2017-11-26 04:16:58 -05:00
; This file lists the default values used by Gitea
2021-05-09 17:10:05 -04:00
;; Copy required sections to your own app.ini (default is custom/conf/app.ini)
;; and modify as needed.
;; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes.
;; If you don't know what a setting is you should not set it.
;;
;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
2022-11-09 20:22:31 -05:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Default Configuration (non-`app.ini` configuration)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; These values are environment-dependent but form the basis of a lot of values. They will be
;; reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
;;
;; - _`AppPath`_: This is the absolute path of the running gitea binary.
;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
;; - The `--work-path` flag passed to the binary
;; - The environment variable `$GITEA_WORK_DIR`
;; - A built-in value set at build time (see building from source)
;; - Otherwise it defaults to the directory of the _`AppPath`_
;; - If any of the above are relative paths then they are made absolute against the
;; the directory of the _`AppPath`_
;; - _`CustomPath`_: This is the base directory for custom templates and other options.
;; It is determined by using the first set thing in the following hierarchy:
;; - The `--custom-path` flag passed to the binary
;; - The environment variable `$GITEA_CUSTOM`
;; - A built-in value set at build time (see building from source)
;; - Otherwise it defaults to _`AppWorkPath`_`/custom`
;; - If any of the above are relative paths then they are made absolute against the
;; the directory of the _`AppWorkPath`_
;; - _`CustomConf`_: This is the path to the `app.ini` file.
;; - The `--config` flag passed to the binary
;; - A built-in value set at build time (see building from source)
;; - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
;; - If any of the above are relative paths then they are made absolute against the
;; the directory of the _`CustomPath`_
;;
;; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; General Settings
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; App name that shows in every page title
APP_NAME = ; Gitea: Git with a cup of tea
;;
;; RUN_USER will automatically detect the current user - but you can set it here change it if you run locally
RUN_USER = ; git
;;
;; Application run mode, affects performance and debugging. Either "dev", "prod" or "test", default is "prod"
RUN_MODE = ; prod
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2014-02-12 14:54:09 -05:00
[server]
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
2022-11-09 20:22:31 -05:00
;; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http'
2021-05-09 17:10:05 -04:00
;PROTOCOL = http
;;
2022-08-21 14:20:43 -04:00
;; Expect PROXY protocol headers on connections
;USE_PROXY_PROTOCOL = false
;;
;; Use PROXY protocol in TLS Bridging mode
;PROXY_PROTOCOL_TLS_BRIDGING = false
;;
; Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
;PROXY_PROTOCOL_HEADER_TIMEOUT=5s
;;
; Accept PROXY protocol headers with UNKNOWN type
;PROXY_PROTOCOL_ACCEPT_UNKNOWN=false
;;
2021-05-09 17:10:05 -04:00
;; Set the domain for the server
;DOMAIN = localhost
;;
;; Overwrite the automatically generated public URL. Necessary for proxies and docker.
;ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
;;
;; when STATIC_URL_PREFIX is empty it will follow ROOT_URL
;STATIC_URL_PREFIX =
;;
;; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
2022-11-09 20:22:31 -05:00
;; If PROTOCOL is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use.
;; Relative paths will be made absolute against the _`AppWorkPath`_.
2021-05-09 17:10:05 -04:00
;HTTP_ADDR = 0.0.0.0
;;
;; The port to listen on. Leave empty when using a unix socket.
;HTTP_PORT = 3000
;;
;; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
;; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
;; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for
;; PORT_TO_REDIRECT.
;REDIRECT_OTHER_PORT = false
;PORT_TO_REDIRECT = 80
;;
2022-08-21 14:20:43 -04:00
;; expect PROXY protocol header on connections to https redirector.
2022-11-09 20:22:31 -05:00
;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
2021-11-20 01:12:43 -05:00
;; Minimum and maximum supported TLS versions
;SSL_MIN_VERSION=TLSv1.2
;SSL_MAX_VERSION=
;;
;; SSL Curve Preferences
;SSL_CURVE_PREFERENCES=X25519,P256
;;
;; SSL Cipher Suites
;SSL_CIPHER_SUITES=; Will default to "ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305" if aes is supported by hardware, otherwise chacha will be first.
;;
2022-05-09 12:33:19 -04:00
;; Timeout for any write to the connection. (Set to -1 to disable all timeouts.)
2021-06-10 17:25:25 -04:00
;PER_WRITE_TIMEOUT = 30s
;;
;; Timeout per Kb written to connections.
;PER_WRITE_PER_KB_TIMEOUT = 30s
;;
2021-05-09 17:10:05 -04:00
;; Permission for unix socket
;UNIX_SOCKET_PERMISSION = 666
;;
;; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
;; In most cases you do not need to change the default value.
;; Alter it only if your SSH server node is not the same as HTTP node.
;; Do not set this variable if PROTOCOL is set to 'unix'.
;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
;;
2022-08-21 14:20:43 -04:00
;; When making local connections pass the PROXY protocol header.
2022-11-09 20:22:31 -05:00
;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
2022-08-21 14:20:43 -04:00
;;
2021-05-09 17:10:05 -04:00
;; Disable SSH feature when not available
;DISABLE_SSH = false
;;
;; Whether to use the builtin SSH server or not.
;START_SSH_SERVER = false
;;
2022-08-21 14:20:43 -04:00
;; Expect PROXY protocol header on connections to the built-in SSH server
;SSH_SERVER_USE_PROXY_PROTOCOL = false
;;
;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
2022-02-07 16:56:45 -05:00
;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
2021-05-09 17:10:05 -04:00
;;
;; Domain name to be exposed in clone URL
;SSH_DOMAIN = %(DOMAIN)s
;;
2022-02-07 16:56:45 -05:00
;; SSH username displayed in clone URLs.
;SSH_USER = %(BUILTIN_SSH_SERVER_USER)s
;;
2021-05-09 17:10:05 -04:00
;; The network interface the builtin SSH server should listen on
;SSH_LISTEN_HOST =
;;
;; Port number to be exposed in clone URL
;SSH_PORT = 22
;;
;; The port number the builtin SSH server should listen on
;SSH_LISTEN_PORT = %(SSH_PORT)s
;;
;; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
;SSH_ROOT_PATH =
;;
;; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
;; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
;SSH_CREATE_AUTHORIZED_KEYS_FILE = true
;;
;; Gitea will create a authorized_principals file by default when it is not using the internal ssh server
;; If you intend to use the AuthorizedPrincipalsCommand functionality then you should turn this off.
;SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE = true
;;
;; For the built-in SSH server, choose the ciphers to support for SSH connections,
;; for system SSH this setting has no effect
2022-02-10 11:04:16 -05:00
;SSH_SERVER_CIPHERS = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
2021-05-09 17:10:05 -04:00
;;
;; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
;; for system SSH this setting has no effect
2022-03-15 21:59:53 -04:00
;SSH_SERVER_KEY_EXCHANGES = curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
2021-05-09 17:10:05 -04:00
;;
;; For the built-in SSH server, choose the MACs to support for SSH connections,
;; for system SSH this setting has no effect
2022-02-10 11:04:16 -05:00
;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1
2021-05-09 17:10:05 -04:00
;;
;; For the built-in SSH server, choose the keypair to offer as the host key
;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
2022-11-09 20:22:31 -05:00
;; relative paths are made absolute relative to the %(APP_DATA_PATH)s
2021-05-09 17:10:05 -04:00
;SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
;;
;; Directory to create temporary files in when testing public keys using ssh-keygen,
;; default is the system temporary directory.
;SSH_KEY_TEST_PATH =
;;
;; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
;SSH_KEYGEN_PATH = ssh-keygen
;;
;; Enable SSH Authorized Key Backup when rewriting all keys, default is true
;SSH_AUTHORIZED_KEYS_BACKUP = true
;;
;; Determines which principals to allow
;; - empty: if SSH_TRUSTED_USER_CA_KEYS is empty this will default to off, otherwise will default to email, username.
;; - off: Do not allow authorized principals
;; - email: the principal must match the user's email
;; - username: the principal must match the user's username
;; - anything: there will be no checking on the content of the principal
;SSH_AUTHORIZED_PRINCIPALS_ALLOW = email, username
;;
;; Enable SSH Authorized Principals Backup when rewriting all keys, default is true
;SSH_AUTHORIZED_PRINCIPALS_BACKUP = true
;;
;; Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication.
;; Multiple keys should be comma separated.
;; E.g."ssh-<algorithm> <key>". or "ssh-<algorithm> <key1>, ssh-<algorithm> <key2>".
;; For more information see "TrustedUserCAKeys" in the sshd config manpages.
;SSH_TRUSTED_USER_CA_KEYS =
;; Absolute path of the `TrustedUserCaKeys` file gitea will manage.
;; Default this `RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem
;; If you're running your own ssh server and you want to use the gitea managed file you'll also need to modify your
;; sshd_config to point to this file. The official docker image will automatically work without further configuration.
;SSH_TRUSTED_USER_CA_KEYS_FILENAME =
;;
;; Enable exposure of SSH clone URL to anonymous visitors, default is false
;SSH_EXPOSE_ANONYMOUS = false
;;
2022-05-09 12:33:19 -04:00
;; Timeout for any write to ssh connections. (Set to -1 to disable all timeouts.)
2021-06-10 17:25:25 -04:00
;; Will default to the PER_WRITE_TIMEOUT.
;SSH_PER_WRITE_TIMEOUT = 30s
;;
;; Timeout per Kb written to ssh connections.
;; Will default to the PER_WRITE_PER_KB_TIMEOUT.
