M type/__evilham_forgejo/files/forgejo.conf => type/__evilham_forgejo/files/forgejo.conf +151 -23
@@ 20,7 20,7 @@
;; - The environment variable `$GITEA_WORK_DIR`
;; - A built-in value set at build time (see building from source)
;; - Otherwise it defaults to the directory of the _`AppPath`_
-;; - If any of the above are relative paths then they are made absolute against the
+;; - If any of the above are relative paths then they are made absolute against
;; the directory of the _`AppPath`_
;; - _`CustomPath`_: This is the base directory for custom templates and other options.
;; It is determined by using the first set thing in the following hierarchy:
@@ 186,8 186,8 @@ RUN_MODE = ; prod
;; default is the system temporary directory.
;SSH_KEY_TEST_PATH =
;;
-;; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
-;SSH_KEYGEN_PATH = ssh-keygen
+;; Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
+;SSH_KEYGEN_PATH =
;;
;; Enable SSH Authorized Key Backup when rewriting all keys, default is true
;SSH_AUTHORIZED_KEYS_BACKUP = true
@@ 278,7 278,7 @@ RUN_MODE = ; prod
;STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_
;;
;; Default path for App data
-;APP_DATA_PATH = /var/lib/forgejo/data ; relative paths will be made absolute with _`AppWorkPath`_
+;APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_
;;
;; Enable gzip compression for runtime-generated content, static resources excluded
;ENABLE_GZIP = false
@@ 365,7 365,7 @@ USER = root
;; SQLite Configuration
;;
;DB_TYPE = sqlite3
-;PATH= ; defaults to data/gitea.db
+;PATH= ; defaults to data/forgejo.db
;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
;;
@@ 476,8 476,8 @@ INTERNAL_TOKEN=
;;Classes include "lower,upper,digit,spec"
;PASSWORD_COMPLEXITY = off
;;
-;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
-;PASSWORD_HASH_ALGO = pbkdf2
+;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
+;PASSWORD_HASH_ALGO = pbkdf2_hi
;;
;; Set false to allow JavaScript to read CSRF cookie
;CSRF_COOKIE_HTTP_ONLY = true
@@ 576,6 576,22 @@ ROUTER = console
;; The routing level will default to that of the system but individual router level can be set in
;; [log.<mode>.router] LEVEL
;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Print request id which parsed from request headers in access log, when access log is enabled.
+;; * E.g:
+;; * In request Header: X-Request-ID: test-id-123
+;; * Configuration in app.ini: REQUEST_ID_HEADERS = X-Request-ID
+;; * Print in log: 127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "test-id-123"
+;;
+;; If you configure more than one in the .ini file, it will match in the order of configuration,
+;; and the first match will be finally printed in the log.
+;; * E.g:
+;; * In reuqest Header: X-Trace-ID: trace-id-1q2w3e4r
+;; * Configuration in app.ini: REQUEST_ID_HEADERS = X-Request-ID, X-Trace-ID, X-Req-ID
+;; * Print in log: 127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "trace-id-1q2w3e4r"
+;;
+;; REQUEST_ID_HEADERS =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
@@ 765,7 781,7 @@ ROUTER = console
;; Enable this to require captcha validation for login
;REQUIRE_CAPTCHA_FOR_LOGIN = false
;;
-;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha.
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha, cfturnstile.
;CAPTCHA_TYPE = image
;;
;; Change this to use recaptcha.net or other recaptcha service
@@ 787,6 803,10 @@ ROUTER = console
;MCAPTCHA_SECRET =
;MCAPTCHA_SITEKEY =
;;
+;; Go to https://dash.cloudflare.com/?to=/:account/turnstile to sign up for a key
+;CF_TURNSTILE_SITEKEY =
+;CF_TURNSTILE_SECRET =
+;;
;; Default value for KeepEmailPrivate
;; Each new user will get the value of this setting copied into their profile
;DEFAULT_KEEP_EMAIL_PRIVATE = false
@@ 927,14 947,18 @@ ROUTER = console
;USE_COMPAT_SSH_URI = false
;;
;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions.
;DISABLED_REPO_UNITS =
;;
-;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
+;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions.
;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
-;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
+;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages
+;;
+;; Comma separated list of default forked repo units.
