From c676afdb26cd00eea6de23286c327106f3da7c75 Mon Sep 17 00:00:00 2001 From: Emmanuel Garette Date: Tue, 17 Jan 2023 21:43:32 +0100 Subject: [PATCH] update documentations --- seed/README.md | 47 +- seed/base-fedora-36/README.md | 8 - seed/base-fedora-37/README.md | 11 + seed/base-machine/templates/locale.conf | 5 + seed/dns-local/dictionaries/13-dns-local.xml | 2 +- seed/dovecot/README.md | 14 +- seed/dovecot/dictionaries/26_dovecot.xml | 2 +- seed/forgejo/README.md | 92 + seed/forgejo/applicationservice.yml | 2 +- seed/forgejo/dictionaries/31_forgejo.xml | 8 +- .../manual/image/postinstall/forgejo.sh | 6 +- seed/forgejo/templates/app.ini | 2692 ++++++++++++++++- seed/forgejo/tests/test_forgejo.py | 36 +- seed/gitea/README.md | 41 + .../dictionaries/21-machined.xml | 14 +- seed/ldap-client/README.md | 14 +- seed/ldap-client/templates/ldap.conf | 8 +- seed/lemonldap/README.md | 16 +- seed/lemonldap/applicationservice.yml | 2 +- .../dictionaries/70_lemonldap_ng.xml | 2 +- seed/mailman/README.md | 6 +- seed/mailman/dictionaries/31_mailman.xml | 2 +- seed/mariadb/dictionaries/20_mariadb.xml | 2 +- .../manual/image/postinstall/nextcloud.sh | 9 +- seed/nginx-common/dictionaries/21_nginx.xml | 19 +- .../nginx-common/templates/default-nginx.conf | 1 + .../nginx-common/templates/nginx-options.conf | 1 + seed/nginx-common/tests/test_nginx_commmon.py | 4 +- seed/nginx-reverse-proxy/README.md | 14 +- .../applicationservice.yml | 2 +- .../dictionaries/25_nginx.xml | 6 +- .../extras/nginx/00-nginx.xml | 2 +- .../templates/certificate.crt | 1 - .../templates/nginx-options-rp.conf | 1 + .../templates/reverse-proxy.yml | 1 + .../templates/revprox-nginx.conf | 1 + .../nginx-reverse-proxy/tests/test_revprox.py | 11 +- seed/nginx-static/README.md | 2 +- seed/nginx-static/applicationservice.yml | 2 +- .../dictionaries/22_nginx_static.xml | 1 + seed/nsd/README.md | 20 +- seed/nsd/applicationservice.yml | 2 +- seed/nsd/dictionaries/20_nsd.xml | 2 +- seed/nsd/templates/nsd.signed | 1 + seed/nsd/templates/risotto.conf | 1 + seed/oauth2-client/README.md | 10 +- seed/odoo/dictionaries/40_odoo.xml | 2 +- seed/openldap/README.md | 14 +- seed/openldap/applicationservice.yml | 2 +- .../dictionaries/21_openldap-server.xml | 11 +- seed/openldap/extras/accounts/00_account.xml | 2 +- seed/openldap/templates/DB_CONFIG | 1 + seed/openldap/templates/config.ldif | 1 + seed/openldap/templates/config_acl.ldif | 1 + seed/openldap/templates/openldap.yml | 5 + seed/openldap/templates/users.ldif | 37 +- seed/openldap/tests/test_openldap.py | 5 +- seed/peertube/README.md | 6 +- .../postfix-relay/dictionaries/30_postfix.xml | 2 +- seed/postgresql-client/README.md | 2 +- .../dictionaries/23_postgresql.xml | 4 +- seed/postgresql/README.md | 8 +- seed/postgresql/applicationservice.yml | 2 +- .../postgresql/dictionaries/22_postgresql.xml | 2 +- .../extras/accounts/00_accounts.xml | 6 +- seed/postgresql/templates/pg_hba.conf | 35 +- seed/postgresql/templates/pg_ident.conf | 35 +- seed/postgresql/templates/postgresql.conf | 73 +- seed/postgresql/templates/postgresql.sql | 11 +- seed/redis-client/README.md | 12 +- seed/redis-client/dictionaries/23_redis.xml | 2 +- seed/redis/README.md | 26 +- seed/redis/applicationservice.yml | 2 +- seed/redis/dictionaries/90_redis.xml | 4 +- seed/redis/extras/account/00_account.xml | 1 + seed/redis/templates/redis.conf | 553 +++- seed/redis/templates/redis.yml | 2 +- seed/relay-lmtp-client/README.md | 6 +- seed/relay-mail-client/README.md | 2 +- seed/reverse-proxy-client/README.md | 2 +- .../dictionaries/21_revprox_client.xml | 7 +- .../funcs/revprox_client.py | 6 +- seed/reverse-proxy-client/tests/revprox.py | 30 +- seed/roundcube/README.md | 8 +- seed/systemd/templates/network | 1 + .../templates/systemd-firstboot.service | 2 +- seed/unbound/README.md | 6 +- seed/unbound/applicationservice.yml | 2 +- seed/unbound/templates/risotto.conf | 1 + seed/unbound/templates/unbound.conf | 48 +- .../dictionaries/40_vaultwarden.xml | 2 +- seed/znc/templates/sysuser-znc.conf | 2 +- 92 files changed, 3636 insertions(+), 504 deletions(-) create mode 100644 seed/forgejo/README.md create mode 100644 seed/gitea/README.md diff --git a/seed/README.md b/seed/README.md index 5570465c..8f7c5d85 100644 --- a/seed/README.md +++ b/seed/README.md @@ -15,8 +15,9 @@ - [dns-local](dns-local/README.md): DNS client with access to local zones - [dotclear](dotclear/README.md): Dotclear an open-source web publishing software - [dovecot](dovecot/README.md): Postfix and Dovecot as mail servers (Submission and IMAP) +- [forgejo](forgejo/README.md): Forgejo, a community managed lightweight code hosting solution - [galette](galette/README.md): Galette, a membership management web application towards non profit organizations -- [gitea](gitea/README.md): Gitea, a community managed lightweight code hosting solution +- [gitea](gitea/README.md): Transitional package for Gitea to Forgejo - [host-systemd-machined](host-systemd-machined/README.md): Host with machine started in Systemd Machined environment - [imap-client](imap-client/README.md): Application service needs interact with an IMAP server - [ldap-client](ldap-client/README.md): Application service needs interact with a LDAP server @@ -62,3 +63,47 @@ - [unbound](unbound/README.md): Unbound, a validating, recursive, caching DNS resolver - [vaultwarden](vaultwarden/README.md): Vaultwarden, a password manager - [znc](znc/README.md): ZNC, a bouncer IRC + +# Providers and suppliers + +- ExternalDNS: + - Provider: [unbound](unbound/README.md) + - Suppliers: + - [dns-external](dns-external/README.md) + - [nsd](nsd/README.md) +- Host: + - Provider: [host-systemd-machined](host-systemd-machined/README.md) + - Supplier: [provider-systemd-machined](provider-systemd-machined/README.md) +- IMAP: + - Provider: [dovecot](dovecot/README.md) + - Supplier: [imap-client](imap-client/README.md) +- LDAP: + - Provider: [openldap](openldap/README.md) + - Supplier: [ldap-client](ldap-client/README.md) +- LMTP: + - Provider: [postfix-lmtp-relay](postfix-lmtp-relay/README.md) + - Supplier: [relay-lmtp-client](relay-lmtp-client/README.md) +- LocalDNS: + - Provider: [nsd](nsd/README.md) + - Supplier: [dns-local](dns-local/README.md) +- MariaDB: + - Provider: [mariadb](mariadb/README.md) + - Supplier: [mariadb-client](mariadb-client/README.md) +- OAuth2: + - Provider: [lemonldap](lemonldap/README.md) + - Supplier: [oauth2-client](oauth2-client/README.md) +- OAuth2Client: + - Provider: [oauth2-client](oauth2-client/README.md) + - Supplier: [lemonldap](lemonldap/README.md) +- Postgresql: + - Provider: [postgresql](postgresql/README.md) + - Supplier: [postgresql-client](postgresql-client/README.md) +- Redis: + - Provider: [redis](redis/README.md) + - Supplier: [redis-client](redis-client/README.md) +- ReverseProxy: + - Provider: [nginx-reverse-proxy](nginx-reverse-proxy/README.md) + - Supplier: [reverse-proxy-client](reverse-proxy-client/README.md) +- SMTP: + - Provider: [postfix-relay](postfix-relay/README.md) + - Supplier: [relay-mail-client](relay-mail-client/README.md) diff --git a/seed/base-fedora-36/README.md b/seed/base-fedora-36/README.md index 9db9e2e4..8e196fe1 100644 --- a/seed/base-fedora-36/README.md +++ b/seed/base-fedora-36/README.md @@ -24,22 +24,14 @@ Base information of a Fedora 36. ## Used by - [galette](../galette/README.md) -- [nginx-static](../nginx-static/README.md) -- [postgresql](../postgresql/README.md) - [peertube](../peertube/README.md) - [piwigo](../piwigo/README.md) - [dovecot](../dovecot/README.md) -- [unbound](../unbound/README.md) -- [redis](../redis/README.md) -- [nsd](../nsd/README.md) - [dotclear](../dotclear/README.md) - [speedtest-rs](../speedtest-rs/README.md) -- [nginx-reverse-proxy](../nginx-reverse-proxy/README.md) - [sensmotdire](../sensmotdire/README.md) - [roundcube](../roundcube/README.md) - [znc](../znc/README.md) - [vaultwarden](../vaultwarden/README.md) - [mariadb](../mariadb/README.md) - [nextcloud](../nextcloud/README.md) -- [openldap](../openldap/README.md) -- [gitea](../gitea/README.md) diff --git a/seed/base-fedora-37/README.md b/seed/base-fedora-37/README.md index 8d0923cb..a7de7f18 100644 --- a/seed/base-fedora-37/README.md +++ b/seed/base-fedora-37/README.md @@ -20,3 +20,14 @@ Base information of a Fedora 37. - [base-machine](../base-machine/README.md) - [base](../base/README.md) - [dns-local](../dns-local/README.md) + +## Used by + +- [nginx-static](../nginx-static/README.md) +- [postgresql](../postgresql/README.md) +- [unbound](../unbound/README.md) +- [redis](../redis/README.md) +- [forgejo](../forgejo/README.md) +- [nsd](../nsd/README.md) +- [nginx-reverse-proxy](../nginx-reverse-proxy/README.md) +- [openldap](../openldap/README.md) diff --git a/seed/base-machine/templates/locale.conf b/seed/base-machine/templates/locale.conf index 8ba0ee01..5a15549c 100644 --- a/seed/base-machine/templates/locale.conf +++ b/seed/base-machine/templates/locale.conf @@ -1 +1,6 @@ +# This is the fallback locale configuration provided by systemd. + +#>GNUNUX +#LANG="C.UTF-8" LANG=fr_FR.UTF-8 +# - /tests/dns-local.yml + /tests/dns-local.yml diff --git a/seed/dovecot/README.md b/seed/dovecot/README.md index bc0b274e..600922a0 100644 --- a/seed/dovecot/README.md +++ b/seed/dovecot/README.md @@ -61,18 +61,18 @@ This a family is a leadership. #### IMAP mail server (*general.dovecot*) -| Description | Type | Provider | -|----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|------------| -| **Adresse interne du serveur IMAP** (*[imap_internal_address](dictionaries/26_dovecot.xml)*) | [domainname](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | IMAP | +| Description | Type | Values | Provider | +|----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|--------------|------------| +| **Adresse interne du serveur IMAP** (*[imap_internal_address](dictionaries/26_dovecot.xml)*) | [domainname](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | IMAP | #### revprox (*general.revprox*) ##### revprox_client (*general.revprox.revprox_client*) -| Description | -|----------------------------------------------------------------------| -| *[revprox_client_external_domainnames](dictionaries/26_dovecot.xml)* | -| *[revprox_client_web_address](dictionaries/26_dovecot.xml)* | +| Description | Values | +|----------------------------------------------------------------------|--------------| +| *[revprox_client_external_domainnames](dictionaries/26_dovecot.xml)* | | +| *[revprox_client_web_address](dictionaries/26_dovecot.xml)* | | #### nginx (*general.nginx*) diff --git a/seed/dovecot/dictionaries/26_dovecot.xml b/seed/dovecot/dictionaries/26_dovecot.xml index db4d7673..7aff3628 100644 --- a/seed/dovecot/dictionaries/26_dovecot.xml +++ b/seed/dovecot/dictionaries/26_dovecot.xml @@ -47,7 +47,7 @@ /etc/pki/tls/private/dovecot.key external_imap_crt external_imap_key - /tests/imap.yml + /tests/imap.yml diff --git a/seed/forgejo/README.md b/seed/forgejo/README.md new file mode 100644 index 00000000..a7caa0d5 --- /dev/null +++ b/seed/forgejo/README.md @@ -0,0 +1,92 @@ +--- +gitea: none +include_toc: true +--- + +# forgejo + +[All applications services for this dataset.](../README.md) + +## Description + +Forgejo, a community managed lightweight code hosting solution. + +[For more informations](https://forgejo.org/) + +## Dependances + +- [base-fedora-37](../base-fedora-37/README.md) + - [base-fedora](../base-fedora/README.md) + - [systemd](../systemd/README.md) + - [base-machine](../base-machine/README.md) + - [base](../base/README.md) + - [dns-local](../dns-local/README.md) +- [postgresql-client](../postgresql-client/README.md) +- [reverse-proxy-client](../reverse-proxy-client/README.md) +- [relay-mail-client](../relay-mail-client/README.md) +- [redis-client](../redis-client/README.md) +- [oauth2-client](../oauth2-client/README.md) + +## Variables + +### Général (*general*) + +#### network (*general.network*) + +| Description | Values | +|-----------------------------------------------------|----------| +| *[**incoming_ports**](dictionaries/31_forgejo.xml)* | 2222 | + +#### Redis (*general.redis*) + +| Description | Values | +|-------------------------------------------------------------|----------| +| *[**redis_client_key_owner**](dictionaries/31_forgejo.xml)* | forgejo | + +#### Forgejo (*general.forgejo*) + +Git forge Forgejo + +| Description | Values | Type | +|---------------------------------------------------------------------------------------------------------------|----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------| +| **Titre de la forge** (*[forgejo_title](dictionaries/31_forgejo.xml)*) | Forgejo : Au-delà du développement. Nous forgeons. | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | +| **Les courriels sont envoyés à partir de cet adresse** (*[forgejo_mail_sender](dictionaries/31_forgejo.xml)*) | | [mail](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | + +#### revprox (*general.revprox*) + +| Description | Values | +|----------------------------------------------------------------|----------| +| *[**revprox_client_port**](dictionaries/31_forgejo.xml)* | 3000 | +| *[**revprox_client_cert_owner**](dictionaries/31_forgejo.xml)* | forgejo | +| *[**revprox_client_cert_group**](dictionaries/31_forgejo.xml)* | forgejo | + +##### revprox_client (*general.revprox.revprox_client*) + +| Description | Values | +|--------------------------------------------------------------------|----------| +| *[**revprox_client_local_location**](dictionaries/31_forgejo.xml)* | / | + +#### oauth2_client (*general.oauth2_client*) + +| Description | Values | +|-------------------------------------------------------------------------|------------------------| +| *[**oauth2_is_client_application**](dictionaries/31_forgejo.xml)* | True | +| *[**oauth2_client_name**](dictionaries/31_forgejo.xml)* | Forge | +| *[**oauth2_client_description**](dictionaries/31_forgejo.xml)* | Forge logiciel Forgejo | +| *[**oauth2_client_category**](dictionaries/31_forgejo.xml)* | Développement | +| *[**oauth2_client_logo**](dictionaries/31_forgejo.xml)* | silique_note.png | +| *[**oauth2_client_token_signature_algo**](dictionaries/31_forgejo.xml)* | RS256 | + +##### external (*general.oauth2_client.external*) + +| Description | Values | +|---------------------------------------------------------|--------------| +| *[oauth2_client_external](dictionaries/31_forgejo.xml)* | | + + +- [+]: variable is multiple +- **bold**: variable is mandatory + +## Used by + +- [gitea](../gitea/README.md) diff --git a/seed/forgejo/applicationservice.yml b/seed/forgejo/applicationservice.yml index c6a2d18f..94bafad1 100644 --- a/seed/forgejo/applicationservice.yml +++ b/seed/forgejo/applicationservice.yml @@ -2,7 +2,7 @@ format: '0.1' description: Forgejo, a community managed lightweight code hosting solution website: https://forgejo.org/ depends: - - base-fedora-36 + - base-fedora-37 - postgresql-client - reverse-proxy-client - relay-mail-client diff --git a/seed/forgejo/dictionaries/31_forgejo.xml b/seed/forgejo/dictionaries/31_forgejo.xml index d08ef429..cf0b061a 100644 --- a/seed/forgejo/dictionaries/31_forgejo.xml +++ b/seed/forgejo/dictionaries/31_forgejo.xml @@ -5,7 +5,7 @@ /sysusers.d/0forgejo.conf /tmpfiles.d/0forgejo.conf /etc/forgejo/app.ini - /tests/forgejo.yml + /tests/forgejo.yml @@ -19,9 +19,9 @@ forgejo - + - Gitea: Git avec une tasse de thé + Forgejo : Au-delà du développement. Nous forgeons. - Forge logiciel Gitea + Forge logiciel Forgejo Développement diff --git a/seed/forgejo/manual/image/postinstall/forgejo.sh b/seed/forgejo/manual/image/postinstall/forgejo.sh index a091a9ae..2b975f45 100644 --- a/seed/forgejo/manual/image/postinstall/forgejo.sh +++ b/seed/forgejo/manual/image/postinstall/forgejo.sh @@ -4,8 +4,8 @@ set -ex gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710 -JSON==$(wget -q 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?draft=false&pre-release=false&limit=1' --header 'accept: application/json' -O -) -VERS=$(echo JSON| jq -r '.[0].name') +JSON=$(wget -q 'https://codeberg.org/api/v1/repos/forgejo/forgejo/releases?draft=false&pre-release=false&limit=1' --header 'accept: application/json' -O -) +VERS=$(echo $JSON| jq -r '.[0].name') mkdir -p ~/forgejo/ @@ -15,7 +15,7 @@ if [ ! -f ~/"forgejo/forgejo-$VERS-linux-amd64.xz" ]; then fi if [ ! -f ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" ]; then rm -rf ~/"forgejo/forgejo-*-linux-amd64.xz.asc" - wget $(echo $JSON | jq -r '.[0].assets | map(select(.name | endswith("linux-amd64.xz"))) | .[0].browser_download_url') -O ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" + wget $(echo $JSON | jq -r '.[0].assets | map(select(.name | endswith("linux-amd64.xz.asc"))) | .[0].browser_download_url') -O ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" fi gpg --verify ~/"forgejo/forgejo-$VERS-linux-amd64.xz.asc" ~/"forgejo/forgejo-$VERS-linux-amd64.xz" diff --git a/seed/forgejo/templates/app.ini b/seed/forgejo/templates/app.ini index 66ea4917..06dfcfd4 100644 --- a/seed/forgejo/templates/app.ini +++ b/seed/forgejo/templates/app.ini @@ -1,9 +1,423 @@ -# GNUNUX https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/custom/conf/app.example.ini -APP_NAME = %%forgejo_title -RUN_USER = forgejo -RUN_MODE = prod +#RISOTTO: https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/custom/conf/app.example.ini +%compiler-settings +commentStartToken = ; +%end compiler-settings +; This file lists the default values used by Gitea +;; Copy required sections to your own app.ini (default is custom/conf/app.ini) +;; and modify as needed. +;; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes. +;; If you don't know what a setting is you should not set it. +;; +;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation. + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Default Configuration (non-`app.ini` configuration) +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; These values are environment-dependent but form the basis of a lot of values. They will be +;; reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up. +;; +;; - _`AppPath`_: This is the absolute path of the running gitea binary. +;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy: +;; - The `--work-path` flag passed to the binary +;; - The environment variable `$GITEA_WORK_DIR` +;; - A built-in value set at build time (see building from source) +;; - Otherwise it defaults to the directory of the _`AppPath`_ +;; - If any of the above are relative paths then they are made absolute against the +;; the directory of the _`AppPath`_ +;; - _`CustomPath`_: This is the base directory for custom templates and other options. +;; It is determined by using the first set thing in the following hierarchy: +;; - The `--custom-path` flag passed to the binary +;; - The environment variable `$GITEA_CUSTOM` +;; - A built-in value set at build time (see building from source) +;; - Otherwise it defaults to _`AppWorkPath`_`/custom` +;; - If any of the above are relative paths then they are made absolute against the +;; the directory of the _`AppWorkPath`_ +;; - _`CustomConf`_: This is the path to the `app.ini` file. +;; - The `--config` flag passed to the binary +;; - A built-in value set at build time (see building from source) +;; - Otherwise it defaults to _`CustomPath`_`/conf/app.ini` +;; - If any of the above are relative paths then they are made absolute against the +;; the directory of the _`CustomPath`_ +;; +;; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_ + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; General Settings +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; App name that shows in every page title +;>GNUNUX +;APP_NAME = ; Gitea: Git with a cup of tea +APP_NAME = %%forgejo_title +;GNUNUX +;RUN_MODE = ; prod +RUN_MODE = prod +;GNUNUX +PROTOCOL = https +;GNUNUX +DOMAIN = %%revprox_client_external_domainnames[0] +;GNUNUX +ROOT_URL = https://%%revprox_client_external_domainnames[0]%%revprox_client_external_domainnames[0]revprox_client_location +;GNUNUX +HTTP_PORT = 3000 +;GNUNUX +LOCAL_ROOT_URL = https://%%domain_name_eth0:3000/ +;GNUNUX +DISABLE_SSH = false +;GNUNUX +START_SSH_SERVER = true +;GNUNUX +;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s +BUILTIN_SSH_SERVER_USER = "git" +;GNUNUX +SSH_DOMAIN = %%revprox_client_external_domainnames[0] +;GNUNUX +SSH_PORT = 2222 +;GNUNUX +SSH_LISTEN_PORT = 2222 +; ". or "ssh- , ssh- ". +;; For more information see "TrustedUserCAKeys" in the sshd config manpages. +;SSH_TRUSTED_USER_CA_KEYS = +;; Absolute path of the `TrustedUserCaKeys` file gitea will manage. +;; Default this `RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem +;; If you're running your own ssh server and you want to use the gitea managed file you'll also need to modify your +;; sshd_config to point to this file. The official docker image will automatically work without further configuration. +;SSH_TRUSTED_USER_CA_KEYS_FILENAME = +;; +;; Enable exposure of SSH clone URL to anonymous visitors, default is false +;SSH_EXPOSE_ANONYMOUS = false +;; +;; Timeout for any write to ssh connections. (Set to -1 to disable all timeouts.) +;; Will default to the PER_WRITE_TIMEOUT. +;SSH_PER_WRITE_TIMEOUT = 30s +;; +;; Timeout per Kb written to ssh connections. +;; Will default to the PER_WRITE_PER_KB_TIMEOUT. +;SSH_PER_WRITE_PER_KB_TIMEOUT = 30s +;; +;; Indicate whether to check minimum key size with corresponding type +;MINIMUM_KEY_SIZE_CHECK = false +;; +;; Disable CDN even in "prod" mode +;OFFLINE_MODE = false +;>GNUNUX +OFFLINE_MODE = true +;GNUNUX +CERT_FILE = %%revprox_client_cert_file +KEY_FILE = %%revprox_client_key_file +;_ +;ENABLE_PPROF = false +;; +;; PPROF_DATA_PATH, use an absolute path when you start gitea as service +;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_ +;; +;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com" +;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in. +;LANDING_PAGE = home +;; +;; Enables git-lfs support. true or false, default is false. +;LFS_START_SERVER = false +;>GNUNUX +LFS_START_SERVER = true +;GNUNUX +;LFS_JWT_SECRET = +LFS_JWT_SECRET = %%forgejo_lfs_jwt_secret +;GNUNUX +;DB_TYPE = mysql +;HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock +;NAME = gitea +;USER = root +; 5.6. Gitea is unable to check this. +;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Postgres Configuration +;; +;DB_TYPE = postgres +;HOST = 127.0.0.1:5432 ; can use socket e.g. /var/run/postgresql/ +;NAME = gitea +;USER = root +;PASSWD = +;SCHEMA = +;SSL_MODE=disable ;either "disable" (default), "require", or "verify-full" +;>GNUNUX DB_TYPE = postgres HOST = %%pg_client_server_domainname:5432 NAME = %%pg_client_database @@ -12,77 +426,1427 @@ PASSWD = %%pg_client_password SCHEMA = SSL_MODE = verify-full CHARSET = utf8 -LOG_SQL = false +;GNUNUX +;INSTALL_LOCK = false +INSTALL_LOCK = true +;GNUNUX +;SECRET_KEY = +SECRET_KEY = %%forgejo_secret_key +;GNUNUX +;INTERNAL_TOKEN= +INTERNAL_TOKEN = %%forgejo_internal_token +;GNUNUX +PASSWORD_HASH_ALGO = pbkdf2 +;GNUNUX +ROOT_PATH = /srv/forgejo/lib/log +;.router] LEVEL +;; + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Access Logger (Creates log in NCSA common log format) +;; +;ENABLE_ACCESS_LOG = false +;; +;; Set the log "modes" for the access log (if file is set the log file will default to access.log) +;ACCESS = file +;; +;; Sets the template used to create the access log. +;ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}" +;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; SSH log (Creates log from ssh git request) +;; +;ENABLE_SSH_LOG = false +;; +;; Other Settings +;; +;; Print Stacktraces with logs. (Rarely helpful.) Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None" +;STACKTRACE_LEVEL = None +;; +;; Buffer length of the channel, keep it as it is if you don't know what it is. +;BUFFER_LEN = 10000 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Creating specific log configuration +;; +;; You can set specific configuration for individual modes and subloggers +;; +;; Configuration available to all log modes/subloggers +;LEVEL= +;FLAGS = stdflags +;EXPRESSION = +;PREFIX = +;COLORIZE = false +;; +;; For "console" mode only +;STDERR = false +;; +;; For "file" mode only +;LEVEL = +;; Set the file_name for the logger. If this is a relative path this +;; will be relative to ROOT_PATH +;FILE_NAME = +;; This enables automated log rotate(switch of following options), default is true +;LOG_ROTATE = true +;; Max size shift of a single file, default is 28 means 1 << 28, 256MB +;MAX_SIZE_SHIFT = 28 +;; Segment log daily, default is true +;DAILY_ROTATE = true +;; delete the log file after n days, default is 7 +;MAX_DAYS = 7 +;; compress logs with gzip +;COMPRESS = true +;; compression level see godoc for compress/gzip +;COMPRESSION_LEVEL = -1 +; +;; For "conn" mode only +;LEVEL = +;; Reconnect host for every single message, default is false +;RECONNECT_ON_MSG = false +;; Try to reconnect when connection is lost, default is false +;RECONNECT = false +;; Either "tcp", "unix" or "udp", default is "tcp" +;PROTOCOL = tcp +;; Host address +;ADDR = +; +;; For "smtp" mode only +;LEVEL = +;; Name displayed in mail title, default is "Diagnostic message from server" +;SUBJECT = Diagnostic message from server +;; Mail server +;HOST = +;; Mailer user name and password +;USER = +;; Use PASSWD = `your password` for quoting if you use special characters in the password. +;PASSWD = +;; Receivers, can be one or more, e.g. 1@example.com,2@example.com +;RECEIVERS = + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;GNUNUX [git] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; The path of git executable. If empty, Gitea searches through the PATH environment. +;PATH = +;; +;; The HOME directory for Git +;HOME_PATH = %(APP_DATA_PATH)s/home +;; +;; Disables highlight of added and removed changes +;DISABLE_DIFF_HIGHLIGHT = false +;; +;; Max number of lines allowed in a single file in diff view +;MAX_GIT_DIFF_LINES = 1000 +;; +;; Max number of allowed characters in a line in diff view +;MAX_GIT_DIFF_LINE_CHARACTERS = 5000 +;; +;; Max number of files shown in diff view +;MAX_GIT_DIFF_FILES = 100 +;; +;; Set the default commits range size +;COMMITS_RANGE_SIZE = 50 +;; +;; Set the default branches range size +;BRANCHES_RANGE_SIZE = 20 +;; +;; Arguments for command 'git gc', e.g. "--aggressive --auto" +;; see more on http://git-scm.com/docs/git-gc/ +;GC_ARGS = +;; +;; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1 +;; To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file. +;ENABLE_AUTO_GIT_WIRE_PROTOCOL = true +;; +;; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled) +;PULL_REQUEST_PUSH_MESSAGE = true +;; +;; (Go-Git only) Don't cache objects greater than this in memory. (Set to 0 to disable.) +;LARGE_OBJECT_THRESHOLD = 1048576 +;; Set to true to forcibly set core.protectNTFS=false +;DISABLE_CORE_PROTECT_NTFS=false +;; Disable the usage of using partial clones for git. +;DISABLE_PARTIAL_CLONE = false + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; [service] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Time limit to confirm account/email registration +;ACTIVE_CODE_LIVE_MINUTES = 180 +;; +;; Time limit to perform the reset of a forgotten password +;RESET_PASSWD_CODE_LIVE_MINUTES = 180 +;; +;; Whether a new user needs to confirm their email when registering. +;REGISTER_EMAIL_CONFIRM = false +;>GNUNUX REGISTER_EMAIL_CONFIRM = false -ENABLE_NOTIFY_MAIL = false +;GNUNUX DISABLE_REGISTRATION = true +;GNUNUX ALLOW_ONLY_EXTERNAL_REGISTRATION = false -ENABLE_CAPTCHA = false +;GNUNUX REQUIRE_SIGNIN_VIEW = false +;GNUNUX DEFAULT_KEEP_EMAIL_PRIVATE = false +;GNUNUX +ENABLE_NOTIFY_MAIL = false +;GNUNUX +ENABLE_CAPTCHA = false +;GNUNUX DEFAULT_ALLOW_CREATE_ORGANIZATION = true +;GNUNUX DEFAULT_ENABLE_TIMETRACKING = true +; notation below +;NO_REPLY_ADDRESS = ; noreply. +;>GNUNUX NO_REPLY_ADDRESS = noreply.localhost +;GNUNUX +[repository] +;GNUNUX +ROOT = /srv/forgejo/lib/data/forgejo-repositories +;GNUNUX +DEFAULT_BRANCH = main +;= 5.0 +;; An invalid color like "none" or "disable" will have the default style +;; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android +;THEME_COLOR_META_TAG = `#6cc644` +;; +;; Max size of files to be displayed (default is 8MiB) +;MAX_DISPLAY_FILE_SIZE = 8388608 +;; +;; Whether the email of the user should be shown in the Explore Users page +;SHOW_USER_EMAIL = true +;; +;; Set the default theme for the Gitea install +;DEFAULT_THEME = auto +;; +;; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`. +;THEMES = auto,gitea,arc-green +;; +;; All available reactions users can choose on issues/prs and comments. +;; Values can be emoji alias (:smile:) or a unicode emoji. +;; For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png +;REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes +;; +;; Additional Emojis not defined in the utf8 standard +;; By default we support gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and add it to this config. +;; Dont mistake it for Reactions. +;CUSTOM_EMOJIS = gitea, codeberg, gitlab, git, github, gogs +;; +;; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used. +;DEFAULT_SHOW_FULL_NAME = false +;; +;; Whether to search within description at repository search on explore page. +;SEARCH_REPO_DESCRIPTION = true +;; +;; Whether to enable a Service Worker to cache frontend assets +;USE_SERVICE_WORKER = false +;; +;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used. +;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic). +;ONLY_SHOW_RELEVANT_REPOS = false + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[ui.admin] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Number of users that are displayed on one page +;USER_PAGING_NUM = 50 +;; +;; Number of repos that are displayed on one page +;REPO_PAGING_NUM = 50 +;; +;; Number of notices that are displayed on one page +;NOTICE_PAGING_NUM = 25 +;; +;; Number of organizations that are displayed on one page +;ORG_PAGING_NUM = 50 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[ui.user] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Number of repos that are displayed on one page +;REPO_PAGING_NUM = 15 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[ui.meta] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;AUTHOR = Gitea - Git with a cup of tea +;DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go +;KEYWORDS = go,git,self-hosted,gitea + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[ui.notification] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Control how often the notification endpoint is polled to update the notification +;; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged +;; Set MIN_TIMEOUT to -1 to turn off +;MIN_TIMEOUT = 10s +;MAX_TIMEOUT = 60s +;TIMEOUT_STEP = 10s +;; +;; This setting determines how often the db is queried to get the latest notification counts. +;; If the browser client supports EventSource and SharedWorker, a SharedWorker will be used in preference to polling notification. Set to -1 to disable the EventSource +;EVENT_SOURCE_UPDATE_TIME = 10s + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[ui.svg] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Whether to render SVG files as images. If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images. +;ENABLE_RENDER = true + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[ui.csv] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit). +;MAX_FILE_SIZE = 524288 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[markdown] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Render soft line breaks as hard line breaks, which means a single newline character between +;; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not +;; necessary to force a line break. +;; Render soft line breaks as hard line breaks for comments +;ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true +;; +;; Render soft line breaks as hard line breaks for markdown documents +;ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS = false +;; +;; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown +;; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes) +;; URLs starting with http and https are always displayed, whatever is put in this entry. +;CUSTOM_URL_SCHEMES = +;; +;; List of file extensions that should be rendered/edited as Markdown +;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma +;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd +;; +;; Enables math inline and block detection +;ENABLE_MATH = true + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[ssh.minimum_key_sizes] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Define allowed algorithms and their minimum key length (use -1 to disable a type) +;ED25519 = 256 +;ECDSA = 256 +;RSA = 2047 ; we allow 2047 here because an otherwise valid 2048 bit RSA key can be reported as having 2047 bit length +;DSA = -1 ; set to 1024 to switch on + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[indexer] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Issue Indexer settings +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve +;ISSUE_INDEXER_TYPE = bleve +;; +;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve +;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_. +;; +;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch +;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200 +;; +;; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch +;ISSUE_INDEXER_NAME = gitea_issues +;; +;; Timeout the indexer if it takes longer than this to start. +;; Set to -1 to disable timeout. +;STARTUP_TIMEOUT = 30s +;; +;; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue (deprecated - use [queue.issue_indexer]) +;ISSUE_INDEXER_QUEUE_TYPE = levelqueue; **DEPRECATED** use settings in `[queue.issue_indexer]`. +;; +;; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved. +;; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`. +;; default is queues/common +;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`. +;; +;; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string. +;; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of +;; the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`. +;ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"; **DEPRECATED** use settings in `[queue.issue_indexer]`. +;; +;; Batch queue number, default is 20 +;ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20; **DEPRECATED** use settings in `[queue.issue_indexer]`. + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Repository Indexer settings +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; repo indexer by default disabled, since it uses a lot of disk space +;REPO_INDEXER_ENABLED = false +;; +;; Code search engine type, could be `bleve` or `elasticsearch`. +;REPO_INDEXER_TYPE = bleve +;; +;; Index file used for code search. available when `REPO_INDEXER_TYPE` is bleve +;REPO_INDEXER_PATH = indexers/repos.bleve +;; +;; Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200 +;REPO_INDEXER_CONN_STR = +;; +;; Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch +;REPO_INDEXER_NAME = gitea_codes +;; +;; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include +;; in the index; default is empty +;REPO_INDEXER_INCLUDE = +;; +;; A comma separated list of glob patterns to exclude from the index; ; default is empty +;REPO_INDEXER_EXCLUDE = +;; +;; +;UPDATE_BUFFER_LEN = 20; **DEPRECATED** use settings in `[queue.issue_indexer]`. +;MAX_FILE_SIZE = 1048576 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[queue] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Specific queues can be individually configured with [queue.name]. [queue] provides defaults +;; ([queue.issue_indexer] is special due to the old configuration described above) +;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy +;; default to persistable-channel +;TYPE = persistable-channel +;; +;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared. +;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`. +;; +;; Default queue length before a channel queue will block +;LENGTH = 20 +;; +;; Batch size to send for batched queues +;BATCH_LENGTH = 20 +;; +;; Connection string for redis queues this will store the redis connection string. +;; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb +;; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`. +;CONN_STR = "addrs=127.0.0.1:6379 db=0" +;; +;; Provides the suffix of the default redis/disk queue name - specific queues can be overridden within in their [queue.name] sections. +;QUEUE_NAME = "_queue" +;; +;; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overridden within in their [queue.name] sections. +;SET_NAME = "_unique" +;; +;; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue: +;WRAP_IF_NECESSARY = true +;; +;; Attempt to create the wrapped queue at max +;MAX_ATTEMPTS = 10 +;; +;; Timeout queue creation +;TIMEOUT = 15m30s +;; +;; Create a pool with this many workers +;WORKERS = 0 +;; +;; Dynamically scale the worker pool to at this many workers +;MAX_WORKERS = 10 +;; +;; Add boost workers when the queue blocks for BLOCK_TIMEOUT +;BLOCK_TIMEOUT = 1s +;; +;; Remove the boost workers after BOOST_TIMEOUT +;BOOST_TIMEOUT = 5m +;; +;; During a boost add BOOST_WORKERS +;BOOST_WORKERS = 1 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[admin] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Disallow regular (non-admin) users from creating organizations. +;DISABLE_REGULAR_ORG_CREATION = false +;; +;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled +;DEFAULT_EMAIL_NOTIFICATIONS = enabled + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[openid] +;>GNUNUX [openid] +;.livejournal.com +;; +;; Whether to allow signin in via OpenID +;ENABLE_OPENID_SIGNIN = true +;>GNUNUX ENABLE_OPENID_SIGNIN = true +;GNUNUX ENABLE_OPENID_SIGNUP = true +;GNUNUX [oauth2_client] +;GNUNUX ENABLE_AUTO_REGISTRATION = true +;GNUNUX +[mailer] +;GNUNUX +ENABLED = true +;GNUNUX +PROTOCOL = smtp+starttls +;GNUNUX +SMTP_ADDR = %%smtp_relay_address +;GNUNUX +SMTP_PORT = 25 +;` format +;FROM = +;>GNUNUX +FROM = %%forgejo_mail_sender +;` to send an empty address. +;ENVELOPE_FROM = +;; +;; Mailer user name and password, if required by provider. +;USER = +;>GNUNUX +USER = %%smtp_relay_user@%%ip_eth0 +;GNUNUX +PASSWD = %%smtp_relay_password +;GNUNUX [cache] +;GNUNUX +ENABLED = true +;GNUNUX ADAPTER = redis +;GNUNUX HOST = network=tcp,addr=%%redis_client_server_domainname:6379,username=%%redis_client_username,password=%%redis_client_password,db=0,pool_size=100,idle_timeout=180 +;GNUNUX +[session] +;GNUNUX +PROVIDER = redis +;GNUNUX +PROVIDER_CONFIG = network=tcp,addr=%%redis_client_server_domainname:6379,password=%%redis_client_password,db=0,pool_size=100,idle_timeout=180 +;GNUNUX +[picture] +;GNUNUX +DISABLE_GRAVATAR = true +;GNUNUX +ENABLE_FEDERATED_AVATAR = false +; GC_ARGS +;ARGS = + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Update the '.ssh/authorized_keys' file with Gitea SSH keys +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[cron.resync_all_sshkeys] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;ENABLED = false +;RUN_AT_START = false +;NOTICE_ON_SUCCESS = false +;SCHEDULE = @every 72h + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Resynchronize pre-receive, update and post-receive hooks of all repositories. +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[cron.resync_all_hooks] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;ENABLED = false +;RUN_AT_START = false +;NOTICE_ON_SUCCESS = false +;SCHEDULE = @every 72h + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Reinitialize all missing Git repositories for which records exist +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[cron.reinit_missing_repos] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;ENABLED = false +;RUN_AT_START = false +;NOTICE_ON_SUCCESS = false +;SCHEDULE = @every 72h + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Delete all repositories missing their Git files +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[cron.delete_missing_repos] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;ENABLED = false +;RUN_AT_START = false +;NOTICE_ON_SUCCESS = false +;SCHEDULE = @every 72h + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Delete generated repository avatars +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[cron.delete_generated_repository_avatars] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;ENABLED = false +;RUN_AT_START = false +;NOTICE_ON_SUCCESS = false +;SCHEDULE = @every 72h + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Delete all old actions from database +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[cron.delete_old_actions] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;ENABLED = false +;RUN_AT_START = false +;NOTICE_ON_SUCCESS = false +;SCHEDULE = @every 168h +;OLDER_THAN = 8760h + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Check for new Gitea versions +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[cron.update_checker] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;ENABLED = true +;RUN_AT_START = false +;ENABLE_SUCCESS_NOTICE = false +;SCHEDULE = @every 168h +;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Delete all old system notices from database +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[cron.delete_old_system_notices] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;ENABLED = false +;RUN_AT_START = false +;NO_SUCCESS_NOTICE = false +;SCHEDULE = @every 168h +;OLDER_THAN = 8760h + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Git Operation timeout in seconds +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[git.timeout] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;DEFAULT = 360 +;MIGRATE = 600 +;MIRROR = 300 +;CLONE = 300 +;PULL = 300 +;GC = 60 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[mirror] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo. +;ENABLED = true +;; Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`. +;DISABLE_NEW_PULL = false +;; Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`. +;DISABLE_NEW_PUSH = false +;; Default interval as a duration between each check +;DEFAULT_INTERVAL = 8h +;; Min interval as a duration must be > 1m +;MIN_INTERVAL = 10m + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[api] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enables the API documentation endpoints (/api/swagger, /api/v1/swagger, …). True or false. +;ENABLE_SWAGGER = true +;; Max number of items in a page +;MAX_RESPONSE_ITEMS = 50 +;; Default paging number of api +;DEFAULT_PAGING_NUM = 30 +;; Default and maximum number of items per page for git trees api +;DEFAULT_GIT_TREES_PER_PAGE = 1000 +;; Default max size of a blob returned by the blobs API (default is 10MiB) +;DEFAULT_MAX_BLOB_SIZE = 10485760 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[i18n] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; The first locale will be used as the default if user browser's language doesn't match any locale in the list. +;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN +;NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[highlight.mapping] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Extension mapping to highlight class +;; e.g. .toml=ini + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[other] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;SHOW_FOOTER_BRANDING = false +;; Show version information about Gitea and Go in the footer +;SHOW_FOOTER_VERSION = true +;; Show template execution time in the footer +;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true +;; Generate sitemap. Defaults to `true`. +;ENABLE_SITEMAP = true +;; Enable/Disable RSS/Atom feed +;ENABLE_FEED = true + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[markup] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits) +;MERMAID_MAX_SOURCE_CHARACTERS = 5000 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[markup.sanitizer.1] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; The following keys can appear once to define a sanitation policy rule. +;; This section can appear multiple times by adding a unique alphanumeric suffix to define multiple rules. +;; e.g., [markup.sanitizer.1] -> [markup.sanitizer.2] -> [markup.sanitizer.TeX] +;ELEMENT = span +;ALLOW_ATTR = class +;REGEXP = ^(info|warning|error)$ +;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Other markup formats e.g. asciidoc +;; +;; uncomment and enable the below section. +;; (You can add other markup formats by copying the section and adjusting +;; the section name suffix "asciidoc" to something else.) +;[markup.asciidoc] +;ENABLED = false +;; List of file extensions that should be rendered by an external command +;FILE_EXTENSIONS = .adoc,.asciidoc +;; External command to render all matching extensions +;RENDER_COMMAND = "asciidoc --out-file=- -" +;; Don't pass the file on STDIN, pass the filename as argument instead. +;IS_INPUT_FILE = false +;; How the content will be rendered. +;; * sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in [markup.sanitizer.*] . +;; * no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code. +;; * iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page. +;RENDER_CONTENT_MODE=sanitized + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[metrics] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; Enables metrics endpoint. True or false; default is false. +;ENABLED = false +;; If you want to add authorization, specify a token here +;TOKEN = +;; Enable issue by label metrics; default is false +;ENABLED_ISSUE_BY_LABEL = false +;; Enable issue by repository metrics; default is false +;ENABLED_ISSUE_BY_REPOSITORY = false + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[task] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Task queue type, could be `channel` or `redis`. +;QUEUE_TYPE = channel +;; +;; Task queue length, available only when `QUEUE_TYPE` is `channel`. +;QUEUE_LENGTH = 1000 +;; +;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`. +;; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`. +;QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0" + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[migrations] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Max attempts per http/https request on migrations. +;MAX_ATTEMPTS = 3 +;; +;; Backoff time per http/https request retry (seconds) +;RETRY_BACKOFF = 3 +;; +;; Allowed domains for migrating, default is blank. Blank means everything will be allowed. +;; Multiple domains could be separated by commas. +;; Wildcard is supported: "github.com, *.github.com" +;ALLOWED_DOMAINS = +;; +;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas. +;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains. +;; Wildcard is supported. +;BLOCKED_DOMAINS = +;; +;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default) +;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored. +;ALLOW_LOCALNETWORKS = false + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[federation] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Enable/Disable federation capabilities +;ENABLED = false +;; +;; Enable/Disable user statistics for nodeinfo if federation is enabled +;SHARE_USER_STATISTICS = true +;; +;; Maximum federation request and response size (MB) +;MAX_SIZE = 4 +;; +;; WARNING: Changing the settings below can break federation. +;; +;; HTTP signature algorithms +;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519 +;; +;; HTTP signature digest algorithm +;DIGEST_ALGORITHM = SHA-256 +;; +;; GET headers for federation requests +;GET_HEADERS = (request-target), Date +;; +;; POST headers for federation requests +;POST_HEADERS = (request-target), Date, Digest + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[packages] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; +;; Enable/Disable package registry capabilities +;ENABLED = true +;; +;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload` +;CHUNKED_UPLOAD_PATH = tmp/package-upload +;; +;; Maximum count of package versions a single owner can have (`-1` means no limits) +;LIMIT_TOTAL_OWNER_COUNT = -1 +;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_TOTAL_OWNER_SIZE = -1 +;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_COMPOSER = -1 +;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_CONAN = -1 +;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_CONTAINER = -1 +;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_GENERIC = -1 +;; Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_HELM = -1 +;; Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_MAVEN = -1 +;; Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_NPM = -1 +;; Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_NUGET = -1 +;; Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_PUB = -1 +;; Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_PYPI = -1 +;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_RUBYGEMS = -1 +;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`) +;LIMIT_SIZE_VAGRANT = -1 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; default storage for attachments, lfs and avatars +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[storage] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; storage type +;STORAGE_TYPE = local + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; settings for repository archives, will override storage setting +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;[storage.repo-archive] +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; storage type +;STORAGE_TYPE = local + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;; lfs storage will override storage +;; +;[lfs] +;>GNUNUX +[lfs] +;GNUNUX +PATH = /srv/forgejo/lib/data/lfs +; pattern_csrf = r'name="_csrf" value="([a-zA-Z0-9\-\_=]+)"' ret = authentication.get(url) csrf = search(pattern_csrf, ret)[1] @@ -203,7 +202,7 @@ def test_repo(): with TemporaryDirectory() as tmpdirname: username = data['username'].split('@', 1)[0] dns = data['base_url'].split('/', 3)[2] - ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:{GITEA_PORT}/{username}/test.git' + ssh_url = f'ssh://{FORGEJO_USERNAME}@{dns}:{FORGEJO_PORT}/{username}/test.git' with SSHConfig(): with MookDnsSystem(dns, data['ip']): filename = join(tmpdirname, 'test.txt') @@ -268,11 +267,11 @@ def test_repo_persistent(): with TemporaryDirectory() as tmpdirname: username = data['username'].split('@', 1)[0] dns = data['base_url'].split('/', 3)[2] - ssh_url = f'ssh://{GITEA_USERNAME}@{dns}:{GITEA_PORT}/{username}/test_persistent.git' + ssh_url = f'ssh://{FORGEJO_USERNAME}@{dns}:{FORGEJO_PORT}/{username}/test_persistent.git' with SSHConfig(): with MookDnsSystem(dns, data['ip']): + filename = join(tmpdirname, 'test.txt') if 'FIRST_RUN' in environ: - filename = join(tmpdirname, 'test.txt') with open(filename, 'w') as fh: fh.write('test') repo = init(tmpdirname) @@ -284,6 +283,25 @@ def test_repo_persistent(): ) else: repo = clone(ssh_url, tmpdirname) + with open(filename, 'r') as fh: + len_file = len(fh.readlines()) + # get previous commit number lst = list(repo.get_walker()) - assert len(lst) == 1 - assert lst[0].commit.message == b'test commit' + len_before_commit = len(lst) + assert len_before_commit == len_file + # add a new line in file and commit + with open(filename, 'a') as fh: + fh.write('\ntest') + add(repo, filename) + date = datetime.datetime.now() + commit_message = f'test commit {date}'.encode() + commit(repo, message=commit_message) + push(repo=repo, + remote_location=ssh_url, + refspecs='master', + ) + # test if commit is added and last commit + lst = list(repo.get_walker()) + len_after_commit = len(lst) + assert len_before_commit + 1 == len_after_commit + assert lst[-1].commit.message == commit_message diff --git a/seed/gitea/README.md b/seed/gitea/README.md new file mode 100644 index 00000000..35221fbd --- /dev/null +++ b/seed/gitea/README.md @@ -0,0 +1,41 @@ +--- +gitea: none +include_toc: true +--- + +# gitea + +[All applications services for this dataset.](../README.md) + +## Description + +Transitional package for Gitea to Forgejo. + +## Dependances + +- [forgejo](../forgejo/README.md) + - [base-fedora-37](../base-fedora-37/README.md) + - [base-fedora](../base-fedora/README.md) + - [systemd](../systemd/README.md) + - [base-machine](../base-machine/README.md) + - [base](../base/README.md) + - [dns-local](../dns-local/README.md) + - [postgresql-client](../postgresql-client/README.md) + - [reverse-proxy-client](../reverse-proxy-client/README.md) + - [relay-mail-client](../relay-mail-client/README.md) + - [redis-client](../redis-client/README.md) + - [oauth2-client](../oauth2-client/README.md) + +## Variables + +### Général (*general*) + +#### Transitional family (*general.gitea*) + +| Description | Type | +|------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------| +| Transitional variable, please do not use it (*[gitea_mail_sender](dictionaries/32_gitea.xml)*) | [mail](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | + + +- [+]: variable is multiple +- **bold**: variable is mandatory diff --git a/seed/host-systemd-machined/dictionaries/21-machined.xml b/seed/host-systemd-machined/dictionaries/21-machined.xml index 37b87346..ef01c48c 100644 --- a/seed/host-systemd-machined/dictionaries/21-machined.xml +++ b/seed/host-systemd-machined/dictionaries/21-machined.xml @@ -16,9 +16,10 @@ /usr/local/lib/risotto-tmpfiles.d/0asystemd-nspawn.conf /etc/systemd/system/systemd-nspawn@.service.d/systemd-nspawn@.conf /etc/distro.repos.d/boot.repo - /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64 - /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64 - /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36 + /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64 + /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-x86_64 + /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-37-x86_64 + /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-36 /etc/sysctl.d/90-risotto.conf host_network_filename @@ -50,6 +51,13 @@ tree tshark vim + python3-pytest + python3-yaml + python3-ldap + python3-dnspython + python3-dulwich + python3-psycopg2 + python3-redis diff --git a/seed/ldap-client/README.md b/seed/ldap-client/README.md index 0c61795c..40f3678a 100644 --- a/seed/ldap-client/README.md +++ b/seed/ldap-client/README.md @@ -25,13 +25,13 @@ Application service needs interact with a LDAP server. ##### Client (*general.annuaire.client*) -| Description | Type | Supplier | -|----------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|--------------| -| Nom de la famille LDAP (*[ldapclient_family](dictionaries/21_ldap-client.xml)*) | [unix_user](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP:family | -| **Base DN de l'annuaire** (*[ldapclient_base_dn](dictionaries/21_ldap-client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP:base_dn | -| **Base DN de l'annuaire des utilisateurs** (*[ldapclient_search_dn](dictionaries/21_ldap-client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | -| **Base DN de l'annuaire des groupes** (*[ldapclient_group_dn](dictionaries/21_ldap-client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | -| **Base DN de l'annuaire des utilisateurs n'appartenant à une famille** (*[ldapclient_user_dn](dictionaries/21_ldap-client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | +| Description | Type | Supplier | Values | +|----------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|--------------|--------------| +| Nom de la famille LDAP (*[ldapclient_family](dictionaries/21_ldap-client.xml)*) | [unix_user](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP:family | | +| **Base DN de l'annuaire** (*[ldapclient_base_dn](dictionaries/21_ldap-client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP:base_dn | | +| **Base DN de l'annuaire des utilisateurs** (*[ldapclient_search_dn](dictionaries/21_ldap-client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | | +| **Base DN de l'annuaire des groupes** (*[ldapclient_group_dn](dictionaries/21_ldap-client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | | +| **Base DN de l'annuaire des utilisateurs n'appartenant à une famille** (*[ldapclient_user_dn](dictionaries/21_ldap-client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | | - [+]: variable is multiple diff --git a/seed/ldap-client/templates/ldap.conf b/seed/ldap-client/templates/ldap.conf index 3a65745d..76140c8f 100644 --- a/seed/ldap-client/templates/ldap.conf +++ b/seed/ldap-client/templates/ldap.conf @@ -6,9 +6,11 @@ # This file should be world readable but not world writable. #BASE dc=example,dc=com -BASE %%ldapclient_search_dn #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 +#>GNUNUX +BASE %%ldapclient_search_dn URI ldaps://%%ldap_server_address:%%ldap_port +#GNUNUX TLS_KEY %%ldap_key_file TLS_CERT %%ldap_cert_file TLS_CACERT %%ldap_ca_file +#GNUNUX BINDDN %%ldapclient_user TIMELIMIT 10 NETWORK_TIMEOUT 10 TIMEOUT 10 BINDPW %%ldapclient_user_password +# | OAuth2Client | #### OAuth2 for (*oauth2.oauth2_*) diff --git a/seed/lemonldap/applicationservice.yml b/seed/lemonldap/applicationservice.yml index 2abc171e..4a819afa 100644 --- a/seed/lemonldap/applicationservice.yml +++ b/seed/lemonldap/applicationservice.yml @@ -2,8 +2,8 @@ format: '0.1' description: LemonLDAP, a Web Single Sign On and Access Management website: https://lemonldap-ng.org/ depends: - - base-debian-bullseye - ldap-client - reverse-proxy-client - relay-mail-client - nginx-common + - base-debian-bullseye diff --git a/seed/lemonldap/dictionaries/70_lemonldap_ng.xml b/seed/lemonldap/dictionaries/70_lemonldap_ng.xml index d5b9eea9..ff3fc6e0 100644 --- a/seed/lemonldap/dictionaries/70_lemonldap_ng.xml +++ b/seed/lemonldap/dictionaries/70_lemonldap_ng.xml @@ -20,7 +20,7 @@ /sbin/interne_well_known.pl /sbin/wget.pl /tmpfiles.d/0lemonldap.conf - /tests/lemonldap.yml + /tests/lemonldap.yml diff --git a/seed/mailman/README.md b/seed/mailman/README.md index 70513396..b9ff69d4 100644 --- a/seed/mailman/README.md +++ b/seed/mailman/README.md @@ -54,9 +54,9 @@ GNU Mailman, managing electronic mail discussion and e-newsletter lists. ##### external (*general.oauth2_client.external*) -| Description | -|---------------------------------------------------------| -| *[oauth2_client_external](dictionaries/31_mailman.xml)* | +| Description | Values | +|---------------------------------------------------------|--------------| +| *[oauth2_client_external](dictionaries/31_mailman.xml)* | | #### nginx (*general.nginx*) diff --git a/seed/mailman/dictionaries/31_mailman.xml b/seed/mailman/dictionaries/31_mailman.xml index 1e3378ba..57c5bf04 100644 --- a/seed/mailman/dictionaries/31_mailman.xml +++ b/seed/mailman/dictionaries/31_mailman.xml @@ -5,7 +5,7 @@ /etc/mailman3/mailman.cfg /tmpfiles.d/0mailman.conf - /tests/mailman.yml + /tests/mailman.yml diff --git a/seed/mariadb/dictionaries/20_mariadb.xml b/seed/mariadb/dictionaries/20_mariadb.xml index e125dbbf..e8faddff 100644 --- a/seed/mariadb/dictionaries/20_mariadb.xml +++ b/seed/mariadb/dictionaries/20_mariadb.xml @@ -6,7 +6,7 @@ /etc/my.cnf.d/risotto.cnf /tmpfiles.d/0mariadb.conf /etc/mariadb.sql - /tests/mariadb.yml + /tests/mariadb.yml diff --git a/seed/nextcloud/manual/image/postinstall/nextcloud.sh b/seed/nextcloud/manual/image/postinstall/nextcloud.sh index ae2b0607..634a600a 100644 --- a/seed/nextcloud/manual/image/postinstall/nextcloud.sh +++ b/seed/nextcloud/manual/image/postinstall/nextcloud.sh @@ -1,4 +1,4 @@ -CALENDAR="3.5.2" +#CALENDAR="3.5.2" ln -s "/srv/nextcloud/data" "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/share/nextcloud/data" mkdir -p "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share/nextcloud/apps" cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/local/share/nextcloud/apps" @@ -9,8 +9,11 @@ tar xf *tar.gz rm -f *tar.gz chown -R root: oidc_login # -#app=$(wget https://api.github.com/repos/nextcloud-releases/calendar/releases/latest -q -O - | jq -r '.assets[0].browser_download_url') -app="https://github.com/nextcloud-releases/calendar/releases/download/v${CALENDAR}/calendar-v${CALENDAR}.tar.gz" +if [ -z "$CALENDAR" ]; then + app=$(wget https://api.github.com/repos/nextcloud-releases/calendar/releases/latest -q -O - | jq -r '.assets[0].browser_download_url') +else + app="https://github.com/nextcloud-releases/calendar/releases/download/v${CALENDAR}/calendar-v${CALENDAR}.tar.gz" +fi wget -q $app -O app.tar.gz tar xf app.tar.gz rm -f app.tar.gz diff --git a/seed/nginx-common/dictionaries/21_nginx.xml b/seed/nginx-common/dictionaries/21_nginx.xml index ec67a93b..55308377 100644 --- a/seed/nginx-common/dictionaries/21_nginx.xml +++ b/seed/nginx-common/dictionaries/21_nginx.xml @@ -2,17 +2,15 @@ - /etc/nginx/nginx.conf - /etc/nginx/sites-available/default + /etc/nginx/nginx.conf + /etc/nginx/sites-available/default /etc/nginx/default.d/default.conf - /var/www/html/index.html /etc/nginx/conf.d/options.conf - /var/www/html/error.html /sysusers.d/nginx.conf /tmpfiles.d/nginx.conf revprox_crt_file revprox_key_file - /tests/nginx-common.yml + /tests/nginx-common.yml @@ -41,6 +39,7 @@ @@ -49,6 +48,10 @@ nginx_fedora nginx_default + + Debian + nginx_debian + nginx_default @@ -89,5 +92,11 @@ Fedora nginx_group + + nginx.conf + os_name + . + nginx_source_conf + diff --git a/seed/nginx-common/templates/default-nginx.conf b/seed/nginx-common/templates/default-nginx.conf index 639e06d0..66089b7d 100644 --- a/seed/nginx-common/templates/default-nginx.conf +++ b/seed/nginx-common/templates/default-nginx.conf @@ -1,2 +1,3 @@ +#RISOTTO: do not compare rewrite ^(.*) http://%%nginx_default$1; break; diff --git a/seed/nginx-common/templates/nginx-options.conf b/seed/nginx-common/templates/nginx-options.conf index 185ff4dc..3c7b7819 100644 --- a/seed/nginx-common/templates/nginx-options.conf +++ b/seed/nginx-common/templates/nginx-options.conf @@ -1,3 +1,4 @@ +#RISOTTO: do not compare client_max_body_size %%{nginx_post_max_size}M; client_body_buffer_size 128k; diff --git a/seed/nginx-common/tests/test_nginx_commmon.py b/seed/nginx-common/tests/test_nginx_commmon.py index efbfc866..71317ffb 100644 --- a/seed/nginx-common/tests/test_nginx_commmon.py +++ b/seed/nginx-common/tests/test_nginx_commmon.py @@ -42,9 +42,9 @@ def test_revprox(): protocols.append('https') # test certificate with raises(SSLError): - # not certificat problem for https://{url} + # certificat problem for https://{url} req(f'https://{url}', data['address']) for protocol in protocols: ret_code, content = req(f'{protocol}://{url}', data['address'], verify=False) assert ret_code == 200, f'{protocol}://{url} do not returns code 200 but {ret_code}' - assert "Test Page for the HTTP Server on Fedora" in content, f'{protocol}://{url} do not returns default fedora page' +# assert "Welcome" in content, f'{protocol}://{url} do not returns default fedora page' diff --git a/seed/nginx-reverse-proxy/README.md b/seed/nginx-reverse-proxy/README.md index ee2cc6f0..2f18716b 100644 --- a/seed/nginx-reverse-proxy/README.md +++ b/seed/nginx-reverse-proxy/README.md @@ -15,13 +15,13 @@ Nginx as reverse proxy. ## Dependances -- [base-fedora-36](../base-fedora-36/README.md) +- [nginx-common](../nginx-common/README.md) +- [base-fedora-37](../base-fedora-37/README.md) - [base-fedora](../base-fedora/README.md) - [systemd](../systemd/README.md) - [base-machine](../base-machine/README.md) - [base](../base/README.md) - [dns-local](../dns-local/README.md) -- [nginx-common](../nginx-common/README.md) ## Variables @@ -37,11 +37,11 @@ Nginx as reverse proxy. Paramétrage global de NGINX -| Description | Values | -|--------------------------------------------------------|----------| -| *[**nginx_default**](dictionaries/25_nginx.xml)* | | -| *[**nginx_default_http**](dictionaries/25_nginx.xml)* | True | -| *[**nginx_default_https**](dictionaries/25_nginx.xml)* | True | +| Description | Values | +|--------------------------------------------------------|--------------| +| *[**nginx_default**](dictionaries/25_nginx.xml)* | | +| *[**nginx_default_http**](dictionaries/25_nginx.xml)* | True | +| *[**nginx_default_https**](dictionaries/25_nginx.xml)* | True | ### Machine (*machine*) diff --git a/seed/nginx-reverse-proxy/applicationservice.yml b/seed/nginx-reverse-proxy/applicationservice.yml index 2c5a0cc0..00358122 100644 --- a/seed/nginx-reverse-proxy/applicationservice.yml +++ b/seed/nginx-reverse-proxy/applicationservice.yml @@ -2,5 +2,5 @@ format: '0.1' description: Nginx as reverse proxy website: https://nginx.org/ depends: - - base-fedora-36 - nginx-common + - base-fedora-37 diff --git a/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml b/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml index 27134013..3372163c 100644 --- a/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml +++ b/seed/nginx-reverse-proxy/dictionaries/25_nginx.xml @@ -4,10 +4,12 @@ /etc/nginx/conf.d/options-rp.conf - /etc/nginx/sites-enabled/risotto.conf + /etc/nginx/conf.d/risotto.conf + /etc/pki/ca-trust/source/anchors/ca_External.crt nginx.nginx_certificate_filename nginx.nginx_private_key_filename - /tests/reverse-proxy.yml + /tests/reverse-proxy.yml + /var/www/html/error.html diff --git a/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml b/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml index b68dcb34..7a20a684 100644 --- a/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml +++ b/seed/nginx-reverse-proxy/extras/nginx/00-nginx.xml @@ -37,7 +37,7 @@ nginx.nginx_private_key_filename - nginx.remotes + nginx.reverse_proxy_for_.reverse_proxy_.revprox_domainnames_ nginx_default diff --git