summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2020-12-08 17:49:26 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2020-12-08 18:02:50 +0000
commitc2d7b9bb7f16aee1da7ec357952ff0a9e4655eaf (patch)
tree8a9c9db7672cba58a232056b14a901611017b487
parentAdding upstream version 1.13.0. (diff)
downloadgitea-debian.tar.xz
gitea-debian.zip
Adding debian version 1.13.0-1.HEADdebian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog5
-rw-r--r--debian/control106
-rw-r--r--debian/copyright72
-rw-r--r--debian/gitea-common.docs2
-rw-r--r--debian/gitea-common.examples1
-rw-r--r--debian/gitea-common.install3
-rw-r--r--debian/gitea-common.lintian-overrides9
-rw-r--r--debian/gitea-common.manpages1
-rw-r--r--debian/gitea.config8
-rw-r--r--debian/gitea.default4
-rw-r--r--debian/gitea.dirs6
-rw-r--r--debian/gitea.docs2
-rw-r--r--debian/gitea.init89
-rw-r--r--debian/gitea.install2
-rw-r--r--debian/gitea.links7
-rw-r--r--debian/gitea.lintian-overrides4
-rw-r--r--debian/gitea.logrotate14
-rw-r--r--debian/gitea.postinst106
-rw-r--r--debian/gitea.postrm21
-rw-r--r--debian/gitea.prerm26
-rw-r--r--debian/gitea.service30
-rw-r--r--debian/gitea.templates38
-rw-r--r--debian/golang-code.gitea-gitea-dev.docs2
-rw-r--r--debian/golang-code.gitea-gitea-dev.install1
-rwxr-xr-xdebian/helpers/swagger_build.py434
-rw-r--r--debian/local/app.ini1223
-rw-r--r--debian/local/app.ini.old101
-rw-r--r--debian/man/examples/with_nginx.txt32
-rw-r--r--debian/man/gitea.153
-rw-r--r--debian/missing-libs.README22
-rw-r--r--debian/patches/001-jwt-v3.diff34
-rw-r--r--debian/patches/002-go-crypto.diff16
-rw-r--r--debian/patches/003-update-default-configuration.patch148
-rw-r--r--debian/patches/004-aes-encrypt.diff21
-rw-r--r--debian/patches/series0
-rw-r--r--debian/po/POTFILES.in1
-rw-r--r--debian/po/cs.po33
-rw-r--r--debian/po/de.po35
-rw-r--r--debian/po/pt.po38
-rw-r--r--debian/po/sv.po36
-rw-r--r--debian/po/templates.pot94
-rwxr-xr-xdebian/rules39
-rw-r--r--debian/source/format1
-rw-r--r--debian/watch10
44 files changed, 2930 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..f9e30bb
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+gitea (1.13.0-1) sid; urgency=medium
+
+ * Re-uploading gitea to debian (Closes: #FIXME).
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org> Tue, 08 Dec 2020 18:47:00 +0100
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..ac87809
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,106 @@
+Source: gitea
+Section: web
+Priority: optional
+Maintainer: Daniel Baumann <daniel.baumann@progress-linux.org>
+Build-Depends:
+ debhelper-compat (= 13),
+ dh-golang,
+ golang-any,
+ libpam0g-dev,
+ python,
+Rules-Requires-Root: no
+Standards-Version: 4.5.1
+Homepage: https://gitea.com
+Vcs-Browser: https://git.progress-linux.org/users/daniel.baumann/debian/packages/gitea
+Vcs-Git: https://git.progress-linux.org/users/daniel.baumann/debian/packages/gitea
+Testsuite: autopkgtest-pkg-go
+XS-Go-Import-Path: code.gitea.io/gitea
+XS-Autobuild: yes
+
+Package: gitea
+Architecture: any
+Built-Using:
+ ${misc:Built-Using},
+Pre-Depends:
+ debconf,
+Depends:
+ adduser,
+ git,
+ gitea-common (= ${source:Version}),
+ libcap2-bin,
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: Painless self-hosted git service
+ Gitea is a self-hosted git service aiming to provide a full suite of
+ features similar to Gitlab or Github. It aims to be light weight,
+ feature rich, and easily maintained.
+ .
+ Features:
+ * User dashboard:
+ + Context switching (organization / current user)
+ + Activity timeline
+ + Repository list
+ * Issues dashboard
+ * Pull requests
+ * Notification (web / email)
+ * Repository types
+ + Mirror
+ + Normal
+ + Migrated
+ * Custom templates
+ * TLS support
+ * Detailed logging
+ * Database support:
+ + MySQL
+ + PostgreSQL
+ + SQLite3
+ + MSSQL
+ * Admin panel(s)
+ + Repository/Organization/User management
+ + Statisticts
+ + Server status
+ + System notices
+ * Authentication sources:
+ + OAuth
+ + PAM
+ + LDAP
+ + SMTP
+ * Multi-language support
+ * Release management / issue (ticket) tracking
+ + Milestones
+ + Labels
+ + Assign
+ + Search / sort / filter
+ + Comments / attachments
+ + Pull requests
+ * Project wiki
+ * Per-project settings
+ .
+ Documentation: https://docs.gitea.io/en-US/
+
+Package: gitea-common
+Architecture: all
+Multi-Arch: foreign
+Depends:
+ lsb-base (>= 3.0-6),
+ ${misc:Depends},
+Description: Painless self-hosted git service - common files
+ Gitea is a self-hosted git service aiming to provide a full suite of
+ features similar to Gitlab or Github. It aims to be light weight,
+ feature rich, and easily maintained.
+ .
+ This package contains base configuration files used by all architectures.
+
+Package: golang-code.gitea-gitea-dev
+Architecture: all
+Depends:
+ dh-golang,
+ golang-any,
+ libpam0g-dev,
+ ${misc:Depends},
+Description: Painless self-hosted git service -- source
+ Gitea is a self-hosted git service aiming to provide a full suite of
+ features similar to Gitlab or Github. It aims to be light weight,
+ feature rich, and easily maintained.
+ .
+ This package contains the source.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..c9b2c7b
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,72 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: gitea
+Source: https://github.com/go-gitea/gitea
+Comment: See debian/missing-libs.README for "contrib/non-free" justification.
+
+Files: *
+Copyright: 2016 The Gitea Authors
+ 2015 The Gogs Authors
+License: Expat
+Comment: Granular contributions can be tracked by name(s) in copyright header.
+
+Files: modules/lfs/*
+Copyright: 2016 The Gitea Authors
+ GitHub, Inc. and LFS Test Server contributors
+License: Expat
+
+Files: modules/minwinsvc/*
+Copyright: 2015 Daniel Theophanes
+License: Zlib
+
+Files: debian/*
+Copyright: 2017-2018 Michael Lustfield <michael@lustfield.net>
+License: Expat
+Comment: Debian packaging is licensed under the same terms as upstream
+
+Files: public/vendor/assets/* public/vendor/plugins/* vendor/*
+Copyright: Multiple holders
+License: many-licenses
+Comment: Package transitioned to non-free due to maintenance burdens on solo maintainer.
+
+License: many-licenses
+ Included libraries in vendor directories are licensed under multiple DFSG-free
+ licenses. Best effort is put forward to keep track of them all and ensure no
+ unlicensed or non-free 3rd party modules are included. However, it is quite
+ difficult to keep up with an upstream that does not care.
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+
+License: Zlib
+ This software is provided 'as-is', without any express or implied
+ warranty. In no event will the authors be held liable for any damages
+ arising from the use of this software.
+ .
+ Permission is granted to anyone to use this software for any purpose,
+ including commercial applications, and to alter it and redistribute it
+ freely, subject to the following restrictions:
+ .
+ 1. The origin of this software must not be misrepresented; you must not
+ claim that you wrote the original software. If you use this software
+ in a product, an acknowledgment in the product documentation would be
+ appreciated but is not required.
+ 2. Altered source versions must be plainly marked as such, and must not be
+ misrepresented as being the original software.
+ 3. This notice may not be removed or altered from any source
+ distribution.
diff --git a/debian/gitea-common.docs b/debian/gitea-common.docs
new file mode 100644
index 0000000..63c1ed1
--- /dev/null
+++ b/debian/gitea-common.docs
@@ -0,0 +1,2 @@
+README.md
+README_ZH.md
diff --git a/debian/gitea-common.examples b/debian/gitea-common.examples
new file mode 100644
index 0000000..f1e68cd
--- /dev/null
+++ b/debian/gitea-common.examples
@@ -0,0 +1 @@
+debian/man/examples/*
diff --git a/debian/gitea-common.install b/debian/gitea-common.install
new file mode 100644
index 0000000..25b76a7
--- /dev/null
+++ b/debian/gitea-common.install
@@ -0,0 +1,3 @@
+options/locale usr/share/gitea/conf
+public usr/share/gitea
+templates usr/share/gitea
diff --git a/debian/gitea-common.lintian-overrides b/debian/gitea-common.lintian-overrides
new file mode 100644
index 0000000..9d7b202
--- /dev/null
+++ b/debian/gitea-common.lintian-overrides
@@ -0,0 +1,9 @@
+# Extra license files are for 3rd party (vendor) libraries [non-DFSG]
+gitea-common: extra-license-file
+# This goes away when the vendor libs go away. [non-DFSG]
+gitea-common: duplicate-font-file
+gitea-common: font-in-non-font-package
+gitea-common: privacy-breach-uses-embedded-file
+gitea-common: privacy-breach-generic
+gitea-common: embedded-javascript-library
+gitea-common: package-contains-vcs-control-file
diff --git a/debian/gitea-common.manpages b/debian/gitea-common.manpages
new file mode 100644
index 0000000..b53adcf
--- /dev/null
+++ b/debian/gitea-common.manpages
@@ -0,0 +1 @@
+debian/man/gitea.1
diff --git a/debian/gitea.config b/debian/gitea.config
new file mode 100644
index 0000000..edd4a24
--- /dev/null
+++ b/debian/gitea.config
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+db_input low gitea/secret-key || true
+db_go
diff --git a/debian/gitea.default b/debian/gitea.default
new file mode 100644
index 0000000..f094478
--- /dev/null
+++ b/debian/gitea.default
@@ -0,0 +1,4 @@
+# Define the stop schedule for gitea
+# see the start-stop-daemon --retry documentation for more information
+#
+#STOP_SCHEDULE="QUIT/5/TERM/1/KILL/5"
diff --git a/debian/gitea.dirs b/debian/gitea.dirs
new file mode 100644
index 0000000..4163404
--- /dev/null
+++ b/debian/gitea.dirs
@@ -0,0 +1,6 @@
+etc/gitea
+usr/share/gitea
+usr/share/gitea/public
+var/lib/gitea/data
+var/lib/gitea/repositories
+var/log/gitea
diff --git a/debian/gitea.docs b/debian/gitea.docs
new file mode 100644
index 0000000..63c1ed1
--- /dev/null
+++ b/debian/gitea.docs
@@ -0,0 +1,2 @@
+README.md
+README_ZH.md
diff --git a/debian/gitea.init b/debian/gitea.init
new file mode 100644
index 0000000..5bab27e
--- /dev/null
+++ b/debian/gitea.init
@@ -0,0 +1,89 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: gitea
+# Required-Start: $local_fs $remote_fs $network
+# Required-Stop: $local_fs $remote_fs $network
+# Should-Start: $syslog
+# Should-Stop: $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: gitea daemon
+# Description: A self-hosted Git service written in Go.
+### END INIT INFO
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Go Git Service"
+NAME=gitea
+SERVICEVERBOSE=yes
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+WORKINGDIR=/var/lib/gitea
+DAEMON=/usr/bin/gitea
+DAEMON_ARGS="web --config=/var/lib/gitea/custom/conf/app.ini"
+USER=gitea
+USERBIND="setcap cap_net_bind_service=+ep"
+STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/1/KILL/5}"
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+[ -f /lib/lsb/init-functions ] && . /lib/lsb/init-functions
+
+do_start()
+{
+ export GITEA_WORK_DIR="$WORKINGDIR"
+ $USERBIND $DAEMON
+ sh -c "USER=$USER GITEA_WORK_DIR=$WORKINGDIR start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile \\
+ --background --chdir $WORKINGDIR --chuid $USER \\
+ --exec $DAEMON -- $DAEMON_ARGS"
+}
+
+do_stop()
+{
+ start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PIDFILE --name $NAME --oknodo
+ rm -f $PIDFILE
+}
+
+do_status()
+{
+ if [ -f $PIDFILE ]; then
+ if kill -0 $(cat "$PIDFILE"); then
+ echo "$NAME is running, PID is $(cat $PIDFILE)"
+ else
+ echo "$NAME process is dead, but pidfile exists"
+ fi
+ else
+ echo "$NAME is not running"
+ fi
+}
+
+case "$1" in
+ start)
+ echo "Starting $DESC" "$NAME"
+ do_start
+ ;;
+ stop)
+ echo "Stopping $DESC" "$NAME"
+ do_stop
+ ;;
+ status)
+ do_status
+ ;;
+ restart|force-reload)
+ echo "Restarting $DESC" "$NAME"
+ do_stop
+ do_start
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart}" >&2
+ exit 2
+ ;;
+esac
+
+exit 0
diff --git a/debian/gitea.install b/debian/gitea.install
new file mode 100644
index 0000000..c42212d
--- /dev/null
+++ b/debian/gitea.install
@@ -0,0 +1,2 @@
+debian/local/app.ini etc/gitea/conf
+usr/bin/gitea
diff --git a/debian/gitea.links b/debian/gitea.links
new file mode 100644
index 0000000..0a7a771
--- /dev/null
+++ b/debian/gitea.links
@@ -0,0 +1,7 @@
+# These settings don't seem to use STATIC_ROOT_PATH ;; probably a bug
+usr/share/gitea/conf var/lib/gitea/conf
+usr/share/gitea/public var/lib/gitea/public
+usr/share/gitea/templates var/lib/gitea/templates
+# Gitea is built to use a relative custom/ location for managed-files.
+# The relative bit should be fixed so this can move to a changed default config.
+etc/gitea var/lib/gitea/custom
diff --git a/debian/gitea.lintian-overrides b/debian/gitea.lintian-overrides
new file mode 100644
index 0000000..cfc8145
--- /dev/null
+++ b/debian/gitea.lintian-overrides
@@ -0,0 +1,4 @@
+# Spelling errors come from included libraries.
+gitea: spelling-error-in-binary
+# Empty directories come from included libraries.
+gitea: package-contains-empty-directory
diff --git a/debian/gitea.logrotate b/debian/gitea.logrotate
new file mode 100644
index 0000000..c20066d
--- /dev/null
+++ b/debian/gitea.logrotate
@@ -0,0 +1,14 @@
+/var/log/gitea/*.log {
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+ create 0640 gitea adm
+ sharedscripts
+ postrotate
+ # https://github.com/go-gitea/gitea/issues/1437
+ invoke-rc.d gitea restart >/dev/null 2>&1
+ endscript
+}
diff --git a/debian/gitea.postinst b/debian/gitea.postinst
new file mode 100644
index 0000000..636357a
--- /dev/null
+++ b/debian/gitea.postinst
@@ -0,0 +1,106 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+case "$1" in
+ configure)
+ # Create gitea user and group
+ if ! getent group gitea >/dev/null; then
+ addgroup --system --quiet gitea
+ fi
+ if ! getent passwd gitea >/dev/null; then
+ adduser --quiet \
+ --system \
+ --disabled-login \
+ --no-create-home \
+ --shell /bin/bash \
+ --ingroup gitea \
+ --home /var/lib/gitea \
+ --gecos "Gitea Daemon" \
+ gitea
+ fi
+
+ # Make sure log directory has correct permissions set
+ dpkg-statoverride --list "/var/log/gitea" >/dev/null || \
+ dpkg-statoverride --add --force --quiet --update gitea adm 0750 /var/log/gitea
+
+ # If this is a fresh install
+ if [ -z "$2" ]; then
+ # Make sure gitea can access files
+ if [ -d /var/lib/gitea ]; then
+ chown gitea:gitea /var/lib/gitea
+ chown gitea:gitea /var/lib/gitea/data
+ chown gitea:gitea /var/lib/gitea/repositories
+ fi
+ fi
+
+ ##
+ # Unavailable internal commands:
+ # runGenerateInternalToken, runGenerateLfsJwtSecret, runGenerateSecretKey
+ ##
+
+ # Set a unique secret key if one hasn't been provided
+ if grep -q 'Xx-secret-key-xX' /etc/gitea/conf/app.ini; then
+ db_get gitea/secret-key || true
+ _SK=$(echo "$RET" | sed -e 's/[]\/$*.^|[]/\\&/g')
+ [ -n "$_SK" ] || _SK=$(date +%s%Z%N | sha256sum | base64 -w 14 | head -c 14)
+ sed -i "s/Xx-secret-key-xX/$_SK/" /etc/gitea/conf/app.ini
+ db_clear gitea/secret-key || true
+ db_go
+ fi
+
+ # Set a unique internal token if one hasn't been provided
+ if grep -q 'Xx-internal-token-xX' /etc/gitea/conf/app.ini; then
+ db_get gitea/internal-token || true
+ _SK=$(echo "$RET" | sed -e 's/[]\/$*.^|[]/\\&/g')
+ [ -n "$_SK" ] || _SK=$(date +%s%Z%N | sha512sum | base64 -w 120 | head -c 120)
+ sed -i "s/Xx-internal-token-xX/$_SK/" /etc/gitea/conf/app.ini
+ db_clear gitea/internal-token || true
+ db_go
+ fi
+
+ # Set a unique lfs secret if one hasn't been provided
+ if grep -q 'Xx-lfs-secret-xX' /etc/gitea/conf/app.ini; then
+ db_get gitea/lfs-secret || true
+ _SK=$(echo "$RET" | sed -e 's/[]\/$*.^|[]/\\&/g')
+ sed -i "s/Xx-lfs-secret-xX/$_SK/" /etc/gitea/conf/app.ini
+ db_clear gitea/lfs-secret || true
+ db_go
+ fi
+
+ # Enable git-lfs if selected
+ if grep -q 'Xx-lfs-enable-xX' /etc/gitea/conf/app.ini; then
+ db_get gitea/enable-lfs || true
+ if "$RET"; then
+ sed -i "s/Xx-lfs-enable-xX/true/" /etc/gitea/conf/app.ini
+ else
+ sed -i "s/Xx-lfs-enable-xX/false/" /etc/gitea/conf/app.ini
+ fi
+ fi
+
+ # Set the host and port used for accessing this Gitea instance
+ if grep -q 'Xx-gitea-host-xX' /etc/gitea/conf/app.ini ||
+ grep -q 'Xx-gitea-port-xX' /etc/gitea/conf/app.ini; then
+ db_input high gitea/gitea-address || true
+ db_go
+ db_get gitea/gitea-address && address="$RET"
+ _host="${address%:*}"
+ _port="${address#*:}"
+ sed -i "s/Xx-gitea-host-xX/$_host/" /etc/gitea/conf/app.ini
+ sed -i "s/Xx-gitea-port-xX/$_port/" /etc/gitea/conf/app.ini
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/gitea.postrm b/debian/gitea.postrm
new file mode 100644
index 0000000..b8f56fa
--- /dev/null
+++ b/debian/gitea.postrm
@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+ purge)
+ rm -rf /var/log/gitea /etc/gitea
+ dpkg-statoverride --remove --force --quiet /var/log/gitea
+ ;;
+
+ upgrade|remove|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/gitea.prerm b/debian/gitea.prerm
new file mode 100644
index 0000000..24e6c65
--- /dev/null
+++ b/debian/gitea.prerm
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+ remove|remove-in-favour|deconfigure|deconfigure-in-favour)
+ # Terminate the gitea service
+ if [ -x /etc/init.d/gitea ]; then
+ invoke-rc.d gitea stop || exit $?
+ fi
+
+ # SSH configuration is built from a database, no need to preserve
+ rm -rf /var/lib/gitea/.ssh
+ ;;
+
+ upgrade|failed-upgrade)
+ ;;
+
+ *)
+ echo "prerm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/gitea.service b/debian/gitea.service
new file mode 100644
index 0000000..5962546
--- /dev/null
+++ b/debian/gitea.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Gitea (Git with a cup of tea)
+Documentation=man:gitea(1)
+# syslog is "socket activated"
+#After=syslog.target
+After=network.target
+#After=mysqld.service
+#After=postgresql.service
+#After=memcached.service
+#After=redis.service
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+Type=simple
+User=gitea
+Group=gitea
+WorkingDirectory=/var/lib/gitea
+ExecStart=/usr/bin/gitea web
+Restart=always
+Environment=USER=gitea HOME=/var/lib/gitea GITEA_WORK_DIR=/var/lib/gitea
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/gitea.templates b/debian/gitea.templates
new file mode 100644
index 0000000..3c3f151
--- /dev/null
+++ b/debian/gitea.templates
@@ -0,0 +1,38 @@
+Template: gitea/gitea-address
+Type: string
+Default: localhost:3000
+_Description: Domain and Port:
+ The address and port used by the web interface to form addresses that the user
+ can use to copy and paste commands.
+ .
+ Such as http://localhost:3000 or ssh+git://gitea@localhost.
+
+Template: gitea/secret-key
+Type: password
+_Description: Global secret key:
+ This is the global secret key used for server security. After initial
+ configuration, this value will be removed from the debconf database.
+ .
+ If unset, a unique key will be generated.
+
+Template: gitea/internal-token
+Type: password
+_Description: Global internal token:
+ This is the global internal token used for server security. After initial
+ configuration, this value will be removed from the debconf database. Leave
+ blank to use a generated password.
+ .
+ If unset, a unique key will be generated.
+
+Template: gitea/enable-lfs
+Type: boolean
+Default: false
+_Description: Enable git-lfs:
+ Should git-lfs be supported by this gitea instance.
+
+Template: gitea/lfs-secret
+Type: password
+_Description: Global LFS JWT secret:
+ LFS authentication secret. This value must be configured if git-lfs is enabled.
+ .
+ If unset, no value will be configured.
diff --git a/debian/golang-code.gitea-gitea-dev.docs b/debian/golang-code.gitea-gitea-dev.docs
new file mode 100644
index 0000000..63c1ed1
--- /dev/null
+++ b/debian/golang-code.gitea-gitea-dev.docs
@@ -0,0 +1,2 @@
+README.md
+README_ZH.md
diff --git a/debian/golang-code.gitea-gitea-dev.install b/debian/golang-code.gitea-gitea-dev.install
new file mode 100644
index 0000000..653271b
--- /dev/null
+++ b/debian/golang-code.gitea-gitea-dev.install
@@ -0,0 +1 @@
+/usr/share/gocode/src
diff --git a/debian/helpers/swagger_build.py b/debian/helpers/swagger_build.py
new file mode 100755
index 0000000..47716e4
--- /dev/null
+++ b/debian/helpers/swagger_build.py
@@ -0,0 +1,434 @@
+#!/usr/bin/env python
+'''
+Purpose: Build a Swagger-like documentation page for the Gitea API.
+Reason: Swagger-UI has over 750 JS libs that would require individual
+ packaging, review, and maintenance.
+ Ref: https://wiki.debian.org/Javascript/Nodejs/Tasks/swagger-ui
+Copyright: Michael Lustfield (MTecknology)
+License: Expat with exclusions for MIT and Apache-2.0
+Upstream: https://github.com/MTecknology/static_swagger-ui
+Env Vars: SWAGGER_DST : Output destination, will overwrite existing files
+ SWAGGER_SRC : Source JSON file
+'''
+import json
+import os
+import sys
+import textwrap
+
+if sys.version_info.major >= 3:
+ from urllib.request import urlretrieve
+else:
+ from urllib import urlretrieve
+
+
+class Templates(object):
+ '''Big object to store the not-so-pretty template stuff.'''
