diff --git a/LICENSE b/LICENSE
index 81522a9..94a9ed0 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,22 +1,674 @@
-The MIT License (MIT)
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
-Copyright (c) 2015 mbugeia
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+ Preamble
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ Copyright (C)
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/README.md b/README.md
index 32f2004..1ca136f 100644
--- a/README.md
+++ b/README.md
@@ -1,167 +1,88 @@
-Gitea package for YunoHost
-==========================
-
-
-[](https://dash.yunohost.org/appci/app/gitea)  
-[](https://install-app.yunohost.org/?app=gitea)
-
-> *This package allow you to install gitea quickly and simply on a YunoHost server.
-If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
-
-Overview
---------
-
-Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github.
-
-**Shipped version:** 1.14.5
-
-Screenshots
------------
-
-
-
-Documentation
--------------
-
- * Official documentation: https://docs.gitea.io/
- * YunoHost documentation: There no other documentations, feel free to contribute.
-
-YunoHost specific features
---------------------------
-
-### Multi-users support
-
-LDAP and HTTP auth are supported.
-
-### Supported architectures
-
-* x86-64 - [](https://ci-apps.yunohost.org/ci/apps/gitea/)
-* ARMv8-A - [](https://ci-apps-arm.yunohost.org/ci/apps/gitea/)
-
-
-Additional informations
------------------------
+# Gitea for YunoHost
-### Notes on SSH usage
+[](https://dash.yunohost.org/appci/app/gogs)  
+[](https://install-app.yunohost.org/?app=gogs)
-If you want to use Gitea with ssh and be able to pull/push with you ssh key, your ssh daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gitea:
+*[Lire ce readme en français.](./README_fr.md)*
+
+> *This package allows you to install Gogs quickly and simply on a YunoHost server.
+If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
+
+## Overview
+
+Gogs (Go Git Service) is a git-based multiplatform forge written in Go. Its particularity is that it is light and can run on an ARM card, which makes it suitable for self-hosting. Gogs has a web interface similar to that of GitHub.
+
+### Features
+
+- User dashboard, user profile and activity timeline.
+- User, organization and repository management.
+- Repository and organization webhooks, including Slack, Discord and Dingtalk.
+- Repository Git hooks, deploy keys and Git LFS.
+- Repository issues, pull requests, wiki, protected branches and collaboration.
+- Migrate and mirror repositories with wiki from other code hosts.
+- Web editor for quick editing repository files and wiki.
+- Jupyter Notebook and PDF rendering.
+- Authentication via SMTP, LDAP.
+- Customize HTML templates, static files and many others.
+
+
+**Shipped version:** 0.12.6~ynh1
+
+**Demo:** https://try.gogs.io/user/login
+
+## Screenshots
+
+
+
+## Disclaimers / important information
+
+## Notes on SSH usage
+
+If you want to use Gogs with SSH and be able to pull/push with you SSH key, your SSH daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gogs:
```bash
PubkeyAuthentication yes
-AuthorizedKeysFile /home/%u/.ssh/authorized_keys
+AuthorizedKeysFile %h/.ssh/authorized_keys
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
```
-You also need to add your public key to your Gitea profile.
+You also need to add your public key to your Gogs profile.
-If you use ssh on another port than 22, you need to add theses lines to your ssh config in `~/.ssh/config`:
+If you use SSH on another port than 22, you need to add theses lines to your ssh config in `~/.ssh/config`:
```bash
Host domain.tld
port 2222 # change this with the port you use
```
-You will also need to add the `gitea` user in the ssh permission with this command:
+## Private Mode
+Actually it's possible to access to the Git repositories by the `git` command over HTTP also in private mode installation. It's important to know that in this mode the repository could be ALSO getted if you don't set the repository as private in the repos settings.
+
+## Documentation and resources
+
+* Official app website: http://gogs.io
+* Official admin documentation: https://gogs.io/docs
+* Upstream app code repository: https://github.com/gogs/gogs
+* YunoHost documentation for this app: https://yunohost.org/app_gogs
+* Report a bug: https://github.com/YunoHost-Apps/gogs_ynh/issues
+
+## Developer info
+
+Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/gogs_ynh/tree/testing).
+
+To try the testing branch, please proceed like that.
```
-sudo adduser gitea ssh.app
+sudo yunohost app install https://github.com/YunoHost-Apps/gogs_ynh/tree/testing --debug
+or
+sudo yunohost app upgrade gogs -u https://github.com/YunoHost-Apps/gogs_ynh/tree/testing --debug
```
-### Architecture
-
-This package is compatible with amd64, i386 and arm. The package will try to detect it with the command uname -m and fail if it can't detect the architecture. If that happens please open an issue describing your hardware and the result of the command `uname -m`.
-
-### Upgrade
-
-By default a backup is made before the upgrade. To avoid this you have theses following possibilites:
-- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. By example `NO_BACKUP_UPGRADE=1 yunohost app upgrade gitea`.
-- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command:
-
-`yunohost app setting gitea disable_backup_before_upgrade -v 1`
-
-After this settings will be applied for **all** next upgrade.
-
-From command line:
-
-`yunohost app upgrade gitea`
-
-### Backup
-
-This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
-
-- Stop gitea service with theses following command:
-
-`systemctl stop gitea.service`
-
-- Launch the backup of gitea with this following command:
-
-`yunohost backup create --app gitea`
-
-- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/gitea`.
-- Restart the gitea service with theses command:
-
-`systemctl start gitea.service`
-
-### Remove
-
-Due of the backup core only feature the data directory in `/home/gitea` **is not removed**. It need to be removed manually to purge app user data.
-
-### LFS setup
-To use a repository with an `LFS` setup, you need to activate-it on `/opt/gitea/custom/conf/app.ini`
-```ini
-[server]
-LFS_START_SERVER = true
-LFS_HTTP_AUTH_EXPIRY = 20m
-```
-By default Nginx is setup with a max value to updload files at 200 Mo. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`.
-```
-client_max_body_size 200M;
-```
-Don't forget to restart Gitea `sudo systemctl restart gitea.service`.
-
-> This settings are restored to the default config when Gitea is updated. Don't forget to restore your setup after all updates.
-
-### Git command access with HTTPS
-
-If you want to use the git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**.
-
-Links
------
-
- * Report a bug: https://framagit.org/YunoHost-Apps/gitea_ynh/issues
- * App website: http://gitea.io
- * YunoHost website: https://yunohost.org/
-
----
-
-Install
--------
-
-From command line:
-
-`sudo yunohost app install -l gitea https://github.com/YunoHost-Apps/gitea_ynh`
-
-Upgrade
--------
-
-From command line:
-
-`sudo yunohost app upgrade gitea -u https://github.com/YunoHost-Apps/gitea_ynh`
-
-License
--------
-
-Gitea is published under the MIT License:
-https://github.com/go-gitea/gitea/blob/master/LICENSE
-
-This package is published under the MIT License.
-
-Todo
-----
+**More info regarding app packaging:** https://yunohost.org/packaging_apps
\ No newline at end of file
diff --git a/README_fr.md b/README_fr.md
new file mode 100644
index 0000000..fbb3e65
--- /dev/null
+++ b/README_fr.md
@@ -0,0 +1,71 @@
+# Gitea pour YunoHost
+
+[](https://dash.yunohost.org/appci/app/gogs)  
+[](https://install-app.yunohost.org/?app=gogs)
+
+*[Read this readme in english.](./README.md)*
+*[Lire ce readme en français.](./README_fr.md)*
+
+> *Ce package vous permet d'installer Gogs rapidement et simplement sur un serveur YunoHost.
+Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
+
+## Vue d'ensemble
+
+Gogs (Go Git Service) est une forge multiplateforme basée sur git écrite en Go. Sa particularité est d’être léger et pouvant fonctionner sur carte ARM, ce qui fait qu’il est adapté à l’auto-hébergement. Gogs a une interface web similaire à celle de GitHub.
+
+
+**Version incluse :** 0.12.6~ynh1
+
+**Démo :** https://try.gogs.io/user/login
+
+## Captures d'écran
+
+
+
+## Avertissements / informations importantes
+
+## Notes on SSH usage
+
+If you want to use Gogs with SSH and be able to pull/push with you SSH key, your SSH daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gogs:
+
+```bash
+PubkeyAuthentication yes
+AuthorizedKeysFile %h/.ssh/authorized_keys
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+UsePAM no
+```
+
+You also need to add your public key to your Gogs profile.
+
+If you use SSH on another port than 22, you need to add theses lines to your ssh config in `~/.ssh/config`:
+
+```bash
+Host domain.tld
+ port 2222 # change this with the port you use
+```
+
+## Private Mode
+
+Actually it's possible to access to the Git repositories by the `git` command over HTTP also in private mode installation. It's important to know that in this mode the repository could be ALSO getted if you don't set the repository as private in the repos settings.
+
+## Documentations et ressources
+
+* Site officiel de l'app : http://gogs.io
+* Documentation officielle de l'admin : https://gogs.io/docs
+* Dépôt de code officiel de l'app : https://github.com/gogs/gogs
+* Documentation YunoHost pour cette app : https://yunohost.org/app_gogs
+* Signaler un bug : https://github.com/YunoHost-Apps/gogs_ynh/issues
+
+## Informations pour les développeurs
+
+Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/gogs_ynh/tree/testing).
+
+Pour essayer la branche testing, procédez comme suit.
+```
+sudo yunohost app install https://github.com/YunoHost-Apps/gogs_ynh/tree/testing --debug
+ou
+sudo yunohost app upgrade gogs -u https://github.com/YunoHost-Apps/gogs_ynh/tree/testing --debug
+```
+
+**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps
\ No newline at end of file
diff --git a/check_process b/check_process
index 7206f2b..971395c 100644
--- a/check_process
+++ b/check_process
@@ -1,9 +1,10 @@
;; General
; Manifest
- domain="domain.tld" (DOMAIN)
- path="/path" (PATH)
- admin="john" (USER)
- is_public=1 (PUBLIC|public=1|private=0)
+ domain="domain.tld"
+ path="/path"
+ admin="john"
+ password="1Strong-Password"
+ is_public=1
; Checks
pkg_linter=1
setup_sub_dir=1
@@ -12,15 +13,14 @@
setup_private=1
setup_public=1
upgrade=1
- upgrade=1 from_commit=349992d4f3921e4e1adb37a0cace4a5a9eb67099
- upgrade=1 from_commit=4e078e91129725c8b09ba551ab2a04e0328a45b3
+ #upgrade=1 from_commit=
backup_restore=1
multi_instance=1
- incorrect_path=0
- port_already_use=1 (6000)
change_url=1
+;;; Options
+Email=
+Notification=none
;;; Upgrade options
- ; commit=349992d4f3921e4e1adb37a0cace4a5a9eb67099
- name=First package version
- ; commit=4e078e91129725c8b09ba551ab2a04e0328a45b3
- name=Gogs code, check migration from gogs
+ ; commit=CommitHash
+ name=Name and date of the commit.
+ manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666&
diff --git a/conf/amd64.src b/conf/amd64.src
new file mode 100644
index 0000000..0af4a02
--- /dev/null
+++ b/conf/amd64.src
@@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.0-rc1/gitea-1.17.0-rc1-linux-amd64
+SOURCE_SUM=73eb9b7d1d698e4c66525c8eec594cc8503b670195765affbd2b190fa9879293
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
\ No newline at end of file
diff --git a/conf/app.ini b/conf/app.ini
index 9f00522..da9bfe3 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -1,75 +1,2349 @@
-;https://github.com/gogits/gogs/blob/master/conf/app.ini
+; This file lists the default values used by Gitea
+;; Copy required sections to your own app.ini (default is custom/conf/app.ini)
+;; and modify as needed.
+;; Do not copy the whole file as-is, as it contains some invalid sections for illustrative purposes.
+;; If you don't know what a setting is you should not set it.
+;;
+;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; General Settings
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; App name that shows in every page title
APP_NAME = Gitea
+;;
+;; RUN_USER will automatically detect the current user - but you can set it here change it if you run locally
RUN_USER = __APP__
-RUN_MODE = prod
-
-[database]
-DB_TYPE = mysql
-HOST = 127.0.0.1:3306
-NAME = __DB_USER__
-USER = __DB_USER__
-PASSWD = __DB_PASSWORD__
-SSL_MODE = disable
-PATH = data/gitea.db
-LOG_SQL = false
-
-[repository]
-ROOT = __REPOS_PATH__
-FORCE_PRIVATE = false
+;;
+;; Application run mode, affects performance and debugging. Either "dev", "prod" or "test", default is "prod"
+;RUN_MODE = prod
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[server]
-DOMAIN = __DOMAIN__
-HTTP_PORT = __PORT__
-HTTP_ADDR = 127.0.0.1
-ROOT_URL = https://__URL__/
-DISABLE_SSH = false
-SSH_PORT = __SSH_PORT__
-OFFLINE_MODE = false
-APP_DATA_PATH = __DATA_PATH__
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
+;PROTOCOL = http
+;;
+;; Set the domain for the server
+DOMAIN = __DOMAIN__
+;;
+;; Overwrite the automatically generated public URL. Necessary for proxies and docker.
+ROOT_URL = https://__DOMAIN____PATH_URL__
+;;
+;; when STATIC_URL_PREFIX is empty it will follow ROOT_URL
+;STATIC_URL_PREFIX =
+;;
+;; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
+HTTP_ADDR = 127.0.0.1
+;;
+;; The port to listen on. Leave empty when using a unix socket.
+HTTP_PORT = __PORT__
+;;
+;; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
+;; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
+;; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for
+;; PORT_TO_REDIRECT.
+;REDIRECT_OTHER_PORT = false
+;PORT_TO_REDIRECT = 80
+;;
+;; Minimum and maximum supported TLS versions
+;SSL_MIN_VERSION=TLSv1.2
+;SSL_MAX_VERSION=
+;;
+;; SSL Curve Preferences
+;SSL_CURVE_PREFERENCES=X25519,P256
+;;
+;; SSL Cipher Suites
+;SSL_CIPHER_SUITES=; Will default to "ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305" if aes is supported by hardware, otherwise chacha will be first.
+;;
+;; Timeout for any write to the connection. (Set to -1 to disable all timeouts.)
+;PER_WRITE_TIMEOUT = 30s
+;;
+;; Timeout per Kb written to connections.
+;PER_WRITE_PER_KB_TIMEOUT = 30s
+;;
+;; Permission for unix socket
+;UNIX_SOCKET_PERMISSION = 666
+;;
+;; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
+;; In most cases you do not need to change the default value.
+;; Alter it only if your SSH server node is not the same as HTTP node.
+;; Do not set this variable if PROTOCOL is set to 'unix'.
+;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
+;;
+;; Disable SSH feature when not available
+DISABLE_SSH = false
+;;
+;; Whether to use the builtin SSH server or not.
+;START_SSH_SERVER = false
+;;
+;; Username to use for the builtin SSH server.
+;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
+;;
+;; Domain name to be exposed in clone URL
+;SSH_DOMAIN = %(DOMAIN)s
+;;
+;; SSH username displayed in clone URLs.
+;SSH_USER = %(BUILTIN_SSH_SERVER_USER)s
+;;
+;; The network interface the builtin SSH server should listen on
+;SSH_LISTEN_HOST =
+;;
+;; Port number to be exposed in clone URL
+SSH_PORT = __SSH_PORT__
+;;
+;; The port number the builtin SSH server should listen on
+;SSH_LISTEN_PORT = %(SSH_PORT)s
+;;
+;; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
+SSH_ROOT_PATH =__DATADIR__/.ssh
+;;
+;; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
+;; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
+;SSH_CREATE_AUTHORIZED_KEYS_FILE = true
+;;
+;; Gitea will create a authorized_principals file by default when it is not using the internal ssh server
+;; If you intend to use the AuthorizedPrincipalsCommand functionality then you should turn this off.
+;SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE = true
+;;
+;; For the built-in SSH server, choose the ciphers to support for SSH connections,
+;; for system SSH this setting has no effect
+;SSH_SERVER_CIPHERS = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+;;
+;; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
+;; for system SSH this setting has no effect
+;SSH_SERVER_KEY_EXCHANGES = curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+;;
+;; For the built-in SSH server, choose the MACs to support for SSH connections,
+;; for system SSH this setting has no effect
+;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1
+;;
+;; For the built-in SSH server, choose the keypair to offer as the host key
+;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
+;; relative paths are made absolute relative to the APP_DATA_PATH
+;SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
+;;
+;; Directory to create temporary files in when testing public keys using ssh-keygen,
+;; default is the system temporary directory.
+;SSH_KEY_TEST_PATH =
+;;
+;; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+;SSH_KEYGEN_PATH = ssh-keygen
+;;
+;; Enable SSH Authorized Key Backup when rewriting all keys, default is true
+;SSH_AUTHORIZED_KEYS_BACKUP = true
+;;
+;; Determines which principals to allow
+;; - empty: if SSH_TRUSTED_USER_CA_KEYS is empty this will default to off, otherwise will default to email, username.
+;; - off: Do not allow authorized principals
+;; - email: the principal must match the user's email
+;; - username: the principal must match the user's username
+;; - anything: there will be no checking on the content of the principal
+;SSH_AUTHORIZED_PRINCIPALS_ALLOW = email, username
+;;
+;; Enable SSH Authorized Principals Backup when rewriting all keys, default is true
+;SSH_AUTHORIZED_PRINCIPALS_BACKUP = true
+;;
+;; Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication.
+;; Multiple keys should be comma separated.
+;; E.g."ssh- ". or "ssh- , ssh- ".
+;; For more information see "TrustedUserCAKeys" in the sshd config manpages.
+;SSH_TRUSTED_USER_CA_KEYS =
+;; Absolute path of the `TrustedUserCaKeys` file gitea will manage.
+;; Default this `RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem
+;; If you're running your own ssh server and you want to use the gitea managed file you'll also need to modify your
+;; sshd_config to point to this file. The official docker image will automatically work without further configuration.
+;SSH_TRUSTED_USER_CA_KEYS_FILENAME =
+;;
+;; Enable exposure of SSH clone URL to anonymous visitors, default is false
+;SSH_EXPOSE_ANONYMOUS = false
+;;
+;; Timeout for any write to ssh connections. (Set to -1 to disable all timeouts.)
+;; Will default to the PER_WRITE_TIMEOUT.
+;SSH_PER_WRITE_TIMEOUT = 30s
+;;
+;; Timeout per Kb written to ssh connections.
+;; Will default to the PER_WRITE_PER_KB_TIMEOUT.
+;SSH_PER_WRITE_PER_KB_TIMEOUT = 30s
+;;
+;; Indicate whether to check minimum key size with corresponding type
+;MINIMUM_KEY_SIZE_CHECK = false
+;;
+;; Disable CDN even in "prod" mode
+;OFFLINE_MODE = false
+;DISABLE_ROUTER_LOG = false
+;;
+;; TLS Settings: Either ACME or manual
+;; (Other common TLS configuration are found before)
+;ENABLE_ACME = false
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; ACME automatic TLS settings
+;;
+;; ACME directory URL (e.g. LetsEncrypt's staging/testing URL: https://acme-staging-v02.api.letsencrypt.org/directory)
+;; Leave empty to default to LetsEncrypt's (production) URL
+;ACME_URL =
+;;
+;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
+;ACME_ACCEPTTOS = false
+;;
+;; If the ACME CA is not in your system's CA trust chain, it can be manually added here
+;ACME_CA_ROOT =
+;;
+;; Email used for the ACME registration service
+;; Can be left blank to initialize at first run and use the cached value
+;ACME_EMAIL =
+;;
+;; ACME live directory (not to be confused with ACME directory URL: ACME_URL)
+;; (Refer to caddy's ACME manager https://github.com/caddyserver/certmagic)
+;ACME_DIRECTORY = https
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Manual TLS settings: (Only applicable if ENABLE_ACME=false)
+;;
+;; Generate steps:
+;; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+;;
+;; Or from a .pfx file exported from the Windows certificate store (do
+;; not forget to export the private key):
+;; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+;; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+;; Paths are relative to CUSTOM_PATH
+;CERT_FILE = https/cert.pem
+;KEY_FILE = https/key.pem
+;;
+;; Root directory containing templates and static files.
+;; default is the path where Gitea is executed
+;STATIC_ROOT_PATH =
+;;
+;; Default path for App data
+APP_DATA_PATH = __DATADIR__/data
+;;
+;; Enable gzip compression for runtime-generated content, static resources excluded
+;ENABLE_GZIP = false
+;;
+;; Application profiling (memory and cpu)
+;; For "web" command it listens on localhost:6060
+;; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)__
+;ENABLE_PPROF = false
+;;
+;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
+;PPROF_DATA_PATH = data/tmp/pprof
+;;
+;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
+;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
LANDING_PAGE = explore
+;;
+;; Enables git-lfs support. true or false, default is false.
+;LFS_START_SERVER = false
+;;
+;;
+;; LFS authentication secret, change this yourself
+LFS_JWT_SECRET =
+;;
+;; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
+;LFS_HTTP_AUTH_EXPIRY = 20m
+;;
+;; Maximum allowed LFS file size in bytes (Set to 0 for no limit).
+;LFS_MAX_FILE_SIZE = 0
+;;
+;; Maximum number of locks returned per page
+;LFS_LOCKS_PAGING_NUM = 50
+;;
+;; Allow graceful restarts using SIGHUP to fork
+;ALLOW_GRACEFUL_RESTARTS = true
+;;
+;; After a restart the parent will finish ongoing requests before
+;; shutting down. Force shutdown if this process takes longer than this delay.
+;; set to a negative value to disable
+;GRACEFUL_HAMMER_TIME = 60s
+;;
+;; Allows the setting of a startup timeout and waithint for Windows as SVC service
+;; 0 disables this.
