| #!/bin/bash |
| |
| # This script runs in an initContainer (once, using /data/.gitea_bootstrap_done |
| # as a witness file) and is responsible for setting up and configuring: |
| # * initial admin user |
| # * hswaw OpenID Connect provider |
| # * hswaw LDAP user database |
| |
| set -e -o pipefail |
| |
| if [[ -f '/data/.gitea_bootstrap_done' ]]; then |
| echo '/data/.gitea_bootstrap_done exists, not doing anything' |
| exit 0 |
| fi |
| |
| /app/gitea/gitea admin user create --username bofh --password ${ADMIN_PASSWORD} --email bofh@hackerspace.pl --admin --must-change-password=false |
| /app/gitea/gitea admin auth add-oauth --name hswaw-oidc --provider openidConnect --key ${SSO_CLIENT_ID} --secret ${SSO_CLIENT_SECRET} --auto-discover-url https://sso.hackerspace.pl/.well-known/openid-configuration |
| /app/gitea/gitea admin auth add-ldap --name hswaw-ldap --active --security-protocol ldaps --host ldap.hackerspace.pl --port 636 --bind-dn ${LDAP_BIND_DN} --bind-password ${LDAP_BIND_PASSWORD} --user-search-base "ou=People,dc=hackerspace,dc=pl" --user-filter "(&(objectclass=hsMember)(uid=%[1]s)(|(memberOf=cn=fatty,ou=Group,dc=hackerspace,dc=pl)(memberOf=cn=starving,ou=Group,dc=hackerspace,dc=pl)(memberOf=cn=potato,ou=Group,dc=hackerspace,dc=pl)))" --admin-filter "(memberOf=cn=staff,ou=Group,dc=hackerspace,dc=pl)" --username-attribute uid --email-attribute mail --public-ssh-key-attribute sshPublicKey --synchronize-users |
| touch /data/.gitea_bootstrap_done |