From 096d51ecb465d04446e2ebec0afdca558575789d Mon Sep 17 00:00:00 2001
From: Alex Palaistras <alex@deuill.org>
Date: Mon, 19 Sep 2022 14:57:11 +0100
Subject: [PATCH] gitea: Use LDAP authentication by default

New Gitea installations will now use LDAP authentication, typically
provided by the included `lldap` service, over SMTP authentication, as
this is is more flexible.
---
 service/gitea/container/run-gitea | 12 +++++++++---
 service/gitea/gitea.env.template  |  8 +++++---
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/service/gitea/container/run-gitea b/service/gitea/container/run-gitea
index bbacc67..1461c19 100755
--- a/service/gitea/container/run-gitea
+++ b/service/gitea/container/run-gitea
@@ -17,9 +17,15 @@ if ! test -f /var/lib/gitea/gitea.db; then
     # Set up database.
     gosu git /usr/bin/gitea -c /etc/gitea/config.ini migrate
 
-    # Set up SMTP authentication via local service.
-    gosu git /usr/bin/gitea -c /etc/gitea/config.ini admin auth add-smtp --name postfix --active \
-                            --host "${GITEA_AUTH_SMTP_HOST}" --port "${GITEA_AUTH_SMTP_PORT}"
+    # Set up LDAP authentication via local service.
+    gosu git /usr/bin/gitea -c /etc/gitea/config.ini admin auth add-ldap --name "LDAP" \
+                            --host "${GITEA_AUTH_LDAP_HOST}" --port "${GITEA_AUTH_LDAP_PORT}" \
+                            --synchronize-users --security-protocol unencrypted \
+                            --bind-dn "uid=${GITEA_AUTH_LDAP_BIND_UID},ou=people,dc=ldap,dc=local" --bind-password "${GITEA_AUTH_LDAP_BIND_PASSWORD}" \
+                            --user-search-base "ou=people,dc=ldap,dc=local" --user-filter "(&(memberof=cn=gitea_user,ou=groups,dc=ldap,dc=local)(|(uid=%[1]s)(mail=%[1]s)))" \
+                            --admin-filter "(memberof=cn=gitea_admin,ou=groups,dc=ldap,dc=local)" \
+                            --username-attribute "uid" --email-attribute "mail" \
+                            --firstname-attribute "givenName" --surname-attribute "sn" --avatar-attribute "jpegPhoto"
 fi
 
 # Run entrypoint under specific user.
diff --git a/service/gitea/gitea.env.template b/service/gitea/gitea.env.template
index 7a427be..534ec27 100644
--- a/service/gitea/gitea.env.template
+++ b/service/gitea/gitea.env.template
@@ -9,9 +9,11 @@ GITEA_DOMAIN=${GITEA_DOMAIN}
 GITEA_SSH_DOMAIN=${GITEA_SSH_DOMAIN}
 GITEA_SSH_PORT=${GITEA_SSH_PORT}
 
-# SMTP authentication settings.
-GITEA_AUTH_SMTP_HOST=${POSTFIX_HOST}
-GITEA_AUTH_SMTP_PORT=587
+# LDAP authentication settings.
+GITEA_AUTH_LDAP_HOST=lldap
+GITEA_AUTH_LDAP_PORT=3890
+GITEA_AUTH_LDAP_BIND_UID=${LLDAP_ADMIN_USERNAME}
+GITEA_AUTH_LDAP_BIND_PASSWORD=${LLDAP_ADMIN_PASSWORD}
 
 # SMTP mailer settings.
 GITEA_MAILER_FROM=${GITEA_MAILER_FROM}