+;STARTUP_TIMEOUT = 0
+;;
+;; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time. Note that this cache is disabled when RUN_MODE is "dev". Default is 6h
+;STATIC_CACHE_TIME = 6h
-[mailer]
-ENABLED = true
-HOST = 127.0.0.1:25
-FROM = "Gitea"
-SKIP_VERIFY = true
-
-[service]
-REGISTER_EMAIL_CONFIRM = false
-ENABLE_NOTIFY_MAIL = true
-DISABLE_REGISTRATION = true
-ENABLE_CAPTCHA = false
-REQUIRE_SIGNIN_VIEW = false
-ENABLE_REVERSE_PROXY_AUTHENTICATION = false
-ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false
-
-[picture]
-AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars
-
-[attachment]
-PATH = __DATA_PATH__/attachments
-
-[session]
-PROVIDER = memory
-
-[log]
-MODE = file
-LEVEL = Info
-ROOT_PATH = /var/log/__APP__
-
-REDIRECT_MACARON_LOG= true
-MACARON = file
-
-ROUTER_LOG_LEVEL = Warn
-ROUTER = file
-
-ENABLE_ACCESS_LOG = Warn
-ACCESS = file
-
-ENABLE_XORM_LOG = Warn
-XORM = file
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[database]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3".
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; MySQL Configuration
+;;
+DB_TYPE = mysql
+HOST = 127.0.0.1:3306 ; can use socket e.g. /var/run/mysqld/mysqld.sock
+NAME = __DB_NAME__
+USER = __DB_USER__
+PASSWD = __DB_PWD__
+;SSL_MODE = false ; either "false" (default), "true", or "skip-verify"
+;CHARSET = utf8mb4 ;either "utf8" or "utf8mb4", default is "utf8mb4".
+;;
+;; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Postgres Configuration
+;;
+;DB_TYPE = postgres
+;HOST = 127.0.0.1:5432 ; can use socket e.g. /var/run/postgresql/
+;NAME = __DB_NAME__
+;USER = __DB_USER__
+;PASSWD = __DB_PWD__
+;SCHEMA =
+;SSL_MODE=disable ;either "disable" (default), "require", or "verify-full"
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; SQLite Configuration
+;;
+;DB_TYPE = sqlite3
+;PATH= ; defaults to data/gitea.db
+;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; MSSQL Configuration
+;;
+;DB_TYPE = mssql
+;HOST = 172.17.0.2:1433
+;NAME = gitea
+;USER = SA
+;PASSWD = MwantsaSecurePassword1
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Other settings
+;;
+;; For iterate buffer, default is 50
+;ITERATE_BUFFER_SIZE = 50
+;;
+;; Show the database generated SQL
+LOG_SQL = false ; if unset defaults to true
+;;
+;; Maximum number of DB Connect retries
+;DB_RETRIES = 10
+;;
+;; Backoff time per DB retry (time.Duration)
+;DB_RETRY_BACKOFF = 3s
+;;
+;; Max idle database connections on connection pool, default is 2
+;MAX_IDLE_CONNS = 2
+;;
+;; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
+;CONN_MAX_LIFETIME = 3s
+;;
+;; Database maximum number of open connections, default is 0 meaning no maximum
+;MAX_OPEN_CONNS = 0
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[security]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Whether the installer is disabled (set to true to disable the installer)
INSTALL_LOCK = true
-SECRET_KEY = __KEY__
+;;
+;; Global secret key that will be used - if blank will be regenerated.
+SECRET_KEY = __KEY__
+;;
+;; Secret used to validate communication within Gitea binary.
+INTERNAL_TOKEN=
+;;
+;; Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: file:/etc/gitea/internal_token)
+;INTERNAL_TOKEN_URI = ;e.g. /etc/gitea/internal_token
+;;
+;; How long to remember that a user is logged in before requiring relogin (in days)
+;LOGIN_REMEMBER_DAYS = 7
+;;
+;; Name of the cookie used to store the current username.
+;COOKIE_USERNAME = gitea_awesome
+;;
+;; Name of cookie used to store authentication information.
+;COOKIE_REMEMBER_NAME = gitea_incredible
+;;
+;; Reverse proxy authentication header name of user name and email
REVERSE_PROXY_AUTHENTICATION_USER = REMOTE_USER
+;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
+;;
+;; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
+;REVERSE_PROXY_LIMIT = 1
+;;
+;; List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
+REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
+;;
+;; The minimum password length for new Users
+MIN_PASSWORD_LENGTH = 8
+;;
+;; Set to true to allow users to import local server paths
+;IMPORT_LOCAL_PATHS = false
+;;
+;; Set to false to allow users with git hook privileges to create custom git hooks.
+;; Custom git hooks can be used to perform arbitrary code execution on the host operating system.
+;; This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
+;; By modifying the Gitea database, users can gain Gitea administrator privileges.
+;; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
+;; WARNING: This maybe harmful to you website or your operating system.
+;; WARNING: Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
+;DISABLE_GIT_HOOKS = true
+;;
+;; Set to true to disable webhooks feature.
+;DISABLE_WEBHOOKS = false
+;;
+;; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
+;ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
+;;
+;;Comma separated list of character classes required to pass minimum complexity.
+;;If left empty or no valid values are specified, the default is off (no checking)
+;;Classes include "lower,upper,digit,spec"
+;PASSWORD_COMPLEXITY = off
+;;
+;; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
+;PASSWORD_HASH_ALGO = pbkdf2
+;;
+;; Set false to allow JavaScript to read CSRF cookie
+;CSRF_COOKIE_HTTP_ONLY = true
+;;
+;; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed
+;PASSWORD_CHECK_PWN = false
+;;
+;; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations.
+;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
+;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[camo]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; At the moment we only support images
+;;
+;; if the camo is enabled
+;ENABLED = false
+;; url to a camo image proxy, it **is required** if camo is enabled.
+;SERVER_URL =
+;; HMAC to encode urls with, it **is required** if camo is enabled.
+;HMAC_KEY =
+;; Set to true to use camo for https too lese only non https urls are proxyed
+;ALLWAYS = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[oauth2]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Enables OAuth2 provider
+ENABLE = true
+;;
+;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
+;JWT_SIGNING_ALGORITHM = RS256
+;;
+;; Private key file path used to sign OAuth2 tokens. The path is relative to APP_DATA_PATH.
+;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to RS256, RS384, RS512, ES256, ES384 or ES512.
+;; The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
+;JWT_SIGNING_PRIVATE_KEY_FILE = jwt/private.pem
+;;
+;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
+;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512.
+;JWT_SECRET =
+;;
+;; Lifetime of an OAuth2 access token in seconds
+;ACCESS_TOKEN_EXPIRATION_TIME = 3600
+;;
+;; Lifetime of an OAuth2 refresh token in hours
+;REFRESH_TOKEN_EXPIRATION_TIME = 730
+;;
+;; Check if refresh token got already used
+;INVALIDATE_REFRESH_TOKENS = false
+;;
+;; Maximum length of oauth2 token/cookie stored on server
+;MAX_TOKEN_LENGTH = 32767
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[log]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Root path for the log files - defaults to %(GITEA_WORK_DIR)/log
+ROOT_PATH = /var/log/__APP__
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Main Logger
+;;
+;; Either "console", "file", "conn", "smtp" or "database", default is "console"
+;; Use comma to separate multiple modes, e.g. "console, file"
+MODE = file
+;;
+;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical" or "None", default is "Info"
+LEVEL = Info
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Router Logger
+;;
+;; Switch off the router log
+;DISABLE_ROUTER_LOG=false
+;;
+;; Set the log "modes" for the router log (if file is set the log file will default to router.log)
+ROUTER = console
+;;
+;; The router will log different things at different levels.
+;;
+;; * started messages will be logged at TRACE level
+;; * polling/completed routers will be logged at INFO
+;; * slow routers will be logged at WARN
+;; * failed routers will be logged at WARN
+;;
+;; The routing level will default to that of the system but individual router level can be set in
+;; [log..router] LEVEL
+;;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Access Logger (Creates log in NCSA common log format)
+;;
+;ENABLE_ACCESS_LOG = false
+;;
+;; Set the log "modes" for the access log (if file is set the log file will default to access.log)
+;ACCESS = file
+;;
+;; Sets the template used to create the access log.
+;ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; SSH log (Creates log from ssh git request)
+;;
+;ENABLE_SSH_LOG = false
+;;
+;; Other Settings
+;;
+;; Print Stacktraces with logs. (Rarely helpful.) Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
+;STACKTRACE_LEVEL = None
+;;
+;; Buffer length of the channel, keep it as it is if you don't know what it is.
+;BUFFER_LEN = 10000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Creating specific log configuration
+;;
+;; You can set specific configuration for individual modes and subloggers
+;;
+;; Configuration available to all log modes/subloggers
+;LEVEL=
+;FLAGS = stdflags
+;EXPRESSION =
+;PREFIX =
+;COLORIZE = false
+;;
+;; For "console" mode only
+;STDERR = false
+;;
+;; For "file" mode only
+;LEVEL =
+;; Set the file_name for the logger. If this is a relative path this
+;; will be relative to ROOT_PATH
+;FILE_NAME =
+;; This enables automated log rotate(switch of following options), default is true
+;LOG_ROTATE = true
+;; Max size shift of a single file, default is 28 means 1 << 28, 256MB
+;MAX_SIZE_SHIFT = 28
+;; Segment log daily, default is true
+;DAILY_ROTATE = true
+;; delete the log file after n days, default is 7
+;MAX_DAYS = 7
+;; compress logs with gzip
+;COMPRESS = true
+;; compression level see godoc for compress/gzip
+;COMPRESSION_LEVEL = -1
+;
+;; For "conn" mode only
+;LEVEL =
+;; Reconnect host for every single message, default is false
+;RECONNECT_ON_MSG = false
+;; Try to reconnect when connection is lost, default is false
+;RECONNECT = false
+;; Either "tcp", "unix" or "udp", default is "tcp"
+;PROTOCOL = tcp
+;; Host address
+;ADDR =
+;
+;; For "smtp" mode only
+;LEVEL =
+;; Name displayed in mail title, default is "Diagnostic message from server"
+;SUBJECT = Diagnostic message from server
+;; Mail server
+;HOST =
+;; Mailer user name and password
+;USER =
+;; Use PASSWD = `your password` for quoting if you use special characters in the password.
+;PASSWD =
+;; Receivers, can be one or more, e.g. 1@example.com,2@example.com
+;RECEIVERS =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[git]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; The path of git executable. If empty, Gitea searches through the PATH environment.
+;PATH =
+;;
+;; The HOME directory for Git
+;HOME_PATH = %(APP_DATA_PATH)/home
+;;
+;; Disables highlight of added and removed changes
+;DISABLE_DIFF_HIGHLIGHT = false
+;;
+;; Max number of lines allowed in a single file in diff view
+;MAX_GIT_DIFF_LINES = 1000
+;;
+;; Max number of allowed characters in a line in diff view
+;MAX_GIT_DIFF_LINE_CHARACTERS = 5000
+;;
+;; Max number of files shown in diff view
+;MAX_GIT_DIFF_FILES = 100
+;;
+;; Set the default commits range size
+;COMMITS_RANGE_SIZE = 50
+;;
+;; Set the default branches range size
+;BRANCHES_RANGE_SIZE = 20
+;;
+;; Arguments for command 'git gc', e.g. "--aggressive --auto"
+;; see more on http://git-scm.com/docs/git-gc/
+;GC_ARGS =
+;;
+;; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+;ENABLE_AUTO_GIT_WIRE_PROTOCOL = true
+;;
+;; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
+;PULL_REQUEST_PUSH_MESSAGE = true
+;;
+;; (Go-Git only) Don't cache objects greater than this in memory. (Set to 0 to disable.)
+;LARGE_OBJECT_THRESHOLD = 1048576
+;; Set to true to forcibly set core.protectNTFS=false
+;DISABLE_CORE_PROTECT_NTFS=false
+;; Disable the usage of using partial clones for git.
+;DISABLE_PARTIAL_CLONE = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[service]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Time limit to confirm account/email registration
+;ACTIVE_CODE_LIVE_MINUTES = 180
+;;
+;; Time limit to perform the reset of a forgotten password
+;RESET_PASSWD_CODE_LIVE_MINUTES = 180
+;;
+;; Whether a new user needs to confirm their email when registering.
+REGISTER_EMAIL_CONFIRM = false
+;;
+;; Whether a new user needs to be confirmed manually after registration. (Requires `REGISTER_EMAIL_CONFIRM` to be disabled.)
+;REGISTER_MANUAL_CONFIRM = false
+;;
+;; List of domain names that are allowed to be used to register on a Gitea instance
+;; gitea.io,example.com
+;EMAIL_DOMAIN_WHITELIST =
+;;
+;; Comma-separated list of domain names that are not allowed to be used to register on a Gitea instance
+;EMAIL_DOMAIN_BLOCKLIST =
+;;
+;; Disallow registration, only allow admins to create accounts.
+DISABLE_REGISTRATION = true
+;;
+;; Allow registration only using gitea itself, it works only when DISABLE_REGISTRATION is false
+;ALLOW_ONLY_INTERNAL_REGISTRATION = false
+;;
+;; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
+;ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+;;
+;; User must sign in to view anything.
+;REQUIRE_SIGNIN_VIEW = false
+;;
+;; Mail notification
+ENABLE_NOTIFY_MAIL = true
+;;
+;; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password
+;; If you set this to false you will not be able to access the tokens endpoints on the API with your password
+;; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
+;ENABLE_BASIC_AUTHENTICATION = true
+;;
+;; More detail: https://github.com/gogits/gogs/issues/165
+;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
+;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+;ENABLE_REVERSE_PROXY_EMAIL = false
+;;
+;; Enable captcha validation for registration
+;ENABLE_CAPTCHA = false
+;;
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha
+;CAPTCHA_TYPE = image
+;;
+;; Enable recaptcha to use Google's recaptcha service
+;; Go to https://www.google.com/recaptcha/admin to sign up for a key
+;RECAPTCHA_SECRET =
+;RECAPTCHA_SITEKEY =
+;;
+;; For hCaptcha, create an account at https://accounts.hcaptcha.com/login to get your keys
+;HCAPTCHA_SECRET =
+;HCAPTCHA_SITEKEY =
+;;
+;; Change this to use recaptcha.net or other recaptcha service
+;RECAPTCHA_URL = https://www.google.com/recaptcha/
+;;
+;; Default value for KeepEmailPrivate
+;; Each new user will get the value of this setting copied into their profile
+;DEFAULT_KEEP_EMAIL_PRIVATE = false
+;;
+;; Default value for AllowCreateOrganization
+;; Every new user will have rights set to create organizations depending on this setting
+;DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+;; Default value for IsRestricted
+;; Every new user will have restricted permissions depending on this setting
+;DEFAULT_USER_IS_RESTRICTED = false
+;;
+;; Either "public", "limited" or "private", default is "public"
+;; Limited is for users visible only to signed users
+;; Private is for users visible only to members of their organizations
+;; Public is for users visible for everyone
+;DEFAULT_USER_VISIBILITY = public
+;;
+;; Set which visibility modes a user can have
+;ALLOWED_USER_VISIBILITY_MODES = public,limited,private
+;;
+;; Either "public", "limited" or "private", default is "public"
+;; Limited is for organizations visible only to signed users
+;; Private is for organizations visible only to members of the organization
+;; Public is for organizations visible to everyone
+;DEFAULT_ORG_VISIBILITY = public
+;;
+;; Default value for DefaultOrgMemberVisible
+;; True will make the membership of the users visible when added to the organisation
+;DEFAULT_ORG_MEMBER_VISIBLE = false
+;;
+;; Default value for EnableDependencies
+;; Repositories will use dependencies by default depending on this setting
+;DEFAULT_ENABLE_DEPENDENCIES = true
+;;
+;; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
+;ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
+;;
+;; Enable heatmap on users profiles.
+;ENABLE_USER_HEATMAP = true
+;;
+;; Enable Timetracking
+;ENABLE_TIMETRACKING = true
+;;
+;; Default value for EnableTimetracking
+;; Repositories will use timetracking by default depending on this setting
+;DEFAULT_ENABLE_TIMETRACKING = true
+;;
+;; Default value for AllowOnlyContributorsToTrackTime
+;; Only users with write permissions can track time if this is true
+;DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
+;;
+;; Value for the domain part of the user's email address in the git log if user
+;; has set KeepEmailPrivate to true. The user's email will be replaced with a
+;; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS. Default
+;; value is "noreply." + DOMAIN, where DOMAIN resolves to the value from server.DOMAIN
+;; Note: do not use the notation below
+;NO_REPLY_ADDRESS = ; noreply.
+;;
+;; Show Registration button
+;SHOW_REGISTRATION_BUTTON = true
+;;
+;; Show milestones dashboard page - a view of all the user's milestones
+;SHOW_MILESTONES_DASHBOARD_PAGE = true
+;;
+;; Default value for AutoWatchNewRepos
+;; When adding a repo to a team or creating a new repo all team members will watch the
+;; repo automatically if enabled
+;AUTO_WATCH_NEW_REPOS = true
+;;
+;; Default value for AutoWatchOnChanges
+;; Make the user watch a repository When they commit for the first time
+;AUTO_WATCH_ON_CHANGES = false
+;;
+;; Minimum amount of time a user must exist before comments are kept when the user is deleted.
+;USER_DELETE_WITH_COMMENTS_MAX_TIME = 0
+;; Valid site url schemes for user profiles
+;VALID_SITE_URL_SCHEMES=http,https
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Other Settings
+;;
+;; Uncomment the [section.header] if you wish to
+;; set the below settings.
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
+;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
+ROOT = __DATADIR__/repositories
+;;
+;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
+;SCRIPT_TYPE = bash
+;;
+;; DETECTED_CHARSETS_ORDER tie-break order for detected charsets.
+;; If the charsets have equal confidence, tie-breaking will be done by order in this list
+;; with charsets earlier in the list chosen in preference to those later.
+;; Adding "defaults" will place the unused charsets at that position.
+;DETECTED_CHARSETS_ORDER = UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr
+;;
+;; Default ANSI charset to override non-UTF-8 charsets to
+;ANSI_CHARSET =
+;;
+;; Force every new repository to be private
+;FORCE_PRIVATE = false
+;;
+;; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
+;DEFAULT_PRIVATE = last
+;;
+;; Default private when using push-to-create
+;DEFAULT_PUSH_CREATE_PRIVATE = true
+;;
+;; Global limit of repositories per user, applied at creation time. -1 means no limit
+;MAX_CREATION_LIMIT = -1
+;;
+;; Mirror sync queue length, increase if mirror syncing starts hanging (DEPRECATED: please use [queue.mirror] LENGTH instead)
+;MIRROR_QUEUE_LENGTH = 1000
+;;
+;; Patch test queue length, increase if pull request patch testing starts hanging (DEPRECATED: please use [queue.pr_patch_checker] LENGTH instead)
+;PULL_REQUEST_QUEUE_LENGTH = 1000
+;;
+;; Preferred Licenses to place at the top of the List
+;; The name here must match the filename in options/license or custom/options/license
+;PREFERRED_LICENSES = Apache License 2.0,MIT License
+;;
+;; Disable the ability to interact with repositories using the HTTP protocol
+;DISABLE_HTTP_GIT = false
+;;
+;; Value for Access-Control-Allow-Origin header, default is not to present
+;; WARNING: This may be harmful to your website if you do not give it a right value.
+;ACCESS_CONTROL_ALLOW_ORIGIN =
+;;
+;; Force ssh:// clone url instead of scp-style uri when default SSH port is used
+;USE_COMPAT_SSH_URI = false
+;;
+;; Close issues as long as a commit on any branch marks it as fixed
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki
+;DISABLED_REPO_UNITS =
+;;
+;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
+;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
+;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
+;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
+;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
+;;
+;; Prefix archive files by placing them in a directory named after the repository
+;PREFIX_ARCHIVE_FILES = true
+;;
+;; Disable migrating feature.
+;DISABLE_MIGRATIONS = false
+;;
+;; Disable stars feature.
+;DISABLE_STARS = false
+;;
+;; The default branch name of new repositories
+;DEFAULT_BRANCH = main
+;;
+;; Allow adoption of unadopted repositories
+;ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES = false
+;;
+;; Allow deletion of unadopted repositories
+;ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository.editor]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; List of file extensions for which lines should be wrapped in the Monaco editor
+;; Separate extensions with a comma. To line wrap files without an extension, just put a comma
+;LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
+;;
+;; Valid file modes that have a preview API associated with them, such as api/v1/markdown
+;; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
+;PREVIEWABLE_FILE_MODES = markdown
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository.local]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on gitea restart)
+;LOCAL_COPY_PATH = tmp/local-repo
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository.upload]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Whether repository file uploads are enabled. Defaults to `true`
+;ENABLED = true
+;;
+;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart)
+TEMP_PATH = __DATADIR__/data/tmp/uploads
+;;
+;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+;ALLOWED_TYPES =
+;;
+;; Max size of each file in megabytes. Defaults to 3MB
+;FILE_MAX_SIZE = 3
+;;
+;; Max number of files per upload. Defaults to 5
+;MAX_FILES = 5
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository.pull-request]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; List of prefixes used in Pull Request title to mark them as Work In Progress (matched in a case-insensitive manner)
+;WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
+;;
+;; List of keywords used in Pull Request comments to automatically close a related issue
+;CLOSE_KEYWORDS = close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
+;;
+;; List of keywords used in Pull Request comments to automatically reopen a related issue
+;REOPEN_KEYWORDS = reopen,reopens,reopened
+;;
+;; Set default merge style for repository creating, valid options: merge, rebase, rebase-merge, squash
+;DEFAULT_MERGE_STYLE = merge
+;;
+;; In the default merge message for squash commits include at most this many commits
+;DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT = 50
+;;
+;; In the default merge message for squash commits limit the size of the commit messages to this
+;DEFAULT_MERGE_MESSAGE_SIZE = 5120
+;;
+;; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
+;DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = false
+;;
+;; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
+;DEFAULT_MERGE_MESSAGE_MAX_APPROVERS = 10
+;;
+;; In default merge messages only include approvers who are official
+;DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY = true
+;;
+;; Add co-authored-by and co-committed-by trailers if committer does not match author
+;ADD_CO_COMMITTER_TRAILERS = true
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository.issue]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; List of reasons why a Pull Request or Issue can be locked
+;LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository.release]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+;ALLOWED_TYPES =
+;DEFAULT_PAGING_NUM = 10
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository.signing]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
+;; run in the context of the RUN_USER
+;; Switch to none to stop signing completely
+;SIGNING_KEY = default
+;;
+;; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
+;; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
+;; the results of git config --get user.name and git config --get user.email respectively and can only be overridden
+;; by setting the SIGNING_KEY ID to the correct ID.)
