ansible-infra/ansible_collections/nullified/infrastructure/roles/forgejo/templates/app.ini.j2

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Default Configuration (non-`app.ini` configuration)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; These values are environment-dependent but form the basis of a lot of values. They will be
;; reported as part of the default configuration when running `gitea help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
;;
;; - _`AppPath`_: This is the absolute path of the running gitea binary.
;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
;;   - The "WORK_PATH" option in "app.ini" file
;;   - The `--work-path` flag passed to the binary
;;   - The environment variable `$GITEA_WORK_DIR`
;;   - A built-in value set at build time (see building from source)
;;   - Otherwise it defaults to the directory of the _`AppPath`_
;;   - If any of the above are relative paths then they are made absolute against the directory of the _`AppPath`_
;; - _`CustomPath`_: This is the base directory for custom templates and other options. It is determined by using the first set thing in the following hierarchy:
;;   - The `--custom-path` flag passed to the binary
;;   - The environment variable `$GITEA_CUSTOM`
;;   - A built-in value set at build time (see building from source)
;;   - Otherwise it defaults to _`AppWorkPath`_`/custom`
;;   - If any of the above are relative paths then they are made absolute against the directory of the _`AppWorkPath`_
;; - _`CustomConf`_: This is the path to the `app.ini` file.
;;   - The `--config` flag passed to the binary
;;   - A built-in value set at build time (see building from source)
;;   - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
;;   - If any of the above are relative paths then they are made absolute against the directory of the _`CustomPath`_
;;
;; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
;; App name that shows in every page title
APP_NAME = {{ forgejo_config_app_name | default('Forgejo', True) }}; Forgejo: Beyond coding. We Forge.
;; RUN_USER will automatically detect the current user - but you can set it here change it if you run locally
RUN_USER = {{ forgejo_user }}
;; The working directory, see the comment of AppWorkPath above
WORK_PATH = {{ forgejo_home_dir }}

[server]
;; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http'
PROTOCOL = {{ forgejo_config_server_protocol | default('http', True) | lower }}
;; Set the domain for the server
DOMAIN = {{ forgejo_config_server_domain_name | default('localhost', True) }}
;; Overwrite the automatically generated public URL. Necessary for proxies and docker.
ROOT_URL = {{ forgejo_config_server_root_url | default('%(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/', True) }}
;; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
;; If PROTOCOL is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use.
;; Relative paths will be made absolute against the _`AppWorkPath`_.
HTTP_ADDR = {{ forgejo_config_server_http_addr | default('127.0.0.1', True) }}
;; The port to listen on. Leave empty when using a unix socket.
HTTP_PORT = {{ forgejo_config_server_http_port | default(3000, True) }}
;; Minimum and maximum supported TLS versions
SSL_MIN_VERSION = TLSv1.2
;; SSL Curve Preferences
SSL_CURVE_PREFERENCES = {{ forgejo_config_server_curve_preferences | default('X25519', True) }}
;; SSL Cipher Suites
SSL_CIPHER_SUITES = {{ forgejo_config_server_cipher_suites | default('ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305', True) }}
;; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. In
;; most cases you do not need to change the default value. Alter it only if
;; your SSH server node is not the same as HTTP node. For different protocol, the default
;; values are different. If `PROTOCOL` is `http+unix`, the default value is `http://unix/`.
;; If `PROTOCOL` is `fcgi` or `fcgi+unix`, the default value is `%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/`.
;; If listen on `0.0.0.0`, the default value is `%(PROTOCOL)s://localhost:%(HTTP_PORT)s/`, Otherwise the default
;; value is `%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/`.
LOCAL_ROOT_URL = {{ forgejo_config_server_local_root_url | default('%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/', True) }}
;; SSH username displayed in clone URLs.
SSH_USER = {{ forgejo_config_server_ssh_user | default(forgejo_user, True) }}
;; Port number to be exposed in clone URL
SSH_PORT = {{ forgejo_config_server_ssh_port | default(22, True) }}
;; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
;SSH_ROOT_PATH =
;; Indicate whether to check minimum key size with corresponding type
MINIMUM_KEY_SIZE_CHECK = true
;; TLS Settings: Either ACME or manual
;; (Other common TLS configuration are found before)
ENABLE_ACME = {{ forgejo_config_server_enable_acme | default('false', True) }}
;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
ACME_ACCEPTTOS = true
;; Email used for the ACME registration service
;; Can be left blank to initialize at first run and use the cached value
ACME_EMAIL = {{ forgejo_config_server_acme_email | default('', True) }}
;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
LANDING_PAGE = {{ forgejo_config_server_landing_page | default('explore', True) }}
;; Enables git-lfs support. true or false, default is false.
LFS_START_SERVER = true
;; Alternative location to specify LFS authentication secret. You cannot specify both this and LFS_JWT_SECRET, and must pick one
LFS_JWT_SECRET = {{ forgejo_config_server_lfs_jwt_secret | default(lookup("ansible.builtin.password", "/dev/null", chars=["ascii_lowercase", "ascii_uppercase", "digits"], length=40), True) }}
;; Maximum allowed LFS file size in bytes (Set to 0 for no limit).
LFS_MAX_FILE_SIZE = {{ forgejo_config_server_lfs_max_file_size | default(0, True) }}