+ page = textwrap.dedent('''\
+ <!DOCTYPE html><html><head>
+ <meta charset="UTF-8">
+ <title>{title}</title>
+ <link rel="shortcut icon" href="/img/favicon.png" />
+ {css}
+ </head><body>
+ <div class="wrapper">
+ <h1>{title}</h1>
+ <h2>[ Version: {version} | Base URL: {baseurl} ]</h2>
+ <h3>{description}</h3>
+ {api_body}
+ {js}
+ </div>
+ </body></html>
+ ''')
+
+ section = textwrap.dedent('''\
+ <div class="tag-section">
+ <a id="{title}" href="#" onclick="toggle_section(this.id); return false;">
+ <h4 class="opblock-tag">{title}</h4>
+ </a>
+ <div id="tag-section-{title}">
+ {api_d}
+ </div>
+ ''')
+
+ api_route = textwrap.dedent('''\
+ <div class="opblock-section opblock-{api_method}">
+ <a id="section-{section_id}" href="#" onclick="toggle_opbody(this.id); return false;">
+ <div class="opblock-summary">
+ <span class="opblock-summary-method summary-{api_method}">{api_method}</span>
+ <span class="opblock-summary-path">{api_path}</span>
+ <span class="opblock-summary-description summary-model">{api_desc}</span>
+ </div>
+ </a>
+ <div class="opblock-body" style="display: none;" id="opbod-section-{section_id}">
+ {subsections}
+ </div>
+ </div>
+ ''')
+
+ api_model = textwrap.dedent('''\
+ <div class="opblock-section opblock-model">
+ <a id="model-{section_id}" href="#" onclick="toggle_opbody(this.id); return false;">
+ <div class="opblock-summary">
+ <span class="opblock-summary-title summary-model">{api_title}</span>
+ <span class="opblock-summary-description summary-model">{api_desc}</span>
+ </div>
+ </a>
+ <div class="opblock-body" style="display: none;" id="opbod-model-{section_id}">
+ {subsections}
+ </div>
+ </div>
+ ''')
+
+ subsect_div = textwrap.dedent('''\
+ <div class="opblock-header"><h5>{header}</h5></div>
+ <div class="opblock-table">
+ {table}
+ </div>
+ ''')
+
+ table = textwrap.dedent('''\
+ <table class="parameters">
+ <thead>
+ {headers}
+ </thead>
+ <tbody>
+ {table_rows}
+ </tbody>
+ </table>
+ ''')
+
+ param_row = textwrap.dedent('''\
+ <tr>
+ <td class="pcol-name">{name}</td>
+ <td class="pcol-type">{type}</td>
+ <td class="pcol-desc">{desc}</td>
+ </tr>
+ ''')
+
+ resp_row = textwrap.dedent('''\
+ <tr>
+ <td class="pcol-name">{name}</td>
+ <td class="pcol-desc">{desc}</td>
+ </tr>
+ ''')
+
+ static_css = textwrap.dedent('''\
+ <style>
+ html { box-sizing: border-box; }
+ *, *:before, *:after { box-sizing: inherit; }
+ body { margin: 0; background-color: #fafafa; }
+ .wrapper { width: 100%; max-width: 1460px; margin: 0 auto; padding: 15px 20px;
+ font-family: sans-serif; font-size: 14px; color: #3b4151; }
+ h1 { font-size: 36px; margin: 0; }
+ h2 { font-family: monospace; font-size: 12px; font-weight: 300; }
+ h3 { font-size: 14px; }
+ h4 { font-size: 24px; border-bottom: 1px solid rgba(59,65,81,.3);
+ padding: 10px; margin: 0 0 5px; cursor: pointer; }
+ h5 { font-size: 12px; padding: 20px; margin: 0; }
+ .tag-section a { text-decoration: inherit; color: inherit; cursor: pointer; }
+ .tag-section a:focus, .opblock-section a:focus { outline: 0; }
+ .opblock-section { margin: 0 0 15px; border: 1px solid; border-radius: 4px;
+ box-shadow: 0 0 3px rgba(0,0,0,.19); }
+ .opblock-summary { display: flex; padding: 5px; align-items: center;
+ border-radius: 3px; text-shadow: 0 1px 0 rgba(0,0,0,.1); }
+ .opblock-summary-method { border-radius: 3px; text-align: center;
+ padding: 6px 15px; min-width: 80px; color: #ffffff; font-weight: 700; }
+ .opblock-summary-path { font-size: 16px; display: flex; flex: 0 3 auto; word-break: break-all;
+ padding: 0 10px; font-family: monospace; font-weight: 600; }
+ .opblock-summary-description { font-size: 13px; }
+ .opblock-header { margin: 0 -20px; display: flex; align-items: center; min-height: 50px;
+ background: hsla(0,0%,100%,.8); box-shadow: 0 1px 2px rgba(0,0,0,.1); }
+ .opblock-header:first-child { margin-top: -20px; }
+ .opblock-post { border-color: #49cc90; background: rgba(73,204,144,.1); }
+ .opblock-delete { border-color: #f93e3e; background: rgba(249,62,62,.1); }
+ .opblock-get { border-color: #61affe; background: rgba(97,175,254,.1); }
+ .opblock-patch { border-color: #50e3c2; background: rgba(80,227,194,.1); }
+ .opblock-put { border-color: #fca130; background: rgba(252,161,48,.1); }
+ .opblock-post .opblock-body { border-top: 1px solid #49cc90; }
+ .opblock-delete .opblock-body { border-top: 1px solid #f93e3e; }
+ .opblock-get .opblock-body { border-top: 1px solid #61affe; }
+ .opblock-patch .opblock-body { border-top: 1px solid #50e3c2; }
+ .opblock-put .opblock-body { border-top: 1px solid #fca130; }
+ .summary-post { background: #49cc90; }
+ .summary-get { background: #61affe; }
+ .summary-delete { background: #f93e3e; }
+ .summary-patch { background: #50e3c2; }
+ .summary-put { background: #fca130; }
+ .opblock-body { padding: 20px; }
+ .opblock-table { padding: 20px 0; }
+ .opblock-table:last-child { padding-bottom: 0; }
+ #tag-section-Models > .opblock-model { background:rgba(0,0,0,.05); }
+ .opblock-model { border:1px solid rgba(59,65,81,.3); }
+ .opblock-summary-title { padding: 6px; font-weight: 700; }
+ .opblock-model .opblock-summary-description { padding: 0 10px 0 4px; }
+ .opblock-model .opblock-body { border-top:1px solid rgba(59,65,81,.3); }
+ table { width: 100%; padding: 0 10px; border-collapse: collapse; }
+ th { font-size: 12px; padding: 0 0 12px; text-align: left;
+ border-bottom: 1px solid rgba(59,65,81,.2); }
+ td { width: 30%; padding: 10px 0; vertical-align: top; }
+ .red { color: #ff0000; }
+ .blue { color: #5555aa; }
+ .grey { color: #999999; }
+ </style>
+ ''')
+
+ static_js = textwrap.dedent('''\
+ <script type="text/javascript">
+ function toggle_opbody(name_id) {
+ toggle("opbod-" + name_id);
+ }
+ function toggle_section(name_id) {
+ toggle("tag-section-" + name_id);
+ }
+ function toggle(tgt) {
+ if (document.getElementById(tgt).style.display == "none") {
+ document.getElementById(tgt).style.display = "block";
+ } else {
+ document.getElementById(tgt).style.display = "none";
+ }
+ }
+ </script>
+ ''')
+
+
+def die(msg=None, exit_code=1):
+ '''Print a message if provided and exit with a non-zero status.'''
+ if not msg:
+ msg = 'Unknown failure.'
+ print('** FATAL: {} **\n'.format(msg))
+ sys.exit(exit_code)
+
+
+def main():
+ '''Read a JSON file and turn it into a static page.'''
+ json_data = read_json()
+ page_data = render_page(json_data)
+ write_static(page_data)
+
+
+def read_json(path='swagger.v1.json'):
+ '''Read JSON input from file.'''
+ src = os.environ.get('SWAGGER_SRC', path)
+ return json.load(open(src, 'r'))
+
+
+def write_static(page, destination='swagger.html'):
+ '''Generate a Swagger-like HTML page.
+ Returns: True for write success | False for failure.'''
+ dest = os.environ.get('SWAGGER_DST', destination)
+ try:
+ with open(dest, 'w') as fh:
+ fh.write(page)
+ except:
+ return False
+ return True
+
+
+def render_page(json_data):
+ '''Assemble the entire page.'''
+ for attr in ['description', 'title', 'license', 'version']:
+ if attr not in json_data['info']:
+ print('JSON data is missing required data: info:{}'.format(attr))
+ return False
+ info = json_data['info']
+ baseurl = json_data['basePath']
+ api_routes = build_routes(json_data)
+ api_models = build_models(json_data)
+
+ return Templates.page.format(**{
+ 'js': Templates.static_js,
+ 'css': Templates.static_css,
+ 'title': info['title'],
+ 'version': info['version'],
+ 'baseurl': baseurl,
+ 'description': info['description'],
+ 'api_body': api_routes + api_models})
+
+
+def build_models(json_data):
+ '''Build the HTML for a list of models.'''
+ if not json_data.get('definitions', False):
+ print('JSON data is missing required data: definitions')
+ return False
+
+ api_d = ''
+ model_id = 0
+ for model in sorted(json_data['definitions'].keys()):
+ model_id += 1
+ model_desc, subsections = build_model(json_data, model)
+ if model_desc.startswith(model):
+ model_desc = model_desc.replace(model, '', 1).strip().capitalize()
+ api_d += Templates.api_model.format(**{
+ 'api_title': model,
+ 'api_desc': model_desc,
+ 'subsections': subsections,
+ 'section_id': '{}'.format(model_id)})
+
+ return Templates.section.format(**{
+ 'title': 'Models',
+ 'api_d': api_d})
+
+
+def build_model(json_data, model):
+ '''Build the HTML for a model.'''
+ if not model in json_data.get('definitions', []):
+ print('Requested key "{}" not found in JSON data.'.format(model))
+ return False
+ mod = json_data['definitions'][model]
+ mod_desc = mod.get('description', '')
+
+ if 'properties' not in mod:
+ return mod_desc, '<table class="parameters"><tr><td>No properties</tr></td></table>'
+
+ rows = ''
+ for prop, attr in sorted(mod['properties'].items()):
+ if '$ref' in attr:
+ description = 'Model: {}'.format(attr['$ref'].split('/')[-1])
+ else:
+ fmt = ' (' + attr['format'] + ')' if attr.get('format', '') else ''
+ description = '{}<br />{}<br />{}'.format(
+ '<span class="blue">{}{}</span>'.format(attr.get('type', 'undef'), fmt),
+ '<span class="grey">x-go-name: {}</span>'.format(attr.get('x-go-name', 'undef')),
+ attr.get('description', ''))
+
+ rows += Templates.resp_row.format(**{
+ 'name': prop,
+ 'desc': description})
+
+ return mod_desc, Templates.table.format(**{
+ 'headers': '',
+ 'table_rows': rows})
+
+
+def build_routes(json_data):
+ '''Build the API docs portion of the page.'''
+ if not json_data.get('paths', ''):
+ print('JSON data is missing required data: paths')
+ return False
+ paths = json_data['paths']
+ topics = gen_topics(paths)
+
+ sb = ''
+ section_id = 0
+ for tag, routes in sorted(topics.items()):
+ section_id += 1
+ api_d = build_route(json_data, routes, section_id)
+ sb += Templates.section.format(**{
+ 'title': tag,
+ 'api_d': api_d})
+ return sb
+
+def build_route(json_data, keys, section_id=0):
+ '''Build the HTML for a list (keys) of available API queries.'''
+ paths = json_data['paths']
+
+ # Attempt to sort by group, then length, then path+method
+ keys.sort(key=lambda k: k[0:3] + str(len(k.split('^^')[0])) + k)
+
+ sb = ''
+ key_id = 0
+ for key in keys:
+ key_id += 1
+ path, method = key.split('^^')
+ desc = paths[path][method].get('summary', '')
+ parameters = build_parameter_table(paths[path][method])
+ responses = build_responses_table(paths[path][method], json_data)
+ sb += Templates.api_route.format(**{
+ 'api_path': path,
+ 'api_desc': desc,
+ 'api_method': method,
+ 'subsections': str(parameters + responses),
+ 'section_id': '{}-{}'.format(section_id, key_id)})
+ return sb
+
+
+def gen_topics(paths):
+ '''Read tags and paths and build the data for topics display.'''
+ tags = {}
+ for path, methods in paths.items():
+ for method, attrs in methods.items():
+ if 'tags' not in attrs:
+ continue
+ for tag in attrs['tags']:
+ t = '{}^^{}'.format(path, method)
+ if tag not in tags:
+ tags[tag] = []
+ if t not in tags[tag]:
+ tags[tag].append(t)
+ return tags
+
+
+def build_parameter_table(api):
+ '''Build and return a table of parameters for an API method.'''
+ if 'parameters' not in api:
+ return '<table class="parameters"><tr><td>No parameters</tr></td></table>'
+
+ rows = ''
+ for row in sorted(api['parameters'], key=lambda k: k['name']):
+ description = row.get('description', '')
+ required = ' <span class="red">*</span>' if row.get('required', False) else ''
+ if 'type' in row:
+ vartype = row['type']
+ elif 'type' in row.get('schema', {}):
+ vartype = row['schema']['type']
+ else:
+ vartype = 'undefined'
+ rows += Templates.param_row.format(**{
+ 'name': row['name'] + required,
+ 'desc': description,
+ 'type': vartype})
+
+ table = Templates.table.format(**{
+ 'headers': '<th>Name</th><th>Type</th><th>Description</th>',
+ 'table_rows': rows})
+
+ return Templates.subsect_div.format(**{
+ 'header': 'Parameters',
+ 'table': table})
+
+
+def build_responses_table(api, json_data):
+ '''Build and return a table of response codes to expect from this API query.'''
+ if 'responses' not in api:
+ return ''
+
+ rows = ''
+ for code, row in sorted(api['responses'].items()):
+ description = find_response(row['$ref'], json_data) if '$ref' in row else ''
+ rows += Templates.resp_row.format(**{
+ 'name': code,
+ 'desc': description})
+
+ table = Templates.table.format(**{
+ 'headers': '<th>Code</th><th>Description</th>',
+ 'table_rows': rows})
+
+ return Templates.subsect_div.format(**{
+ 'header': 'Responses',
+ 'table': table})
+
+
+def find_response(needle, haystack):
+ '''Find and return a response description from JSON data.'''
+ if 'responses' not in haystack:
+ return ''
+ n = needle.split('/')[-1]
+ if n in haystack['responses'] and 'description' in haystack['responses'][n]:
+ return haystack['responses'][n]['description']
+ return ''
+
+
+def download_json(url='https://try.gitea.io/swagger.v1.json', output='swagger.v1.json'):
+ '''Lazy way to make sure we have a copy of test data.'''
+ out = os.environ.get('SWAGGER_DST', output)
+ src = os.environ.get('SWAGGER_URL', url)
+ if not os.path.exists(out):
+ urlretrieve(src, out)
+
+
+if __name__ == '__main__':
+ if not os.environ.get('SWAGGER_DST', ''):
+ os.environ['SWAGGER_DST'] = 'swagger.html'
+ if not os.environ.get('SWAGGER_SRC', ''):
+ os.environ['SWAGGER_SRC'] = 'swagger.v1.json'
+ main()
diff --git a/debian/local/app.ini b/debian/local/app.ini
new file mode 100644
index 0000000..529ccea
--- /dev/null
+++ b/debian/local/app.ini
@@ -0,0 +1,1223 @@
+; This file lists the default values used by Gitea
+; Copy required sections to your own app.ini (default is custom/conf/app.ini)
+; and modify as needed.
+
+; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
+
+; App name that shows in every page title
+APP_NAME = Gitea: Git with a cup of tea
+; Change it if you run locally
+RUN_USER = git
+; Application run mode, affects performance and debugging. Either "dev", "prod" or "test", default is "prod"
+RUN_MODE = prod
+
+[project]
+; Default templates for project boards
+PROJECT_BOARD_BASIC_KANBAN_TYPE = To Do, In Progress, Done
+PROJECT_BOARD_BUG_TRIAGE_TYPE = Needs Triage, High Priority, Low Priority, Closed
+
+[repository]
+ROOT =
+SCRIPT_TYPE = bash
+; DETECTED_CHARSETS_ORDER tie-break order for detected charsets.
+; If the charsets have equal confidence, tie-breaking will be done by order in this list
+; with charsets earlier in the list chosen in preference to those later.
+; Adding "defaults" will place the unused charsets at that position.