+;SIGNING_NAME =
+;SIGNING_EMAIL =
+;;
+;; Sets the default trust model for repositories. Options are: collaborator, committer, collaboratorcommitter
+;DEFAULT_TRUST_MODEL = collaborator
+;;
+;; Determines when gitea should sign the initial commit when creating a repository
+;; Either:
+;; - never
+;; - pubkey: only sign if the user has a pubkey
+;; - twofa: only sign if the user has logged in with twofa
+;; - always
+;; options other than none and always can be combined as comma separated list
+;INITIAL_COMMIT = always
+;;
+;; Determines when to sign for CRUD actions
+;; - as above
+;; - parentsigned: requires that the parent commit is signed.
+;CRUD_ACTIONS = pubkey, twofa, parentsigned
+;; Determines when to sign Wiki commits
+;; - as above
+;WIKI = never
+;;
+;; Determines when to sign on merges
+;; - basesigned: require that the parent of commit on the base repo is signed.
+;; - commitssigned: require that all the commits in the head branch are signed.
+;; - approved: only sign when merging an approved pr to a protected branch
+;MERGES = pubkey, twofa, basesigned, commitssigned
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[repository.mimetype_mapping]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Custom MIME type mapping for downloadable files
+;.apk=application/vnd.android.package-archive
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[project]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Default templates for project boards
+;PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done
+;PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cors]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
+;; enable cors headers (disabled by default)
+;ENABLED = false
+;;
+;; scheme of allowed requests
+;SCHEME = http
+;;
+;; list of requesting domains that are allowed
+;ALLOW_DOMAIN = *
+;;
+;; allow subdomains of headers listed above to request
+;ALLOW_SUBDOMAIN = false
+;;
+;; list of methods allowed to request
+;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
+;;
+;; max time to cache response
+;MAX_AGE = 10m
+;;
+;; allow request with credentials
+;ALLOW_CREDENTIALS = false
+;;
+;; set X-FRAME-OPTIONS header
+;X_FRAME_OPTIONS = SAMEORIGIN
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[ui]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Number of repositories that are displayed on one explore page
+;EXPLORE_PAGING_NUM = 20
+;;
+;; Number of issues that are displayed on one page
+;ISSUE_PAGING_NUM = 10
+;;
+;; Number of maximum commits displayed in one activity feed
+;FEED_MAX_COMMIT_NUM = 5
+;;
+;; Number of items that are displayed in home feed
+;FEED_PAGING_NUM = 20
+;;
+;; Number of items that are displayed in a single subsitemap
+;SITEMAP_PAGING_NUM = 20
+;;
+;; Number of maximum commits displayed in commit graph.
+;GRAPH_MAX_COMMIT_NUM = 100
+;;
+;; Number of line of codes shown for a code comment
+;CODE_COMMENT_LINES = 4
+;;
+;; Value of `theme-color` meta tag, used by Android >= 5.0
+;; An invalid color like "none" or "disable" will have the default style
+;; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+;THEME_COLOR_META_TAG = `#6cc644`
+;;
+;; Max size of files to be displayed (default is 8MiB)
+;MAX_DISPLAY_FILE_SIZE = 8388608
+;;
+;; Whether the email of the user should be shown in the Explore Users page
+;SHOW_USER_EMAIL = true
+;;
+;; Set the default theme for the Gitea install
+;DEFAULT_THEME = auto
+;;
+;; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
+;THEMES = auto,gitea,arc-green
+;;
+;; All available reactions users can choose on issues/prs and comments.
+;; Values can be emoji alias (:smile:) or a unicode emoji.
+;; For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png
+;REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
+;;
+;; Additional Emojis not defined in the utf8 standard
+;; By default we support gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and add it to this config.
+;; Dont mistake it for Reactions.
+;CUSTOM_EMOJIS = gitea, codeberg, gitlab, git, github, gogs
+;;
+;; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+;DEFAULT_SHOW_FULL_NAME = false
+;;
+;; Whether to search within description at repository search on explore page.
+;SEARCH_REPO_DESCRIPTION = true
+;;
+;; Whether to enable a Service Worker to cache frontend assets
+;USE_SERVICE_WORKER = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[ui.admin]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Number of users that are displayed on one page
+;USER_PAGING_NUM = 50
+;;
+;; Number of repos that are displayed on one page
+;REPO_PAGING_NUM = 50
+;;
+;; Number of notices that are displayed on one page
+;NOTICE_PAGING_NUM = 25
+;;
+;; Number of organizations that are displayed on one page
+;ORG_PAGING_NUM = 50
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[ui.user]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Number of repos that are displayed on one page
+;REPO_PAGING_NUM = 15
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[ui.meta]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;AUTHOR = Gitea - Git with a cup of tea
+;DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
+;KEYWORDS = go,git,self-hosted,gitea
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[ui.notification]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Control how often the notification endpoint is polled to update the notification
+;; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged
+;; Set MIN_TIMEOUT to -1 to turn off
+;MIN_TIMEOUT = 10s
+;MAX_TIMEOUT = 60s
+;TIMEOUT_STEP = 10s
+;;
+;; This setting determines how often the db is queried to get the latest notification counts.
+;; If the browser client supports EventSource and SharedWorker, a SharedWorker will be used in preference to polling notification. Set to -1 to disable the EventSource
+;EVENT_SOURCE_UPDATE_TIME = 10s
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[ui.svg]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Whether to render SVG files as images. If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images.
+;ENABLE_RENDER = true
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[ui.csv]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit).
+;MAX_FILE_SIZE = 524288
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[markdown]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Render soft line breaks as hard line breaks, which means a single newline character between
+;; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not
+;; necessary to force a line break.
+;; Render soft line breaks as hard line breaks for comments
+;ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true
+;;
+;; Render soft line breaks as hard line breaks for markdown documents
+;ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS = false
+;;
+;; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown
+;; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes)
+;; URLs starting with http and https are always displayed, whatever is put in this entry.
+;CUSTOM_URL_SCHEMES =
+;;
+;; List of file extensions that should be rendered/edited as Markdown
+;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
+;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[ssh.minimum_key_sizes]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Define allowed algorithms and their minimum key length (use -1 to disable a type)
+;ED25519 = 256
+;ECDSA = 256
+;RSA = 2047 ; we allow 2047 here because an otherwise valid 2048 bit RSA key can be reported as having 2047 bit length
+;DSA = -1 ; set to 1024 to switch on
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[indexer]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Issue Indexer settings
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve
+;ISSUE_INDEXER_TYPE = bleve
+;;
+;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
+;ISSUE_INDEXER_PATH = indexers/issues.bleve
+;;
+;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
+;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
+;;
+;; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
+;ISSUE_INDEXER_NAME = gitea_issues
+;;
+;; Timeout the indexer if it takes longer than this to start.
+;; Set to -1 to disable timeout.
+;STARTUP_TIMEOUT = 30s
+;;
+;; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue (deprecated - use [queue.issue_indexer])
+;ISSUE_INDEXER_QUEUE_TYPE = levelqueue; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+;;
+;; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
+;; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
+;; default is queues/common
+;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+;;
+;; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+;; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of
+;; the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`.
+;ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+;;
+;; Batch queue number, default is 20
+;ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Repository Indexer settings
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; repo indexer by default disabled, since it uses a lot of disk space
+;REPO_INDEXER_ENABLED = false
+;;
+;; Code search engine type, could be `bleve` or `elasticsearch`.
+;REPO_INDEXER_TYPE = bleve
+;;
+;; Index file used for code search. available when `REPO_INDEXER_TYPE` is bleve
+;REPO_INDEXER_PATH = indexers/repos.bleve
+;;
+;; Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200
+;REPO_INDEXER_CONN_STR =
+;;
+;; Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch
+;REPO_INDEXER_NAME = gitea_codes
+;;
+;; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include
+;; in the index; default is empty
+;REPO_INDEXER_INCLUDE =
+;;
+;; A comma separated list of glob patterns to exclude from the index; ; default is empty
+;REPO_INDEXER_EXCLUDE =
+;;
+;;
+;UPDATE_BUFFER_LEN = 20; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+;MAX_FILE_SIZE = 1048576
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[queue]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Specific queues can be individually configured with [queue.name]. [queue] provides defaults
+;; ([queue.issue_indexer] is special due to the old configuration described above)
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy
+;; default to persistable-channel
+;TYPE = persistable-channel
+;;
+;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared.
+;DATADIR = queues/
+;;
+;; Default queue length before a channel queue will block
+;LENGTH = 20
+;;
+;; Batch size to send for batched queues
+;BATCH_LENGTH = 20
+;;
+;; Connection string for redis queues this will store the redis connection string.
+;; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
+;; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
+;CONN_STR = "addrs=127.0.0.1:6379 db=0"
+;;
+;; Provides the suffix of the default redis/disk queue name - specific queues can be overridden within in their [queue.name] sections.
+;QUEUE_NAME = "_queue"
+;;
+;; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overridden within in their [queue.name] sections.
+;SET_NAME = "_unique"
+;;
+;; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
+;WRAP_IF_NECESSARY = true
+;;
+;; Attempt to create the wrapped queue at max
+;MAX_ATTEMPTS = 10
+;;
+;; Timeout queue creation
+;TIMEOUT = 15m30s
+;;
+;; Create a pool with this many workers
+;WORKERS = 0
+;;
+;; Dynamically scale the worker pool to at this many workers
+;MAX_WORKERS = 10
+;;
+;; Add boost workers when the queue blocks for BLOCK_TIMEOUT
+;BLOCK_TIMEOUT = 1s
+;;
+;; Remove the boost workers after BOOST_TIMEOUT
+;BOOST_TIMEOUT = 5m
+;;
+;; During a boost add BOOST_WORKERS
+;BOOST_WORKERS = 1
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[admin]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Disallow regular (non-admin) users from creating organizations.
+;DISABLE_REGULAR_ORG_CREATION = false
+;;
+;; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
+;DEFAULT_EMAIL_NOTIFICATIONS = enabled
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[openid]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; OpenID is an open, standard and decentralized authentication protocol.
+;; Your identity is the address of a webpage you provide, which describes
+;; how to prove you are in control of that page.
+;;
+;; For more info: https://en.wikipedia.org/wiki/OpenID
+;;
+;; Current implementation supports OpenID-2.0
+;;
+;; Tested to work providers at the time of writing:
+;; - Any GNUSocial node (your.hostname.tld/username)
+;; - Any SimpleID provider (http://simpleid.koinic.net)
+;; - http://openid.org.cn/
+;; - openid.stackexchange.com
+;; - login.launchpad.net
+;; - .livejournal.com
+;;
+;; Whether to allow signin in via OpenID
+;ENABLE_OPENID_SIGNIN = true
+;;
+;; Whether to allow registering via OpenID
+;; Do not include to rely on rhw DISABLE_REGISTRATION setting
+;;ENABLE_OPENID_SIGNUP = true
+;;
+;; Allowed URI patterns (POSIX regexp).
+;; Space separated.
+;; Only these would be allowed if non-blank.
+;; Example value: trusted.domain.org trusted.domain.net
+;WHITELISTED_URIS =
+;;
+;; Forbidden URI patterns (POSIX regexp).
+;; Space separated.
+;; Only used if WHITELISTED_URIS is blank.
+;; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
+;BLACKLISTED_URIS =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[oauth2_client]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Whether a new auto registered oauth2 user needs to confirm their email.
+;; Do not include to use the REGISTER_EMAIL_CONFIRM setting from the `[service]` section.
+;REGISTER_EMAIL_CONFIRM =
+;;
+;; Scopes for the openid connect oauth2 provider (separated by space, the openid scope is implicitly added).
+;; Typical values are profile and email.
+;; For more information about the possible values see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
+;OPENID_CONNECT_SCOPES =
+;;
+;; Automatically create user accounts for new oauth2 users.
+;ENABLE_AUTO_REGISTRATION = false
+;;
+;; The source of the username for new oauth2 accounts:
+;; userid = use the userid / sub attribute
+;; nickname = use the nickname attribute
+;; email = use the username part of the email attribute
+;USERNAME = nickname
+;;
+;; Update avatar if available from oauth2 provider.
+;; Update will be performed on each login.
+;UPDATE_AVATAR = false
+;;
+;; How to handle if an account / email already exists:
+;; disabled = show an error
+;; login = show an account linking login
+;; auto = link directly with the account
+;ACCOUNT_LINKING = login
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[webhook]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Hook task queue length, increase if webhook shooting starts hanging
+;QUEUE_LENGTH = 1000
+;;
+;; Deliver timeout in seconds
+;DELIVER_TIMEOUT = 5
+;;
+;; Webhook can only call allowed hosts for security reasons. Comma separated list, eg: external, 192.168.1.0/24, *.mydomain.com
+;; Built-in: loopback (for localhost), private (for LAN/intranet), external (for public hosts on internet), * (for all hosts)
+;; CIDR list: 1.2.3.0/8, 2001:db8::/32
+;; Wildcard hosts: *.mydomain.com, 192.168.100.*
+;; Since 1.15.7. Default to * for 1.15.x, external for 1.16 and later
+;ALLOWED_HOST_LIST = external
+;;
+;; Allow insecure certification
+;SKIP_TLS_VERIFY = false
+;;
+;; Number of history information in each page
+;PAGING_NUM = 10
+;;
+;; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
+;PROXY_URL =
+;;
+;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
+;PROXY_HOSTS =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[mailer]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+ENABLED = true
+;;
+;; Buffer length of channel, keep it as it is if you don't know what it is.
+;SEND_BUFFER_LEN = 100
+;;
+;; Prefix displayed before subject in mail
+;SUBJECT_PREFIX =
+;;
+;; Mail server
+;; Gmail: smtp.gmail.com:587
+;; QQ: smtp.qq.com:465
+;; As per RFC 8314 using Implicit TLS/SMTPS on port 465 (if supported) is recommended,
+;; otherwise STARTTLS on port 587 should be used.
+HOST = 127.0.0.1:25
+;;
+;; Disable HELO operation when hostnames are different.
+;DISABLE_HELO =
+;;
+;; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
+;HELO_HOSTNAME =
+;;
+;; Whether or not to skip verification of certificates; `true` to disable verification. This option is unsafe. Consider adding the certificate to the system trust store instead.
+SKIP_VERIFY = true
+;;
+;; Use client certificate
+;USE_CERTIFICATE = false
+;CERT_FILE = custom/mailer/cert.pem
+;KEY_FILE = custom/mailer/key.pem
+;;
+;; Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)
+;; If this is false but STARTTLS is supported the connection will be upgraded to TLS opportunistically.
+;IS_TLS_ENABLED = false
+;;
+;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format
+FROM = "Gitea"
+;;
+;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
+;ENVELOPE_FROM =
+;;
+;; Mailer user name and password
+;; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
+;USER =
+;;
+;; Use PASSWD = `your password` for quoting if you use special characters in the password.
+;PASSWD =
+;;
+;; Send mails as plain text
+;SEND_AS_PLAIN_TEXT = false
+;;
+;; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
+MAILER_TYPE = smtp
+;;
+;; Specify an alternative sendmail binary
+;SENDMAIL_PATH = sendmail
+;;
+;; Specify any extra sendmail arguments
+;; WARNING: if your sendmail program interprets options you should set this to "--" or terminate these args with "--"
+;SENDMAIL_ARGS =
+;;
+;; Timeout for Sendmail
+;SENDMAIL_TIMEOUT = 5m
+;;
+;; convert \r\n to \n for Sendmail
+;SENDMAIL_CONVERT_CRLF = true
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cache]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; if the cache enabled
+;ENABLED = true
+;;
+;; Either "memory", "redis", "memcache", or "twoqueue". default is "memory"
+;ADAPTER = memory
+;;
+;; For "memory" only, GC interval in seconds, default is 60
+;INTERVAL = 60
+;;
+;; For "redis" and "memcache", connection host address
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+;; memcache: `127.0.0.1:11211`
+;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
+;HOST =
+;;
+;; Time to keep items in cache if not used, default is 16 hours.
+;; Setting it to -1 disables caching
+;ITEM_TTL = 16h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Last commit cache
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cache.last_commit]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; if the cache enabled
+;ENABLED = true
+;;
+;; Time to keep items in cache if not used, default is 8760 hours.
+;; Setting it to -1 disables caching
+;ITEM_TTL = 8760h
+;;
+;; Only enable the cache when repository's commits count great than
+;COMMITS_COUNT = 1000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[session]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
+;; Default is "memory". "db" will reuse the configuration in [database]
+;PROVIDER = memory
+;;
+;; Provider config options
+;; memory: doesn't have any config yet
+;; file: session file path, e.g. `data/sessions`
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
+;PROVIDER_CONFIG = data/sessions
+;;
+;; Session cookie name
+;COOKIE_NAME = i_like_gitea
+;;
+;; If you use session in https only, default is false
+;COOKIE_SECURE = false
+;;
+;; Session GC time interval in seconds, default is 86400 (1 day)
+;GC_INTERVAL_TIME = 86400
+;;
+;; Session life time in seconds, default is 86400 (1 day)
+;SESSION_LIFE_TIME = 86400
+;;
+;; SameSite settings. Either "none", "lax", or "strict"
+;SAME_SITE=lax
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[picture]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+AVATAR_UPLOAD_PATH = __DATADIR__/data/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = __DATADIR__/data/repo-avatars
+;;
+;; How Gitea deals with missing repository avatars
+;; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
+;REPOSITORY_AVATAR_FALLBACK = none
+;REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
+;;
+;; Max Width and Height of uploaded avatars.
+;; This is to limit the amount of RAM used when resizing the image.
+;AVATAR_MAX_WIDTH = 4096
+;AVATAR_MAX_HEIGHT = 3072
+;;
+;; The multiplication factor for rendered avatar images.
+;; Larger values result in finer rendering on HiDPI devices.
+;AVATAR_RENDERED_SIZE_FACTOR = 3
+;;
+;; Maximum allowed file size for uploaded avatars.
+;; This is to limit the amount of RAM used when resizing the image.
+;AVATAR_MAX_FILE_SIZE = 1048576
+;;
+;; Chinese users can choose "duoshuo"
+;; or a custom avatar source, like: http://cn.gravatar.com/avatar/
+;GRAVATAR_SOURCE = gravatar
+;;
+;; This value will always be true in offline mode.
+;DISABLE_GRAVATAR = false
+;;
+;; Federated avatar lookup uses DNS to discover avatar associated
+;; with emails, see https://www.libravatar.org
+;; This value will always be false in offline mode or when Gravatar is disabled.
+;ENABLE_FEDERATED_AVATAR = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[attachment]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Whether issue and pull request attachments are enabled. Defaults to `true`
+;ENABLED = true
+;;
+;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;;
+;; Max size of each file. Defaults to 4MB
+;MAX_SIZE = 4
+;;
+;; Max number of files per upload. Defaults to 5
+;MAX_FILES = 5
+;;
+;; Storage type for attachments, `local` for local disk or `minio` for s3 compatible
+;; object storage service, default is `local`.
+;STORAGE_TYPE = local
+;;
+;; Allows the storage driver to redirect to authenticated URLs to serve files directly
+;; Currently, only `minio` is supported.
+;SERVE_DIRECT = false
+;;
+;; Path for attachments. Defaults to `data/attachments` only available when STORAGE_TYPE is `local`
+;PATH = data/attachments
+;;
+;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+;MINIO_ENDPOINT = localhost:9000
+;;
+;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+;MINIO_ACCESS_KEY_ID =
+;;
+;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+;MINIO_SECRET_ACCESS_KEY =
+;;
+;; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+;MINIO_BUCKET = gitea
+;;
+;; Minio location to create bucket only available when STORAGE_TYPE is `minio`
+;MINIO_LOCATION = us-east-1
+;;
+;; Minio base path on the bucket only available when STORAGE_TYPE is `minio`
+;MINIO_BASE_PATH = attachments/
+;;
+;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
+;MINIO_USE_SSL = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[time]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Specifies the format for fully outputted dates. Defaults to RFC1123
+;; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
+;; For more information about the format see http://golang.org/pkg/time/#pkg-constants
+;FORMAT =
+;;
+;; Location the UI time display i.e. Asia/Shanghai
+;; Empty means server's location setting
+;DEFAULT_UI_LOCATION =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Common settings
+;;
+;; Setting this to true will enable all cron tasks periodically with default settings.
+;ENABLED = false
+;; Setting this to true will run all enabled cron tasks when Gitea starts.
+;RUN_AT_START = false
+;;
+;; Note: ``SCHEDULE`` accept formats
+;; - Full crontab specs, e.g. "* * * * * ?"
