89 lines
4.0 KiB
Plaintext
89 lines
4.0 KiB
Plaintext
# ─────────────────────────────────────────────────────────
|
|
# mirror.env — Breakglass append-only mirror configuration
|
|
# ─────────────────────────────────────────────────────────
|
|
# Copy to /etc/breakglass/mirror.env and edit.
|
|
# Permissions should be 600 (readable only by breakglass user).
|
|
# ─────────────────────────────────────────────────────────
|
|
|
|
# ── Gitea ────────────────────────────────────────────────
|
|
GITEA_URL="https://git.mineracks.com"
|
|
GITEA_TOKEN="your-gitea-personal-access-token"
|
|
GITEA_USER="mineracks"
|
|
|
|
# ── GitHub ───────────────────────────────────────────────
|
|
# Optional — raises API rate limit from 60 → 5000 req/h
|
|
GITHUB_TOKEN=""
|
|
|
|
# ── Paths ────────────────────────────────────────────────
|
|
MIRROR_ROOT="/var/lib/breakglass/repos"
|
|
SOURCES_FILE="/etc/breakglass/sources.yml"
|
|
LOG_DIR="/var/log/breakglass"
|
|
AUDIT_DIR="/var/lib/breakglass/audit"
|
|
|
|
# ── Wipe Detection ──────────────────────────────────────
|
|
# If upstream loses more than this % of refs in a single
|
|
# sync, block the update and alert. This catches malicious
|
|
# force-pushes and repo guttings.
|
|
# Set to 0 to disable (not recommended).
|
|
WIPE_THRESHOLD=50
|
|
|
|
# ── Notifications ────────────────────────────────────────
|
|
# Supported: "ntfy", "email", "telegram", "none"
|
|
# ntfy is recommended — free, no SMTP setup, push to phone
|
|
NOTIFY_METHOD="ntfy"
|
|
|
|
# ntfy (https://ntfy.sh) — install the ntfy app on your phone
|
|
# Pick a unique topic name (it's public, so make it unguessable)
|
|
NTFY_TOPIC="breakglass-mineracks"
|
|
NTFY_SERVER="https://ntfy.sh"
|
|
|
|
# Email (uses system sendmail/msmtp)
|
|
NOTIFY_EMAIL=""
|
|
|
|
# Telegram
|
|
TELEGRAM_BOT_TOKEN=""
|
|
TELEGRAM_CHAT_ID=""
|
|
|
|
# ── Tuning ───────────────────────────────────────────────
|
|
# Stale-repo alert threshold in days
|
|
STALE_DAYS=7
|
|
|
|
# Max seconds for LFS fetch/push PER REPO (0 = no limit)
|
|
# Prevents huge repos like buildroot from blocking the entire sync
|
|
LFS_TIMEOUT=600
|
|
|
|
# Wiki mirroring (true/false)
|
|
SYNC_WIKIS=true
|
|
|
|
# Release asset downloads (true/false)
|
|
SYNC_RELEASES=true
|
|
|
|
# How many releases to keep per repo (latest N)
|
|
# Set higher if you want full release history, lower to save disk
|
|
RELEASE_KEEP=3
|
|
|
|
# Where to store release assets
|
|
RELEASE_ROOT=/var/lib/breakglass/releases
|
|
|
|
# Force HTTP/1.1 (helps with Cloudflare Tunnel)
|
|
FORCE_HTTP11="true"
|
|
|
|
# ── Reverse Sync (Gitea → GitHub) ────────────────────────
|
|
# Push your own Gitea repos to GitHub as public backups.
|
|
# Requires a GitHub PAT with repo + admin:repo scope.
|
|
# Format: space-separated list of "gitea_org/repo:github_owner/repo"
|
|
# If the GitHub side is the same, you can use short form: "gitea_org/repo"
|
|
#
|
|
# Examples:
|
|
# REVERSE_SYNC_REPOS="mineracks/foss_breakglass_mirror_v2"
|
|
# REVERSE_SYNC_REPOS="mineracks/foss_breakglass_mirror_v2 mineracks/my-other-project"
|
|
# REVERSE_SYNC_REPOS="mineracks/foss_breakglass_mirror_v2:mineracks/breakglass-mirror"
|
|
REVERSE_SYNC_REPOS=""
|
|
|
|
# GitHub PAT for pushing (needs repo + admin:repo scopes)
|
|
# This is separate from GITHUB_TOKEN which is read-only for mirroring
|
|
GITHUB_PUSH_TOKEN=""
|
|
|
|
# GitHub owner/org to push to (default: same as Gitea org)
|
|
GITHUB_PUSH_OWNER="mineracks"
|