From b243ff95fe68d1cc4755487d407a34dae1a69128 Mon Sep 17 00:00:00 2001 From: vincent Date: Sat, 7 Nov 2020 09:39:55 +0100 Subject: [PATCH] update gitea config: --- defaults/main.yml | 2 + templates/app.ini.j2 | 312 ++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 297 insertions(+), 17 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index e99b9b5..52bd13e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,6 +5,8 @@ gitea_home: "/mnt/diskstation/git" gitea_shell: "/bin/false" gitea_Static_Root_Path: "/usr/share/gitea" gitea_user_repo_limit: -1 +gitea_enable_push_create_user: true +gitea_enable_push_create_org: true gitea_http_domain: localhost gitea_root_url: http://localhost:3000 diff --git a/templates/app.ini.j2 b/templates/app.ini.j2 index 4865084..a9364c7 100644 --- a/templates/app.ini.j2 +++ b/templates/app.ini.j2 @@ -6,16 +6,16 @@ RUN_USER = {{ gitea_user }} RUN_MODE = prod [repository] -ROOT = {{ gitea_home }} +ROOT = {{ gitea_home }} SCRIPT_TYPE = bash ; Default ANSI charset ANSI_CHARSET = ; Force every new repository to be private -FORCE_PRIVATE = {{ gitea_force_private }} +FORCE_PRIVATE = {{ gitea_force_private }} ; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used. DEFAULT_PRIVATE = last ; Global limit of repositories per user, applied at creation time. -1 means no limit -MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }} +MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }} ; Mirror sync queue length, increase if mirror syncing starts hanging MIRROR_QUEUE_LENGTH = 1000 ; Patch test queue length, increase if pull request patch testing starts hanging @@ -24,7 +24,7 @@ PULL_REQUEST_QUEUE_LENGTH = 1000 ; The name here must match the filename in conf/license or custom/conf/license PREFERRED_LICENSES = Apache License 2.0,MIT License ; Disable the ability to interact with repositories using the HTTP protocol -DISABLE_HTTP_GIT = {{ gitea_disable_http_git }} +DISABLE_HTTP_GIT = {{ gitea_disable_http_git }} ; Value for Access-Control-Allow-Origin header, default is not to present ; WARNING: This maybe harmful to you website if you do not give it a right value. ACCESS_CONTROL_ALLOW_ORIGIN = @@ -32,6 +32,23 @@ ACCESS_CONTROL_ALLOW_ORIGIN = USE_COMPAT_SSH_URI = false ; Close issues as long as a commit on any branch marks it as fixed DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false +; Allow users to push local repositories to Gitea and have them automatically created for a user or an org +ENABLE_PUSH_CREATE_USER = {{ gitea_enable_push_create_user }} +ENABLE_PUSH_CREATE_ORG = {{ gitea_enable_push_create_org }} +; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, +repo.pulls, repo.wiki, repo.ext_wiki +DISABLED_REPO_UNITS = +; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, r +epo.pulls, repo.wiki. +; Note: Code and Releases can currently not be deactivated. If you specify default repo units you shou +ld still list them for future compatibility. +; External wiki and issue tracker can't be enabled by default as it requires additional settings. +; Disabled repo units will not be added to new repositories regardless if it is in the default list. +DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki +; Prefix archive files by placing them in a directory named after the repository +PREFIX_ARCHIVE_FILES = true +; The default branch name of new repositories +DEFAULT_BRANCH=master [repository.editor] ; List of file extensions for which lines should be wrapped in the CodeMirror editor @@ -62,11 +79,76 @@ MAX_FILES = 5 [repository.pull-request] ; List of prefixes used in Pull Request title to mark them as Work In Progress WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP] +; List of keywords used in Pull Request comments to automatically close a related issue +CLOSE_KEYWORDS=close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved +; List of keywords used in Pull Request comments to automatically reopen a related issue +REOPEN_KEYWORDS=reopen,reopens,reopened +; In the default merge message for squash commits include at