+DETECTED_CHARSETS_ORDER=UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr
+; Default ANSI charset to override non-UTF-8 charsets to
+ANSI_CHARSET =
+; Force every new repository to be private
+FORCE_PRIVATE = false
+; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
+DEFAULT_PRIVATE = last
+; Default private when using push-to-create
+DEFAULT_PUSH_CREATE_PRIVATE = true
+; Global limit of repositories per user, applied at creation time. -1 means no limit
+MAX_CREATION_LIMIT = -1
+; Mirror sync queue length, increase if mirror syncing starts hanging
+MIRROR_QUEUE_LENGTH = 1000
+; Patch test queue length, increase if pull request patch testing starts hanging
+PULL_REQUEST_QUEUE_LENGTH = 1000
+; Preferred Licenses to place at the top of the List
+; The name here must match the filename in conf/license or custom/conf/license
+PREFERRED_LICENSES = Apache License 2.0,MIT License
+; Disable the ability to interact with repositories using the HTTP protocol
+DISABLE_HTTP_GIT = false
+; Value for Access-Control-Allow-Origin header, default is not to present
+; WARNING: This maybe harmful to you website if you do not give it a right value.
+ACCESS_CONTROL_ALLOW_ORIGIN =
+; Force ssh:// clone url instead of scp-style uri when default SSH port is used
+USE_COMPAT_SSH_URI = false
+; Close issues as long as a commit on any branch marks it as fixed
+DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
+; Allow users to push local repositories to Gitea and have them automatically created for a user or an org
+ENABLE_PUSH_CREATE_USER = false
+ENABLE_PUSH_CREATE_ORG = false
+; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki
+DISABLED_REPO_UNITS =
+; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
+; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
+; External wiki and issue tracker can't be enabled by default as it requires additional settings.
+; Disabled repo units will not be added to new repositories regardless if it is in the default list.
+DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
+; Prefix archive files by placing them in a directory named after the repository
+PREFIX_ARCHIVE_FILES = true
+; Disable the creation of new mirrors. Pre-existing mirrors remain valid.
+DISABLE_MIRRORS = false
+; The default branch name of new repositories
+DEFAULT_BRANCH=master
+; Allow adoption of unadopted repositories
+ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES=false
+; Allow deletion of unadopted repositories
+ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES=false
+
+[repository.editor]
+; List of file extensions for which lines should be wrapped in the Monaco editor
+; Separate extensions with a comma. To line wrap files without an extension, just put a comma
+LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
+; Valid file modes that have a preview API associated with them, such as api/v1/markdown
+; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
+PREVIEWABLE_FILE_MODES = markdown
+
+[repository.local]
+; Path for local repository copy. Defaults to `tmp/local-repo`
+LOCAL_COPY_PATH = tmp/local-repo
+
+[repository.upload]
+; Whether repository file uploads are enabled. Defaults to `true`
+ENABLED = true
+; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
+TEMP_PATH = data/tmp/uploads
+; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+ALLOWED_TYPES =
+; Max size of each file in megabytes. Defaults to 3MB
+FILE_MAX_SIZE = 3
+; Max number of files per upload. Defaults to 5
+MAX_FILES = 5
+
+[repository.pull-request]
+; List of prefixes used in Pull Request title to mark them as Work In Progress
+WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+; List of keywords used in Pull Request comments to automatically close a related issue
+CLOSE_KEYWORDS=close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
+; List of keywords used in Pull Request comments to automatically reopen a related issue
+REOPEN_KEYWORDS=reopen,reopens,reopened
+; In the default merge message for squash commits include at most this many commits
+DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT=50
+; In the default merge message for squash commits limit the size of the commit messages to this
+DEFAULT_MERGE_MESSAGE_SIZE=5120
+; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
+DEFAULT_MERGE_MESSAGE_ALL_AUTHORS=false
+; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
+DEFAULT_MERGE_MESSAGE_MAX_APPROVERS=10
+; In default merge messages only include approvers who are official
+DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY=true
+
+[repository.issue]
+; List of reasons why a Pull Request or Issue can be locked
+LOCK_REASONS=Too heated,Off-topic,Resolved,Spam
+
+[repository.release]
+; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+ALLOWED_TYPES =
+
+[repository.signing]
+; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
+; run in the context of the RUN_USER
+; Switch to none to stop signing completely
+SIGNING_KEY = default
+; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
+; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
+; the results of git config --get user.name and git config --get user.email respectively and can only be overrided
+; by setting the SIGNING_KEY ID to the correct ID.)
+SIGNING_NAME =
+SIGNING_EMAIL =
+; Sets the default trust model for repositories. Options are: collaborator, committer, collaboratorcommitter
+DEFAULT_TRUST_MODEL=collaborator
+; Determines when gitea should sign the initial commit when creating a repository
+; Either:
+; - never
+; - pubkey: only sign if the user has a pubkey
+; - twofa: only sign if the user has logged in with twofa
+; - always
+; options other than none and always can be combined as comma separated list
+INITIAL_COMMIT = always
+; Determines when to sign for CRUD actions
+; - as above
+; - parentsigned: requires that the parent commit is signed.
+CRUD_ACTIONS = pubkey, twofa, parentsigned
+; Determines when to sign Wiki commits
+; - as above
+WIKI = never
+; Determines when to sign on merges
+; - basesigned: require that the parent of commit on the base repo is signed.
+; - commitssigned: require that all the commits in the head branch are signed.
+; - approved: only sign when merging an approved pr to a protected branch
+MERGES = pubkey, twofa, basesigned, commitssigned
+
+[cors]
+; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
+; enable cors headers (disabled by default)
+ENABLED=false
+; scheme of allowed requests
+SCHEME=http
+; list of requesting domains that are allowed
+ALLOW_DOMAIN=*
+; allow subdomains of headers listed above to request
+ALLOW_SUBDOMAIN=false
+; list of methods allowed to request
+METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
+; max time to cache response
+MAX_AGE=10m
+; allow request with credentials
+ALLOW_CREDENTIALS=false
+
+[ui]
+; Number of repositories that are displayed on one explore page
+EXPLORE_PAGING_NUM = 20
+; Number of issues that are displayed on one page
+ISSUE_PAGING_NUM = 10
+; Number of maximum commits displayed in one activity feed
+FEED_MAX_COMMIT_NUM = 5
+; Number of items that are displayed in home feed
+FEED_PAGING_NUM = 20
+; Number of maximum commits displayed in commit graph.
+GRAPH_MAX_COMMIT_NUM = 100
+; Number of line of codes shown for a code comment
+CODE_COMMENT_LINES = 4
+; Value of `theme-color` meta tag, used by Android >= 5.0
+; An invalid color like "none" or "disable" will have the default style
+; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+THEME_COLOR_META_TAG = `#6cc644`
+; Max size of files to be displayed (default is 8MiB)
+MAX_DISPLAY_FILE_SIZE = 8388608
+; Whether the email of the user should be shown in the Explore Users page
+SHOW_USER_EMAIL = true
+; Set the default theme for the Gitea install
+DEFAULT_THEME = gitea
+; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
+THEMES = gitea,arc-green
+;All available reactions users can choose on issues/prs and comments.
+;Values can be emoji alias (:smile:) or a unicode emoji.
+;For custom reactions, add a tightly cropped square image to public/emoji/img/reaction_name.png
+REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
+; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+DEFAULT_SHOW_FULL_NAME = false
+; Whether to search within description at repository search on explore page.
+SEARCH_REPO_DESCRIPTION = true
+; Whether to enable a Service Worker to cache frontend assets
+USE_SERVICE_WORKER = true
+
+[ui.admin]
+; Number of users that are displayed on one page
+USER_PAGING_NUM = 50
+; Number of repos that are displayed on one page
+REPO_PAGING_NUM = 50
+; Number of notices that are displayed on one page
+NOTICE_PAGING_NUM = 25
+; Number of organizations that are displayed on one page
+ORG_PAGING_NUM = 50
+
+[ui.user]
+; Number of repos that are displayed on one page
+REPO_PAGING_NUM = 15
+
+[ui.meta]
+AUTHOR = Gitea - Git with a cup of tea
+DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
+KEYWORDS = go,git,self-hosted,gitea
+
+[ui.notification]
+; Control how often the notification endpoint is polled to update the notification
+; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged
+; Set MIN_TIMEOUT to 0 to turn off
+MIN_TIMEOUT = 10s
+MAX_TIMEOUT = 60s
+TIMEOUT_STEP = 10s
+; This setting determines how often the db is queried to get the latest notification counts.
+; If the browser client supports EventSource and SharedWorker, a SharedWorker will be used in preference to polling notification. Set to -1 to disable the EventSource
+EVENT_SOURCE_UPDATE_TIME = 10s
+
+[markdown]
+; Render soft line breaks as hard line breaks, which means a single newline character between
+; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not
+; necessary to force a line break.
+; Render soft line breaks as hard line breaks for comments
+ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true
+; Render soft line breaks as hard line breaks for markdown documents
+ENABLE_HARD_LINE_BREAK_IN_DOCUMENTS = false
+; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown
+; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes)
+; URLs starting with http and https are always displayed, whatever is put in this entry.
+CUSTOM_URL_SCHEMES =
+; List of file extensions that should be rendered/edited as Markdown
+; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
+FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
+
+[server]
+; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
+PROTOCOL = http
+DOMAIN = localhost
+ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; when STATIC_URL_PREFIX is empty it will follow ROOT_URL
+STATIC_URL_PREFIX =
+; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
+HTTP_ADDR = 0.0.0.0
+; The port to listen on. Leave empty when using a unix socket.
+HTTP_PORT = 3000
+; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
+; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
+; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for
+; PORT_TO_REDIRECT.
+REDIRECT_OTHER_PORT = false
+PORT_TO_REDIRECT = 80
+; Permission for unix socket
+UNIX_SOCKET_PERMISSION = 666
+; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
+; In most cases you do not need to change the default value.
+; Alter it only if your SSH server node is not the same as HTTP node.
+; Do not set this variable if PROTOCOL is set to 'unix'.
+LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
+; Disable SSH feature when not available
+DISABLE_SSH = false
+; Whether to use the builtin SSH server or not.
+START_SSH_SERVER = false
+; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
+BUILTIN_SSH_SERVER_USER =
+; Domain name to be exposed in clone URL
+SSH_DOMAIN = %(DOMAIN)s
+; The network interface the builtin SSH server should listen on
+SSH_LISTEN_HOST =
+; Port number to be exposed in clone URL
+SSH_PORT = 22
+; The port number the builtin SSH server should listen on
+SSH_LISTEN_PORT = %(SSH_PORT)s
+; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
+SSH_ROOT_PATH =
+; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
+; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
+SSH_CREATE_AUTHORIZED_KEYS_FILE = true
+; Gitea will create a authorized_principals file by default when it is not using the internal ssh server
+; If you intend to use the AuthorizedPrincipalsCommand functionality then you should turn this off.
+SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE = true
+; For the built-in SSH server, choose the ciphers to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
+; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
+; For the built-in SSH server, choose the MACs to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
+; Directory to create temporary files in when testing public keys using ssh-keygen,
+; default is the system temporary directory.
+SSH_KEY_TEST_PATH =
+; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+SSH_KEYGEN_PATH = ssh-keygen
+; Enable SSH Authorized Key Backup when rewriting all keys, default is true
+SSH_AUTHORIZED_KEYS_BACKUP = true
+; Determines which principals to allow
+; - empty: if SSH_TRUSTED_USER_CA_KEYS is empty this will default to off, otherwise will default to email, username.
+; - off: Do not allow authorized principals
+; - email: the principal must match the user's email
+; - username: the principal must match the user's username
+; - anything: there will be no checking on the content of the principal
+SSH_AUTHORIZED_PRINCIPALS_ALLOW = email, username
+; Enable SSH Authorized Principals Backup when rewriting all keys, default is true
+SSH_AUTHORIZED_PRINCIPALS_BACKUP = true
+; Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication.
+; Multiple keys should be comma separated.
+; E.g."ssh-<algorithm> <key>". or "ssh-<algorithm> <key1>, ssh-<algorithm> <key2>".
+; For more information see "TrustedUserCAKeys" in the sshd config manpages.
+SSH_TRUSTED_USER_CA_KEYS =
+; Absolute path of the `TrustedUserCaKeys` file gitea will manage.
+; Default this `RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem
+; If you're running your own ssh server and you want to use the gitea managed file you'll also need to modify your
+; sshd_config to point to this file. The official docker image will automatically work without further configuration.
+SSH_TRUSTED_USER_CA_KEYS_FILENAME =
+; Enable exposure of SSH clone URL to anonymous visitors, default is false
+SSH_EXPOSE_ANONYMOUS = false
+; Indicate whether to check minimum key size with corresponding type
+MINIMUM_KEY_SIZE_CHECK = false
+; Disable CDN even in "prod" mode
+OFFLINE_MODE = false
+DISABLE_ROUTER_LOG = false
+; Generate steps:
+; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+;
+; Or from a .pfx file exported from the Windows certificate store (do
+; not forget to export the private key):
+; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+; Paths are relative to CUSTOM_PATH
+CERT_FILE = https/cert.pem
+KEY_FILE = https/key.pem
+; Root directory containing templates and static files.
+; default is the path where Gitea is executed
+STATIC_ROOT_PATH =
+; Default path for App data
+APP_DATA_PATH = data
+; Application level GZIP support
+ENABLE_GZIP = false
+; Application profiling (memory and cpu)
+; For "web" command it listens on localhost:6060
+; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
+ENABLE_PPROF = false
+; PPROF_DATA_PATH, use an absolute path when you start gitea as service
+PPROF_DATA_PATH = data/tmp/pprof
+; Landing page, can be "home", "explore", "organizations" or "login"
+; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
+LANDING_PAGE = home
+; Enables git-lfs support. true or false, default is false.
+LFS_START_SERVER = false
+; Where your lfs files reside, default is data/lfs.
+LFS_CONTENT_PATH = data/lfs
+; LFS authentication secret, change this yourself
+LFS_JWT_SECRET =
+; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
+LFS_HTTP_AUTH_EXPIRY = 20m
+; Maximum allowed LFS file size in bytes (Set to 0 for no limit).
+LFS_MAX_FILE_SIZE = 0
+; Maximum number of locks returned per page
+LFS_LOCKS_PAGING_NUM = 50
+; Allow graceful restarts using SIGHUP to fork
+ALLOW_GRACEFUL_RESTARTS = true
+; After a restart the parent will finish ongoing requests before
+; shutting down. Force shutdown if this process takes longer than this delay.
+; set to a negative value to disable
+GRACEFUL_HAMMER_TIME = 60s
+; Allows the setting of a startup timeout and waithint for Windows as SVC service
+; 0 disables this.
+STARTUP_TIMEOUT = 0
+; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time, default is 6h
+STATIC_CACHE_TIME = 6h
+
+; Define allowed algorithms and their minimum key length (use -1 to disable a type)
+[ssh.minimum_key_sizes]
+ED25519 = 256
+ECDSA = 256
+RSA = 2048
+DSA = -1 ; set to 1024 to switch on
+
+[database]
+; Database to use. Either "mysql", "postgres", "mssql" or "sqlite3".
+DB_TYPE = mysql
+HOST = 127.0.0.1:3306
+NAME = gitea
+USER = root
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; For Postgres, schema to use if different from "public". The schema must exist beforehand,
+; the user must have creation privileges on it, and the user search path must be set
+; to the look into the schema first. e.g.:ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;
+SCHEMA =
+; For Postgres, either "disable" (default), "require", or "verify-full"
+; For MySQL, either "false" (default), "true", or "skip-verify"
+SSL_MODE = disable
+; For MySQL only, either "utf8" or "utf8mb4", default is "utf8mb4".
+; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
+CHARSET = utf8mb4
+; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
+PATH = data/gitea.db
+; For "sqlite3" only. Query timeout
+SQLITE_TIMEOUT = 500
+; For iterate buffer, default is 50
+ITERATE_BUFFER_SIZE = 50
+; Show the database generated SQL
+LOG_SQL = true
+; Maximum number of DB Connect retries
+DB_RETRIES = 10
+; Backoff time per DB retry (time.Duration)
+DB_RETRY_BACKOFF = 3s
+; Max idle database connections on connnection pool, default is 2
+MAX_IDLE_CONNS = 2
+; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
+CONN_MAX_LIFETIME = 3s
+; Database maximum number of open connections, default is 0 meaning no maximum
+MAX_OPEN_CONNS = 0
+
+[indexer]
+; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve
+ISSUE_INDEXER_TYPE = bleve
+; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
+ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
+; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
+ISSUE_INDEXER_NAME = gitea_issues
+; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
+ISSUE_INDEXER_PATH = indexers/issues.bleve
+; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue
+ISSUE_INDEXER_QUEUE_TYPE = levelqueue
+; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
+; default is indexers/issues.queue
+ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
+; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
+; Batch queue number, default is 20
+ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20
+; Timeout the indexer if it takes longer than this to start.
+; Set to zero to disable timeout.
+STARTUP_TIMEOUT=30s
+
+; repo indexer by default disabled, since it uses a lot of disk space
+REPO_INDEXER_ENABLED = false
+; Code search engine type, could be `bleve` or `elasticsearch`.
+REPO_INDEXER_TYPE = bleve
+; Index file used for code search.
+REPO_INDEXER_PATH = indexers/repos.bleve
+; Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200
+REPO_INDEXER_CONN_STR =
+; Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch
+REPO_INDEXER_NAME = gitea_codes
+
+UPDATE_BUFFER_LEN = 20
+MAX_FILE_SIZE = 1048576
+; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include
+; in the index; default is empty
+REPO_INDEXER_INCLUDE =
+; A comma separated list of glob patterns to exclude from the index; ; default is empty
+REPO_INDEXER_EXCLUDE =
+
+[queue]
+; Specific queues can be individually configured with [queue.name]. [queue] provides defaults
+;
+; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy
+; default to persistable-channel
+TYPE = persistable-channel
+; data-dir for storing persistable queues and level queues, individual queues will be named by their type
+DATADIR = queues/
+; Default queue length before a channel queue will block
+LENGTH = 20
+; Batch size to send for batched queues
+BATCH_LENGTH = 20
+; Connection string for redis queues this will store the redis connection string.
+CONN_STR = "addrs=127.0.0.1:6379 db=0"
+; Provides the suffix of the default redis/disk queue name - specific queues can be overriden within in their [queue.name] sections.
+QUEUE_NAME = "_queue"
+; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overriden within in their [queue.name] sections.
+SET_NAME = "_unique"
+; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
+WRAP_IF_NECESSARY = true
+; Attempt to create the wrapped queue at max
+MAX_ATTEMPTS = 10
+; Timeout queue creation
+TIMEOUT = 15m30s
+; Create a pool with this many workers
+WORKERS = 1
+; Dynamically scale the worker pool to at this many workers
+MAX_WORKERS = 10
+; Add boost workers when the queue blocks for BLOCK_TIMEOUT
+BLOCK_TIMEOUT = 1s
+; Remove the boost workers after BOOST_TIMEOUT
+BOOST_TIMEOUT = 5m
+; During a boost add BOOST_WORKERS
+BOOST_WORKERS = 5
+
+[admin]
+; Disallow regular (non-admin) users from creating organizations.
+DISABLE_REGULAR_ORG_CREATION = false
+; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
+DEFAULT_EMAIL_NOTIFICATIONS = enabled
+
+[security]
+; Whether the installer is disabled
+INSTALL_LOCK = false
+; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+SECRET_KEY = !#@FDEWREWR&*(
+; How long to remember that a user is logged in before requiring relogin (in days)
+LOGIN_REMEMBER_DAYS = 7
+COOKIE_USERNAME = gitea_awesome
+COOKIE_REMEMBER_NAME = gitea_incredible
+; Reverse proxy authentication header name of user name
+REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
+; The minimum password length for new Users
+MIN_PASSWORD_LENGTH = 6
+; Set to true to allow users to import local server paths
+IMPORT_LOCAL_PATHS = false
+; Set to false to allow users with git hook privileges to create custom git hooks.
+; Custom git hooks can be used to perform arbitrary code execution on the host operating system.
+; This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.
+; By modifying the Gitea database, users can gain Gitea administrator privileges.
+; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
+; WARNING: This maybe harmful to you website or your operating system.
+DISABLE_GIT_HOOKS = true
+; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
+ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
+;Comma separated list of character classes required to pass minimum complexity.
+;If left empty or no valid values are specified, the default is off (no checking)
+;Classes include "lower,upper,digit,spec"
+PASSWORD_COMPLEXITY = off
+; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
+PASSWORD_HASH_ALGO = argon2
+; Set false to allow JavaScript to read CSRF cookie
+CSRF_COOKIE_HTTP_ONLY = true
+; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed
+PASSWORD_CHECK_PWN = false
+
+[openid]
+;
+; OpenID is an open, standard and decentralized authentication protocol.
+; Your identity is the address of a webpage you provide, which describes
+; how to prove you are in control of that page.
+;
+; For more info: https://en.wikipedia.org/wiki/OpenID
+;
+; Current implementation supports OpenID-2.0
+;
+; Tested to work providers at the time of writing:
+; - Any GNUSocial node (your.hostname.tld/username)
+; - Any SimpleID provider (http://simpleid.koinic.net)
+; - http://openid.org.cn/
+; - openid.stackexchange.com
+; - login.launchpad.net
+; - <username>.livejournal.com
+;
+; Whether to allow signin in via OpenID
+ENABLE_OPENID_SIGNIN = true
+; Whether to allow registering via OpenID
+; Do not include to rely on rhw DISABLE_REGISTRATION setting
+;ENABLE_OPENID_SIGNUP = true
+; Allowed URI patterns (POSIX regexp).
+; Space separated.
+; Only these would be allowed if non-blank.
+; Example value: trusted.domain.org trusted.domain.net
+WHITELISTED_URIS =
+; Forbidden URI patterns (POSIX regexp).
+; Space separated.
+; Only used if WHITELISTED_URIS is blank.
+; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
+BLACKLISTED_URIS =
+
+[service]
+; Time limit to confirm account/email registration
+ACTIVE_CODE_LIVE_MINUTES = 180
+; Time limit to perform the reset of a forgotten password
+RESET_PASSWD_CODE_LIVE_MINUTES = 180
+; Whether a new user needs to confirm their email when registering.
+REGISTER_EMAIL_CONFIRM = false
+; List of domain names that are allowed to be used to register on a Gitea instance
+; gitea.io,example.com
+EMAIL_DOMAIN_WHITELIST=
+; Disallow registration, only allow admins to create accounts.
+DISABLE_REGISTRATION = false
+; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+; User must sign in to view anything.
+REQUIRE_SIGNIN_VIEW = false
+; Mail notification
+ENABLE_NOTIFY_MAIL = false
+; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password
+; If you set this to false you will not be able to access the tokens endpoints on the API with your password
+; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
+ENABLE_BASIC_AUTHENTICATION = true
+; More detail: https://github.com/gogits/gogs/issues/165
+ENABLE_REVERSE_PROXY_AUTHENTICATION = false
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+ENABLE_REVERSE_PROXY_EMAIL = false
+; Enable captcha validation for registration
+ENABLE_CAPTCHA = false
+; Type of captcha you want to use. Options: image, recaptcha, hcaptcha
+CAPTCHA_TYPE = image
+; Enable recaptcha to use Google's recaptcha service
+; Go to https://www.google.com/recaptcha/admin to sign up for a key
+RECAPTCHA_SECRET =
+RECAPTCHA_SITEKEY =
+; For hCaptcha, create an account at https://accounts.hcaptcha.com/login to get your keys
+HCAPTCHA_SECRET =
+HCAPTCHA_SITEKEY =
+; Change this to use recaptcha.net or other recaptcha service
+RECAPTCHA_URL = https://www.google.com/recaptcha/
+; Default value for KeepEmailPrivate
+; Each new user will get the value of this setting copied into their profile
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+; Default value for AllowCreateOrganization
+; Every new user will have rights set to create organizations depending on this setting
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+; Either "public", "limited" or "private", default is "public"
+; Limited is for signed user only
+; Private is only for member of the organization
+; Public is for everyone
+DEFAULT_ORG_VISIBILITY = public
+; Default value for DefaultOrgMemberVisible
+; True will make the membership of the users visible when added to the organisation
+DEFAULT_ORG_MEMBER_VISIBLE = false
+; Default value for EnableDependencies
+; Repositories will use dependencies by default depending on this setting
+DEFAULT_ENABLE_DEPENDENCIES = true
+; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
+ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
+; Enable heatmap on users profiles.
+ENABLE_USER_HEATMAP = true
+; Enable Timetracking
+ENABLE_TIMETRACKING = true
+; Default value for EnableTimetracking
+; Repositories will use timetracking by default depending on this setting
+DEFAULT_ENABLE_TIMETRACKING = true
+; Default value for AllowOnlyContributorsToTrackTime
+; Only users with write permissions can track time if this is true
+DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
+; Default value for the domain part of the user's email address in the git log
+; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
+; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
+NO_REPLY_ADDRESS = noreply.%(DOMAIN)s
+; Show Registration button
+SHOW_REGISTRATION_BUTTON = true
+; Show milestones dashboard page - a view of all the user's milestones
+SHOW_MILESTONES_DASHBOARD_PAGE = true
+; Default value for AutoWatchNewRepos
+; When adding a repo to a team or creating a new repo all team members will watch the
+; repo automatically if enabled
+AUTO_WATCH_NEW_REPOS = true
+; Default value for AutoWatchOnChanges
+; Make the user watch a repository When they commit for the first time
+AUTO_WATCH_ON_CHANGES = false
+
+[webhook]
+; Hook task queue length, increase if webhook shooting starts hanging
+QUEUE_LENGTH = 1000
+; Deliver timeout in seconds
+DELIVER_TIMEOUT = 5
+; Allow insecure certification
+SKIP_TLS_VERIFY = false
+; Number of history information in each page
+PAGING_NUM = 10
+; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
+PROXY_URL =
+; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
+PROXY_HOSTS =
+
+[mailer]
+ENABLED = false
+; Buffer length of channel, keep it as it is if you don't know what it is.
+SEND_BUFFER_LEN = 100
+; Prefix displayed before subject in mail
+SUBJECT_PREFIX =
+; Mail server
+; Gmail: smtp.gmail.com:587
+; QQ: smtp.qq.com:465
+; Using STARTTLS on port 587 is recommended per RFC 6409.
+; Note, if the port ends with "465", SMTPS will be used.
+HOST =
+; Disable HELO operation when hostnames are different.
+DISABLE_HELO =
+; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
+HELO_HOSTNAME =
+; Whether or not to skip verification of certificates; `true` to disable verification. This option is unsafe. Consider adding the certificate to the system trust store instead.
+SKIP_VERIFY = false
+; Use client certificate
+USE_CERTIFICATE = false
+CERT_FILE = custom/mailer/cert.pem
+KEY_FILE = custom/mailer/key.pem
+; Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)
+; If this is false but STARTTLS is supported the connection will be upgraded to TLS opportunistically.
+IS_TLS_ENABLED = false
+; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
+FROM =
+; Mailer user name and password
+; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
+USER =
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; Send mails as plain text
+SEND_AS_PLAIN_TEXT = false
+; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
+MAILER_TYPE = smtp
+; Specify an alternative sendmail binary
+SENDMAIL_PATH = sendmail
+; Specify any extra sendmail arguments
+SENDMAIL_ARGS =
+; Timeout for Sendmail
+SENDMAIL_TIMEOUT = 5m
+
+[cache]
+; if the cache enabled
+ENABLED = true
+; Either "memory", "redis", or "memcache", default is "memory"
+ADAPTER = memory
+; For "memory" only, GC interval in seconds, default is 60
+INTERVAL = 60
+; For "redis" and "memcache", connection host address
+; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+; memcache: `127.0.0.1:11211`
+HOST =
+; Time to keep items in cache if not used, default is 16 hours.
