From fd5d17c628344c3697d85cb14ed01fa52df38aff Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Tue, 28 Apr 2020 01:14:09 -0400
Subject: try out gitea

---
 manifests/tozt.pp                       |  3 +-
 modules/gitea/files/override.conf       |  2 +
 modules/gitea/manifests/init.pp         | 78 +++++++++++++++++++++++++++++++++
 modules/gitea/templates/app.ini         | 22 ++++++++++
 modules/tozt/files/nginx/gitea-tls.conf | 14 ++++++
 modules/tozt/manifests/gitea.pp         | 13 ++++++
 6 files changed, 131 insertions(+), 1 deletion(-)
 create mode 100644 modules/gitea/files/override.conf
 create mode 100644 modules/gitea/manifests/init.pp
 create mode 100644 modules/gitea/templates/app.ini
 create mode 100644 modules/tozt/files/nginx/gitea-tls.conf
 create mode 100644 modules/tozt/manifests/gitea.pp

diff --git a/manifests/tozt.pp b/manifests/tozt.pp
index 79294fb..9271f33 100644
--- a/manifests/tozt.pp
+++ b/manifests/tozt.pp
@@ -14,7 +14,8 @@ node 'tozt', 'tozt.localdomain' {
 
   include tozt::backups
   include tozt::bitwarden
-  include tozt::git
+  # include tozt::git
+  include tozt::gitea
   include tozt::metabase
   include tozt::monitoring
   include tozt::munin
diff --git a/modules/gitea/files/override.conf b/modules/gitea/files/override.conf
new file mode 100644
index 0000000..7ccc03b
--- /dev/null
+++ b/modules/gitea/files/override.conf
@@ -0,0 +1,2 @@
+[Service]
+Environment=USER=gitea HOME=/media/persistent/gitea/home GITEA_WORK_DIR=/media/persistent/gitea/work GITEA_CUSTOM=/media/persistent/gitea/custom
diff --git a/modules/gitea/manifests/init.pp b/modules/gitea/manifests/init.pp
new file mode 100644
index 0000000..a0a4447
--- /dev/null
+++ b/modules/gitea/manifests/init.pp
@@ -0,0 +1,78 @@
+class gitea {
+  include systemd
+
+  package { "gitea":
+    ensure => installed;
+  }
+
+  service { "gitea":
+    ensure => running,
+    enable => true,
+    require => [
+      Package['gitea'],
+      File['/etc/systemd/system/gitea.service.d/override.conf'],
+      Exec["/usr/bin/systemctl daemon-reload"],
+      File['/media/persistent/gitea/home'],
+      File['/media/persistent/gitea/work'],
+      File['/media/persistent/gitea/custom/conf/app.ini'],
+      File['/media/persistent/gitea/repos'],
+    ];
+  }
+
+  $secret_key = secret::value('gitea_secret_key')
+  $jwt_secret = secret::value('gitea_jwt_secret')
+
+  file {
+    '/media/persistent/gitea':
+      ensure => directory;
+    '/media/persistent/gitea/home':
+      ensure => directory,
+      user => 'gitea',
+      group => 'gitea',
+      require => [
+        Package['gitea'],
+        File['/media/persistent/gitea'],
+      ];
+    '/media/persistent/gitea/work':
+      ensure => directory,
+      user => 'gitea',
+      group => 'gitea',
+      require => [
+        Package['gitea'],
+        File['/media/persistent/gitea'],
+      ];
+    '/media/persistent/gitea/custom':
+      ensure => directory,
+      user => 'gitea',
+      group => 'gitea',
+      require => [
+        Package['gitea'],
+        File['/media/persistent/gitea'],
+      ];
+    '/media/persistent/gitea/custom/conf':
+      ensure => directory,
+      user => 'gitea',
+      group => 'gitea',
+      require => [
+        Package['gitea'],
+        File['/media/persistent/gitea'],
+      ];
+    '/media/persistent/gitea/custom/conf/app.ini':
+      content => template('gitea/app.ini'),
+      require => File['/media/persistent/gitea/custom/conf'];
+    '/media/persistent/gitea/repos':
+      ensure => directory,
+      user => 'gitea',
+      group => 'gitea',
+      require => [
+        Package['gitea'],
+        File['/media/persistent/gitea'],
+      ];
+    '/etc/systemd/system/gitea.service.d':
+      ensure => directory;
+    '/etc/systemd/system/gitea.service.d/override.conf':
+      source => 'puppet:///modules/gitea/override.conf',
+      notify => Exec["/usr/bin/systemctl daemon-reload"],
+      require => File["/etc/systemd/system/gitea.service.d"];
+  }
+}
diff --git a/modules/gitea/templates/app.ini b/modules/gitea/templates/app.ini
new file mode 100644
index 0000000..3ba8f0b
--- /dev/null
+++ b/modules/gitea/templates/app.ini
@@ -0,0 +1,22 @@
+APP_NAME = git.tozt.net
+
+[repository]
+ROOT = /media/persistent/gitea/repos
+
+[server]
+PROTOCOL = unix
+DOMAIN = git.tozt.net
+ROOT_URL = https://git.tozt.net/
+HTTP_ADDR = /run/gitea/gitea.sock
+DISABLE_SSH = true
+
+[database]
+DB_TYPE = sqlite3
+PATH = /media/persistent/gitea/gitea.sqlite
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = <%= @secret_key %>
+
+[oauth2]
+JWT_SECRET = <%= @jwt_secret %>
diff --git a/modules/tozt/files/nginx/gitea-tls.conf b/modules/tozt/files/nginx/gitea-tls.conf
new file mode 100644
index 0000000..4649ba5
--- /dev/null
+++ b/modules/tozt/files/nginx/gitea-tls.conf
@@ -0,0 +1,14 @@
+server {
+    listen       443;
+    server_name  git.tozt.net;
+
+    access_log  /var/log/nginx/git.access.log;
+    error_log   /var/log/nginx/git.error.log;
+
+    include ssl;
+
+    location / {
+        proxy_pass http://127.0.0.1:3000/;
+    }
+}
+# vim:ft=nginx
diff --git a/modules/tozt/manifests/gitea.pp b/modules/tozt/manifests/gitea.pp
new file mode 100644
index 0000000..4a2a6be
--- /dev/null
+++ b/modules/tozt/manifests/gitea.pp
@@ -0,0 +1,13 @@
+class tozt::gitea {
+  include gitea
+  include tozt::certbot
+  include tozt::persistent
+
+  nginx::site {
+    "git-tls":
+      source => 'puppet:///modules/tozt/nginx/gitea-tls.conf',
+      require => Class['certbot'];
+    "git":
+      source => 'puppet:///modules/tozt/nginx/git.conf';
+  }
+}
-- 
cgit v1.2.3-54-g00ecf