+;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
+;DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls
;;
;; Prefix archive files by placing them in a directory named after the repository
;PREFIX_ARCHIVE_FILES = true
@@ 969,10 993,6 @@ ROUTER = console
;; List of file extensions for which lines should be wrapped in the Monaco editor
;; Separate extensions with a comma. To line wrap files without an extension, just put a comma
;LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
-;;
-;; Valid file modes that have a preview API associated with them, such as api/v1/markdown
-;; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
-;PREVIEWABLE_FILE_MODES = markdown
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 1341,13 1361,13 @@ ROUTER = console
;; Issue Indexer settings
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
-;; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve
+;; Issue indexer type, currently support: bleve, db, elasticsearch or meilisearch default is bleve
;ISSUE_INDEXER_TYPE = bleve
;;
;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-;ISSUE_INDEXER_PATH = indexer/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
+;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
;;
-;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
+;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch or meilisearch
;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
;;
;; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
@@ 1666,6 1686,47 @@ ROUTER = console
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[email.incoming]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Enable handling of incoming emails.
+;ENABLED = false
+;;
+;; The email address including the %{token} placeholder that will be replaced per user/action.
+;; Example: incoming+%{token}@example.com
+;; The placeholder must appear in the user part of the address (before the @).
+;REPLY_TO_ADDRESS =
+;;
+;; IMAP server host
+;HOST =
+;;
+;; IMAP server port
+;PORT =
+;;
+;; Username of the receiving account
+;USERNAME =
+;;
+;; Password of the receiving account
+;PASSWORD =
+;;
+;; Whether the IMAP server uses TLS.
+;USE_TLS = false
+;;
+;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
+;SKIP_TLS_VERIFY = true
+;;
+;; The mailbox name where incoming mail will end up.
+;MAILBOX = INBOX
+;;
+;; Whether handled messages should be deleted from the mailbox.
+;DELETE_HANDLED_MESSAGE = true
+;;
+;; Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
+;MAXIMUM_MESSAGE_SIZE = 10485760
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cache]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 1680,7 1741,7 @@ ROUTER = console
;INTERVAL = 60
;;
;; For "redis" and "memcache", connection host address
-;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
;; memcache: `127.0.0.1:11211`
;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
;HOST =
@@ 1719,7 1780,7 @@ ROUTER = console
;; Provider config options
;; memory: doesn't have any config yet
;; file: session file path, e.g. `data/sessions`
-;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
;;
@@ 1787,7 1848,7 @@ ROUTER = console
;ENABLED = true
;;
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
;;
;; Max size of each file. Defaults to 4MB
;MAX_SIZE = 4
@@ 1826,6 1887,12 @@ ROUTER = console
;;
;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
;MINIO_USE_SSL = false
+;;
+;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+;MINIO_INSECURE_SKIP_VERIFY = false
+;;
+;; Minio checksum algorithm: default (for MinIO or AWS S3) or md5 (for Cloudflare or Backblaze)
+;MINIO_CHECKSUM_ALGORITHM = default
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 2158,6 2225,7 @@ ROUTER = console
;ENABLE_SUCCESS_NOTICE = false
;SCHEDULE = @every 168h
;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
+;DOMAIN_ENDPOINT = release.forgejo.org
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 2174,6 2242,28 @@ ROUTER = console
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Garbage collect LFS pointers in repositories
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.gc_lfs]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;; Garbage collect LFS pointers in repositories (default false)
+;RUN_AT_START = false
+;; Interval as a duration between each gc run (default every 24h)
+;SCHEDULE = @every 24h
+;; Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
+;OLDER_THAN = 168h
+;; Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
+;LAST_UPDATED_MORE_THAN_AGO = 72h
+; Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
+;NUMBER_TO_CHECK_PER_REPO = 100
+;Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
+;PROPORTION_TO_CHECK_PER_REPO = 0.6
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Git Operation timeout in seconds
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[git.timeout]
@@ 2186,6 2276,17 @@ ROUTER = console
;PULL = 300
;GC = 60
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Git Reflog timeout in days
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[git.reflog]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = true
+;EXPIRATION = 90
+
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[mirror]
@@ 2317,8 2418,8 @@ ROUTER = console
;QUEUE_LENGTH = 1000
;;
;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
-;; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
-;QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
+;; If there is a password of redis, use `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`.