+;; - Descriptors, e.g. "@midnight", "@every 1h30m"
+;; See more: https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Basic cron tasks - enabled by default
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Clean up old repository archives
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.archive_cleanup]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Whether to enable the job
+;ENABLED = true
+;; Whether to always run at least once at start up time (if ENABLED)
+;RUN_AT_START = true
+;; Whether to emit notice on successful execution too
+;NOTICE_ON_SUCCESS = false
+;; Time interval for job to run
+;SCHEDULE = @midnight
+;; Archives created more than OLDER_THAN ago are subject to deletion
+;OLDER_THAN = 24h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Update mirrors
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.update_mirrors]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;SCHEDULE = @every 10m
+;; Enable running Update mirrors task periodically.
+;ENABLED = true
+;; Run Update mirrors task when Gitea starts.
+;RUN_AT_START = false
+;; Notice if not success
+;NOTICE_ON_SUCCESS = false
+;; Limit the number of mirrors added to the queue to this number
+;; (negative values mean no limit, 0 will result in no result in no mirrors being queued effectively disabling pull mirror updating.)
+;PULL_LIMIT=50
+;; Limit the number of mirrors added to the queue to this number
+;; (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling push mirror updating)
+;PUSH_LIMIT=50
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Repository health check
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.repo_health_check]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;SCHEDULE = @midnight
+;; Enable running Repository health check task periodically.
+;ENABLED = true
+;; Run Repository health check task when Gitea starts.
+;RUN_AT_START = false
+;; Notice if not success
+;NOTICE_ON_SUCCESS = false
+;TIMEOUT = 60s
+;; Arguments for command 'git fsck', e.g. "--unreachable --tags"
+;; see more on http://git-scm.com/docs/git-fsck
+;ARGS =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Check repository statistics
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.check_repo_stats]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Enable running check repository statistics task periodically.
+;ENABLED = true
+;; Run check repository statistics task when Gitea starts.
+;RUN_AT_START = true
+;; Notice if not success
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @midnight
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.update_migration_poster_id]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
+;ENABLED = true
+;; Update migrated repositories' issues and comments' posterid when starting server (default true)
+;RUN_AT_START = true
+;; Notice if not success
+;NOTICE_ON_SUCCESS = false
+;; Interval as a duration between each synchronization. (default every 24h)
+;SCHEDULE = @midnight
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Synchronize external user data (only LDAP user synchronization is supported)
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.sync_external_users]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = true
+;; Synchronize external user data when starting server (default false)
+;RUN_AT_START = false
+;; Notice if not success
+;NOTICE_ON_SUCCESS = false
+;; Interval as a duration between each synchronization (default every 24h)
+;SCHEDULE = @midnight
+;; Create new users, update existing user data and disable users that are not in external source anymore (default)
+;; or only create new users if UPDATE_EXISTING is set to false
+;UPDATE_EXISTING = true
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Clean-up deleted branches
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.deleted_branches_cleanup]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = true
+;; Clean-up deleted branches when starting server (default true)
+;RUN_AT_START = true
+;; Notice if not success
+;NOTICE_ON_SUCCESS = false
+;; Interval as a duration between each synchronization (default every 24h)
+;SCHEDULE = @midnight
+;; deleted branches than OLDER_THAN ago are subject to deletion
+;OLDER_THAN = 24h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Cleanup hook_task table
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.cleanup_hook_task_table]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Whether to enable the job
+;ENABLED = true
+;; Whether to always run at start up time (if ENABLED)
+;RUN_AT_START = false
+;; Time interval for job to run
+;SCHEDULE = @midnight
+;; OlderThan or PerWebhook. How the records are removed, either by age (i.e. how long ago hook_task record was delivered) or by the number to keep per webhook (i.e. keep most recent x deliveries per webhook).
+;CLEANUP_TYPE = OlderThan
+;; If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
+;OLDER_THAN = 168h
+;; If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
+;NUMBER_TO_KEEP = 10
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Cleanup expired packages
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.cleanup_packages]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Whether to enable the job
+;ENABLED = true
+;; Whether to always run at least once at start up time (if ENABLED)
+;RUN_AT_START = true
+;; Whether to emit notice on successful execution too
+;NOTICE_ON_SUCCESS = false
+;; Time interval for job to run
+;SCHEDULE = @midnight
+;; Unreferenced blobs created more than OLDER_THAN ago are subject to deletion
+;OLDER_THAN = 24h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Extended cron task - not enabled by default
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Delete all unactivated accounts
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.delete_inactive_accounts]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @annually
+;OLDER_THAN = 168h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Delete all repository archives
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.delete_repo_archives]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @annually;
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Garbage collect all repositories
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.git_gc_repos]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @every 72h
+;TIMEOUT = 60s
+;; Arguments for command 'git gc'
+;; The default value is same with [git] -> GC_ARGS
+;ARGS =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Update the '.ssh/authorized_keys' file with Gitea SSH keys
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.resync_all_sshkeys]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @every 72h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Resynchronize pre-receive, update and post-receive hooks of all repositories.
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.resync_all_hooks]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @every 72h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Reinitialize all missing Git repositories for which records exist
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.reinit_missing_repos]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @every 72h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Delete all repositories missing their Git files
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.delete_missing_repos]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @every 72h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Delete generated repository avatars
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.delete_generated_repository_avatars]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @every 72h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Delete all old actions from database
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.delete_old_actions]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NOTICE_ON_SUCCESS = false
+;SCHEDULE = @every 168h
+;OLDER_THAN = 8760h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Check for new Gitea versions
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.update_checker]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;ENABLE_SUCCESS_NOTICE = false
+;SCHEDULE = @every 168h
+;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Delete all old system notices from database
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[cron.delete_old_system_notices]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;ENABLED = false
+;RUN_AT_START = false
+;NO_SUCCESS_NOTICE = false
+;SCHEDULE = @every 168h
+;OLDER_THAN = 8760h
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Git Operation timeout in seconds
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[git.timeout]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;DEFAULT = 360
+;MIGRATE = 600
+;MIRROR = 300
+;CLONE = 300
+;PULL = 300
+;GC = 60
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[mirror]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
+;ENABLED = true
+;; Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
+;DISABLE_NEW_PULL = false
+;; Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
+;DISABLE_NEW_PUSH = false
+;; Default interval as a duration between each check
+;DEFAULT_INTERVAL = 8h
+;; Min interval as a duration must be > 1m
+;MIN_INTERVAL = 10m
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[api]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Enables Swagger. True or false; default is true.
+;ENABLE_SWAGGER = true
+;; Max number of items in a page
+;MAX_RESPONSE_ITEMS = 50
+;; Default paging number of api
+;DEFAULT_PAGING_NUM = 30
+;; Default and maximum number of items per page for git trees api
+;DEFAULT_GIT_TREES_PER_PAGE = 1000
+;; Default size of a blob returned by the blobs API (default is 10MiB)
+;DEFAULT_MAX_BLOB_SIZE = 10485760
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[i18n]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
+;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
+;NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[highlight.mapping]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Extension mapping to highlight class
+;; e.g. .toml=ini
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[other]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;SHOW_FOOTER_BRANDING = false
+;; Show version information about Gitea and Go in the footer
+;SHOW_FOOTER_VERSION = true
+;; Show template execution time in the footer
+;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[markup]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits)
+;MERMAID_MAX_SOURCE_CHARACTERS = 5000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[markup.sanitizer.1]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; The following keys can appear once to define a sanitation policy rule.
+;; This section can appear multiple times by adding a unique alphanumeric suffix to define multiple rules.
+;; e.g., [markup.sanitizer.1] -> [markup.sanitizer.2] -> [markup.sanitizer.TeX]
+;ELEMENT = span
+;ALLOW_ATTR = class
+;REGEXP = ^(info|warning|error)$
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Other markup formats e.g. asciidoc
+;;
+;; uncomment and enable the below section.
+;; (You can add other markup formats by copying the section and adjusting
+;; the section name suffix "asciidoc" to something else.)
+;[markup.asciidoc]
+;ENABLED = false
+;; List of file extensions that should be rendered by an external command
+;FILE_EXTENSIONS = .adoc,.asciidoc
+;; External command to render all matching extensions
+;RENDER_COMMAND = "asciidoc --out-file=- -"
+;; Don't pass the file on STDIN, pass the filename as argument instead.
+;IS_INPUT_FILE = false
+;; How the content will be rendered.
+;; * sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in [markup.sanitizer.*] .
+;; * no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
+;; * iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
+;RENDER_CONTENT_MODE=sanitized
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[metrics]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Enables metrics endpoint. True or false; default is false.
+;ENABLED = false
+;; If you want to add authorization, specify a token here
+;TOKEN =
+;; Enable issue by label metrics; default is false
+;ENABLED_ISSUE_BY_LABEL = false
+;; Enable issue by repository metrics; default is false
+;ENABLED_ISSUE_BY_REPOSITORY = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[task]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Task queue type, could be `channel` or `redis`.
+;QUEUE_TYPE = channel
+;;
+;; Task queue length, available only when `QUEUE_TYPE` is `channel`.
+;QUEUE_LENGTH = 1000
+;;
+;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
+;; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
+;QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[migrations]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Max attempts per http/https request on migrations.
+;MAX_ATTEMPTS = 3
+;;
+;; Backoff time per http/https request retry (seconds)
+;RETRY_BACKOFF = 3
+;;
+;; Allowed domains for migrating, default is blank. Blank means everything will be allowed.
+;; Multiple domains could be separated by commas.
+;; Wildcard is supported: "github.com, *.github.com"
+;ALLOWED_DOMAINS =
+;;
+;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
+;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains.
+;; Wildcard is supported.
+;BLOCKED_DOMAINS =
+;;
+;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
+;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored.
+;ALLOW_LOCALNETWORKS = false
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[federation]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Enable/Disable federation capabilities
+;ENABLED = false
+;;
+;; Enable/Disable user statistics for nodeinfo if federation is enabled
+;SHARE_USER_STATISTICS = true
+;;
+;; Maximum federation request and response size (MB)
+;MAX_SIZE = 4
+;;
+;; WARNING: Changing the settings below can break federation.
+;;
+;; HTTP signature algorithms
+;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519
+;;
+;; HTTP signature digest algorithm
+;DIGEST_ALGORITHM = SHA-256
+;;
+;; GET headers for federation requests
+;GET_HEADERS = (request-target), Date
+;;
+;; POST headers for federation requests
+;POST_HEADERS = (request-target), Date, Digest
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[packages]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; Enable/Disable package registry capabilities
+;ENABLED = true
+;;
+;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
+;CHUNKED_UPLOAD_PATH = tmp/package-upload
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; default storage for attachments, lfs and avatars
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[storage]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; storage type
+;STORAGE_TYPE = local
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; settings for repository archives, will override storage setting
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[storage.repo-archive]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; storage type
+;STORAGE_TYPE = local
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; lfs storage will override storage
+;;
+;[lfs]
+;STORAGE_TYPE = local
+;;
+;; Where your lfs files reside, default is data/lfs.
+;PATH = data/lfs
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; settings for packages, will override storage setting
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[storage.packages]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; storage type
+;STORAGE_TYPE = local
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; customize storage
+;[storage.my_minio]
+;STORAGE_TYPE = minio
+;;
+;; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+;MINIO_ENDPOINT = localhost:9000
+;;
+;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+;MINIO_ACCESS_KEY_ID =
+;;
+;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+;MINIO_SECRET_ACCESS_KEY =
+;;
+;; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+;MINIO_BUCKET = gitea
+;;
+;; Minio location to create bucket only available when STORAGE_TYPE is `minio`
+;MINIO_LOCATION = us-east-1
+;;
+;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
+;MINIO_USE_SSL = false
+
+;[proxy]
+;; Enable the proxy, all requests to external via HTTP will be affected
+;PROXY_ENABLED = false
+;; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy/no_proxy
+;PROXY_URL =
+;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
+;PROXY_HOSTS =
diff --git a/conf/arm64.src b/conf/arm64.src
new file mode 100644
index 0000000..3325f10
--- /dev/null
+++ b/conf/arm64.src
@@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.0-rc1/gitea-1.17.0-rc1-linux-arm64
+SOURCE_SUM=83128d61a2c93d3632ebe59eb54204436e38b0571282c6a31da2b5aa1bb4bc08
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
\ No newline at end of file
diff --git a/conf/source/arm64.src b/conf/armhf.src
similarity index 53%
rename from conf/source/arm64.src
rename to conf/armhf.src
index 2cb7de0..1dc5604 100644
--- a/conf/source/arm64.src
+++ b/conf/armhf.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm64
-SOURCE_SUM=43a9b559d8a080cbf55aac8961074a25018e83edfe70d7dc8666b9acff794b09
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.0-rc1/gitea-1.17.0-rc1-linux-arm-6
+SOURCE_SUM=4291e7d2ef65e480bbc7552ab34f420f32ceba3ccbb2a4669ffb1f4f34cbbd12
SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false
diff --git a/conf/gogs_migrations b/conf/gogs_migrations
deleted file mode 100644
index 5e7a3c4..0000000
--- a/conf/gogs_migrations
+++ /dev/null
@@ -1,5 +0,0 @@
-/opt/$app
-/home/$app
-/var/log/$app
-/etc/systemd/system/$app.service
-/etc/nginx/conf.d/$domain.d/$app.conf
diff --git a/conf/gogs_post_migration.sh b/conf/gogs_post_migration.sh
deleted file mode 100644
index e4065ff..0000000
--- a/conf/gogs_post_migration.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash
-
-# Ending the migration process from Gogs to Gitea
-
-set -u
-
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
-source /usr/share/yunohost/helpers
-
-#=================================================
-# SET VARIABLES
-#=================================================
-
-old_app="__OLD_APP__"
-new_app="__NEW_APP__"
-script_name="$0"
-
-#=================================================
-# DELETE OLD APP'S SETTINGS
-#=================================================
-
-ynh_secure_remove --file="/etc/yunohost/apps/$old_app"
-yunohost app ssowatconf
-
-#=================================================
-# DELETE THIS SCRIPT
-#=================================================
-
-echo "rm $script_name" | at now + 1 minutes
diff --git a/conf/i386.src b/conf/i386.src
new file mode 100644
index 0000000..8dae463
--- /dev/null
+++ b/conf/i386.src
@@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.0-rc1/gitea-1.17.0-rc1-linux-386
+SOURCE_SUM=dff677f80ea2f02642a0fd7b2358b63141a2cf8bf3913e44433f94e492edc5de
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
\ No newline at end of file
diff --git a/conf/login_source.sql b/conf/login_source.sql
deleted file mode 100644
index ee9da47..0000000
--- a/conf/login_source.sql
+++ /dev/null
@@ -1,6 +0,0 @@
-INSERT INTO `__APP__`.`login_source`
-(`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`)
-VALUES
-('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}', '1464014433', '1464015955')
-ON DUPLICATE KEY
-UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}';
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 536fa2e..9c13f87 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,16 +1,11 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
- proxy_pass http://localhost:__PORT__/;
- proxy_set_header Host $host;
- proxy_buffering off;
- fastcgi_param REMOTE_USER $remote_user;
- client_max_body_size 200M;
+
+ proxy_pass http://127.0.0.1:__PORT__/;
+ proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
-
- # Force https
- if ($scheme = http) {
- rewrite ^ https://$server_name$request_uri? permanent;
- }
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
diff --git a/conf/source/arm.src b/conf/source/arm.src
deleted file mode 100644
index df859ba..0000000
--- a/conf/source/arm.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm-6
-SOURCE_SUM=2808bea62a84389e123b94331de7b330f8b9b9149bff1e8758d6c7adae88ef5a
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.0.src b/conf/source/arm64_1.0.src
deleted file mode 100644
index 3117a5d..0000000
--- a/conf/source/arm64_1.0.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.0.2/gitea-1.0.2-linux-arm64
-SOURCE_SUM=b13562f19c41602d2b4f1601931e9d150de8273682969c081a4a5029622eb8b3
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.1.src b/conf/source/arm64_1.1.src
deleted file mode 100644
index dc6b942..0000000
--- a/conf/source/arm64_1.1.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.1.4/gitea-1.1.4-linux-arm64
-SOURCE_SUM=3f7a01669bbad671907942cece744f12390a37771fd8e1142afffeb9ee1f31f7
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.10.src b/conf/source/arm64_1.10.src
deleted file mode 100644
index f7f45e4..0000000
--- a/conf/source/arm64_1.10.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.10.3/gitea-1.10.3-linux-arm64
-SOURCE_SUM=3a0b6470a205c6b9f19a8b31469728f29818c58dd17e85a81ac4a928ab9f9512
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.11.src b/conf/source/arm64_1.11.src
deleted file mode 100644
index afc1f2f..0000000
--- a/conf/source/arm64_1.11.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.7/gitea-1.11.7-linux-arm64
-SOURCE_SUM=71bc3b41955461491ca3b1a1e4abeaf70dc0cbd15e43e59e2178514b8f1ef0f8
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.12.src b/conf/source/arm64_1.12.src
deleted file mode 100644
index ce264f0..0000000
--- a/conf/source/arm64_1.12.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.12.6/gitea-1.12.6-linux-arm64
-SOURCE_SUM=b1e4620191d817b6d6975358c35197bf659bce04a5690bea2d1e6511054d0866
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.13.src b/conf/source/arm64_1.13.src
deleted file mode 100644
index 2fbd874..0000000
--- a/conf/source/arm64_1.13.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.13.7/gitea-1.13.7-linux-arm64
-SOURCE_SUM=cae7529e75ccfb0e4f3270c197777f9dbdcf66a516d3b4e102d1e208ff9a0224
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.2.src b/conf/source/arm64_1.2.src
deleted file mode 100644
index 553ba66..0000000
--- a/conf/source/arm64_1.2.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.2.3/gitea-1.2.3-linux-arm64
-SOURCE_SUM=e779d43f2050c43138509a40540bdd4d16a11e8b76a6f66b447623ead6466fca
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.3.src b/conf/source/arm64_1.3.src
deleted file mode 100644
index a0f3524..0000000
--- a/conf/source/arm64_1.3.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.3.3/gitea-1.3.3-linux-arm64
-SOURCE_SUM=348993e5fd119b6708b96a29067ddc41d8fefe4c0d5abf540d1e89e9886202ce
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.4.src b/conf/source/arm64_1.4.src
deleted file mode 100644
index 9d9083e..0000000
--- a/conf/source/arm64_1.4.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.4.3/gitea-1.4.3-linux-arm64
-SOURCE_SUM=af6a55516b94f5bfb7a9744086bd92124e6cba8c3d610935e5fe4c8ba42427ef
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.5.src b/conf/source/arm64_1.5.src
deleted file mode 100644
index 5bed656..0000000
--- a/conf/source/arm64_1.5.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.5.3/gitea-1.5.3-linux-arm64
-SOURCE_SUM=cdddf46e1711c7964cfd18b4ae37109d4865996b26426d4badaa78da969cfbae
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.6.src b/conf/source/arm64_1.6.src
deleted file mode 100644
index 74a0d32..0000000
--- a/conf/source/arm64_1.6.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.6.4/gitea-1.6.4-linux-arm64
-SOURCE_SUM=30252ca0adf170e84f52499a502195ad762f4fdca941f40ded80292790eaa2d3