[database]
;; Database to use. Either "sqlite3", "mySQL" or "postgres".
DB_TYPE = {{ forgejo_config_database_db_type | default('sqlite3', True) }}
;; MySQL Configuration
{% if forgejo_config_database_db_type | lower == 'mysql' %}
HOST = {{ forgejo_config_database_host | default('127.0.0.1:3306') }}
NAME = {{ forgejo_config_database_name }}
USER = {{ forgejo_config_database_user }}
PASSWD = `{{ forgejo_config_database_password }}`
SSL_MODE = {{ forgejo_config_database_ssl_mode | default('false', True) }} ; either "false" (default), "true", or "skip-verify"
CHARSET_COLLATION = {{ forgejo_config_database_charset_collation | default('', True) }} ; Empty as default, Gitea will try to find a case-sensitive collation. Don't change it unless you clearly know what you need.
{% elif forgejo_config_database_db_type | lower == 'postgres' %}
HOST = {{ forgejo_config_database_host | default('127.0.0.1:5432') }} ; can use socket e.g. /var/run/postgresql/
NAME = {{ forgejo_config_database_name }}
USER = {{ forgejo_config_database_user }}
PASSWD = `{{ forgejo_config_database_password }}`
SSL_MODE = {{ forgejo_config_database_ssl_mode | default('disable', True) }} ; either "disable" (default), "require", or "verify-full"
SCHEMA = {{ forgejo_config_database_schema | default('public', True) }}
{% endif %}

[security]
;; Whether the installer is disabled (set to true to disable the installer)
INSTALL_LOCK = true
;; Alternative location to specify secret key, instead of this file; you cannot specify both this and SECRET_KEY, and must pick one
;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
SECRET_KEY = {{ forgejo_config_security_secret_key | default(lookup("ansible.builtin.password", "/dev/null", chars=["ascii_lowercase", "ascii_uppercase", "digits"], length=40), True) }}
INTERNAL_TOKEN = {{ forgejo_config_security_internal_token | default(lookup("ansible.builtin.password", "/dev/null", chars=["ascii_lowercase", "ascii_uppercase", "digits"], length=40), True) }}
;; Name of cookie used to store authentication information.
COOKIE_REMEMBER_NAME = pouncy_forge
;; List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
REVERSE_PROXY_TRUSTED_PROXIES = {{ forgejo_config_security_trusted_proxies | default('127.0.0.0/8,::1/128', True) }}
;; The minimum password length for new Users
MIN_PASSWORD_LENGTH = {{ forgejo_config_security_min_password_length | default(16, True) }}
; Set to false to allow users with git hook privileges to create custom git hooks.
;; Custom git hooks can be used to perform arbitrary code execution on the host operating system.
;; This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
;; By modifying the Gitea database, users can gain Gitea administrator privileges.
;; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
;; WARNING: This maybe harmful to you website or your operating system.
;; WARNING: Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
DISABLE_GIT_HOOKS = true
;; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
;;Comma separated list of character classes required to pass minimum complexity.
;;If left empty or no valid values are specified, the default is off (no checking)
;;Classes include "lower,upper,digit,spec"
PASSWORD_COMPLEXITY = {{ forgejo_config_security_password_complexity | default('off', True) }}
;; Password Hash algorithm, either "argon2", "pbkdf2"/"pbkdf2_v2", "pbkdf2_hi", "scrypt" or "bcrypt"
PASSWORD_HASH_ALGO = {{ forgejo_config_security_password_hash_lib | default('pbkdf2_hi', True) }}
;; Reject API tokens sent in URL query string (Accept Header-based API tokens only). This avoids security vulnerabilities
;; stemming from cached/logged plain-text API tokens.
;; In future releases, this will become the default behavior
DISABLE_QUERY_AUTH_TOKEN = true

[oauth2]
;; Enables OAuth2 provider
ENABLED = true
;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
JWT_SIGNING_ALGORITHM = EdDSA
;; Lifetime of an OAuth2 access token in seconds
;ACCESS_TOKEN_EXPIRATION_TIME = 3600
;; Lifetime of an OAuth2 refresh token in hours
;REFRESH_TOKEN_EXPIRATION_TIME = 730
;; Check if refresh token got already used
INVALIDATE_REFRESH_TOKENS = true
;; Pre-register OAuth2 applications for some universally useful services
;; * https://github.com/hickford/git-credential-oauth
;; * https://github.com/git-ecosystem/git-credential-manager
;; * https://gitea.com/gitea/tea
DEFAULT_APPLICATIONS = git-credential-oauth, git-credential-manager

