AniNIX/Kapisi
AniNIX
/
Kapisi
2
0
Fork 0
Code Issues 25 Pull Requests 1 Projects 1 Releases Wiki Activity

Updating Foundation role

This commit is contained in:
DarkFeather 2022-09-15 13:16:08 -05:00
parent 94f546a7be
commit b7d26b6aa7
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
9 changed files with 844 additions and 330 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
roles/Foundation/files/custom/bin/gen-aninix-custom
View File

@ -2,7 +2,7 @@
set -x
URI=https://foundation.aninix.net/assets/css/theme-arc-green.css
URI=https://aninix.net/assets/css/theme-arc-green.css
# Gitea arc-green palette
BOLDTEXT='#87ab63'
@ -37,6 +37,15 @@ ANINIXNAV='#000000'
margin-bottom: 30px;
display: block;
}
body {
background-color: $ANINIXBG;
color: $ANINIXTEXT;
}
a {
color: $ANINIXBOLD;
}
") \
| sed "s/$BOLDTEXT/$ANINIXBOLD/gI" \
| sed "s/$TEXT/$ANINIXTEXT/gI" \

BIN
roles/Foundation/files/custom/public/makwa_sdfiewo/20200505.mp4
View File

Binary file not shown.

BIN
roles/Foundation/files/custom/public/makwa_sdfiewo/20200507.mp4
View File

Binary file not shown.

BIN
roles/Foundation/files/custom/public/makwa_sdfiewo/reunion.mp4
View File

Binary file not shown.

BIN
roles/Foundation/files/custom/public/martialarts/2019_benchmark.pdf
View File

Binary file not shown.

