# ============================================================================= # .env.example — Gitea Migration Configuration # Copy to .env and populate all PRE-POPULATED values before running preflight # AUTO-POPULATED values will be filled in by scripts during execution # ============================================================================= # ----------------------------------------------------------------------------- # UNRAID SERVER # ----------------------------------------------------------------------------- UNRAID_IP= # Static IP of Unraid server UNRAID_SSH_USER= # SSH username for Unraid UNRAID_SSH_PORT=22 # SSH port (default 22) UNRAID_GITEA_PORT=3000 # Port Gitea web UI will listen on UNRAID_GITEA_SSH_PORT=2222 # Port for git-over-SSH (host 22 is taken by SSH server) UNRAID_GITEA_DATA_PATH= # Absolute path on NVMe for Gitea data (e.g. /mnt/nvme/gitea) UNRAID_SSH_KEY= # Path to SSH private key (optional, uses ssh-agent default if empty) # ----------------------------------------------------------------------------- # FEDORA SERVER # ----------------------------------------------------------------------------- FEDORA_IP= # Static IP of Fedora server FEDORA_SSH_USER= # SSH username for Fedora FEDORA_SSH_PORT=22 # SSH port (default 22) FEDORA_GITEA_PORT=3000 # Port Gitea web UI will listen on FEDORA_GITEA_SSH_PORT=2222 # Port for git-over-SSH (host 22 is taken by SSH server) FEDORA_GITEA_DATA_PATH= # Absolute path on NVMe for Gitea data (e.g. /mnt/nvme/gitea) FEDORA_SSH_KEY= # Path to SSH private key (optional, uses ssh-agent default if empty) # ----------------------------------------------------------------------------- # GITEA — SHARED CREDENTIALS (used on both Unraid + Fedora instances) # ----------------------------------------------------------------------------- GITEA_ADMIN_USER= # Admin username (same on both instances) GITEA_ADMIN_PASSWORD= # Admin password (min 8 chars, same on both instances) GITEA_ADMIN_EMAIL= # Admin email (same on both instances) GITEA_ORG_NAME= # Organization name to create (e.g. mifi-llc) GITEA_INSTANCE_NAME= # Display name for the Gitea instance (e.g. MIFI Git) GITEA_DB_TYPE=sqlite3 # Database type — sqlite3 is sufficient for your scale GITEA_VERSION=1.23 # Gitea Docker image tag (e.g. 1.23, 1.23.1, latest) ACT_RUNNER_VERSION=0.2.11 # act_runner version for all runners (e.g. 0.2.11, latest) # ----------------------------------------------------------------------------- # GITEA — PRIMARY INSTANCE (Unraid) # ----------------------------------------------------------------------------- GITEA_DOMAIN= # Public domain/subdomain pointing to Unraid (e.g. git.yourdomain.com) GITEA_INTERNAL_URL= # Internal URL (e.g. http://UNRAID_IP:3000) used by scripts # AUTO-POPULATED by phase1 scripts: GITEA_ADMIN_TOKEN= # API token for primary instance — do not fill manually # ----------------------------------------------------------------------------- # GITEA — BACKUP INSTANCE (Fedora) # ----------------------------------------------------------------------------- GITEA_BACKUP_INTERNAL_URL= # Internal URL of Fedora Gitea (e.g. http://FEDORA_IP:3000) GITEA_BACKUP_MIRROR_INTERVAL=8h # How often Fedora pulls from Unraid (e.g. 8h, 24h) BACKUP_STORAGE_PATH= # Absolute path on Fedora to store gitea dump archives (e.g. /mnt/nvme/gitea-backups) BACKUP_RETENTION_COUNT=5 # Number of backup archives to keep (older ones are pruned) # AUTO-POPULATED by phase2 scripts: GITEA_BACKUP_ADMIN_TOKEN= # API token for backup instance — do not fill manually # ----------------------------------------------------------------------------- # RUNNERS # Runner