+;QUEUE_CONN_STR = "redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s"
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 2391,10 2492,16 @@ ROUTER = console
;LIMIT_TOTAL_OWNER_COUNT = -1
;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
;LIMIT_TOTAL_OWNER_SIZE = -1
+;; Maximum size of a Cargo upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_CARGO = -1
+;; Maximum size of a Chef upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_CHEF = -1
;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
;LIMIT_SIZE_COMPOSER = -1
;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
;LIMIT_SIZE_CONAN = -1
+;; Maximum size of a Conda upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_CONDA = -1
;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
;LIMIT_SIZE_CONTAINER = -1
;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
@@ 2413,6 2520,8 @@ ROUTER = console
;LIMIT_SIZE_PYPI = -1
;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
;LIMIT_SIZE_RUBYGEMS = -1
+;; Maximum size of a Swift upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
+;LIMIT_SIZE_SWIFT = -1
;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
;LIMIT_SIZE_VAGRANT = -1
@@ 2479,6 2588,9 @@ ROUTER = console
;;
;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
;MINIO_USE_SSL = false
+;;
+;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
+;MINIO_INSECURE_SKIP_VERIFY = false
;[proxy]
;; Enable the proxy, all requests to external via HTTP will be affected
@@ 2487,3 2599,19 @@ ROUTER = console
;PROXY_URL =
;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
;PROXY_HOSTS =
+
+; [actions]
+;; Enable/Disable actions capabilities
+;ENABLED = false
+;; Default address to get action plugins, e.g. the default value means downloading from "https://codeberg.org/actions/checkout" for "uses: actions/checkout@v3"
+;DEFAULT_ACTIONS_URL = https://codeberg.org
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; settings for action logs, will override storage setting
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[storage.actions_log]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; storage type
+;STORAGE_TYPE = local
M type/__evilham_forgejo/files/forgejo.conf.sh => type/__evilham_forgejo/files/forgejo.conf.sh +169 -33
@@ 7,10 7,13 @@ FORGEJO_CONFIG="$(cat <<EOF
;
; See: https://docs.gitea.io/en-us/config-cheat-sheet/
; and
-; https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
+; https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/custom/conf/app.example.ini
;
; This must match exactly how forgejo (go) would write it
;
+; We use full paths with \${FORGEJO_DIR} as base, because in certain cases
+; we cannot pass AppWorkPath to forgejo (e.g. when querying ssh keys).
+;
; BEGIN: Forgejo sample file
; This file lists the default values used by Gitea
;; Copy required sections to your own app.ini (default is custom/conf/app.ini)
@@ 201,8 204,8 @@ HTTP_ADDR = ${FORGEJO_DIR}/forgejo.sock ; 0.0.0.0
;; default is the system temporary directory.
;SSH_KEY_TEST_PATH =
;;
-;; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
-;SSH_KEYGEN_PATH = ssh-keygen
+;; Use \`ssh-keygen\` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
+;SSH_KEYGEN_PATH =
;;
;; Enable SSH Authorized Key Backup when rewriting all keys, default is true
;SSH_AUTHORIZED_KEYS_BACKUP = true
@@ 293,7 296,7 @@ HTTP_ADDR = ${FORGEJO_DIR}/forgejo.sock ; 0.0.0.0
;STATIC_ROOT_PATH = ; Will default to the built-in value _\`StaticRootPath\`_
;;
;; Default path for App data
-APP_DATA_PATH =/var/lib/forgejo/data ; relative paths will be made absolute with _\`AppWorkPath\`_
+APP_DATA_PATH = ${FORGEJO_DIR}/data ; relative paths will be made absolute with _\`AppWorkPath\`_
;;
;; Enable gzip compression for runtime-generated content, static resources excluded
;ENABLE_GZIP = false
@@ 304,7 307,7 @@ APP_DATA_PATH =/var/lib/forgejo/data ; relative paths will be made absolute with
;ENABLE_PPROF = false
;;
;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
-PPROF_DATA_PATH = /var/lib/forgejo/data/tmp/pprof ; Path is relative to _\`AppWorkPath\`_
+PPROF_DATA_PATH = ${FORGEJO_DIR}/data/tmp/pprof ; Path is relative to _\`AppWorkPath\`_
;;
;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
@@ 380,7 383,7 @@ USER = root
;; SQLite Configuration
;;
;DB_TYPE = sqlite3
-;PATH= ; defaults to data/gitea.db
+;PATH= ; defaults to data/forgejo.db
;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
;;
@@ 446,7 449,7 @@ SECRET_KEY_URI = file://${FORGEJO_SECRET_DIR}/secret_key
;;
;; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one
;;;; This file must to be generated by forgejo with the command generate secret INTERNAL_TOKEN
-INTERNAL_TOKEN = file://${FORGEJO_SECRET_DIR}/internal_token
+INTERNAL_TOKEN_URI = file://${FORGEJO_SECRET_DIR}/internal_token
;;
;; How long to remember that a user is logged in before requiring relogin (in days)
;LOGIN_REMEMBER_DAYS = 7
@@ 494,8 497,8 @@ MIN_PASSWORD_LENGTH = 12 ; 6
;;Classes include "lower,upper,digit,spec"
;PASSWORD_COMPLEXITY = off
;;
-;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
-;PASSWORD_HASH_ALGO = pbkdf2
+;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
+;PASSWORD_HASH_ALGO = pbkdf2_hi
;;
;; Set false to allow JavaScript to read CSRF cookie
;CSRF_COOKIE_HTTP_ONLY = true
@@ 595,6 598,22 @@ ROUTER = console
;; The routing level will default to that of the system but individual router level can be set in
;; [log.<mode>.router] LEVEL
;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Print request id which parsed from request headers in access log, when access log is enabled.