;SSH_PER_WRITE_PER_KB_TIMEOUT = 30s
;;
2021-05-09 17:10:05 -04:00
;; Indicate whether to check minimum key size with corresponding type
;MINIMUM_KEY_SIZE_CHECK = false
;;
;; Disable CDN even in "prod" mode
;OFFLINE_MODE = false
;DISABLE_ROUTER_LOG = false
;;
2022-02-08 00:45:35 -05:00
;; TLS Settings: Either ACME or manual
;; (Other common TLS configuration are found before)
;ENABLE_ACME = false
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; ACME automatic TLS settings
;;
;; ACME directory URL (e.g. LetsEncrypt's staging/testing URL: https://acme-staging-v02.api.letsencrypt.org/directory)
;; Leave empty to default to LetsEncrypt's (production) URL
;ACME_URL =
;;
;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
;ACME_ACCEPTTOS = false
;;
;; If the ACME CA is not in your system's CA trust chain, it can be manually added here
;ACME_CA_ROOT =
;;
;; Email used for the ACME registration service
;; Can be left blank to initialize at first run and use the cached value
;ACME_EMAIL =
;;
;; ACME live directory (not to be confused with ACME directory URL: ACME_URL)
;; (Refer to caddy's ACME manager https://github.com/caddyserver/certmagic)
;ACME_DIRECTORY = https
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Manual TLS settings: (Only applicable if ENABLE_ACME=false)
;;
2021-05-09 17:10:05 -04:00
;; Generate steps:
;; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
;;
;; Or from a .pfx file exported from the Windows certificate store (do
;; not forget to export the private key):
;; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
;; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
;; Paths are relative to CUSTOM_PATH
;CERT_FILE = https/cert.pem
;KEY_FILE = https/key.pem
;;
;; Root directory containing templates and static files.
;; default is the path where Gitea is executed
2022-11-09 20:22:31 -05:00
;STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_
2021-05-09 17:10:05 -04:00
;;
;; Default path for App data
2022-11-09 20:22:31 -05:00
;APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_
2021-05-09 17:10:05 -04:00
;;
;; Enable gzip compression for runtime-generated content, static resources excluded
;ENABLE_GZIP = false
;;
;; Application profiling (memory and cpu)
;; For "web" command it listens on localhost:6060
;; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
;ENABLE_PPROF = false
;;
;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
2022-11-09 20:22:31 -05:00
;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_
2021-05-09 17:10:05 -04:00
;;
2022-04-05 12:16:01 -04:00
;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
2021-05-09 17:10:05 -04:00
;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
;LANDING_PAGE = home
;;
;; Enables git-lfs support. true or false, default is false.
;LFS_START_SERVER = false
;;
;;
;; LFS authentication secret, change this yourself
2017-12-13 17:22:59 -05:00
LFS_JWT_SECRET =
2021-05-09 17:10:05 -04:00
;;
;; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
;LFS_HTTP_AUTH_EXPIRY = 20m
;;
;; Maximum allowed LFS file size in bytes (Set to 0 for no limit).
;LFS_MAX_FILE_SIZE = 0
;;
;; Maximum number of locks returned per page
;LFS_LOCKS_PAGING_NUM = 50
;;
;; Allow graceful restarts using SIGHUP to fork
;ALLOW_GRACEFUL_RESTARTS = true
;;
;; After a restart the parent will finish ongoing requests before
;; shutting down. Force shutdown if this process takes longer than this delay.
;; set to a negative value to disable
;GRACEFUL_HAMMER_TIME = 60s
;;
;; Allows the setting of a startup timeout and waithint for Windows as SVC service
;; 0 disables this.
;STARTUP_TIMEOUT = 0
;;
;; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time. Note that this cache is disabled when RUN_MODE is "dev". Default is 6h
;STATIC_CACHE_TIME = 6h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2014-02-18 17:48:02 -05:00
[database]
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3".
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; MySQL Configuration
;;
2014-02-18 17:48:02 -05:00
DB_TYPE = mysql
2021-05-09 17:10:05 -04:00
HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock
2016-11-07 08:26:13 -05:00
NAME = gitea
2014-02-18 17:48:02 -05:00
USER = root
2021-05-09 17:10:05 -04:00
;PASSWD = ;Use PASSWD = `your password` for quoting if you use special characters in the password.
;SSL_MODE = false ; either "false" (default), "true", or "skip-verify"
;CHARSET = utf8mb4 ;either "utf8" or "utf8mb4", default is "utf8mb4".
;;
;; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Postgres Configuration
;;
;DB_TYPE = postgres
;HOST = 127.0.0.1:5432 ; can use socket e.g. /var/run/postgresql/
;NAME = gitea
;USER = root
;PASSWD =
;SCHEMA =
;SSL_MODE=disable ;either "disable" (default), "require", or "verify-full"
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; SQLite Configuration
;;
;DB_TYPE = sqlite3
;PATH= ; defaults to data/gitea.db
;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
2022-07-30 15:57:41 -04:00
;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
2021-05-09 17:10:05 -04:00
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; MSSQL Configuration
;;
;DB_TYPE = mssql
;HOST = 172.17.0.2:1433
;NAME = gitea
;USER = SA
;PASSWD = MwantsaSecurePassword1
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Other settings
;;
;; For iterate buffer, default is 50
;ITERATE_BUFFER_SIZE = 50
;;
;; Show the database generated SQL
LOG_SQL = false ; if unset defaults to true
;;
;; Maximum number of DB Connect retries
;DB_RETRIES = 10
;;
;; Backoff time per DB retry (time.Duration)
;DB_RETRY_BACKOFF = 3s
;;
;; Max idle database connections on connection pool, default is 2
;MAX_IDLE_CONNS = 2
;;
;; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
;CONN_MAX_LIFETIME = 3s
;;
;; Database maximum number of open connections, default is 0 meaning no maximum
;MAX_OPEN_CONNS = 0
2022-12-07 10:58:31 -05:00
;;
;; Whether execute database models migrations automatically
;AUTO_MIGRATION = true
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2014-03-06 11:10:35 -05:00
[security]
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Whether the installer is disabled (set to true to disable the installer)
2014-03-31 10:12:36 -04:00
INSTALL_LOCK = false
2021-05-09 17:10:05 -04:00
;;
2022-10-01 13:26:33 -04:00
;; Global secret key that will be used
;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
2021-05-09 17:10:05 -04:00
SECRET_KEY =
;;
2022-10-01 13:26:33 -04:00
;; Alternative location to specify secret key, instead of this file; you cannot specify both this and SECRET_KEY, and must pick one
;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
;SECRET_KEY_URI = file:/etc/gitea/secret_key
;;
2021-05-09 17:10:05 -04:00
;; Secret used to validate communication within Gitea binary.
INTERNAL_TOKEN =
;;
2022-10-01 13:26:33 -04:00
;; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one
;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token
2021-05-09 17:10:05 -04:00
;;
;; How long to remember that a user is logged in before requiring relogin (in days)
;LOGIN_REMEMBER_DAYS = 7
;;
;; Name of the cookie used to store the current username.
;COOKIE_USERNAME = gitea_awesome
;;
;; Name of cookie used to store authentication information.
;COOKIE_REMEMBER_NAME = gitea_incredible
;;
2022-08-16 02:30:27 -04:00
;; Reverse proxy authentication header name of user name, email, and full name
2021-05-09 17:10:05 -04:00
;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
2022-08-16 02:30:27 -04:00
;REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-WEBAUTH-FULLNAME
2021-05-09 17:10:05 -04:00
;;
;; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
;REVERSE_PROXY_LIMIT = 1
;;
;; List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
;REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
;;
;; The minimum password length for new Users
;MIN_PASSWORD_LENGTH = 6
;;
;; Set to true to allow users to import local server paths
;IMPORT_LOCAL_PATHS = false
;;
;; Set to false to allow users with git hook privileges to create custom git hooks.
;; Custom git hooks can be used to perform arbitrary code execution on the host operating system.
;; This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
;; By modifying the Gitea database, users can gain Gitea administrator privileges.
;; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
;; WARNING: This maybe harmful to you website or your operating system.
2022-01-31 09:12:47 -05:00
;; WARNING: Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
2021-05-09 17:10:05 -04:00
;DISABLE_GIT_HOOKS = true
;;
;; Set to true to disable webhooks feature.
;DISABLE_WEBHOOKS = false
;;
;; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
;ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
;;
;;Comma separated list of character classes required to pass minimum complexity.
;;If left empty or no valid values are specified, the default is off (no checking)
;;Classes include "lower,upper,digit,spec"
;PASSWORD_COMPLEXITY = off
;;
;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
;PASSWORD_HASH_ALGO = pbkdf2
;;
;; Set false to allow JavaScript to read CSRF cookie
;CSRF_COOKIE_HTTP_ONLY = true
;;
;; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed
;PASSWORD_CHECK_PWN = false
2021-08-17 14:30:42 -04:00
;;
;; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations.
;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
2021-05-09 17:10:05 -04:00
2022-03-29 04:27:37 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[camo]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; At the moment we only support images
;;
;; if the camo is enabled
;ENABLED = false
;; url to a camo image proxy, it **is required** if camo is enabled.
;SERVER_URL =
;; HMAC to encode urls with, it **is required** if camo is enabled.
;HMAC_KEY =
;; Set to true to use camo for https too lese only non https urls are proxyed
;ALLWAYS = false
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[oauth2]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Enables OAuth2 provider
ENABLE = true
;;
2021-08-25 16:50:38 -04:00
;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
2021-06-23 10:56:25 -04:00
;JWT_SIGNING_ALGORITHM = RS256
;;
;; Private key file path used to sign OAuth2 tokens. The path is relative to APP_DATA_PATH.
;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to RS256, RS384, RS512, ES256, ES384 or ES512.
;; The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
;JWT_SIGNING_PRIVATE_KEY_FILE = jwt/private.pem
;;
2021-05-09 17:10:05 -04:00
;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
2021-06-23 10:56:25 -04:00
;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512.
