diff --git a/configs/gitea.ini b/configs/gitea.ini new file mode 100644 index 0000000..424ad7d --- /dev/null +++ b/configs/gitea.ini @@ -0,0 +1,115 @@ +APP_NAME = The Rusty Bever +RUN_MODE = prod +RUN_USER = git + +[repository] +ROOT = /data/git/repositories +; Makes public the default option when creating a repo +DEFAULT_PRIVATE = public +; Disables releases, projects & wiki by default for new repos (but can be enabled when needed) +DEFAULT_REPO_UNITS = repo.code,repo.issues,repo.pulls +; Might as well be compatible with +DEFAULT_BRANCH = main + +[repository.pull-request] +WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]:,Draft:,[Draft]: + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + + +[ui] +; Always show the full name of a user when possible +DEFAULT_SHOW_FULL_NAME = true + + +[server] +APP_DATA_PATH = /data/gitea +DOMAIN = git.rustybever.be +SSH_DOMAIN = git.rustybever.be +HTTP_PORT = 3000 +ROOT_URL = https://git.rustybever.be/ +DISABLE_SSH = false +SSH_PORT = 22 +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_CONTENT_PATH = /data/git/lfs +OFFLINE_MODE = false + + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = postgres +HOST = db:5432 +NAME = gitea +USER = gitea +PASSWD = gitea +LOG_SQL = false +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 + + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file + + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + + +[attachment] +PATH = /data/gitea/attachments + + +[log] +MODE = console +LEVEL = info +REDIRECT_MACARON_LOG = true +MACARON = console +ROUTER = console +ROOT_PATH = /data/gitea/log + + +[security] +INSTALL_LOCK = true +MIN_PASSWORD_LENGTH = 12 +PASSWORD_COMPLEXITY = lower,upper,digit + + +[service] +DISABLE_REGISTRATION = true +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + + +[mailer] +ENABLED = false + + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = false + + +[other] +SHOW_FOOTER_VERSION = false +SHOW_FOOTER_TEMPLATE_LOAD_TIME = false diff --git a/stacks/gitea.yml b/stacks/gitea.yml index 6c05c83..cba1f56 100644 --- a/stacks/gitea.yml +++ b/stacks/gitea.yml @@ -4,7 +4,7 @@ services: app: # Latest contains a development version image: 'gitea/gitea:1.15.8' - + deploy: mode: 'replicated' replicas: 1 @@ -12,12 +12,15 @@ services: constraints: - 'node.labels.class==gitea' labels: - - 'traefik.enable=true' - - 'traefik.http.routers.gitea.rule=Host(`git.rustybever.be`)' - - 'traefik.http.routers.gitea.tls=true' - - 'traefik.http.routers.gitea.tls.certresolver=letsEncrypt' - - 'traefik.http.services.gitea.loadbalancer.server.port=3000' - + - 'traefik.enable=true' + - 'traefik.http.routers.gitea.rule=Host(`git.rustybever.be`)' + - 'traefik.http.routers.gitea.tls=true' + - 'traefik.http.routers.gitea.tls.certresolver=letsEncrypt' + - 'traefik.http.services.gitea.loadbalancer.server.port=3000' + + configs: + - source: gitea_v1 + target: /data/gitea/conf/app.ini environment: - 'DB_TYPE=postgres' - 'DB_HOST=db:5432' @@ -26,6 +29,10 @@ services: - 'DB_PASSWD=gitea' - 'LFS_START_SERVER=true' - 'DISABLE_REGISTRATION=true' + - 'GITEA__server__LFS_JWT_SECRET_FILE=/run/secrets/gitea_lfs_jwt_secret' + - 'GITEA__security__SECRET_KEY_FILE=/run/secrets/gitea_secret_key' + - 'GITEA__security__INTERNAL_TOKEN_FILE=/run/secrets/gitea_internal_token' + - 'GITEA__oauth2__JWT_SECRET_FILE=/run/secrets/gitea_jwt_secret' networks: - 'default' - 'public' @@ -37,6 +44,11 @@ services: - 'lfs:/data/git/lfs' - '/etc/timezone:/etc/timezone:ro' - '/etc/localtime:/etc/localtime:ro' + secrets: + - gitea_internal_token + - gitea_jwt_secret + - gitea_lfs_jwt_secret + - gitea_secret_key db: image: 'postgres:14.1-alpine' @@ -62,10 +74,24 @@ services: volumes: - 'db-data:/var/lib/postgresql/data' +configs: + gitea_v1: + external: true + networks: public: external: true +secrets: + gitea_internal_token: + external: true + gitea_jwt_secret: + external: true + gitea_lfs_jwt_secret: + external: true + gitea_secret_key: + external: true + volumes: data: db-data: