# Gitea Configuration - Rick-Infra
# Generated by Ansible Gitea role

[DEFAULT]
APP_NAME = {{ gitea_app_name }}
RUN_MODE = {{ gitea_run_mode }}

[repository]
# === Repository Storage ===
ROOT = {{ gitea_home }}/repositories
DEFAULT_BRANCH = {{ gitea_default_branch }}

# === Privacy Defaults ===
DEFAULT_PRIVATE = {{ gitea_default_private }}
DEFAULT_PUSH_CREATE_PRIVATE = {{ gitea_default_push_create_private | lower }}

# === Repository Features ===
DISABLED_REPO_UNITS = {{ gitea_disabled_repo_units }}
ENABLE_PUSH_CREATE_USER = {{ gitea_enable_push_create_user | lower }}
ENABLE_PUSH_CREATE_ORG = {{ gitea_enable_push_create_org | lower }}

[server]
PROTOCOL = http
DOMAIN = {{ gitea_http_domain }}
HTTP_PORT = {{ gitea_http_port }}
ROOT_URL = https://{{ gitea_http_domain }}/
DISABLE_SSH = false
# SSH Mode: {{ gitea_ssh_mode }}
START_SSH_SERVER = {{ gitea_start_ssh_server | lower }}
SSH_DOMAIN = {{ gitea_ssh_domain }}
SSH_PORT = {{ gitea_ssh_port }}
{% if gitea_ssh_mode == 'dedicated' %}
SSH_LISTEN_PORT = {{ gitea_ssh_port }}
{% endif %}
LOCAL_ROOT_URL = http://127.0.0.1:{{ gitea_http_port }}/
APP_DATA_PATH = {{ gitea_home }}/data

[database]
DB_TYPE = {{ gitea_db_type }}
{% if gitea_db_host.startswith('/') %}
# Unix socket connection
HOST = {{ gitea_db_host }}
{% else %}
# TCP connection
HOST = {{ gitea_db_host }}:{{ gitea_db_port }}
{% endif %}
NAME = {{ gitea_db_name }}
USER = {{ gitea_db_user }}
PASSWD = {{ gitea_db_password }}
SSL_MODE = disable
CHARSET = utf8

[security]
# === Core Security ===
INSTALL_LOCK = true
SECRET_KEY = {{ ansible_machine_id }}{{ gitea_db_password | hash('sha256') }}
INTERNAL_TOKEN = {{ (ansible_machine_id + gitea_db_password) | hash('sha256') }}

# === Enhanced Security ===
CSRF_COOKIE_HTTP_ONLY = {{ gitea_csrf_cookie_httponly | lower }}
PASSWORD_CHECK_PWN = {{ gitea_password_check_pwn | lower }}
REVERSE_PROXY_LIMIT = {{ gitea_reverse_proxy_limit }}
REVERSE_PROXY_TRUSTED_PROXIES = {{ gitea_reverse_proxy_trusted_proxies }}

[service]
# === Access Control ===
DISABLE_REGISTRATION = {{ gitea_disable_registration | lower }}
REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin | lower }}
SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button | lower }}

# === OAuth Configuration ===
ENABLE_PASSWORD_SIGNIN_FORM = {{ gitea_enable_password_signin | lower }}
ENABLE_BASIC_AUTHENTICATION = {{ gitea_enable_basic_auth | lower }}

# === Defaults ===
DEFAULT_KEEP_EMAIL_PRIVATE = true
DEFAULT_ALLOW_CREATE_ORGANIZATION = {{ gitea_allow_create_org | lower }}
NO_REPLY_ADDRESS = noreply@{{ gitea_http_domain }}

[oauth2_client]
# === Authentik OAuth Integration ===
ENABLE_AUTO_REGISTRATION = {{ gitea_oauth2_auto_registration | lower }}
ACCOUNT_LINKING = {{ gitea_oauth2_account_linking }}
USERNAME = {{ gitea_oauth2_username_source }}
UPDATE_AVATAR = {{ gitea_oauth2_update_avatar | lower }}
OPENID_CONNECT_SCOPES = {{ gitea_oauth2_scopes }}
REGISTER_EMAIL_CONFIRM = {{ gitea_oauth2_register_email_confirm | lower }}

[mailer]
ENABLED = {{ gitea_mailer_enabled | lower }}
{% if gitea_mailer_enabled %}
PROTOCOL = {{ gitea_mailer_protocol }}
SMTP_ADDR = {{ gitea_smtp_addr }}
SMTP_PORT = {{ gitea_smtp_port }}
FROM = {{ gitea_mailer_from }}
USER = {{ gitea_mailer_user }}
PASSWD = {{ gitea_mailer_password }}
SUBJECT_PREFIX = {{ gitea_mailer_subject_prefix }}
SEND_AS_PLAIN_TEXT = false
SMTP_AUTH = PLAIN
{% endif %}

[session]
# === Session Security ===
PROVIDER = {{ gitea_session_provider }}
COOKIE_NAME = {{ gitea_session_cookie_name }}
COOKIE_SECURE = {{ gitea_cookie_secure | lower }}
SESSION_LIFE_TIME = {{ gitea_session_life_time }}
SAME_SITE = {{ gitea_session_same_site }}

[log]
MODE = console
LEVEL = Info
ROOT_PATH = {{ gitea_home }}/log

{% if gitea_enable_lfs %}
[lfs]
START_SERVER = true
CONTENT_PATH = {{ gitea_home }}/data/lfs
{% endif %}

[git]
PATH = /usr/bin/git

[actions]
# === CI/CD Configuration ===
ENABLED = {{ gitea_actions_enabled | lower }}
{% if gitea_actions_enabled %}
DEFAULT_ACTIONS_URL = {{ gitea_actions_default_url }}
LOG_RETENTION_DAYS = {{ gitea_actions_log_retention_days }}
ARTIFACT_RETENTION_DAYS = {{ gitea_actions_artifact_retention_days }}
{% endif %}

[mirror]
# === Repository Mirroring ===
ENABLED = {{ gitea_mirror_enabled | lower }}
DISABLE_NEW_PULL = false
DISABLE_NEW_PUSH = false
DEFAULT_INTERVAL = {{ gitea_mirror_default_interval }}
MIN_INTERVAL = {{ gitea_mirror_min_interval }}

[api]
# === API Configuration ===
ENABLE_SWAGGER = {{ gitea_api_swagger_enabled | lower }}
MAX_RESPONSE_ITEMS = 50
DEFAULT_PAGING_NUM = 30

[webhook]
# === Webhook Security ===
ALLOWED_HOST_LIST = {{ gitea_webhook_allowed_hosts }}
SKIP_TLS_VERIFY = {{ gitea_webhook_skip_tls_verify | lower }}
DELIVER_TIMEOUT = {{ gitea_webhook_deliver_timeout }}

[service.explore]
# === Public Content Exploration ===
REQUIRE_SIGNIN_VIEW = {{ gitea_explore_require_signin | lower }}

# Rick-Infra: Private Gitea configuration with OAuth and email support