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.7.src b/conf/source/arm64_1.7.src
deleted file mode 100644
index 31e6f82..0000000
--- a/conf/source/arm64_1.7.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.7.3/gitea-1.7.3-linux-arm64
-SOURCE_SUM=dc34250ddbcdf3096a7355db419fff615d7fd488e0336bec9bc880091f549c23
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.8.src b/conf/source/arm64_1.8.src
deleted file mode 100644
index 2737a2e..0000000
--- a/conf/source/arm64_1.8.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm64
-SOURCE_SUM=e3569745122a793dbf1e86940a00c8843c0c3022513a9d9004593823b9e6abe1
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm64_1.9.src b/conf/source/arm64_1.9.src
deleted file mode 100644
index 1563e22..0000000
--- a/conf/source/arm64_1.9.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.6/gitea-1.9.6-linux-arm64
-SOURCE_SUM=f11e46fdca921e81255c4b052969e5c6085f24245e6e0da726c9627aaec78252
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.0.src b/conf/source/arm_1.0.src
deleted file mode 100644
index fe6aee6..0000000
--- a/conf/source/arm_1.0.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.0.2/gitea-1.0.2-linux-arm-6
-SOURCE_SUM=d8cd551840b4b5620609eba92e810f4963b259d2809a34724e8fae7b1db00d91
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.1.src b/conf/source/arm_1.1.src
deleted file mode 100644
index 9b8691d..0000000
--- a/conf/source/arm_1.1.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.1.4/gitea-1.1.4-linux-arm-6
-SOURCE_SUM=f39bce7927b363402d37774484a5d0c893ee55595175e3a4d14a12126bccdd80
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.10.src b/conf/source/arm_1.10.src
deleted file mode 100644
index b0f51f2..0000000
--- a/conf/source/arm_1.10.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.10.3/gitea-1.10.3-linux-arm-6
-SOURCE_SUM=54ca0b8ca9f927c91c69c61da134738b66faf0be68e310f140e56c4f14fe7ecf
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.11.src b/conf/source/arm_1.11.src
deleted file mode 100644
index 1a7b02d..0000000
--- a/conf/source/arm_1.11.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.7/gitea-1.11.7-linux-arm-6
-SOURCE_SUM=f106d1a846da7abfd8a7dbf20a5d9c60502e1ed034a31f5503f460dea4d0c77d
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.12.src b/conf/source/arm_1.12.src
deleted file mode 100644
index 5e44f55..0000000
--- a/conf/source/arm_1.12.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.12.6/gitea-1.12.6-linux-arm-6
-SOURCE_SUM=116caba20b596886b03309df0e319a5885ee72e3740e62ac488e4e38f424ca88
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.13.src b/conf/source/arm_1.13.src
deleted file mode 100644
index 91fd474..0000000
--- a/conf/source/arm_1.13.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.13.7/gitea-1.13.7-linux-arm-6
-SOURCE_SUM=ed4a0c39e1d68592210d5be78ef90125760f24cf1448fb864081265c93823ef7
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.2.src b/conf/source/arm_1.2.src
deleted file mode 100644
index 6b5755d..0000000
--- a/conf/source/arm_1.2.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.2.3/gitea-1.2.3-linux-arm-6
-SOURCE_SUM=06023c75babee8c9d76cee2886890ae9fe82b84a0e723c11ef9fafe3c5ba9539
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.3.src b/conf/source/arm_1.3.src
deleted file mode 100644
index 22ad6a9..0000000
--- a/conf/source/arm_1.3.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.3.3/gitea-1.3.3-linux-arm-6
-SOURCE_SUM=b1b20d5905cd275b384da2a08d36ed0730801f23fb33df5c45302c9a6ec62dc6
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.4.src b/conf/source/arm_1.4.src
deleted file mode 100644
index 2b3c5bd..0000000
--- a/conf/source/arm_1.4.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.4.3/gitea-1.4.3-linux-arm-6
-SOURCE_SUM=d7341bd9536dbc7b1c3935efe3b0b6be953b0c3f0390b9b794e8fd54d58fee5b
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.5.src b/conf/source/arm_1.5.src
deleted file mode 100644
index 51d6bf6..0000000
--- a/conf/source/arm_1.5.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.5.3/gitea-1.5.3-linux-arm-6
-SOURCE_SUM=6d16b6bcc3cf804cc9b4e0e9ce3aa42e6699662f99998a06c25c7a43df64b0b6
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.6.src b/conf/source/arm_1.6.src
deleted file mode 100644
index 3b74aca..0000000
--- a/conf/source/arm_1.6.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.6.4/gitea-1.6.4-linux-arm-6
-SOURCE_SUM=30bb6220cde6b35522bdaf5ffca0d2daba8a0eebee56e3f11cd40d3e5f8f5669
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.7.src b/conf/source/arm_1.7.src
deleted file mode 100644
index 8f37252..0000000
--- a/conf/source/arm_1.7.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.7.3/gitea-1.7.3-linux-arm-6
-SOURCE_SUM=c38394be40634b0e1bd0fac0898474ff50e4535af610c12ee16ec3cabd2d4771
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.8.src b/conf/source/arm_1.8.src
deleted file mode 100644
index d5005b9..0000000
--- a/conf/source/arm_1.8.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm-6
-SOURCE_SUM=920b74ec10be323e5dc684fe3b5c3b157bf6f1d6cca0ee1c4f9693f766d1574d
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/arm_1.9.src b/conf/source/arm_1.9.src
deleted file mode 100644
index d37b2e2..0000000
--- a/conf/source/arm_1.9.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.6/gitea-1.9.6-linux-arm-6
-SOURCE_SUM=b8f825d701d9205b529acfc9c311fd079af8f0b4ae9267b2dab5c12aee339c57
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7.src b/conf/source/armv7.src
deleted file mode 100644
index aa2f7c6..0000000
--- a/conf/source/armv7.src
+++ /dev/null
@@ -1,8 +0,0 @@
-# The armv7 build is brocken
-# See : https://github.com/go-gitea/gitea/issues/6700
-# Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm-6
-SOURCE_SUM=2808bea62a84389e123b94331de7b330f8b9b9149bff1e8758d6c7adae88ef5a
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.0.src b/conf/source/armv7_1.0.src
deleted file mode 100644
index 9d39570..0000000
--- a/conf/source/armv7_1.0.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.0.2/gitea-1.0.2-linux-arm-7
-SOURCE_SUM=1533c4b9142d89e3ac78ac9650a1f1507d24f9ac7afcdbe73c83ae5517c36165
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.1.src b/conf/source/armv7_1.1.src
deleted file mode 100644
index 6b83741..0000000
--- a/conf/source/armv7_1.1.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.1.4/gitea-1.1.4-linux-arm-7
-SOURCE_SUM=3b66cbca2f6ad10c8323c3d35280d63d17e192ab5e4aaa7415f5048710c00705
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.10.src b/conf/source/armv7_1.10.src
deleted file mode 100644
index 85e75ea..0000000
--- a/conf/source/armv7_1.10.src
+++ /dev/null
@@ -1,8 +0,0 @@
-# The armv7 build is brocken
-# See : https://github.com/go-gitea/gitea/issues/6700
-# Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.10.3/gitea-1.10.3-linux-arm-6
-SOURCE_SUM=54ca0b8ca9f927c91c69c61da134738b66faf0be68e310f140e56c4f14fe7ecf
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.11.src b/conf/source/armv7_1.11.src
deleted file mode 100644
index 52fa6b7..0000000
--- a/conf/source/armv7_1.11.src
+++ /dev/null
@@ -1,8 +0,0 @@
-# The armv7 build is brocken
-# See : https://github.com/go-gitea/gitea/issues/6700
-# Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.7/gitea-1.11.7-linux-arm-6
-SOURCE_SUM=f106d1a846da7abfd8a7dbf20a5d9c60502e1ed034a31f5503f460dea4d0c77d
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.12.src b/conf/source/armv7_1.12.src
deleted file mode 100644
index 00b1c14..0000000
--- a/conf/source/armv7_1.12.src
+++ /dev/null
@@ -1,8 +0,0 @@
-# The armv7 build is brocken
-# See : https://github.com/go-gitea/gitea/issues/6700
-# Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.12.6/gitea-1.12.6-linux-arm-6
-SOURCE_SUM=116caba20b596886b03309df0e319a5885ee72e3740e62ac488e4e38f424ca88
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.13.src b/conf/source/armv7_1.13.src
deleted file mode 100644
index dea7e9f..0000000
--- a/conf/source/armv7_1.13.src
+++ /dev/null
@@ -1,8 +0,0 @@
-# The armv7 build is brocken
-# See : https://github.com/go-gitea/gitea/issues/6700
-# Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.13.7/gitea-1.13.7-linux-arm-6
-SOURCE_SUM=ed4a0c39e1d68592210d5be78ef90125760f24cf1448fb864081265c93823ef7
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.2.src b/conf/source/armv7_1.2.src
deleted file mode 100644
index 63fe266..0000000
--- a/conf/source/armv7_1.2.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.2.3/gitea-1.2.3-linux-arm-7
-SOURCE_SUM=92a1a6fccae6d9382dccee90223457850124a8a9e9505401a04f507b8a90c1dd
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.3.src b/conf/source/armv7_1.3.src
deleted file mode 100644
index f5dd751..0000000
--- a/conf/source/armv7_1.3.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.3.3/gitea-1.3.3-linux-arm-7
-SOURCE_SUM=1f52cbaf97ca70cf6db5c152f6cff7921e9b066ffbe21ee4015616946c9d4251
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.4.src b/conf/source/armv7_1.4.src
deleted file mode 100644
index 7849e95..0000000
--- a/conf/source/armv7_1.4.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.4.3/gitea-1.4.3-linux-arm-7
-SOURCE_SUM=2a93d7a09f0f9b999651f156a4c0c65a1d4da0c75a68a13bdd0b920082d514de
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.5.src b/conf/source/armv7_1.5.src
deleted file mode 100644
index 7d7c476..0000000
--- a/conf/source/armv7_1.5.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.5.3/gitea-1.5.3-linux-arm-7
-SOURCE_SUM=eb939edb6cdc46702109410f38e358cc572564307e619c4798b6b8b99d6ec7e5
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.6.src b/conf/source/armv7_1.6.src
deleted file mode 100644
index 100a3b3..0000000
--- a/conf/source/armv7_1.6.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.6.4/gitea-1.6.4-linux-arm-7
-SOURCE_SUM=e78d31922e42ccaaf6566f32e249fb6ba4af2876102c6248b3ba32d051e69327
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.7.src b/conf/source/armv7_1.7.src
deleted file mode 100644
index 5eb2360..0000000
--- a/conf/source/armv7_1.7.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.7.3/gitea-1.7.3-linux-arm-7
-SOURCE_SUM=fd4ba028a30eb2fac1f8570fd3f6157f0c46c21992a2062dd7a6751cc8a47f2f
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.8.src b/conf/source/armv7_1.8.src
deleted file mode 100644
index 918684d..0000000
--- a/conf/source/armv7_1.8.src
+++ /dev/null
@@ -1,8 +0,0 @@
-# The armv7 build is brocken
-# See : https://github.com/go-gitea/gitea/issues/6700
-# Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm-6
-SOURCE_SUM=920b74ec10be323e5dc684fe3b5c3b157bf6f1d6cca0ee1c4f9693f766d1574d
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/armv7_1.9.src b/conf/source/armv7_1.9.src
deleted file mode 100644
index c9117cf..0000000
--- a/conf/source/armv7_1.9.src
+++ /dev/null
@@ -1,8 +0,0 @@
-# The armv7 build is brocken
-# See : https://github.com/go-gitea/gitea/issues/6700
-# Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.6/gitea-1.9.6-linux-arm-6
-SOURCE_SUM=b8f825d701d9205b529acfc9c311fd079af8f0b4ae9267b2dab5c12aee339c57
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386.src b/conf/source/i386.src
deleted file mode 100644
index 5546686..0000000
--- a/conf/source/i386.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-386
-SOURCE_SUM=4d144f146f85d8b87fd93809019e3d1fd1b691d1fcb1bd5ea3801e0dc5a87e84
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.0.src b/conf/source/i386_1.0.src
deleted file mode 100644
index 2ca0757..0000000
--- a/conf/source/i386_1.0.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.0.2/gitea-1.0.2-linux-386
-SOURCE_SUM=966840c7b815662332c3785a65685bed08c8eab508b8af0fe41307b5ebce8399
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.1.src b/conf/source/i386_1.1.src
deleted file mode 100644
index 80a2235..0000000
--- a/conf/source/i386_1.1.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.1.4/gitea-1.1.4-linux-386
-SOURCE_SUM=d3fc91e4da9282abc2785bb96d1d805c85ae0a253228c2277e21fb332946c0fe
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.10.src b/conf/source/i386_1.10.src
deleted file mode 100644
index 8bd8a32..0000000
--- a/conf/source/i386_1.10.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.10.3/gitea-1.10.3-linux-386
-SOURCE_SUM=829946f7ba6fced84d42718039db4be4371e10a3166f44ee22c9bfee35747954
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.11.src b/conf/source/i386_1.11.src
deleted file mode 100644
index 5c466c2..0000000
--- a/conf/source/i386_1.11.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.7/gitea-1.11.7-linux-386
-SOURCE_SUM=e176c650ab1dd9735014e5a2c29f15585b988ead9d800d02763e0f4adf283496
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.12.src b/conf/source/i386_1.12.src
deleted file mode 100644
index 97ff451..0000000
--- a/conf/source/i386_1.12.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.12.6/gitea-1.12.6-linux-386
-SOURCE_SUM=de287e912b32b0617e538f4c9c8d263fc16b5e2ba0b76ea9ab018011e9943316
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.13.src b/conf/source/i386_1.13.src
deleted file mode 100644
index a226815..0000000
--- a/conf/source/i386_1.13.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.13.7/gitea-1.13.7-linux-386
-SOURCE_SUM=927710a470af5f5ebab55bb3e4a0994f5832942c1c618e288226b57634232ec4
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.2.src b/conf/source/i386_1.2.src
deleted file mode 100644
index d80179c..0000000
--- a/conf/source/i386_1.2.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.2.3/gitea-1.2.3-linux-386
-SOURCE_SUM=a8593c5e908c7e6c26620d45122d017e38441e915a4ea472543251772dc5a6d9
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.3.src b/conf/source/i386_1.3.src
deleted file mode 100644
index aa33a24..0000000
--- a/conf/source/i386_1.3.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.3.3/gitea-1.3.3-linux-386
-SOURCE_SUM=1b746cccffca446876ccc71efe328699f002622dab1d438e2142c8d7c23a22d7
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.4.src b/conf/source/i386_1.4.src
deleted file mode 100644
index 61dd883..0000000
--- a/conf/source/i386_1.4.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.4.3/gitea-1.4.3-linux-386
-SOURCE_SUM=760dda6f1cd76aa705915686a1d18837af3c4d912f731d1399048409a46ed2ea
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.5.src b/conf/source/i386_1.5.src
deleted file mode 100644
index a8b9d00..0000000
--- a/conf/source/i386_1.5.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.5.3/gitea-1.5.3-linux-386
-SOURCE_SUM=292ef977c46b15650a68782666710bc3379bb4b22a3ae2cae761724569ca5857
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.6.src b/conf/source/i386_1.6.src
deleted file mode 100644
index eabb1f5..0000000
--- a/conf/source/i386_1.6.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.6.4/gitea-1.6.4-linux-386
-SOURCE_SUM=1ccdca624582fbfb8c2b0a819b63b33e7b05a2d355bb4527cc55a6e367d5765d
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.7.src b/conf/source/i386_1.7.src
deleted file mode 100644
index 2fcf64e..0000000
--- a/conf/source/i386_1.7.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.7.3/gitea-1.7.3-linux-386
-SOURCE_SUM=a420bccb17e6e1c317c014475ce5a5bf8091da123cc55b0569660ae43ababf44
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.8.src b/conf/source/i386_1.8.src
deleted file mode 100644
index 256641b..0000000
--- a/conf/source/i386_1.8.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-386
-SOURCE_SUM=e58f4a88b01a4880f97ae32a92e869d978a434a9a876c6a3f4e4a5721e8c4bd6
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/i386_1.9.src b/conf/source/i386_1.9.src
deleted file mode 100644
index 1be81ce..0000000
--- a/conf/source/i386_1.9.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.6/gitea-1.9.6-linux-386
-SOURCE_SUM=0cd6db19ea9268633ba17d5a6d7d4c6cc01b79b1dc4a39e16fda110b4f5f5569
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64.src b/conf/source/x86-64.src
deleted file mode 100644
index 4dd441b..0000000
--- a/conf/source/x86-64.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-amd64
-SOURCE_SUM=8a6f7983bd47690e6087e14b7a32d6fb0b8868b137da0ea5edff28c32763ca6d
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.0.src b/conf/source/x86-64_1.0.src
deleted file mode 100644
index 134b97f..0000000
--- a/conf/source/x86-64_1.0.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.0.2/gitea-1.0.2-linux-amd64
-SOURCE_SUM=02ed9a3bb7bcd1c8f3d8888e51a0887b3c0f44b2a80d50c99f9e407e457545ab
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.1.src b/conf/source/x86-64_1.1.src
deleted file mode 100644
index 00da3ab..0000000
--- a/conf/source/x86-64_1.1.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.1.4/gitea-1.1.4-linux-amd64
-SOURCE_SUM=1d8804ff7bed26464d61115b9d88ead8a7a7937ceed66fd0bfaceecd4be41274
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.10.src b/conf/source/x86-64_1.10.src
deleted file mode 100644
index 1594b3a..0000000
--- a/conf/source/x86-64_1.10.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.10.3/gitea-1.10.3-linux-amd64
-SOURCE_SUM=e4e393da9f3dbcc6b200a58c0ba8c19ef02346ca24d6b273748b8346313053d0
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.11.src b/conf/source/x86-64_1.11.src
deleted file mode 100644
index 6e5dee4..0000000
--- a/conf/source/x86-64_1.11.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.7/gitea-1.11.7-linux-amd64
-SOURCE_SUM=9261c23b0063132eba61f995561d3a1e76eabfadd7370f8dea2989180c36e2ff
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.12.src b/conf/source/x86-64_1.12.src
deleted file mode 100644
index 477a46a..0000000
--- a/conf/source/x86-64_1.12.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.12.6/gitea-1.12.6-linux-amd64
-SOURCE_SUM=74417bc8e950b685de79c3a39655029f28d27c99e94adbe83c0ec22325d8771f
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.13.src b/conf/source/x86-64_1.13.src
deleted file mode 100644
index eddcf5a..0000000
--- a/conf/source/x86-64_1.13.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.13.7/gitea-1.13.7-linux-amd64
-SOURCE_SUM=f1c0d3368d49f544183ec799005e7149fa566e3fd6eca1091d67d75b3f89f716
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.2.src b/conf/source/x86-64_1.2.src
deleted file mode 100644
index faba5e0..0000000
--- a/conf/source/x86-64_1.2.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.2.3/gitea-1.2.3-linux-amd64
-SOURCE_SUM=bc71b6005617700c9b5654ddf5649aa9ee28dc2344d84254ddeb2678f4d44809
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.3.src b/conf/source/x86-64_1.3.src
deleted file mode 100644
index 3cfdf88..0000000
--- a/conf/source/x86-64_1.3.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.3.3/gitea-1.3.3-linux-amd64
-SOURCE_SUM=4f37b280eb9dcde7820e801e51ca07682faee703c220548da2f8aa9b6adb5231
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.4.src b/conf/source/x86-64_1.4.src
deleted file mode 100644
index b493a9e..0000000
--- a/conf/source/x86-64_1.4.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.4.3/gitea-1.4.3-linux-amd64
-SOURCE_SUM=fe60fca294baa24fe4862bbcfe29c92d5a8a883a48aadb80f3a1270cf5de9bd4
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.5.src b/conf/source/x86-64_1.5.src
deleted file mode 100644
index 9b20d7b..0000000
--- a/conf/source/x86-64_1.5.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.5.3/gitea-1.5.3-linux-amd64
-SOURCE_SUM=f84eb0b77b47d88b16b1de6ca443dab4a77e940835748d309956052887b9c507
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.6.src b/conf/source/x86-64_1.6.src
deleted file mode 100644
index 8ea4b91..0000000
--- a/conf/source/x86-64_1.6.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.6.4/gitea-1.6.4-linux-amd64
-SOURCE_SUM=e9508e04688e9840708c341125b47b43a2c12cad52185be4b7b6cf7a2fb8bb71
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.7.src b/conf/source/x86-64_1.7.src
deleted file mode 100644
index ce97cc3..0000000
--- a/conf/source/x86-64_1.7.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.7.3/gitea-1.7.3-linux-amd64
-SOURCE_SUM=49b733a3272dc49cb869c1ba9624a9880168f27b8112197d0c7fa32411dbf625
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.8.src b/conf/source/x86-64_1.8.src
deleted file mode 100644
index d5d2530..0000000
--- a/conf/source/x86-64_1.8.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-amd64
-SOURCE_SUM=7bb28b21cce4bdf0a24e6f6b21c064afa56d84904052dd55afdf59c419d49988
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/source/x86-64_1.9.src b/conf/source/x86-64_1.9.src
deleted file mode 100644
index 18bfb1e..0000000
--- a/conf/source/x86-64_1.9.src
+++ /dev/null
@@ -1,5 +0,0 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.6/gitea-1.9.6-linux-amd64
-SOURCE_SUM=8080c6469fb1dd7e24995bedf927185f6abb57215c043dc8d7fb0cba113c3735
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FILENAME=gitea
-SOURCE_EXTRACT=false
diff --git a/conf/systemd.service b/conf/systemd.service
index 821e0b9..d22a850 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -1,24 +1,48 @@
[Unit]
-Description=Gitea
-After=syslog.target
-After=network.target
-After=mysql.service
-After=slapd.service
+Description=Gitea: Git Service
+After=syslog.target network.target mysql.service slapd.service
[Service]
-# Modify these two values and uncomment them if you have
-# repos with lots of files and get an HTTP error 500 because
-# of that
-###
-#LimitMEMLOCK=infinity
-#LimitNOFILE=65535
Type=simple
User=__APP__
Group=__APP__
-WorkingDirectory=/home/__APP__
-ExecStart=/opt/__APP__/gitea web
+WorkingDirectory=__DATADIR__/
+ExecStart=__FINALPATH__/gitea web -p __PORT__
Restart=always
-Environment=USER=__APP__ HOME=/home/__APP__
+Environment=USER=__APP__ HOME=__DATADIR__/
+
+[Install]
+WantedBy=multi-user.target
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target
diff --git a/config_panel.toml.example b/config_panel.toml.example
new file mode 100755
index 0000000..c6bccd8
--- /dev/null
+++ b/config_panel.toml.example
@@ -0,0 +1,295 @@
+
+## Config panel are available from webadmin > Apps > YOUR_APP > Config Panel Button
+## Those panels let user configure some params on their apps using a friendly interface,
+## and remove the need to manually edit files from the command line.
+
+## From a packager perspective, this .toml is coupled to the scripts/config script,
+## which may be used to define custom getters/setters. However, most use cases
+## should be covered automagically by the core, thus it may not be necessary
+## to define a scripts/config at all!
+
+## -----------------------------------------------------------------------------
+## IMPORTANT: In accordance with YunoHost's spirit, please keep things simple and
+## do not overwhelm the admin with tons of misunderstandable or advanced settings.
+## -----------------------------------------------------------------------------
+
+## The top level describe the entire config panels screen.
+
+## The version is a required property.
+## Here a small reminder to associate config panel version with YunoHost version
+## | Config | YNH | Config panel small change log |
+## | ------ | --- | ------------------------------------------------------- |
+## | 0.1 | 3.x | 0.1 config script not compatible with YNH >= 4.3 |
+## | 1.0 | 4.3.x | The new config panel system with 'bind' property |
+version = "1.0"
+
+## (optional) i18n property let you internationalize questions, however this feature
+## is only available in core configuration panel (like yunohost domain config).
+## So in app config panel this key is ignored for now, but you can internationalize
+## by using a lang dictionary (see property name bellow)
+# i18n = "prefix_translation_key"
+
+################################################################################
+#### ABOUT PANELS
+################################################################################
+
+## The next level describes web admin panels
+## You have to choose an ID for each panel, in this example the ID is "main"
+## Keep in mind this ID will be used in CLI to refer to your question, so choose
+## something short and meaningfull.
