From 95b73daa36b23565a8566f71f9b202d3459b685f Mon Sep 17 00:00:00 2001
From: Sam Chudnick <sam@chudnick.com>
Date: Sun, 25 Jun 2023 09:52:36 -0400
Subject: Initial Commit

---
 data/gitea/app.ini    | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++
 data/gitea/gitea.conf |  30 +++++++++++++++
 2 files changed, 133 insertions(+)
 create mode 100644 data/gitea/app.ini
 create mode 100644 data/gitea/gitea.conf

(limited to 'data/gitea')

diff --git a/data/gitea/app.ini b/data/gitea/app.ini
new file mode 100644
index 0000000..84f9647
--- /dev/null
+++ b/data/gitea/app.ini
@@ -0,0 +1,103 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+RUN_USER = git
+
+[repository]
+ROOT = /data/git/repositories
+ENABLE_PUSH_CREATE_USER = true
+DEFAULT_PUSH_CREATE_PRIVATE = false
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH    = /data/gitea
+DOMAIN           = gitea.chudnick.com
+SSH_DOMAIN       = gitea.chudnick.com
+HTTP_PORT        = 3000
+ROOT_URL         = https://gitea.chudnick.com/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+SSH_LISTEN_PORT  = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET   = 
+OFFLINE_MODE     = false
+
+[database]
+PATH     = /data/gitea/gitea.db
+DB_TYPE  = sqlite3
+HOST     = localhost:3306
+NAME     = gitea
+USER     = root
+PASSWD   = 
+LOG_SQL  = false
+SCHEMA   = 
+SSL_MODE = disable
+CHARSET  = utf8
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER        = file
+
+[picture]
+AVATAR_UPLOAD_PATH            = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+DISABLE_GRAVATAR              = false
+ENABLE_FEDERATED_AVATAR       = true
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE      = console
+LEVEL     = info
+ROUTER    = console
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK                  = true
+SECRET_KEY                    = 
+REVERSE_PROXY_LIMIT           = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+INTERNAL_TOKEN                = 
+PASSWORD_HASH_ALGO            = pbkdf2
+
+[service]
+DISABLE_REGISTRATION              = false
+REQUIRE_SIGNIN_VIEW               = false
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.localhost
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[webhook]
+ALLOWED_HOST_LIST = jenkins.chudnick.com
+
+[metrics]
+ENABLED = true
diff --git a/data/gitea/gitea.conf b/data/gitea/gitea.conf
new file mode 100644
index 0000000..1b862a4
--- /dev/null
+++ b/data/gitea/gitea.conf
@@ -0,0 +1,30 @@
+server {
+	listen 443 ssl;
+	server_name gitea.chudnick.com;
+
+    ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+
+    location / {
+        proxy_pass http://127.0.0.1:8003/;
+    }
+
+	# for docker image push
+	client_max_body_size	500M;
+
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name gitea.chudnick.com;
+	return 301 https://$host$request_uri;
+}
-- 
cgit v1.2.3