diff --git a/roles/Foundation/files/custom/bin/gen-aninix-custom b/roles/Foundation/files/custom/bin/gen-aninix-custom index 9253e0d..5e5c607 100644 --- a/roles/Foundation/files/custom/bin/gen-aninix-custom +++ b/roles/Foundation/files/custom/bin/gen-aninix-custom @@ -2,7 +2,7 @@ set -x -URI=https://foundation.aninix.net/assets/css/theme-arc-green.css +URI=https://aninix.net/assets/css/theme-arc-green.css # Gitea arc-green palette BOLDTEXT='#87ab63' @@ -37,6 +37,15 @@ ANINIXNAV='#000000' margin-bottom: 30px; display: block; } + +body { + background-color: $ANINIXBG; + color: $ANINIXTEXT; +} + +a { + color: $ANINIXBOLD; +} ") \ | sed "s/$BOLDTEXT/$ANINIXBOLD/gI" \ | sed "s/$TEXT/$ANINIXTEXT/gI" \ diff --git a/roles/Foundation/files/custom/public/makwa_sdfiewo/20200505.mp4 b/roles/Foundation/files/custom/public/makwa_sdfiewo/20200505.mp4 deleted file mode 100755 index e793b06..0000000 Binary files a/roles/Foundation/files/custom/public/makwa_sdfiewo/20200505.mp4 and /dev/null differ diff --git a/roles/Foundation/files/custom/public/makwa_sdfiewo/20200507.mp4 b/roles/Foundation/files/custom/public/makwa_sdfiewo/20200507.mp4 deleted file mode 100755 index 93da9dc..0000000 Binary files a/roles/Foundation/files/custom/public/makwa_sdfiewo/20200507.mp4 and /dev/null differ diff --git a/roles/Foundation/files/custom/public/makwa_sdfiewo/reunion.mp4 b/roles/Foundation/files/custom/public/makwa_sdfiewo/reunion.mp4 deleted file mode 100755 index 91b47af..0000000 Binary files a/roles/Foundation/files/custom/public/makwa_sdfiewo/reunion.mp4 and /dev/null differ diff --git a/roles/Foundation/files/custom/public/martialarts/2019_benchmark.pdf b/roles/Foundation/files/custom/public/martialarts/2019_benchmark.pdf deleted file mode 100755 index 5ed675f..0000000 Binary files a/roles/Foundation/files/custom/public/martialarts/2019_benchmark.pdf and /dev/null differ diff --git a/roles/Foundation/files/custom/public/shadowarch b/roles/Foundation/files/custom/public/shadowarch deleted file mode 100755 index ed052d2..0000000 --- a/roles/Foundation/files/custom/public/shadowarch +++ /dev/null @@ -1,322 +0,0 @@ -#!/bin/bash - -function header () { - tput setaf 1 - tput bold - echo $@ - tput sgr0 - return -} -function help() { - echo Usage: ${0} '[OPTIONS]' - echo '\-A -- Audio optimizations from the Arch Wiki' - echo '\-d DISK -- Use the disk.' - echo '\-e -- Encrypt the root partition' - echo '\-g -- GUI packages and setup' - echo '\-h -- This helptext' - echo '\-k -- Kali Linux-like package additions' - echo '\-l FILE -- Log to a file' - echo '\-p -- Productivity package additions' - echo '\-P -- Power saving for laptops' - echo '\-s -- Create a layout for an AniNIX::Spartacus' - echo '\-m -- Skip disk operations and assume storage is mounted on /mnt' - echo '\-v -- Verbose output.' - echo '\-z -- Try to add all the packages on AniNIX::Core' - exit 1; -} - -# Partition controls -efipart=2; -bootpart=3; -rootpart=4; -partpoint=1; -partedcmd='mklabel gpt\nmkpart primary ext2 0 1MiB\nset 1 bios_grub on\n'; -function addNextPartition() { - partsize="$1" - parttype="$2" - partfs="$3" - nextpartpoint=$(( $partpoint + $partsize )) - partedcmd="${partedcmd}mkpart $parttype $partfs ${partpoint}MiB ${nextpartpoint}MiB"'\n' - partpoint=$nextpartpoint -} - -disk="/dev/sda" -bootsize=500; # Size in MB for /boot -# TODO Add LVM as an argument -while getopts "d:egkl:pmsvz" OPTION -do - case $OPTION in - A) audio=1 ;; - d) disk=${OPTARG} ;; - e) encrypt=1 ;; - g) gui=1 ;; - k) kali=1 ;; - l) exec script -e -f -c "/bin/bash $0 $(echo $@ | sed "s#-l ${OPTARG}##")" "${OPTARG}" ;; - p) productivity=1; gui=1 ;; - P) powersave=1 ;; - m) nodiskbuild=1 ;; - s) spartacus=1 ;; - v) set -x ;; - z) kitchensink=1 ;; - *) help - esac -done - -header Confirm options: -echo Spartacus set to: $spartacus -echo Encryption set to: $encrypt -echo GUI: $gui -echo Productivity: $productivity -echo Kali tools: $kali -echo All Core packages: $kitchensink -echo Disk to use: $disk \(Skip disk building? $nodiskbuild \) -printf "Is this OK? Type YES to continue: " -read answer -if [ "$answer" != "YES" ]; then - echo User did not confirm. - exit 1; -fi -# TODO Until Maat is back -# echo >> /etc/pacman.conf << EOM -# [AniNIX] -# SigLevel = Optional TrustAll -# Server = https://aninix.net/maat/ -# EOM - -pacman -Syy -if [ -z "$nodiskbuild" ]; then - header Allocating space - dd if=/dev/zero of="$disk" bs=1M count=1000 - - if [ ! -z "$spartacus" ]; then - # Insert an ExFAT data partition ahead of the rest. - export datapart=$efipart; - export efipart=$((efipart+1)) - export bootpart=$((bootpart+1)) - export rootpart=$(($rootpart+1)) - # Break the disk up into 4ths -- 2/4 go to data, 1/4 go to boot, and 1/4 to root - export disksize=$(($(fdisk -l $disk | head -n 1 | cut -f 5 -d ' ') / 1048576)) # Return disk size in MB - if [ "$disksize" == "" ]; then echo "Can't identify disk size"; exit 1; fi - if [ "$disksize" -lt 7788 ]; then echo "This drive is too small to be a Spartacus."; exit 1; fi # Must be 8GB or more to have 2GB root. - export bootsize=$(($disksize / 4)) - export datasize=$(($disksize / 2)) - addNextPartition $datasize primary ext4 - fi - # 550MiB for EFI with boot toggle - addNextPartition 550 primary fat32 - partedcmd="${partedcmd}toggle $efipart boot"'\n' - - # /boot - addNextPartition $bootsize primary fat32 - - # / (root) - partedcmd="${partedcmd}mkpart primary ext4 ${partpoint}MiB 100%%FREE"'\nquit\n\n' - printf "$partedcmd" | parted "$disk" - if [ ! -z "$spartacus" ]; then - #create data partition - pacman -S exfat-utils --noconfirm - mkfs.exfat "$disk""$datapart" - exfatlabel "$disk""$datapart" "AS-XPLATFRM" - fi - - header Making fat esp partition on "$disk""$efipart" - mkfs.fat -F32 "$disk""$efipart" - - header Making boot partition on "$disk""$bootpart" - mkfs.vfat "$disk""$bootpart" - - header Making root and mountpoints - if [ ! -z "$encrypt" ]; then - header Making encrypted root on "$disk""$rootpart" - modprobe dm-crypt - modprobe serpent_generic - header Formatting root -- make sure to enter YES followed by a strong passphrase. - cryptsetup luksFormat -c serpent-xts-plain64 -h sha512 --key-size 512 "$disk""$rootpart" - header Unlocking root - cryptsetup luksOpen "$disk""$rootpart" cryptroot - mkfs.xfs -f /dev/mapper/cryptroot - xfs_admin -L ROOT /dev/mapper/cryptroot - mount /dev/mapper/cryptroot /mnt - if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi - else - header Making root on "$disk""$rootpart" - mkfs.xfs -f "$disk""$rootpart" - xfs_admin -L ROOT "$disk""$rootpart" - mount "$disk""$rootpart" /mnt - if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi - fi - - mkdir /mnt/boot - mount "$disk""$bootpart" /mnt/boot - if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi - mkdir /mnt/boot/efi - mount "$disk""$efipart" /mnt/boot/efi - if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi -fi - - -# Install ArchLinux with basic clients for the AniNIX Services. -# * git for Foundation -# * elinks for WebServer and Wiki -# * openssh for SSH/SFTP -# * weechat for IRC -# * make for source packages -# * tor for anonymity -header Installing ArchLinux to device\(s\) on /mnt -export pkglist="base linux base-devel parted net-tools bind-tools git openssh make elinks weechat vim wget tor torsocks grub os-prober rsync openntpd tmux efibootmgr netctl dhcpcd" # shadowarch" TODO -if [ ! -z "$gui" ]; then - export pkglist="$pkglist"" xorg-server xfce4 chromium conky tigervnc xscreensaver" -fi -if [ ! -z "$spartacus" ]; then - export pkglist="$pkglist"" exfat-utils" -fi -if [ ! -z "$productivity" ]; then - export pkglist="$pkglist"" libreoffice-still gimp feh vlc evince openshot" -fi -if [ ! -z "$kali" ]; then - export pkglist="$pkglist"" extundelete testdisk nmap tcpdump hexedit dcfldd" - if [ ! -z "$gui" ]; then - export pkglist="$pkglist"" wireshark-gtk" - else - export pkglist="$pkglist"" wireshark-cli" - fi -fi -if [ ! -z "$kitchensink" ]; then - export pkglist="base base-devel $(wget -q -O - 'https://aninix.net/installed-packages.txt' | cut -f 1 -d ' ' | tr '\n' ' ')" -fi - -yes "" | pacstrap -i /mnt $pkglist -if [ $? -ne 0 ]; then header ERROR: Cannot continue -- pacstrap failed; exit 1; fi - -header Create FSTAB -genfstab -U /mnt >> /mnt/etc/fstab - -header Set time -sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /mnt/etc/locale.gen -arch-chroot /mnt locale-gen -ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime -arch-chroot /mnt hwclock --systohc --utc - -header Setup bootloader -if [ -z "$nodiskbuild" ]; then - export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')" - if [ ! -z "$encrypt" ]; then - export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')" - sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf - sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub - sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub # Fix for CVE-2016-4484 - fi -fi - -arch-chroot /mnt mkinitcpio -p linux -if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi -if [ -z "$nodiskbuild" ]; then - arch-chroot /mnt grub-install --target=x86_64-efi --removable --bootloader-id=grub --efi-directory /boot "$disk" - if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi - arch-chroot /mnt grub-install --target=i386-pc "$disk" - if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi -fi -arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg -if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi - -header Set networking -arch-chroot /mnt systemctl enable openntpd -arch-chroot /mnt systemctl enable netctl -export interface=$(ip link list | grep "state" | cut -f 2 -d ":" | cut -f 2 -d " " | grep -v lo) -cp /mnt/etc/netctl/examples/ethernet-dhcp /mnt/etc/netctl/$interface -sed -i 's/eth0/'$interface'/' /mnt/etc/netctl/$interface -echo 'DNSSearch="aninix.net"' >> /mnt/etc/netctl/$interface -arch-chroot /mnt systemctl enable netctl -arch-chroot /mnt netctl enable $interface - -# Vim cleanup for SSH -arch-chroot /mnt mkdir -p /usr/share/vim/vimfiles/plugin -arch-chroot /mnt printf 'set mouse-=a\n' > /usr/share/vim/vimfiles/plugin/shadowarch.vim - -ln -sf /etc/skel/.bashrc /mnt/root/.bashrc - -# Clone ConfigPackags from AniNIX::Foundation -arch-chroot /mnt git -C /usr/local/src/ clone https://aninix.net/foundation/ConfigPackages -arch-chroot /mnt git -C /usr/local/src/ clone https://aninix.net/foundation/MiscScripts - -arch-chroot /mnt make -C /usr/local/src/MiscScripts/Shared install -arch-chroot /mnt make -C /usr/local/src/MiscScripts/Admin install -arch-chroot /mnt make -C /usr/local/src/MiscScripts/ShadowArch install -arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/cower.git -arch-chroot /mnt groupadd tty-allow -arch-chroot /mnt useradd -u 1001 -G tty-allow -m depriv -arch-chroot /mnt usermod -G "$(getent group | grep root | cut -f 1 -d ':' | tr '\n' ',')""tty-allow" root -arch-chroot /mnt /bin/bash -c 'line="$(grep -E root"[[:space:]]"ALL /etc/sudoers)"; sed -i "s/$line/$line\ndepriv ALL=(ALL) ALL/" /etc/sudoers' - -# Handle AUR Packages - -if [ ! -z "$kali" ]; then - arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/autopsy.git -fi - -# Optimizations from https://wiki.archlinux.org/index.php/Power_management -if [ ! -z "$powersave" ]; then - if [ `lspci | grep -i intel | grep -ic audio` -eq 1 ]; then - echo 'options snd_hda_intel power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf - else - echo 'options snd_ac97_codec power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf - fi - arch-chroot /mnt pacman -S rfkill cpupower --noconfirm - arch-chroot /mnt systemctl enable rfkill-block@.service - echo 'kernel.nmi_watchdog = 0' > /mnt/etc/sysctl.d/disable_watchdog.conf - echo 'vm.dirty_writeback_centisecs = 6000' > /mnt/etc/sysctl.d/dirty_writes.conf - echo 'vm.laptop_mode = 5' > /mnt/etc/sysctl.d/laptop.conf - echo 'ACTION=="add", SUBSYSTEM=="net", KERNEL=="wlan*", RUN+="/usr/bin/iw dev %k set power_save on"' > /mnt/etc/udev/rules.d/70-wifi-powersave.rules - echo 'blacklist uvcvideo' > /mnt/etc/modprobe.d/no-camera.conf -fi - -# Thanks to https://wiki.archlinux.org/index.php/Professional_audio -if [ ! -z "$audio" ]; then - sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="#GRUB_CMDLINE_LINUX_DEFAULT="threadirqs #' /mnt/etc/default/grub - arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg - printf 'vm.swappiness = 10\nfs.inotify.max_user_watches = 524288\n' > /mnt/etc/sysctl.d/99-audio-tuning.conf - setpci -v -d *:* latency_timer=b0 - for SOUND_CARD_PCI_ID in `lspci | grep -i audio | cut -f 1 -d ' '`; do - setpci -v -s $SOUND_CARD_PCI_ID latency_timer=ff; - done - printf 'echo 2048 > /sys/class/rtc/rtc0/max_user_freq\necho 2048 > /proc/sys/dev/hpet/max-user-freq\n' >> /mnt/etc/rc.local -fi - -# Set password -header Set new root passphrase and depriviledged user '(depriv)' password. -arch-chroot /mnt passwd -arch-chroot /mnt passwd depriv -arch-chroot /mnt chown -R depriv:depriv /usr/local/src/ - -# Set SSH host keys -arch-chroot /mnt ssh-keygen -A - -cp /root/shadowarch /mnt/root/shadowarch.installer."$(date +%F-%R)" - -if [ ! -z "$gui" ]; then - echo "Remember to install your graphics drivers! - For NVidia, look at xf86-video-nouveau - For AMD, look at xf86-video-amdgpu - For Hyper-V, look at xf86-video-fbdev - For Virtual Box, look at virtualbox-guest-utils - For VMware, look at open-vm-tools" -fi - -# Set hostname -header Set hostname -printf "What is your fully-qualified hostname? (i.e. Core.AniNIX.net) " -read hostname -echo "$hostname" > /mnt/etc/hostname -hostname "$hostname" - -header Installed ShadowArch on `hostname -s`\! -if [ ! -z "$nodiskbuild" ]; then - header Remember to run grub-install and set up your bootloader. - echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader' -else - header Press enter to reboot. - read - - # Reboot - shutdown -r now -fi diff --git a/roles/Foundation/files/web-snippets/martialarts/index b/roles/Foundation/files/web-snippets/martialarts/index index 3675fbb..4f372f8 100644 --- a/roles/Foundation/files/web-snippets/martialarts/index +++ b/roles/Foundation/files/web-snippets/martialarts/index @@ -1,6 +1,6 @@
-

We are open despite COVID-19 -- those attending in person will need to sign a waiver of health and follow all state requirements, including wearing a mask.