a/seed/nginx-reverse-proxy/templates/certificate.crt b/seed/nginx-reverse-proxy/templates/certificate.crt index c3df7f22..f604de8c 100644 --- a/seed/nginx-reverse-proxy/templates/certificate.crt +++ b/seed/nginx-reverse-proxy/templates/certificate.crt @@ -1,2 +1 @@ -%set %%chain=%%get_chain(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name="External", hide=%%hide_secret) %%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='External', hide=%%hide_secret) diff --git a/seed/nginx-reverse-proxy/templates/nginx-options-rp.conf b/seed/nginx-reverse-proxy/templates/nginx-options-rp.conf index cafa6255..eb0be7ab 100644 --- a/seed/nginx-reverse-proxy/templates/nginx-options-rp.conf +++ b/seed/nginx-reverse-proxy/templates/nginx-options-rp.conf @@ -1,2 +1,3 @@ +#RISOTTO: do not compare # We use X-Forwarded-For header real_ip_header X-Forwarded-For; diff --git a/seed/nginx-reverse-proxy/templates/reverse-proxy.yml b/seed/nginx-reverse-proxy/templates/reverse-proxy.yml index 2c856d76..c0b8d655 100644 --- a/seed/nginx-reverse-proxy/templates/reverse-proxy.yml +++ b/seed/nginx-reverse-proxy/templates/reverse-proxy.yml @@ -10,3 +10,4 @@ urls: %end for %end for %end for +ca_certificate: ../etc/pki/ca-trust/source/anchors/ca_External.crt diff --git a/seed/nginx-reverse-proxy/templates/revprox-nginx.conf b/seed/nginx-reverse-proxy/templates/revprox-nginx.conf index a96adb5a..0331c31f 100644 --- a/seed/nginx-reverse-proxy/templates/revprox-nginx.conf +++ b/seed/nginx-reverse-proxy/templates/revprox-nginx.conf @@ -1,3 +1,4 @@ +#RISOTTO: do not compare %for %%idx, %%domainname in %%enumerate(%%nginx.revprox_domainnames) # Configuration HTTP %%domainname server { diff --git a/seed/nginx-reverse-proxy/tests/test_revprox.py b/seed/nginx-reverse-proxy/tests/test_revprox.py index 592807d8..51f8943a 100644 --- a/seed/nginx-reverse-proxy/tests/test_revprox.py +++ b/seed/nginx-reverse-proxy/tests/test_revprox.py @@ -1,5 +1,6 @@ from yaml import load, SafeLoader from os import environ +from os.path import join import warnings import socket @@ -19,9 +20,9 @@ def req(url, ip, verify=True): if not verify: with warnings.catch_warnings(): warnings.simplefilter("ignore") - ret = get(url, verify=verify) + ret = get(url, verify=verify, allow_redirects=False) else: - ret = get(url, verify=verify) + ret = get(url, verify=verify, allow_redirects=False) ret_code = ret.status_code content = ret.content socket.getaddrinfo = old_getaddrinfo @@ -34,6 +35,8 @@ def test_revprox(): data = load(yaml, Loader=SafeLoader) # test known domains for url in data['urls']: - ret_code, content = req(f'https://{url}', data['address']) + try: + ret_code, content = req(f'https://{url}', data['address']) + except SSLError: + ret_code, content = req(f'https://{url}', data['address'], verify=join(environ["MACHINE_TEST_DIR"], data["ca_certificate"])) assert ret_code == 200, f'https://{url} do not returns code 200 but {ret_code}' - assert "Test Page for the HTTP Server on Fedora" not in content, f'https://{url} do returns default fedora page' diff --git a/seed/nginx-static/README.md b/seed/nginx-static/README.md index da3acf7c..f22a87ea 100644 --- a/seed/nginx-static/README.md +++ b/seed/nginx-static/README.md @@ -18,7 +18,7 @@ Nginx as static web site. - [nginx-https](../nginx-https/README.md) - [nginx-common](../nginx-common/README.md) - [reverse-proxy-client](../reverse-proxy-client/README.md) -- [base-fedora-36](../base-fedora-36/README.md) +- [base-fedora-37](../base-fedora-37/README.md) - [base-fedora](../base-fedora/README.md) - [systemd](../systemd/README.md) - [base-machine](../base-machine/README.md) diff --git a/seed/nginx-static/applicationservice.yml b/seed/nginx-static/applicationservice.yml index 9395932f..d439be4f 100644 --- a/seed/nginx-static/applicationservice.yml +++ b/seed/nginx-static/applicationservice.yml @@ -3,4 +3,4 @@ description: Nginx as static web site website: https://nginx.org/ depends: - nginx-https - - base-fedora-36 + - base-fedora-37 diff --git a/seed/nginx-static/dictionaries/22_nginx_static.xml b/seed/nginx-static/dictionaries/22_nginx_static.xml index c2956859..1e91a4f3 100644 --- a/seed/nginx-static/dictionaries/22_nginx_static.xml +++ b/seed/nginx-static/dictionaries/22_nginx_static.xml @@ -3,6 +3,7 @@ /tmpfiles.d/0static.conf + /srv/static/index.html diff --git a/seed/nsd/README.md b/seed/nsd/README.md index ef6e77c0..537a404b 100644 --- a/seed/nsd/README.md +++ b/seed/nsd/README.md @@ -15,7 +15,7 @@ NSD, an authoritative DNS name server. ## Dependances -- [base-fedora-36](../base-fedora-36/README.md) +- [base-fedora-37](../base-fedora-37/README.md) - [base-fedora](../base-fedora/README.md) - [systemd](../systemd/README.md) - [base-machine](../base-machine/README.md) @@ -28,9 +28,9 @@ NSD, an authoritative DNS name server. #### network (*general.network*) -| Description | -|-------------------------------------| -| *[ip_dns](dictionaries/20_nsd.xml)* | +| Description | Values | +|-------------------------------------|--------------| +| *[ip_dns](dictionaries/20_nsd.xml)* | | #### Serveur DNS (*general.dns_server*) @@ -40,17 +40,17 @@ NSD, an authoritative DNS name server. #### Zone DNS (*general.dns_zone*) -| Description | Type | -|--------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------| -| Zones DNS (*[nsd_zones](dictionaries/20_nsd.xml)*) [+] | [domainname](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | +| Description | Type | Values | +|--------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|--------------| +| Zones DNS (*[nsd_zones](dictionaries/20_nsd.xml)*) [+] | [domainname](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | #### Zone DNS reverse (*general.dns_reverses*) This a family is a leadership. -| Description | Type | -|------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------| -| Réseau pour la résolution reverse (*[nsd_reverse_network](dictionaries/20_nsd.xml)*) [+] | [network_cidr](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | +| Description | Type | Values | +|------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------| +| Réseau pour la résolution reverse (*[nsd_reverse_network](dictionaries/20_nsd.xml)*) [+] | [network_cidr](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | ### Machine (*machine*) diff --git a/seed/nsd/applicationservice.yml b/seed/nsd/applicationservice.yml index 31a5bb86..1ff6b639 100644 --- a/seed/nsd/applicationservice.yml +++ b/seed/nsd/applicationservice.yml @@ -3,4 +3,4 @@ description: NSD, an authoritative DNS name server website: https://www.nlnetlabs.nl/projects/nsd/about/ service: true depends: - - base-fedora-36 + - base-fedora-37 diff --git a/seed/nsd/dictionaries/20_nsd.xml b/seed/nsd/dictionaries/20_nsd.xml index 20d49b53..65dfcdc5 100644 --- a/seed/nsd/dictionaries/20_nsd.xml +++ b/seed/nsd/dictionaries/20_nsd.xml @@ -11,7 +11,7 @@ nsd_reverse_filenames_signed /sysusers.d/0nsd.conf /tmpfiles.d/0nsd.conf - /tests/nsd.yml + /tests/nsd.yml diff --git a/seed/nsd/templates/nsd.signed b/seed/nsd/templates/nsd.signed index 8f92c519..2cd6b12a 100644 --- a/seed/nsd/templates/nsd.signed +++ b/seed/nsd/templates/nsd.signed @@ -1 +1,2 @@ +#RISOTTO: do not compare %%sign(%%rougail_destination_dir + %%rougail_variable, %%domain_name_eth0) diff --git a/seed/nsd/templates/risotto.conf b/seed/nsd/templates/risotto.conf index 05346121..261116a6 100644 --- a/seed/nsd/templates/risotto.conf +++ b/seed/nsd/templates/risotto.conf @@ -1,3 +1,4 @@ +#RISOTTO: do not compare server: interface: 127.0.0.1 %for %%interface in %%range(%%len(%%zones_list)) diff --git a/seed/oauth2-client/README.md b/seed/oauth2-client/README.md index ffc7e874..e48b28b6 100644 --- a/seed/oauth2-client/README.md +++ b/seed/oauth2-client/README.md @@ -31,10 +31,10 @@ Application service needs interact with a Oauth2 server. ##### external (*general.oauth2_client.external*) -| Description | Type | Supplier | Values | -|------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|-----------------|----------| -| **OAuth2 client external** (*[oauth2_client_external](dictionaries/30_oauth2_client.xml)*) [+] | [web_address](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2:external | | -| **OAuth2 family** (*[oauth2_client_family](dictionaries/30_oauth2_client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2:family | users | +| Description | Type | Values | Supplier | +|------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|--------------|-----------------| +| **OAuth2 client external** (*[oauth2_client_external](dictionaries/30_oauth2_client.xml)*) [+] | [web_address](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | OAuth2:external | +| **OAuth2 family** (*[oauth2_client_family](dictionaries/30_oauth2_client.xml)*) | [string](https://cloud.silique.fr/gitea/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | users | OAuth2:family | - [+]: variable is multiple @@ -47,9 +47,9 @@ Application service needs interact with a Oauth2 server. - [peertube](../peertube/README.md) - [piwigo](../piwigo/README.md) - [dovecot](../dovecot/README.md) +- [forgejo](../forgejo/README.md) - [roundcube](../roundcube/README.md) - [nextcloud](../nextcloud/README.md) -- [gitea](../gitea/README.md) ## Linked to diff --git a/seed/odoo/dictionaries/40_odoo.xml b/seed/odoo/dictionaries/40_odoo.xml index 17461e93..74e2f64e 100644 --- a/seed/odoo/dictionaries/40_odoo.xml +++ b/seed/odoo/dictionaries/40_odoo.xml @@ -14,7 +14,7 @@ -