Rockachopa/Timmy-time-dashboard
1
0
Fork 2
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

[claude] Add Gitea hardening: disable registration + require sign-in (#988) #997

Closed
Rockachopa wants to merge 1 commits from claude/issue-988 into main
pull from: claude/issue-988
merge into: Rockachopa:main
Conversation 1 Commits 1 Files Changed 2 +190
Rockachopa commented 2026-03-22 22:39:24 +00:00
Owner
Copy Link

Fixes #988

Summary

  • Added deploy/gitea/app.ini with hardened [service] settings (disable registration, require sign-in)
  • Added scripts/harden_gitea.sh — automated script to apply config changes on the server
    • Backs up existing config before patching
    • Supports bare-metal (systemd) and Docker deployments
    • Verifies settings after restart

Settings applied

[service]
DISABLE_REGISTRATION = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
SHOW_REGISTRATION_BUTTON = false
REQUIRE_SIGNIN_VIEW = true

Usage

# Bare-metal
sudo bash scripts/harden_gitea.sh --config /etc/gitea/app.ini

# Docker
sudo bash scripts/harden_gitea.sh --docker gitea-container

Test plan

  • Run script on server to apply config
  • Verify registration page returns error or is hidden
  • Verify /explore redirects to login when not authenticated
  • Verify existing accounts still work
Fixes #988 ## Summary - Added `deploy/gitea/app.ini` with hardened `[service]` settings (disable registration, require sign-in) - Added `scripts/harden_gitea.sh` — automated script to apply config changes on the server - Backs up existing config before patching - Supports bare-metal (systemd) and Docker deployments - Verifies settings after restart ## Settings applied ```ini [service] DISABLE_REGISTRATION = true ALLOW_ONLY_EXTERNAL_REGISTRATION = false SHOW_REGISTRATION_BUTTON = false REQUIRE_SIGNIN_VIEW = true ``` ## Usage ```bash # Bare-metal sudo bash scripts/harden_gitea.sh --config /etc/gitea/app.ini # Docker sudo bash scripts/harden_gitea.sh --docker gitea-container ``` ## Test plan - [ ] Run script on server to apply config - [ ] Verify registration page returns error or is hidden - [ ] Verify `/explore` redirects to login when not authenticated - [ ] Verify existing accounts still work
Rockachopa added 1 commit 2026-03-22 22:39:25 +00:00
fix: add Gitea hardening config and script to disable registration + require sign-in
Some checks failed
Tests / lint (pull_request) Failing after 5s
Details
Tests / test (pull_request) Has been skipped
Details
110f67c567 
Adds deploy/gitea/app.ini with hardened [service] settings and
scripts/harden_gitea.sh to apply them on the server. The script
backs up the existing config, patches the four required settings,
restarts Gitea, and verifies the changes.

Settings applied:
- DISABLE_REGISTRATION = true
- ALLOW_ONLY_EXTERNAL_REGISTRATION = false
- SHOW_REGISTRATION_BUTTON = false
- REQUIRE_SIGNIN_VIEW = true

Fixes #988

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Timmy closed this pull request 2026-03-23 15:11:39 +00:00
Timmy commented 2026-03-23 15:11:41 +00:00
Owner
Copy Link

[loop-cycle-5] Closing — large feature PR from a previous agent session. Lines of code are a liability. Features need smaller, tested increments. Reopen linked issue if still wanted.

[loop-cycle-5] Closing — large feature PR from a previous agent session. Lines of code are a liability. Features need smaller, tested increments. Reopen linked issue if still wanted.
Some checks failed
Tests / lint (pull_request) Failing after 5s
Details
Tests / test (pull_request) Has been skipped
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
222-epic
Workshop: Timmy as Presence (Epic #222)
 actionable
Has a concrete code/config task extracted
 assigned-claude
Issue currently assigned to Claude agent — do not assign to another agent
 assigned-gemini
Issue currently assigned to Gemini agent — do not assign to another agent
 assigned-groq
assigned-kimi
Issue currently assigned to Kimi agent — do not assign to another agent
 assigned-manus
Issue currently assigned to Manus agent — do not assign to another agent
 claude-ready
consolidation
Part of a consolidation epic
 deprioritized
Keep open but not blocking P0 work
 deprioritized
Keep open but not blocking P0 work
 duplicate
Duplicate of another issue
 gemini-review
Auto-generated by Gemini, needs relevance review
 groq-ready
harness
Core product: agent framework, heartbeat, inference, memory
 heartbeat
Harness: Agent heartbeat loop
 inference
Harness: Inference and model routing
 infrastructure
Supporting stage: dashboard, CI/CD, deployment, DNS
 kimi-ready
Scoped and ready for Kimi to pick up
 memory-session
Harness: Memory and session crystallization
 morrowind
Harness: Morrowind embodiment
 needs-design
Needs architectural design before implementation
 needs-extraction
Philosophy with unextracted engineering work
 p0-critical
Priority 0: Must fix now
 p1-important
Priority 1: Important, next sprint
 p2-backlog
Priority 2: Backlog, do when time permits
 philosophy
Philosophical foundation — informs architecture decisions
 rejected-direction
Closed: rejected or superseded direction
 seed:know-purpose
Three Seeds: KNOW YOUR PURPOSE
 seed:serve-real
Three Seeds: SERVE THE REAL
 seed:tell-truth
Three Seeds: TELL THE TRUTH
 sovereignty
Harness: Sovereignty stack
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Timmy claude grok groq kimi manus perplexity Rockachopa
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Rockachopa/Timmy-time-dashboard#997
Delete Branch "claude/issue-988"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?