+## In the webadmin, each panel corresponds to a distinct tab / form
+[main]
+
+## Define the label for your panel
+## Internationalization works similarly to the 'description' and 'ask' questions in the manifest
+# name.en = "Main configuration"
+# name.fr = "Configuration principale"
+
+## (optional) If you need to trigger a service reload-or-restart after the user
+## change a question in this panel, you can add your service in the list.
+services = ["__APP__"]
+# or services = ["nginx", "__APP__"] to also reload-or-restart nginx
+
+## (optional) This help properties is a short help displayed on the same line
+## than the panel title but not displayed in the tab.
+# help = ""
+
+ ############################################################################
+ #### ABOUT SECTIONS
+ ############################################################################
+
+ ## A panel is composed of one or several sections.
+ ##
+ ## Sections are meant to group questions together when they correspond to
+ ## a same subtopic. This impacts the rendering in terms of CLI prompts
+ ## and HTML forms
+ ##
+ ## You should choose an ID for your section, and prefix it with the panel ID
+ ## (Be sure to not make a typo in the panel ID, which would implicitly create
+ ## an other entire panel)
+ ##
+ ## We use the context of pepettes_ynh as an example,
+ ## which is a simple donation form app written in python,
+ ## and for which the admin will want to edit the configuration
+ [main.customization]
+
+ ## (optional) Defining a proper title for sections is not mandatory
+ ## and depends on the exact rendering you're aiming for the CLI / webadmin
+ name = ""
+
+ ## (optional) This help properties is a short help displayed on the same line
+ ## than the section title, meant to provide additional details
+ # help = ""
+
+ ## (optional) As for panel, you can specify to trigger a service
+ ## reload-or-restart after the user change a question in this section.
+ ## This property is added to the panel property, it doesn't deactivate it.
+ ## So no need to replicate, the service list from panel services property.
+ # services = []
+
+ ## (optional) By default all questions are optionals, but you can specify a
+ ## default behaviour for question in the section
+ optional = false
+
+ ## (optional) It's also possible with the 'visible' property to only
+ ## display the section depending on the user's answers to previous questions.
+ ##
+ ## Be careful that the 'visible' property should only refer to **previous** questions
+ ## Hence, it should not make sense to have a "visible" property on the very first section.
+ ##
+ ## Also, keep in mind that this feature only works in the webadmin and not in CLI
+ ## (therefore a user could be prompted in CLI for a question that may not be relevant)
+ # visible = true
+
+ ########################################################################
+ #### ABOUT QUESTIONS
+ ########################################################################
+
+ ## A section is compound of one or several questions.
+
+ ## ---------------------------------------------------------------------
+ ## IMPORTANT: as for panel and section you have to choose an ID, but this
+ ## one should be unique in all this document, even if the question is in
+ ## an other panel.
+ ## ---------------------------------------------------------------------
+
+ ## You can use same questions types and properties than in manifest.yml
+ ## install part. However, in YNH 4.3, a lot of change has been made to
+ ## extend availables questions types list.
+ ## See: TODO DOC LINK
+
+ [main.customization.project_name]
+
+ ## (required) The ask property is equivalent to the ask property in
+ ## the manifest. However, in config panels, questions are displayed on the
+ ## left side and therefore have less space to be rendered. Therefore,
+ ## it is better to use a short question, and use the "help" property to
+ ## provide additional details if necessary.
+ ask.en = "Name of the project"
+
+ ## (required) The type property indicates how the question should be
+ ## displayed, validated and managed. Some types have specific properties.
+ ##
+ ## Types available: string, boolean, number, range, text, password, path
+ ## email, url, date, time, color, select, domain, user, tags, file.
+ ##
+ ## For a complete list with specific properties, see: TODO DOC LINK
+ type = "string"
+
+ ########################################################################
+ #### ABOUT THE BIND PROPERTY
+ ########################################################################
+
+ ## (recommended) 'bind' property is a powerful feature that let you
+ ## configure how and where the data will be read, validated and written.
+
+ ## By default, 'bind property is in "settings" mode, it means it will
+ ## **only** read and write the value in application settings file.
+ ## bind = "settings"
+
+ ## However, settings usually correspond to key/values in actual app configurations
+ ## Hence, a more useful mode is to have bind = ":FILENAME". In that case, YunoHost
+ ## will automagically find a line with "KEY=VALUE" in FILENAME
+ ## (with the adequate separator between KEY and VALUE)
+ ##
+ ## YunoHost will then use this value for the read/get operation.
+ ## During write/set operations, YunoHost will overwrite the value
+ ## in **both** FILENAME and in the app's settings.yml
+
+ ## Configuration file format supported: yaml, toml, json, ini, env, php,
+ ## python. The feature probably works with others formats, but should be tested carefully.
+
+ ## Note that this feature only works with relatively simple cases
+ ## such as `KEY: VALUE`, but won't properly work with
+ ## complex data structures like multilin array/lists or dictionnaries.
+ ## It also doesn't work with XML format, custom config function call, php define(), ...
+
+ ## More info on TODO
+ # bind = ":/var/www/__APP__/settings.py"
+
+
+ ## By default, bind = ":FILENAME" will use the question ID as KEY
+ ## ... but the question ID may sometime not be the exact KEY name in the configuration file.
+ ##
+ ## In particular, in pepettes, the python variable is 'name' and not 'project_name'
+ ## (c.f. https://github.com/YunoHost-Apps/pepettes_ynh/blob/5cc2d3ffd6529cc7356ff93af92dbb6785c3ab9a/conf/settings.py##L11 )
+ ##
+ ## In that case, the key name can be specified before the column ':'
+
+ bind = "name:/var/www/__APP__/settings.py"
+
+ ## ---------------------------------------------------------------------
+ ## IMPORTANT: other 'bind' mode exists:
+ ##
+ ## bind = "FILENAME" (with no column character before FILENAME)
+ ## may be used to bind to the **entire file content** (instead of a single KEY/VALUE)
+ ## This could be used to expose an entire configuration file, or binary files such as images
+ ## For example:
+ ## bind = "/var/www/__APP__/img/logo.png"
+ ##
+ ## bind = "null" can be used to disable reading / writing in settings.
+ ## This creates sort of a "virtual" or "ephemeral" question which is not related to any actual setting
+ ## In this mode, you are expected to define custom getter/setters/validators in scripts/config:
+ ##
+ ## getter: get__QUESTIONID()
+ ## setter: set__QUESTIONID()
+ ## validator: validate__QUESTIONID()
+ ##
+ ## You can also specify a common getter / setter / validator, with the
+ ## function 'bind' mode, for example here it will try to run
+ ## get__array_settings() first.
+ # bind = "array_settings()"
+ ## ---------------------------------------------------------------------
+
+ ## ---------------------------------------------------------------------
+ ## IMPORTANT: with the exception of bind=null questions,
+ ## question IDs should almost **always** correspond to an app setting
+ ## initialized / reused during install/upgrade.
+ ## Not doing so may result in inconsistencies between the config panel mechanism
+ ## and the use of ynh_add_config
+ ## ---------------------------------------------------------------------
+
+ ########################################################################
+ #### OTHER GENERIC PROPERTY FOR QUESTIONS
+ ########################################################################
+
+ ## (optional) An help text for the question
+ help = "Fill the name of the project which will received donation"
+
+ ## (optional) An example display as placeholder in web form
+ # example = "YunoHost"
+
+ ## (optional) set to true in order to redact the value in operation logs
+ # redact = false
+
+ ## (optional) A validation pattern
+ ## ---------------------------------------------------------------------
+ ## IMPORTANT: your pattern should be between simple quote, not double.
+ ## ---------------------------------------------------------------------
+ pattern.regexp = '^\w{3,30}$'
+ pattern.error = "The name should be at least 3 chars and less than 30 chars. Alphanumeric chars are accepted"
+
+ ## Note: visible and optional properties are also available for questions
+
+
+ [main.customization.contact_url]
+ ask = "Contact url"
+ type = "url"
+ example = "mailto: contact@example.org"
+ help = "mailto: accepted"
+ pattern.regexp = '^mailto:[^@]+@[^@]+|https://$'
+ pattern.error = "Should be https or mailto:"
+ bind = ":/var/www/__APP__/settings.py"
+
+ [main.customization.logo]
+ ask = "Logo"
+ type = "file"
+ accept = ".png"
+ help = "Fill with an already resized logo"
+ bind = "__FINALPATH__/img/logo.png"
+
+ [main.customization.favicon]
+ ask = "Favicon"
+ type = "file"
+ accept = ".png"
+ help = "Fill with an already sized favicon"
+ bind = "__FINALPATH__/img/favicon.png"
+
+
+ [main.stripe]
+ name = "Stripe general info"
+ optional = false
+
+ # The next alert is overwrited with a getter from the config script
+ [main.stripe.amount]
+ ask = "Donation in the month : XX €
+ type = "alert"
+ style = "success"
+
+ [main.stripe.publishable_key]
+ ask = "Publishable key"
+ type = "string"
+ redact = true
+ help = "Indicate here the stripe publishable key"
+ bind = ":/var/www/__APP__/settings.py"
+
+ [main.stripe.secret_key]
+ ask = "Secret key"
+ type = "string"
+ redact = true
+ help = "Indicate here the stripe secret key"
+ bind = ":/var/www/__APP__/settings.py"
+
+ [main.stripe.prices]
+ ask = "Prices ID"
+ type = "tags"
+ help = """\
+ Indicates here the prices ID of donation products you created in stripe interfaces. \
+ Go on [Stripe products](https://dashboard.stripe.com/products) to create those donation products. \
+ Fill it tag with 'FREQUENCY/CURRENCY/PRICE_ID' \
+ FREQUENCY: 'one_time' or 'recuring' \
+ CURRENCY: 'EUR' or 'USD' \
+ PRICE_ID: ID from stripe interfaces starting with 'price_' \
+ """
+ pattern.regexp = '^(one_time|recuring)/(EUR|USD)/price_.*$'
+ pattern.error = "Please respect the format describe in help text for each price ID"
diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md
new file mode 100644
index 0000000..4f1e4d1
--- /dev/null
+++ b/doc/DESCRIPTION.md
@@ -0,0 +1,14 @@
+Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket, and GitLab. Gitea is a fork of Gogs. See the Gitea Announcement blog post to read about the justification for a fork.
+
+### Features
+
+- User dashboard, user profile and activity timeline.
+- User, organization and repository management.
+- Repository and organization webhooks, including Slack, Discord and Dingtalk.
+- Repository Git hooks, deploy keys and Git LFS.
+- Repository issues, pull requests, wiki, protected branches and collaboration.
+- Migrate and mirror repositories with wiki from other code hosts.
+- Web editor for quick editing repository files and wiki.
+- Jupyter Notebook and PDF rendering.
+- Authentication via SMTP, LDAP.
+- Customize HTML templates, static files and many others.
diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md
new file mode 100644
index 0000000..7479d11
--- /dev/null
+++ b/doc/DESCRIPTION_fr.md
@@ -0,0 +1 @@
+Gitea est un service Git auto-hébergé. Il est similaire à GitHub, Bitbucket et GitLab. Gitea est un fork de Gogs.
diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md
new file mode 100644
index 0000000..5ecd64d
--- /dev/null
+++ b/doc/DISCLAIMER.md
@@ -0,0 +1,24 @@
+## Notes on SSH usage
+
+If you want to use Gitea with SSH and be able to pull/push with you SSH key, your SSH daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gogs:
+
+```bash
+PubkeyAuthentication yes
+AuthorizedKeysFile %h/.ssh/authorized_keys
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+UsePAM no
+```
+
+You also need to add your public key to your Gitea profile.
+
+If you use SSH on another port than 22, you need to add theses lines to your ssh config in `~/.ssh/config`:
+
+```bash
+Host domain.tld
+ port 2222 # change this with the port you use
+```
+
+## Private Mode
+
+Actually it's possible to access to the Git repositories by the `git` command over HTTP also in private mode installation. It's important to know that in this mode the repository could be ALSO getted if you don't set the repository as private in the repos settings.
diff --git a/doc/screenshots/screenshot.png b/doc/screenshots/screenshot.png
new file mode 100644
index 0000000..4e0350b
Binary files /dev/null and b/doc/screenshots/screenshot.png differ
diff --git a/manifest.json b/manifest.json
index 7f9c989..6e4e5dc 100644
--- a/manifest.json
+++ b/manifest.json
@@ -3,19 +3,22 @@
"id": "gitea",
"packaging_format": 1,
"description": {
- "en": "Lightweight Git forge",
- "fr": "Forge Git légère"
+ "en": "Lightweight self-hosted Git forge",
+ "fr": "Forge Git légère auto-hébergé"
+ },
+ "version": "1.17.0~ynh1",
+ "url": "https://gitea.io/",
+ "upstream": {
+ "license": "MIT",
+ "website": "https://gitea.io/",
+ "demo": "https://try.gitea.io/",
+ "admindoc": "https://docs.gitea.io/en-us/",
+ "code": "https://github.com/go-gitea/gitea"
},
- "url": "http://gitea.io",
"license": "MIT",
- "version": "1.14.5~ynh1",
"maintainer": {
- "name": "Josué Tille",
- "email": "josue@tille.ch"
- },
- "previous_maintainers": {
- "name": "rafi59",
- "email": "rafi59_dev@srvmaison.fr.nf"
+ "name": "",
+ "email": ""
},
"multi_instance": true,
"services": [
@@ -23,49 +26,31 @@
"mysql"
],
"requirements": {
- "yunohost": ">= 4.2.6.1"
+ "yunohost": ">= 4.3.0"
},
"arguments": {
- "install" : [
+ "install": [
{
"name": "domain",
- "type": "domain",
- "ask": {
- "en": "Choose a domain for Gitea",
- "fr": "Choisissez un domaine pour Gitea"
- },
- "example": "domain.org"
+ "type": "domain"
},
{
"name": "path",
"type": "path",
- "ask": {
- "en": "Choose a path for Gitea",
- "fr": "Choisissez un chemin pour Gitea"
- },
"example": "/gitea",
"default": "/gitea"
},
{
"name": "admin",
- "type": "user",
- "ask": {
- "en": "Choose the Gitea administrator (must be an existing YunoHost user)",
- "fr": "Choisissez l'administrateur de Gitea (doit être un utilisateur YunoHost existant)"
- },
- "example": "johndoe"
+ "type": "user"
},
{
"name": "is_public",
"type": "boolean",
- "ask": {
- "en": "Is it a public site?",
- "fr": "Est-ce un site public ?"
+ "help": {
+ "en": "If enabled, Gitea will be accessible by people who do not have an account. This can be changed later via the webadmin.",
+ "fr": "Si cette case est cochée, Gitea sera accessible aux personnes n’ayant pas de compte. Vous pourrez changer ceci plus tard via la webadmin."
},
- "help": {
- "en": "A public server means that everybody is able to access to the pain page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote Git command (clone, pull, push) with HTTP and to use the API by (by example with a smartphone), you need to set this application as public.",
- "fr": "Un serveur public signifie que tout le monde peut accéder à la page principale de la forge, au profil public des utilisateurs et aux dépôts publics. Vous pouvez également définir les dépôts comme étant privés. Notez que pour pouvoir utiliser les commandes Git distantes (clone, pull, push) avec HTTP et pour pouvoir utiliser l'API (par exemple avec un smartphone), vous devez paramétrer cette application comme étant publique."
- },
"default": true
}
]
diff --git a/scripts/_common.sh b/scripts/_common.sh
index a613b7b..944a65e 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -1,98 +1,17 @@
-#=================================================
-# SET ALL CONSTANTS
-#=================================================
-
-app=$YNH_APP_INSTANCE_NAME
-dbname=$app
-dbuser=$app
-final_path="/opt/$app"
-DATADIR="/home/$app"
-REPO_PATH="$DATADIR/repositories"
-DATA_PATH="$DATADIR/data"
-SSH_PATH="$DATADIR/.ssh"
-
-# Detect the system architecture to download the right tarball
-# NOTE: `uname -m` is more accurate and universal than `arch`
-# See https://en.wikipedia.org/wiki/Uname
-if [ -n "$(uname -m | grep arm64)" ] || [ -n "$(uname -m | grep aarch64)" ]; then
- architecture="arm64"
-elif [ -n "$(uname -m | grep 64)" ]; then
- architecture="x86-64"
-elif [ -n "$(uname -m | grep 86)" ]; then
- architecture="i386"
-elif [ -n "$(uname -m | grep armv7)" ]; then
- architecture="armv7"
-elif [ -n "$(uname -m | grep arm)" ]; then
- architecture="arm"
-else
- ynh_die --message "Unable to detect your achitecture, please open a bug describing \
- your hardware and the result of the command \"uname -m\"." 1
-fi
+#!/bin/bash
#=================================================
-# DEFINE ALL COMMON FONCTIONS
+# COMMON VARIABLES
#=================================================
-create_dir() {
- mkdir -p "$final_path/data"
- mkdir -p "$final_path/custom/conf"
- mkdir -p "$SSH_PATH"
- mkdir -p "$REPO_PATH"
- mkdir -p "$DATA_PATH/avatars"
- mkdir -p "$DATA_PATH/attachments"
- mkdir -p "/var/log/$app"
-}
+#=================================================
+# PERSONAL HELPERS
+#=================================================
-config_nginx() {
- if [ "$path_url" != "/" ]
- then
- ynh_replace_string --match_string "^#sub_path_only" --replace_string "" --target_file "../conf/nginx.conf"
- fi
- ynh_add_nginx_config
-}
+#=================================================
+# EXPERIMENTAL HELPERS
+#=================================================
-config_gitea() {
- ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
- ynh_backup_if_checksum_is_different --file "$final_path/custom/conf/app.ini"
-
- cp ../conf/app.ini "$final_path/custom/conf"
- usermod -s /bin/bash $app
-
- if [ "$path_url" = "/" ]
- then
- ynh_replace_string --match_string __URL__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini"
- else
- ynh_replace_string --match_string __URL__ --replace_string "$domain${path_url%/}" --target_file "$final_path/custom/conf/app.ini"
- fi
-
- ynh_replace_string --match_string __REPOS_PATH__ --replace_string "$REPO_PATH" --target_file "$final_path/custom/conf/app.ini"
- ynh_replace_string --match_string __DB_PASSWORD__ --replace_string "$dbpass" --target_file "$final_path/custom/conf/app.ini"
- ynh_replace_string --match_string __DB_USER__ --replace_string "$dbuser" --target_file "$final_path/custom/conf/app.ini"
- ynh_replace_string --match_string __DOMAIN__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini"
- ynh_replace_string --match_string __KEY__ --replace_string "$key" --target_file "$final_path/custom/conf/app.ini"
- ynh_replace_string --match_string __DATA_PATH__ --replace_string "$DATA_PATH" --target_file "$final_path/custom/conf/app.ini"
- ynh_replace_string --match_string __PORT__ --replace_string $port --target_file "$final_path/custom/conf/app.ini"
- ynh_replace_string --match_string __APP__ --replace_string $app --target_file "$final_path/custom/conf/app.ini"
- ynh_replace_string --match_string __SSH_PORT__ --replace_string $ssh_port --target_file "$final_path/custom/conf/app.ini"
-
- ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"
-}
-
-set_permission() {
- chown -R $app:$app "$final_path"
- chown -R $app:$app "/home/$app"
- chown -R $app:$app "/var/log/$app"
-
- chmod u=rwX,g=rX,o= "$final_path"
- chmod u=rwx,g=rx,o= "$final_path/gitea"
- chmod u=rwx,g=rx,o= "$final_path/custom/conf/app.ini"
- chmod u=rwX,g=rX,o= "/home/$app"
- chmod u=rwX,g=rX,o= "/var/log/$app"
-}
-
-set_access_settings() {
- if [ "$is_public" == '1' ];
- then
- ynh_permission_update --permission "main" --add "visitors"
- fi
-}
+#=================================================
+# FUTURE OFFICIAL HELPERS
+#=================================================
diff --git a/scripts/backup b/scripts/backup
index e78d87f..9e4005c 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -3,49 +3,89 @@
#=================================================
# GENERIC START
#=================================================
-
-# Load common variables and helpers
-source ../settings/scripts/experimental_helper.sh
-source ../settings/scripts/_common.sh
-
# IMPORT GENERIC HELPERS
+#=================================================
+
+source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
-# Exit if an error occurs during the execution of the script
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
ynh_abort_if_errors
-# Retrieve app settings
+#=================================================
+# LOAD SETTINGS
+#=================================================
ynh_print_info --message="Loading installation settings..."
-domain=$(ynh_app_setting_get --app $app --key domain)
-if [[ ! "$(systemctl status $app.service)" =~ "Active: inactive (dead)" ]]; then
- ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service and with this command before to run the backup 'systemctl stop $app.service'"
-fi
+app=$YNH_APP_INSTANCE_NAME
+
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+domain=$(ynh_app_setting_get --app=$app --key=domain)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
-# STANDARD BACKUP STEPS
+# DECLARE DATA AND CONF FILES TO BACKUP
+#=================================================
+ynh_print_info --message="Declaring files to be backed up..."
+
+#=================================================
+# BACKUP THE APP MAIN DIR
#=================================================
-# Copy the app source files
-ynh_print_info --message="Backing up code..."
-ynh_backup --src_path "$final_path"
+ynh_backup --src_path="$final_path"
-# Copy the data files
-ynh_print_info --message="Backing up user data..."
-ynh_backup --src_path "$DATADIR" --is_big=1
+#=================================================
+# BACKUP THE DATA DIR
+#=================================================
-ynh_print_info --message="Backing up configuration..."
+ynh_backup --src_path="$datadir" --is_big
-# Copy the conf files
-ynh_backup --src_path "/etc/nginx/conf.d/${domain}.d/${app}.conf"
-ynh_backup --src_path "/etc/systemd/system/${app}.service"
+#=================================================
+# BACKUP THE NGINX CONFIGURATION
+#=================================================
-# Backup logs
-ynh_print_info --message="Backing up logs..."