;JWT_SECRET =
2021-05-09 17:10:05 -04:00
;;
;; Lifetime of an OAuth2 access token in seconds
;ACCESS_TOKEN_EXPIRATION_TIME = 3600
;;
;; Lifetime of an OAuth2 refresh token in hours
;REFRESH_TOKEN_EXPIRATION_TIME = 730
;;
;; Check if refresh token got already used
;INVALIDATE_REFRESH_TOKENS = false
;;
;; Maximum length of oauth2 token/cookie stored on server
;MAX_TOKEN_LENGTH = 32767
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2014-03-19 03:24:17 -04:00
[log]
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Root path for the log files - defaults to %(GITEA_WORK_DIR)/log
;ROOT_PATH =
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Main Logger
;;
;; Either "console", "file", "conn", "smtp" or "database", default is "console"
;; Use comma to separate multiple modes, e.g. "console, file"
2014-03-19 03:24:17 -04:00
MODE = console
2021-05-09 17:10:05 -04:00
;;
2022-01-20 06:41:25 -05:00
;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical" or "None", default is "Info"
2019-04-02 03:48:31 -04:00
LEVEL = Info
2021-05-09 17:10:05 -04:00
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Router Logger
;;
;; Switch off the router log
2022-01-20 06:41:25 -05:00
;DISABLE_ROUTER_LOG=false
2021-05-09 17:10:05 -04:00
;;
;; Set the log "modes" for the router log (if file is set the log file will default to router.log)
ROUTER = console
;;
2022-01-20 06:41:25 -05:00
;; The router will log different things at different levels.
2021-05-09 17:10:05 -04:00
;;
2022-01-20 06:41:25 -05:00
;; * started messages will be logged at TRACE level
;; * polling/completed routers will be logged at INFO
;; * slow routers will be logged at WARN
;; * failed routers will be logged at WARN
;;
;; The routing level will default to that of the system but individual router level can be set in
;; [log.<mode>.router] LEVEL
;;
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Access Logger (Creates log in NCSA common log format)
;;
;ENABLE_ACCESS_LOG = false
2022-01-20 06:41:25 -05:00
;;
2021-05-09 17:10:05 -04:00
;; Set the log "modes" for the access log (if file is set the log file will default to access.log)
;ACCESS = file
;;
;; Sets the template used to create the access log.
;ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2021-05-21 17:37:16 -04:00
;;
;; SSH log (Creates log from ssh git request)
;;
;ENABLE_SSH_LOG = false
;;
2021-05-09 17:10:05 -04:00
;; Other Settings
;;
;; Print Stacktraces with logs. (Rarely helpful.) Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
;STACKTRACE_LEVEL = None
;;
;; Buffer length of the channel, keep it as it is if you don't know what it is.
;BUFFER_LEN = 10000
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Creating specific log configuration
;;
;; You can set specific configuration for individual modes and subloggers
;;
;; Configuration available to all log modes/subloggers
;LEVEL=
;FLAGS = stdflags
;EXPRESSION =
;PREFIX =
;COLORIZE = false
;;
;; For "console" mode only
;STDERR = false
;;
;; For "file" mode only
;LEVEL =
;; Set the file_name for the logger. If this is a relative path this
;; will be relative to ROOT_PATH
;FILE_NAME =
;; This enables automated log rotate(switch of following options), default is true
;LOG_ROTATE = true
;; Max size shift of a single file, default is 28 means 1 << 28, 256MB
;MAX_SIZE_SHIFT = 28
;; Segment log daily, default is true
;DAILY_ROTATE = true
;; delete the log file after n days, default is 7
;MAX_DAYS = 7
;; compress logs with gzip
;COMPRESS = true
;; compression level see godoc for compress/gzip
;COMPRESSION_LEVEL = -1
;
;; For "conn" mode only
;LEVEL =
;; Reconnect host for every single message, default is false
;RECONNECT_ON_MSG = false
;; Try to reconnect when connection is lost, default is false
;RECONNECT = false
;; Either "tcp", "unix" or "udp", default is "tcp"
;PROTOCOL = tcp
;; Host address
;ADDR =
;
;; For "smtp" mode only
;LEVEL =
;; Name displayed in mail title, default is "Diagnostic message from server"
;SUBJECT = Diagnostic message from server
;; Mail server
;HOST =
;; Mailer user name and password
;USER =
;; Use PASSWD = `your password` for quoting if you use special characters in the password.
;PASSWD =
;; Receivers, can be one or more, e.g. 1@example.com,2@example.com
;RECEIVERS =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2014-09-17 14:22:51 -04:00
[git]
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; The path of git executable. If empty, Gitea searches through the PATH environment.
2022-07-08 04:09:07 -04:00
;PATH =
;;
;; The HOME directory for Git
2022-11-09 20:22:31 -05:00
;HOME_PATH = %(APP_DATA_PATH)s/home
2021-05-09 17:10:05 -04:00
;;
;; Disables highlight of added and removed changes
;DISABLE_DIFF_HIGHLIGHT = false
;;
;; Max number of lines allowed in a single file in diff view
;MAX_GIT_DIFF_LINES = 1000
;;
;; Max number of allowed characters in a line in diff view
;MAX_GIT_DIFF_LINE_CHARACTERS = 5000
;;
;; Max number of files shown in diff view
;MAX_GIT_DIFF_FILES = 100
;;
;; Set the default commits range size
;COMMITS_RANGE_SIZE = 50
;;
;; Set the default branches range size
;BRANCHES_RANGE_SIZE = 20
;;
;; Arguments for command 'git gc', e.g. "--aggressive --auto"
;; see more on http://git-scm.com/docs/git-gc/
;GC_ARGS =
;;
;; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
2022-08-02 06:25:26 -04:00
;; To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
2021-05-09 17:10:05 -04:00
;ENABLE_AUTO_GIT_WIRE_PROTOCOL = true
;;
;; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
;PULL_REQUEST_PUSH_MESSAGE = true
2021-06-30 16:58:45 -04:00
;;
;; (Go-Git only) Don't cache objects greater than this in memory. (Set to 0 to disable.)
;LARGE_OBJECT_THRESHOLD = 1048576
2021-10-13 14:20:11 -04:00
;; Set to true to forcibly set core.protectNTFS=false
;DISABLE_CORE_PROTECT_NTFS=false
2022-01-06 00:38:38 -05:00
;; Disable the usage of using partial clones for git.
;DISABLE_PARTIAL_CLONE = false
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[service]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Time limit to confirm account/email registration
;ACTIVE_CODE_LIVE_MINUTES = 180
;;
;; Time limit to perform the reset of a forgotten password
;RESET_PASSWD_CODE_LIVE_MINUTES = 180
;;
;; Whether a new user needs to confirm their email when registering.
;REGISTER_EMAIL_CONFIRM = false
;;
;; Whether a new user needs to be confirmed manually after registration. (Requires `REGISTER_EMAIL_CONFIRM` to be disabled.)
;REGISTER_MANUAL_CONFIRM = false
;;
;; List of domain names that are allowed to be used to register on a Gitea instance
;; gitea.io,example.com
;EMAIL_DOMAIN_WHITELIST =
;;
;; Comma-separated list of domain names that are not allowed to be used to register on a Gitea instance
;EMAIL_DOMAIN_BLOCKLIST =
;;
;; Disallow registration, only allow admins to create accounts.
;DISABLE_REGISTRATION = false
;;
;; Allow registration only using gitea itself, it works only when DISABLE_REGISTRATION is false
;ALLOW_ONLY_INTERNAL_REGISTRATION = false
;;
;; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
;ALLOW_ONLY_EXTERNAL_REGISTRATION = false
;;
;; User must sign in to view anything.
;REQUIRE_SIGNIN_VIEW = false
;;
;; Mail notification
;ENABLE_NOTIFY_MAIL = false
;;
;; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password
;; If you set this to false you will not be able to access the tokens endpoints on the API with your password
;; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
;ENABLE_BASIC_AUTHENTICATION = true
;;
;; More detail: https://github.com/gogits/gogs/issues/165
;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
;ENABLE_REVERSE_PROXY_EMAIL = false
2022-08-16 02:30:27 -04:00
;ENABLE_REVERSE_PROXY_FULL_NAME = false
2021-05-09 17:10:05 -04:00
;;
;; Enable captcha validation for registration
;ENABLE_CAPTCHA = false
;;
2022-11-22 16:13:18 -05:00
;; Enable this to require captcha validation for login
;REQUIRE_CAPTCHA_FOR_LOGIN = false
;;
2022-08-10 09:20:10 -04:00
;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha.
2021-05-09 17:10:05 -04:00
;CAPTCHA_TYPE = image
;;
2022-08-10 09:20:10 -04:00
;; Change this to use recaptcha.net or other recaptcha service
;RECAPTCHA_URL = https://www.google.com/recaptcha/
2021-05-09 17:10:05 -04:00
;; Enable recaptcha to use Google's recaptcha service
;; Go to https://www.google.com/recaptcha/admin to sign up for a key
;RECAPTCHA_SECRET =
;RECAPTCHA_SITEKEY =
;;
;; For hCaptcha, create an account at https://accounts.hcaptcha.com/login to get your keys
;HCAPTCHA_SECRET =
;HCAPTCHA_SITEKEY =
;;
2022-08-10 09:20:10 -04:00
;; Change this to use demo.mcaptcha.org or your self-hosted mcaptcha.org instance.
;MCAPTCHA_URL = https://demo.mcaptcha.org
;;
;; Go to your configured mCaptcha instance and register a sitekey
;; and use your account's secret.
;MCAPTCHA_SECRET =
;MCAPTCHA_SITEKEY =
2021-05-09 17:10:05 -04:00
;;
;; Default value for KeepEmailPrivate
;; Each new user will get the value of this setting copied into their profile
;DEFAULT_KEEP_EMAIL_PRIVATE = false
;;
;; Default value for AllowCreateOrganization
;; Every new user will have rights set to create organizations depending on this setting
;DEFAULT_ALLOW_CREATE_ORGANIZATION = true
2021-07-15 15:19:48 -04:00
;; Default value for IsRestricted
;; Every new user will have restricted permissions depending on this setting
;DEFAULT_USER_IS_RESTRICTED = false
2021-05-09 17:10:05 -04:00
;;
;; Either "public", "limited" or "private", default is "public"
2021-06-26 15:53:14 -04:00
;; Limited is for users visible only to signed users
;; Private is for users visible only to members of their organizations
;; Public is for users visible for everyone
;DEFAULT_USER_VISIBILITY = public
;;
2021-07-08 07:38:13 -04:00
;; Set which visibility modes a user can have
2021-06-27 14:47:35 -04:00
;ALLOWED_USER_VISIBILITY_MODES = public,limited,private
;;
2021-06-26 15:53:14 -04:00
;; Either "public", "limited" or "private", default is "public"
;; Limited is for organizations visible only to signed users
;; Private is for organizations visible only to members of the organization
;; Public is for organizations visible to everyone
2021-05-09 17:10:05 -04:00
;DEFAULT_ORG_VISIBILITY = public
;;
;; Default value for DefaultOrgMemberVisible
;; True will make the membership of the users visible when added to the organisation
;DEFAULT_ORG_MEMBER_VISIBLE = false
;;
;; Default value for EnableDependencies
;; Repositories will use dependencies by default depending on this setting
;DEFAULT_ENABLE_DEPENDENCIES = true
;;
;; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
;ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
;;
;; Enable heatmap on users profiles.