+; Setting it to 0 disables caching
+ITEM_TTL = 16h
+
+; Last commit cache
+[cache.last_commit]
+; if the cache enabled
+ENABLED = true
+; Time to keep items in cache if not used, default is 8760 hours.
+; Setting it to 0 disables caching
+ITEM_TTL = 8760h
+; Only enable the cache when repository's commits count great than
+COMMITS_COUNT = 1000
+
+[session]
+; Either "memory", "file", or "redis", default is "memory"
+PROVIDER = memory
+; Provider config options
+; memory: doesn't have any config yet
+; file: session file path, e.g. `data/sessions`
+; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
+PROVIDER_CONFIG = data/sessions
+; Session cookie name
+COOKIE_NAME = i_like_gitea
+; If you use session in https only, default is false
+COOKIE_SECURE = false
+; Session GC time interval in seconds, default is 86400 (1 day)
+GC_INTERVAL_TIME = 86400
+; Session life time in seconds, default is 86400 (1 day)
+SESSION_LIFE_TIME = 86400
+
+[picture]
+AVATAR_UPLOAD_PATH = data/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
+; How Gitea deals with missing repository avatars
+; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
+REPOSITORY_AVATAR_FALLBACK = none
+REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
+; Max Width and Height of uploaded avatars.
+; This is to limit the amount of RAM used when resizing the image.
+AVATAR_MAX_WIDTH = 4096
+AVATAR_MAX_HEIGHT = 3072
+; Maximum alloved file size for uploaded avatars.
+; This is to limit the amount of RAM used when resizing the image.
+AVATAR_MAX_FILE_SIZE = 1048576
+; Chinese users can choose "duoshuo"
+; or a custom avatar source, like: http://cn.gravatar.com/avatar/
+GRAVATAR_SOURCE = gravatar
+; This value will always be true in offline mode.
+DISABLE_GRAVATAR = false
+; Federated avatar lookup uses DNS to discover avatar associated
+; with emails, see https://www.libravatar.org
+; This value will always be false in offline mode or when Gravatar is disabled.
+ENABLE_FEDERATED_AVATAR = false
+
+[attachment]
+; Whether issue and pull request attachments are enabled. Defaults to `true`
+ENABLED = true
+; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
+; Max size of each file. Defaults to 4MB
+MAX_SIZE = 4
+; Max number of files per upload. Defaults to 5
+MAX_FILES = 5
+; Storage type for attachments, `local` for local disk or `minio` for s3 compatible
+; object storage service, default is `local`.
+STORAGE_TYPE = local
+; Allows the storage driver to redirect to authenticated URLs to serve files directly
+; Currently, only `minio` is supported.
+SERVE_DIRECT = false
+; Path for attachments. Defaults to `data/attachments` only available when STORAGE_TYPE is `local`
+PATH = data/attachments
+; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+MINIO_ENDPOINT = localhost:9000
+; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+MINIO_ACCESS_KEY_ID =
+; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+MINIO_SECRET_ACCESS_KEY =
+; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+MINIO_BUCKET = gitea
+; Minio location to create bucket only available when STORAGE_TYPE is `minio`
+MINIO_LOCATION = us-east-1
+; Minio base path on the bucket only available when STORAGE_TYPE is `minio`
+MINIO_BASE_PATH = attachments/
+; Minio enabled ssl only available when STORAGE_TYPE is `minio`
+MINIO_USE_SSL = false
+
+[time]
+; Specifies the format for fully outputted dates. Defaults to RFC1123
+; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
+; For more information about the format see http://golang.org/pkg/time/#pkg-constants
+FORMAT =
+; Location the UI time display i.e. Asia/Shanghai
+; Empty means server's location setting
+DEFAULT_UI_LOCATION =
+
+[log]
+ROOT_PATH =
+; Either "console", "file", "conn", "smtp" or "database", default is "console"
+; Use comma to separate multiple modes, e.g. "console, file"
+MODE = console
+; Buffer length of the channel, keep it as it is if you don't know what it is.
+BUFFER_LEN = 10000
+REDIRECT_MACARON_LOG = false
+MACARON = file
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
+ROUTER_LOG_LEVEL = Info
+ROUTER = console
+ENABLE_ACCESS_LOG = false
+ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
+ACCESS = file
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+LEVEL = Info
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
+STACKTRACE_LEVEL = None
+
+; Generic log modes
+[log.x]
+FLAGS = stdflags
+EXPRESSION =
+PREFIX =
+COLORIZE = false
+
+; For "console" mode only
+[log.console]
+LEVEL =
+STDERR = false
+
+; For "file" mode only
+[log.file]
+LEVEL =
+; Set the file_name for the logger. If this is a relative path this
+; will be relative to ROOT_PATH
+FILE_NAME =
+; This enables automated log rotate(switch of following options), default is true
+LOG_ROTATE = true
+; Max size shift of a single file, default is 28 means 1 << 28, 256MB
+MAX_SIZE_SHIFT = 28
+; Segment log daily, default is true
+DAILY_ROTATE = true
+; delete the log file after n days, default is 7
+MAX_DAYS = 7
+; compress logs with gzip
+COMPRESS = true
+; compression level see godoc for compress/gzip
+COMPRESSION_LEVEL = -1
+
+; For "conn" mode only
+[log.conn]
+LEVEL =
+; Reconnect host for every single message, default is false
+RECONNECT_ON_MSG = false
+; Try to reconnect when connection is lost, default is false
+RECONNECT = false
+; Either "tcp", "unix" or "udp", default is "tcp"
+PROTOCOL = tcp
+; Host address
+ADDR =
+
+; For "smtp" mode only
+[log.smtp]
+LEVEL =
+; Name displayed in mail title, default is "Diagnostic message from server"
+SUBJECT = Diagnostic message from server
+; Mail server
+HOST =
+; Mailer user name and password
+USER =
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; Receivers, can be one or more, e.g. 1@example.com,2@example.com
+RECEIVERS =
+
+[cron]
+; Enable running cron tasks periodically.
+ENABLED = true
+; Run cron tasks when Gitea starts.
+RUN_AT_START = false
+
+; Basic cron tasks
+
+; Update mirrors
+[cron.update_mirrors]
+SCHEDULE = @every 10m
+; Enable running Update mirrors task periodically.
+ENABLED = true
+; Run Update mirrors task when Gitea starts.
+RUN_AT_START = false
+; Notice if not success
+NO_SUCCESS_NOTICE = true
+
+; Repository health check
+[cron.repo_health_check]
+SCHEDULE = @every 24h
+; Enable running Repository health check task periodically.
+ENABLED = true
+; Run Repository health check task when Gitea starts.
+RUN_AT_START = false
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+TIMEOUT = 60s
+; Arguments for command 'git fsck', e.g. "--unreachable --tags"
+; see more on http://git-scm.com/docs/git-fsck
+ARGS =
+
+; Check repository statistics
+[cron.check_repo_stats]
+; Enable running check repository statistics task periodically.
+ENABLED = true
+; Run check repository statistics task when Gitea starts.
+RUN_AT_START = true
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 24h
+
+; Clean up old repository archives
+[cron.archive_cleanup]
+; Whether to enable the job
+ENABLED = true
+; Whether to always run at least once at start up time (if ENABLED)
+RUN_AT_START = true
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+; Time interval for job to run
+SCHEDULE = @every 24h
+; Archives created more than OLDER_THAN ago are subject to deletion
+OLDER_THAN = 24h
+
+; Synchronize external user data (only LDAP user synchronization is supported)
+[cron.sync_external_users]
+ENABLED = true
+; Synchronize external user data when starting server (default false)
+RUN_AT_START = false
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+; Interval as a duration between each synchronization (default every 24h)
+SCHEDULE = @every 24h
+; Create new users, update existing user data and disable users that are not in external source anymore (default)
+; or only create new users if UPDATE_EXISTING is set to false
+UPDATE_EXISTING = true
+
+; Clean-up deleted branches
+[cron.deleted_branches_cleanup]
+ENABLED = true
+; Clean-up deleted branches when starting server (default true)
+RUN_AT_START = true
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+; Interval as a duration between each synchronization (default every 24h)
+SCHEDULE = @every 24h
+; deleted branches than OLDER_THAN ago are subject to deletion
+OLDER_THAN = 24h
+
+[cron.update_migration_poster_id]
+; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
+ENABLED = true
+; Update migrated repositories' issues and comments' posterid when starting server (default true)
+RUN_AT_START = true
+; Notice if not success
+NO_SUCCESS_NOTICE = false
+; Interval as a duration between each synchronization. (default every 24h)
+SCHEDULE = @every 24h
+
+; Extened cron task
+; they was not enabled as default
+
+; Delete all unactivated accounts
+[cron.delete_inactive_accounts]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @annually
+OLDER_THAN = 168h
+
+; Delete all repository archives
+[cron.delete_repo_archives]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @annually
+
+; Garbage collect all repositories
+[cron.git_gc_repos]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+TIMEOUT = 60s
+; Arguments for command 'git gc'
+; The default value is same with [git] -> GC_ARGS
+ARGS =
+
+; Update the '.ssh/authorized_keys' file with Gitea SSH keys
+[cron.resync_all_sshkeys]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+; Resynchronize pre-receive, update and post-receive hooks of all repositories.
+[cron.resync_all_hooks]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+; Reinitialize all missing Git repositories for which records exist
+[cron.reinit_missing_repos]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+; Delete all repositories missing their Git files
+[cron.delete_missing_repos]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+; Delete generated repository avatars
+[cron.delete_generated_repository_avatars]
+ENABLED = false
+RUN_AT_START = false
+NO_SUCCESS_NOTICE = false
+SCHEDULE = @every 72h
+
+[git]
+; The path of git executable. If empty, Gitea searches through the PATH environment.
+PATH =
+; Disables highlight of added and removed changes
+DISABLE_DIFF_HIGHLIGHT = false
+; Max number of lines allowed in a single file in diff view
+MAX_GIT_DIFF_LINES = 1000
+; Max number of allowed characters in a line in diff view
+MAX_GIT_DIFF_LINE_CHARACTERS = 5000
+; Max number of files shown in diff view
+MAX_GIT_DIFF_FILES = 100
+; Arguments for command 'git gc', e.g. "--aggressive --auto"
+; see more on http://git-scm.com/docs/git-gc/
+GC_ARGS =
+; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+ENABLE_AUTO_GIT_WIRE_PROTOCOL = true
+; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
+PULL_REQUEST_PUSH_MESSAGE = true
+
+; Operation timeout in seconds
+[git.timeout]
+DEFAULT = 360
+MIGRATE = 600
+MIRROR = 300
+CLONE = 300
+PULL = 300
+GC = 60
+
+[mirror]
+; Default interval as a duration between each check
+DEFAULT_INTERVAL = 8h
+; Min interval as a duration must be > 1m
+MIN_INTERVAL = 10m
+
+[api]
+; Enables Swagger. True or false; default is true.
+ENABLE_SWAGGER = true
+; Max number of items in a page
+MAX_RESPONSE_ITEMS = 50
+; Default paging number of api
+DEFAULT_PAGING_NUM = 30
+; Default and maximum number of items per page for git trees api
+DEFAULT_GIT_TREES_PER_PAGE = 1000
+; Default size of a blob returned by the blobs API (default is 10MiB)
+DEFAULT_MAX_BLOB_SIZE = 10485760
+
+[oauth2]
+; Enables OAuth2 provider
+ENABLE = true
+; Lifetime of an OAuth2 access token in seconds
+ACCESS_TOKEN_EXPIRATION_TIME=3600
+; Lifetime of an OAuth2 refresh token in hours
+REFRESH_TOKEN_EXPIRATION_TIME=730
+; Check if refresh token got already used
+INVALIDATE_REFRESH_TOKENS=false
+; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
+JWT_SECRET=
+; Maximum length of oauth2 token/cookie stored on server
+MAX_TOKEN_LENGTH=32767
+
+[i18n]
+LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
+NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
+
+[U2F]
+; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
+; Two Factor authentication with security keys
+; https://developers.yubico.com/U2F/App_ID.html
+;APP_ID = http://localhost:3000/
+; Comma separated list of trusted facets
+;TRUSTED_FACETS = http://localhost:3000/
+
+; Extension mapping to highlight class
+; e.g. .toml=ini
+[highlight.mapping]
+
+[other]
+SHOW_FOOTER_BRANDING = false
+; Show version information about Gitea and Go in the footer
+SHOW_FOOTER_VERSION = true
+; Show template execution time in the footer
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
+
+[markup.sanitizer.1]
+; The following keys can appear once to define a sanitation policy rule.
+; This section can appear multiple times by adding a unique alphanumeric suffix to define multiple rules.
+; e.g., [markup.sanitizer.1] -> [markup.sanitizer.2] -> [markup.sanitizer.TeX]
+;ELEMENT = span
+;ALLOW_ATTR = class
+;REGEXP = ^(info|warning|error)$
+
+[markup.asciidoc]
+ENABLED = false
+; List of file extensions that should be rendered by an external command
+FILE_EXTENSIONS = .adoc,.asciidoc
+; External command to render all matching extensions
+RENDER_COMMAND = "asciidoc --out-file=- -"
+; Don't pass the file on STDIN, pass the filename as argument instead.
+IS_INPUT_FILE = false
+
+[metrics]
+; Enables metrics endpoint. True or false; default is false.
+ENABLED = false
+; If you want to add authorization, specify a token here
+TOKEN =
+
+[task]
+; Task queue type, could be `channel` or `redis`.
