diff --git a/config/forgejo/forgejo.env b/config/forgejo/forgejo.env deleted file mode 100644 index 402b1b4..0000000 --- a/config/forgejo/forgejo.env +++ /dev/null @@ -1,87 +0,0 @@ -GITEA_APP_INI=/var/lib/gitea/custom/conf/app.ini - -FORGEJO__APP_NAME=JOEVER -FORGEJO__RUN_USER=git -FORGEJO__RUN_MODE=prod -FORGEJO__APP_SLOGAN=Sussybaka -FORGEJO__WORK_PATH=/var/lib/gitea - -FORGEJO__REPOSITORY__ROOT=/var/lib/gitea/git/repositories - -FORGEJO__REPOSITORY_0x2E_LOCAL__LOCAL_COPY_PATH=/tmp/gitea/local-repo - - -FORGEJO__REPOSITORY_0x2E_UPLOAD__TEMP_PATH=/tmp/gitea/uploads - - -FORGEJO__SERVER__APP_DATA_PATH=/var/lib/gitea -FORGEJO__SERVER__SSH_DOMAIN=forgejoever.homelab0ne.xyz -FORGEJO__SERVER__HTTP_PORT=3000 -FORGEJO__SERVER__ROOT_URL="https://forgejoever.homelab0ne.xyz/" -FORGEJO__SERVER__DISABLE_SSH=false -FORGEJO__SERVER__START_SSH_SERVER=true - - -FORGEJO__SERVER__SSH_PORT=30022 -FORGEJO__SERVER__SSH_LISTEN_PORT=30022 -FORGEJO__SERVER__BUILTIN_SSH_SERVER_USER=git -FORGEJO__SERVER__LFS_START_SERVER=true -FORGEJO__SERVER__DOMAIN=forgejoever.homelab0ne.xyz -FORGEJO__SERVER__OFFLINE_MODE=true - -FORGEJO__DATABASE__PATH=/var/lib/gitea/data/gitea.db -FORGEJO__DATABASE__DB_TYPE=postgres -FORGEJO__DATABASE__HOST=postgres:5432 -FORGEJO__DATABASE__NAME=forgejodb -FORGEJO__DATABASE__USER=forgejo -FORGEJO__DATABASE__SCHEMA= -FORGEJO__DATABASE__SSL_MODE=disable -FORGEJO__DATABASE__LOG_SQL=false - - -FORGEJO__SESSION__PROVIDER_CONFIG=/var/lib/gitea/data/sessions -FORGEJO__SESSION__PROVIDER=file - - -FORGEJO__PICTURE__AVATAR_UPLOAD_PATH=/var/lib/gitea/data/avatars -FORGEJO__PICTURE__REPOSITORY_AVATAR_UPLOAD_PATH=/var/lib/gitea/data/repo-avatars - -FORGEJO__ATTACHMENT__PATH=/var/lib/gitea/data/attachments - - -FORGEJO__LOG__ROOT_PATH=/var/lib/gitea/data/log -FORGEJO__LOG__MODE=console -FORGEJO__LOG__LEVEL=info - -FORGEJO__SECURITY__INSTALL_LOCK=true -FORGEJO__SECURITY__REVERSE_PROXY_LIMIT = 1 -FORGEJO__SECURITY__REVERSE_PROXY_TRUSTED_PROXIES = * -FORGEJO__SECURITY__PASSWORD_HASH_ALGO = pbkdf2_hi - -FORGEJO__SERVICE__DISABLE_REGISTRATION=true -FORGEJO__SERVICE__REQUIRE_SIGNIN_VIEW=false -FORGEJO__SERVICE__REGISTER_EMAIL_CONFIRM=false -FORGEJO__SERVICE__ENABLE_NOTIFY_MAIL=false -FORGEJO__SERVICE__ALLOW_ONLY_EXTERNAL_REGISTRATION=false -FORGEJO__SERVICE__ENABLE_CAPTCHA=false -FORGEJO__SERVICE__DEFAULT_KEEP_EMAIL_PRIVATE=false -FORGEJO__SERVICE__DEFAULT_ALLOW_CREATE_ORGANIZATION=true -FORGEJO__SERVICE__DEFAULT_ENABLE_TIMETRACKING=true -FORGEJO__SERVICE__NO_REPLY_ADDRESS=noreply.localhost - -FORGEJO__LFS__PATH = /var/lib/gitea/git/lfs - - -FORGEJO__MAILER__ENABLED=false - -FORGEJO__OPENID__ENABLE_OPENID_SIGNIN=false -FORGEJO__OPENID__ENABLE_OPENID_SIGNUP=false - -FORGEJO__CRON_0x2E__UPDATE_CHECKER__ENABLED=true - -FORGEJO__REPOSITORY_0x2E_PULL_0x2D_REQUEST__DEFAULT_MERGE_STYLE=merge - -FORGEJO__REPOSITORY_0x2E_SIGNING__DEFAULT_TRUST_MODEL=committer - -FORGEJO__INDEXER__REPO_INDEXER_ENABLED=true - diff --git a/config/nginx/tls.conf b/config/nginx/tls.conf deleted file mode 100644 index 8ee8b8c..0000000 --- a/config/nginx/tls.conf +++ /dev/null @@ -1,11 +0,0 @@ -ssl_certificate /etc/nginx/ssl/cert.pem; -ssl_certificate_key /etc/nginx/ssl/key.pem; - -ssl_session_timeout 1d; -ssl_session_cache shared:MozSSL:10m; # about 40000 sessions -ssl_session_tickets off; - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256; -ssl_prefer_server_ciphers on; -ssl_conf_command Options PrioritizeChaCha; diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config deleted file mode 100644 index 7047018..0000000 --- a/etc/ssh/sshd_config +++ /dev/null @@ -1,137 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -# To modify the system-wide sshd configuration, create a *.conf file under -# /etc/ssh/sshd_config.d/ which will be automatically included below -Include /etc/ssh/sshd_config.d/*.conf - -# If you want to change the port on a SELinux system, you have to tell -# SELinux about this change. -# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER -# -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: -IPQoS af21 af11 - -HostKey /etc/ssh/ssh_host_ed25519_key -HostKeyAlgorithms ssh-ed25519 -KexAlgorithms sntrup761x25519-sha512@openssh.com -PubkeyAcceptedKeyTypes ssh-ed25519 -Ciphers aes256-gcm@openssh.com -MACs -* -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -LoginGraceTime 15s -#PermitRootLogin prohibit-password -#StrictModes yes -MaxAuthTries 1 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -KbdInteractiveAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no -#KerberosUseKuserok yes - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no -#GSSAPIEnablek5users no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -# WARNING: 'UsePAM no' is not supported in Fedora and may cause several -# problems. -UsePAM yes - -AllowAgentForwarding no -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -TCPKeepAlive no -#PermitUserEnvironment no -#Compression delayed -ClientAliveInterval 60 -ClientAliveCountMax 2 -#UseDNS no -#PidFile /var/run/sshd.pid -MaxStartups 4096 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/libexec/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server