most this many commits +DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT=50 +; In the default merge message for squash commits limit the size of the commit messages to this +DEFAULT_MERGE_MESSAGE_SIZE=5120 +; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list +DEFAULT_MERGE_MESSAGE_ALL_AUTHORS=false +; In default merge messages limit the number of approvers listed as Reviewed-by: to this many +DEFAULT_MERGE_MESSAGE_MAX_APPROVERS=10 +; In default merge messages only include approvers who are official +DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY=true + [repository.issue] ; List of reasons why a Pull Request or Issue can be locked LOCK_REASONS=Too heated,Off-topic,Resolved,Spam +[repository.signing] +; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey +; run in the context of the RUN_USER +; Switch to none to stop signing completely +SIGNING_KEY = default +; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer. +; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to +; the results of git config --get user.name and git config --get user.email respectively and can only be overrided +; by setting the SIGNING_KEY ID to the correct ID.) +SIGNING_NAME = +SIGNING_EMAIL = +; Determines when gitea should sign the initial commit when creating a repository +; Either: +; - never +; - pubkey: only sign if the user has a pubkey +; - twofa: only sign if the user has logged in with twofa +; - always +; options other than none and always can be combined as comma separated list +INITIAL_COMMIT = always +; Determines when to sign for CRUD actions +; - as above +; - parentsigned: requires that the parent commit is signed. +CRUD_ACTIONS = pubkey, twofa, parentsigned +; Determines when to sign Wiki commits +; - as above +WIKI = never +; Determines when to sign on merges +; - basesigned: require that the parent of commit on the base repo is signed. +; - commitssigned: require that all the commits in the head branch are signed. +; - approved: only sign when merging an approved pr to a protected branch +MERGES = pubkey, twofa, basesigned, commitssigned + +[cors] +; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers +; enable cors headers (disabled by default) +ENABLED=false +; scheme of allowed requests +SCHEME=http +; list of requesting domains that are allowed +ALLOW_DOMAIN=* +; allow subdomains of headers listed above to request +ALLOW_SUBDOMAIN=false +; list of methods allowed to request +METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS +; max time to cache response +MAX_AGE=10m +; allow request with credentials +ALLOW_CREDENTIALS=false + + [ui] ; Number of repositories that are displayed on one explore page EXPLORE_PAGING_NUM = 20 @@ -90,6 +172,23 @@ SHOW_USER_EMAIL = {{ gitea_show_user_email }} DEFAULT_THEME = gitea ; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`. THEMES = gitea,arc-green +[cors] +; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers +; enable cors headers (disabled by default) +ENABLED=false +; scheme of allowed requests +SCHEME=http +; list of requesting domains that are allowed +ALLOW_DOMAIN=* +; allow subdomains of headers listed above to request +ALLOW_SUBDOMAIN=false +; list of methods allowed to request +METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS +; max time to cache response +MAX_AGE=10m +; allow request with credentials +ALLOW_CREDENTIALS=false + [ui.admin] ; Number of users that are displayed on one page @@ -110,11 +209,29 @@ AUTHOR = Gitea - Git with a cup of tea DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go KEYWORDS = go,git,self-hosted,gitea +[ui.notification] +; Control how often the notification endpoint is polled to update the notification +; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged +; Set MIN_TIMEOUT to 0 to turn off +MIN_TIMEOUT = 10s +MAX_TIMEOUT = 60s +TIMEOUT_STEP = 10s +; This setting determines how often the db is queried to get the latest notification counts. +; If the browser client supports EventSource and SharedWorker, a SharedWorker will be used in