I do like the idea of having admingroups for each application. This only will be limited if an application is not LDAP/Samba4 aware.
domainadmins could be added by default to each app_admin group
This was my plan unfortunately gitea has an internal account for admin (among other things used for command line interaction) as an consequence its impossible to login as admin. (need to remember to put this in the doc as known limitation)
An other more general issue is: we are not sure if the admin user/group exists. It’s always present if a nethserver acount provider is used (local or extrenal) however could be absent if another (non-nethserver) external account provider is configured.
Save option is the provide a local/internal admin for a app
Great work @mark_nl and @danb35! 
I tested nethserver-gitea-0.0.7-1.ns7.noarch with gitea-1.5.0-2.el7.x86_64 and it works like a charm!
I ran a test vm with domainname domain.local so I’d like to add a domain property to change the original domain like config setprop gitea domain mydomain.com.
I changed /etc/e-smith/templates/etc/gitea/app.ini/01variables to use a domain property if available
{
use NethServer::Password;
use esmith::ConfigDB;
my $Confdb = esmith::ConfigDB->open;
my $gitea = $Confdb->get('gitea') or die "No gitea db entry found\n";
$giteaDomain = $DomainName || 'localdomain';
$giteaFQDN = $gitea->prop('domain') || $SystemName . '.' . $DomainName;
$giteaKey = substr( (esmith::util::genRandomHash()), 0, 20 );
$giteaInternalToken = esmith::util::genRandomHash() . esmith::util::genRandomHash();
$giteaMysqlPassword = NethServer::Password::store('gitea');
my $sshd = $Confdb->get('sshd') or die "No sshd db entry found\n";
...
I pushed the nethserver-gitea repo as a test and it just worked!
I tested with local LDAP and could login as user and watch the repos.
I recognized that the mail address shows only the user name and the Full Name is missing but maybe it’s not really needed.
3 Likes
Thank you testing and reporting!
Yes, good idea! Did not take it on as user might expect it’s going to be the webserver’s virtualhost too. If we do this we should ask for the FQDN and split it up in prefix and mydomain.com and configure the virtualhost in one go… Or what do you think?
Please feel free to comment 
(it’s only getting better if people do!)
2 Likes
Why do you want to split it up? I’d like to be flexible and allow anotherdomain.com as well as vhost.some.domain.com.
1 Like
Can not completely comprehend you ar aiming at. 
Have to admit needed to look up why the domain name (without prefix) was used and it’s a minor topic. It is only used to construct a default email address for the system mailer (ie gittea@domainname)
(lets keep this out of the equation for now.)
a DNS resolvable url is needed on 3 places:
- URL to web interface (
webUrl) - URL for clone/push/pull/…(copy/paste) over https (
httpsUrl) - URL for clone/push/pull/… (copy/past) over SSH (
sshUrl)
(need to check if webUrl == httpsUrl, think so they go through the same proxy)
lets assume we have:
- a sever with FQDN
machine.localdomain.local - a domain name
mydomain.com - a user
user_namewith aproject
Default configuration (AS IS):
webUrl = https://machine.localdomain.local/git
httpsUrl =https://machine.localdomain.local/git/user_name/project.git
sshUrl = gitea@machine.localdomain.local:user_name/project.git
Propsal is ( config setprop gitea VirtualHost git.mydomain.com )
(you can: config setprop gitea VirtualHost machine.mydomain.com)
webUrl =https://git.mydomain.com
httpsUrl =https://git.mydomain.com/user_name/project.git
sshUrl =gitea@git.mydomain.com:user_name/project.git
Note the missing /git in the https urls, that is arbitrary. Putting it make the config a bit simpler, people tend to dislike it…
IIUC you would like to be able to:
webUrl =https://machine.localdomain.local/git
httpsUrl =https://machine.mydomain.com/git/user_name/project.git
sshUrl =gitea@machine.mydomain.com:user_name/project.git
I do not see the advantage, what am i missing 
EDIT:
we can put an RewriteRule or Match ^/git > https://machine.mydomain.com
I think the difference is that if you have a server at server.domain1.com (part of the user provider) and you want to host your gitea at another (sub)domain, for instance code.domain2.org, you need some extra flexibility.