definitions live in runners.conf (INI format, see runners.conf.example) # Use manage_runner.sh to add/remove runners at any time # ----------------------------------------------------------------------------- RUNNER_DEFAULT_IMAGE=catthehacker/ubuntu:act-latest # Default container image for docker runners RUNNER_DEFAULT_CAPACITY=1 # Default max concurrent jobs per runner (positive integer) RUNNER_DEFAULT_DATA_PATH=/mnt/nvme/gitea-runner # Default data path for remote (docker) runners LOCAL_RUNNER_DATA_PATH=~/gitea-runner # Data path for native macOS runner LOCAL_REGISTRY= # Local registry prefix (e.g. registry.local:5000), empty = Docker Hub # AUTO-POPULATED by phase1 scripts — do not fill manually: GITEA_RUNNER_REGISTRATION_TOKEN= # Retrieved from Gitea admin panel via API # ----------------------------------------------------------------------------- # REPOSITORIES # ----------------------------------------------------------------------------- # GitHub source repos (for migration import) GITHUB_USERNAME= # GitHub username or org name GITHUB_TOKEN= # GitHub personal access token (needs repo read scope) # Repo names — must match exactly as they appear on GitHub REPO_1_NAME= # e.g. android-kotlin-app REPO_2_NAME= # e.g. ios-swiftui-app REPO_3_NAME= # e.g. go-cli-tool # Migration options (true/false) MIGRATE_ISSUES=false # Migrate GitHub issues to Gitea MIGRATE_LABELS=true # Migrate GitHub labels MIGRATE_MILESTONES=false # Migrate GitHub milestones MIGRATE_WIKI=false # Migrate GitHub wiki MIGRATION_POLL_INTERVAL_SEC=3 # Poll interval while waiting for async migration completion MIGRATION_POLL_TIMEOUT_SEC=600 # Max wait per repo migration before timeout (increase for large repos) # ----------------------------------------------------------------------------- # GITHUB MIRROR (offsite backup) # ----------------------------------------------------------------------------- GITHUB_MIRROR_TOKEN= # GitHub PAT with repo write scope (for push mirroring) # Can be same as GITHUB_TOKEN if it has write scope GITHUB_MIRROR_INTERVAL=8h # How often Gitea pushes to GitHub # ----------------------------------------------------------------------------- # NGINX REVERSE PROXY (existing Docker container on Unraid) # ----------------------------------------------------------------------------- NGINX_CONTAINER_NAME= # Name of existing Nginx Docker container (e.g. nginx, swag) NGINX_CONF_PATH= # Host path to Nginx conf.d directory (e.g. /mnt/user/appdata/nginx/conf.d) SSL_MODE=letsencrypt # SSL mode: "letsencrypt" (auto-provision via Certbot) or "existing" (provide cert paths) SSL_EMAIL= # Email for Let's Encrypt (only if SSL_MODE=letsencrypt) SSL_CERT_PATH= # Absolute path to SSL cert on Unraid (only if SSL_MODE=existing) SSL_KEY_PATH= # Absolute path to SSL key on Unraid (only if SSL_MODE=existing) # ----------------------------------------------------------------------------- # BRANCH PROTECTION # ----------------------------------------------------------------------------- PROTECTED_BRANCH=main # Branch to protect across all repos REQUIRE_PR_REVIEW=false # Require PR review before merge (true/false) REQUIRED_APPROVALS=1 # Number of approvals required if above is true # ----------------------------------------------------------------------------- # SECURITY (Phase 9 — post-migration) # ----------------------------------------------------------------------------- SEMGREP_VERSION=latest # Semgrep OSS version to pin TRIVY_VERSION=latest # Trivy version to pin GITLEAKS_VERSION=latest # Gitleaks version to pin SECURITY_FAIL_ON_ERROR=true # Block PR merge if security scan fails (true/false)