{%- if server %} APP_NAME = {{taskserv.app_name}} RUN_MODE = prod RUN_USER = {{taskserv.run_user}} WORK_PATH = {{taskserv.work_path}} [repository] ROOT = {{taskserv.work_path}}/data/git/repositories [repository.local] LOCAL_COPY_PATH = {{taskserv.work_path}}/tmp/local-repo [repository.upload] TEMP_PATH = {{taskserv.work_path}}/uploads [server] PROTOCOL = {{taskserv.protocol}} APP_DATA_PATH = {{taskserv.work_path}}/data SSH_DOMAIN = {{taskserv.ssh_domain}} DOMAIN = {{taskserv.domain}} {% if taskserv.http_addr == "$network_private_ip" %} HTTP_ADDR="{{server.network_private_ip}}" {% elif taskserv.http_addr == "$network_public_ip" %} HTTP_ADDR="{{server.network_public_ip}}" {%- else %} HTTP_ADDR = {{taskserv.http_addr}} {%- endif %} HTTP_PORT = {{taskserv.http_port}} ROOT_URL = {{taskserv.root_url}} DISABLE_SSH = false LFS_START_SERVER = true shFS_MAX_FILE_SIZE = 0 LFS_LOCK_PAGING_NUM = 50 ; Permission for unix socket UNIX_SOCKET_PERMISSION = 666 START_SSH_SERVER = {{taskserv.start_ssh_server}} BUILTIN_SSH_SERVER_USER = {{taskserv.builtin_ssh_server_user}} ; The network interface the builtin SSH server should listen on ; SSH_LISTEN_HOST = ; Port number to be exposed in clone URL SSH_PORT = {{taskserv.ssh_port}} ; The port number the builtin SSH server should listen on SSH_LISTEN_PORT = %(SSH_PORT)s ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. ; SSH_ROOT_PATH = SSH_ROOT_PATH = {{taskserv.ssh_root_path}} ; Gitea will create a authorized_keys file by default when it is not using the internal ssh server ; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off. SSH_CREATE_AUTHORIZED_KEYS_FILE = false ; For the built-in SSH server, choose the ciphers to support for SSH connections, ; for system SSH this setting has no effect SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128 ; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections ; for system SSH this setting has no effect SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org ; for system SSH this setting has no effect SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96 ; Directory to create temporary files in when testing public keys using ssh-keygen, ; default is the system temporary directory. ; SSH_KEY_TEST_PATH = ; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call. SSH_KEYGEN_PATH = ssh-keygen ; Enable SSH Authorized Key Backup when rewriting all keys, default is true SSH_BACKUP_AUTHORIZED_KEYS = true ; Enable exposure of SSH clone URL to anonymous visitors, default is false SSH_EXPOSE_ANONYMOUS = false ; Indicate whether to check minimum key size with corresponding type MINIMUM_KEY_SIZE_CHECK = false ; Disable CDN even in "prod" mode DISABLE_ROUTER_LOG = false OFFLINE_MODE = true ; Generate steps: ; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com ; ; Or from a .pfx file exported from the Windows certificate store (do ; not forget to export the private key): ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes # CERT_FILE = {{taskserv.work_path}}/conf/ssl/fullchain.pem # KEY_FILE = {{taskserv.work_path}}/conf/ssl/privkey.pem ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes CERT_FILE = {{taskserv.cert_file}} KEY_FILE = {{taskserv.key_file}} [database] PATH = {{taskserv.db.path}} DB_TYPE = {{taskserv.db.typ}} {% if taskserv.db.typ != "sqlite" %} HOST = {{taskserv.db.host | replace(from="$network_private_ip", to=server.network_private_ip)}} NAME = {{taskserv.db.name}} USER = {{taskserv.db.user}} PASSWD = {{taskserv.db.password}} LOG_SQL = false SCHEMA = CHARSET = {{taskserv.db.charset}} SSL_MODE = {{taskserv.db.ssl_mode}} {%- endif %} [indexer] ISSUE_INDEXER_PATH = {{taskserv.work_path}}/indexers/issues.bleve [session] PROVIDER_CONFIG = {{taskserv.work_path}}/sessions PROVIDER = file [picture] AVATAR_UPLOAD_PATH = {{taskserv.work_path}}/avatars REPOSITORY_AVATAR_UPLOAD_PATH = {{taskserv.work_path}}/repo-avatars [attachment] PATH = {{taskserv.work_path}}/attachments [log] MODE = console LEVEL = info ROOT_PATH = {{taskserv.work_path}}/log [security] INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * PASSWORD_HASH_ALGO = pbkdf2 [service] DISABLE_REGISTRATION = {{taskserv.disable_registration}} REQUIRE_SIGNIN_VIEW = {{taskserv.require_signin_view}} REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.localrepo.cloudnative.zone [lfs] PATH = {{taskserv.work_path}}/data/git/lfs [mailer] ENABLED = false [openid] ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNUP = true [cron.update_checker] ENABLED = false [repository.pull-request] DEFAULT_MERGE_STYLE = merge [repository.signing] DEFAULT_TRUST_MODEL = committer [oauth2] [webhook] ; Hook task queue length, increase if webhook shooting starts hanging QUEUE_LENGTH = 1000 ; Deliver timeout in seconds DELIVER_TIMEOUT = ; Allow insecure certification SKIP_TLS_VERIFY = false ; Number of history information in each page PAGING_NUM = 10 {% if taskserv.webhook_allowed_hosts_list == "$server.priv_cidr_block" %} ALLOWED_HOST_LIST = {{server.priv_cidr_block}} {%- else %} ALLOWED_HOST_LIST = {{taskserv.webhook_allowed_hosts_list}} {%- endif %} {%- endif %}