c086cbb5af
* Verify the ID of Forgejo Actions web endpoints belongs to the repository to
prevent the deletion of runners or variables or the modification of
variables
* Enforce permissions on publicly available user or organizations projects to
not leak information from issues and pull requests that belong to private
repositories
* fix(ui): display verified icon for default gpg key
* fix: load settings for valid user and email check
* Teach the doctor to remove orphaned two_factor with forgejo doctor check --run check-db-consistency --fix
* fix: listing tokens must not require basic auth
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=51
34 lines
922 B
Desktop File
34 lines
922 B
Desktop File
[Unit]
|
|
Description=Forgejo (Beyond coding. We forge.)
|
|
After=network.target
|
|
|
|
[Service]
|
|
# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
|
|
# LimitNOFILE=524288:524288
|
|
RestartSec=2s
|
|
Type=simple
|
|
User=forgejo
|
|
Group=forgejo
|
|
WorkingDirectory=/var/lib/forgejo/
|
|
ExecStart=/usr/bin/forgejo web --config /etc/forgejo/conf/app.ini
|
|
Restart=always
|
|
Environment=USER=forgejo
|
|
Environment=HOME=/usr/share/forgejo
|
|
Environment=GITEA_WORK_DIR=/var/lib/forgejo
|
|
Environment=GITEA_CUSTOM=/etc/forgejo
|
|
# added automatically, for details please see
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
ProtectHome=true
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
# end of automatic additions
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|