+
@@ -42,9 +42,9 @@

@@ -81,7 +81,7 @@
- -
- --> + diff --git a/roles/Foundation/tasks/main.yml b/roles/Foundation/tasks/main.yml index 01d5504..ed6b893 100644 --- a/roles/Foundation/tasks/main.yml +++ b/roles/Foundation/tasks/main.yml @@ -22,6 +22,16 @@ - "custom/bin" - "web-snippets" + - name: Populate config + become: yes + register: config + template: + src: app.ini.j2 + dest: /var/lib/gitea/custom/conf/app.ini + owner: gitea + group: gitea + mode: 0750 + - name: Copy web-snippets become: yes copy: @@ -39,6 +49,14 @@ owner: gitea group: gitea + - name: Publish AniNIX/Yggdrasil CSS + become: yes + get_url: + url: https://github.com/BenZuser/Emby-Web-Dark-Themes-CSS/raw/master/RED/theme.css + dest: /var/lib/gitea/custom/public/css/emby-web-dark-theme-BenZuser.css + owner: gitea + group: gitea + - name: Copy hook become: yes copy: @@ -47,6 +65,32 @@ owner: gitea group: gitea + - name: Service file + become: yes + register: servicefile + copy: + src: foundation.service + dest: /usr/lib/systemd/system + owner: root + group: root + mode: 0755 + + - name: Ensure default service disabled + become: yes + service: + name: gitea + state: stopped + enabled: no + - name: Generate pages become: yes + register: custompages command: /usr/bin/runuser -u gitea -- /usr/bin/bash /var/lib/gitea/custom/bin/gen-aninix-custom + + - name: Restart service + become: yes + when: config.changed or servicefile.changed or custompages.changed + service: + name: foundation + state: restarted + enabled: yes diff --git a/roles/Foundation/templates/app.ini.j2 b/roles/Foundation/templates/app.ini.j2 new file mode 100644 index 0000000..771395f --- /dev/null +++ b/roles/Foundation/templates/app.ini.j2 @@ -0,0 +1,784 @@ +; This file lists the default values used by Gitea +; Copy required sections to your own app.ini (default is custom/conf/app.ini) +; and modify as needed. +; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation. +; App name that shows in every page title +APP_NAME = AniNIX +; Change it if you run locally +RUN_USER = gitea +; Either "dev", "prod" or "test", default is "dev" +RUN_MODE = prod + +[repository] +ROOT = repos +SCRIPT_TYPE = bash +; Default ANSI charset +ANSI_CHARSET = +; Force every new repository to be private +FORCE_PRIVATE = false +; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used. +DEFAULT_PRIVATE = last +; Global limit of repositories per user, applied at creation time. -1 means no limit +MAX_CREATION_LIMIT = -1 +; Mirror sync queue length, increase if mirror syncing starts hanging +MIRROR_QUEUE_LENGTH = 1000 +; Patch test queue length, increase if pull request patch testing starts hanging +PULL_REQUEST_QUEUE_LENGTH = 1000 +; Preferred Licenses to place at the top of the List +; The name here must match the filename in conf/license or custom/conf/license +PREFERRED_LICENSES = AniNIX-WTFPL +; Disable the ability to interact with repositories using the HTTP protocol +DISABLE_HTTP_GIT = false +; Value for Access-Control-Allow-Origin header, default is not to present +; WARNING: This maybe harmful to you website if you do not give it a right value. +ACCESS_CONTROL_ALLOW_ORIGIN = +; Force ssh:// clone url instead of scp-style uri when default SSH port is used +USE_COMPAT_SSH_URI = false +; Close issues as long as a commit on any branch marks it as fixed +DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false + +[repository.editor] +; List of file extensions for which lines should be wrapped in the CodeMirror editor +; Separate extensions with a comma. To line wrap files without an extension, just put a comma +LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd, +; Valid file modes that have a preview API associated with them, such as api/v1/markdown +; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match +PREVIEWABLE_FILE_MODES = markdown + +[repository.local] +; Path for local repository copy. Defaults to `tmp/local-repo` +LOCAL_COPY_PATH = tmp/local-repo +; Path for local wiki copy. Defaults to `tmp/local-wiki` +LOCAL_WIKI_PATH = tmp/local-wiki + +[repository.upload] +; Whether repository file uploads are enabled. Defaults to `true` +ENABLED = true +; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart) +TEMP_PATH = data/tmp/uploads +; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type +ALLOWED_TYPES = +; Max size of each file in megabytes. Defaults to 3MB +FILE_MAX_SIZE = 3 +; Max number of files per upload. Defaults to 5 +MAX_FILES = 5 + +[repository.pull-request] +; List of prefixes used in Pull Request title to mark them as Work In Progress +WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP] + +[repository.issue] +; List of reasons why a Pull Request or Issue can be locked +LOCK_REASONS = Too heated,Off-topic,Resolved,Spam + +[cors] +; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers +; enable cors headers (disabled by default) +ENABLED = false +; scheme of allowed requests +SCHEME = http +; list of requesting domains that are allowed +ALLOW_DOMAIN = * +; allow subdomains of headers listed above to request +ALLOW_SUBDOMAIN = false +; list of methods allowed to request +METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS +; max time to cache response +MAX_AGE = 10m +; allow request with credentials +ALLOW_CREDENTIALS = false + +[ui] +; Number of repositories that are displayed on one explore page +EXPLORE_PAGING_NUM = 20 +; Number of issues that are displayed on one page +ISSUE_PAGING_NUM = 10 +; Number of maximum commits displayed in one activity feed +FEED_MAX_COMMIT_NUM = 5 +; Number of maximum commits displayed in commit graph. +GRAPH_MAX_COMMIT_NUM = 100 +; Number of line of codes shown for a code comment +CODE_COMMENT_LINES = 4 +; Value of `theme-color` meta tag, used by Android >= 5.0 +; An invalid color like "none" or "disable" will have the default style +; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android +THEME_COLOR_META_TAG = `#ff0000` +; Max size of files to be displayed (default is 8MiB) +MAX_DISPLAY_FILE_SIZE = 8388608 +; Whether the email of the user should be shown in the Explore