322
roles/Foundation/files/custom/public/shadowarch
View File

@ -1,322 +0,0 @@
#!/bin/bash
function header () {
tput setaf 1
tput bold
echo $@
tput sgr0
return
}
function help() {
echo Usage: ${0} '[OPTIONS]'
echo '\-A -- Audio optimizations from the Arch Wiki'
echo '\-d DISK -- Use the disk.'
echo '\-e -- Encrypt the root partition'
echo '\-g -- GUI packages and setup'
echo '\-h -- This helptext'
echo '\-k -- Kali Linux-like package additions'
echo '\-l FILE -- Log to a file'
echo '\-p -- Productivity package additions'
echo '\-P -- Power saving for laptops'
echo '\-s -- Create a layout for an AniNIX::Spartacus'
echo '\-m -- Skip disk operations and assume storage is mounted on /mnt'
echo '\-v -- Verbose output.'
echo '\-z -- Try to add all the packages on AniNIX::Core'
exit 1;
}
# Partition controls
efipart=2;
bootpart=3;
rootpart=4;
partpoint=1;
partedcmd='mklabel gpt\nmkpart primary ext2 0 1MiB\nset 1 bios_grub on\n';
function addNextPartition() {
partsize="$1"
parttype="$2"
partfs="$3"
nextpartpoint=$(( $partpoint + $partsize ))
partedcmd="${partedcmd}mkpart $parttype $partfs ${partpoint}MiB ${nextpartpoint}MiB"'\n'
partpoint=$nextpartpoint
}
disk="/dev/sda"
bootsize=500; # Size in MB for /boot
# TODO Add LVM as an argument
while getopts "d:egkl:pmsvz" OPTION
do
case $OPTION in
A) audio=1 ;;
d) disk=${OPTARG} ;;
e) encrypt=1 ;;
g) gui=1 ;;
k) kali=1 ;;
l) exec script -e -f -c "/bin/bash $0 $(echo $@ | sed "s#-l ${OPTARG}##")" "${OPTARG}" ;;
p) productivity=1; gui=1 ;;
P) powersave=1 ;;
m) nodiskbuild=1 ;;
s) spartacus=1 ;;
v) set -x ;;
z) kitchensink=1 ;;
*) help
esac
done
header Confirm options:
echo Spartacus set to: $spartacus
echo Encryption set to: $encrypt
echo GUI: $gui
echo Productivity: $productivity
echo Kali tools: $kali
echo All Core packages: $kitchensink
echo Disk to use: $disk \(Skip disk building? $nodiskbuild \)
printf "Is this OK? Type YES to continue: "
read answer
if [ "$answer" != "YES" ]; then
echo User did not confirm.
exit 1;
fi
# TODO Until Maat is back
# echo >> /etc/pacman.conf << EOM
# [AniNIX]
# SigLevel = Optional TrustAll
# Server = https://aninix.net/maat/
# EOM
pacman -Syy
if [ -z "$nodiskbuild" ]; then
header Allocating space
dd if=/dev/zero of="$disk" bs=1M count=1000
if [ ! -z "$spartacus" ]; then
# Insert an ExFAT data partition ahead of the rest.
export datapart=$efipart;
export efipart=$((efipart+1))
export bootpart=$((bootpart+1))
export rootpart=$(($rootpart+1))
# Break the disk up into 4ths -- 2/4 go to data, 1/4 go to boot, and 1/4 to root
export disksize=$(($(fdisk -l $disk | head -n 1 | cut -f 5 -d ' ') / 1048576)) # Return disk size in MB
if [ "$disksize" == "" ]; then echo "Can't identify disk size"; exit 1; fi
if [ "$disksize" -lt 7788 ]; then echo "This drive is too small to be a Spartacus."; exit 1; fi # Must be 8GB or more to have 2GB root.
export bootsize=$(($disksize / 4))
export datasize=$(($disksize / 2))
addNextPartition $datasize primary ext4
fi
# 550MiB for EFI with boot toggle
addNextPartition 550 primary fat32
partedcmd="${partedcmd}toggle $efipart boot"'\n'
# /boot
addNextPartition $bootsize primary fat32
# / (root)
partedcmd="${partedcmd}mkpart primary ext4 ${partpoint}MiB 100%%FREE"'\nquit\n\n'
printf "$partedcmd" | parted "$disk"
if [ ! -z "$spartacus" ]; then
#create data partition
pacman -S exfat-utils --noconfirm
mkfs.exfat "$disk""$datapart"
exfatlabel "$disk""$datapart" "AS-XPLATFRM"
fi
header Making fat esp partition on "$disk""$efipart"
mkfs.fat -F32 "$disk""$efipart"
header Making boot partition on "$disk""$bootpart"
mkfs.vfat "$disk""$bootpart"
header Making root and mountpoints
if [ ! -z "$encrypt" ]; then
header Making encrypted root on "$disk""$rootpart"
modprobe dm-crypt
modprobe serpent_generic
header Formatting root -- make sure to enter YES followed by a strong passphrase.
cryptsetup luksFormat -c serpent-xts-plain64 -h sha512 --key-size 512 "$disk""$rootpart"
header Unlocking root
cryptsetup luksOpen "$disk""$rootpart" cryptroot
mkfs.xfs -f /dev/mapper/cryptroot
xfs_admin -L ROOT /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
else
header Making root on "$disk""$rootpart"
mkfs.xfs -f "$disk""$rootpart"
xfs_admin -L ROOT "$disk""$rootpart"
mount "$disk""$rootpart" /mnt
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi
mkdir /mnt/boot
mount "$disk""$bootpart" /mnt/boot
if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
mkdir /mnt/boot/efi
mount "$disk""$efipart" /mnt/boot/efi
if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi
# Install ArchLinux with basic clients for the AniNIX Services.
# * git for Foundation
# * elinks for WebServer and Wiki
# * openssh for SSH/SFTP
# * weechat for IRC
# * make for source packages
# * tor for anonymity
header Installing ArchLinux to device\(s\) on /mnt
export pkglist="base linux base-devel parted net-tools bind-tools git openssh make elinks weechat vim wget tor torsocks grub os-prober rsync openntpd tmux efibootmgr netctl dhcpcd" # shadowarch" TODO
if [ ! -z "$gui" ]; then
export pkglist="$pkglist"" xorg-server xfce4 chromium conky tigervnc xscreensaver"
fi
if [ ! -z "$spartacus" ]; then
export pkglist="$pkglist"" exfat-utils"
fi
if [ ! -z "$productivity" ]; then
export pkglist="$pkglist"" libreoffice-still gimp feh vlc evince openshot"
fi
if [ ! -z "$kali" ]; then
export pkglist="$pkglist"" extundelete testdisk nmap tcpdump hexedit dcfldd"
if [ ! -z "$gui" ]; then
export pkglist="$pkglist"" wireshark-gtk"
else
export pkglist="$pkglist"" wireshark-cli"
fi
fi
if [ ! -z "$kitchensink" ]; then
export pkglist="base base-devel $(wget -q -O - 'https://aninix.net/installed-packages.txt' | cut -f 1 -d ' ' | tr '\n' ' ')"
fi
yes "" | pacstrap -i /mnt $pkglist
if [ $? -ne 0 ]; then header ERROR: Cannot continue -- pacstrap failed; exit 1; fi
header Create FSTAB
genfstab -U /mnt >> /mnt/etc/fstab
header Set time
sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /mnt/etc/locale.gen
arch-chroot /mnt locale-gen
ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime
arch-chroot /mnt hwclock --systohc --utc
header Setup bootloader
if [ -z "$nodiskbuild" ]; then
export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')"
if [ ! -z "$encrypt" ]; then
export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')"
sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf
sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub
sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub # Fix for CVE-2016-4484
fi
fi
arch-chroot /mnt mkinitcpio -p linux
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
if [ -z "$nodiskbuild" ]; then
arch-chroot /mnt grub-install --target=x86_64-efi --removable --bootloader-id=grub --efi-directory /boot "$disk"
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
arch-chroot /mnt grub-install --target=i386-pc "$disk"
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi
arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
header Set networking
arch-chroot /mnt systemctl enable openntpd
arch-chroot /mnt systemctl enable netctl
export interface=$(ip link list | grep "state" | cut -f 2 -d ":" | cut -f 2 -d " " | grep -v lo)
cp /mnt/etc/netctl/examples/ethernet-dhcp /mnt/etc/netctl/$interface
sed -i 's/eth0/'$interface'/' /mnt/etc/netctl/$interface
echo 'DNSSearch="aninix.net"' >> /mnt/etc/netctl/$interface
arch-chroot /mnt systemctl enable netctl
arch-chroot /mnt netctl enable $interface
# Vim cleanup for SSH
arch-chroot /mnt mkdir -p /usr/share/vim/vimfiles/plugin
arch-chroot /mnt printf 'set mouse-=a\n' > /usr/share/vim/vimfiles/plugin/shadowarch.vim
ln -sf /etc/skel/.bashrc /mnt/root/.bashrc
# Clone ConfigPackags from AniNIX::Foundation
arch-chroot /mnt git -C /usr/local/src/ clone https://aninix.net/foundation/ConfigPackages
arch-chroot /mnt git -C /usr/local/src/ clone https://aninix.net/foundation/MiscScripts
arch-chroot /mnt make -C /usr/local/src/MiscScripts/Shared install
arch-chroot /mnt make -C /usr/local/src/MiscScripts/Admin install
arch-chroot /mnt make -C /usr/local/src/MiscScripts/ShadowArch install
arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/cower.git
arch-chroot /mnt groupadd tty-allow
arch-chroot /mnt useradd -u 1001 -G tty-allow -m depriv
arch-chroot /mnt usermod -G "$(getent group | grep root | cut -f 1 -d ':' | tr '\n' ',')""tty-allow" root
arch-chroot /mnt /bin/bash -c 'line="$(grep -E root"[[:space:]]"ALL /etc/sudoers)"; sed -i "s/$line/$line\ndepriv ALL=(ALL) ALL/" /etc/sudoers'
# Handle AUR Packages
if [ ! -z "$kali" ]; then
arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/autopsy.git
fi
# Optimizations from https://wiki.archlinux.org/index.php/Power_management
if [ ! -z "$powersave" ]; then
if [ `lspci | grep -i intel | grep -ic audio` -eq 1 ]; then
echo 'options snd_hda_intel power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf
else
echo 'options snd_ac97_codec power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf
fi
arch-chroot /mnt pacman -S rfkill cpupower --noconfirm
arch-chroot /mnt systemctl enable rfkill-block@.service
echo 'kernel.nmi_watchdog = 0' > /mnt/etc/sysctl.d/disable_watchdog.conf
echo 'vm.dirty_writeback_centisecs = 6000' > /mnt/etc/sysctl.d/dirty_writes.conf
echo 'vm.laptop_mode = 5' > /mnt/etc/sysctl.d/laptop.conf
echo 'ACTION=="add", SUBSYSTEM=="net", KERNEL=="wlan*", RUN+="/usr/bin/iw dev %k set power_save on"' > /mnt/etc/udev/rules.d/70-wifi-powersave.rules
echo 'blacklist uvcvideo' > /mnt/etc/modprobe.d/no-camera.conf
fi
# Thanks to https://wiki.archlinux.org/index.php/Professional_audio
if [ ! -z "$audio" ]; then
sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="#GRUB_CMDLINE_LINUX_DEFAULT="threadirqs #' /mnt/etc/default/grub
arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
printf 'vm.swappiness = 10\nfs.inotify.max_user_watches = 524288\n' > /mnt/etc/sysctl.d/99-audio-tuning.conf
setpci -v -d *:* latency_timer=b0
for SOUND_CARD_PCI_ID in `lspci | grep -i audio | cut -f 1 -d ' '`; do
setpci -v -s $SOUND_CARD_PCI_ID latency_timer=ff;
done
printf 'echo 2048 > /sys/class/rtc/rtc0/max_user_freq\necho 2048 > /proc/sys/dev/hpet/max-user-freq\n' >> /mnt/etc/rc.local
fi
# Set password
header Set new root passphrase and depriviledged user '(depriv)' password.
arch-chroot /mnt passwd
arch-chroot /mnt passwd depriv
arch-chroot /mnt chown -R depriv:depriv /usr/local/src/
# Set SSH host keys
arch-chroot /mnt ssh-keygen -A
cp /root/shadowarch /mnt/root/shadowarch.installer."$(date +%F-%R)"
if [ ! -z "$gui" ]; then
echo "Remember to install your graphics drivers!
For NVidia, look at xf86-video-nouveau
For AMD, look at xf86-video-amdgpu
For Hyper-V, look at xf86-video-fbdev
For Virtual Box, look at virtualbox-guest-utils
For VMware, look at open-vm-tools"
fi
# Set hostname
header Set hostname
printf "What is your fully-qualified hostname? (i.e. Core.AniNIX.net) "
read hostname
echo "$hostname" > /mnt/etc/hostname
hostname "$hostname"
header Installed ShadowArch on `hostname -s`\!
if [ ! -z "$nodiskbuild" ]; then
header Remember to run grub-install and set up your bootloader.
echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader'
else
header Press enter to reboot.
read
# Reboot
shutdown -r now
fi