1 Like
Nope, still not get it…
only if you want to multiple locations (web-apps) on code.domain2.org (ie)
code.domain2.org/git
code.domain2.org/webapp2
code.domain2.org/webapp3
I’d like to be able to use another domain than the one in the server FQDN.
The virtualhost feature without /git is another nice feature.
1 Like
so the propsal would work for you?
If not please say so!
Web stuff is not a strong point of me. 
Yes, absolutely.
EDIT:
Tested on a raspberry with nethserver-gitea-0.0.7-1.ns7.noarch and gitea-1.5.0-1.ns7.armv7hl but login does not work, no gitea, no ldap user.
When I delete the db and run signal-event nethserver-gitea-update I get errors in /var/log/messages:
CreateUser: Error 1146: Table 'gitea.email_address' doesn't exist
ERROR 1146 (42S02) at line 1: Table 'gitea.login_source' doesn't exist
The db is populated but some tables seem to be missing. Maybe I am just using a wrong combination of packages?
1 Like
Shifted my attention to x86_64 
see if this salvage the install:
EDIT:
it is changed to should wait in a for loop for max 30 sec, will checked this
1 Like
Thanks, that did it. 
Nice, still need to check this!
EDIT
A bit of backgroud:
I do a lot of testing on arm spinning up a container with nethserver-arm on a odriod. This allows me to kick the container back as you do with a snapshot on a VM
It has as 8 cores (4 big 2MHz, 4 small 1.7Mhz) with a USB 3.0 UAS to sata bridge serving a SSD drive.
Hence I tend to over estimate the capabilities on arm…
Will take more care of this
1 Like
Don’t be afraid to increase the forced timeout. As long as there’s one to break the loop if no proper response is given.
I didn’t do it the last time, but for testing I though to use cpulimit, nice or similar tools to limit the (mysql/gitea) process resources and see if it took longer.
I suggested curl as that was what I tried to know gitea web was up, but ping or ss/netstat on the port might serve the same purpose (IDK).
Tip: curl has some --retry* and --max-time options (ping has similar options as well) that could replace the for loop, but in the end any of those options would accomplish the same.
EDIT: is perlcurl a typo or a program?
1 Like
That’s a Bug! thanks
Also other remarks / suggestion are appreciated and will be taken into account!
1 Like
Did some testing:
installed version 0.0.9 a 5 times and recreated the DB a few times too.
Did this on a PI2 with the most miserable SD card found here.
One install failed: this was mysql not being initialized (it does ring bell’s, you reported troubles with mysql before. And the behavior afterward was root could not create db’s => password error).
All other occasions succeeded.
(nethserver-gitea-0.0.9-1 and gitea-1.5.1-2 are in the arm update repository)
EDIT:
There is a short-cut for testing if you are up to it, IT CAN BREAK YOUR INSTALL
# yum update
# systemctl stop gitea
# mysqldump gitea > gitea.dump
# systemctl stop gitea
# mysql -e "DROP DATABASE gitea"
# rm -rf /var/lib/mysql/gitea/*
# signal-event nethserver-gitea-update
check if all is fine ie you can login
# systemctl stop gitea
# mysql gitea < gitea.dump
# systemctl start gitea
1 Like
I did some tests on my Pi 3 Model B:
I only did DROP DATABASE gitea and signal-event nethserver-gitea-update to test.
After setting the timeout from 30 to 60 it worked 3 from 3 times 
, before I had to create user manually.
1 Like
IMHO it’s ready for Nethforg testing.
@dnutan Kept the for loop for now, it was easy to utilize for debugging: Echoed the index in the journal to check number of times looped.
@danb35 is it ready for testing in the public?
For anyone who like to review and comment:
Don’t hold back, it is appreciated!
5 Likes
It seems to be working for me so far–seems like expanding the pool would be a good idea.