+;; * E.g:
+;; * In request Header: X-Request-ID: test-id-123
+;; * Configuration in app.ini: REQUEST_ID_HEADERS = X-Request-ID
+;; * Print in log: 127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "test-id-123"
+;;
+;; If you configure more than one in the .ini file, it will match in the order of configuration,
+;; and the first match will be finally printed in the log.
+;; * E.g:
+;; * In reuqest Header: X-Trace-ID: trace-id-1q2w3e4r
+;; * Configuration in app.ini: REQUEST_ID_HEADERS = X-Request-ID, X-Trace-ID, X-Req-ID
+;; * Print in log: 127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "trace-id-1q2w3e4r"
+;;
+;; REQUEST_ID_HEADERS =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
@@ 740,10 759,10 @@ ROUTER = console
;RESET_PASSWD_CODE_LIVE_MINUTES = 180
;;
;; Whether a new user needs to confirm their email when registering.
-;REGISTER_EMAIL_CONFIRM = false
+REGISTER_EMAIL_CONFIRM = ${REGISTER_EMAIL_CONFIRM:-false} ; false
;;
;; Whether a new user needs to be confirmed manually after registration. (Requires \`REGISTER_EMAIL_CONFIRM\` to be disabled.)
-;REGISTER_MANUAL_CONFIRM = false
+REGISTER_MANUAL_CONFIRM = ${REGISTER_MANUAL_CONFIRM:-false} ; false
;;
;; List of domain names that are allowed to be used to register on a Gitea instance
;; gitea.io,example.com
@@ 753,7 772,7 @@ ROUTER = console
;EMAIL_DOMAIN_BLOCKLIST =
;;
;; Disallow registration, only allow admins to create accounts.
-DISABLE_REGISTRATION = true ; false
+DISABLE_REGISTRATION = ${DISABLE_REGISTRATION:-true} ; false
;;
;; Allow registration only using gitea itself, it works only when DISABLE_REGISTRATION is false
;ALLOW_ONLY_INTERNAL_REGISTRATION = false
@@ 762,7 781,7 @@ DISABLE_REGISTRATION = true ; false
;ALLOW_ONLY_EXTERNAL_REGISTRATION = false
;;
;; User must sign in to view anything.
-REQUIRE_SIGNIN_VIEW = true ; false
+REQUIRE_SIGNIN_VIEW = ${FORGEJO_SIGNIN_VIEW:-false} ; false
;;
;; Mail notification
;ENABLE_NOTIFY_MAIL = false
@@ 784,7 803,7 @@ REQUIRE_SIGNIN_VIEW = true ; false
;; Enable this to require captcha validation for login
;REQUIRE_CAPTCHA_FOR_LOGIN = false
;;
-;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha.
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha, cfturnstile.
