feat: toggle internal registration

chore: publish 5.0.3+13.0.4-rootless release
Merge pull request 'feat: anubis' (#10 ) from anubis into main
2026-01-16 15:52:19 -03:00 · 2026-01-10 16:47:55 -03:00 · 2026-01-10 17:57:36 +00:00 · 2026-01-10 00:44:34 -03:00 · 2026-01-10 00:27:48 -03:00 · 2026-01-10 00:25:15 -03:00
6 changed files with 21 additions and 2 deletions
--- a/.env.sample
+++ b/.env.sample
@ -10,8 +10,12 @@ COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"

 SECRET_LFS_JWT_SECRET_VERSION=v1 # length=43

+# Anubis
+# COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
+
 GITEA_DOMAIN="${DOMAIN}"
 GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION=true
+GITEA_ALLOW_ONLY_INTERNAL_REGISTRATION=false
 GITEA_APP_NAME="Git with solidaritea"
 GITEA_AUTO_WATCH_NEW_REPOS=false
 GITEA_DISABLE_REGISTRATION=false
--- a/README.md
+++ b/README.md
@ -59,3 +59,9 @@ ssh -T -p 2222 git@my.gitea.example.com
 ```

 Note that gitea should be configured to listen to port 2222, i.e. `GITEA_SSH_PORT=2222` in the gitea config.
+
+## Protect Forgejo from scrapers with Anubis
+
+Uncomment the Anubis compose file from the `.env` file and re-deploy the
+app.  Don't forget to actually [enable Anubis on the Traefik app
+too](https://recipes.coopcloud.tech/traefik)!
--- a/abra.sh
+++ b/abra.sh
@ -1,4 +1,4 @@
-export APP_INI_VERSION=v23
+export APP_INI_VERSION=v24
 export DOCKER_SETUP_SH_VERSION=v1
 export PG_BACKUP_VERSION=v1

--- a/app.ini.tmpl
+++ b/app.ini.tmpl
@ -18,6 +18,7 @@ ENABLE_FEDERATED_AVATAR = {{ env "GITEA_ENABLE_FEDERATED_AVATAR" }}

 [service]
 ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ env "GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION" }}
+ALLOW_ONLY_INTERNAL_REGISTRATION = {{ env "GITEA_ALLOW_ONLY_INTERNAL_REGISTRATION" }}
 AUTO_WATCH_NEW_REPOS = {{ env "GITEA_AUTO_WATCH_NEW_REPOS" }}
 DISABLE_REGISTRATION = {{ env "GITEA_DISABLE_REGISTRATION" }}
 ENABLE_NOTIFY_MAIL = {{ env "GITEA_ENABLE_NOTIFY_MAIL" }}
--- a/compose.anubis.yml
+++ b/compose.anubis.yml
@ -0,0 +1,7 @@
+---
+version: "3.8"
+services:
+  app:
+    deploy:
+      labels:
+      - "traefik.http.routers.${STACK_NAME}.middlewares=anubis,${STACK_NAME}_cors"
--- a/compose.yml
+++ b/compose.yml
@ -17,6 +17,7 @@ services:
      - lfs_jwt_secret
    environment:
      - GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION
+      - GITEA_ALLOW_ONLY_INTERNAL_REGISTRATION
      - GITEA_APP_NAME
      - GITEA_AUTO_WATCH_NEW_REPOS
      - GITEA_DISABLE_REGISTRATION
@ -89,7 +90,7 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolalloworiginlist=https://${GITEA_CORS_ALLOW_DOMAIN}"
        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.accesscontrolmaxage=100"
        - "traefik.http.middlewares.${STACK_NAME}_cors.headers.addvaryheader=true"
-        - coop-cloud.${STACK_NAME}.version=5.0.2+13.0.4-rootless
+        - coop-cloud.${STACK_NAME}.version=5.0.3+13.0.4-rootless


 networks:
Author	SHA1	Message	Date
f	668b665afb	feat: toggle internal registration	2026-01-16 15:52:19 -03:00
f	675d6b9347	chore: publish 5.0.3+13.0.4-rootless release	2026-01-10 16:47:55 -03:00
fauno	9696bef17a	Merge pull request 'feat: anubis' (#10 ) from anubis into main Reviewed-on: #10 Reviewed-by: p4u1 <p4u1@noreply.git.coopcloud.tech>	2026-01-10 17:57:36 +00:00
f	670c6d070e	Merge branch 'main' into anubis	2026-01-10 00:44:34 -03:00
f	618dc563b2	Merge branch 'main' into anubis	2026-01-10 00:27:48 -03:00
f	8d3a8942d6	doc: readme	2026-01-10 00:25:15 -03:00
f	29f71e90c5	feat: anubis	2025-12-24 18:41:16 -03:00