[log]
;; Either "console", "file" or "conn", default is "console"
;; Use comma to separate multiple modes, e.g. "console, file"
MODE = console
;; Either "Trace", "Debug", "Info", "Warn", "Error" or "None", default is "Info"
LEVEL = Info

[git]
;; The HOME directory for Git
HOME_PATH = {{ forgejo_home_dir | default('%(APP_DATA_PATH)s/home', True) }}
;; Max number of lines allowed in a single file in diff view
MAX_GIT_DIFF_LINES = 10000
;; Max number of allowed characters in a line in diff view
MAX_GIT_DIFF_LINE_CHARACTERS = 5000
;; Max number of files shown in diff view
MAX_GIT_DIFF_FILES = 100
;; Set the default commits range size
COMMITS_RANGE_SIZE = 50
;; Set the default branches range size
BRANCHES_RANGE_SIZE = 20
;; Print out verbose infos on push to stdout
VERBOSE_PUSH = true
;; Delay before verbose push infos are printed to stdout
VERBOSE_PUSH_DELAY = 5s
;; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
;; To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
ENABLE_AUTO_GIT_WIRE_PROTOCOL = true

[service]
;; Whether a new user needs to confirm their email when registering.
REGISTER_EMAIL_CONFIRM = {{ forgejo_config_service_register_confirm | default('false', True) }}
;; Whether a new user needs to be confirmed manually after registration. (Requires `REGISTER_EMAIL_CONFIRM` to be disabled.)
REGISTER_MANUAL_CONFIRM = {{ forgejo_config_service_manual_confirm | default('false', True) }}
;; Disallow registration, only allow admins to create accounts.
DISABLE_REGISTRATION = {{ forgejo_config_service_disable_registration | default('false', True) }}
;; Allow registration only using gitea itself, it works only when DISABLE_REGISTRATION is false
ALLOW_ONLY_INTERNAL_REGISTRATION = false
;; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
;; Mail notification
ENABLE_NOTIFY_MAIL = false
;; Enable captcha validation for registration
ENABLE_CAPTCHA = true
;; Enable this to require captcha validation for login
REQUIRE_CAPTCHA_FOR_LOGIN = true
;; Requires captcha for external registrations
REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true
;; Requires a password for external registrations
;REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = false
;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha, cfturnstile.
CAPTCHA_TYPE = {{ forgejo_config_service_captcha_type | default('image', True) }}
{% if forgejo_config_service_captcha_type | lower == 'recaptcha' %}
;; Change this to use recaptcha.net or other recaptcha service
;RECAPTCHA_URL = https://www.google.com/recaptcha/
;; Enable recaptcha to use Google's recaptcha service
;; Go to https://www.google.com/recaptcha/admin to sign up for a key
;RECAPTCHA_SECRET =
;RECAPTCHA_SITEKEY =
{% elif forgejo_config_service_captcha_type | lower == 'hcaptcha' %}
;; For hCaptcha, create an account at https://accounts.hcaptcha.com/login to get your keys
;HCAPTCHA_SECRET =
;HCAPTCHA_SITEKEY =
{% elif forgejo_config_service_captcha_type | lower == 'mcaptcha' %}
;; Change this to use demo.mcaptcha.org or your self-hosted mcaptcha.org instance.
;MCAPTCHA_URL = https://demo.mcaptcha.org
;;
;; Go to your configured mCaptcha instance and register a sitekey
;; and use your account's secret.
;MCAPTCHA_SECRET =
;MCAPTCHA_SITEKEY =
{% elif forgejo_config_service_captcha_type == 'cfturnstile' %}
;; Go to https://dash.cloudflare.com/?to=/:account/turnstile to sign up for a key
;CF_TURNSTILE_SITEKEY =
;CF_TURNSTILE_SECRET =
{% endif %}
;; Default value for KeepEmailPrivate
;; Each new user will get the value of this setting copied into their profile
DEFAULT_KEEP_EMAIL_PRIVATE = true
;; Either "public", "limited" or "private", default is "public"
;; Limited is for users visible only to signed users
;; Private is for users visible only to members of their organizations
;; Public is for users visible for everyone
DEFAULT_USER_VISIBILITY = private
;; Set which visibility modes a user can have
ALLOWED_USER_VISIBILITY_MODES = public,limited,private
;; Either "public", "limited" or "private", default is "public"
;; Limited is for organizations visible only to signed users
;; Private is for organizations visible only to members of the organization
;; Public is for organizations visible to everyone
DEFAULT_ORG_VISIBILITY = private
;; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
;; Default map service. No external API support has been included. A service has to allow
;; searching using URL parameters, the location will be appended to the URL as escaped query parameter.
;; Some example values are:
;; - OpenStreetMap: https://www.openstreetmap.org/search?query=
;; - Google Maps: https://www.google.com/maps/place/
;; - MapQuest: https://www.mapquest.com/search/
;; - Bing Maps: https://www.bing.com/maps?where1=
USER_LOCATION_MAP_URL = https://www.openstreetmap.org/search?query=
;; Valid site url schemes for user profiles
VALID_SITE_URL_SCHEMES=https