;ENABLE_USER_HEATMAP = true
;;
;; Enable Timetracking
;ENABLE_TIMETRACKING = true
;;
;; Default value for EnableTimetracking
;; Repositories will use timetracking by default depending on this setting
;DEFAULT_ENABLE_TIMETRACKING = true
;;
;; Default value for AllowOnlyContributorsToTrackTime
;; Only users with write permissions can track time if this is true
;DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
;;
;; Value for the domain part of the user's email address in the git log if user
;; has set KeepEmailPrivate to true. The user's email will be replaced with a
;; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS. Default
;; value is "noreply." + DOMAIN, where DOMAIN resolves to the value from server.DOMAIN
;; Note: do not use the <DOMAIN> notation below
;NO_REPLY_ADDRESS = ; noreply.<DOMAIN>
;;
;; Show Registration button
;SHOW_REGISTRATION_BUTTON = true
;;
;; Show milestones dashboard page - a view of all the user's milestones
;SHOW_MILESTONES_DASHBOARD_PAGE = true
;;
;; Default value for AutoWatchNewRepos
;; When adding a repo to a team or creating a new repo all team members will watch the
;; repo automatically if enabled
;AUTO_WATCH_NEW_REPOS = true
;;
;; Default value for AutoWatchOnChanges
;; Make the user watch a repository When they commit for the first time
;AUTO_WATCH_ON_CHANGES = false
;;
;; Minimum amount of time a user must exist before comments are kept when the user is deleted.
;USER_DELETE_WITH_COMMENTS_MAX_TIME = 0
2021-06-25 18:38:27 -04:00
;; Valid site url schemes for user profiles
;VALID_SITE_URL_SCHEMES=http,https
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Other Settings
;;
;; Uncomment the [section.header] if you wish to
;; set the below settings.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2022-11-09 20:22:31 -05:00
;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
2021-05-09 17:10:05 -04:00
;ROOT =
;;
;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
;SCRIPT_TYPE = bash
;;
;; DETECTED_CHARSETS_ORDER tie-break order for detected charsets.
;; If the charsets have equal confidence, tie-breaking will be done by order in this list
;; with charsets earlier in the list chosen in preference to those later.
;; Adding "defaults" will place the unused charsets at that position.
;DETECTED_CHARSETS_ORDER = UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr
;;
;; Default ANSI charset to override non-UTF-8 charsets to
;ANSI_CHARSET =
;;
;; Force every new repository to be private
;FORCE_PRIVATE = false
;;
;; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
;DEFAULT_PRIVATE = last
;;
;; Default private when using push-to-create
;DEFAULT_PUSH_CREATE_PRIVATE = true
;;
;; Global limit of repositories per user, applied at creation time. -1 means no limit
;MAX_CREATION_LIMIT = -1
;;
2021-10-17 07:43:25 -04:00
;; Mirror sync queue length, increase if mirror syncing starts hanging (DEPRECATED: please use [queue.mirror] LENGTH instead)
2021-05-09 17:10:05 -04:00
;MIRROR_QUEUE_LENGTH = 1000
;;
2021-10-17 07:43:25 -04:00
;; Patch test queue length, increase if pull request patch testing starts hanging (DEPRECATED: please use [queue.pr_patch_checker] LENGTH instead)
2021-05-09 17:10:05 -04:00
;PULL_REQUEST_QUEUE_LENGTH = 1000
;;
;; Preferred Licenses to place at the top of the List
2022-01-06 01:29:53 -05:00
;; The name here must match the filename in options/license or custom/options/license
2021-05-09 17:10:05 -04:00
;PREFERRED_LICENSES = Apache License 2.0,MIT License
;;
;; Disable the ability to interact with repositories using the HTTP protocol
2022-01-06 00:38:38 -05:00
;DISABLE_HTTP_GIT = false
2021-05-09 17:10:05 -04:00
;;
;; Value for Access-Control-Allow-Origin header, default is not to present
;; WARNING: This may be harmful to your website if you do not give it a right value.
;ACCESS_CONTROL_ALLOW_ORIGIN =
;;
;; Force ssh:// clone url instead of scp-style uri when default SSH port is used
;USE_COMPAT_SSH_URI = false
;;
;; Close issues as long as a commit on any branch marks it as fixed
2022-10-05 15:38:30 -04:00
;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects
2021-05-09 17:10:05 -04:00
;DISABLED_REPO_UNITS =
;;
;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
;;
;; Prefix archive files by placing them in a directory named after the repository
;PREFIX_ARCHIVE_FILES = true
;;
;; Disable migrating feature.
;DISABLE_MIGRATIONS = false
;;
;; Disable stars feature.
;DISABLE_STARS = false
;;
;; The default branch name of new repositories
2022-04-09 00:26:48 -04:00
;DEFAULT_BRANCH = main
2021-05-09 17:10:05 -04:00
;;
;; Allow adoption of unadopted repositories
;ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES = false
;;
;; Allow deletion of unadopted repositories
;ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES = false
2022-07-31 12:57:02 -04:00
;; Don't allow download source archive files from UI
;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.editor]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; List of file extensions for which lines should be wrapped in the Monaco editor
;; Separate extensions with a comma. To line wrap files without an extension, just put a comma
;LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
;;
;; Valid file modes that have a preview API associated with them, such as api/v1/markdown
;; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
;PREVIEWABLE_FILE_MODES = markdown
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.local]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
2022-03-02 17:50:29 -05:00
;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on gitea restart)
2021-05-09 17:10:05 -04:00
;LOCAL_COPY_PATH = tmp/local-repo
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.upload]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Whether repository file uploads are enabled. Defaults to `true`
;ENABLED = true
;;
2022-03-02 17:50:29 -05:00
;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart)
2021-05-09 17:10:05 -04:00
;TEMP_PATH = data/tmp/uploads
;;
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
;ALLOWED_TYPES =
;;
;; Max size of each file in megabytes. Defaults to 3MB
;FILE_MAX_SIZE = 3
;;
;; Max number of files per upload. Defaults to 5
;MAX_FILES = 5
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.pull-request]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
Make WIP prefixes case insensitive, e.g. allow `Draft` as a WIP prefix (#19780)
The issue was that only the actual title was converted to uppercase, but
not the prefix as specified in `WORK_IN_PROGRESS_PREFIXES`. As a result,
the following did not work:
WORK_IN_PROGRESS_PREFIXES=Draft:,[Draft],WIP:,[WIP]
One possible workaround was:
WORK_IN_PROGRESS_PREFIXES=DRAFT:,[DRAFT],WIP:,[WIP]
Then indeed one could use `Draft` (as well as `DRAFT`) in the title.
However, the link `Start the title with DRAFT: to prevent the pull request
from being merged accidentally.` showed the suggestion in uppercase; so
it is not possible to show it as `Draft`. This PR fixes it, and allows
to use `Draft` in `WORK_IN_PROGRESS_PREFIXES`.
Fixes #19779.
Co-authored-by: zeripath <art27@cantab.net>
2022-05-26 05:19:24 -04:00
;; List of prefixes used in Pull Request title to mark them as Work In Progress (matched in a case-insensitive manner)
2021-05-09 17:10:05 -04:00
;WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
;;
;; List of keywords used in Pull Request comments to automatically close a related issue
;CLOSE_KEYWORDS = close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
;;
;; List of keywords used in Pull Request comments to automatically reopen a related issue
;REOPEN_KEYWORDS = reopen,reopens,reopened
;;
2022-06-02 23:45:54 -04:00
;; Set default merge style for repository creating, valid options: merge, rebase, rebase-merge, squash
;DEFAULT_MERGE_STYLE = merge
;;
2021-05-09 17:10:05 -04:00
;; In the default merge message for squash commits include at most this many commits
;DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT = 50
;;
;; In the default merge message for squash commits limit the size of the commit messages to this
;DEFAULT_MERGE_MESSAGE_SIZE = 5120
;;
;; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
;DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = false
;;
;; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
;DEFAULT_MERGE_MESSAGE_MAX_APPROVERS = 10
;;
;; In default merge messages only include approvers who are official
;DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY = true
2021-11-29 02:09:55 -05:00
;;
;; Add co-authored-by and co-committed-by trailers if committer does not match author
;ADD_CO_COMMITTER_TRAILERS = true
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.issue]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; List of reasons why a Pull Request or Issue can be locked
;LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.release]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
;ALLOWED_TYPES =
2021-08-29 12:25:16 -04:00
;DEFAULT_PAGING_NUM = 10
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.signing]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
;; run in the context of the RUN_USER
;; Switch to none to stop signing completely
;SIGNING_KEY = default
;;
;; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
;; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
;; the results of git config --get user.name and git config --get user.email respectively and can only be overridden
;; by setting the SIGNING_KEY ID to the correct ID.)