+QUEUE_TYPE = channel
+; Task queue length, available only when `QUEUE_TYPE` is `channel`.
+QUEUE_LENGTH = 1000
+; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
+; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
+QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
+
+[migrations]
+; Max attempts per http/https request on migrations.
+MAX_ATTEMPTS = 3
+; Backoff time per http/https request retry (seconds)
+RETRY_BACKOFF = 3
+; Allowed domains for migrating, default is blank. Blank means everything will be allowed.
+; Multiple domains could be separated by commas.
+ALLOWED_DOMAINS =
+; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
+; When ALLOWED_DOMAINS is not blank, this option will be ignored.
+BLOCKED_DOMAINS =
+; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
+ALLOW_LOCALNETWORKS = false
+
+; default storage for attachments, lfs and avatars
+[storage]
+; storage type
+STORAGE_TYPE = local
+
+; lfs storage will override storage
+[lfs]
+STORAGE_TYPE = local
+
+; customize storage
+;[storage.my_minio]
+;STORAGE_TYPE = minio
+; Minio endpoint to connect only available when STORAGE_TYPE is `minio`
+;MINIO_ENDPOINT = localhost:9000
+; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`
+;MINIO_ACCESS_KEY_ID =
+; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio`
+;MINIO_SECRET_ACCESS_KEY =
+; Minio bucket to store the attachments only available when STORAGE_TYPE is `minio`
+;MINIO_BUCKET = gitea
+; Minio location to create bucket only available when STORAGE_TYPE is `minio`
+;MINIO_LOCATION = us-east-1
+; Minio enabled ssl only available when STORAGE_TYPE is `minio`
+;MINIO_USE_SSL = false
diff --git a/debian/local/app.ini.old b/debian/local/app.ini.old
new file mode 100644
index 0000000..353fa42
--- /dev/null
+++ b/debian/local/app.ini.old
@@ -0,0 +1,101 @@
+##
+# Configuration Cheat Sheet - https://docs.gitea.io/en-us/config-cheat-sheet/
+##
+
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = gitea
+RUN_MODE = prod
+
+[security]
+INTERNAL_TOKEN = Xx-internal-token-xX
+INSTALL_LOCK = true
+SECRET_KEY = Xx-secret-key-xX
+PROVIDER_CONFIG = /var/lib/gitea/data/sessions
+
+[database]
+DB_TYPE = sqlite3
+HOST = 127.0.0.1:3306
+NAME = gitea
+USER = gitea
+PASSWD =
+SSL_MODE = disable
+PATH = /var/lib/gitea/data/gitea.db
+
+[repository]
+ROOT = /var/lib/gitea/repositories
+SCRIPT_TYPE = dash
+PREFERRED_LICENSES = Apache License 2.0,MIT License
+DISABLE_HTTP_GIT = false
+
+[repository.local]
+LOCAL_COPY_PATH = /var/lib/gitea/data/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /var/lib/gitea/data/tmp/uploads
+
+[attachment]
+ENABLE = true
+PATH = /var/lib/gitea/data/attachments
+
+[server]
+STATIC_ROOT_PATH = /usr/share/gitea
+DOMAIN = Xx-gitea-host-xX
+HTTP_PORT = Xx-gitea-port-xX
+ROOT_URL = http://%(DOMAIN)s:%(HTTP_PORT)s/
+APP_DATA_PATH = /var/lib/gitea/data
+SSH_DOMAIN = %(DOMAIN)s
+DISABLE_SSH = false
+SSH_PORT = 22
+LFS_START_SERVER = Xx-lfs-enable-xX
+LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
+LFS_JWT_SECRET = Xx-lfs-secret-xX
+OFFLINE_MODE = false
+
+[mailer]
+ENABLED = true
+SUBJECT = %(APP_NAME)s
+FROM = no-reply@localhost
+HOST =
+USER =
+PASSWD =
+SEND_AS_PLAIN_TEXT = false
+USE_SENDMAIL = true
+SENDMAIL_ARGS =
+
+[service]
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+DISABLE_REGISTRATION = false
+ENABLE_CAPTCHA = false
+REQUIRE_SIGNIN_VIEW = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.example.org
+
+[picture]
+DISABLE_GRAVATAR = false
+ENABLE_FEDERATED_AVATAR = true
+AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[session]
+PROVIDER = file
+PROVIDER_CONFIG = /var/lib/gitea/data/sessions
+
+[log]
+MODE = file
+; Trace, Debug, Info, Warn, Error, or Critical
+LEVEL = Warn
+ROOT_PATH = /var/log/gitea
+
+[log.console]
+LEVEL = Critical
+
+[log.file]
+LEVEL = Warn
+LOG_ROTATE = false
+DAILY_ROTATE = false
diff --git a/debian/man/examples/with_nginx.txt b/debian/man/examples/with_nginx.txt
new file mode 100644
index 0000000..f4b3d5c
--- /dev/null
+++ b/debian/man/examples/with_nginx.txt
@@ -0,0 +1,32 @@
+Update /etc/gitea/conf/app.ini:
+```
+[server]
+PROTOCOL = unix
+DOMAIN = git.domain.tld
+ROOT_URL = http://git.domain.tld/
+HTTP_ADDR = /var/tmp/gitea.sock
+HTTP_PORT =
+```
+
+Create: /etc/nginx/conf.d/gitea.conf
+```
+upstream _gitea {
+ server unix:/var/tmp/gitea.sock;
+}
+
+server {
+ server_name _;
+ root /usr/share/gitea/public;
+
+ location / {
+ try_files $uri @proxy;
+ }
+
+ location @proxy {
+ include proxy_params;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_buffering off;
+ proxy_pass http://_gitea;
+ }
+}
+```
diff --git a/debian/man/gitea.1 b/debian/man/gitea.1
new file mode 100644
index 0000000..3553151
--- /dev/null
+++ b/debian/man/gitea.1
@@ -0,0 +1,53 @@
+.TH GITEA "1" "April 2017" "Gitea version 1.1.0 built with: bindata, sqlite" "User Commands"
+.SH NAME
+Gitea \- A painless self\-hosted Git service
+.SH DESCRIPTION
+.SS "USAGE:"
+.IP
+gitea\-1.1.0\-linux\-amd64 [global options] command [command options] [arguments...]
+.SS "VERSION:"
+.IP
+1.1.0 built with: bindata, sqlite
+.SS "COMMANDS:"
+.TP
+web
+Start Gitea web server
+.TP
+serv
+This command should only be called by SSH shell
+.TP
+hook
+Delegate commands to corresponding Git hooks
+.TP
+dump
+Dump Gitea files and database
+.TP
+cert
+Generate self\-signed certificate
+.TP
+admin
+Perform admin operations on command line
+.TP
+help, h
+Shows a list of commands or help for one command
+.SS "GLOBAL OPTIONS:"
+.TP
+\fB\-\-help\fR, \fB\-h\fR
+show help
+.TP
+\fB\-\-version\fR, \fB\-v\fR
+print the version
+.SS "FILES:"
+.TP
+/var/run/gitea.pid
+Contains the process ID
+.TP
+/etc/gitea/app.ini
+Contains configuration settings for gitea.
+.TP
+/var/log/gitea/*.log
+Holds gitea log files.
+.SS "SEE ALSO:"
+Documentation at https://docs.gitea.io/
+.PP
+Configuration options at https://docs.gitea.io/en-us/config-cheat-sheet/
diff --git a/debian/missing-libs.README b/debian/missing-libs.README
new file mode 100644
index 0000000..f8c773d
--- /dev/null
+++ b/debian/missing-libs.README
@@ -0,0 +1,22 @@
+Contrib Reasoning
+-----------------
+
+The libraries included here are required for gitea to function
+but not currently distributed in Debian.
+
+- Semantic-UI: https://bugs.debian.org/871462
+- Vue.js: https://bugs.debian.org/871459
+
+Non-free Reasoning
+------------------
+
+The volume of dependencies is too much for a single person to handle. The packages
+that once existed have mostly been removed from Debian due to auto-QA processes.
+
+This packaging now utilizes what's included in vendor directories which means
+DFSG-freeness cannot be assured, despite attempts to remove problematic sources.
+
+Notes
+-----
+
+See rev:981ac0a for a version of packaging suitable for Debian main.
diff --git a/debian/patches/001-jwt-v3.diff b/debian/patches/001-jwt-v3.diff
new file mode 100644
index 0000000..fdb918a
--- /dev/null
+++ b/debian/patches/001-jwt-v3.diff
@@ -0,0 +1,34 @@
+Debian maintains a versioned name of this package.
+--- a/cmd/serv.go
++++ b/cmd/serv.go
+@@ -20,7 +20,7 @@
+ "code.gitea.io/gitea/modules/setting"
+
+ "github.com/Unknwon/com"
+- "github.com/dgrijalva/jwt-go"
++ "github.com/dgrijalva/jwt-go-v3"
+ "github.com/urfave/cli"
+ )
+
+--- a/modules/lfs/server.go
++++ b/modules/lfs/server.go
+@@ -17,7 +17,7 @@
+ "code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/setting"
+
+- "github.com/dgrijalva/jwt-go"
++ "github.com/dgrijalva/jwt-go-v3"
+ "gopkg.in/macaron.v1"
+ )
+
+--- a/modules/setting/setting.go
++++ b/modules/setting/setting.go
+@@ -29,7 +29,7 @@
+ "code.gitea.io/gitea/modules/user"
+
+ "github.com/Unknwon/com"
+- "github.com/dgrijalva/jwt-go"
++ "github.com/dgrijalva/jwt-go-v3"
+ _ "github.com/go-macaron/cache/memcache" // memcache plugin for cache
+ _ "github.com/go-macaron/cache/redis"
+ "github.com/go-macaron/session"
diff --git a/debian/patches/002-go-crypto.diff b/debian/patches/002-go-crypto.diff
new file mode 100644
index 0000000..5c75787
--- /dev/null
+++ b/debian/patches/002-go-crypto.diff
@@ -0,0 +1,16 @@
+Don't follow a non-standard fork if not needed.
+--- a/models/gpg_key.go
++++ b/models/gpg_key.go
+@@ -19,9 +19,9 @@
+ "code.gitea.io/gitea/modules/log"
+
+ "github.com/go-xorm/xorm"
+- "github.com/keybase/go-crypto/openpgp"
+- "github.com/keybase/go-crypto/openpgp/armor"
+- "github.com/keybase/go-crypto/openpgp/packet"
++ "golang.org/x/crypto/openpgp"
++ "golang.org/x/crypto/openpgp/armor"
++ "golang.org/x/crypto/openpgp/packet"
+ )
+
+ // GPGKey represents a GPG key.
diff --git a/debian/patches/003-update-default-configuration.patch b/debian/patches/003-update-default-configuration.patch
new file mode 100644
index 0000000..eec1ff7
--- /dev/null
+++ b/debian/patches/003-update-default-configuration.patch
@@ -0,0 +1,148 @@
+Description: Update app.ini with debianized defaults.
+ This patch updates the default app.ini, provided by upstream, with some
+ debianized defaults; useful for running from the packaged version.
+Author: Michael Lustfield <michael@lustfield.net>
+Forwarded: not-needed
+--- a/conf/app.ini
++++ b/conf/app.ini
+@@ -1,12 +1,12 @@
+ ; App name that shows on every page title
+ APP_NAME = Gitea: Git with a cup of tea
+ ; Change it if you run locally
+-RUN_USER = git
++RUN_USER = gitea
+ ; Either "dev", "prod" or "test", default is "dev"
+-RUN_MODE = dev
++RUN_MODE = prod
+
+ [repository]
+-ROOT =
++ROOT = /var/lib/gitea/repositories
+ SCRIPT_TYPE = bash
+ ; Default ANSI charset
+ ANSI_CHARSET =
+@@ -36,13 +36,13 @@
+
+ [repository.local]
+ ; Path for uploads. Defaults to `tmp/local-repo`
+-LOCAL_COPY_PATH = tmp/local-repo
++LOCAL_COPY_PATH = /tmp/local-repo
+
+ [repository.upload]
+ ; Whether repository file uploads are enabled. Defaults to `true`
+ ENABLED = true
+ ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
+-TEMP_PATH = data/tmp/uploads
++TEMP_PATH = /var/lib/gitea/data/tmp/uploads
+ ; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
+ ALLOWED_TYPES =
+ ; Max size of each file in MB. Defaults to 3MB
+@@ -159,9 +159,9 @@
+ KEY_FILE = custom/https/key.pem
+ ; Upper level of template and static file path
+ ; default is the path where Gitea is executed
+-STATIC_ROOT_PATH =
++STATIC_ROOT_PATH = /usr/share/gitea
+ ; Default path for App data
+-APP_DATA_PATH = data
++APP_DATA_PATH = /var/lib/gitea/data
+ ; Application level GZIP support
+ ENABLE_GZIP = false
+ ; Landing page for non-logged users, can be "home" or "explore"
+@@ -169,7 +169,7 @@
+ ; Enables git-lfs support. true or false, default is false.
+ LFS_START_SERVER = false
+ ; Where your lfs files put on, default is data/lfs.
+-LFS_CONTENT_PATH = data/lfs
++LFS_CONTENT_PATH = /var/lib/gitea/data/lfs
+ ; LFS authentication secret, changed this to yourself.