[badges]
;; Enable repository badges (via shields.io or a similar generator)
ENABLED = true
;; Template for the badge generator.
{% raw %}GENERATOR_URL_TEMPLATE = https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}{% endraw %}

[repository]
;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
ROOT = {{ forgejo_config_repository_root | default(forgejo_home_dir~'/git_repositories', True) }}
;; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
DEFAULT_PRIVATE = private
;; Global limit of repositories per user, applied at creation time. -1 means no limit
MAX_CREATION_LIMIT = {{ forgejo_config_repository_max_creation_limit | default(20, True) }}
;; Value for Access-Control-Allow-Origin header, default is not to present
;; WARNING: This may be harmful to your website if you do not give it a right value.
;ACCESS_CONTROL_ALLOW_ORIGIN =
;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions.
;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
;; Disable migrating feature.
;DISABLE_MIGRATIONS = false
;; Disable stars feature.
;DISABLE_STARS = false
;; Disable repository forking.
;DISABLE_FORKS = false
;; The default branch name of new repositories
DEFAULT_BRANCH = main
;; Allow adoption of unadopted repositories
ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES = false
;; Allow fork repositories without maximum number limit
ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = true

[repository.editor]
;; List of file extensions for which lines should be wrapped in the Monaco editor
;; Separate extensions with a comma. To line wrap files without an extension, just put a comma
LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,.livemd,.rst

[repository.local]
;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on gitea restart)
;LOCAL_COPY_PATH = tmp/local-repo

[repository.upload]
;; Whether repository file uploads are enabled. Defaults to `true`
;ENABLED = true
;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart)
;TEMP_PATH = data/tmp/uploads
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
ALLOWED_TYPES = {{ forgejo_config_repository_upload_allowed_types | default('.zip,.tar.gz,image/*,text/plain,application/json', True) }}
;; Max size of each file in megabytes. Defaults to 50MB
FILE_MAX_SIZE = {{ forgejo_config_repository_upload_max_size | default(50, True) }}
;; Max number of files per upload. Defaults to 5
;MAX_FILES = 5

[repository.pull-request]
;; List of prefixes used in Pull Request title to mark them as Work In Progress (matched in a case-insensitive manner)
WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP],Draft:,[Draft]
;; List of keywords used in Pull Request comments to automatically close a related issue
;CLOSE_KEYWORDS = close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
;; List of keywords used in Pull Request comments to automatically reopen a related issue
;REOPEN_KEYWORDS = reopen,reopens,reopened
;; Set default merge style for repository creating, valid options: merge, rebase, rebase-merge, squash, fast-forward-only
DEFAULT_MERGE_STYLE = rebase

[repository.release]
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
;ALLOWED_TYPES =
DEFAULT_PAGING_NUM = 30

[repository.signing]
;; Signing format that Forgejo should use, openpgp uses GPG and ssh uses OpenSSH.
;FORMAT = openpgp
;; Sets the default trust model for repositories. Options are: collaborator, committer, collaboratorcommitter
DEFAULT_TRUST_MODEL = {{ forgejo_config_repository_signing_trust_model | default('collaborator', True) }}

[repository.mimetype_mapping]
;; Custom MIME type mapping for downloadable files
;.apk=application/vnd.android.package-archive

[cors]
;; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
;; enable cors headers (disabled by default)
ENABLED = {{ forgejo_config_cors_enabled | default('true', True) }}
;; list of requesting origins that are allowed, eg: "https://*.example.com"
ALLOW_DOMAIN = {{ forgejo_config_cors_allow_domains | default('https://'~forgejo_config_server_domain_name, True) }}
;; list of methods allowed to request
METHODS = {{ forgejo_config_cors_methods | default('GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS', True) }}
;; headers to permit
HEADERS = {{ forgejo_config_cors_headers | default('Content-Type,User-Agent', True) }}
;; set X-FRAME-OPTIONS header
X_FRAME_OPTIONS = {{ forgejo_config_cors_x_frame_options | default('SAMEORIGIN', True) }}

