feat(services): Gitea security & Passbolt icon update #5899

UserCr4ig · 2025-05-27T18:19:04Z

Pull Request: Gitea Security Enhancements & Passbolt Icon Update

This PR incorporates essential security improvements for the Gitea template and updates the Passbolt icon. It addresses feedback from a previous, unmerged pull request: #4524.

Changes

Updated the main Gitea template to enforce a secure configuration, making it private by default.
Updated the Passbolt icon for improved visual consistency.

Issues fixed

During a review of existing Gitea templates, I identified significant security vulnerabilities in their default configurations. To mitigate these risks, I've updated the primary Gitea template to include the following security best practices:

Enforced private visibility: The default setting is now private, preventing unintended public exposure.
Brute-force protection: Implemented measures to counter brute-force login attempts.
Enhanced session security: Improved handling of user sessions for better protection.
API restrictions: Applied limitations to the API to reduce potential attack vectors.
Reduced attack surface: Minimized exposed functionalities to lessen vulnerability.
Improved user access controls: Strengthened mechanisms for managing user permissions.

This comprehensive update aims to provide a more secure Gitea deployment experience by defaut for all users.

peaklabs-dev

Please test you changes as it is currently not working. Also make sure that all variables are configurable

peaklabs-dev · 2025-06-18T11:44:16Z

templates/compose/gitea.yaml

    environment:
      - SERVICE_FQDN_GITEA_3000
      - USER_UID=1000
      - USER_GID=1000
+      # Domain configuration
+      - GITEA__server__ROOT_URL=${GITEA_SERVER_ROOT_URL}


This should probably be set to the auto-generated URL.

peaklabs-dev · 2025-06-18T11:44:24Z

templates/compose/gitea.yaml

    environment:
      - SERVICE_FQDN_GITEA_3000
      - USER_UID=1000
      - USER_GID=1000
+      # Domain configuration
+      - GITEA__server__ROOT_URL=${GITEA_SERVER_ROOT_URL}
+      - GITEA__server__DOMAIN=${GITEA_SERVER_DOMAIN}


This should probably be set to the auto-generated Domain.

peaklabs-dev · 2025-06-18T11:44:45Z

templates/compose/gitea.yaml

+      - GITEA__service__DEFAULT_USER_VISIBILITY=${GITEA_SERVICE_DEFAULT_USER_VISIBILITY:private}
+
+      # Additional Security
+      - GITEA__security__INSTALL_LOCK=true # Lock the installation to prevent unauthorized access


Make these variables all configurable with defaults

UserCr4ig and others added 3 commits May 27, 2025 20:04

fix : gitea security fix

0c8ee3a

chore missclick delete easyappointments copy.yaml

42c8237

Merge branch 'next' into fix/gitea_security-feat/passbolt

6b86c8c

peaklabs-dev requested changes Jun 18, 2025

View reviewed changes

peaklabs-dev added ⚙️ Service Issues requesting or PRs adding/fixing service templates. 💤 Waiting for changes PRs awaiting changes from the author. labels Jun 18, 2025

peaklabs-dev changed the title ~~Fix/gitea security feat/passbolt~~ feat(services): Gitea security & Passbolt icon update Jun 18, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

feat(services): Gitea security & Passbolt icon update #5899

feat(services): Gitea security & Passbolt icon update #5899

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

feat(services): Gitea security & Passbolt icon update #5899

Are you sure you want to change the base?

feat(services): Gitea security & Passbolt icon update #5899

Uh oh!

Conversation

Pull Request: Gitea Security Enhancements & Passbolt Icon Update

Changes

Issues fixed

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!