13
roles/Foundation/files/web-snippets/martialarts/index
View File

@ -1,6 +1,6 @@
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div class="ui negative message"><p>We are open despite COVID-19 -- those attending in person will need to sign a waiver of health and follow all state requirements, including wearing a mask.</p></div>
<!--<div class="ui negative message"><p>We are open despite COVID-19 -- those attending in person will need to sign a waiver of health and follow all state requirements, including wearing a mask.</p></div>-->
<div>
<img class="logo" src="/assets/img/icons/MartialArtsIcon.png" />
</div>
@ -42,9 +42,9 @@
<p class="large">
<ul style="text-align: left;">
<li><b>Cost:</b> $10 per month in-person; $5 per month livestream -- pay below.</li>
<li><b>Lessons:</b>Mondays and Thursdays 7-8:30 p.m.</li>
<li><b>Sparring:</b> Mondays and Thursdays 6-7 p.m.</li>
<li><b>Shaolin Workouts:</b> Saturday mornings at 8 a.m. by livestream only</li>
<li><b>Lessons:</b>Tuesdays 7-8:30 p.m.</li>
<li><b>Sparring:</b>Tuesdays 6-7 p.m.</li>
<li><b>Shaolin Workouts:</b> Saturday mornings at 8 a.m. </li>
<li><b>Location:</b> <a href="https://g.page/aninix-martial-arts?share">225 Blaser Drive, Belleville, WI</a></li>
<li><b>What to bring:</b> Exercise clothes and water</li>
</ul></p>
@ -81,7 +81,7 @@
</div>
</div>
<hr style="margin-top: 50px;" />
<!--<div class="ui stackable middle very relaxed page grid">
<div class="ui stackable middle very relaxed page grid">
<script src="https://js.stripe.com/v3"></script>
<div class="sixteen wide center aligned centered column">
@ -332,5 +332,4 @@
<! -- END STRIPE CODE -->
</div>
</div>
<hr style="margin-top: 50px;" />
</div>-->
</div>