[ui]
;; Number of line of codes shown for a code comment
CODE_COMMENT_LINES = 8
;; Whether the email of the user should be shown in the Explore Users page
SHOW_USER_EMAIL = false
;; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
;; By default available:
;;  - forgejo-auto, forgejo-light, forgejo-dark
;;  - gitea-auto, gitea-light, gitea-dark
;;  - forgejo-auto-deuteranopia-protanopia, forgejo-light-deuteranopia-protanopia, forgejo-dark-deuteranopia-protanopia
;;  - forgejo-auto-tritanopia, forgejo-light-tritanopia, forgejo-dark-tritanopia
;THEMES = gitea-auto,gitea-light,gitea-dark
;; All available reactions users can choose on issues/prs and comments.
;; Values can be emoji alias (:smile:) or a unicode emoji.
;; For custom reactions, add a tightly cropped square image to public/assets/img/emoji/reaction_name.png
;REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
;; Additional Emojis not defined in the utf8 standard
;; By default we support gitea (:gitea:), to add more copy them to public/assets/img/emoji/emoji_name.png and add it to this config.
;; Dont mistake it for Reactions.
CUSTOM_EMOJIS = gitea, codeberg, gitlab, git, github, gogs, forgejo
;; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
DEFAULT_SHOW_FULL_NAME = false
;; Change the sort type of the explore pages.
;; Default is "recentupdate", but you also have "alphabetically", "reverselastlogin", "newest", "oldest".
EXPLORE_PAGING_DEFAULT_SORT = recentupdate
;; The tense all timestamps should be rendered in. Possible values are `absolute` time (i.e. 1970-01-01, 11:59) and `mixed`.
;; `mixed` means most timestamps are rendered in relative time (i.e. 2 days ago).
PREFERRED_TIMESTAMP_TENSE = absolute

[ui.meta]
;AUTHOR = Forgejo – Beyond coding. We forge.
;DESCRIPTION = Forgejo is a self-hosted lightweight software forge. Easy to install and low maintenance, it just does the job.
;KEYWORDS = git,forge,forgejo

[ui.csv]
;; Maximum allowed file size in bytes to render CSV files as table. (Set to 0 for no limit).
;MAX_FILE_SIZE = 524288
;; Maximum allowed rows to render CSV files. (Set to 0 for no limit)
;MAX_ROWS = 2500

[markdown]
;; Render soft line breaks as hard line breaks, which means a single newline character between
;; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not
;; necessary to force a line break.
;; Render soft line breaks as hard line breaks for comments
ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true
;; Render soft line breaks as hard line breaks for markdown documents
;ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS = false
;; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown
;; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes)
;; URLs starting with http and https are always displayed, whatever is put in this entry.
;; If this entry is empty, all URL schemes are allowed.
CUSTOM_URL_SCHEMES = file,http,https,slack,mailto
;; List of file extensions that should be rendered/edited as Markdown
;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd,.livemd
;; Enables math inline and block detection
ENABLE_MATH = true

[ssh.minimum_key_sizes]
;; Define allowed algorithms and their minimum key length (use -1 to disable a type)
;ED25519 = 256
;ECDSA = 256
RSA = 4096
;DSA = -1 ; set to 1024 to switch on

[indexer]
;; Issue indexer type, currently support: bleve, db, elasticsearch or meilisearch default is bleve
;ISSUE_INDEXER_TYPE = bleve
;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
;; Timeout the indexer if it takes longer than this to start.
;; Set to -1 to disable timeout.
;STARTUP_TIMEOUT = 30s

[queue]
;; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy
;; default to persistable-channel
TYPE = {{ forgejo_config_queue_type | default('persistable-channel', True) }}
;; Connection string for redis queues this will store the redis (or Redis cluster) connection string.
;; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
;; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
CONN_STR = "{{ forgejo_config_queue_conn_str | default('', True) }}"

[admin]
;; Disallow regular (non-admin) users from creating organizations.
DISABLE_REGULAR_ORG_CREATION = {{ forgejo_config_admin_disable_org_creation | default('false', True) }}
;; Send an email to all admins when a new user signs up to inform the admins about this act. Options: true, false
SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true

[moderation]
;; When true enables moderation capabilities; default is false.
;; If enabled it will be possible for users to report abusive content (new actions are added in the UI and /report_abuse route will be enabled) and a new Moderation section will be added to Admin settings where the reports can be reviewed.
ENABLED = true

[openid]
;; Whether to allow signin in via OpenID
;ENABLE_OPENID_SIGNIN = true
;; Whether to allow registering via OpenID
;; Do not include to rely on rhw DISABLE_REGISTRATION setting
;ENABLE_OPENID_SIGNUP = true

[oauth2_client]
;; Automatically create user accounts for new oauth2 users.
ENABLE_AUTO_REGISTRATION = true
;; The source of the username for new oauth2 accounts:
;; userid = use the userid / sub attribute
;; nickname = use the nickname attribute
;; email = use the username part of the email attribute
;; Note: `nickname` and `email` options will normalize input strings using the following criteria:
;; - diacritics are removed
;; - the characters in the set `['´\x60]` are removed
;; - the characters in the set `[\s~+]` are replaced with `-`
;USERNAME = nickname
;; How to handle if an account / email already exists:
;; disabled = show an error
;; login = show an account linking login
;; auto = link directly with the account
;ACCOUNT_LINKING = login

