modified: conf/app.ini

modified:   docker-compose.yml

.github/workflows/rustScaner.yml

@@ -0,0 +1,14 @@
+name: Security audit
+on:
+  push:
+    paths:
+      - '**/Cargo.toml'
+      - '**/Cargo.lock'
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}

.github/workflows/scaner.yml

@@ -0,0 +1,13 @@
+name: gitleaks
+on: [pull_request, push, workflow_dispatch]
+jobs:
+  scan:
+    name: gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v1
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}

conf/app.ini

@@ -0,0 +1,103 @@
+APP_NAME = Wehrmacht
+RUN_MODE = prod
+RUN_USER = git
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+DISABLE_PUBLIC_REPOS = false
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+DOMAIN = gitshop.cc
+SSH_DOMAIN = gitshop.cc
+HTTP_PORT = 3000
+ROOT_URL = https://gitshop.cc
+DISABLE_SSH = false
+SSH_PORT = 2221
+SSH_LISTEN_PORT = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET =
+OFFLINE_MODE = true
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = postgres
+HOST = db:5432
+NAME = gitea
+USER = gitea-admin
+PASSWD =
+LOG_SQL = false
+SCHEMA =
+SSL_MODE = disable
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = true
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+
+[service]
+DISABLE_REGISTRATION = true
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.gitea.acidarchon.com
+
+[service.explore]
+REQUIRE_SIGNIN_VIEW= false
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[cron.update_checker]
+ENABLED = false
+
+[repository]
+DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.pulls,repo.actions
+DEFAULT_BRANCH = master
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[oauth2]
+JWT_SECRET =

docker-compose.yml

@@ -14,7 +14,7 @@ services:
       - GITEA__server__SSH_PORT=2221
       - GITEA__server__ROOT_URL=https://gitshop.cc
     volumes:
-      - gitea-data:/data
+      - /gitea/data:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     ports:
@@ -45,15 +45,33 @@ services:
    networks:
      - backend
    volumes:
-     - gitea-db:/var/lib/postgresql/data
+     - /gitea/db/:/var/lib/postgresql/data
    restart: unless-stopped
 
+
+  runner:
+    image: docker.io/gitea/act_runner:latest
+    environment:
+      GITEA_INSTANCE_URL: "${INSTANCE_URL}"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "${REGISTRATION_TOKEN}"
+      GITEA_RUNNER_NAME: "${RUNNER_NAME}"
+      GITEA_RUNNER_LABELS: "${RUNNER_LABELS}"
+    depends_on:
+      - db
+      - server
     volumes:
-  gitea-data:
+      - /gitea/data:/data
-    driver: local
+      - /var/run/docker.sock:/var/run/docker.sock
-  gitea-db:
+    networks:
-    driver: local
+      - frontend
+      - backend
+    restart: always
+
 
 networks:
   frontend:
+    name: frontend
+    driver: bridge
   backend:
+    name: backend
+    driver: bridge

runner/docker-compose.yml

@@ -0,0 +1,21 @@
+version: "3.8"
+services:
+  runner:
+    image: docker.io/gitea/act_runner:latest
+    environment:
+      GITEA_INSTANCE_URL: "${INSTANCE_URL}"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "${REGISTRATION_TOKEN}"
+      GITEA_RUNNER_NAME: "${RUNNER_NAME}"
+      GITEA_RUNNER_LABELS: "${RUNNER_LABELS}"
+    volumes:
+      - /gitea/data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - frontend
+      - backend
+
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true

sample.env

@@ -3,3 +3,8 @@
 POSTGRES_DB       = ""
 POSTGRES_USER     = ""
 POSTGRES_PASSWORD = ""
+
+INSTANCE_URL = 'https://gitshop.cc'
+REGISTRATION_TOKEN =
+RUNNER_NAME = 'ubuntu-22, latest'
+RUNNER_LABELS = 'ubuntu-latest:docker://node:16-bullseye,ubuntu-22.04:docker://node:16-bullseye,ubuntu-20.04:docker://node:16-bullseye,ubuntu-18.04:docker://node:16-buster'

volumes.txt

@@ -0,0 +1 @@
+/var/lib/docker/volumes/gitea_gitea-data/_data/gitea/