-ynh_backup --src_path "/var/log/$app"
+ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-# Dump the database
-ynh_print_info --message="Backing up database"
-ynh_mysql_dump_db "$dbname" > ./db.sql
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
+
+#=================================================
+# SPECIFIC BACKUP
+#=================================================
+# BACKUP LOGROTATE
+#=================================================
+
+ynh_backup --src_path="/etc/logrotate.d/$app"
+
+#=================================================
+# BACKUP SYSTEMD
+#=================================================
+
+ynh_backup --src_path="/etc/systemd/system/$app.service"
+
+#=================================================
+# BACKUP VARIOUS FILES
+#=================================================
+
+ynh_backup --src_path="/var/log/$app"
+
+#=================================================
+# BACKUP THE POSTGRESQL DATABASE
+#=================================================
+ynh_print_info --message="Backing up the MySQL database..."
+
+ynh_mysql_dump_db --database="$db_name" > db.sql
+
+#=================================================
+# END OF SCRIPT
+#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
diff --git a/scripts/change_url b/scripts/change_url
index e5efd6e..0b3c44b 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -1,65 +1,145 @@
#!/bin/bash
#=================================================
-# GENERIC START
+# GENERIC STARTING
+#=================================================
+# IMPORT GENERIC HELPERS
#=================================================
-# Import common cmd
-source ./experimental_helper.sh
-source ./_common.sh
-
-# IMPORT GENERIC HELPERS
+source _common.sh
source /usr/share/yunohost/helpers
+#=================================================
+# RETRIEVE ARGUMENTS
+#=================================================
+
+old_domain=$YNH_APP_OLD_DOMAIN
+old_path=$YNH_APP_OLD_PATH
+
+new_domain=$YNH_APP_NEW_DOMAIN
+new_path=$YNH_APP_NEW_PATH
+
+app=$YNH_APP_INSTANCE_NAME
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_script_progression --message="Loading installation settings..." --weight=1
+
+# Needed for helper "ynh_add_nginx_config"
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+port=$(ynh_app_setting_get --app=$app --key=port)
+admin=$(ynh_app_setting_get --app=$app --key=admin)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
+key=$(ynh_app_setting_get --app=$app --key=key)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+path_url=$(ynh_app_setting_get --app=$app --key=path)
+
+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+ # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
+ ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
+
+ # Restore it if the upgrade fails
+ ynh_restore_upgradebackup
+}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
-ynh_script_progression --message="Loading installation settings..."
+#=================================================
+# CHECK WHICH PARTS SHOULD BE CHANGED
+#=================================================
-# RETRIEVE ARGUMENTS
-old_domain=$YNH_APP_OLD_DOMAIN
-domain=$YNH_APP_NEW_DOMAIN
-path_url=$(ynh_normalize_url_path --path_url ${YNH_APP_NEW_PATH:-'/'})
-app=$YNH_APP_INSTANCE_NAME
+change_domain=0
+if [ "$old_domain" != "$new_domain" ]
+then
+ change_domain=1
+fi
-dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
-admin=$(ynh_app_setting_get --app $app --key adminusername)
-key=$(ynh_app_setting_get --app $app --key secret_key)
-port=$(ynh_app_setting_get --app $app --key web_port)
-upstream_version=$(ynh_app_setting_get $app upstream_version)
+change_path=0
+if [ "$old_path" != "$new_path" ]
+then
+ change_path=1
+fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
+# STOP SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Stopping a systemd service..." --weight=2
-ynh_script_progression --message="Updating nginx configuration..."
+ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+#=================================================
# MODIFY URL IN NGINX CONF
+#=================================================
+ynh_script_progression --message="Updating NGINX web server configuration..." --weight=3
+
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
-# Change the domain for nginx
-# Change the domain for nginx
-if [[ "$old_domain" != "$domain" ]]; then
- # Delete file checksum for the old conf file location
- ynh_delete_file_checksum --file "$nginx_conf_path"
- mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf
- # Store file checksum for the new config file location
- ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf"
+# Change the path in the NGINX config file
+if [ $change_path -eq 1 ]
+then
+ # Make a backup of the original NGINX config file if modified
+ ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
+ # Set global variables for NGINX helper
+ domain="$old_domain"
+ path_url="$new_path"
+ # Create a dedicated NGINX config
+ ynh_add_nginx_config
fi
-config_nginx
+# Change the domain for NGINX
+if [ $change_domain -eq 1 ]
+then
+ # Delete file checksum for the old conf file location
+ ynh_delete_file_checksum --file="$nginx_conf_path"
+ mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
+ # Store file checksum for the new config file location
+ ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
+fi
-# Update gitea config
-ynh_script_progression --message="Updating gitea configuration..."
-config_gitea
+#=================================================
+# SPECIFIC MODIFICATIONS
+#=================================================
+ynh_script_progression --message="Adding a configuration file..." --weight=1
-# RELOAD services
-ynh_script_progression --message="Starting services..."
-ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 -a restart
-sleep 1
+domain=$new_domain
+path_url=$new_path
+ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
-# Store the checksum with the 'INTERNAL_TOKEN' value.
-# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed
-ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"
+ynh_exec_warn_less ynh_add_config --template="../conf/app.ini" --destination="$final_path/custom/conf/app.ini"
+
+chmod 640 "$final_path/custom/conf/app.ini"
+chown $app:$app "$final_path/custom/conf/app.ini"
+
+#=================================================
+# GENERIC FINALISATION
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting a systemd service..." --weight=2
+
+ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
+
+#=================================================
+# RELOAD NGINX
+#=================================================
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
+
+ynh_systemd_action --service_name=nginx --action=reload
+
+#=================================================
+# END OF SCRIPT
+#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last
diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh
deleted file mode 100644
index 8757149..0000000
--- a/scripts/experimental_helper.sh
+++ /dev/null
@@ -1,257 +0,0 @@
-# Execute a command as another user
-# usage: exec_as USER COMMAND [ARG ...]
-exec_as() {
- local USER=$1
- shift 1
-
- if [[ $USER = $(whoami) ]]; then
- eval "$@"
- else
- sudo -u "$USER" "$@"
- fi
-}
-
-# Need also the helper https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_handle_getopts_args/ynh_handle_getopts_args
-
-# Make the main steps to migrate an app to its fork.
-#
-# This helper has to be used for an app which needs to migrate to a new name or a new fork
-# (like owncloud to nextcloud or zerobin to privatebin).
-#
-# This helper will move the files of an app to its new name
-# or recreate the things it can't move.
-#
-# To specify which files it has to move, you have to create a "migration file", stored in ../conf
-# This file is a simple list of each file it has to move,
-# except that file names must reference the $app variable instead of the real name of the app,
-# and every instance-specific variables (like $domain).
-# $app is especially important because it's this variable which will be used to identify the old place and the new one for each file.
-#
-# If a database exists for this app, it will be dumped and then imported in a newly created database, with a new name and new user.
-# Don't forget you have to then apply these changes to application-specific settings (depends on the packaged application)
-#
-# Same things for an existing user, a new one will be created.
-# But the old one can't be removed unless it's not used. See below.
-#
-# If you have some dependencies for your app, it's possible to change the fake debian package which manages them.
-# You have to fill the $pkg_dependencies variable, and then a new fake package will be created and installed,
-# and the old one will be removed.
-# If you don't have a $pkg_dependencies variable, the helper can't know what the app dependencies are.
-#
-# The app settings.yml will be modified as follows:
-# - finalpath will be changed according to the new name (but only if the existing $final_path contains the old app name)
-# - The checksums of php-fpm and nginx config files will be updated too.
-# - If there is a $db_name value, it will be changed.
-# - And, of course, the ID will be changed to the new name too.
-#
-# Finally, the $app variable will take the value of the new name.
-# The helper will set the $migration_process variable to 1 if a migration has been successfully handled.
-#
-# You have to handle by yourself all the migrations not done by this helper, like configuration or special values in settings.yml
-# Also, at the end of the upgrade script, you have to add a post_migration script to handle all the things the helper can't do during YunoHost upgrade (mostly for permission reasons),
-# especially remove the old user, move some hooks and remove the old configuration directory
-# To launch this script, you have to move it elsewhere and start it after the upgrade script.
-# `cp ../conf/$script_post_migration /tmp`
-# `(cd /tmp; echo "/tmp/$script_post_migration" | at now + 2 minutes)`
-#
-# usage: ynh_handle_app_migration migration_id migration_list
-# | arg: -i, --migration_id= - ID from which to migrate
-# | arg: -l, --migration_list= - File specifying every file to move (one file per line)
-ynh_handle_app_migration () {
- # Need for end of install
- ynh_package_install at
-
- #=================================================
- # LOAD SETTINGS
- #=================================================
-
- old_app=$YNH_APP_INSTANCE_NAME
- local old_app_id=$YNH_APP_ID
- local old_app_number=$YNH_APP_INSTANCE_NUMBER
-
- # Declare an array to define the options of this helper.
- declare -Ar args_array=( [i]=migration_id= [l]=migration_list= )
- # Get the id from which to migrate
- local migration_id
- # And the file with the paths to move
- local migration_list
- # Manage arguments with getopts
- ynh_handle_getopts_args "$@"
-
- # Get the new app id in the manifest
- local new_app_id=$(grep \"id\": ../manifest.json | cut -d\" -f4)
- if [ $old_app_number -eq 1 ]; then
- local new_app=$new_app_id
- else
- local new_app=${new_app_id}__${old_app_number}
- fi
-
- #=================================================
- # CHECK IF IT HAS TO MIGRATE
- #=================================================
-
- migration_process=0
-
- if [ "$old_app_id" == "$new_app_id" ]
- then
- # If the 2 id are the same
- # No migration to do.
- echo 0
- return 0
- else
- if [ "$old_app_id" != "$migration_id" ]
- then
- # If the new app is not the authorized id, fail.
- ynh_die --message "Incompatible application for migration from $old_app_id to $new_app_id"
- fi
-
- echo "Migrate from $old_app_id to $new_app_id" >&2
-
- #=================================================
- # CHECK IF THE MIGRATION CAN BE DONE
- #=================================================
-
- # TODO Handle multi instance apps...
- # Check that there is not already an app installed for this id.
- (yunohost app list --installed -f "$new_app" | grep -q id) \
- && ynh_die "$new_app is already installed"
-
- #=================================================
- # CHECK THE LIST OF FILES TO MOVE
- #=================================================
-
- local temp_migration_list="$(tempfile)"
-
- # Build the list by removing blank lines and comment lines
- sed '/^#.*\|^$/d' "../conf/$migration_list" > "$temp_migration_list"
-
- # Check if there is no file in the destination
- local file_to_move=""
- while read file_to_move
- do
- # Replace all occurences of $app by $new_app in each file to move.
- local move_to_destination="${file_to_move//\$app/$new_app}"
- test -e "$move_to_destination" && ynh_die "A file named $move_to_destination already exists."
- done < "$temp_migration_list"
-
- #=================================================
- # COPY YUNOHOST SETTINGS FOR THIS APP
- #=================================================
-
- local settings_dir="/etc/yunohost/apps"
- cp -a "$settings_dir/$old_app" "$settings_dir/$new_app"
- cp -a ../{scripts,conf} "$settings_dir/$new_app"
-
- # Replace the old id by the new one
- ynh_replace_string "\(^id: .*\)$old_app" "\1$new_app" "$settings_dir/$new_app/settings.yml"
- # INFO: There a special behavior with yunohost app setting:
- # if the id given in argument does not match with the id
- # stored in the config file, the config file will be purged.
- # That's why we use sed instead of app setting here.
- # https://github.com/YunoHost/yunohost/blob/c6b5284be8da39cf2da4e1036a730eb5e0515096/src/yunohost/app.py#L1316-L1321
-
- # Change the label if it's simply the name of the app
- old_label=$(ynh_app_setting_get $new_app label)
- if [ "${old_label,,}" == "$old_app_id" ]
- then
- # Build the new label from the id of the app. With the first character as upper case
- new_label=$(echo $new_app_id | cut -c1 | tr [:lower:] [:upper:])$(echo $new_app_id | cut -c2-)
- ynh_app_setting_set $new_app label $new_label
- fi
-
- yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$old_app.main', force=True, sync_perm=False)"
- yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$new_app.main', url='/' , sync_perm=True)"
-
- #=================================================
- # MOVE FILES TO THE NEW DESTINATION
- #=================================================
-
- while read file_to_move
- do
- # Replace all occurence of $app by $new_app in each file to move.
- move_to_destination="$(eval echo "${file_to_move//\$app/$new_app}")"
- local real_file_to_move="$(eval echo "${file_to_move//\$app/$old_app}")"
- echo "Move file $real_file_to_move to $move_to_destination" >&2
- mv "$real_file_to_move" "$move_to_destination"
- done < "$temp_migration_list"
-
- #=================================================
- # UPDATE SETTINGS KNOWN ENTRIES
- #=================================================
-
- # Replace nginx checksum
- ynh_replace_string "\(^checksum__etc_nginx.*\)_$old_app" "\1_$new_app/" "$settings_dir/$new_app/settings.yml"
-
- # Replace php5-fpm checksums
- ynh_replace_string "\(^checksum__etc_php5.*[-_]\)$old_app" "\1$new_app/" "$settings_dir/$new_app/settings.yml"
-
- # Replace final_path
- ynh_replace_string "\(^final_path: .*\)$old_app" "\1$new_app" "$settings_dir/$new_app/settings.yml"
-
- #=================================================
- # MOVE THE DATABASE
- #=================================================
-
- db_pwd=$(ynh_app_setting_get $old_app mysqlpwd)
- db_name=$dbname
-
- # Check if a database exists before trying to move it
- local mysql_root_password=$(cat $MYSQL_ROOT_PWD_FILE)
- if [ -n "$db_name" ] && mysqlshow -u root -p$mysql_root_password | grep -q "^| $db_name"
- then
- new_db_name=$(ynh_sanitize_dbid $new_app)
- echo "Rename the database $db_name to $new_db_name" >&2
-
- local sql_dump="/tmp/${db_name}-$(date '+%s').sql"
-
- # Dump the old database
- ynh_mysql_dump_db "$db_name" > "$sql_dump"
-
- # Create a new database
- ynh_mysql_setup_db $new_db_name $new_db_name $db_pwd
- # Then restore the old one into the new one
- ynh_mysql_connect_as $new_db_name $db_pwd $new_db_name < "$sql_dump"
-
- # Remove the old database
- ynh_mysql_remove_db $db_name $db_name
- # And the dump
- ynh_secure_remove --file="$sql_dump"
-
- # Update the value of $db_name
- db_name=$new_db_name
- ynh_app_setting_set $new_app db_name $db_name
- fi
-
- #=================================================
- # CHANGE THE FAKE DEPENDENCIES PACKAGE
- #=================================================
-
- # Check if a variable $pkg_dependencies exists
- # If this variable doesn't exist, this part shall be managed in the upgrade script.
- if [ -n "${pkg_dependencies:-}" ]
- then
- # Define the name of the package
- local old_package_name="${old_app//_/-}-ynh-deps"
- local new_package_name="${new_app//_/-}-ynh-deps"
-
- if ynh_package_is_installed "$old_package_name"
- then
- # Install a new fake package
- app=$new_app
- ynh_install_app_dependencies $pkg_dependencies
- # Then remove the old one
- app=$old_app
- ynh_remove_app_dependencies
- fi
- fi
-
- #=================================================
- # UPDATE THE ID OF THE APP
- #=================================================
-
- app=$new_app
-
- # Set migration_process to 1 to inform that an upgrade has been made
- migration_process=1
- fi
-}
diff --git a/scripts/install b/scripts/install
index 2fc9231..231e491 100644
--- a/scripts/install
+++ b/scripts/install
@@ -3,143 +3,216 @@
#=================================================
# GENERIC START
#=================================================
-
-# Load common variables and helpers
-source ./experimental_helper.sh
-source ./_common.sh
-
# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
source /usr/share/yunohost/helpers
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
-ynh_script_progression --message="Validating installation parameters..."
+#=================================================
+# RETRIEVE ARGUMENTS FROM THE MANIFEST
+#=================================================
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
-upstream_version=$(ynh_app_upstream_version)
+key=$(ynh_string_random --length=24)
+
+app=$YNH_APP_INSTANCE_NAME
+
+#=================================================
+# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
+#=================================================
+ynh_script_progression --message="Validating installation parameters..." --weight=1
+
+final_path=/opt/$app
+test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
-ynh_webpath_register --app $app --domain $domain --path_url $path_url
+ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
-# Check user parameter
-ynh_user_exists "$admin" \
- || ynh_die --message "The chosen admin user does not exist."
+#=================================================
+# STORE SETTINGS FROM MANIFEST
+#=================================================
+ynh_script_progression --message="Storing installation settings..." --weight=1
-# Check Final Path availability
-test ! -e "$final_path" || ynh_die --message "This path already contains a folder"
-
-if [ -e "$DATADIR" ]; then
- old_data_dir_path="$DATADIR$(date '+%Y%m%d.%H%M%S')"
- ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
- mv "$DATADIR" "$old_data_dir_path"
-fi
-
-# Generate random password and key
-ynh_script_progression --message="Defining db password and key..."
-dbpass=$(ynh_string_random)
-key=$(ynh_string_random)
-
-# Find available ports
-port=$(ynh_find_port --port 6000)
-
-# Store Settings
-ynh_script_progression --message="Storing installation settings..."
-ynh_app_setting_set --app $app --key mysqlpwd --value $dbpass
-ynh_app_setting_set --app $app --key adminusername --value $admin
-ynh_app_setting_set --app $app --key is_public --value $is_public
-ynh_app_setting_set --app $app --key secret_key --value $key
-ynh_app_setting_set --app $app --key web_port --value $port
+ynh_app_setting_set --app=$app --key=domain --value=$domain
+ynh_app_setting_set --app=$app --key=admin --value=$admin
+ynh_app_setting_set --app=$app --key=path --value=$path_url
+ynh_app_setting_set --app=$app --key=key --value=$key
#=================================================
# STANDARD MODIFICATIONS
#=================================================
+# FIND AND OPEN A PORT
+#=================================================
+ynh_script_progression --message="Finding an available port..." --weight=1
-# Initialize database and store mysql password for upgrade
-ynh_script_progression --message="Configuring MySQL database..."
-ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
+# Find an available port
+port=$(ynh_find_port --port=6000)
+ynh_app_setting_set --app=$app --key=port --value=$port
-# Add users
-ynh_script_progression --message="Configuring system user..."
-ynh_system_user_create --username=$app --home_dir=/home/$app --use_shell
+#=================================================
+# CREATE A MYSQL DATABASE
+#=================================================
+ynh_script_progression --message="Creating a MySQL database..." --weight=3
+
+db_name=$(ynh_sanitize_dbid --db_name=$app)
+db_user=$db_name
+ynh_app_setting_set --app=$app --key=db_name --value=$db_name
+ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..." --weight=1
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir=$final_path
+
+# Add SSH permission for Gitea user
+adduser $app ssh.app
+
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+ynh_script_progression --message="Setting up source files..." --weight=3
+
+ynh_app_setting_set --app=$app --key=final_path --value=$final_path
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source --dest_dir=$final_path --source_id=$YNH_ARCH
+
+mkdir -p "$final_path/custom/conf"
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+chmod +x "$final_path/gitea"
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Configuring NGINX web server..." --weight=2
+
+# Create a dedicated NGINX config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DATA DIRECTORY
+#=================================================
+ynh_script_progression --message="Creating a data directory..." --weight=1
+
+datadir=/home/yunohost.app/$app
+ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+
+mkdir -p $datadir
# create needed directories
-create_dir
+mkdir -p "$datadir/data/{repositories,avatars,attachments}"
+
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:www-data "$datadir"
+
+#=================================================
+# ADD A CONFIGURATION
+#=================================================
+ynh_script_progression --message="Adding a configuration file..." --weight=1
+
+ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
+ynh_add_config --template="../conf/app.ini" --destination="$final_path/custom/conf/app.ini"
+
+chmod 640 "$final_path/custom/conf/app.ini"
+chown $app:$app "$final_path/custom/conf/app.ini"
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Configure init script
-ynh_script_progression --message="Configuring a systemd service..." --weight=2
ynh_add_systemd_config
-# Modify Nginx configuration file and copy it to Nginx conf directory
-ynh_script_progression --message="Configuring nginx..." --weight=1
-config_nginx
-
-# Configure gitea with app.ini file
-ynh_script_progression --message="Configuring application, step 1/2..."
-config_gitea
-
-ynh_script_progression --message="Installing sources files..." --weight=10
-
-# Install gitea
-ynh_setup_source $final_path source/$architecture
-
-# Set permissions
-ynh_script_progression --message="Protecting directory"
-set_permission
-
-ynh_script_progression --message="Configuring application, step 2/2..."
-
-# Start gitea for building mysql tables
-systemctl start "$app".service
-
-# Wait untill login_source mysql table is created
-while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" <<< "SELECT * FROM login_source;" &>/dev/null)
-do
- sleep 2
-done
-
-# Add ldap config
-ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
-
-# SETUP FAIL2BAN
-ynh_script_progression --message="Configuring fail2ban..."
-ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5
-
#=================================================
# GENERIC FINALIZATION
#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_script_progression --message="Configuring log rotation..." --weight=1
-# Unprotect root from SSO if public
-ynh_script_progression --message="Protecting directory"
-set_access_settings
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate
-# Create permission
-ynh_script_progression --message="Configuring permissions"
+mkdir -p "/var/log/$app"
+chmod u=rwX,g=rX,o= "/var/log/$app"
+chown -R $app: "/var/log/$app"
+
+#=================================================
+# INTEGRATE SERVICE IN YUNOHOST
+#=================================================
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
+
+yunohost service add $app --description="Lightweight Git forge" --log="/var/log/$app/$app.log"
+
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting a systemd service..." --weight=3
+
+# Start a systemd service
+ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
+
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
+
+# Create a dedicated Fail2Ban config
+ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+ynh_script_progression --message="Configuring permissions..." --weight=1
+
+# Make app public if necessary or protect it
+if [ $is_public -eq 1 ]
+then
+ # Everyone can access the app.