[webhook]
;; Hook task queue length, increase if webhook shooting starts hanging
;QUEUE_LENGTH = 1000
;; Deliver timeout in seconds
;DELIVER_TIMEOUT = 5
;; Webhook can only call allowed hosts for security reasons. Comma separated list, eg: external, 192.168.1.0/24, *.mydomain.com
;; Built-in: loopback (for localhost), private (for LAN/intranet), external (for public hosts on internet), * (for all hosts)
;; CIDR list: 1.2.3.0/8, 2001:db8::/32
;; Wildcard hosts: *.mydomain.com, 192.168.100.*
;; Since 1.15.7. Default to * for 1.15.x, external for 1.16 and later
ALLOWED_HOST_LIST = {{ forgejo_config_webhook_allowed_hosts | default('external', True) }}

[mailer]
ENABLED = {{ forgejo_config_mailer_enabled | default('false', True) }}
{% if forgejo_config_mailer_enabled | default('false', True) | lower == 'true' %}
;; Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy".
;; - sendmail: use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
;; - dummy: send email messages to the log as a testing phase.
;; If your provider does not explicitly say which protocol it uses but does provide a port,
;; you can set SMTP_PORT instead and this will be inferred.
;; (Before 1.18, see the notice, this was controlled via MAILER_TYPE and IS_TLS_ENABLED.)
PROTOCOL = {{ forgejo_config_mailer_protocol | default('sendmail', True) }}
;; Mail server address, e.g. smtp.gmail.com.
;; For smtp+unix, this should be a path to a unix socket instead.
;; (Before 1.18, see the notice, this was combined with SMTP_PORT as HOST.)
SMTP_ADDR = {{ forgejo_config_mailer_smtp_addr | default('', True) }}
;; Mail server port. Common ports are:
;;   25:  insecure SMTP
;;   465: SMTP Secure
;;   587: StartTLS
;; If no protocol is specified, it will be inferred by this setting.
;; (Before 1.18, this was combined with SMTP_ADDR as HOST.)
SMTP_PORT = {{ forgejo_config_mailer_smtp_port | default(587, True) }}
;; If set to `true`, completely ignores server certificate validation errors.
;; This option is unsafe. Consider adding the certificate to the system trust store instead.
FORCE_TRUST_SERVER_CERT = false
;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
FROM = {{ forgejo_config_mailer_form | default('', True) }}
;; If gitea sends mails on behalf of users, it will just use the name also displayed in the WebUI. If you want e.g. `Mister X (by CodeIt) <gitea@codeit.net>`,
{% raw %}
;; set it to `{{ .DisplayName }} (by {{ .AppName }})`. Available Variables: `.DisplayName`, `.AppName` and `.Domain`.
;FROM_DISPLAY_NAME_FORMAT = {{ .DisplayName }}
{% endraw %}
;; Mailer user name and password, if required by provider.
USER = {{ forgejo_config_mailer_user | default('', True) }}
;; Use PASSWD = `your password` for quoting if you use special characters in the password.
PASSWD = {{ forgejo_config_mailer_passwd | default('', True) }}
;; Specify an alternative sendmail binary
SENDMAIL_PATH = {{ forgejo_config_mailer_sendmail_path | default('sendmail', True) }}
;; Specify any extra sendmail arguments
;; WARNING: if your sendmail program interprets options you should set this to "--" or terminate these args with "--"
SENDMAIL_ARGS = {{ forgejo_config_mailer_sendmail_args | default('', True) }}
{% endif %}

[email.incoming]
;; Enable handling of incoming emails.
ENABLED = false

[cache]
;; Either "memory", "redis", "memcache", or "twoqueue". default is "memory"
ADAPTER = {{ forgejo_config_cache_adapter | default('memory', True) }}
;; For "redis" and "memcache", connection host address
;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster)
;; memcache: `127.0.0.1:11211`
;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
HOST = {{ forgejo_config_cache_host | default('', True) }}

[session]
;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
;; Default is "memory". "db" will reuse the configuration in [database]
PROVIDER = {{ forgejo_config_session_provider | default('memory', True) }}
;; Provider config options
;; memory: doesn't have any config yet
;; file: session file path, e.g. `data/sessions`
;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` (or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for a Redis cluster)
;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
PROVIDER_CONFIG = {{ forgejo_config_session_provider_config | default('data/sessions', True) }} ; Relative paths will be made absolute against _`AppWorkPath`_.
;; Session cookie name
COOKIE_NAME = anvil_info
;; SameSite settings. Either "none", "lax", or "strict"
SAME_SITE= {{ forgejo_config_session_same_site | default('lax', True) }}

[attachment]
;; Whether issue and pull request attachments are enabled. Defaults to `true`
ENABLED = true
;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
ALLOWED_TYPES = {{ forgejo_config_attachment_allowed_types | default('.avif,.cpuprofile,.csv,.dmp,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.json,.jsonc,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.webp,.xls,.xlsx,.zip', True) }}
;; Max size of each file. Defaults to 2048MB
MAX_SIZE = {{ forgejo_config_attachment_max_size | default(2048, True) }}

[cron]
;; Setting this to true will enable all cron tasks periodically with default settings.
ENABLED = {{ forgejo_config_cron_enabled | default('false', True) }}

