kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-04 04:08:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
57d5269b07b8a21b200780dcd374247d425f78fa
computer-playbook/roles/web-app-gitea/config/main.yml
Kevin Veen-Birkenbach 57d5269b07 CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers 
- Add CSP3 support for style/script: include -elem and -attr directives
- Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback)
- Respect explicit base disables (e.g. style-src.unsafe-inline: false)
- Hashes only when 'unsafe-inline' absent in the final base tokens
- Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources
- Remove per-location header_filter; keep body_filter only
- Update app role flags to *-attr where appropriate; extend desktop CSS sources
- Add comprehensive unit tests for union/explicit-disable/no-mirror-back

Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
2025-10-22 13:53:06 +02:00

64 lines
2.0 KiB
YAML
Raw Blame History

title: "{{ SOFTWARE_NAME }} Code Hub" # @todo load automatic based on service_porvider infos
configuration:
repository:
enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user.
default_private: last # Default private when creating a new repository: last, private, public
default_push_create_private: True # Default private when creating a new repository with push-to-create.
features:
matomo: true
css: false
desktop: true
central_database: true
ldap: true
oauth2: true
oidc: false # Deactivated because users aren't auto-created.
logout: true
oauth2_proxy:
application: "application"
port: "<< defaults_applications[web-app-gitea].docker.services.gitea.port >>"
acl:
blacklist:
- "/user/login"
server:
csp:
flags:
script-src-elem:
unsafe-inline: true
style-src-attr:
unsafe-inline: true
whitelist:
font-src:
- "data:"
- "blob:"
worker-src:
- "blob:"
manifest-src:
- "data:"
domains:
aliases: []
canonical:
- tea.git.{{ PRIMARY_DOMAIN }}
docker:
services:
database:
enabled: true
gitea:
image: "gitea/gitea"
version: "latest"
backup:
no_stop_required: true
port: 3000
name: "gitea"
cpus: 1.0
mem_reservation: 1g
mem_limit: 2g
pids_limit: 1024
redis:
enabled: false
cpus: 0.25
mem_reservation: 0.2g
mem_limit: 0.3g
pids_limit: 512
volumes:
data: "gitea_data"
Reference in New Issue View Git Blame Copy Permalink