+ LFS_JWT_SECRET =
+
+@@ -182,7 +182,7 @@
+
+ [database]
+ ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
+-DB_TYPE = mysql
++DB_TYPE = sqlite3
+ HOST = 127.0.0.1:3306
+ NAME = gitea
+ USER = root
+@@ -190,7 +190,7 @@
+ ; For "postgres" only, either "disable", "require" or "verify-full"
+ SSL_MODE = disable
+ ; For "sqlite3" and "tidb", use absolute path when you start as service
+-PATH = data/gitea.db
++PATH = /var/lib/gitea/data/gitea.db
+ ; For "sqlite3" only. Query timeout
+ SQLITE_TIMEOUT = 500
+ ; For iterate buffer, default is 50
+@@ -210,9 +210,9 @@
+
+ [security]
+ ; Whether the installer is disabled
+-INSTALL_LOCK = false
++INSTALL_LOCK = true
+ ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+-SECRET_KEY = !#@FDEWREWR&*(
++SECRET_KEY = Xx-secret-key-xX
+ ; Auto-login remember days
+ LOGIN_REMEMBER_DAYS = 7
+ COOKIE_USERNAME = gitea_awesome
+@@ -361,7 +361,7 @@
+ ; file: session file path, e.g. `data/sessions`
+ ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+ ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
+-PROVIDER_CONFIG = data/sessions
++PROVIDER_CONFIG = /var/lib/gitea/data/sessions
+ ; Session cookie name
+ COOKIE_NAME = i_like_gitea
+ ; If you use session in https only, default is false
+@@ -374,7 +374,7 @@
+ SESSION_LIFE_TIME = 86400
+
+ [picture]
+-AVATAR_UPLOAD_PATH = data/avatars
++AVATAR_UPLOAD_PATH = /var/lib/gitea/data/avatars
+ ; Chinese users can choose "duoshuo"
+ ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
+ GRAVATAR_SOURCE = gravatar
+@@ -389,7 +389,7 @@
+ ; Whether attachments are enabled. Defaults to `true`
+ ENABLE = true
+ ; Path for attachments. Defaults to `data/attachments`
+-PATH = data/attachments
++PATH = /var/lib/gitea/data/attachments
+ ; One or more allowed types, e.g. image/jpeg|image/png
+ ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
+ ; Max size of each file. Defaults to 32MB
+@@ -404,24 +404,24 @@
+ FORMAT =
+
+ [log]
+-ROOT_PATH =
++ROOT_PATH = /var/log/gitea
+ ; Either "console", "file", "conn", "smtp" or "database", default is "console"
+ ; Use comma to separate multiple modes, e.g. "console, file"
+-MODE = console
++MODE = file
+ ; Buffer length of channel, keep it as it is if you don't know what it is.
+ BUFFER_LEN = 10000
+ ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+-LEVEL = Trace
++LEVEL = Warn
+
+ ; For "console" mode only
+ [log.console]
+-LEVEL =
++LEVEL = Critical
+
+ ; For "file" mode only
+ [log.file]
+-LEVEL =
++LEVEL = Warn
+ ; This enables automated log rotate(switch of following options), default is true
+-LOG_ROTATE = true
++LOG_ROTATE = false
+ ; Max line number of single file, default is 1000000
+ MAX_LINES = 1000000
+ ; Max size shift of single file, default is 28 means 1 << 28, 256MB
diff --git a/debian/patches/004-aes-encrypt.diff b/debian/patches/004-aes-encrypt.diff
new file mode 100644
index 0000000..8b8b62b
--- /dev/null
+++ b/debian/patches/004-aes-encrypt.diff
@@ -0,0 +1,21 @@
+Not yet fixed in upstream.
+--- a/models/twofactor.go
++++ b/models/twofactor.go
+@@ -61,7 +61,7 @@
+
+ // SetSecret sets the 2FA secret.
+ func (t *TwoFactor) SetSecret(secret string) error {
+- secretBytes, err := com.AESEncrypt(t.getEncryptionKey(), []byte(secret))
++ secretBytes, err := com.AESGCMEncrypt(t.getEncryptionKey(), []byte(secret))
+ if err != nil {
+ return err
+ }
+@@ -75,7 +75,7 @@
+ if err != nil {
+ return false, err
+ }
+- secret, err := com.AESDecrypt(t.getEncryptionKey(), decodedStoredSecret)
++ secret, err := com.AESGCMDecrypt(t.getEncryptionKey(), decodedStoredSecret)
+ if err != nil {
+ return false, err
+ }
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/debian/patches/series
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
new file mode 100644
index 0000000..f94b117
--- /dev/null
+++ b/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] gitea.templates
diff --git a/debian/po/cs.po b/debian/po/cs.po
new file mode 100644
index 0000000..32b1697
--- /dev/null
+++ b/debian/po/cs.po
@@ -0,0 +1,33 @@
+# Czech PO debconf template translation of gitea.
+# Copyright (C) 2014 Michal Simunek <michal.simunek@gmail.com>
+# This file is distributed under the same license as the gitea package.
+# Michal Simunek <michal.simunek@gmail.com>, 2017.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gitea 1.2.1+dfsg-1\n"
+"Report-Msgid-Bugs-To: gitea@packages.debian.org\n"
+"POT-Creation-Date: 2017-07-30 20:55-0500\n"
+"PO-Revision-Date: 2017-11-24 20:15+0100\n"
+"Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n"
+"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
+"Language: cs\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: password
+#. Description
+#: ../gitea.templates:1001
+msgid "Global secret key for gitea:"
+msgstr "Globální tajný klíč pro gitea:"
+
+#. Type: password
+#. Description
+#: ../gitea.templates:1001
+msgid ""
+"This is the global secret key used for server security. After initial "
+"configuration, this value will be removed from the debconf database."
+msgstr ""
+"Toto je globální tajný klíč používaný k zabezpečení serveru. Po úvodním "
+"nastavení bude tato hodnota z databáze debconf odstraněna."
diff --git a/debian/po/de.po b/debian/po/de.po
new file mode 100644
index 0000000..9be9ae1
--- /dev/null
+++ b/debian/po/de.po
@@ -0,0 +1,35 @@
+# German Gitea debconf translation.
+# Copyright (C) 2017 Michael Lustfield <mtecknology@debian.org>, 2017.
+# This file is distributed under the same license as the gitea package.
+# Copyright (C) of this file 2017 Chris Leick <c.leick@vollbio.de>.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gitea 0.0~git20170919.0.cdb43f0-1\n"
+"Report-Msgid-Bugs-To: gitea@packages.debian.org\n"
+"POT-Creation-Date: 2017-07-30 20:55-0500\n"
+"PO-Revision-Date: 2017-10-29 10:41+0100\n"
+"Last-Translator: Chris Leick <c.leick@vollbio.de>\n"
+"Language-Team: German <debian-l10n-german@lists.debian.org>\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: password
+#. Description
+#: ../gitea.templates:1001
+msgid "Global secret key for gitea:"
+msgstr "Globaler geheimer Schlüssel für Gitea:"
+
+#. Type: password
+#. Description
+#: ../gitea.templates:1001
+msgid ""
+"This is the global secret key used for server security. After initial "
+"configuration, this value will be removed from the debconf database."
+msgstr ""
+"Dies ist der globale geheime Schlüssel, der für die Serversicherheit "
+"verwendet wird. Nach der Erstkonfiguration wird dieser Wert aus der "
+"Debconf-Datenbank entfernt."
diff --git a/debian/po/pt.po b/debian/po/pt.po
new file mode 100644
index 0000000..94d6e1a
--- /dev/null
+++ b/debian/po/pt.po
@@ -0,0 +1,38 @@
+#Translation of gitea debconf messages to European Portuguese
+# Gitea debconf translations.
+# Copyright (C) 2017 Michael Lustfield
+# This file is distributed under the same license as the gitea package.
+#
+# Michael Lustfield <mtecknology@debian.org>, 2017.
+# Américo Monteiro <a_monteiro@gmx.com>, 2017.
+msgid ""
+msgstr ""
+"Project-Id-Version: gitea\n"
+"Report-Msgid-Bugs-To: gitea@packages.debian.org\n"
+"POT-Creation-Date: 2017-07-30 20:55-0500\n"
+"PO-Revision-Date: 2017-10-28 21:21+0000\n"
+"Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
+"Language-Team: Portuguese <>\n"
+"Language: pt\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Lokalize 2.0\n"
+
+#. Type: password
+#. Description
+#: ../gitea.templates:1001
+msgid "Global secret key for gitea:"
+msgstr "Chave secreta global para o gitea:"
+
+#. Type: password
+#. Description
+#: ../gitea.templates:1001
+msgid ""
+"This is the global secret key used for server security. After initial "
+"configuration, this value will be removed from the debconf database."
+msgstr ""
+"Esta é a chave secreta global usada para segurança do servidor. Após a "
+"configuração inicial, este valor será removido da base de dados do debconf."
+
diff --git a/debian/po/sv.po b/debian/po/sv.po
new file mode 100644
index 0000000..d22cbb1
--- /dev/null
+++ b/debian/po/sv.po
@@ -0,0 +1,36 @@
+# Translation of Gitea template to Swedish
+# Copyright (C) 2017 Martin Bagge <brother@bsnet.se>
+# This file is distributed under the same license as the Gitea package.
+#
+# Martin Bagge <brother@bsnet.se>, 2017
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gitea\n"
+"Report-Msgid-Bugs-To: gitea@packages.debian.org\n"
+"POT-Creation-Date: 2017-07-30 20:55-0500\n"
+"PO-Revision-Date: 2017-10-26 17:11+0200\n"
+"Language: sv\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n"
+"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n"
+"X-Generator: Poedit 1.8.11\n"
+
+#. Type: password
+#. Description
+#: ../gitea.templates:1001
+msgid "Global secret key for gitea:"
+msgstr "Global hemlig nyckel frö gitea:"
+
+#. Type: password
+#. Description
+#: ../gitea.templates:1001
+msgid ""
+"This is the global secret key used for server security. After initial "
+"configuration, this value will be removed from the debconf database."
+msgstr ""
+"Detta är den globala hemliga nyckeln som används för serversäkerhet. "
+"Efter den första installationen kommer detta värde att tas bort från "
+"debconf-databasen."
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
new file mode 100644
index 0000000..b20bcf5
--- /dev/null
+++ b/debian/po/templates.pot
@@ -0,0 +1,94 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the gitea package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: gitea\n"
+"Report-Msgid-Bugs-To: gitea@packages.debian.org\n"
+"POT-Creation-Date: 2018-08-05 21:50-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: password
+#. Description
+#: ../gitea-common.templates:1001
+msgid "Global secret key for gitea:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../gitea-common.templates:1001
+msgid ""
+"This is the global secret key used for server security. After initial "
+"configuration, this value will be removed from the debconf database. Leave "
+"blank to use a generated password."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../gitea-common.templates:2001
+msgid "Global internal token for gitea:"
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../gitea-common.templates:2001
+msgid ""
+"This is the global internal token used for server security. After initial "
+"configuration, this value will be removed from the debconf database. Leave "
+"blank to use a generated password."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../gitea-common.templates:3001
+msgid "Domain name of this Gitea instance:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../gitea-common.templates:3001
+msgid ""
+"This address is used by the web interface to form addresses that users can "
+"copy and paste."
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../gitea-common.templates:4001
+msgid "HTTP listen port:"
+msgstr ""
+
+#. Type: string
+#. Description
+#: ../gitea-common.templates:4001
+msgid ""
+"The port Gitea will listen on for HTTP connections. This is not needed if "
+"gitea is running behind a web server, such as Nginx or Apache."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../gitea-common.templates:5001
+msgid "Enable git-lfs support:"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../gitea-common.templates:5001
+msgid "Should git-lfs be supported on this system."
+msgstr ""
+
+#. Type: password
+#. Description
+#: ../gitea-common.templates:6001
+msgid "TODO"
+msgstr ""
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..6764d59
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,39 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE=1
+
+# Build flags (excluded: tidb bindata)
+TAGS := sqlite pam
+
+# PIE builds (-buildmode=pie) need -pkgdir (abs path ref)
+GOPATH ?= $(CURDIR)/obj-$(DEB_TARGET_GNU_TYPE)
+GOCACHE ?= $(CURDIR)/.cache
+LDFLAGS = -X 'main.Tags=$(TAGS)' -extldflags=-Wl,-z,relro,-z,now
+
+export GOPATH GOCACHE LDFLAGS TAGS
+
+UPSTREAM_VERSION = $(shell dpkg-parsechangelog | awk '/^Version: / { print $$2 }' | awk -F- '{ print $$1 }')
+
+%:
+ dh $@ --buildsystem=golang --with=golang
+
+override_dh_auto_build: #static_swagger
+ go install -v -p 2 \
+ -buildmode=pie \
+ -pkgdir="$(GOPATH)" \
+ -ldflags="$(LDFLAGS)" \
+ -tags="$(TAGS)" \
+ code.gitea.io/gitea
+
+static_swagger:
+ # Build a static swagger api documentation page
+ # Update script:
+ # wget https://raw.githubusercontent.com/MTecknology/static_swagger-ui/master/build.py -O debian/helpers/swagger_build.py
+ # sed -i '/REMOVE/,/REMOVE/d' debian/helpers/swagger_build.py
+ SWAGGER_SRC=public/swagger.v1.json SWAGGER_DST=templates/swagger.tmpl python debian/helpers/swagger_build.py
+
+# Tests are broken in debian build environments.
+override_dh_auto_test:
+
+upstream:
+ mkdir -p debian/local
+ wget -O debian/local/app.ini https://raw.githubusercontent.com/go-gitea/gitea/v$(UPSTREAM_VERSION)/custom/conf/app.example.ini
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..33fa1c8
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,10 @@
+# uscan(1) configuration file.
+version=4
+
+opts="\
+pgpmode=none,\
+repacksuffix=+dfsg,\
+repack,compression=xz,\
+dversionmangle=s{[~+](?:ds|dfsg)\d*$}{},\
+" https://github.com/go-gitea/gitea/releases \
+ .*/archive/v?(\d[\d.]+)\.tar\.gz