;CAPTCHA_TYPE = image
;;
;; Change this to use recaptcha.net or other recaptcha service
@@ 806,9 825,13 @@ REQUIRE_SIGNIN_VIEW = true ; false
;MCAPTCHA_SECRET =
;MCAPTCHA_SITEKEY =
;;
+;; Go to https://dash.cloudflare.com/?to=/:account/turnstile to sign up for a key
+;CF_TURNSTILE_SITEKEY =
+;CF_TURNSTILE_SECRET =
+;;
;; Default value for KeepEmailPrivate
;; Each new user will get the value of this setting copied into their profile
-DEFAULT_KEEP_EMAIL_PRIVATE = true ; false
+DEFAULT_KEEP_EMAIL_PRIVATE = ${FORGEJO_KEEP_EMAIL_PRIVATE:-true} ; false
;;
;; Default value for AllowCreateOrganization
;; Every new user will have rights set to create organizations depending on this setting
@@ 902,7 925,7 @@ VALID_SITE_URL_SCHEMES=http,https,gemini
;ROOT =
;;
;; The script type this server supports. Usually this is \`bash\`, but some users report that only \`sh\` is available.
-;SCRIPT_TYPE = bash
+SCRIPT_TYPE = sh
;;
;; DETECTED_CHARSETS_ORDER tie-break order for detected charsets.
;; If the charsets have equal confidence, tie-breaking will be done by order in this list
@@ 946,14 969,18 @@ VALID_SITE_URL_SCHEMES=http,https,gemini
;USE_COMPAT_SSH_URI = false
;;
;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions.
;DISABLED_REPO_UNITS =
;;
-;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
+;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions.
;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
-;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
+;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages
+;;
+;; Comma separated list of default forked repo units.
+;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
+;DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls
;;
;; Prefix archive files by placing them in a directory named after the repository
;PREFIX_ARCHIVE_FILES = true
@@ 988,10 1015,6 @@ DEFAULT_BRANCH = main
;; List of file extensions for which lines should be wrapped in the Monaco editor
;; Separate extensions with a comma. To line wrap files without an extension, just put a comma
;LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
-;;
-;; Valid file modes that have a preview API associated with them, such as api/v1/markdown
-;; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
-;PREVIEWABLE_FILE_MODES = markdown
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 1361,13 1384,13 @@ ALLOW_DOMAIN = ${FORGEJO_DOMAIN} ; *
;; Issue Indexer settings
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
-;; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve
+;; Issue indexer type, currently support: bleve, db, elasticsearch or meilisearch default is bleve
;ISSUE_INDEXER_TYPE = bleve
;;
;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-;ISSUE_INDEXER_PATH = /var/lib/forgejo/indexers/issues.bleve ; Relative paths will be made absolute against _\`AppWorkPath\`_.
+;ISSUE_INDEXER_PATH = ${FORGEJO_DIR}/indexers/issues.bleve ; Relative paths will be made absolute against _\`AppWorkPath\`_.
;;
-;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
+;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch or meilisearch
;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
;;
;; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
@@ 1686,6 1709,47 @@ ALLOW_DOMAIN = ${FORGEJO_DOMAIN} ; *
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[email.incoming]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Enable handling of incoming emails.
+;ENABLED = false
+;;
+;; The email address including the %{token} placeholder that will be replaced per user/action.
+;; Example: incoming+%{token}@example.com
+;; The placeholder must appear in the user part of the address (before the @).
+;REPLY_TO_ADDRESS =
+;;
+;; IMAP server host
+;HOST =
+;;
+;; IMAP server port
+;PORT =
+;;
+;; Username of the receiving account
+;USERNAME =
+;;
+;; Password of the receiving account
+;PASSWORD =
+;;
+;; Whether the IMAP server uses TLS.
+;USE_TLS = false
+;;
+;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
+;SKIP_TLS_VERIFY = true
+;;
+;; The mailbox name where incoming mail will end up.
+;MAILBOX = INBOX
+;;
+;; Whether handled messages should be deleted from the mailbox.
+;DELETE_HANDLED_MESSAGE = true
+;;
+;; Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
+;MAXIMUM_MESSAGE_SIZE = 10485760
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cache]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 1700,7 1764,7 @@ ALLOW_DOMAIN = ${FORGEJO_DOMAIN} ; *
;INTERVAL = 60
;;
;; For "redis" and "memcache", connection host address
-;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+;; redis: \`redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s\`
;; memcache: \`127.0.0.1:11211\`
;; twoqueue: \`{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}\` or \`50000\`
;HOST =
@@ 1739,9 1803,9 @@ PROVIDER = file ; memory
;; Provider config options
;; memory: doesn't have any config yet
;; file: session file path, e.g. \`data/sessions\`
-;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+;; redis: \`redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s\`
;; mysql: go-sql-driver/mysql dsn config string, e.g. \`root:password@/session_table\`
-;PROVIDER_CONFIG = /var/lib/forgejo/data/sessions ; Relative paths will be made absolute against _\`AppWorkPath\`_.
