Gitea
I wanted to set up my own github, so here is https://gitea.matt-cloud.com. It is linked to the Matt-Cloud SSO and everyone can login. I think most of my repos are viewable publicly. I share some of my more interesting playbooks here.
docker-compse.yaml
services:
gitea:
image: docker.gitea.com/gitea:1.24.2-rootless
container_name: gitea.domain.com
volumes:
- /media/docker/gitea/data:/var/lib/gitea
- ./gitea-config:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "22:22"
restart: always
network_mode: bridgeapp.ini
APP_NAME = Gitea
RUN_USER = git
RUN_MODE = prod
WORK_PATH = /var/lib/gitea
[repository]
ROOT = /var/lib/gitea/git/repositories
[repository.local]
LOCAL_COPY_PATH = /tmp/gitea/local-repo
[repository.upload]
TEMP_PATH = /tmp/gitea/uploads
[server]
APP_DATA_PATH = /var/lib/gitea
SSH_DOMAIN = gitea.domain.com
HTTP_PORT = 3000
ROOT_URL = https://gitea.domain.com/
DISABLE_SSH = false
; In rootless gitea container only internal ssh server is supported
START_SSH_SERVER = true
SSH_PORT = 22
SSH_LISTEN_PORT = 22
BUILTIN_SSH_SERVER_USER = git
LFS_START_SERVER = true
DOMAIN = gitea.matt-cloud.com
LFS_JWT_SECRET = deadbeeflol
OFFLINE_MODE = true
[database]
PATH = /var/lib/gitea/data/gitea.db
DB_TYPE = sqlite3
HOST = localhost:3306
NAME = gitea
USER = root
PASSWD =
SCHEMA =
SSL_MODE = disable
LOG_SQL = false
[session]
PROVIDER_CONFIG = /var/lib/gitea/data/sessions
PROVIDER = file
[picture]
AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /var/lib/gitea/data/repo-avatars
[attachment]
PATH = /var/lib/gitea/data/attachments
[log]
ROOT_PATH = /var/lib/gitea/data/log
MODE = console
LEVEL = info
[security]
INSTALL_LOCK = true
SECRET_KEY =
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = deadbeefloldeadbeefloldeadbeefloldeadbeefloldeadbeeflol
PASSWORD_HASH_ALGO = pbkdf2
[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = true
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = matt-cloud.com
SHOW_REGISTRATION_BUTTON = false
ENABLE_PASSWORD_SIGNIN_FORM = false
ENABLE_BASIC_AUTHENTICATION = false
ENABLE_PASSKEY_AUTHENTICATION = false
[lfs]
PATH = /var/lib/gitea/git/lfs
[mailer]
ENABLED = true
SMTP_ADDR = mail.domain.net
SMTP_PORT = 465
PROTOCOL = smtps
FROM = gitea@domain.com
USER = gitea@domain.com
PASSWD = 'deadbeefloldeadbeefloldeadbeeflol'
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = true
WHITELISTED_URIS = auth.domain.com
ENABLE_AUTO_REGISTRATION = true
ACCOUNT_LINKING = auto
USERNAME = preferred_username
[oauth2_client]
ENABLE_AUTO_REGISTRATION = true
ACCOUNT_LINKING = auto
[cron.update_checker]
ENABLED = false
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[oauth2]
JWT_SECRET = deadbeefloldeadbeefloldeadbeefloldeadbeeflol
ENABLE_AUTO_REGISTRATION = true
ACCOUNT_LINKING = auto
USERNAME = preferred_username
authelia config
# OIDC Portion - domain is unsecured otherwise
- id: gitea-oidc
client_id: gitea-oidc
client_name: "gitea-oidc"
description: gitea-oidc
secret: 'deadbeefloldeadbeefloldeadbeefloldeadbeeflol'
sector_identifier: 'auth.domain.com'
public: false
response_types:
- 'code'
authorization_policy: one_factor
consent_mode: implicit
pre_configured_consent_duration: 6m
audience: []
scopes:
- openid
- groups
- email
- profile
redirect_uris:
- https://gitea.domain.com
- https://gitea.domain.com/user/oauth2/matt-cloud/callback
access_token_signed_response_alg: 'none'
userinfo_signing_algorithm: none
token_endpoint_auth_method: 'client_secret_basic'
No Comments