maxbirkin/gooseek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
32102c379a4802246f4b67d9b0af3e59bd462b6c
gooseek/backend/deploy/k8s/gitea/configmap.yaml
home d2ef146474
Some checks failed
Build and Deploy GooSeek / build-and-deploy (push) Has been cancelled
Details
security: upgrade Gitea to 1.25.4, add security headers 
- Update Gitea from 1.22.6 to 1.25.4 (fixes CVE-2026-20736, CVE-2026-20912)
- Disable public registration
- Disable Swagger API
- Add nginx-ingress security headers:
  - X-Content-Type-Options: nosniff
  - X-XSS-Protection: 1; mode=block
  - Referrer-Policy: strict-origin-when-cross-origin
  - Permissions-Policy
- Enable HSTS preload
- Reorganize Gitea K8s manifests into gitea/ directory

Made-with: Cursor
2026-03-02 22:01:51 +03:00

185 lines
4.1 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-config
namespace: gitea
data:
app.ini: |
APP_NAME = GitGooSeek
RUN_MODE = prod
RUN_USER = git
[repository]
ROOT = /data/git/repositories
DEFAULT_BRANCH = main
[repository.upload]
ENABLED = true
ALLOWED_TYPES =
FILE_MAX_SIZE = 100
MAX_FILES = 10
[server]
DOMAIN = git.gooseek.ru
ROOT_URL = https://git.gooseek.ru/
HTTP_PORT = 3000
SSH_DOMAIN = git.gooseek.ru
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET =
OFFLINE_MODE = false
[database]
DB_TYPE = sqlite3
PATH = /data/gitea/gitea.db
[security]
INSTALL_LOCK = true
SECRET_KEY =
INTERNAL_TOKEN =
PASSWORD_HASH_ALGO = pbkdf2
MIN_PASSWORD_LENGTH = 12
PASSWORD_COMPLEXITY = lower,upper,digit,spec
PASSWORD_CHECK_PWN = true
CSRF_COOKIE_HTTP_ONLY = true
[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = true
REQUIRE_CAPTCHA_FOR_LOGIN = true
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_DEPENDENCIES = true
ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
ENABLE_USER_HEATMAP = true
ENABLE_TIMETRACKING = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.git.gooseek.ru
[service.explore]
REQUIRE_SIGNIN_VIEW = false
DISABLE_USERS_PAGE = true
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[oauth2_client]
ENABLE_AUTO_REGISTRATION = false
REGISTER_EMAIL_CONFIRM = false
[api]
ENABLE_SWAGGER = false
MAX_RESPONSE_ITEMS = 50
DEFAULT_PAGING_NUM = 30
[session]
PROVIDER = file
PROVIDER_CONFIG = /data/gitea/sessions
COOKIE_NAME = i_like_gitea
COOKIE_SECURE = true
GC_INTERVAL_TIME = 86400
SESSION_LIFE_TIME = 86400
SAME_SITE = lax
[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false
[attachment]
ENABLED = true
PATH = /data/gitea/attachments
ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
MAX_SIZE = 100
MAX_FILES = 10
[log]
MODE = console
LEVEL = Info
ROOT_PATH = /data/gitea/log
[log.console]
STDERR = true
[cron]
ENABLED = true
[cron.archive_cleanup]
ENABLED = true
RUN_AT_START = true
SCHEDULE = @every 24h
OLDER_THAN = 24h
[cron.sync_external_users]
ENABLED = false
[cron.deleted_branches_cleanup]
ENABLED = true
RUN_AT_START = true
SCHEDULE = @every 24h
[git]
MAX_GIT_DIFF_LINES = 1000
MAX_GIT_DIFF_LINE_CHARACTERS = 5000
MAX_GIT_DIFF_FILES = 100
GC_ARGS =
[markup.sanitizer.1]
ELEMENT = span
ALLOW_ATTR = class
REGEXP = ^(color[0-9]?|text-white|text-black|text-green|text-red|text-blue)$
[actions]
ENABLED = true
DEFAULT_ACTIONS_URL = github
[packages]
ENABLED = true
CHUNKED_UPLOAD_PATH = /data/gitea/tmp/package-upload
[mirror]
ENABLED = true
DISABLE_NEW_PULL = false
DISABLE_NEW_PUSH = false
DEFAULT_INTERVAL = 8h
MIN_INTERVAL = 10m
[lfs]
PATH = /data/git/lfs
[mailer]
ENABLED = false
[cache]
ENABLED = true
ADAPTER = memory
INTERVAL = 60
HOST =
[queue]
TYPE = level
DATADIR = /data/gitea/queues
[indexer]
ISSUE_INDEXER_TYPE = bleve
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
REPO_INDEXER_ENABLED = true
REPO_INDEXER_PATH = /data/gitea/indexers/repos.bleve
REPO_INDEXER_INCLUDE =
REPO_INDEXER_EXCLUDE =
MAX_FILE_SIZE = 1048576
[admin]
DISABLE_REGULAR_ORG_CREATION = true
[webhook]
ALLOWED_HOST_LIST = external,loopback
SKIP_TLS_VERIFY = false
Reference in New Issue View Git Blame Copy Permalink