44
roles/Foundation/tasks/main.yml
View File

@ -22,6 +22,16 @@
- "custom/bin"
- "web-snippets"
- name: Populate config
become: yes
register: config
template:
src: app.ini.j2
dest: /var/lib/gitea/custom/conf/app.ini
owner: gitea
group: gitea
mode: 0750
- name: Copy web-snippets
become: yes
copy:
@ -39,6 +49,14 @@
owner: gitea
group: gitea
- name: Publish AniNIX/Yggdrasil CSS
become: yes
get_url:
url: https://github.com/BenZuser/Emby-Web-Dark-Themes-CSS/raw/master/RED/theme.css
dest: /var/lib/gitea/custom/public/css/emby-web-dark-theme-BenZuser.css
owner: gitea
group: gitea
- name: Copy hook
become: yes
copy:
@ -47,6 +65,32 @@
owner: gitea
group: gitea
- name: Service file
become: yes
register: servicefile
copy:
src: foundation.service
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0755
- name: Ensure default service disabled
become: yes
service:
name: gitea
state: stopped
enabled: no
- name: Generate pages
become: yes
register: custompages
command: /usr/bin/runuser -u gitea -- /usr/bin/bash /var/lib/gitea/custom/bin/gen-aninix-custom
- name: Restart service
become: yes
when: config.changed or servicefile.changed or custompages.changed
service:
name: foundation
state: restarted
enabled: yes

