Inital commit

templates/gitea/app.ini

@@ -0,0 +1,50 @@
+APP_NAME = OpenPunk Gitea
+RUN_USER = gitea
+RUN_MODE = prod
+
+[repository]
+ROOT = /var/lib/gitea/gitea-repositories
+
+[server]
+SSH_DOMAIN       = git.{{ domain }}
+DOMAIN           = git.{{ domain }}
+HTTP_PORT        = 3000
+ROOT_URL         = https://git.{{ domain }}/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+LFS_START_SERVER = false
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM            = false
+ENABLE_NOTIFY_MAIL                = false
+DISABLE_REGISTRATION              = true
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
+ENABLE_CAPTCHA                    = false
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.localhost
+
+[picture]
+DISABLE_GRAVATAR        = true
+ENABLE_FEDERATED_AVATAR = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = false
+ENABLE_OPENID_SIGNUP = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = file
+LEVEL     = info
+ROOT_PATH = /var/lib/gitea/log
+
+[ui]
+DEFAULT_THEME = arc-green

templates/nginx/gitea.conf

@@ -0,0 +1,11 @@
+server {
+    server_name git.{{ domain }};
+    listen 80;
+
+    location / {
+        add_header Permissions-Policy interest-cohort=();
+        proxy_pass http://localhost:3000;
+    }
+
+    client_max_body_size 100M;
+}

templates/nginx/nginx.conf

@@ -0,0 +1,52 @@
+user www-data;
+worker_processes auto;
+include /etc/nginx/modules-enabled/*.conf;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 768;
+}
+
+http {
+
+    ##
+    # Basic Settings
+    ##
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    ##
+    # SSL Settings
+    ##
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+    ssl_prefer_server_ciphers on;
+
+    ##
+    # Logging Settings
+    ##
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    ##
+    # Gzip Settings
+    ##
+
+    gzip on;
+    gzip_disable "msie6";
+
+    ##
+    # Virtual Host Configs
+    ##
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}

templates/nginx/site.conf

@@ -0,0 +1,12 @@
+server {
+    server_name {{ domain }};
+    listen 80;
+
+    root /var/www/{{ domain }}/public;
+    index index.html index.htm;
+
+    location / {
+        add_header Permissions-Policy interest-cohort=();
+        try_files $uri $uri/ =404;
+    }
+}

templates/nginx/tor.conf

@@ -0,0 +1,12 @@
+server {
+    root /var/www/{{ domain }}/public;
+    index index.html index.htm;
+
+    location / {
+        add_header Permissions-Policy interest-cohort=();
+        try_files $uri $uri/ =404;
+    }
+
+    # our tor hidden service is hosted on this port
+    listen 2171;
+}

templates/tor/torrc

@@ -0,0 +1,2 @@
+HiddenServiceDir /var/lib/tor/{{ domain }}
+HiddenServicePort 80 127.0.0.1:2171