;SIGNING_NAME =
;SIGNING_EMAIL =
;;
;; Sets the default trust model for repositories. Options are: collaborator, committer, collaboratorcommitter
;DEFAULT_TRUST_MODEL = collaborator
;;
;; Determines when gitea should sign the initial commit when creating a repository
;; Either:
;; - never
;; - pubkey: only sign if the user has a pubkey
;; - twofa: only sign if the user has logged in with twofa
;; - always
;; options other than none and always can be combined as comma separated list
;INITIAL_COMMIT = always
;;
;; Determines when to sign for CRUD actions
;; - as above
;; - parentsigned: requires that the parent commit is signed.
;CRUD_ACTIONS = pubkey, twofa, parentsigned
;; Determines when to sign Wiki commits
;; - as above
;WIKI = never
;;
;; Determines when to sign on merges
;; - basesigned: require that the parent of commit on the base repo is signed.
;; - commitssigned: require that all the commits in the head branch are signed.
;; - approved: only sign when merging an approved pr to a protected branch
;MERGES = pubkey, twofa, basesigned, commitssigned
2021-05-10 16:38:08 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.mimetype_mapping]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Custom MIME type mapping for downloadable files
;.apk=application/vnd.android.package-archive
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[project]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Default templates for project boards
;PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done
;PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cors]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
;; enable cors headers (disabled by default)
;ENABLED = false
;;
;; scheme of allowed requests
;SCHEME = http
;;
;; list of requesting domains that are allowed
;ALLOW_DOMAIN = *
;;
;; allow subdomains of headers listed above to request
;ALLOW_SUBDOMAIN = false
;;
;; list of methods allowed to request
;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
;;
;; max time to cache response
;MAX_AGE = 10m
;;
;; allow request with credentials
;ALLOW_CREDENTIALS = false
2021-08-06 16:47:10 -04:00
;;
2022-11-11 01:39:27 -05:00
;; headers to permit
;HEADERS = Content-Type,User-Agent
;;
2021-08-06 16:47:10 -04:00
;; set X-FRAME-OPTIONS header
;X_FRAME_OPTIONS = SAMEORIGIN
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[ui]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Number of repositories that are displayed on one explore page
;EXPLORE_PAGING_NUM = 20
;;
;; Number of issues that are displayed on one page
2022-08-06 06:43:40 -04:00
;ISSUE_PAGING_NUM = 20
2021-05-09 17:10:05 -04:00
;;
;; Number of maximum commits displayed in one activity feed
;FEED_MAX_COMMIT_NUM = 5
;;
;; Number of items that are displayed in home feed
;FEED_PAGING_NUM = 20
;;
2022-06-25 13:06:01 -04:00
;; Number of items that are displayed in a single subsitemap
;SITEMAP_PAGING_NUM = 20
;;
2021-05-09 17:10:05 -04:00
;; Number of maximum commits displayed in commit graph.
;GRAPH_MAX_COMMIT_NUM = 100
;;
;; Number of line of codes shown for a code comment
;CODE_COMMENT_LINES = 4
;;
;; Value of `theme-color` meta tag, used by Android >= 5.0
;; An invalid color like "none" or "disable" will have the default style
;; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
;THEME_COLOR_META_TAG = `#6cc644`
;;
;; Max size of files to be displayed (default is 8MiB)
;MAX_DISPLAY_FILE_SIZE = 8388608
;;
;; Whether the email of the user should be shown in the Explore Users page
;SHOW_USER_EMAIL = true
;;
;; Set the default theme for the Gitea install
2021-09-27 10:47:44 -04:00
;DEFAULT_THEME = auto
2021-05-09 17:10:05 -04:00
;;
;; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
2021-09-27 10:47:44 -04:00
;THEMES = auto,gitea,arc-green
2021-05-09 17:10:05 -04:00
;;
2021-06-29 10:28:38 -04:00
;; All available reactions users can choose on issues/prs and comments.
;; Values can be emoji alias (:smile:) or a unicode emoji.
2021-06-29 15:42:47 -04:00
;; For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png
2021-05-09 17:10:05 -04:00
;REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
;;
2021-06-29 10:28:38 -04:00
;; Additional Emojis not defined in the utf8 standard
2021-06-29 15:42:47 -04:00
;; By default we support gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and add it to this config.
2021-06-29 10:28:38 -04:00
;; Dont mistake it for Reactions.
2021-07-02 10:04:57 -04:00
;CUSTOM_EMOJIS = gitea, codeberg, gitlab, git, github, gogs
2021-06-29 10:28:38 -04:00
;;
2021-05-09 17:10:05 -04:00
;; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
;DEFAULT_SHOW_FULL_NAME = false
;;
;; Whether to search within description at repository search on explore page.
;SEARCH_REPO_DESCRIPTION = true
;;
;; Whether to enable a Service Worker to cache frontend assets
2022-02-26 05:14:23 -05:00
;USE_SERVICE_WORKER = false
2022-08-25 14:38:41 -04:00
;;
;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
;ONLY_SHOW_RELEVANT_REPOS = false
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[ui.admin]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Number of users that are displayed on one page
;USER_PAGING_NUM = 50
;;
;; Number of repos that are displayed on one page
;REPO_PAGING_NUM = 50
;;
;; Number of notices that are displayed on one page
;NOTICE_PAGING_NUM = 25
;;
;; Number of organizations that are displayed on one page
;ORG_PAGING_NUM = 50
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[ui.user]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Number of repos that are displayed on one page
;REPO_PAGING_NUM = 15
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[ui.meta]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;AUTHOR = Gitea - Git with a cup of tea
;DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
;KEYWORDS = go,git,self-hosted,gitea
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[ui.notification]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Control how often the notification endpoint is polled to update the notification
;; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged
2022-05-09 12:33:19 -04:00
;; Set MIN_TIMEOUT to -1 to turn off
2021-05-09 17:10:05 -04:00
;MIN_TIMEOUT = 10s
;MAX_TIMEOUT = 60s
;TIMEOUT_STEP = 10s
;;
;; This setting determines how often the db is queried to get the latest notification counts.
;; If the browser client supports EventSource and SharedWorker, a SharedWorker will be used in preference to polling notification. Set to -1 to disable the EventSource
;EVENT_SOURCE_UPDATE_TIME = 10s
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[ui.svg]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Whether to render SVG files as images. If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images.
;ENABLE_RENDER = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[ui.csv]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit).
;MAX_FILE_SIZE = 524288
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[markdown]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Render soft line breaks as hard line breaks, which means a single newline character between
;; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not
;; necessary to force a line break.
;; Render soft line breaks as hard line breaks for comments
;ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true
;;
;; Render soft line breaks as hard line breaks for markdown documents
;ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS = false
;;
;; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown
;; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes)
;; URLs starting with http and https are always displayed, whatever is put in this entry.
;CUSTOM_URL_SCHEMES =
;;
;; List of file extensions that should be rendered/edited as Markdown
;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
2022-09-13 12:33:37 -04:00
;;
;; Enables math inline and block detection
;ENABLE_MATH = true
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[ssh.minimum_key_sizes]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Define allowed algorithms and their minimum key length (use -1 to disable a type)
;ED25519 = 256
;ECDSA = 256
2022-07-06 16:49:27 -04:00
;RSA = 2047 ; we allow 2047 here because an otherwise valid 2048 bit RSA key can be reported as having 2047 bit length
2021-05-09 17:10:05 -04:00
;DSA = -1 ; set to 1024 to switch on
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[indexer]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Issue Indexer settings
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve
;ISSUE_INDEXER_TYPE = bleve
;;
;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
2022-11-09 20:22:31 -05:00
;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
2021-05-09 17:10:05 -04:00
;;
;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
;;
;; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
;ISSUE_INDEXER_NAME = gitea_issues
;;
;; Timeout the indexer if it takes longer than this to start.
2022-05-09 12:33:19 -04:00
;; Set to -1 to disable timeout.
2021-05-09 17:10:05 -04:00
;STARTUP_TIMEOUT = 30s
;;
;; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue (deprecated - use [queue.issue_indexer])
2021-06-16 18:19:20 -04:00
;ISSUE_INDEXER_QUEUE_TYPE = levelqueue; **DEPRECATED** use settings in `[queue.issue_indexer]`.
2021-05-09 17:10:05 -04:00
;;
;; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
;; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
2021-06-10 17:25:25 -04:00
;; default is queues/common
2022-11-09 20:22:31 -05:00
;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
2021-05-09 17:10:05 -04:00
;;
;; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
;; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of
;; the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`.
2021-06-16 18:19:20 -04:00
;ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"; **DEPRECATED** use settings in `[queue.issue_indexer]`.
2021-05-09 17:10:05 -04:00
;;
;; Batch queue number, default is 20
2021-06-16 18:19:20 -04:00
;ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20; **DEPRECATED** use settings in `[queue.issue_indexer]`.
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Repository Indexer settings
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; repo indexer by default disabled, since it uses a lot of disk space
;REPO_INDEXER_ENABLED = false
;;
;; Code search engine type, could be `bleve` or `elasticsearch`.
;REPO_INDEXER_TYPE = bleve
;;
;; Index file used for code search. available when `REPO_INDEXER_TYPE` is bleve
;REPO_INDEXER_PATH = indexers/repos.bleve
;;
;; Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200
;REPO_INDEXER_CONN_STR =
;;
;; Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch
;REPO_INDEXER_NAME = gitea_codes
;;
;; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include
;; in the index; default is empty
;REPO_INDEXER_INCLUDE =
;;
;; A comma separated list of glob patterns to exclude from the index; ; default is empty
;REPO_INDEXER_EXCLUDE =
;;
;;
2021-06-16 18:19:20 -04:00
;UPDATE_BUFFER_LEN = 20; **DEPRECATED** use settings in `[queue.issue_indexer]`.
2021-05-09 17:10:05 -04:00
;MAX_FILE_SIZE = 1048576
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[queue]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Specific queues can be individually configured with [queue.name]. [queue] provides defaults
;; ([queue.issue_indexer] is special due to the old configuration described above)
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy
;; default to persistable-channel
;TYPE = persistable-channel
;;
2021-06-10 17:25:25 -04:00
;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared.
2022-11-09 20:22:31 -05:00
;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
2021-05-09 17:10:05 -04:00
;;
;; Default queue length before a channel queue will block
;LENGTH = 20
;;
;; Batch size to send for batched queues
;BATCH_LENGTH = 20
;;
;; Connection string for redis queues this will store the redis connection string.
;; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
;; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
;CONN_STR = "addrs=127.0.0.1:6379 db=0"
;;
;; Provides the suffix of the default redis/disk queue name - specific queues can be overridden within in their [queue.name] sections.
;QUEUE_NAME = "_queue"
;;
;; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overridden within in their [queue.name] sections.
;SET_NAME = "_unique"
;;
;; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
;WRAP_IF_NECESSARY = true
;;
;; Attempt to create the wrapped queue at max
;MAX_ATTEMPTS = 10
;;
;; Timeout queue creation
;TIMEOUT = 15m30s
;;
;; Create a pool with this many workers
2021-05-28 13:33:52 -04:00
;WORKERS = 0
2021-05-09 17:10:05 -04:00
;;
;; Dynamically scale the worker pool to at this many workers
;MAX_WORKERS = 10
;;
;; Add boost workers when the queue blocks for BLOCK_TIMEOUT
;BLOCK_TIMEOUT = 1s
;;
;; Remove the boost workers after BOOST_TIMEOUT
;BOOST_TIMEOUT = 5m
;;
;; During a boost add BOOST_WORKERS
2021-05-28 13:33:52 -04:00
;BOOST_WORKERS = 1
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[admin]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Disallow regular (non-admin) users from creating organizations.
;DISABLE_REGULAR_ORG_CREATION = false
;;
;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
;DEFAULT_EMAIL_NOTIFICATIONS = enabled
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[openid]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; OpenID is an open, standard and decentralized authentication protocol.
;; Your identity is the address of a webpage you provide, which describes
;; how to prove you are in control of that page.
;;
;; For more info: https://en.wikipedia.org/wiki/OpenID
;;
;; Current implementation supports OpenID-2.0
;;
;; Tested to work providers at the time of writing:
;; - Any GNUSocial node (your.hostname.tld/username)
;; - Any SimpleID provider (http://simpleid.koinic.net)
;; - http://openid.org.cn/
;; - openid.stackexchange.com
;; - login.launchpad.net
;; - <username>.livejournal.com
;;
;; Whether to allow signin in via OpenID
;ENABLE_OPENID_SIGNIN = true
;;
;; Whether to allow registering via OpenID
;; Do not include to rely on rhw DISABLE_REGISTRATION setting
;;ENABLE_OPENID_SIGNUP = true
;;
;; Allowed URI patterns (POSIX regexp).
;; Space separated.
;; Only these would be allowed if non-blank.
;; Example value: trusted.domain.org trusted.domain.net
;WHITELISTED_URIS =
;;
;; Forbidden URI patterns (POSIX regexp).
;; Space separated.
;; Only used if WHITELISTED_URIS is blank.
;; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
;BLACKLISTED_URIS =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[oauth2_client]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Whether a new auto registered oauth2 user needs to confirm their email.
;; Do not include to use the REGISTER_EMAIL_CONFIRM setting from the `[service]` section.
;REGISTER_EMAIL_CONFIRM =
;;
;; Scopes for the openid connect oauth2 provider (separated by space, the openid scope is implicitly added).
;; Typical values are profile and email.
;; For more information about the possible values see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
;OPENID_CONNECT_SCOPES =
;;
;; Automatically create user accounts for new oauth2 users.
;ENABLE_AUTO_REGISTRATION = false
;;
;; The source of the username for new oauth2 accounts:
;; userid = use the userid / sub attribute
;; nickname = use the nickname attribute
;; email = use the username part of the email attribute
;USERNAME = nickname
;;
;; Update avatar if available from oauth2 provider.
;; Update will be performed on each login.
;UPDATE_AVATAR = false
;;
;; How to handle if an account / email already exists:
;; disabled = show an error
;; login = show an account linking login
;; auto = link directly with the account
;ACCOUNT_LINKING = login
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[webhook]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Hook task queue length, increase if webhook shooting starts hanging
;QUEUE_LENGTH = 1000
;;
;; Deliver timeout in seconds
;DELIVER_TIMEOUT = 5
;;
2021-11-01 04:39:52 -04:00
;; Webhook can only call allowed hosts for security reasons. Comma separated list, eg: external, 192.168.1.0/24, *.mydomain.com
;; Built-in: loopback (for localhost), private (for LAN/intranet), external (for public hosts on internet), * (for all hosts)
;; CIDR list: 1.2.3.0/8, 2001:db8::/32
;; Wildcard hosts: *.mydomain.com, 192.168.100.*
2021-11-07 22:25:41 -05:00
;; Since 1.15.7. Default to * for 1.15.x, external for 1.16 and later
2021-11-01 04:39:52 -04:00
;ALLOWED_HOST_LIST = external
;;
2021-05-09 17:10:05 -04:00
;; Allow insecure certification
;SKIP_TLS_VERIFY = false
;;
;; Number of history information in each page
;PAGING_NUM = 10
;;
;; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
;PROXY_URL =
;;
;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
;PROXY_HOSTS =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[mailer]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
2022-08-10 13:37:15 -04:00
;; NOTICE: this section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
;; please refer to
;; https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini
;; https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md
;;
2021-05-09 17:10:05 -04:00
;ENABLED = false
;;
;; Buffer length of channel, keep it as it is if you don't know what it is.
;SEND_BUFFER_LEN = 100
;;
;; Prefix displayed before subject in mail
;SUBJECT_PREFIX =
;;
2022-11-27 05:08:40 -05:00
;; Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy".
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 01:24:18 -04:00
;; - sendmail: use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
;; - dummy: send email messages to the log as a testing phase.
;; If your provider does not explicitly say which protocol it uses but does provide a port,
;; you can set SMTP_PORT instead and this will be inferred.
2022-08-10 13:37:15 -04:00
;; (Before 1.18, see the notice, this was controlled via MAILER_TYPE and IS_TLS_ENABLED.)
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 01:24:18 -04:00
;PROTOCOL =
;;
;; Mail server address, e.g. smtp.gmail.com.
;; For smtp+unix, this should be a path to a unix socket instead.
2022-08-10 13:37:15 -04:00
;; (Before 1.18, see the notice, this was combined with SMTP_PORT as HOST.)
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 01:24:18 -04:00
;SMTP_ADDR =
;;
;; Mail server port. Common ports are:
;; 25: insecure SMTP
;; 465: SMTP Secure
;; 587: StartTLS
;; If no protocol is specified, it will be inferred by this setting.
;; (Before 1.18, this was combined with SMTP_ADDR as HOST.)
;SMTP_PORT =
;;
;; Enable HELO operation. Defaults to true.
;ENABLE_HELO = true
;;
;; Custom hostname for HELO operation.
;; If no value is provided, one is retrieved from system.
2021-05-09 17:10:05 -04:00
;HELO_HOSTNAME =
;;
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 01:24:18 -04:00
;; If set to `true`, completely ignores server certificate validation errors.
;; This option is unsafe. Consider adding the certificate to the system trust store instead.
;FORCE_TRUST_SERVER_CERT = false
2021-05-09 17:10:05 -04:00
;;
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 01:24:18 -04:00
;; Use client certificate in connection.
;USE_CLIENT_CERT = false
;CLIENT_CERT_FILE = custom/mailer/cert.pem
;CLIENT_KEY_FILE = custom/mailer/key.pem
2021-05-09 17:10:05 -04:00
;;
;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
;FROM =
;;
2021-11-19 10:35:20 -05:00
;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
;ENVELOPE_FROM =
;;
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 01:24:18 -04:00
;; Mailer user name and password, if required by provider.
2021-05-09 17:10:05 -04:00
;USER =
;;
;; Use PASSWD = `your password` for quoting if you use special characters in the password.
;PASSWD =
;;
Rework mailer settings (#18982)
* `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy
* `SMTP_ADDR`: domain for SMTP, or path to unix socket
* `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls`
* `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname
* `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY`
* `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-02 01:24:18 -04:00
;; Send mails only in plain text, without HTML alternative
2021-05-09 17:10:05 -04:00
;SEND_AS_PLAIN_TEXT = false
;;
;; Specify an alternative sendmail binary
;SENDMAIL_PATH = sendmail
;;
;; Specify any extra sendmail arguments
2022-03-18 10:19:02 -04:00
;; WARNING: if your sendmail program interprets options you should set this to "--" or terminate these args with "--"
2021-05-09 17:10:05 -04:00
;SENDMAIL_ARGS =
;;
;; Timeout for Sendmail
;SENDMAIL_TIMEOUT = 5m
2022-01-05 19:43:45 -05:00
;;
;; convert \r\n to \n for Sendmail
;SENDMAIL_CONVERT_CRLF = true
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cache]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; if the cache enabled
;ENABLED = true
;;
2021-07-10 17:54:15 -04:00
;; Either "memory", "redis", "memcache", or "twoqueue". default is "memory"
2021-05-09 17:10:05 -04:00
;ADAPTER = memory
;;
;; For "memory" only, GC interval in seconds, default is 60
;INTERVAL = 60
;;
;; For "redis" and "memcache", connection host address
;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
;; memcache: `127.0.0.1:11211`
2021-07-10 17:54:15 -04:00
;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
2021-05-09 17:10:05 -04:00
;HOST =
;;
;; Time to keep items in cache if not used, default is 16 hours.
2022-05-09 12:33:19 -04:00
;; Setting it to -1 disables caching
2021-05-09 17:10:05 -04:00
;ITEM_TTL = 16h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Last commit cache
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cache.last_commit]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; if the cache enabled
;ENABLED = true
;;
;; Time to keep items in cache if not used, default is 8760 hours.