preference to polling notification. Set to -1 to disable the EventSource +EVENT_SOURCE_UPDATE_TIME = 10s + + [markdown] -; Enable hard line break extension -ENABLE_HARD_LINE_BREAK = false -; List of custom URL-Schemes that are allowed as links when rendering Markdown -; for example git,magnet +; Render soft line breaks as hard line breaks, which means a single newline character between +; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not +; necessary to force a line break. +; Render soft line breaks as hard line breaks for comments +ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true +; Render soft line breaks as hard line breaks for markdown documents +ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS = false +; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown +; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes) +; URLs starting with http and https are always displayed, whatever is put in this entry. CUSTOM_URL_SCHEMES = ; List of file extensions that should be rendered/edited as Markdown ; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma @@ -125,6 +242,8 @@ FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd PROTOCOL = {{ gitea_protocol }} DOMAIN = {{ gitea_http_domain }} ROOT_URL = {{ gitea_root_url }} +; when STATIC_URL_PREFIX is empty it will follow ROOT_URL +STATIC_URL_PREFIX = ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. HTTP_ADDR = {{ gitea_http_listen }} HTTP_PORT = {{ gitea_http_port }} @@ -215,6 +334,21 @@ LFS_CONTENT_PATH = data/lfs LFS_JWT_SECRET = ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. LFS_HTTP_AUTH_EXPIRY = 20m +LFS_MAX_FILE_SIZE = 0 +; Maximum number of locks returned per page +LFS_LOCKS_PAGING_NUM = 50 +; Allow graceful restarts using SIGHUP to fork +ALLOW_GRACEFUL_RESTARTS = true +; After a restart the parent will finish ongoing requests before +; shutting down. Force shutdown if this process takes longer than this delay. +; set to a negative value to disable +GRACEFUL_HAMMER_TIME = 60s +; Allows the setting of a startup timeout and waithint for Windows as SVC service +; 0 disables this. +STARTUP_TIMEOUT = 0 +; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time, default is 6h +STATIC_CACHE_TIME = 6h + ; Define allowed algorithms and their minimum key length (use -1 to disable a type) [ssh.minimum_key_sizes] @@ -246,6 +380,12 @@ LOG_SQL = true DB_RETRIES = 10 ; Backoff time per DB retry (time.Duration) DB_RETRY_BACKOFF = 3s +; Max idle database connections on connnection pool, default is 2 +MAX_IDLE_CONNS = 2 +; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning) +CONN_MAX_LIFETIME = 3s +; Database maximum number of open connections, default is 0 meaning no maximum +MAX_OPEN_CONNS = 0 [indexer] ; Issue indexer type, currently support: bleve or db, default is bleve @@ -259,17 +399,62 @@ ISSUE_INDEXER_QUEUE_TYPE = levelqueue ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue ; Batch queue number, default is 20 ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20 +; Timeout the indexer if it takes longer than this to start. +; Set to zero to disable timeout. +STARTUP_TIMEOUT=30s ; repo indexer by default disabled, since it uses a lot of disk space REPO_INDEXER_ENABLED = false REPO_INDEXER_PATH = indexers/repos.bleve UPDATE_BUFFER_LEN = 20 MAX_FILE_SIZE = 1048576 +; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include +; in the index; default is empty +REPO_INDEXER_INCLUDE = +; A comma separated list of glob patterns to exclude from the index; ; default is empty +REPO_INDEXER_EXCLUDE = + + +[queue] +; Specific queues can be individually configured with [queue.name]. [queue] provides defaults +; +; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy +; default to persistable-channel +TYPE = persistable-channel +; data-dir for storing persistable queues and level queues, individual queues will be named by their type +DATADIR = queues/ +; Default queue length before a channel queue will block +LENGTH = 20 +; Batch size to send for batched queues +BATCH_LENGTH = 20 +; Connection