I was looking through the gitea config cheat sheet and there are some changes that could be made to make it more operator friendly.
I'd like to hear your thoughts.
1. Disable registration by default
See Prevent external users from joining gitea instance.
[service]
DISABLE_REGISTRATION = True
REGISTER_MANUAL_CONFIRM = True
EMAIL_DOMAIN_ALLOWLIST = XX_your_domain_here_XX,cloudron.local
DEFAULT_USER_IS_RESTRICTED = True
I would guess that most cloudron users would want to manage gitea user accounts through cloudron instead of in the app itself. This would prevent spam and abuse of gitea instances by default. This may require some tuning, I'm not sure how carefully these configs were tested.
2. Completely disable gitea password-based signin form
I noticed gitea has these options to disable the username/password signin form entirely. This would make cloudron logins smoother because I keep forgetting and fill in my cloudron credentials to the gitea login form, which doesn't work, instead of clicking "Sign in with Cloudron".
More importantly, if this setting is changed it might eliminate the need to change and manage the admin password during first time app install, simplifying the initial setup. To ensure that users can get to the admin panel, maybe we could use the CLI to make the cloudron app owner account an administrator in start.sh
.
[service]
ENABLE_PASSWORD_SIGNIN_FORM = false
ENABLE_BASIC_AUTHENTICATION = false
ENABLE_PASSWORD_SIGNIN_FORM
: true: Show the password login form (for password-based login), otherwise, only show OAuth2 or passkey login methods if they are enabled. If you set it to false, maybe it also needs to set ENABLE_BASIC_AUTHENTICATION to false to completely disable password-based authentication.