2022-05-09 12:33:19 -04:00
;; Setting it to -1 disables caching
2021-05-09 17:10:05 -04:00
;ITEM_TTL = 8760h
;;
;; Only enable the cache when repository's commits count great than
;COMMITS_COUNT = 1000
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[session]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
2022-05-15 12:40:29 -04:00
;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
;; Default is "memory". "db" will reuse the configuration in [database]
2021-05-09 17:10:05 -04:00
;PROVIDER = memory
;;
;; Provider config options
;; memory: doesn't have any config yet
;; file: session file path, e.g. `data/sessions`
;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
2022-11-09 20:22:31 -05:00
;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
2021-05-09 17:10:05 -04:00
;;
;; Session cookie name
;COOKIE_NAME = i_like_gitea
;;
;; If you use session in https only, default is false
;COOKIE_SECURE = false
;;
;; Session GC time interval in seconds, default is 86400 (1 day)
;GC_INTERVAL_TIME = 86400
;;
;; Session life time in seconds, default is 86400 (1 day)
;SESSION_LIFE_TIME = 86400
;;
;; SameSite settings. Either "none", "lax", or "strict"
;SAME_SITE=lax
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[picture]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;AVATAR_UPLOAD_PATH = data/avatars
;REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
;;
;; How Gitea deals with missing repository avatars
;; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
;REPOSITORY_AVATAR_FALLBACK = none
;REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
;;
;; Max Width and Height of uploaded avatars.
;; This is to limit the amount of RAM used when resizing the image.
;AVATAR_MAX_WIDTH = 4096
;AVATAR_MAX_HEIGHT = 3072
;;
2021-12-15 21:18:38 -05:00
;; The multiplication factor for rendered avatar images.
;; Larger values result in finer rendering on HiDPI devices.
;AVATAR_RENDERED_SIZE_FACTOR = 3
;;
2021-05-09 17:10:05 -04:00
;; Maximum allowed file size for uploaded avatars.
;; This is to limit the amount of RAM used when resizing the image.
;AVATAR_MAX_FILE_SIZE = 1048576
;;
;; Chinese users can choose "duoshuo"
;; or a custom avatar source, like: http://cn.gravatar.com/avatar/
;GRAVATAR_SOURCE = gravatar
;;
;; This value will always be true in offline mode.
;DISABLE_GRAVATAR = false
;;
;; Federated avatar lookup uses DNS to discover avatar associated
;; with emails, see https://www.libravatar.org
;; This value will always be false in offline mode or when Gravatar is disabled.
;ENABLE_FEDERATED_AVATAR = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[attachment]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Whether issue and pull request attachments are enabled. Defaults to `true`
;ENABLED = true
;;
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
2022-07-01 09:42:20 -04:00
;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
2021-05-09 17:10:05 -04:00
;;
;; Max size of each file. Defaults to 4MB
;MAX_SIZE = 4
;;
;; Max number of files per upload. Defaults to 5
;MAX_FILES = 5
;;
;; Storage type for attachments, `local` for local disk or `minio` for s3 compatible
;; object storage service, default is `local`.
;STORAGE_TYPE = local
;;
;; Allows the storage driver to redirect to authenticated URLs to serve files directly
;; Currently, only `minio` is supported.
;SERVE_DIRECT = false
;;
;; Path for attachments. Defaults to `data/attachments` only available when STORAGE_TYPE is `local`
;PATH = data/attachments
;;
;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
;MINIO_ENDPOINT = localhost:9000
;;
;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
;MINIO_ACCESS_KEY_ID =
;;
;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
;MINIO_SECRET_ACCESS_KEY =
;;
;; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
;MINIO_BUCKET = gitea
;;
;; Minio location to create bucket only available when STORAGE_TYPE is `minio`
;MINIO_LOCATION = us-east-1
;;
;; Minio base path on the bucket only available when STORAGE_TYPE is `minio`
;MINIO_BASE_PATH = attachments/
;;
;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
;MINIO_USE_SSL = false
2015-03-23 10:19:19 -04:00
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[time]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Specifies the format for fully outputted dates. Defaults to RFC1123
;; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
;; For more information about the format see http://golang.org/pkg/time/#pkg-constants
;FORMAT =
;;
;; Location the UI time display i.e. Asia/Shanghai
;; Empty means server's location setting
;DEFAULT_UI_LOCATION =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Common settings
;;
;; Setting this to true will enable all cron tasks periodically with default settings.
;ENABLED = false
;; Setting this to true will run all enabled cron tasks when Gitea starts.
;RUN_AT_START = false
2021-05-10 12:54:45 -04:00
;;
;; Note: ``SCHEDULE`` accept formats
;; - Full crontab specs, e.g. "* * * * * ?"
;; - Descriptors, e.g. "@midnight", "@every 1h30m"
;; See more: https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Basic cron tasks - enabled by default
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Clean up old repository archives
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.archive_cleanup]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Whether to enable the job
;ENABLED = true
;; Whether to always run at least once at start up time (if ENABLED)
;RUN_AT_START = true
2022-03-26 17:13:04 -04:00
;; Whether to emit notice on successful execution too
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;; Time interval for job to run
2021-07-15 11:55:48 -04:00
;SCHEDULE = @midnight
2021-05-09 17:10:05 -04:00
;; Archives created more than OLDER_THAN ago are subject to deletion
;OLDER_THAN = 24h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Update mirrors
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.update_mirrors]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;SCHEDULE = @every 10m
;; Enable running Update mirrors task periodically.
;ENABLED = true
;; Run Update mirrors task when Gitea starts.
;RUN_AT_START = false
;; Notice if not success
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-11-22 22:09:35 -05:00
;; Limit the number of mirrors added to the queue to this number
;; (negative values mean no limit, 0 will result in no result in no mirrors being queued effectively disabling pull mirror updating.)
;PULL_LIMIT=50
;; Limit the number of mirrors added to the queue to this number
;; (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling push mirror updating)
;PUSH_LIMIT=50
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Repository health check
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.repo_health_check]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2021-07-15 11:55:48 -04:00
;SCHEDULE = @midnight
2021-05-09 17:10:05 -04:00
;; Enable running Repository health check task periodically.
;ENABLED = true
;; Run Repository health check task when Gitea starts.
;RUN_AT_START = false
;; Notice if not success
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;TIMEOUT = 60s
;; Arguments for command 'git fsck', e.g. "--unreachable --tags"
;; see more on http://git-scm.com/docs/git-fsck
;ARGS =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Check repository statistics
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.check_repo_stats]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Enable running check repository statistics task periodically.
;ENABLED = true
;; Run check repository statistics task when Gitea starts.
;RUN_AT_START = true
;; Notice if not success
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-07-15 11:55:48 -04:00
;SCHEDULE = @midnight
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.update_migration_poster_id]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
;ENABLED = true
;; Update migrated repositories' issues and comments' posterid when starting server (default true)
;RUN_AT_START = true
;; Notice if not success
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;; Interval as a duration between each synchronization. (default every 24h)
2021-07-15 11:55:48 -04:00
;SCHEDULE = @midnight
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Synchronize external user data (only LDAP user synchronization is supported)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.sync_external_users]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = true
;; Synchronize external user data when starting server (default false)
;RUN_AT_START = false
;; Notice if not success
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;; Interval as a duration between each synchronization (default every 24h)
2021-07-15 11:55:48 -04:00
;SCHEDULE = @midnight
2021-05-09 17:10:05 -04:00
;; Create new users, update existing user data and disable users that are not in external source anymore (default)
;; or only create new users if UPDATE_EXISTING is set to false
;UPDATE_EXISTING = true
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Clean-up deleted branches
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.deleted_branches_cleanup]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = true
;; Clean-up deleted branches when starting server (default true)
;RUN_AT_START = true
;; Notice if not success
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;; Interval as a duration between each synchronization (default every 24h)
2021-07-15 11:55:48 -04:00
;SCHEDULE = @midnight
2021-05-09 17:10:05 -04:00
;; deleted branches than OLDER_THAN ago are subject to deletion
;OLDER_THAN = 24h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Cleanup hook_task table
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.cleanup_hook_task_table]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Whether to enable the job
;ENABLED = true
;; Whether to always run at start up time (if ENABLED)
;RUN_AT_START = false
;; Time interval for job to run
2021-07-15 11:55:48 -04:00
;SCHEDULE = @midnight
2021-05-09 17:10:05 -04:00
;; OlderThan or PerWebhook. How the records are removed, either by age (i.e. how long ago hook_task record was delivered) or by the number to keep per webhook (i.e. keep most recent x deliveries per webhook).
;CLEANUP_TYPE = OlderThan
;; If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
;OLDER_THAN = 168h
;; If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
;NUMBER_TO_KEEP = 10
2022-03-30 04:42:47 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Cleanup expired packages
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.cleanup_packages]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Whether to enable the job
;ENABLED = true
;; Whether to always run at least once at start up time (if ENABLED)
;RUN_AT_START = true
;; Whether to emit notice on successful execution too
;NOTICE_ON_SUCCESS = false
;; Time interval for job to run
;SCHEDULE = @midnight
;; Unreferenced blobs created more than OLDER_THAN ago are subject to deletion
;OLDER_THAN = 24h
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Extended cron task - not enabled by default
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Delete all unactivated accounts
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.delete_inactive_accounts]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @annually
;OLDER_THAN = 168h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Delete all repository archives
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.delete_repo_archives]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @annually;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Garbage collect all repositories
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.git_gc_repos]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @every 72h
;TIMEOUT = 60s
;; Arguments for command 'git gc'
;; The default value is same with [git] -> GC_ARGS
;ARGS =
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Update the '.ssh/authorized_keys' file with Gitea SSH keys
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.resync_all_sshkeys]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @every 72h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Resynchronize pre-receive, update and post-receive hooks of all repositories.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.resync_all_hooks]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @every 72h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Reinitialize all missing Git repositories for which records exist
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.reinit_missing_repos]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @every 72h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Delete all repositories missing their Git files
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.delete_missing_repos]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @every 72h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Delete generated repository avatars
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.delete_generated_repository_avatars]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @every 72h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Delete all old actions from database
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.delete_old_actions]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
2022-03-26 17:13:04 -04:00
;NOTICE_ON_SUCCESS = false
2021-05-09 17:10:05 -04:00
;SCHEDULE = @every 168h
;OLDER_THAN = 8760h
2021-10-16 02:14:34 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Check for new Gitea versions
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.update_checker]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2022-12-11 17:08:01 -05:00
;ENABLED = true
2021-10-16 02:14:34 -04:00
;RUN_AT_START = false
;ENABLE_SUCCESS_NOTICE = false
;SCHEDULE = @every 168h
;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2022-03-28 08:54:59 -04:00
;; Delete all old system notices from database
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[cron.delete_old_system_notices]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;ENABLED = false
;RUN_AT_START = false
;NO_SUCCESS_NOTICE = false
;SCHEDULE = @every 168h
;OLDER_THAN = 8760h
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2021-05-09 17:10:05 -04:00
;; Git Operation timeout in seconds
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[git.timeout]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;DEFAULT = 360
;MIGRATE = 600
;MIRROR = 300
;CLONE = 300
;PULL = 300
;GC = 60
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[mirror]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2022-06-04 07:42:17 -04:00
;; Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
2021-09-07 11:49:36 -04:00
;ENABLED = true
;; Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
;DISABLE_NEW_PULL = false
;; Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
;DISABLE_NEW_PUSH = false
2021-05-09 17:10:05 -04:00
;; Default interval as a duration between each check
;DEFAULT_INTERVAL = 8h
;; Min interval as a duration must be > 1m
;MIN_INTERVAL = 10m
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[api]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2022-09-19 18:48:48 -04:00
;; Enables the API documentation endpoints (/api/swagger, /api/v1/swagger, …). True or false.
