cohabit/server_config
5
0
Fork 2
Code Issues 3 Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: cohabit:ede62ea87d45095f49c4d9df319eef09e24490c2
Branches Tags
cohabit:main
..
compare: cohabit:e1baf2a538f7cc0516d11ac61e047866e0c13798
Branches Tags
cohabit:main

2 commits
ede62ea87d ... e1baf2a538

Author SHA1 Message Date
Julien Oculi e1baf2a538 chore: add wireguard directory 2024-05-06 18:01:03 +02:00
Julien Oculi 51e4b272b2 chore: add forgejo directory 2024-05-06 18:00:43 +02:00
5 changed files with 133 additions and 0 deletions
Show stats Expand all files Collapse all files

13
forgejo/README.md Normal file
View file

@ -0,0 +1,13 @@
# Configuration de `forgejo`
Gestionnaire de repository git.
## Hebergement
[localhost:10001](http://localhost:10001) ->
[git.cohabit.fr](https://git.cohabit.fr)
## Emplacements
- `./forgejo/*` -> `/etc/forgejo/*`
- `./runner/*` -> `/etc/forgejo-runner/*`

88
forgejo/forgejo/app.ini Normal file
View file

@ -0,0 +1,88 @@
APP_NAME = Forgejo Fablab Cohabit
RUN_USER = git
RUN_MODE = prod
WORK_PATH = /var/lib/forgejo
[admin]
DISABLE_REGULAR_ORG_CREATION = false
[oauth2]
JWT_SECRET = #! TODO use Secrets
[security]
INTERNAL_TOKEN = #! TODO use Secrets
INSTALL_LOCK = true
SECRET_KEY = #! TODO use Secrets
PASSWORD_HASH_ALGO = pbkdf2
# ajout de la ligne suivante dans le cadre de la création d'un git hook pour le projet portfolios (par habib)
DISABLE_GIT_HOOKS = false
[database]
DB_TYPE = postgres
HOST = #! TODO use Secrets
NAME = #! TODO use Secrets
USER = #! TODO use Secrets
PASSWD = #! TODO use Secrets
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
# PATH = /var/lib/forgejo/data/gitea.db
LOG_SQL = false
[repository]
ROOT = /var/lib/forgejo/data/gitea-repositories
DEFAULT_BRANCH = main
[ui]
DEFAULT_THEME = arc-green
[server]
PROTOCOL = http
SSH_DOMAIN = git.cohabit.fr
DOMAIN = git.cohabit.fr
HTTP_PORT = 10001
ROOT_URL = https://git.cohabit.fr
DISABLE_SSH = false
SSH_PORT = 22222
SSH_LISTEN_HOST = 0.0.0.0
START_SSH_SERVER = true
LFS_START_SERVER = true
# LFS_CONTENT_PATH = /var/lib/forgejo/data/lfs
LFS_JWT_SECRET = # TODO use Secrets
OFFLINE_MODE = false
[mailer]
ENABLED = false
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = false
NO_REPLY_ADDRESS =
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
[session]
PROVIDER = file
[log]
MODE = file
LEVEL = debug,error,info
ROOT_PATH = /var/log/forgejo/
logger.router.MODE = file
[actions]
ENABLED = true
DEFAULT_ACTIONS_URL = https://code.forgejo.org

8
wireguard/README.md Normal file
View file

@ -0,0 +1,8 @@
# Configuration de `wireguard`
Serveur VPN.
## Emplacements
- `./server/*` -> `/etc/wireguard/*`
- `./clients/*` -> N.A.

11
wireguard/clients/wifi_fablab.conf Normal file
View file

@ -0,0 +1,11 @@
[Interface]
Address = 10.0.0.2/24
PrivateKey = #! TODO use Secrets
DNS = 208.67.222.222, 208.67.220.220
MTU = 1420
[Peer]
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
Endpoint = cohabit.fr:#! TODO use Secrets
PersistentKeepalive = 25
PublicKey = #! TODO use Secrets

13
wireguard/server/wg0.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = #! TODO use Secrets
Address = 10.0.0.1/24
MTU = 1420
ListenPort = #! TODO use Secrets
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
### Wifi Fablab ###
[Peer]
PublicKey = #! TODO use Secrets
AllowedIPs = 10.0.0.2/32
###################