784
roles/Foundation/templates/app.ini.j2 Normal file
View File

@ -0,0 +1,784 @@
; This file lists the default values used by Gitea
; Copy required sections to your own app.ini (default is custom/conf/app.ini)
; and modify as needed.
; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
; App name that shows in every page title
APP_NAME = AniNIX
; Change it if you run locally
RUN_USER = gitea
; Either "dev", "prod" or "test", default is "dev"
RUN_MODE = prod
[repository]
ROOT = repos
SCRIPT_TYPE = bash
; Default ANSI charset
ANSI_CHARSET =
; Force every new repository to be private
FORCE_PRIVATE = false
; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
DEFAULT_PRIVATE = last
; Global limit of repositories per user, applied at creation time. -1 means no limit
MAX_CREATION_LIMIT = -1
; Mirror sync queue length, increase if mirror syncing starts hanging
MIRROR_QUEUE_LENGTH = 1000
; Patch test queue length, increase if pull request patch testing starts hanging
PULL_REQUEST_QUEUE_LENGTH = 1000
; Preferred Licenses to place at the top of the List
; The name here must match the filename in conf/license or custom/conf/license
PREFERRED_LICENSES = AniNIX-WTFPL
; Disable the ability to interact with repositories using the HTTP protocol
DISABLE_HTTP_GIT = false
; Value for Access-Control-Allow-Origin header, default is not to present
; WARNING: This maybe harmful to you website if you do not give it a right value.
ACCESS_CONTROL_ALLOW_ORIGIN =
; Force ssh:// clone url instead of scp-style uri when default SSH port is used
USE_COMPAT_SSH_URI = false
; Close issues as long as a commit on any branch marks it as fixed
DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
[repository.editor]
; List of file extensions for which lines should be wrapped in the CodeMirror editor
; Separate extensions with a comma. To line wrap files without an extension, just put a comma
LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
; Valid file modes that have a preview API associated with them, such as api/v1/markdown
; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
PREVIEWABLE_FILE_MODES = markdown
[repository.local]
; Path for local repository copy. Defaults to `tmp/local-repo`
LOCAL_COPY_PATH = tmp/local-repo
; Path for local wiki copy. Defaults to `tmp/local-wiki`
LOCAL_WIKI_PATH = tmp/local-wiki
[repository.upload]
; Whether repository file uploads are enabled. Defaults to `true`
ENABLED = true
; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
TEMP_PATH = data/tmp/uploads
; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
ALLOWED_TYPES =
; Max size of each file in megabytes. Defaults to 3MB
FILE_MAX_SIZE = 3
; Max number of files per upload. Defaults to 5
MAX_FILES = 5
[repository.pull-request]
; List of prefixes used in Pull Request title to mark them as Work In Progress
WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
[repository.issue]
; List of reasons why a Pull Request or Issue can be locked
LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
[cors]
; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
; enable cors headers (disabled by default)
ENABLED = false
; scheme of allowed requests
SCHEME = http
; list of requesting domains that are allowed
ALLOW_DOMAIN = *
; allow subdomains of headers listed above to request
ALLOW_SUBDOMAIN = false
; list of methods allowed to request
METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
; max time to cache response
MAX_AGE = 10m
; allow request with credentials
ALLOW_CREDENTIALS = false
[ui]
; Number of repositories that are displayed on one explore page
EXPLORE_PAGING_NUM = 20
; Number of issues that are displayed on one page
ISSUE_PAGING_NUM = 10
; Number of maximum commits displayed in one activity feed
FEED_MAX_COMMIT_NUM = 5
; Number of maximum commits displayed in commit graph.
GRAPH_MAX_COMMIT_NUM = 100
; Number of line of codes shown for a code comment
CODE_COMMENT_LINES = 4
; Value of `theme-color` meta tag, used by Android >= 5.0
; An invalid color like "none" or "disable" will have the default style
; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
THEME_COLOR_META_TAG = `#ff0000`
; Max size of files to be displayed (default is 8MiB)
MAX_DISPLAY_FILE_SIZE = 8388608
; Whether the email of the user should be shown in the Explore Users page
SHOW_USER_EMAIL = true
; Set the default theme for the Gitea install
DEFAULT_THEME = aninix
; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
THEMES = gitea,arc-green,aninix
; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
DEFAULT_SHOW_FULL_NAME = false
[ui.admin]
; Number of users that are displayed on one page
USER_PAGING_NUM = 50
; Number of repos that are displayed on one page
REPO_PAGING_NUM = 50
; Number of notices that are displayed on one page
NOTICE_PAGING_NUM = 25
; Number of organizations that are displayed on one page
ORG_PAGING_NUM = 50
[ui.user]
; Number of repos that are displayed on one page
REPO_PAGING_NUM = 15
[ui.meta]
AUTHOR = AniNIX::Foundation
DESCRIPTION = AniNIX::Foundation \\ Code, documentation, and information sharing powered by Gitea (git with a cup of tea)
KEYWORDS = go,git,self-hosted,gitea,aninix,aninix::foundation
[markdown]
; Enable hard line break extension
ENABLE_HARD_LINE_BREAK = false
; List of custom URL-Schemes that are allowed as links when rendering Markdown
; for example git,magnet
CUSTOM_URL_SCHEMES =
; List of file extensions that should be rendered/edited as Markdown
; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
[server]
; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
PROTOCOL = http
DOMAIN = {{ external_domain }}
ROOT_URL = https://{{ external_domain }}/
; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
HTTP_ADDR = 0.0.0.0
HTTP_PORT = 3000
; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for
; PORT_TO_REDIRECT.
REDIRECT_OTHER_PORT = false
PORT_TO_REDIRECT = 3000
; Permission for unix socket
UNIX_SOCKET_PERMISSION = 660
; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
; In most cases you do not need to change the default value.
; Alter it only if your SSH server node is not the same as HTTP node.
; Do not set this variable if PROTOCOL is set to 'unix'.
LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
; Disable SSH feature when not available
DISABLE_SSH = false
; Whether to use the builtin SSH server or not.
START_SSH_SERVER = false
; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
BUILTIN_SSH_SERVER_USER =
; Domain name to be exposed in clone URL
SSH_DOMAIN = foundation.aninix.net
; The network interface the builtin SSH server should listen on
SSH_LISTEN_HOST =
; Port number to be exposed in clone URL
SSH_PORT = 22
; The port number the builtin SSH server should listen on
SSH_LISTEN_PORT = %(SSH_PORT)s
; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
SSH_ROOT_PATH =
; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
SSH_CREATE_AUTHORIZED_KEYS_FILE = true
; For the built-in SSH server, choose the ciphers to support for SSH connections,
; for system SSH this setting has no effect
SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
; for system SSH this setting has no effect
SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
; For the built-in SSH server, choose the MACs to support for SSH connections,
; for system SSH this setting has no effect
SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
; Directory to create temporary files in when testing public keys using ssh-keygen,
; default is the system temporary directory.
SSH_KEY_TEST_PATH =
; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
SSH_KEYGEN_PATH = ssh-keygen
; Enable SSH Authorized Key Backup when rewriting all keys, default is true
SSH_BACKUP_AUTHORIZED_KEYS = true
; Enable exposure of SSH clone URL to anonymous visitors, default is false
SSH_EXPOSE_ANONYMOUS = false
; Indicate whether to check minimum key size with corresponding type
MINIMUM_KEY_SIZE_CHECK = false
; Disable CDN even in "prod" mode
OFFLINE_MODE = true
DISABLE_ROUTER_LOG = false
; Generate steps:
; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
;
; Or from a .pfx file exported from the Windows certificate store (do
; not forget to export the private key):
; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
CERT_FILE = custom/https/cert.pem
KEY_FILE = custom/https/key.pem
; Root directory containing templates and static files.
; default is the path where Gitea is executed
STATIC_ROOT_PATH = /usr/share/gitea
; Default path for App data
APP_DATA_PATH = data
; Application level GZIP support
ENABLE_GZIP = false
; Application profiling (memory and cpu)
; For "web" command it listens on localhost:6060
; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
ENABLE_PPROF = false
; PPROF_DATA_PATH, use an absolute path when you start gitea as service
PPROF_DATA_PATH = data/tmp/pprof
; Landing page, can be "home", "explore", or "organizations"
LANDING_PAGE = home
; Enables git-lfs support. true or false, default is false.
LFS_START_SERVER = true
; Where your lfs files reside, default is data/lfs.
LFS_CONTENT_PATH = data/lfs
; LFS authentication secret, change this yourself
LFS_JWT_SECRET = {{ secrets.Foundation.lfs_jwt_secret }}
; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
LFS_HTTP_AUTH_EXPIRY = 20m
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
[ssh.minimum_key_sizes]
ED25519 = 256
ECDSA = 256
RSA = 2048
DSA = 1024
[database]
; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
DB_TYPE = postgres
HOST = 127.0.0.1:5432
NAME = gitea
USER = gitea
; Use PASSWD = `your password` for quoting if you use special characters in the password.
PASSWD = {{ secrets.Foundation.database_password }}
; For Postgres, either "disable" (default), "require", or "verify-full"
; For MySQL, either "false" (default), "true", or "skip-verify"
SSL_MODE = disable
; For MySQL only, either "utf8" or "utf8mb4", default is "utf8".
; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
CHARSET = utf8
; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
PATH = data/gitea.db
; For "sqlite3" only. Query timeout
SQLITE_TIMEOUT = 500
; For iterate buffer, default is 50
ITERATE_BUFFER_SIZE = 50
; Show the database generated SQL
LOG_SQL = false
; Maximum number of DB Connect retries
DB_RETRIES = 10
; Backoff time per DB retry (time.Duration)
DB_RETRY_BACKOFF = 3s
[indexer]
; Issue indexer type, currently support: bleve or db, default is bleve
ISSUE_INDEXER_TYPE = bleve
; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
ISSUE_INDEXER_PATH = indexers/issues.bleve
; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue
ISSUE_INDEXER_QUEUE_TYPE = levelqueue
; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
; default is indexers/issues.queue
ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
ISSUE_INDEXER_QUEUE_CONN_STR = addrs=127.0.0.1:6379 db=0
; Batch queue number, default is 20
ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20
; repo indexer by default disabled, since it uses a lot of disk space
REPO_INDEXER_ENABLED = false
REPO_INDEXER_PATH = indexers/repos.bleve
UPDATE_BUFFER_LEN = 20
MAX_FILE_SIZE = 1048576
[admin]
; Disallow regular (non-admin) users from creating organizations.
DISABLE_REGULAR_ORG_CREATION = true
[security]
; Whether the installer is disabled
INSTALL_LOCK = true
; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
SECRET_KEY = {{ secrets.Foundation.secret_key }}
; How long to remember that an user is logged in before requiring relogin (in days)
LOGIN_REMEMBER_DAYS = 7
COOKIE_USERNAME = gitea_awesome
COOKIE_REMEMBER_NAME = gitea_incredible
; Reverse proxy authentication header name of user name
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
; The minimum password length for new Users
MIN_PASSWORD_LENGTH = 6
; Set to true to allow users to import local server paths
IMPORT_LOCAL_PATHS = false
; Set to true to prevent all users (including admin) from creating custom git hooks
DISABLE_GIT_HOOKS = false
INTERNAL_TOKEN = {{ secrets.Foundation.internal_token }}
[openid]
;
; OpenID is an open, standard and decentralized authentication protocol.
; Your identity is the address of a webpage you provide, which describes
; how to prove you are in control of that page.
;
; For more info: https://en.wikipedia.org/wiki/OpenID
;
; Current implementation supports OpenID-2.0
;
; Tested to work providers at the time of writing:
; - Any GNUSocial node (your.hostname.tld/username)
; - Any SimpleID provider (http://simpleid.koinic.net)
; - http://openid.org.cn/
; - openid.stackexchange.com
; - login.launchpad.net
; - <username>.livejournal.com
;
; Whether to allow signin in via OpenID
ENABLE_OPENID_SIGNIN = FALSE
; Whether to allow registering via OpenID
; Do not include to rely on rhw DISABLE_REGISTRATION setting
; ENABLE_OPENID_SIGNUP = true
; Allowed URI patterns (POSIX regexp).
; Space separated.
; Only these would be allowed if non-blank.
; Example value: trusted.domain.org trusted.domain.net
WHITELISTED_URIS =
; Forbidden URI patterns (POSIX regexp).
; Space separated.
; Only used if WHITELISTED_URIS is blank.
; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
BLACKLISTED_URIS =
ENABLE_OPENID_SIGNUP = false
[service]
; Time limit to confirm account/email registration
ACTIVE_CODE_LIVE_MINUTES = 180
; Time limit to perform the reset of a forgotten password
RESET_PASSWD_CODE_LIVE_MINUTES = 180
; Whether a new user needs to confirm their email when registering.
REGISTER_EMAIL_CONFIRM = false