+;PROVIDER_CONFIG = ${FORGEJO_DIR}/data/sessions ; Relative paths will be made absolute against _\`AppWorkPath\`_.
;;
;; Session cookie name
;COOKIE_NAME = i_like_gitea
@@ 1807,7 1871,7 @@ ENABLE_FEDERATED_AVATAR = true ; false
;ENABLED = true
;;
;; Comma-separated list of allowed file extensions (\`.zip\`), mime types (\`text/plain\`) or wildcard type (\`image/*\`, \`audio/*\`, \`video/*\`). Empty value or \`*/*\` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
;;
;; Max size of each file. Defaults to 4MB
;MAX_SIZE = 4
@@ 1846,6 1910,12 @@ ENABLE_FEDERATED_AVATAR = true ; false
;;
;; Minio enabled ssl only available when STORAGE_TYPE is \`minio\`
;MINIO_USE_SSL = false
+;;
+;; Minio skip SSL verification available when STORAGE_TYPE is \`minio\`
+;MINIO_INSECURE_SKIP_VERIFY = false
+;;
+;; Minio checksum algorithm: default (for MinIO or AWS S3) or md5 (for Cloudflare or Backblaze)
+;MINIO_CHECKSUM_ALGORITHM = default
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 2160,7 2230,7 @@ NO_SUCCESS_NOTICE = true ; false
;[cron.delete_old_actions]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = false
+ENABLED = true ; false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @every 168h
@@ 2178,6 2248,7 @@ NO_SUCCESS_NOTICE = true ; false
;ENABLE_SUCCESS_NOTICE = false
;SCHEDULE = @every 168h
;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
+;DOMAIN_ENDPOINT = release.forgejo.org
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ 2186,7 2257,7 @@ NO_SUCCESS_NOTICE = true ; false
;[cron.delete_old_system_notices]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = false
+ENABLED = true ; false
;RUN_AT_START = false
;NO_SUCCESS_NOTICE = false
;SCHEDULE = @every 168h
@@ 2194,6 2265,28 @@ NO_SUCCESS_NOTICE = true ; false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Garbage collect LFS pointers in repositories
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.gc_lfs]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ENABLED = true ; false
+;; Garbage collect LFS pointers in repositories (default false)
+;RUN_AT_START = false
+;; Interval as a duration between each gc run (default every 24h)
+;SCHEDULE = @every 24h
+;; Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
+;OLDER_THAN = 168h
+;; Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
+;LAST_UPDATED_MORE_THAN_AGO = 72h
+; Minimum number of stale LFSMetaObjects to check per repo. Set to \`0\` to always check all.
+;NUMBER_TO_CHECK_PER_REPO = 100
+;Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
+;PROPORTION_TO_CHECK_PER_REPO = 0.6
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Git Operation timeout in seconds
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[git.timeout]
@@ 2206,6 2299,17 @@ NO_SUCCESS_NOTICE = true ; false
;PULL = 300
;GC = 60
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Git Reflog timeout in days
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[git.reflog]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = true
+;EXPIRATION = 90
+
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[mirror]
@@ 2260,7 2364,7 @@ NO_SUCCESS_NOTICE = true ; false
;[other]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-SHOW_FOOTER_BRANDING = false
+;SHOW_FOOTER_BRANDING = false
;; Show version information about Gitea and Go in the footer
SHOW_FOOTER_VERSION = false ; true
;; Show template execution time in the footer
@@ 2412,10 2516,16 @@ SHOW_FOOTER_TEMPLATE_LOAD_TIME = false ; true
;LIMIT_TOTAL_OWNER_COUNT = -1
;; Maximum size of packages a single owner can use (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
;LIMIT_TOTAL_OWNER_SIZE = -1
+;; Maximum size of a Cargo upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
+;LIMIT_SIZE_CARGO = -1
+;; Maximum size of a Chef upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
+;LIMIT_SIZE_CHEF = -1
;; Maximum size of a Composer upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
;LIMIT_SIZE_COMPOSER = -1
;; Maximum size of a Conan upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
;LIMIT_SIZE_CONAN = -1
