stack/kustomizations/forgejo/scripts/generate-forgejo-secret.sh

34 lines
1.1 KiB
Bash
Raw Normal View History

2023-05-16 01:51:42 +00:00
#!/bin/sh
if test -t 1; then
# This is not foolproof. Can easily be beat by doing |cat. This is just to
# make it less likely that secrets are output to terminal.
echo "Error: Not outputting secret to stdout; redirect output to a file or" \
"pipe output to \`sops\`." >/dev/stderr
exit 1
fi
FORGEJO_VERSION="1.19.3"
FORGEJO_TAG="sha256:e1e2a9930afe7e4e6c53b7d250072e5f890894da71df681510b6b513f38d0c36"
FORGEJO_SLUG="${FORGEJO_VERSION}@${FORGEJO_TAG}"
forgejo() {
# TODO: make this extract image tag from kustomization?
docker run "codeberg.org/forgejo/forgejo:$FORGEJO_SLUG" forgejo "$@"
}
GITEA__SERVER__LFS_JWT_SECRET="$(forgejo generate secret LFS_JWT_SECRET)"
GITEA__SECURITY__SECRET_KEY="$(forgejo generate secret SECRET_KEY)"
GITEA__SECURITY__INTERNAL_TOKEN="$(forgejo generate secret INTERNAL_TOKEN)"
cat <<EOF
apiVersion: v1
kind: Secret
metadata:
name: forgejo-config
stringData:
GITEA__SERVER__LFS_JWT_SECRET: ${GITEA__SERVER__LFS_JWT_SECRET}
GITEA__SECURITY__SECRET_KEY: ${GITEA__SECURITY__SECRET_KEY}
GITEA__SECURITY__INTERNAL_TOKEN: ${GITEA__SECURITY__INTERNAL_TOKEN}
EOF