+ # The "main" permission is automatically created before the install script.
+ ynh_permission_update --permission="main" --add="visitors"
+fi
+
+# Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission="admin" --allowed=$admin
-# Add gitea to YunoHost's monitored services
-ynh_script_progression --message="Register gitea service..."
-yunohost service add "$app" --log "/var/log/$app/gitea.log"
+#=================================================
+# RELOAD NGINX
+#=================================================
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
-# Configure logrotate
-ynh_script_progression --message="Configuring log rotation..."
-ynh_use_logrotate --logfile "/var/log/$app"
+ynh_systemd_action --service_name=nginx --action=reload
-# Save Version
-ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version)
+#=================================================
+# LDAP CONFIGURATION
+#=================================================
+ynh_script_progression --message="Adding LDAP configuration..." --weight=1
-# Reload services
-ynh_script_progression --message="Starting gitea services..." --weight=3
-ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10
-sleep 1
+pushd "$final_path"
+ ynh_exec_as $app ./gitea admin auth add-ldap --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-filter "(&(uid=%s)(objectClass=posixAccount)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" --admin-filter "(permission=cn=$app.admin,ou=permission,dc=yunohost,dc=org)"
+popd
-# Store the checksum with the 'INTERNAL_TOKEN' value.
-# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed
-ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"
+#=================================================
+# END OF SCRIPT
+#=================================================
ynh_script_progression --message="Installation of $app completed" --last
diff --git a/scripts/remove b/scripts/remove
index 36ce240..039326c 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -3,62 +3,123 @@
#=================================================
# GENERIC START
#=================================================
-
-# Load common variables and helpers
-source ./experimental_helper.sh
-source ./_common.sh
-
# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
source /usr/share/yunohost/helpers
-ynh_script_progression --message="Loading installation settings..."
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_script_progression --message="Loading installation settings..." --weight=1
-# Retrieve domain from app settings
-domain=$(ynh_app_setting_get --app $app --key domain)
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get --app=$app --key=domain)
+port=$(ynh_app_setting_get --app=$app --key=port)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# STANDARD REMOVE
#=================================================
+# REMOVE SERVICE INTEGRATION IN YUNOHOST
+#=================================================
-# Stop gitea
-ynh_script_progression --message="Stoping services..."
-systemctl stop "$app".service
+# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
+if ynh_exec_warn_less yunohost service status $app >/dev/null
+then
+ ynh_script_progression --message="Removing $app service integration..." --weight=1
+ yunohost service remove $app
+fi
-# Drop MySQL database and user
-ynh_script_progression --message="Removing databases..."
-ynh_mysql_drop_db "$dbname" 2>/dev/null
-ynh_mysql_drop_user "$dbuser" 2>/dev/null
+#=================================================
+# STOP AND REMOVE SERVICE
+#=================================================
+ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
-# Delete app directory and configurations
-ynh_script_progression --message="Removing code..."
-ynh_secure_remove --file="$final_path"
-ynh_script_progression --message="Removing logs..."
-ynh_secure_remove --file="/var/log/$app"
+# Remove the dedicated systemd config
+ynh_remove_systemd_config
+
+#=================================================
+# REMOVE LOGROTATE CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing logrotate configuration..." --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
-# Remove nginx config
-ynh_script_progression --message="Removing nginx configuration..."
+#=================================================
+# REMOVE THE DATABASE
+#=================================================
+ynh_script_progression --message="Removing the database..." --weight=2
+
+# Remove a database if it exists, along with the associated user
+ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
+
+#=================================================
+# REMOVE DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Removing dependencies..." --weight=1
+
+# Remove metapackage and its dependencies
+ynh_remove_app_dependencies
+
+#=================================================
+# REMOVE APP MAIN DIR
+#=================================================
+ynh_script_progression --message="Removing app main directory..." --weight=3
+
+# Remove the app directory securely
+ynh_secure_remove --file="$final_path"
+
+#=================================================
+# REMOVE DATA DIR
+#=================================================
+
+# Remove the app data directory with the command `yunohost app remove gogs --purge`
+if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
+then
+ ynh_script_progression --message="Removing $app data directory..." --weight=2
+ ynh_secure_remove --file="$datadir"
+fi
+
+#=================================================
+# REMOVE NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
+
+# Remove the dedicated NGINX config
ynh_remove_nginx_config
-# Remove gitea user and data
-ynh_script_progression --message="Removing the dedicated system user..."
-ynh_system_user_delete $app
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
-# Remove init script
-ynh_script_progression --message="Removing systemd units..."
-ynh_remove_systemd_config
-
-# Remove monitor
-ynh_script_progression --message="Removing gitea service..."
-yunohost service remove "$app"
-
-# Remove fail2ban config
-ynh_script_progression --message="Removing fail2ban configuration..."
+# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
-ynh_print_info --message="Due of the backup core only feature the data directory in '$DATADIR' was not removed. It need to be removed manually to purge app user data."
+#=================================================
+# REMOVE VARIOUS FILES
+#=================================================
+ynh_script_progression --message="Removing various files..." --weight=1
+
+ynh_secure_remove --file="/var/log/$app"
+
+#=================================================
+# REMOVE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Removing the dedicated system user..." --weight=1
+
+# Delete a system user
+ynh_system_user_delete --username=$app
+
+#=================================================
+# END OF SCRIPT
+#=================================================
ynh_script_progression --message="Removal of $app completed" --last
-sleep 1
diff --git a/scripts/restore b/scripts/restore
index 788a539..d9f2041 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -3,82 +3,145 @@
#=================================================
# GENERIC START
#=================================================
-
-# Load common variables and helpers
-source ../settings/scripts/experimental_helper.sh
-source ../settings/scripts/_common.sh
-
# IMPORT GENERIC HELPERS
+#=================================================
+
+source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
-ynh_script_progression --message="Loading settings..."
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_script_progression --message="Loading installation settings..." --weight=1
-# Retrieve old app settings
-domain=$(ynh_app_setting_get --app $app --key domain)
-path_url=$(ynh_app_setting_get --app $app --key path)
-dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
-admin=$(ynh_app_setting_get --app $app --key adminusername)
-port=$(ynh_app_setting_get --app $app --key web_port)
-upstream_version=$(ynh_app_setting_get $app upstream_version)
+app=$YNH_APP_INSTANCE_NAME
-# Check domain/path availability with app helper
-ynh_webpath_available --domain $domain --path_url $path_url || ynh_die --message "$domain is not available as domain, please use an other domain."
+domain=$(ynh_app_setting_get --app=$app --key=domain)
+path_url=$(ynh_app_setting_get --app=$app --key=path)
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
+admin=$(ynh_app_setting_get --app=$app --key=admin)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
-# Check user parameter
-ynh_user_exists "$admin" \
- || ynh_die --message "The chosen admin user does not exist."
+#=================================================
+# CHECK IF THE APP CAN BE RESTORED
+#=================================================
+ynh_script_progression --message="Validating restoration parameters..." --weight=2
-# Check Final Path availability
-test ! -e "$final_path" || ynh_die --message "This path already contains a folder"
+test ! -d $final_path \
+ || ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
+# RESTORE THE NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1
-# Add users
-ynh_script_progression --message="Configuring system user..."
-ynh_system_user_create --username=$app --home_dir=/home/$app --use_shell
+ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-# Restore all files
-ynh_script_progression --message="Restoring files..." --weight=10
-ynh_restore
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
-# Create and restore the database
-ynh_script_progression --message="Restoring database..." --weight=3
-ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
-ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
-# Restore systemd files
-systemctl daemon-reload
-systemctl enable "$app".service --quiet
+#=================================================
+# RESTORE THE APP MAIN DIR
+#=================================================
+ynh_script_progression --message="Restoring $app main directory..." --weight=10
-# SETUP FAIL2BAN
-ynh_script_progression --message="Configuring fail2ban..."
-ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5
+ynh_restore_file --origin_path="$final_path"
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
+#=================================================
+# RESTORE THE DATA DIRECTORY
+#=================================================
+ynh_script_progression --message="Restoring the data directory..." --weight=1
+
+ynh_restore_file --origin_path="$datadir" --not_mandatory
+
+mkdir -p $datadir
+
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:www-data "$datadir"
+
+#=================================================
+# RESTORE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1
+
+ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
+ynh_systemd_action --action=restart --service_name=fail2ban
+
+#=================================================
+# RESTORE THE DATABASE
+#=================================================
+ynh_script_progression --message="Restoring the database..." --weight=6
+
+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
+ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
+ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
+
+#=================================================
+# RESTORE SYSTEMD
+#=================================================
+ynh_script_progression --message="Restoring the systemd configuration..." --weight=5
+
+ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
+systemctl enable $app.service --quiet
+
+#=================================================
+# RESTORE THE LOGROTATE CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
+
+ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+
+ynh_restore_file --origin_path="/var/log/$app"
+chown -R $app:$app "/var/log/$app"
+chmod u=rwX,g=rX,o= "/var/log/$app"
+
+#=================================================
+# INTEGRATE SERVICE IN YUNOHOST
+#=================================================
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
+
+yunohost service add $app --description="Lightweight Git forge" --log="/var/log/$app/$app.log"
+
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting a systemd service..." --weight=3
+
+ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
#=================================================
# GENERIC FINALIZATION
#=================================================
+# RELOAD NGINX
+#=================================================
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
-# Set permissions
-ynh_script_progression --message="Protecting directory..."
-set_permission
+ynh_systemd_action --service_name=nginx --action=reload
-# Configure logrotate
-ynh_script_progression --message="Configuring log rotation..."
-ynh_use_logrotate --logfile "/var/log/$app"
-
-# Add gitea to YunoHost's monitored services
-ynh_script_progression --message="Register gitea service..."
-yunohost service add "$app" --log /var/log/"$app"/gitea.log
-
-# Reload services
-ynh_script_progression --message="Reloading services..."
-systemctl reload nginx.service
-ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10
-sleep 1
+#=================================================
+# END OF SCRIPT
+#=================================================
ynh_script_progression --message="Restoration completed for $app" --last
diff --git a/scripts/upgrade b/scripts/upgrade
index 2b75536..70a2384 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -3,267 +3,204 @@
#=================================================
# GENERIC START
#=================================================
-
-# Load common variables and helpers
-source ./experimental_helper.sh
-source ./_common.sh
-
# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
source /usr/share/yunohost/helpers
-# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
-# Retrieve app settings
-ynh_script_progression --message="Loading installation settings..."
-domain=$(ynh_app_setting_get --app $app --key domain)
-path_url=$(ynh_normalize_url_path --path_url $(ynh_app_setting_get --app $app --key path))
-dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
-admin=$(ynh_app_setting_get --app $app --key adminusername)
-key=$(ynh_app_setting_get --app $app --key secret_key)
-is_public=$(ynh_app_setting_get --app $app --key is_public)
-port=$(ynh_app_setting_get --app $app --key web_port)
-upstream_version=$(ynh_app_setting_get --app $app --key upstream_version)
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_script_progression --message="Loading installation settings..." --weight=1
+
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get --app=$app --key=domain)
+path_url=$(ynh_app_setting_get --app=$app --key=path)
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+admin=$(ynh_app_setting_get --app=$app --key=admin)
+port=$(ynh_app_setting_get --app=$app --key=port)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
+key=$(ynh_app_setting_get --app=$app --key=key)
#=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
-#=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=10
-
-# We stop the service before to set ynh_clean_setup
-ynh_systemd_action --service_name=$app.service --action=stop
-
-# Backup the current version of the app
-if [ "0$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" -ne 1 ]
-then
- ynh_backup_before_upgrade
- ynh_clean_setup () {
- # Clean installation remainings that are not handled by the remove script.
- ynh_clean_check_starting
- ynh_restore_upgradebackup
- }
-fi
-
-#=================================================
-# MIGRATION FROM GOGS
+# CHECK VERSION
#=================================================
-[[ $YNH_APP_ID == "gogs" ]] \
- && [[ "$(cat "/opt/$app/templates/.VERSION")" != 0.11.79.1211 ]] \
- && ynh_die --message "It look like that you have an old gogs install. You need first upgrade gogs instance (id : $gogs_migrate_id) and after migrate to gitea."
-ynh_handle_app_migration --migration_id=gogs --migration_list=gogs_migrations
-
-if [[ $migration_process -eq 1 ]]; then
- # Reload variables
- dbname=$app
- dbuser=$app
- final_path="/opt/$app"
- DATADIR="/home/$app"
- REPO_PATH="$DATADIR/repositories"
- DATA_PATH="$DATADIR/data"
-
- # Replace the user
- ynh_system_user_delete $old_app
- test getent passwd "$app" &>/dev/null || \
- useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \
- ynh_die --message "Unable to create $app system account"
-
- # Clean old binary
- ynh_secure_remove --file=$final_path/gogs
- ynh_secure_remove --file=$final_path/custom/conf/auth.d
-
- # Restore authentication from SQL database
- ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql
- ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
-
- # Fix hooks
- if [[ -e $REPO_PATH ]];then
- ls $REPO_PATH/*/*.git/hooks/pre-receive | while read p; do
- ynh_secure_remove --file=$p
- done
- ls $REPO_PATH/*/*.git/hooks/post-receive | while read p; do
- ynh_secure_remove --file=$p
- done
- fi
-
- upstream_version="0.0.1"
-fi
+upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
+# STOP SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Stopping a systemd service..." --weight=2
-ynh_script_progression --message="Configuring application..."
-
-# Clean template to fix issue : https://github.com/gogits/gogs/issues/4585
-ynh_secure_remove --file="/opt/$app/templates"
-
-# Configure gitea with app.ini file
-config_gitea
-
-# Configure init script
-ynh_script_progression --message="Updating systemd units..."
-ynh_add_systemd_config
-
-# Modify Nginx configuration file and copy it to Nginx conf directory
-ynh_script_progression --message="Configuring nginx..." --weight=1
-config_nginx
+ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
#=================================================
-# DB migration
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
-ynh_script_progression --message="Upgrading database and sources..." --weight=6
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+ # Restore it if the upgrade fails
+ ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
-# Before the version 1.7 the upstream version was not stored
-# The way to find the version for the install < 1.7 is to parse the binary file to find which version is installed
-if [ -z ${upstream_version:-} ]; then
- for version in "0.0." "1.0." "1.1." "1.2." "1.3." "1.4." "1.5." "1.6." "1.7."; do
- if strings $final_path/gitea | grep -P "^${version//./\\.}\d"; then
- upstream_version="${version}0"
- break
- fi
- done
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
+
+# If db_name doesn't exist, create it
+if [ -z "$db_name" ]; then
+ db_name=$(ynh_sanitize_dbid --db_name=$app)
+ ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
-restart_gitea() {
- # Set permissions
- set_permission
- ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 30
- # Leave the time to update the database schema
- sleep 5
- systemctl stop $app
-}
+# If port doesn't exist, create it
+if [ -z "$port" ]; then
+ port=$(ynh_find_port --port=6000)
+ynh_app_setting_set --app=$app --key=port --value=$port
+fi
-case $upstream_version in
-"0.0."* )
- ynh_setup_source $final_path source/${architecture}_1.0
- set_permission
- systemctl start $app
- sleep 20
- systemctl stop $app
-;&
-"1.0."* )
- ynh_setup_source $final_path source/${architecture}_1.1
- restart_gitea
-;&
-"1.1."* )
- ynh_setup_source $final_path source/${architecture}_1.2
- restart_gitea
-;&
-"1.2."* )
- ynh_setup_source $final_path source/${architecture}_1.3
- restart_gitea
-;&
-"1.3."* )
- ynh_setup_source $final_path source/${architecture}_1.4
- restart_gitea
-;&
-"1.4."* )
- ynh_setup_source $final_path source/${architecture}_1.5
- restart_gitea
-;&
-"1.5."* )
- ynh_setup_source $final_path source/${architecture}_1.6
- restart_gitea
-;&
-"1.6."* )
- ynh_setup_source $final_path source/${architecture}_1.7
- restart_gitea
-;&
-"1.7."* )
- ynh_setup_source $final_path source/${architecture}_1.8
- restart_gitea
-;&
-"1.8."* )
- ynh_setup_source $final_path source/${architecture}_1.9
- restart_gitea
-;&
-"1.9."* )
- ynh_setup_source $final_path source/${architecture}_1.10
- restart_gitea
-;&
-"1.10."* )
- ynh_setup_source $final_path source/${architecture}_1.11
- restart_gitea
-;&
-"1.11."* )
- ynh_setup_source $final_path source/${architecture}_1.12
- restart_gitea
-;&
-"1.12."* )
- ynh_setup_source $final_path source/${architecture}_1.13
- restart_gitea
-;&
-esac
+# If final_path doesn't exist, create it
+if [ -z "$final_path" ]; then
+ final_path=/opt/$app
+ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
+fi
-# Install gitea source
-ynh_setup_source $final_path source/$architecture
+# If new "/home/yunohost.app/$app" doesn't exist, create it
+if [ -z "/home/yunohost.app/$app" ]; then
+ datadir=/home/yunohost.app/$app
+ ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+ mkdir -p $datadir
+ mkdir -p "$datadir/data/{repositories,avatars,attachments}"
+ mkdir -p "$datadir/.ssh"
-# SETUP FAIL2BAN
-ynh_script_progression --message="Configuring fail2ban..."
-ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5
+ chmod 750 "$datadir"
+ chmod -R o-rwx "$datadir"
+ chown -R $app:www-data "$datadir"
+ chown -R $app:$app "$datadir/.ssh"
+
+ mv -a "/home/$app" "$datadir"
+ ynh_secure_remove --file="/home/$app"
+fi
+
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+ ynh_legacy_permissions_delete_all
+
+ ynh_app_setting_delete --app=$app --key=is_public
+fi
+
+if ! ynh_permission_exists --permission="admin"; then
+ # Create the required permissions
+ ynh_permission_create --permission="admin" --allowed=$admin
+fi
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
+# Add SSH permission for Gitea user
+adduser $app ssh.app
+
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+ynh_script_progression --message="Setting up source files..." --weight=3
+
+ynh_app_setting_set --app=$app --key=final_path --value=$final_path
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source --dest_dir=$final_path --source_id=$YNH_ARCH #--keep="$final_path/custom/conf/app.ini"
+
+mkdir -p "$final_path/custom/conf"
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+chmod +x "$final_path/gitea"
+
+#=================================================
+# ADD A CONFIGURATION
+#=================================================
+ynh_script_progression --message="Adding a configuration file..." --weight=1
+
+ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
+ynh_add_config --template="../conf/app.ini" --destination="$final_path/custom/conf/app.ini"
+
+chmod 640 "$final_path/custom/conf/app.ini"
+chown $app:$app "$final_path/custom/conf/app.ini"
+
+#=================================================
+# SETUP SYSTEMD
+#=================================================
+ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
+
+# Create a dedicated systemd config
+ynh_add_systemd_config
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
+
+# Create a dedicated NGINX config
+ynh_add_nginx_config
#=================================================
# GENERIC FINALIZATION
#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_script_progression --message="Configuring log rotation..." --weight=1
-# Set all permissions
-ynh_script_progression --message="Update permission..."
-if ! ynh_permission_exists --permission admin; then
- ynh_app_setting_delete --app $app --key unprotected_uris
- ynh_permission_create --permission 'admin' --allowed "$admin"
- # Update ldap config
- ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
- ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
-fi
-if [ "$is_public" == '1' ];
-then
- ynh_permission_update --permission "main" --add "visitors"
-fi
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate
-# Add gitea to YunoHost's monitored services
-ynh_script_progression --message="Register gitea service..."
-yunohost service add "$app" --log "/var/log/$app/gitea.log"
-
-# Set permissions
-ynh_script_progression --message="Protecting directory"
-set_permission
-
-# Save Version
-ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version)
-
-# Unprotect root from SSO if public
-ynh_script_progression --message="Configuring permissions..."
-set_access_settings
-
-# Reload services
-ynh_script_progression --message="Starting gitea services..." --weight=3
-ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10
-sleep 1
-
-# Store the checksum with the 'INTERNAL_TOKEN' value.
-# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed
-ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"
+chown -R $app:$app "/var/log/$app"
+chmod u=rwX,g=rX,o= "/var/log/$app"
#=================================================
-# FINISH MIGRATION PROCESS
+# INTEGRATE SERVICE IN YUNOHOST
#=================================================
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
-if [[ $migration_process -eq 1 ]]; then
- echo "gogs has been successfully migrated to Gitea! \
-A last scheduled operation will run in a couple of minutes to finish the \
-migration in YunoHost side. Do not proceed any application operation while \
-you don't see Gogs as installed." >&2
+yunohost service add $app --description="Lightweight Git forge" --log="/var/log/$app/$app.log"
- # Execute a post migration script after the end of this upgrade.
- # Mainly for some cleaning
- script_post_migration=gogs_post_migration.sh
- ynh_replace_string --match_string __OLD_APP__ --replace_string "$old_app" --target_file ../conf/$script_post_migration
- ynh_replace_string --match_string __NEW_APP__ --replace_string "$app" --target_file ../conf/$script_post_migration
- cp ../conf/$script_post_migration /tmp
- chmod +x /tmp/$script_post_migration
- (cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes)
-fi
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting a systemd service..." --weight=1
+
+# Start a systemd service
+ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
+
+#=================================================
+# RELOAD NGINX
+#=================================================
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
+
+ynh_systemd_action --service_name=nginx --action=reload
+
+#=================================================
+# END OF SCRIPT
+#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last