system-config/playbooks/roles/gitea/templates/app.ini.j2
Clark Boylan 4a3c19e053 Fix the formatting of the gitea app.ini file
During the Gitea 1.22.1 upgrade we had failures because gitea wanted to
write back to its app.ini config file and couldn't do so due to file
permissions. We address that by fixing the formatting for one entry in
the template then separately update a secret var to match what ended up
being deployed to gitea09. In theory this should make everything line up
such that we don't actually need to write back to the file at all.

If this continues to fail we will instead update file permissions and
let gitea rewrite its file instead. But that would be the next thing to
try.

Change-Id: Ic3a6e2dd25ec906c234c2fea26b68eb8f742201c
2024-07-19 10:23:54 -07:00

142 lines
3.6 KiB
Django/Jinja

APP_NAME = OpenDev: Free Software Needs Free Tools
RUN_MODE = prod
RUN_USER = git
; TODO determine if this is appropriate for our existing installation
WORK_PATH = /data/gitea
[server]
APP_DATA_PATH = /data/gitea
SSH_DOMAIN = localhost
PROTOCOL = https
HTTP_PORT = 3000
ROOT_URL = https://opendev.org/
DISABLE_SSH = false
SSH_PORT = 22
DOMAIN = localhost
LFS_START_SERVER = true
LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret }}
OFFLINE_MODE = false
CERT_FILE = /certs/cert.pem
KEY_FILE = /certs/key.pem
REDIRECT_OTHER_PORT = true
PORT_TO_REDIRECT = 3080
[database]
DB_TYPE = mysql
HOST = localhost:3306
NAME = gitea
USER = {{ gitea_db_username }}
PASSWD = {{ gitea_db_password }}
SSL_MODE = disable
LOG_SQL = false
[repository]
ROOT = /data/git/repositories
DISABLED_REPO_UNITS = repo.issues,repo.pulls,repo.wiki,repo.projects,repo.actions
DISABLE_STARS = true
DISABLE_MIGRATIONS = true
[git]
; Implemented in 1.16 but broke older git clients. Now expected to work
; but we keep explicit config in place should it need to be toggled back
; to true again.
DISABLE_PARTIAL_CLONE = false
[federation]
ENABLED = false
[packages]
ENABLED = false
[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
STARTUP_TIMEOUT = 300s
[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
DISABLE_GRAVATAR = true
[attachment]
PATH = /data/gitea/attachments
[log]
ROOT_PATH = /logs
LEVEL = Info
STACKTRACE_LEVEL = Error
logger.access.MODE = file
{% raw -%}
ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"
{% endraw %}
[security]
INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }}
PASSWORD_COMPLEXITY = lower,upper,digit
[service]
DISABLE_REGISTRATION = true
SHOW_REGISTRATION_BUTTON = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
ENABLE_TIMETRACKING = false
DEFAULT_ENABLE_TIMETRACKING = false
NO_REPLY_ADDRESS = noreply.example.org
[mailer]
ENABLED = false
[oauth2]
ENABLED = false
; TODO we don't do oauth2 do we need to set this value?
JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
; TODO we don't do oauth2 do we need to set this value?
JWT_SIGNING_PRIVATE_KEY_FILE = /data/gitea/jwt/private.pem
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[markup.pandoc]
ENABLED = true
; List of file extensions that should be rendered by an external command
FILE_EXTENSIONS = .rst
; External command to render all matching extensions
RENDER_COMMAND = /usr/bin/pandoc -f rst
; Input is not a standard input but a file
IS_INPUT_FILE = false
[actions]
ENABLED = false
[lfs]
STORAGE_TYPE = local
PATH = /data/git/lfs
; This is an undocumented gitea cron job that will delete all
; repo archives once daily at midnight. Repo archives are
; tarballs/zips/etc of repository state generate for things like
; tags. This helps ensure we don't run out of disk.
[cron.delete_repo_archives]
ENABLED = true
RUN_AT_START = false
NOTICE_ON_SUCCESS = false
; Note we run this several hours after 0000 (midnight) to avoid conflict
; with default cron jobs run by gitea at that time.
SCHEDULE = 0 0 3 * * *
; We don't need gitea phoning out to check versions. We stay on
; top of new releases using github release notifications over email.
[cron.update_checker]
ENABLED = false