jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b0f0655a71
provisioning/taskservs/gitea/default/app.ini.j2
Jesús Pérez 50745b0f22 chore: add current provisioning state before migration
2025-09-22 23:11:41 +01:00

174 lines
5.7 KiB
Django/Jinja
Raw Blame History

{%- if server %}
APP_NAME = {{taskserv.app_name}}
RUN_MODE = prod
RUN_USER = {{taskserv.run_user}}
WORK_PATH = {{taskserv.work_path}}
[repository]
ROOT = {{taskserv.work_path}}/data/git/repositories
[repository.local]
LOCAL_COPY_PATH = {{taskserv.work_path}}/tmp/local-repo
[repository.upload]
TEMP_PATH = {{taskserv.work_path}}/uploads
[server]
PROTOCOL = {{taskserv.protocol}}
APP_DATA_PATH = {{taskserv.work_path}}/data
SSH_DOMAIN = {{taskserv.ssh_domain}}
DOMAIN = {{taskserv.domain}}
{% if taskserv.http_addr == "$network_private_ip" %}
HTTP_ADDR="{{server.network_private_ip}}"
{% elif taskserv.http_addr == "$network_public_ip" %}
HTTP_ADDR="{{server.network_public_ip}}"
{%- else %}
HTTP_ADDR = {{taskserv.http_addr}}
{%- endif %}
HTTP_PORT = {{taskserv.http_port}}
ROOT_URL = {{taskserv.root_url}}
DISABLE_SSH = false
LFS_START_SERVER = true
shFS_MAX_FILE_SIZE = 0
LFS_LOCK_PAGING_NUM = 50
; Permission for unix socket
UNIX_SOCKET_PERMISSION = 666
START_SSH_SERVER = {{taskserv.start_ssh_server}}
BUILTIN_SSH_SERVER_USER = {{taskserv.builtin_ssh_server_user}}
; The network interface the builtin SSH server should listen on
; SSH_LISTEN_HOST =
; Port number to be exposed in clone URL
SSH_PORT = {{taskserv.ssh_port}}
; The port number the builtin SSH server should listen on
SSH_LISTEN_PORT = %(SSH_PORT)s
; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
; SSH_ROOT_PATH =
SSH_ROOT_PATH = {{taskserv.ssh_root_path}}
; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
SSH_CREATE_AUTHORIZED_KEYS_FILE = false
; For the built-in SSH server, choose the ciphers to support for SSH connections,
; for system SSH this setting has no effect
SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections
; for system SSH this setting has no effect
SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
; for system SSH this setting has no effect
SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
; Directory to create temporary files in when testing public keys using ssh-keygen,
; default is the system temporary directory.
; SSH_KEY_TEST_PATH =
; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
SSH_KEYGEN_PATH = ssh-keygen
; Enable SSH Authorized Key Backup when rewriting all keys, default is true
SSH_BACKUP_AUTHORIZED_KEYS = true
; Enable exposure of SSH clone URL to anonymous visitors, default is false
SSH_EXPOSE_ANONYMOUS = false
; Indicate whether to check minimum key size with corresponding type
MINIMUM_KEY_SIZE_CHECK = false
; Disable CDN even in "prod" mode
DISABLE_ROUTER_LOG = false
OFFLINE_MODE = true
; Generate steps:
; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
;
; Or from a .pfx file exported from the Windows certificate store (do
; not forget to export the private key):
; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
# CERT_FILE = {{taskserv.work_path}}/conf/ssl/fullchain.pem
# KEY_FILE = {{taskserv.work_path}}/conf/ssl/privkey.pem
; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
CERT_FILE = {{taskserv.cert_file}}
KEY_FILE = {{taskserv.key_file}}
[database]
PATH = {{taskserv.db.path}}
DB_TYPE = {{taskserv.db.typ}}
{% if taskserv.db.typ != "sqlite" %}
HOST = {{taskserv.db.host | replace(from="$network_private_ip", to=server.network_private_ip)}}
NAME = {{taskserv.db.name}}
USER = {{taskserv.db.user}}
PASSWD = {{taskserv.db.password}}
LOG_SQL = false
SCHEMA =
CHARSET = {{taskserv.db.charset}}
SSL_MODE = {{taskserv.db.ssl_mode}}
{%- endif %}
[indexer]
ISSUE_INDEXER_PATH = {{taskserv.work_path}}/indexers/issues.bleve
[session]
PROVIDER_CONFIG = {{taskserv.work_path}}/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = {{taskserv.work_path}}/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = {{taskserv.work_path}}/repo-avatars
[attachment]
PATH = {{taskserv.work_path}}/attachments
[log]
MODE = console
LEVEL = info
ROOT_PATH = {{taskserv.work_path}}/log
[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
PASSWORD_HASH_ALGO = pbkdf2
[service]
DISABLE_REGISTRATION = {{taskserv.disable_registration}}
REQUIRE_SIGNIN_VIEW = {{taskserv.require_signin_view}}
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localrepo.cloudnative.zone
[lfs]
PATH = {{taskserv.work_path}}/data/git/lfs
[mailer]
ENABLED = false
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[cron.update_checker]
ENABLED = false
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[oauth2]
[webhook]
; Hook task queue length, increase if webhook shooting starts hanging
QUEUE_LENGTH = 1000
; Deliver timeout in seconds
DELIVER_TIMEOUT =
; Allow insecure certification
SKIP_TLS_VERIFY = false
; Number of history information in each page
PAGING_NUM = 10
{% if taskserv.webhook_allowed_hosts_list == "$server.priv_cidr_block" %}
ALLOWED_HOST_LIST = {{server.priv_cidr_block}}
{%- else %}
ALLOWED_HOST_LIST = {{taskserv.webhook_allowed_hosts_list}}
{%- endif %}
{%- endif %}
Reference in New Issue View Git Blame Copy Permalink