Users page +SHOW_USER_EMAIL = true +; Set the default theme for the Gitea install +DEFAULT_THEME = aninix +; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`. +THEMES = gitea,arc-green,aninix +; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used. +DEFAULT_SHOW_FULL_NAME = false + +[ui.admin] +; Number of users that are displayed on one page +USER_PAGING_NUM = 50 +; Number of repos that are displayed on one page +REPO_PAGING_NUM = 50 +; Number of notices that are displayed on one page +NOTICE_PAGING_NUM = 25 +; Number of organizations that are displayed on one page +ORG_PAGING_NUM = 50 + +[ui.user] +; Number of repos that are displayed on one page +REPO_PAGING_NUM = 15 + +[ui.meta] +AUTHOR = AniNIX::Foundation +DESCRIPTION = AniNIX::Foundation \\ Code, documentation, and information sharing powered by Gitea (git with a cup of tea) +KEYWORDS = go,git,self-hosted,gitea,aninix,aninix::foundation + +[markdown] +; Enable hard line break extension +ENABLE_HARD_LINE_BREAK = false +; List of custom URL-Schemes that are allowed as links when rendering Markdown +; for example git,magnet +CUSTOM_URL_SCHEMES = +; List of file extensions that should be rendered/edited as Markdown +; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma +FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd + +[server] +; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. +PROTOCOL = http +DOMAIN = {{ external_domain }} +ROOT_URL = https://{{ external_domain }}/ +; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. +HTTP_ADDR = 0.0.0.0 +HTTP_PORT = 3000 +; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server +; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main +; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for +; PORT_TO_REDIRECT. +REDIRECT_OTHER_PORT = false +PORT_TO_REDIRECT = 3000 +; Permission for unix socket +UNIX_SOCKET_PERMISSION = 660 +; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. +; In most cases you do not need to change the default value. +; Alter it only if your SSH server node is not the same as HTTP node. +; Do not set this variable if PROTOCOL is set to 'unix'. +LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/ +; Disable SSH feature when not available +DISABLE_SSH = false +; Whether to use the builtin SSH server or not. +START_SSH_SERVER = false +; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER. +BUILTIN_SSH_SERVER_USER = +; Domain name to be exposed in clone URL +SSH_DOMAIN = foundation.aninix.net +; The network interface the builtin SSH server should listen on +SSH_LISTEN_HOST = +; Port number to be exposed in clone URL +SSH_PORT = 22 +; The port number the builtin SSH server should listen on +SSH_LISTEN_PORT = %(SSH_PORT)s +; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. +SSH_ROOT_PATH = +; Gitea will create a authorized_keys file by default when it is not using the internal ssh server +; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off. +SSH_CREATE_AUTHORIZED_KEYS_FILE = true +; For the built-in SSH server, choose the ciphers to support for SSH connections, +; for system SSH this setting has no effect +SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128 +; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, +; for system SSH this setting has no effect +SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org +; For the built-in SSH server, choose the MACs to support for SSH connections, +; for system SSH this setting has no effect +SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96 +; Directory to create temporary files in when testing public keys using ssh-keygen, +; default is the system temporary directory. +SSH_KEY_TEST_PATH = +; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call. +SSH_KEYGEN_PATH = ssh-keygen +; Enable SSH Authorized Key Backup when rewriting all keys, default is true +SSH_BACKUP_AUTHORIZED_KEYS = true +; Enable exposure of SSH clone URL to anonymous visitors, default is false +SSH_EXPOSE_ANONYMOUS = false +; Indicate whether to check minimum key size with corresponding type +MINIMUM_KEY_SIZE_CHECK = false +; Disable CDN even in "prod" mode +OFFLINE_MODE = true +DISABLE_ROUTER_LOG = false +; Generate steps: +; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com +; +; Or from a .pfx file exported from the Windows certificate store (do +; not forget to export the private key): +; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys +; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes +CERT_FILE = custom/https/cert.pem +KEY_FILE = custom/https/key.pem +; Root directory containing templates and static files. +; default is the path where Gitea is executed +STATIC_ROOT_PATH = /usr/share/gitea +; Default path for App data +APP_DATA_PATH = data +; Application level GZIP support +ENABLE_GZIP = false +; Application profiling (memory and cpu) +; For "web" command it listens on localhost:6060 +; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)__ +ENABLE_PPROF = false +; PPROF_DATA_PATH, use an absolute path when you start gitea as service +PPROF_DATA_PATH = data/tmp/pprof +; Landing page, can be "home", "explore", or "organizations" +LANDING_PAGE = home +; Enables git-lfs support. true or false, default is false. +LFS_START_SERVER = true +; Where your lfs files reside, default is data/lfs. +LFS_CONTENT_PATH = data/lfs +; LFS authentication secret, change this yourself +LFS_JWT_SECRET = {{ secrets.Foundation.lfs_jwt_secret }} +; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. +LFS_HTTP_AUTH_EXPIRY = 20m + +; Define allowed algorithms and their minimum key length (use -1 to disable a type) +[ssh.minimum_key_sizes] +ED25519 = 256 +ECDSA = 256 +RSA = 2048 +DSA = 1024 + +[database] +; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice +DB_TYPE = postgres +HOST = 127.0.0.1:5432 +NAME = gitea +USER = gitea +; Use PASSWD = `your password` for quoting if you use special characters in the password. +PASSWD = {{ secrets.Foundation.database_password }} +; For Postgres, either "disable" (default), "require", or "verify-full" +; For MySQL, either "false" (default), "true", or "skip-verify" +SSL_MODE = disable +; For MySQL only, either "utf8" or "utf8mb4", default is "utf8". +; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this. +CHARSET = utf8 +; For "sqlite3" and "tidb", use an absolute path when you start gitea as service +PATH = data/gitea.db +; For "sqlite3" only. Query timeout +SQLITE_TIMEOUT = 500 +; For iterate buffer, default is 50 +ITERATE_BUFFER_SIZE = 50 +; Show the database generated SQL +LOG_SQL = false +; Maximum number of DB Connect retries +DB_RETRIES = 10 +; Backoff time per DB retry (time.Duration) +DB_RETRY_BACKOFF = 3s + +[indexer] +; Issue indexer type, currently support: bleve or db, default is bleve +ISSUE_INDEXER_TYPE = bleve +; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve +ISSUE_INDEXER_PATH = indexers/issues.bleve +; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue +ISSUE_INDEXER_QUEUE_TYPE = levelqueue +; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path, +; default is indexers/issues.queue +ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue +; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string. +ISSUE_INDEXER_QUEUE_CONN_STR = addrs=127.0.0.1:6379 db=0 +; Batch queue number, default is 20 +ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20 +; repo indexer by default disabled, since it uses a lot of disk space +REPO_INDEXER_ENABLED = false +REPO_INDEXER_PATH = indexers/repos.bleve +UPDATE_BUFFER_LEN = 20 +MAX_FILE_SIZE = 1048576 + +[admin] +; Disallow regular (non-admin) users from creating organizations. +DISABLE_REGULAR_ORG_CREATION = true + +[security] +; Whether the installer is disabled +INSTALL_LOCK = true +; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! +SECRET_KEY = {{ secrets.Foundation.secret_key }} +; How long to remember that an user is logged in before requiring relogin (in days) +LOGIN_REMEMBER_DAYS = 7 +COOKIE_USERNAME = gitea_awesome +COOKIE_REMEMBER_NAME = gitea_incredible +; Reverse proxy authentication header name of user name +REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER +REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL +; The minimum password length for new Users +MIN_PASSWORD_LENGTH = 6 +; Set to true to allow users to import local server paths +IMPORT_LOCAL_PATHS = false +; Set to true to prevent all users (including admin) from creating custom git hooks +DISABLE_GIT_HOOKS = false +INTERNAL_TOKEN = {{ secrets.Foundation.internal_token }} + +[openid] +; +; OpenID is an open, standard and decentralized authentication protocol. +; Your identity is the address of a webpage you provide, which describes +; how to prove you are in control of that page. +; +; For more info: https://en.wikipedia.org/wiki/OpenID +; +; Current implementation supports OpenID-2.0 +; +; Tested to work providers at the time of writing: +; - Any GNUSocial node (your.hostname.tld/username) +; - Any SimpleID provider (http://simpleid.koinic.net) +; - http://openid.org.cn/ +; - openid.stackexchange.com +; - login.launchpad.net +; - .livejournal.com +; +; Whether to allow signin in via OpenID +ENABLE_OPENID_SIGNIN = FALSE +; Whether to allow registering via OpenID +; Do not include to rely on rhw DISABLE_REGISTRATION setting +; ENABLE_OPENID_SIGNUP = true +; Allowed URI patterns (POSIX regexp). +; Space separated. +; Only these would be allowed if non-blank. +; Example value: trusted.domain.org trusted.domain.net +WHITELISTED_URIS = +; Forbidden URI patterns (POSIX regexp). +; Space separated. +; Only used if WHITELISTED_URIS is blank. +; Example value: loadaverage.org/badguy stackexchange.com/.*spammer +BLACKLISTED_URIS = +ENABLE_OPENID_SIGNUP = false + +[service] +; Time limit to confirm account/email registration +ACTIVE_CODE_LIVE_MINUTES = 180 +; Time limit to perform the reset of a forgotten password +RESET_PASSWD_CODE_LIVE_MINUTES = 180 +; Whether a new user needs to confirm their email when registering. +REGISTER_EMAIL_CONFIRM = false +; List of domain names that are allowed to be used to register on a Gitea instance +; gitea.io,example.com +EMAIL_DOMAIN_WHITELIST = +; Disallow registration, only allow admins to create accounts. +DISABLE_REGISTRATION = true +; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +; User must sign in to view anything. +REQUIRE_SIGNIN_VIEW = false +; Mail notification +ENABLE_NOTIFY_MAIL = false +; More detail: https://github.com/gogits/gogs/issues/165 +ENABLE_REVERSE_PROXY_AUTHENTICATION = false +ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false +ENABLE_REVERSE_PROXY_EMAIL = false +; Enable captcha validation for registration +ENABLE_CAPTCHA = false +; Type of captcha you want to use. Options: image, recaptcha +CAPTCHA_TYPE = image +; Enable recaptcha to use Google's recaptcha service +; Go to https://www.google.com/recaptcha/admin to sign up for a key +RECAPTCHA_SECRET = +RECAPTCHA_SITEKEY = +; Change this to use recaptcha.net or other recaptcha service +RECAPTCHA_URL = https://www.google.com/recaptcha/ +; Default value for KeepEmailPrivate +; Each new user will get the value of this setting copied into their profile +DEFAULT_KEEP_EMAIL_PRIVATE = false +; Default value for AllowCreateOrganization +; Every new user will have rights set to create organizations depending on this setting +DEFAULT_ALLOW_CREATE_ORGANIZATION = false +; Either "public", "limited" or "private", default is "public" +; Limited is for signed user only +; Private is only for member of the organization +; Public is for everyone +DEFAULT_ORG_VISIBILITY = public +; Default value for EnableDependencies +; Repositories will use dependencies by default depending on this setting +DEFAULT_ENABLE_DEPENDENCIES = true +; Enable heatmap on users profiles. +ENABLE_USER_HEATMAP = true +; Enable Timetracking +ENABLE_TIMETRACKING = true +; Default value for EnableTimetracking +; Repositories will use timetracking by default depending on this setting +DEFAULT_ENABLE_TIMETRACKING = true +; Default value for AllowOnlyContributorsToTrackTime +; Only users with write permissions can track time if this is true +DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true +; Default value for the domain part of the user's email address in the git log +; if he has set KeepEmailPrivate to true. The user's email will be replaced with a +; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS. +NO_REPLY_ADDRESS = noreply.aninix.net +; Show Registration button +SHOW_REGISTRATION_BUTTON = true +; Default value for AutoWatchNewRepos +; When adding a repo to a team or creating a new repo all team members will watch the +; repo automatically if enabled +AUTO_WATCH_NEW_REPOS = true + +[webhook] +; Hook task queue length, increase if webhook shooting starts hanging +QUEUE_LENGTH = 1000 +; Deliver timeout in seconds +DELIVER_TIMEOUT = 5 +; Allow insecure certification +SKIP_TLS_VERIFY = false +; Number of history information in each page +PAGING_NUM = 10 +ALLOWED_HOST_LIST = ::1/128, 127.0.0.1/32 + +[mailer] +ENABLED = false +; Buffer length of channel, keep it as it is if you don't know what it is. +SEND_BUFFER_LEN = 100 +; Prefix displayed before subject in mail +SUBJECT_PREFIX = +; Mail server +; Gmail: smtp.gmail.com:587 +; QQ: smtp.qq.com:465 +; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. +HOST = +; Disable HELO operation when hostnames are different. +DISABLE_HELO = +; Custom hostname for HELO operation, if no value is provided, one is retrieved from system. +HELO_HOSTNAME = +; Do not verify the certificate of the server. Only use this for self-signed certificates +SKIP_VERIFY = +; Use client certificate +USE_CERTIFICATE = false +CERT_FILE = custom/mailer/cert.pem +KEY_FILE = custom/mailer/key.pem +; Should SMTP connection use TLS +IS_TLS_ENABLED = false +; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format +FROM = +; Mailer user name and password +USER = +; Use PASSWD = `your password` for quoting if you use special characters in the password. +PASSWD = +; Send mails as plain text +SEND_AS_PLAIN_TEXT = false +; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log) +MAILER_TYPE = smtp +; Specify an alternative sendmail binary +SENDMAIL_PATH = sendmail +; Specify any extra sendmail arguments +SENDMAIL_ARGS = + +[cache] +; Either "memory", "redis", or "memcache", default is "memory" +ADAPTER = memory +; For "memory" only, GC interval in seconds, default is 60 +INTERVAL = 60 +; For "redis" and "memcache", connection host address +; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 +; memcache: `127.0.0.1:11211` +HOST = +; Time to keep items in cache if not used, default is 16 hours. +; Setting it to 0 disables caching +ITEM_TTL = 16h + +[session] +; Either "memory", "file", or "redis", default is "memory" +PROVIDER = file +; Provider config options +; memory: doesn't have any config yet +; file: session file path, e.g. `data/sessions` +; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 +; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` +PROVIDER_CONFIG = data/sessions +; Session cookie name +COOKIE_NAME = i_like_gitea +; If you use session in https only, default is false +COOKIE_SECURE = false +; Enable set cookie, default is true +ENABLE_SET_COOKIE = true +; Session GC time interval in seconds, default is 86400 (1 day) +GC_INTERVAL_TIME = 86400 +; Session life time in seconds, default is 86400 (1 day) +SESSION_LIFE_TIME = 86400 + +[picture] +AVATAR_UPLOAD_PATH = data/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars +; How Gitea deals with missing repository avatars +; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used +REPOSITORY_AVATAR_FALLBACK = none +REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png +; Max Width and Height of uploaded avatars. +; This is to limit the amount of RAM used when resizing the image. +AVATAR_MAX_WIDTH = 4096 +AVATAR_MAX_HEIGHT = 3072 +; Maximum alloved file size for uploaded avatars. +; This is to limit the amount of RAM used when resizing the image. +AVATAR_MAX_FILE_SIZE = 1048576 +; Chinese users can choose "duoshuo" +; or a custom avatar source, like: http://cn.gravatar.com/avatar/ +GRAVATAR_SOURCE = gravatar +; This value will always be true in offline mode. +DISABLE_GRAVATAR = true +; Federated avatar lookup uses DNS to discover avatar associated +; with emails, see https://www.libravatar.org +; This value will always be false in offline mode or when Gravatar is disabled. +ENABLE_FEDERATED_AVATAR = false + +[attachment] +; Whether attachments are enabled. Defaults to `true` +ENABLED = true +; Path for attachments. Defaults to `data/attachments` +PATH = data/attachments +; One or more allowed types, e.g. image/jpeg|image/png +ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip +; Max size of each file. Defaults to 4MB +MAX_SIZE = 4 +; Max number of files per upload. Defaults to 5 +MAX_FILES = 5 + +[time] +; Specifies the format for fully outputted dates. Defaults to RFC1123 +; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano +; For more information about the format see http://golang.org/pkg/time/#pkg-constants +FORMAT = + +[log] +ROOT_PATH = /var/log/gitea/ +; Either "console", "file", "conn", "smtp" or "database", default is "console" +; Use comma to separate multiple modes, e.g. "console, file" +MODE = console +; Buffer length of the channel, keep it as it is if you don't know what it is. +BUFFER_LEN = 10000 +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info" +ROUTER_LOG_LEVEL = Critical +ROUTER = none +ENABLE_ACCESS_LOG = true +ACCESS_LOG_TEMPLATE = {{ '{{' }}.Ctx.RemoteAddr{{ '}}' }} - {{ '{{' }}.Identity{{ '}}' }} {{ '{{' }}.Start.Format "[02/Jan/2006:15:04:05 -0700]" {{ '}}' }} "{{ '{{' }}.Ctx.Req.Method{{ '}}' }} {{ '{{' }}.Ctx.Req.RequestURI{{ '}}' }} {{ '{{' }}.Ctx.Req.Proto{{ '}}' }}" {{ '{{' }}.ResponseWriter.Status{{ '}}' }} {{ '{{' }}.ResponseWriter.Size{{ '}}' }} "{{ '{{' }}.Ctx.Req.Referer{{ '}}' }}\" \"{{ '{{' }}.Ctx.Req.UserAgent{{ '}}' }}" +ACCESS = console +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" +LEVEL = Info +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None" +STACKTRACE_LEVEL = Critical + +; Generic log modes +[log.x] +FLAGS = stdflags +EXPRESSION = +PREFIX = +COLORIZE = false + +; For "console" mode only +[log.console] +LEVEL = +COLORIZE = false +STDERR = false + +; For "file" mode only +[log.file] +LEVEL = +; Set the file_name for the logger. If this is a relative path this +; will be relative to ROOT_PATH +FILE_NAME = +; This enables automated log rotate(switch of following options), default is true +LOG_ROTATE = true +; Max number of lines in a single file, default is 1000000 +MAX_LINES = 1000000 +; Max size shift of a single file, default is 28 means 1 << 28, 256MB +MAX_SIZE_SHIFT = 28 +; Segment log daily, default is true +DAILY_ROTATE = true +; delete the log file after n days, default is 7 +MAX_DAYS = 7 +; compress logs with gzip +COMPRESS = true +; compression level see godoc for compress/gzip +COMPRESSION_LEVEL = -1 + +; For "conn" mode only +[log.conn] +LEVEL = +; Reconnect host for every single message, default is false +RECONNECT_ON_MSG = false +; Try to reconnect when connection is lost, default is false +RECONNECT = false +; Either "tcp", "unix" or "udp", default is "tcp" +PROTOCOL = tcp +; Host address +ADDR = + +; For "smtp" mode only +[log.smtp] +LEVEL = +; Name displayed in mail title, default is "Diagnostic message from server" +SUBJECT = Diagnostic message from server +; Mail server +HOST = +; Mailer user name and password +USER = +; Use PASSWD = `your password` for quoting if you use special characters in the password. +PASSWD = +; Receivers, can be one or more, e.g. 1@example.com,2@example.com +RECEIVERS = + +[cron] +; Enable running cron tasks periodically. +ENABLED = true +; Run cron tasks when Gitea starts. +RUN_AT_START = false + +; Update mirrors +[cron.update_mirrors] +SCHEDULE = @every 10m + +; Repository health check +[cron.repo_health_check] +SCHEDULE = @every 24h +TIMEOUT = 60s +; Arguments for command 'git fsck', e.g. "--unreachable --tags" +; see more on http://git-scm.com/docs/git-fsck +ARGS = + +; Check repository statistics +[cron.check_repo_stats] +RUN_AT_START = true +SCHEDULE = @every 24h + +; Clean up old repository archives +[cron.archive_cleanup] +; Whether to enable the job +ENABLED = true +; Whether to always run at least once at start up time (if ENABLED) +RUN_AT_START = true +; Time interval for job to run +SCHEDULE = @every 24h +; Archives created more than OLDER_THAN ago are subject to deletion +OLDER_THAN = 24h + +; Synchronize external user data (only LDAP user synchronization is supported) +[cron.sync_external_users] +; Synchronize external user data when starting server (default false) +RUN_AT_START = false +; Interval as a duration between each synchronization (default every 24h) +SCHEDULE = @every 24h +; Create new users, update existing user data and disable users that are not in external source anymore (default) +; or only create new users if UPDATE_EXISTING is set to false +UPDATE_EXISTING = true + +[git] +; Disables highlight of added and removed changes +DISABLE_DIFF_HIGHLIGHT = false +; Max number of lines allowed in a single file in diff view +MAX_GIT_DIFF_LINES = 1000 +; Max number of allowed characters in a line in diff view +MAX_GIT_DIFF_LINE_CHARACTERS = 5000 +; Max number of files shown in diff view +MAX_GIT_DIFF_FILES = 100 +; Arguments for command 'git gc', e.g. "--aggressive --auto" +; see more on http://git-scm.com/docs/git-gc/ +GC_ARGS = +; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1 +EnableAutoGitWireProtocol = true + +; Operation timeout in seconds +[git.timeout] +DEFAULT = 360 +MIGRATE = 600 +MIRROR = 300 +CLONE = 300 +PULL = 300 +GC = 60 + +[mirror] +; Default interval as a duration between each check +DEFAULT_INTERVAL = 8h +; Min interval as a duration must be > 1m +MIN_INTERVAL = 10m + +[api] +; Enables Swagger. True or false; default is true. +ENABLE_SWAGGER = true +; Max number of items in a page +MAX_RESPONSE_ITEMS = 50 +; Default paging number of api +DEFAULT_PAGING_NUM = 30 +; Default and maximum number of items per page for git trees api +DEFAULT_GIT_TREES_PER_PAGE = 1000 +; Default size of a blob returned by the blobs API (default is 10MiB) +DEFAULT_MAX_BLOB_SIZE = 10485760 + +[oauth2] +; Enables OAuth2 provider +ENABLE = true +; Lifetime of an OAuth2 access token in seconds +ACCESS_TOKEN_EXPIRATION_TIME = 3600 +; Lifetime of an OAuth2 access token in hours +REFRESH_TOKEN_EXPIRATION_TIME = 730 +; Check if refresh token got already used +INVALIDATE_REFRESH_TOKENS = false +; OAuth2 authentication secret for access and refresh tokens, change this a unique string. +JWT_SECRET = {{ secrets.Foundation.jwt_secret }} + +[i18n] +LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR +NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어 + +; Used for datetimepicker +[i18n.datelang] +en-US = en +zh-CN = zh +zh-HK = zh-HK +zh-TW = zh-TW +de-DE = de +fr-FR = fr +nl-NL = nl +lv-LV = lv +ru-RU = ru +uk-UA = uk +ja-JP = ja +es-ES = es +pt-BR = pt-BR +pl-PL = pl +bg-BG = bg +it-IT = it +fi-FI = fi +tr-TR = tr +cs-CZ = cs-CZ +sr-SP = sr +sv-SE = sv +ko-KR = ko + +[U2F] + +; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED +; Two Factor authentication with security keys +; https://developers.yubico.com/U2F/App_ID.html +; APP_ID = http://localhost:3000/ +; Comma seperated list of trusted facets +; TRUSTED_FACETS = http://localhost:3000/ +; Extension mapping to highlight class +; e.g. .toml=ini +[highlight.mapping] + +[other] +SHOW_FOOTER_BRANDING = false +; Show version information about Gitea and Go in the footer +SHOW_FOOTER_VERSION = false +; Show template execution time in the footer +SHOW_FOOTER_TEMPLATE_LOAD_TIME = true + +[markup.asciidoc] +ENABLED = false +; List of file extensions that should be rendered by an external command +FILE_EXTENSIONS = .adoc,.asciidoc +; External command to render all matching extensions +RENDER_COMMAND = asciidoc --out-file=- - +; Don't pass the file on STDIN, pass the filename as argument instead. +IS_INPUT_FILE = false + +[metrics] +; Enables metrics endpoint. True or false; default is false. +ENABLED = false +; If you want to add authorization, specify a token here +TOKEN = +