+;; Maximum size of a Conda upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
+;LIMIT_SIZE_CONDA = -1
;; Maximum size of a Container upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
;LIMIT_SIZE_CONTAINER = -1
;; Maximum size of a Generic upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
@@ 2434,6 2544,8 @@ SHOW_FOOTER_TEMPLATE_LOAD_TIME = false ; true
;LIMIT_SIZE_PYPI = -1
;; Maximum size of a RubyGems upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
;LIMIT_SIZE_RUBYGEMS = -1
+;; Maximum size of a Swift upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
+;LIMIT_SIZE_SWIFT = -1
;; Maximum size of a Vagrant upload (\`-1\` means no limits, format \`1000\`, \`1 MB\`, \`1 GiB\`)
;LIMIT_SIZE_VAGRANT = -1
@@ 2500,6 2612,9 @@ SHOW_FOOTER_TEMPLATE_LOAD_TIME = false ; true
;;
;; Minio enabled ssl only available when STORAGE_TYPE is \`minio\`
;MINIO_USE_SSL = false
+;;
+;; Minio skip SSL verification available when STORAGE_TYPE is \`minio\`
+;MINIO_INSECURE_SKIP_VERIFY = false
;[proxy]
;; Enable the proxy, all requests to external via HTTP will be affected
@@ 2508,5 2623,26 @@ SHOW_FOOTER_TEMPLATE_LOAD_TIME = false ; true
;PROXY_URL =
;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
;PROXY_HOSTS =
+
+; [actions]
+;; Enable/Disable actions capabilities
+;ENABLED = false
+;; Default address to get action plugins, e.g. the default value means downloading from "https://codeberg.org/actions/checkout" for "uses: actions/checkout@v3"
+;DEFAULT_ACTIONS_URL = https://codeberg.org
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; settings for action logs, will override storage setting
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[storage.actions_log]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; storage type
+;STORAGE_TYPE = local
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Custom cdist-managed config
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+${FORGEJO_CUSTOM_CONFIG}
EOF
)"
M type/__evilham_forgejo/man.rst => type/__evilham_forgejo/man.rst +37 -9
@@ 28,6 28,10 @@ database-pass
OPTIONAL PARAMETERS
-------------------
+custom-config
+ Custom configuration that will be added at the end of the config file.
+ This can be used to add settings not (yet) supported by this type.
+
database-host
Host direction where the database is located used by Forgejo.
@@ 43,40 47,64 @@ database-type
Defaults to postgresql.
url
- URL where the type gets the Forgejo's binaries.
+ The URL where forgejo will be configured.
user
Name of the user that owns the forgejo configuration file and has access
to forgejo's functions.
It defaults to forgejo.
+BOOLEAN PARAMETERS
+------------------
+require-signin
+ By default this type requires users to sign in in order to view
+ repositories, if this flag is present, the repository's visibility settings
+ will apply.
+
+dont-hide-emails
+ By default this type hides a new user's emails, if this flag is set, the
+ default will be to show emails by default.
+ This setting can be overridden by users.
+
+register-email-confirm
+ When set, email confirmation will be required when registering.
+
+register-manual-confirm
+ When set, require manual confirmation by an admin for new users.
+ When this value is set, `--register-email-confirm` will be unset, as
+ required by forgejo's settings.
+
+enable-registration
+ By default this type disallows registration using the web, by setting this
+ flag, registration will be enabled.
+
EXAMPLES
--------
.. code-block:: sh
- # Setup nginx with valid TLS certificates to proxy pass to the UNIX socket
- # using a postgresql database.
CDIST_ORDER_DEPENDENCY=1
export CDIST_ORDER_DEPENDENCY
+ # Setup nginx with valid TLS certificates to proxy pass to the UNIX socket
__evilham_nginx_server
-
__letsencrypt_acmetiny_base
__evilham_nginx_site example.org --ipv6-only --acme-type acmetiny \
- --admin-email example@domain.com --type proxy \
- --target-url "http://unix:///var/lib/forgejo/forgejo.sock"
+ --admin-email example@domain.com --type proxy \
+ --target-url "http://unix:///var/lib/forgejo/forgejo.sock"
+ # using a postgresql database.
