From 1e4b4a9d9a917640173e0771f8c22691e8abfccc Mon Sep 17 00:00:00 2001
From: Julian Ospald <hasufell@posteo.de>
Date: Wed, 6 Jun 2018 19:47:29 +0200
Subject: [PATCH] Fix

---
 Dockerfile              |  19 ++++----
 README.md               |   4 +-
 config/app.ini          |  44 +++++++++++++++++
 config/sshd_config      |   1 -
 config/supervisord.conf |   2 +-
 setup.sh                | 103 +++++++++++++++++++++++++++++-----------
 6 files changed, 133 insertions(+), 40 deletions(-)
 create mode 100644 config/app.ini

diff --git a/Dockerfile b/Dockerfile
index 4b16ee5..85ebea8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -33,31 +33,32 @@ RUN apk --no-cache add \
 		/gopath/src/code.gitea.io/gitea && \
 	TAGS="bindata sqlite pam" make generate build && \
 	apk del build-deps && \
-	mkdir /app/ && \
-	mv /gopath/src/code.gitea.io/gitea /app/gitea && \
+	mkdir -p /app/gitea && \
+	mv /gopath/src/code.gitea.io/gitea/gitea /app/gitea/gitea && \
 	rm -rf "$GOPATH" /var/cache/apk/*
 
-RUN addgroup -S git
-RUN adduser -G git -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && \
-	usermod -p '*' git && passwd -u git
+RUN addgroup -S -g 1000 git
+RUN adduser -G git -S -H -D -g 'Gogs Git User' -h /data/git -s /bin/bash -u 1000 git && \
+	echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd
 ENV USER git
 
 WORKDIR /app/gitea/
 
-# SSH login fix, otherwise user is kicked off after login
-RUN echo "export VISIBLE=now" >> /etc/profile && \
-	echo "PermitUserEnvironment yes" >> /etc/ssh/sshd_config
-
 # Setup ssh
 COPY config/sshd_config /etc/ssh/sshd_config
 
+# template config
+COPY config/app.ini /etc/templates/app.ini
+
 # Prepare data
 ENV GITEA_CUSTOM /data/gitea
 RUN echo "export GITEA_CUSTOM=/data/gitea" >> /etc/profile
 
+# redis
 RUN chown -R redis /var/log/redis
 RUN sed -i -e 's/daemonize yes/daemonize no/' /etc/redis.conf
 
+# supervisord and startup
 COPY setup.sh /setup.sh
 RUN chmod +x /setup.sh
 COPY config/supervisord.conf /etc/supervisord.conf
diff --git a/README.md b/README.md
index 615f379..e1280d3 100644
--- a/README.md
+++ b/README.md
@@ -88,7 +88,7 @@ Note that the initial mysql must be run with
 Make sure:
 * `Database Type` is SQLite3
 * `Domain` is set to your domain
-* `SSH Port` is set to what you specified in `GITEA_SSH_PORT` (or 22 for default)
+* `SSH Port` is set to what you specified in `SSH_PORT` (or 22 for default)
 * `Application URL` is `https://<domain>/` (not `http`) _without_ the Port 3000
 