2021-05-09 17:10:05 -04:00
;ENABLE_SWAGGER = true
;; Max number of items in a page
;MAX_RESPONSE_ITEMS = 50
;; Default paging number of api
;DEFAULT_PAGING_NUM = 30
;; Default and maximum number of items per page for git trees api
;DEFAULT_GIT_TREES_PER_PAGE = 1000
2022-09-19 18:48:48 -04:00
;; Default max size of a blob returned by the blobs API (default is 10MiB)
2021-05-09 17:10:05 -04:00
;DEFAULT_MAX_BLOB_SIZE = 10485760
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[i18n]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2022-04-03 05:46:48 -04:00
;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
2022-06-27 15:50:30 -04:00
;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
2022-06-15 06:08:49 -04:00
;NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[highlight.mapping]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Extension mapping to highlight class
;; e.g. .toml=ini
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[other]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;SHOW_FOOTER_BRANDING = false
;; Show version information about Gitea and Go in the footer
;SHOW_FOOTER_VERSION = true
;; Show template execution time in the footer
;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
2022-10-28 11:17:38 -04:00
;; Generate sitemap. Defaults to `true`.
2022-11-21 00:14:58 -05:00
;ENABLE_SITEMAP = true
;; Enable/Disable RSS/Atom feed
;ENABLE_FEED = true
2021-07-24 00:21:51 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[markup]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits)
;MERMAID_MAX_SOURCE_CHARACTERS = 5000
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[markup.sanitizer.1]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; The following keys can appear once to define a sanitation policy rule.
;; This section can appear multiple times by adding a unique alphanumeric suffix to define multiple rules.
;; e.g., [markup.sanitizer.1] -> [markup.sanitizer.2] -> [markup.sanitizer.TeX]
2019-12-07 14:49:04 -05:00
;ELEMENT = span
;ALLOW_ATTR = class
;REGEXP = ^(info|warning|error)$
2021-05-09 17:10:05 -04:00
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Other markup formats e.g. asciidoc
;;
;; uncomment and enable the below section.
;; (You can add other markup formats by copying the section and adjusting
;; the section name suffix "asciidoc" to something else.)
;[markup.asciidoc]
;ENABLED = false
;; List of file extensions that should be rendered by an external command
;FILE_EXTENSIONS = .adoc,.asciidoc
;; External command to render all matching extensions
;RENDER_COMMAND = "asciidoc --out-file=- -"
;; Don't pass the file on STDIN, pass the filename as argument instead.
;IS_INPUT_FILE = false
2022-06-15 23:33:23 -04:00
;; How the content will be rendered.
;; * sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in [markup.sanitizer.*] .
;; * no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
;; * iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
;RENDER_CONTENT_MODE=sanitized
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[metrics]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Enables metrics endpoint. True or false; default is false.
;ENABLED = false
;; If you want to add authorization, specify a token here
;TOKEN =
2021-10-03 18:46:44 -04:00
;; Enable issue by label metrics; default is false
;ENABLED_ISSUE_BY_LABEL = false
2021-10-05 14:39:37 -04:00
;; Enable issue by repository metrics; default is false
;ENABLED_ISSUE_BY_REPOSITORY = false
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[task]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Task queue type, could be `channel` or `redis`.
;QUEUE_TYPE = channel
;;
;; Task queue length, available only when `QUEUE_TYPE` is `channel`.
;QUEUE_LENGTH = 1000
;;
;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
;; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
;QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[migrations]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Max attempts per http/https request on migrations.
;MAX_ATTEMPTS = 3
;;
;; Backoff time per http/https request retry (seconds)
;RETRY_BACKOFF = 3
;;
;; Allowed domains for migrating, default is blank. Blank means everything will be allowed.
;; Multiple domains could be separated by commas.
2022-06-18 15:23:06 -04:00
;; Wildcard is supported: "github.com, *.github.com"
2021-05-09 17:10:05 -04:00
;ALLOWED_DOMAINS =
;;
;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
2021-11-20 04:34:05 -05:00
;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains.
2022-06-18 15:23:06 -04:00
;; Wildcard is supported.
2021-05-09 17:10:05 -04:00
;BLOCKED_DOMAINS =
;;
;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
2022-07-12 21:07:16 -04:00
;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored.
2021-05-09 17:10:05 -04:00
;ALLOW_LOCALNETWORKS = false
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2021-09-27 19:38:06 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[federation]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Enable/Disable federation capabilities
2022-06-19 19:48:17 -04:00
;ENABLED = false
2022-05-02 09:35:45 -04:00
;;
;; Enable/Disable user statistics for nodeinfo if federation is enabled
2022-06-19 19:48:17 -04:00
;SHARE_USER_STATISTICS = true
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 01:25:12 -04:00
;;
;; Maximum federation request and response size (MB)
2022-06-19 19:48:17 -04:00
;MAX_SIZE = 4
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 01:25:12 -04:00
;;
;; WARNING: Changing the settings below can break federation.
;;
;; HTTP signature algorithms
2022-06-19 19:48:17 -04:00
;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 01:25:12 -04:00
;;
;; HTTP signature digest algorithm
2022-06-19 19:48:17 -04:00
;DIGEST_ALGORITHM = SHA-256
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 01:25:12 -04:00
;;
;; GET headers for federation requests
2022-06-19 19:48:17 -04:00
;GET_HEADERS = (request-target), Date
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 01:25:12 -04:00
;;
;; POST headers for federation requests
2022-06-19 19:48:17 -04:00
;POST_HEADERS = (request-target), Date, Digest
2021-09-27 19:38:06 -04:00
2022-03-30 04:42:47 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[packages]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; Enable/Disable package registry capabilities
;ENABLED = true
;;
;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
;CHUNKED_UPLOAD_PATH = tmp/package-upload
2022-11-09 01:34:27 -05:00
;;
2022-11-29 19:41:29 -05:00
;; Maximum count of package versions a single owner can have (`-1` means no limits)
2022-11-09 01:34:27 -05:00
;LIMIT_TOTAL_OWNER_COUNT = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_TOTAL_OWNER_SIZE = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_COMPOSER = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_CONAN = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_CONTAINER = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_GENERIC = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_HELM = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_MAVEN = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_NPM = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_NUGET = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_PUB = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_PYPI = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_RUBYGEMS = -1
2022-11-29 19:41:29 -05:00
;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
2022-11-09 01:34:27 -05:00
;LIMIT_SIZE_VAGRANT = -1
2022-03-30 04:42:47 -04:00
2021-09-27 19:38:06 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; default storage for attachments, lfs and avatars
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[storage]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2021-06-23 17:12:38 -04:00
;; storage type
;STORAGE_TYPE = local
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; settings for repository archives, will override storage setting
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[storage.repo-archive]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
2021-05-09 17:10:05 -04:00
;; storage type
;STORAGE_TYPE = local
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; lfs storage will override storage
;;
;[lfs]
;STORAGE_TYPE = local
2022-01-23 14:02:29 -05:00
;;
;; Where your lfs files reside, default is data/lfs.
;PATH = data/lfs
2021-05-09 17:10:05 -04:00
2022-03-30 04:42:47 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; settings for packages, will override storage setting
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[storage.packages]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; storage type
;STORAGE_TYPE = local
2021-05-09 17:10:05 -04:00
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; customize storage
2020-09-29 05:05:13 -04:00
;[storage.my_minio]
;STORAGE_TYPE = minio
2021-05-09 17:10:05 -04:00
;;
;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
2020-09-29 05:05:13 -04:00
;MINIO_ENDPOINT = localhost:9000
2021-05-09 17:10:05 -04:00
;;
;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
2020-09-29 05:05:13 -04:00
;MINIO_ACCESS_KEY_ID =
2021-05-09 17:10:05 -04:00
;;
;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
2020-09-29 05:05:13 -04:00
;MINIO_SECRET_ACCESS_KEY =
2021-05-09 17:10:05 -04:00
;;
;; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
2020-09-29 05:05:13 -04:00
;MINIO_BUCKET = gitea
2021-05-09 17:10:05 -04:00
;;
;; Minio location to create bucket only available when STORAGE_TYPE is `minio`
2020-09-29 05:05:13 -04:00
;MINIO_LOCATION = us-east-1
2021-05-09 17:10:05 -04:00
;;
;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
2020-09-29 05:05:13 -04:00
;MINIO_USE_SSL = false
2021-08-18 09:10:39 -04:00
;[proxy]
;; Enable the proxy, all requests to external via HTTP will be affected
;PROXY_ENABLED = false
;; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy/no_proxy
;PROXY_URL =
;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
;PROXY_HOSTS =