opendev/system-config
Code Issues Proposed changes

Update gitea to v1.10.0

Browse Source 
1.10 introduces a PASSWORD_COMPLEXITY setting with a default value
of lower,upper,digit,spec - which requires passwords to have an
upper, lower, digit and special character. Our example password does
not have this, so set the PASSWORD_COMPLEXITY setting. We could
alternately leave it at the default and ensure that our passwords
meet the spec.

The sshd_config file is templated now, so we can set the listen port
via env var.

Change-Id: I6e4b595eabb9c6885d78fff1109ea9f602e89ef7
This commit is contained in:
Monty Taylor 2019-10-24 16:33:12 +09:00
parent 9f6df6deaf
commit b3e5f0cab0
6 changed files with 49 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docker/gitea/Dockerfile
View File

@ -26,7 +26,7 @@ FROM docker.io/library/golang:1.13-buster AS build-env
LABEL maintainer="infra-root@openstack.org"
ARG GITEA_VERSION="v1.9.6"
ARG GITEA_VERSION="v1.10.0"
ENV TAGS "bindata $TAGS"
#Build deps
@ -70,8 +70,6 @@ RUN addgroup --system --gid 1000 git \
# Copy the /etc config files and entrypoint script
COPY --from=build-env /go/src/code.gitea.io/gitea/docker/root /
# Copy our custom sshd_config
COPY sshd_config /etc/ssh/sshd_config
# Copy the app
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea

90
docker/gitea/custom/templates/repo/header.tmpl
View File

@ -12,62 +12,60 @@
<div class="divider"> / </div>
<a href="{{$.RepoLink}}">{{.Name}}</a>
{{if .IsArchived}}<i class="archive icon archived-icon"></i>{{end}}
{{if .IsMirror}}<div class="fork-flag">{{$.i18n.Tr "repo.mirror_from"}} <a target="_blank" rel="noopener noreferrer" href="{{$.Mirror.Address}}">{{$.Mirror.Address}}</a></div>{{end}}
{{if .IsMirror}}<div class="fork-flag">{{$.i18n.Tr "repo.mirror_from"}} <a target="_blank" rel="noopener noreferrer" href="{{MirrorAddress $.Mirror}}">{{MirrorAddress $.Mirror}}</a></div>{{end}}
{{if .IsFork}}<div class="fork-flag">{{$.i18n.Tr "repo.forked_from"}} <a href="{{.BaseRepo.Link}}">{{SubStr .BaseRepo.RelLink 1 -1}}</a></div>{{end}}
</div>
</div><!-- end grid -->
</div><!-- end container -->
{{end}}
{{if not .IsDiffCompare}}
<div class="ui tabs container">
<div class="ui tabular stackable menu navbar">
{{if .Permission.CanRead $.UnitTypeCode}}
<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/{{.BranchNameSubURL | EscapePound}}{{end}}">
<i class="octicon octicon-code"></i> {{.i18n.Tr "repo.code"}}
</a>
{{end}}
<div class="ui tabs container">
{{if not .Repository.IsBeingCreated}}
<div class="ui tabular stackable menu navbar">
{{if .Permission.CanRead $.UnitTypeCode}}
<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/{{.BranchNameSubURL | EscapePound}}{{end}}">
<i class="octicon octicon-code"></i> {{.i18n.Tr "repo.code"}}
</a>
{{end}}
{{if .Permission.CanRead $.UnitTypeIssues}}
<a class="{{if .PageIsIssueList}}active{{end}} item" href="{{.RepoLink}}/issues">
<i class="octicon octicon-issue-opened"></i> {{.i18n.Tr "repo.issues"}} <span class="ui {{if not .Repository.NumOpenIssues}}gray{{else}}blue{{end}} small label">{{.Repository.NumOpenIssues}}</span>
</a>
{{end}}
{{if .Permission.CanRead $.UnitTypeIssues}}
<a class="{{if .PageIsIssueList}}active{{end}} item" href="{{.RepoLink}}/issues">
<i class="octicon octicon-issue-opened"></i> {{.i18n.Tr "repo.issues"}} <span class="ui {{if not .Repository.NumOpenIssues}}gray{{else}}blue{{end}} small label">{{.Repository.NumOpenIssues}}</span>
</a>
{{end}}
{{if .Permission.CanRead $.UnitTypeExternalTracker}}
<a class="{{if .PageIsIssueList}}active{{end}} item" href="{{.RepoExternalIssuesLink}}" target="_blank" rel="noopener noreferrer">
<i class="octicon octicon-link-external"></i> {{.i18n.Tr "repo.issues"}}
</a>
{{end}}
{{if .Permission.CanRead $.UnitTypeExternalTracker}}
<a class="{{if .PageIsIssueList}}active{{end}} item" href="{{.RepoExternalIssuesLink}}" target="_blank" rel="noopener noreferrer">
<i class="octicon octicon-link-external"></i> {{.i18n.Tr "repo.issues"}} </span>
</a>
{{end}}
{{if and .Repository.CanEnablePulls (.Permission.CanRead $.UnitTypePullRequests)}}
<a class="{{if .PageIsPullList}}active{{end}} item" href="{{.RepoLink}}/pulls">
<i class="octicon octicon-git-pull-request"></i> {{.i18n.Tr "repo.pulls"}} <span class="ui {{if not .Repository.NumOpenPulls}}gray{{else}}blue{{end}} small label">{{.Repository.NumOpenPulls}}</span>
</a>
{{end}}
{{if and .Repository.CanEnablePulls (.Permission.CanRead $.UnitTypePullRequests)}}
<a class="{{if .PageIsPullList}}active{{end}} item" href="{{.RepoLink}}/pulls">
<i class="octicon octicon-git-pull-request"></i> {{.i18n.Tr "repo.pulls"}} <span class="ui {{if not .Repository.NumOpenPulls}}gray{{else}}blue{{end}} small label">{{.Repository.NumOpenPulls}}</span>
</a>
{{end}}
<a class="item" href="https://review.opendev.org/#/q/status:open+project:{{.Owner.Name}}/{{.Repository.Name}}">
<i class="octicon octicon-git-pull-request"></i> Proposed changes
</a>
<a class="item" href="https://review.opendev.org/#/q/status:open+project:{{.Owner.Name}}/{{.Repository.Name}}">
<i class="octicon octicon-git-pull-request"></i> Proposed changes
</a>
{{if or (.Permission.CanRead $.UnitTypeWiki) (.Permission.CanRead $.UnitTypeExternalWiki)}}
<a class="{{if .PageIsWiki}}active{{end}} item" href="{{.RepoLink}}/wiki" {{if (.Permission.CanRead $.UnitTypeExternalWiki)}} target="_blank" rel="noopener noreferrer" {{end}}>
<i class="octicon octicon-book"></i> {{.i18n.Tr "repo.wiki"}}
</a>
{{end}}
{{if or (.Permission.CanRead $.UnitTypeWiki) (.Permission.CanRead $.UnitTypeExternalWiki)}}
<a class="{{if .PageIsWiki}}active{{end}} item" href="{{.RepoLink}}/wiki" {{if (.Permission.CanRead $.UnitTypeExternalWiki)}} target="_blank" rel="noopener noreferrer" {{end}}>
<i class="octicon octicon-book"></i> {{.i18n.Tr "repo.wiki"}}
</a>
{{end}}
{{template "custom/extra_tabs" .}}
{{template "custom/extra_tabs" .}}
{{if .Permission.IsAdmin}}
<div class="right menu">
<a class="{{if .PageIsSettings}}active{{end}} item" href="{{.RepoLink}}/settings">
<i class="octicon octicon-tools"></i> {{.i18n.Tr "repo.settings"}}
</a>
</div>
{{end}}
</div>
</div>
<div class="ui tabs divider"></div>
{{else}}
<div class="ui divider"></div>
{{end}}
{{if .Permission.IsAdmin}}
<div class="right menu">
<a class="{{if .PageIsSettings}}active{{end}} item" href="{{.RepoLink}}/settings">
<i class="octicon octicon-tools"></i> {{.i18n.Tr "repo.settings"}}
</a>
</div>
{{end}}
</div>
{{end}}
</div>
<div class="ui tabs divider"></div>
</div>

33
docker/gitea/sshd_config
View File

@ -1,33 +0,0 @@
Port 222
Protocol 2
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
LogLevel INFO
HostKey /data/ssh/ssh_host_ed25519_key
HostKey /data/ssh/ssh_host_rsa_key
HostKey /data/ssh/ssh_host_dsa_key
HostKey /data/ssh/ssh_host_ecdsa_key
AuthorizedKeysFile .ssh/authorized_keys
UseDNS no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PermitUserEnvironment yes
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
AllowUsers git
Banner none
Subsystem sftp /usr/lib/ssh/sftp-server
AcceptEnv GIT_PROTOCOL

1
playbooks/roles/gitea/tasks/main.yaml
View File

@ -86,6 +86,7 @@
email: "gerrit@review.opendev.org"
full_name: Gerrit
login_name: gerrit
must_change_password: false
password: "{{ gitea_gerrit_password }}"
send_notify: false
source_id: 0

1
playbooks/roles/gitea/templates/app.ini.j2
View File

@ -56,6 +56,7 @@ LEVEL = Info
INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
PASSWORD_COMPLEXITY = lower,upper,digit
[service]
DISABLE_REGISTRATION = true

2
playbooks/roles/gitea/templates/docker-compose.yaml.j2
View File

@ -35,6 +35,8 @@ services:
gitea-ssh:
depends_on:
- mariadb
environment:
- SSH_LISTEN_PORT=222
image: opendevorg/gitea-openssh
network_mode: host
restart: always