 ## Update procedure
@@ -101,7 +101,7 @@ docker run -ti -d \
 	--name=gitea \
 	-e VIRTUAL_HOST=<hostname> \
 	-e VIRTUAL_PORT=3000 \
-	-e GITEA_SSH_PORT=<ssh-port> \
+	-e SSH_PORT=<ssh-port> \
 	-p <sshport>:<sshport> \
 	hasufell/alpine-gitea
 ```
diff --git a/config/app.ini b/config/app.ini
new file mode 100644
index 0000000..9e0a3dd
--- /dev/null
+++ b/config/app.ini
@@ -0,0 +1,44 @@
+APP_NAME = $APP_NAME
+RUN_MODE = $RUN_MODE
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+SSH_DOMAIN       = $SSH_DOMAIN
+HTTP_PORT        = $HTTP_PORT
+ROOT_URL         = $ROOT_URL
+DISABLE_SSH      = $DISABLE_SSH
+SSH_PORT         = $SSH_PORT
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = $DB_TYPE
+HOST    = $DB_HOST
+NAME    = $DB_NAME
+USER    = $DB_USER
+PASSWD  = $DB_PASSWD
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = $INSTALL_LOCK
+SECRET_KEY   = $SECRET_KEY
+
+[service]
+DISABLE_REGISTRATION = $DISABLE_REGISTRATION
+REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW
diff --git a/config/sshd_config b/config/sshd_config
index 30c4e23..a6a24e9 100644
--- a/config/sshd_config
+++ b/config/sshd_config
@@ -1,4 +1,3 @@
-Port 22
 AddressFamily any
 ListenAddress 0.0.0.0
 ListenAddress ::
diff --git a/config/supervisord.conf b/config/supervisord.conf
index da7009b..eb5b3ff 100644
--- a/config/supervisord.conf
+++ b/config/supervisord.conf
@@ -12,6 +12,6 @@ autorestart=true
 priority=2
 
 [program:gitea]
-command=sudo -u git /app/gitea/gitea web
+command=su-exec git /app/gitea/gitea web
 autorestart=true
 priority=999
diff --git a/setup.sh b/setup.sh
index e4321e8..c51cb7b 100644
--- a/setup.sh
+++ b/setup.sh
@@ -1,38 +1,87 @@
 #!/bin/bash
 
-if [[ ! -d /data/gitea ]] ; then
-	mkdir -p /var/run/sshd
-	mkdir -p /data/gitea/data /data/gitea/conf /data/gitea/log /data/git /data/gitea/custom
+# create folders
+mkdir -p /data/gitea/log
+
+
+# system ssh
+if [ ! -d /data/ssh ]; then
+    mkdir -p /data/ssh
 fi
 
-if [[ ! -d /data/ssh ]] ; then
-	mkdir /data/ssh
-	ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
-	ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
-	ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
-	chown -R root:root /data/ssh/*
-	chmod 600 /data/ssh/*
+if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
+    echo "Generating /data/ssh/ssh_host_ed25519_key..."
+    ssh-keygen -t ed25519 -b 4096 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
 fi
 
-ln -sf /data/gitea/custom ./custom
-ln -sf /data/gitea/log ./log
-ln -sf /data/gitea/data ./data
-ln -sf /data/git /home/git
-
-
-if [[ ! -d ~git/.ssh ]] ; then
-  mkdir ~git/.ssh
-  chmod 700 ~git/.ssh
+if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_rsa_key..."
+    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
 fi
 
-if [[ ! -f ~git/.ssh/environment ]] ; then
-  echo "GITEA_CUSTOM=/data/gitea" > ~git/.ssh/environment
-  chown git:git ~git/.ssh/environment
-  chown 600 ~git/.ssh/environment
+if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_dsa_key..."
+    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
 fi
 
-chown -R git:git /data .
-
-if [[ ${GITEA_SSH_PORT} ]] ; then
-	echo "Port ${GITEA_SSH_PORT}" >> /etc/ssh/sshd_config
+if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
+    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
 fi
+
+chown root:root /data/ssh/*
+chmod 0700 /data/ssh
+chmod 0600 /data/ssh/*
+
+
+# certs
+/usr/sbin/update-ca-certificates
+
+
+# git ssh
+if [ ! -d /data/git/.ssh ]; then
+    mkdir -p /data/git/.ssh
+    chmod 700 /data/git/.ssh
+fi
+
+if [ ! -f /data/git/.ssh/environment ]; then
+    echo "GITEA_CUSTOM=/data/gitea" >| /data/git/.ssh/environment
+    chmod 600 /data/git/.ssh/environment
+fi
+echo "Port ${SSH_PORT:-22}" >> /etc/ssh/sshd_config
+
+
+# config
+if [ ! -f /data/gitea/conf/app.ini ]; then
+    mkdir -p /data/gitea/conf
+
+    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
+    # INSTALL_LOCK is empty
+    if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
+        INSTALL_LOCK=true
+    fi
+
+    # Substitude the environment variables in the template
+    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+    RUN_MODE=${RUN_MODE:-"dev"} \
+    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
+    HTTP_PORT=${HTTP_PORT:-"3000"} \
+    ROOT_URL=${ROOT_URL:-""} \
+    DISABLE_SSH=${DISABLE_SSH:-"false"} \
+    SSH_PORT=${SSH_PORT:-"22"} \
+    DB_TYPE=${DB_TYPE:-"sqlite3"} \
+    DB_HOST=${DB_HOST:-"localhost:3306"} \
+    DB_NAME=${DB_NAME:-"gitea"} \
+    DB_USER=${DB_USER:-"root"} \
+    DB_PASSWD=${DB_PASSWD:-""} \
+    INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
+    DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
+    REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
+    SECRET_KEY=${SECRET_KEY:-""} \
+    envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini
+fi
+
+# permissions
+chown -R git:git /data/gitea /app/gitea /data/git
+chmod 0755 /data/gitea /app/gitea /data/git
+