string for redis queues this will store the redis connection string. +CONN_STR = "addrs=127.0.0.1:6379 db=0" +; Provide the suffix of the default redis queue name - specific queues can be overriden within in their [queue.name] sections. +QUEUE_NAME = "_queue" +; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue: +WRAP_IF_NECESSARY = true +; Attempt to create the wrapped queue at max +MAX_ATTEMPTS = 10 +; Timeout queue creation +TIMEOUT = 15m30s +; Create a pool with this many workers +WORKERS = 1 +; Dynamically scale the worker pool to at this many workers +MAX_WORKERS = 10 +; Add boost workers when the queue blocks for BLOCK_TIMEOUT +BLOCK_TIMEOUT = 1s +; Remove the boost workers after BOOST_TIMEOUT +BOOST_TIMEOUT = 5m +; During a boost add BOOST_WORKERS +BOOST_WORKERS = 5 + + [admin] ; Disallow regular (non-admin) users from creating organizations. DISABLE_REGULAR_ORG_CREATION = false + [security] ; Whether the installer is disabled INSTALL_LOCK = true @@ -289,6 +474,16 @@ MIN_PASSWORD_LENGTH = 6 IMPORT_LOCAL_PATHS = false ; Set to true to prevent all users (including admin) from creating custom git hooks DISABLE_GIT_HOOKS = false +; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED +ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true +;Comma separated list of character classes required to pass minimum complexity. +;If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used. +;Use "off" to disable checking. +PASSWORD_COMPLEXITY = lower,upper,digit,spec +; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt" +PASSWORD_HASH_ALGO = pbkdf2 +; Set false to allow JavaScript to read CSRF cookie +CSRF_COOKIE_HTTP_ONLY = true [openid] ; @@ -388,6 +583,9 @@ SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }} ; When adding a repo to a team or creating a new repo all team members will watch the ; repo automatically if enabled AUTO_WATCH_NEW_REPOS = true +; Default value for AutoWatchOnChanges +; Make the user watch a repository When they commit for the first time +AUTO_WATCH_ON_CHANGES = false [webhook] ; Hook task queue length, increase if webhook shooting starts hanging @@ -398,6 +596,10 @@ DELIVER_TIMEOUT = 5 SKIP_TLS_VERIFY = false ; Number of history information in each page PAGING_NUM = 10 +; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy +PROXY_URL = +; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts. +PROXY_HOSTS = [mailer] ENABLED = {{ gitea_mailer_enabled }} @@ -436,8 +638,12 @@ MAILER_TYPE = smtp SENDMAIL_PATH = sendmail ; Specify any extra sendmail arguments SENDMAIL_ARGS = +; Timeout for Sendmail +SENDMAIL_TIMEOUT = 5m [cache] + if the cache enabled +ENABLED = true ; Either "memory", "redis", or "memcache", default is "memory" ADAPTER = memory ; For "memory" only, GC interval in seconds, default is 60 @@ -471,11 +677,19 @@ GC_INTERVAL_TIME = 86400 SESSION_LIFE_TIME = 86400 [picture] -AVATAR_UPLOAD_PATH = data/avatars -; Max Width and Height of uploaded avatars. This is to limit the amount of RAM -; used when resizing the image. +AVATAR_UPLOAD_PATH = data/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars +; How Gitea deals with missing repository avatars +; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used +REPOSITORY_AVATAR_FALLBACK = none +REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png +; Max Width and Height of uploaded avatars. +; This is to limit the amount of RAM used when resizing the image. AVATAR_MAX_WIDTH = 4096 AVATAR_MAX_HEIGHT = 3072 +; Maximum alloved file size for uploaded avatars. +; This is to limit the amount of RAM used when resizing the image. +AVATAR_MAX_FILE_SIZE = 1048576 ; Chinese users can choose "duoshuo" ; or a custom avatar source, like: http://cn.gravatar.com/avatar/ GRAVATAR_SOURCE = gravatar @@ -503,25 +717,49 @@ MAX_FILES = 5 ; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano ; For more information about the format see http://golang.org/pkg/time/#pkg-constants FORMAT = +; Location the UI time display i.e. Asia/Shanghai +; Empty means server's location setting +DEFAULT_UI_LOCATION = [log] -ROOT_PATH = log +ROOT_PATH = /var/log/gitea/ ; Either "console", "file", "conn", "smtp" or "database", default is "console" ; Use comma to separate multiple modes, e.g. "console, file" -MODE = file +MODE = console, file ; Buffer length of the channel, keep it as it is if you don't know what it is. BUFFER_LEN = 10000 -; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" -LEVEL = Info REDIRECT_MACARON_LOG = false +MACARON = file +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info" +ROUTER_LOG_LEVEL = Info +ROUTER = console +ENABLE_ACCESS_LOG = false +ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}" +ACCESS = file +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" +LEVEL = Info +; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None" +STACKTRACE_LEVEL = None + +; Generic log modes +[log.x] +FLAGS = stdflags +EXPRESSION = +PREFIX = +COLORIZE = false ; For "console" mode only [log.console] -LEVEL = +LEVEL = Info +STDERR = false + ; For "file" mode only [log.file] LEVEL = +; Set the file_name for the logger. If this is a relative path this +; will be relative to ROOT_PATH +FILE_NAME = ; This enables automated log rotate(switch of following options), default is true LOG_ROTATE = true ; Max number of lines in a single file, default is 1000000 @@ -532,6 +770,11 @@ MAX_SIZE_SHIFT = 28 DAILY_ROTATE = true ; delete the log file after n days, default is 7 MAX_DAYS = 7 +; compress logs with gzip +COMPRESS = true +; compression level see godoc for compress/gzip +COMPRESSION_LEVEL = -1 + ; For "conn" mode only [log.conn] @@ -611,6 +854,11 @@ SCHEDULE = @every 24h ; or only create new users if UPDATE_EXISTING is set to false UPDATE_EXISTING = true +; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts. +[cron.update_migration_poster_id] +; Interval as a duration between each synchronization. (default every 24h) +SCHEDULE = @every 24h + [git] ; Disables highlight of added and removed changes DISABLE_DIFF_HIGHLIGHT = false @@ -623,6 +871,11 @@ MAX_GIT_DIFF_FILES = 100 ; Arguments for command 'git gc', e.g. "--aggressive --auto" ; see more on http://git-scm.com/docs/git-gc/ GC_ARGS = +; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1 +ENABLE_AUTO_GIT_WIRE_PROTOCOL = true +; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled) +PULL_REQUEST_PUSH_MESSAGE = true + ; Operation timeout in seconds [git.timeout] @@ -648,6 +901,8 @@ MAX_RESPONSE_ITEMS = 50 DEFAULT_PAGING_NUM = 30 ; Default and maximum number of items per page for git trees api DEFAULT_GIT_TREES_PER_PAGE = 1000 +; Default size of a blob returned by the blobs API (default is 10MiB) +DEFAULT_MAX_BLOB_SIZE = 10485760 [oauth2] ; Enables OAuth2 provider @@ -707,6 +962,14 @@ SHOW_FOOTER_VERSION = true ; Show template execution time in the footer SHOW_FOOTER_TEMPLATE_LOAD_TIME = true +[markup.sanitizer.1] +; The following keys can appear once to define a sanitation policy rule. +; This section can appear multiple times by adding a unique alphanumeric suffix to define multiple rules. +; e.g., [markup.sanitizer.1] -> [markup.sanitizer.2] -> [markup.sanitizer.TeX] +;ELEMENT = span +;ALLOW_ATTR = class +;REGEXP = ^(info|warning|error)$ + [markup.asciidoc] ENABLED = false ; List of file extensions that should be rendered by an external command @@ -720,4 +983,19 @@ IS_INPUT_FILE = false ; Enables metrics endpoint. True or false; default is false. ENABLED = false ; If you want to add authorization, specify a token here -TOKEN = \ No newline at end of file +TOKEN = + +[task] +; Task queue type, could be `channel` or `redis`. +QUEUE_TYPE = channel +; Task queue length, available only when `QUEUE_TYPE` is `channel`. +QUEUE_LENGTH = 1000 +; Task queue connection string, available only when `QUEUE_TYPE` is `redis`. +; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`. +QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0" + +[migrations] +; Max attempts per http/https request on migrations. +MAX_ATTEMPTS = 3 +; Backoff time per http/https request retry (seconds) +RETRY_BACKOFF = 3