; List of domain names that are allowed to be used to register on a Gitea instance
; gitea.io,example.com
EMAIL_DOMAIN_WHITELIST =
; Disallow registration, only allow admins to create accounts.
DISABLE_REGISTRATION = true
; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
; User must sign in to view anything.
REQUIRE_SIGNIN_VIEW = false
; Mail notification
ENABLE_NOTIFY_MAIL = false
; More detail: https://github.com/gogits/gogs/issues/165
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
ENABLE_REVERSE_PROXY_EMAIL = false
; Enable captcha validation for registration
ENABLE_CAPTCHA = false
; Type of captcha you want to use. Options: image, recaptcha
CAPTCHA_TYPE = image
; Enable recaptcha to use Google's recaptcha service
; Go to https://www.google.com/recaptcha/admin to sign up for a key
RECAPTCHA_SECRET =
RECAPTCHA_SITEKEY =
; Change this to use recaptcha.net or other recaptcha service
RECAPTCHA_URL = https://www.google.com/recaptcha/
; Default value for KeepEmailPrivate
; Each new user will get the value of this setting copied into their profile
DEFAULT_KEEP_EMAIL_PRIVATE = false
; Default value for AllowCreateOrganization
; Every new user will have rights set to create organizations depending on this setting
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
; Either "public", "limited" or "private", default is "public"
; Limited is for signed user only
; Private is only for member of the organization
; Public is for everyone
DEFAULT_ORG_VISIBILITY = public
; Default value for EnableDependencies
; Repositories will use dependencies by default depending on this setting
DEFAULT_ENABLE_DEPENDENCIES = true
; Enable heatmap on users profiles.
ENABLE_USER_HEATMAP = true
; Enable Timetracking
ENABLE_TIMETRACKING = true
; Default value for EnableTimetracking
; Repositories will use timetracking by default depending on this setting
DEFAULT_ENABLE_TIMETRACKING = true
; Default value for AllowOnlyContributorsToTrackTime
; Only users with write permissions can track time if this is true
DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
; Default value for the domain part of the user's email address in the git log
; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
NO_REPLY_ADDRESS = noreply.aninix.net
; Show Registration button
SHOW_REGISTRATION_BUTTON = true
; Default value for AutoWatchNewRepos
; When adding a repo to a team or creating a new repo all team members will watch the
; repo automatically if enabled
AUTO_WATCH_NEW_REPOS = true
[webhook]
; Hook task queue length, increase if webhook shooting starts hanging
QUEUE_LENGTH = 1000
; Deliver timeout in seconds
DELIVER_TIMEOUT = 5
; Allow insecure certification
SKIP_TLS_VERIFY = false
; Number of history information in each page
PAGING_NUM = 10
ALLOWED_HOST_LIST = ::1/128, 127.0.0.1/32
[mailer]
ENABLED = false
; Buffer length of channel, keep it as it is if you don't know what it is.
SEND_BUFFER_LEN = 100
; Prefix displayed before subject in mail
SUBJECT_PREFIX =
; Mail server
; Gmail: smtp.gmail.com:587
; QQ: smtp.qq.com:465
; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
HOST =
; Disable HELO operation when hostnames are different.
DISABLE_HELO =
; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
HELO_HOSTNAME =
; Do not verify the certificate of the server. Only use this for self-signed certificates
SKIP_VERIFY =
; Use client certificate
USE_CERTIFICATE = false
CERT_FILE = custom/mailer/cert.pem
KEY_FILE = custom/mailer/key.pem
; Should SMTP connection use TLS
IS_TLS_ENABLED = false
; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
FROM =
; Mailer user name and password
USER =
; Use PASSWD = `your password` for quoting if you use special characters in the password.
PASSWD =
; Send mails as plain text
SEND_AS_PLAIN_TEXT = false
; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
MAILER_TYPE = smtp
; Specify an alternative sendmail binary
SENDMAIL_PATH = sendmail
; Specify any extra sendmail arguments
SENDMAIL_ARGS =
[cache]
; Either "memory", "redis", or "memcache", default is "memory"
ADAPTER = memory
; For "memory" only, GC interval in seconds, default is 60
INTERVAL = 60
; For "redis" and "memcache", connection host address
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
; memcache: `127.0.0.1:11211`
HOST =
; Time to keep items in cache if not used, default is 16 hours.
; Setting it to 0 disables caching
ITEM_TTL = 16h
[session]
; Either "memory", "file", or "redis", default is "memory"
PROVIDER = file
; Provider config options
; memory: doesn't have any config yet
; file: session file path, e.g. `data/sessions`
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
PROVIDER_CONFIG = data/sessions
; Session cookie name
COOKIE_NAME = i_like_gitea
; If you use session in https only, default is false
COOKIE_SECURE = false
; Enable set cookie, default is true
ENABLE_SET_COOKIE = true
; Session GC time interval in seconds, default is 86400 (1 day)
GC_INTERVAL_TIME = 86400
; Session life time in seconds, default is 86400 (1 day)
SESSION_LIFE_TIME = 86400
[picture]
AVATAR_UPLOAD_PATH = data/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
; How Gitea deals with missing repository avatars
; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
REPOSITORY_AVATAR_FALLBACK = none
REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
; Max Width and Height of uploaded avatars.
; This is to limit the amount of RAM used when resizing the image.
AVATAR_MAX_WIDTH = 4096
AVATAR_MAX_HEIGHT = 3072
; Maximum alloved file size for uploaded avatars.
; This is to limit the amount of RAM used when resizing the image.
AVATAR_MAX_FILE_SIZE = 1048576
; Chinese users can choose "duoshuo"
; or a custom avatar source, like: http://cn.gravatar.com/avatar/
GRAVATAR_SOURCE = gravatar
; This value will always be true in offline mode.
DISABLE_GRAVATAR = true
; Federated avatar lookup uses DNS to discover avatar associated
; with emails, see https://www.libravatar.org
; This value will always be false in offline mode or when Gravatar is disabled.
ENABLE_FEDERATED_AVATAR = false
[attachment]
; Whether attachments are enabled. Defaults to `true`
ENABLED = true
; Path for attachments. Defaults to `data/attachments`
PATH = data/attachments
; One or more allowed types, e.g. image/jpeg|image/png
ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
; Max size of each file. Defaults to 4MB
MAX_SIZE = 4
; Max number of files per upload. Defaults to 5
MAX_FILES = 5
[time]
; Specifies the format for fully outputted dates. Defaults to RFC1123
; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
; For more information about the format see http://golang.org/pkg/time/#pkg-constants
FORMAT =
[log]
ROOT_PATH = /var/log/gitea/
; Either "console", "file", "conn", "smtp" or "database", default is "console"