{% if forgejo_config_cron_enabled == 'true' %}
[cron.archive_cleanup]
;; Whether to enable the job
ENABLED = true
;; Whether to always run at least once at start up time (if ENABLED)
RUN_AT_START = true
;; Time interval for job to run
SCHEDULE = @midnight
;; Archives created more than OLDER_THAN ago are subject to deletion
OLDER_THAN = 30d

[cron.update_mirrors]
;; Enable running Update mirrors task periodically.
ENABLED = true
;; Time interval for job to run
SCHEDULE = @every 10m
;; Run Update mirrors task when Gitea starts.
RUN_AT_START = false
;; Notice if not success
NOTICE_ON_SUCCESS = false
;; Limit the number of mirrors added to the queue to this number
;; (negative values mean no limit, 0 will result in no result in no mirrors being queued effectively disabling pull mirror updating.)
PULL_LIMIT=10
;; Limit the number of mirrors added to the queue to this number
;; (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling push mirror updating)
PUSH_LIMIT=10

[cron.repo_health_check]
;; Enable running Repository health check task periodically.
ENABLED = true
;; Time interval for job to run
SCHEDULE = @midnight
;; Run Repository health check task when Gitea starts.
RUN_AT_START = false
;; Notice if not success
NOTICE_ON_SUCCESS = false;
TIMEOUT = 60s
;; Arguments for command 'git fsck', e.g. "--unreachable --tags"
;; see more on http://git-scm.com/docs/git-fsck
;ARGS =

[cron.check_repo_stats]
;; Enable running check repository statistics task periodically.
ENABLED = true
;; Run check repository statistics task when Gitea starts.
RUN_AT_START = true
;; Notice if not success
NOTICE_ON_SUCCESS = false
SCHEDULE = @midnight

[cron.update_migration_poster_id]
; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
ENABLED = true
;; Update migrated repositories' issues and comments' posterid when starting server (default true)
RUN_AT_START = true
;; Notice if not success
NOTICE_ON_SUCCESS = false
;; Interval as a duration between each synchronization. (default every 24h)
SCHEDULE = @midnight

[cron.sync_external_users]
ENABLED = true
;; Synchronize external user data when starting server (default false)
RUN_AT_START = false
;; Notice if not success
NOTICE_ON_SUCCESS = false
;; Interval as a duration between each synchronization (default every 24h)
SCHEDULE = @midnight
;; Create new users, update existing user data and disable users that are not in external source anymore (default)
;;   or only create new users if UPDATE_EXISTING is set to false
UPDATE_EXISTING = true

[cron.cleanup_actions]
ENABLED = true
RUN_AT_START = true
SCHEDULE = @midnight

[cron.deleted_branches_cleanup]
ENABLED = true
;; Clean-up deleted branches when starting server (default true)
RUN_AT_START = true
;; Notice if not success
NOTICE_ON_SUCCESS = false
;; Interval as a duration between each synchronization (default every 24h)
SCHEDULE = @midnight
;; deleted branches than OLDER_THAN ago are subject to deletion
OLDER_THAN = 72h

[cron.cleanup_hook_task_table]
;; Whether to enable the job
ENABLED = true
;; Whether to always run at start up time (if ENABLED)
RUN_AT_START = false
;; Time interval for job to run
SCHEDULE = @midnight
;; OlderThan or PerWebhook. How the records are removed, either by age (i.e. how long ago hook_task record was delivered) or by the number to keep per webhook (i.e. keep most recent x deliveries per webhook).
CLEANUP_TYPE = OlderThan
;; If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
OLDER_THAN = 168h
;; If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
NUMBER_TO_KEEP = 10

[cron.cleanup_packages]
;; Whether to enable the job
ENABLED = true
;; Whether to always run at least once at start up time (if ENABLED)
RUN_AT_START = true
;; Whether to emit notice on successful execution too
NOTICE_ON_SUCCESS = false
;; Time interval for job to run
SCHEDULE = @midnight
;; Unreferenced blobs created more than OLDER_THAN ago are subject to deletion
OLDER_THAN = 72h

[cron.delete_inactive_accounts]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @annually
;OLDER_THAN = 168h

[cron.delete_repo_archives]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @annually;

[cron.git_gc_repos]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @every 72h
;TIMEOUT = 60s
;; Arguments for command 'git gc'
;; The default value is same with [git] -> GC_ARGS
;ARGS =

[cron.resync_all_sshkeys]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @every 72h

[cron.resync_all_hooks]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @every 72h

[cron.reinit_missing_repos]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @every 72h

[cron.delete_missing_repos]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @every 72h

[cron.delete_generated_repository_avatars]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @every 72h

[cron.delete_old_actions]
ENABLED = false
;RUN_AT_START = false
;NOTICE_ON_SUCCESS = false
;SCHEDULE = @every 168h
;OLDER_THAN = 8760h