__package postgresql
-
__postgres_role forgejo-admin --password "pass" --login
-
__postgres_database forgejo-db --owner 'forgejo-admin'
+ # Actually setup forgejo, with open registration requiring approval
__evilham_forgejo --database-pass "pass" --database-user 'forgejo' \
- --database-name 'forgejo-db'
+ --database-name 'forgejo-db' \
+ --enable-registration \
+ --register-manual-confirm
SEE ALSO
M type/__evilham_forgejo/manifest => type/__evilham_forgejo/manifest +32 -5
@@ 10,9 10,11 @@ case "${os}" in
;;
esac
-FORGEJO_TYPE_VERSION="1.18.2-1"
-FORGEJO_CHECKSUM='sha256:f8c71464d1b250bf022eaa3df270c810950904ceb71da5cefc7ec24a034a4c87'
-FORGEJO_DOWNLOAD_URL="https://codeberg.org/attachments/a00333ad-250a-4d30-a764-9a37fb24f419"
+# TODO: Upgrade to 1.19.1
+FORGEJO_TYPE_VERSION="1.19.1-0"
+FORGEJO_CHECKSUM='sha256:997843461cc3a2893c26050a0cb33c289692b7c33cc9bdf91e716964ea13f78a'
+# URL to forgejo-${FORGEJO_TYPE_VERSION}-linux-amd64.xz
+FORGEJO_DOWNLOAD_URL="https://codeberg.org/attachments/378694aa-c111-4681-aa69-a70ef3906114"
USER="$(cat "${__object}/parameter/user")"
@@ 64,6 66,31 @@ fi
# Be forgiving about the format of the URL
FORGEJO_DOMAIN="$(echo "${FORGEJO_DOMAIN}" | sed -e 's!^https?://!!')"
+if [ -f "${__object}/parameter/require-signin" ]; then
+ FORGEJO_SIGNIN_VIEW="true"
+fi
+
+if [ ! -f "${__object}/parameter/dont-hide-emails" ]; then
+ FORGEJO_KEEP_EMAIL_PRIVATE="false"
+fi
+
+if [ -f "${__object}/parameter/register-email-confirm" ]; then
+ REGISTER_EMAIL_CONFIRM="true"
+fi
+
+if [ -f "${__object}/parameter/register-manual-confirm" ]; then
+ # This must be disabled when using MANUAL_CONFIRM
+ REGISTER_EMAIL_CONFIRM="false"
+ REGISTER_MANUAL_CONFIRM="true"
+fi
+
+if [ -f "${__object}/parameter/enable-registration" ]; then
+ DISABLE_REGISTRATION="false"
+fi
+
+
+FORGEJO_CUSTOM_CONFIG="$(cat "${__object}/parameter/custom-config")"
+
# Git is necessary because, duh
# bash because of SCRIPT_TYPE defaulting to bash
for pkg in git bash; do
@@ 74,7 101,7 @@ done
# Install and enable the forgejo service
# shellcheck source=type/__evilham_forgejo/files/forgejo.conf.sh
. "${__type}/files/forgejo.conf.sh" # This defines FORGEJO_COFIG
-echo "${FORGEJO_CONFIG}" | __evilham_single_binary_service forgejo \
+echo "${FORGEJO_CONFIG}" | __single_binary_service forgejo \
--user "${USER}" \
--service-args "web --config /etc/forgejo.conf --work-path '${FORGEJO_DIR}'" \
--version "${FORGEJO_TYPE_VERSION}" \
@@ 89,7 116,7 @@ echo "${FORGEJO_CONFIG}" | __evilham_single_binary_service forgejo \
--config-file-source '-'
# Persist keys outside of the config file
-export require="__evilham_single_binary_service/forgejo"
+export require="__single_binary_service/forgejo"
__directory "${FORGEJO_SECRET_DIR}" --owner "${USER}" --mode 0700
export require="${require} __directory${FORGEJO_SECRET_DIR}"
__file "${FORGEJO_SECRET_DIR}/secret_key" --owner "${USER}" --mode 0440 --source '-' <<EOF
A type/__evilham_forgejo/parameter/boolean => type/__evilham_forgejo/parameter/boolean +5 -0
@@ 0,0 1,5 @@
+require-signin
+dont-hide-emails
+register-email-confirm
+register-manual-confirm
+enable-registration
A type/__evilham_forgejo/parameter/default/custom-config => type/__evilham_forgejo/parameter/default/custom-config +0 -0
M type/__evilham_forgejo/parameter/optional => type/__evilham_forgejo/parameter/optional +1 -0
@@ 1,3 1,4 @@
+custom-config
database-host
database-name
database-type