; Use comma to separate multiple modes, e.g. "console, file"
MODE = console
; Buffer length of the channel, keep it as it is if you don't know what it is.
BUFFER_LEN = 10000
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
ROUTER_LOG_LEVEL = Critical
ROUTER = none
ENABLE_ACCESS_LOG = true
ACCESS_LOG_TEMPLATE = {{ '{{' }}.Ctx.RemoteAddr{{ '}}' }} - {{ '{{' }}.Identity{{ '}}' }} {{ '{{' }}.Start.Format "[02/Jan/2006:15:04:05 -0700]" {{ '}}' }} "{{ '{{' }}.Ctx.Req.Method{{ '}}' }} {{ '{{' }}.Ctx.Req.RequestURI{{ '}}' }} {{ '{{' }}.Ctx.Req.Proto{{ '}}' }}" {{ '{{' }}.ResponseWriter.Status{{ '}}' }} {{ '{{' }}.ResponseWriter.Size{{ '}}' }} "{{ '{{' }}.Ctx.Req.Referer{{ '}}' }}\" \"{{ '{{' }}.Ctx.Req.UserAgent{{ '}}' }}"
ACCESS = console
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
LEVEL = Info
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
STACKTRACE_LEVEL = Critical
; Generic log modes
[log.x]
FLAGS = stdflags
EXPRESSION =
PREFIX =
COLORIZE = false
; For "console" mode only
[log.console]
LEVEL =
COLORIZE = false
STDERR = false
; For "file" mode only
[log.file]
LEVEL =
; Set the file_name for the logger. If this is a relative path this
; will be relative to ROOT_PATH
FILE_NAME =
; This enables automated log rotate(switch of following options), default is true
LOG_ROTATE = true
; Max number of lines in a single file, default is 1000000
MAX_LINES = 1000000
; Max size shift of a single file, default is 28 means 1 << 28, 256MB
MAX_SIZE_SHIFT = 28
; Segment log daily, default is true
DAILY_ROTATE = true
; delete the log file after n days, default is 7
MAX_DAYS = 7
; compress logs with gzip
COMPRESS = true
; compression level see godoc for compress/gzip
COMPRESSION_LEVEL = -1
; For "conn" mode only
[log.conn]
LEVEL =
; Reconnect host for every single message, default is false
RECONNECT_ON_MSG = false
; Try to reconnect when connection is lost, default is false
RECONNECT = false
; Either "tcp", "unix" or "udp", default is "tcp"
PROTOCOL = tcp
; Host address
ADDR =
; For "smtp" mode only
[log.smtp]
LEVEL =
; Name displayed in mail title, default is "Diagnostic message from server"
SUBJECT = Diagnostic message from server
; Mail server
HOST =
; Mailer user name and password
USER =
; Use PASSWD = `your password` for quoting if you use special characters in the password.
PASSWD =
; Receivers, can be one or more, e.g. 1@example.com,2@example.com
RECEIVERS =
[cron]
; Enable running cron tasks periodically.
ENABLED = true
; Run cron tasks when Gitea starts.
RUN_AT_START = false
; Update mirrors
[cron.update_mirrors]
SCHEDULE = @every 10m
; Repository health check
[cron.repo_health_check]
SCHEDULE = @every 24h
TIMEOUT = 60s
; Arguments for command 'git fsck', e.g. "--unreachable --tags"
; see more on http://git-scm.com/docs/git-fsck
ARGS =
; Check repository statistics
[cron.check_repo_stats]
RUN_AT_START = true
SCHEDULE = @every 24h
; Clean up old repository archives
[cron.archive_cleanup]
; Whether to enable the job
ENABLED = true
; Whether to always run at least once at start up time (if ENABLED)
RUN_AT_START = true
; Time interval for job to run
SCHEDULE = @every 24h
; Archives created more than OLDER_THAN ago are subject to deletion
OLDER_THAN = 24h
; Synchronize external user data (only LDAP user synchronization is supported)
[cron.sync_external_users]
; Synchronize external user data when starting server (default false)
RUN_AT_START = false
; Interval as a duration between each synchronization (default every 24h)
SCHEDULE = @every 24h
; Create new users, update existing user data and disable users that are not in external source anymore (default)
; or only create new users if UPDATE_EXISTING is set to false
UPDATE_EXISTING = true
[git]
; Disables highlight of added and removed changes
DISABLE_DIFF_HIGHLIGHT = false
; Max number of lines allowed in a single file in diff view
MAX_GIT_DIFF_LINES = 1000
; Max number of allowed characters in a line in diff view
MAX_GIT_DIFF_LINE_CHARACTERS = 5000
; Max number of files shown in diff view
MAX_GIT_DIFF_FILES = 100
; Arguments for command 'git gc', e.g. "--aggressive --auto"
; see more on http://git-scm.com/docs/git-gc/
GC_ARGS =
; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
EnableAutoGitWireProtocol = true
; Operation timeout in seconds
[git.timeout]
DEFAULT = 360
MIGRATE = 600
MIRROR = 300
CLONE = 300
PULL = 300
GC = 60
[mirror]
; Default interval as a duration between each check
DEFAULT_INTERVAL = 8h
; Min interval as a duration must be > 1m
MIN_INTERVAL = 10m
[api]
; Enables Swagger. True or false; default is true.
ENABLE_SWAGGER = true
; Max number of items in a page
MAX_RESPONSE_ITEMS = 50
; Default paging number of api
DEFAULT_PAGING_NUM = 30
; Default and maximum number of items per page for git trees api
DEFAULT_GIT_TREES_PER_PAGE = 1000
; Default size of a blob returned by the blobs API (default is 10MiB)
DEFAULT_MAX_BLOB_SIZE = 10485760
[oauth2]
; Enables OAuth2 provider
ENABLE = true
; Lifetime of an OAuth2 access token in seconds
ACCESS_TOKEN_EXPIRATION_TIME = 3600
; Lifetime of an OAuth2 access token in hours
REFRESH_TOKEN_EXPIRATION_TIME = 730
; Check if refresh token got already used
INVALIDATE_REFRESH_TOKENS = false
; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
JWT_SECRET = {{ secrets.Foundation.jwt_secret }}
[i18n]
LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
; Used for datetimepicker
[i18n.datelang]
en-US = en
zh-CN = zh
zh-HK = zh-HK
zh-TW = zh-TW
de-DE = de
fr-FR = fr
nl-NL = nl
lv-LV = lv
ru-RU = ru
uk-UA = uk
ja-JP = ja
es-ES = es
pt-BR = pt-BR
pl-PL = pl
bg-BG = bg
it-IT = it
fi-FI = fi
tr-TR = tr
cs-CZ = cs-CZ
sr-SP = sr
sv-SE = sv
ko-KR = ko
[U2F]
; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
; Two Factor authentication with security keys
; https://developers.yubico.com/U2F/App_ID.html
; APP_ID = http://localhost:3000/
; Comma seperated list of trusted facets
; TRUSTED_FACETS = http://localhost:3000/
; Extension mapping to highlight class
; e.g. .toml=ini
[highlight.mapping]
[other]
SHOW_FOOTER_BRANDING = false
; Show version information about Gitea and Go in the footer
SHOW_FOOTER_VERSION = false
; Show template execution time in the footer
SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
[markup.asciidoc]
ENABLED = false
; List of file extensions that should be rendered by an external command
FILE_EXTENSIONS = .adoc,.asciidoc
; External command to render all matching extensions
RENDER_COMMAND = asciidoc --out-file=- -
; Don't pass the file on STDIN, pass the filename as argument instead.
IS_INPUT_FILE = false
[metrics]
; Enables metrics endpoint. True or false; default is false.
ENABLED = false
; If you want to add authorization, specify a token here
TOKEN =