[cron.update_checker]
ENABLED = true
RUN_AT_START = false
ENABLE_SUCCESS_NOTICE = false
SCHEDULE = @every 168h
HTTP_ENDPOINT = https://dl.gitea.com/gitea/version.json
DOMAIN_ENDPOINT = release.forgejo.org

[cron.delete_old_system_notices]
ENABLED = false
;RUN_AT_START = false
;NO_SUCCESS_NOTICE = false
;SCHEDULE = @every 168h
;OLDER_THAN = 8760h

[cron.gc_lfs]
ENABLED = false
;; Garbage collect LFS pointers in repositories (default false)
;RUN_AT_START = false
;; Interval as a duration between each gc run (default every 24h)
;SCHEDULE = @every 24h
;; Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
;OLDER_THAN = 168h
;; Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
;LAST_UPDATED_MORE_THAN_AGO = 72h
; Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
;NUMBER_TO_CHECK_PER_REPO = 100
;Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
;PROPORTION_TO_CHECK_PER_REPO = 0.6
{% endif %}

[mirror]
;; Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
ENABLED = true

[highlight.mapping]
;; Extension mapping to highlight class
;; e.g. .toml=ini
.mdx=markdown

[other]
;; Show version information about Gitea and Go in the footer
SHOW_FOOTER_VERSION = false
;; Show template execution time in the footer
;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
;; Show the "powered by" text in the footer
;SHOW_FOOTER_POWERED_BY = true
;; Generate sitemap. Defaults to `true`.
;ENABLE_SITEMAP = true
;; Enable/Disable RSS/Atom feed
;ENABLE_FEED = true

[markup]
;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits)
MERMAID_MAX_SOURCE_CHARACTERS = 50000
;; Set the maximum number of lines allowed for a filepreview. (Set to -1 to disable limits; set to 0 to disable the feature)
FILEPREVIEW_MAX_LINES = 50

[markup.sanitizer.1]
;; The following keys can appear once to define a sanitation policy rule.
;; This section can appear multiple times by adding a unique alphanumeric suffix to define multiple rules.
;; e.g., [markup.sanitizer.1] -> [markup.sanitizer.2] -> [markup.sanitizer.TeX]
ELEMENT = span
ALLOW_ATTR = class
REGEXP = ^(info|warning|error)$

[markup.asciidoc]
ENABLED = false
;; List of file extensions that should be rendered by an external command
;FILE_EXTENSIONS = .adoc,.asciidoc
;; External command to render all matching extensions
;RENDER_COMMAND = "asciidoc --out-file=- -"
;; Don't pass the file on STDIN, pass the filename as argument instead.
;IS_INPUT_FILE = false
;; How the content will be rendered.
;; * sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in [markup.sanitizer.*] .
;; * no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
;; * iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
;RENDER_CONTENT_MODE=sanitized

[metrics]
;; Enables metrics endpoint. True or false; default is false.
ENABLED = false
;; If you want to add authorization, specify a token here
;TOKEN =
;; Enable issue by label metrics; default is false
;ENABLED_ISSUE_BY_LABEL = false
;; Enable issue by repository metrics; default is false
;ENABLED_ISSUE_BY_REPOSITORY = false

[packages]
;; Enable/Disable package registry capabilities
ENABLED = true

[actions]
;; Enable/Disable actions capabilities
ENABLED = true
;; Default address to get action plugins, e.g. the default value means downloading from "https://code.forgejo.org/actions/checkout" for "uses: actions/checkout@v3"
;DEFAULT_ACTIONS_URL = https://code.forgejo.org
;; Logs retention time in days. Old logs will be deleted after this period.
;LOG_RETENTION_DAYS = 365
;; Log compression type, `none` for no compression, `zstd` for zstd compression.
;; Other compression types like `gzip` are NOT supported, since seekable stream is required for log view.
;; It's always recommended to use compression when using local disk as log storage if CPU or memory is not a bottleneck.
;; And for object storage services like S3, which is billed for requests, it would cause extra 2 times of get requests for each log view.
;; But it will save storage space and network bandwidth, so it's still recommended to use compression.
;LOG_COMPRESSION = zstd
;; Default artifact retention time in days. Artifacts could have their own retention periods by setting the `retention-days` option in `actions/upload-artifact` step.
;ARTIFACT_RETENTION_DAYS = 90
;; Timeout to stop the task which have running status, but haven't been updated for a long time
;ZOMBIE_TASK_TIMEOUT = 10m
;; Timeout to stop the tasks which have running status and continuous updates, but don't end for a long time
;ENDLESS_TASK_TIMEOUT = 3h
;; Timeout to cancel the jobs which have waiting status, but haven't been picked by a runner for a long time
;ABANDONED_JOB_TIMEOUT = 24h
;; Strings committers can place inside a commit message or PR title to skip executing the corresponding actions workflow
;SKIP_WORKFLOW_STRINGS = [skip ci],[ci skip],[no ci],[skip actions],[actions skip]
;; Limit on inputs for manual / workflow_dispatch triggers, default is 10
;LIMIT_DISPATCH_INPUTS = 10