app $app --key secret_key)
 port=$(ynh_app_setting_get --app $app --key web_port)
--- a/scripts/install
+++ b/scripts/install
@ -41,7 +41,7 @@ fi

 # Generate random password and key
 ynh_script_progression --message="Defining db password and key..."
-dbpass=$(ynh_string_random)
+DB_PASSWORD=$(ynh_string_random)
 key=$(ynh_string_random)

 # Find available ports
@ -49,9 +49,8 @@ port=$(ynh_find_port --port 6000)

 # Store Settings
 ynh_script_progression --message="Storing installation settings..."
-ynh_app_setting_set --app $app --key mysqlpwd --value $dbpass
+ynh_app_setting_set --app $app --key mysqlpwd --value $DB_PASSWORD
 ynh_app_setting_set --app $app --key adminusername --value $admin
-ynh_app_setting_set --app $app --key is_public --value $is_public
 ynh_app_setting_set --app $app --key secret_key --value $key
 ynh_app_setting_set --app $app --key web_port --value $port

@ -61,7 +60,7 @@ ynh_app_setting_set --app $app --key web_port --value $port

 # Initialize database and store mysql password for upgrade
 ynh_script_progression --message="Configuring MySQL database..."
-ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
+ynh_mysql_create_db "$dbname" "$db_user" "$DB_PASSWORD"

 # Add users
 ynh_script_progression --message="Configuring system user..."
@ -99,14 +98,14 @@ ynh_script_progression --message="Configuring application, step 2/2..."
 systemctl start "$app".service

 # Wait untill login_source mysql table is created
-while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname"  <<< "SELECT * FROM login_source;" &>/dev/null)
+while ! $(ynh_mysql_connect_as "$db_user" "$DB_PASSWORD" "$dbname"  <<< "SELECT * FROM login_source;" &>/dev/null)
 do
    sleep 2
 done

 # Add ldap config
 ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
+ynh_mysql_connect_as "$db_user" "$DB_PASSWORD" "$dbname" < ../conf/login_source.sql

 # SETUP FAIL2BAN
 ynh_script_progression --message="Configuring fail2ban..."
@ -118,7 +117,10 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile

 # Unprotect root from SSO if public
 ynh_script_progression --message="Protecting directory"
-set_access_settings
+if [ "$is_public" == '1' ];
+then
+    ynh_permission_update --permission "main" --add "visitors"
+fi

 # Create permission
 ynh_script_progression --message="Configuring permissions"
--- a/scripts/remove
+++ b/scripts/remove
@ -27,7 +27,7 @@ systemctl stop "$app".service
 # Drop MySQL database and user
 ynh_script_progression --message="Removing databases..."
 ynh_mysql_drop_db "$dbname" 2>/dev/null
-ynh_mysql_drop_user "$dbuser" 2>/dev/null
+ynh_mysql_drop_user "$db_user" 2>/dev/null

 # Delete app directory and configurations
 ynh_script_progression --message="Removing code..."
--- a/scripts/restore
+++ b/scripts/restore
@ -19,14 +19,11 @@ ynh_script_progression --message="Loading settings..."
 # Retrieve old app settings
 domain=$(ynh_app_setting_get --app $app --key domain)
 path_url=$(ynh_app_setting_get --app $app --key path)
-dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
+DB_PASSWORD=$(ynh_app_setting_get --app $app --key mysqlpwd)
 admin=$(ynh_app_setting_get --app $app --key adminusername)
 port=$(ynh_app_setting_get --app $app --key web_port)
 upstream_version=$(ynh_app_setting_get $app upstream_version)

-# Check domain/path availability with app helper
-ynh_webpath_available --domain $domain --path_url $path_url || ynh_die --message "$domain is not available as domain, please use an other domain."
-
 # Check user parameter
 ynh_user_exists "$admin" \
  || ynh_die --message "The chosen admin user does not exist."
@ -48,8 +45,8 @@ ynh_restore

 # Create and restore the database
 ynh_script_progression --message="Restoring database..." --weight=3
-ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql
+ynh_mysql_create_db "$dbname" "$db_user" "$DB_PASSWORD"
+ynh_mysql_connect_as "$db_user" "$DB_PASSWORD" "$dbname" < ./db.sql

 # Restore systemd files
 systemctl daemon-reload
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -18,10 +18,9 @@ ynh_abort_if_errors
 ynh_script_progression --message="Loading installation settings..."
 domain=$(ynh_app_setting_get --app $app --key domain)
 path_url=$(ynh_normalize_url_path --path_url $(ynh_app_setting_get --app $app --key path))
-dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
+DB_PASSWORD=$(ynh_app_setting_get --app $app --key mysqlpwd)
 admin=$(ynh_app_setting_get --app $app --key adminusername)
 key=$(ynh_app_setting_get --app $app --key secret_key)
-is_public=$(ynh_app_setting_get --app $app --key is_public)
 port=$(ynh_app_setting_get --app $app --key web_port)
 upstream_version=$(ynh_app_setting_get --app $app --key upstream_version)

@ -56,7 +55,7 @@ ynh_handle_app_migration --migration_id=gogs --migration_list=gogs_migrations
 if [[ $migration_process -eq 1 ]]; then
    # Reload variables
    dbname=$app
-    dbuser=$app
+    db_user=$app
    final_path="/opt/$app"
    DATADIR="/home/$app"
    REPO_PATH="$DATADIR/repositories"
@ -74,7 +73,7 @@ if [[ $migration_process -eq 1 ]]; then

    # Restore authentication from SQL database
    ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql
-    ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
+    ynh_mysql_connect_as "$db_user" "$DB_PASSWORD" "$dbname" < ../conf/login_source.sql

    # Fix hooks
    if [[ -e $REPO_PATH ]];then
@ -224,11 +223,7 @@ if ! ynh_permission_exists --permission admin; then
    ynh_permission_create --permission 'admin' --allowed "$admin"
    # Update ldap config
    ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
-    ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
-fi
-if [ "$is_public" == '1' ];
-then
-    ynh_permission_update --permission "main" --add "visitors"
+    ynh_mysql_connect_as "$db_user" "$DB_PASSWORD" "$dbname" < ../conf/login_source.sql
 fi

 # Add gitea to YunoHost's monitored services
				`@ -0,0 +1 @@`
				`Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github.`