vaultsovereign/vm-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
009e93a80b3c58bbfaa2ceb153e3fba32a6efc3c
vm-skills/gitea-bootstrap/references/gitea_hardening_notes.md
Vault Sovereign eac77ef7b4 Initial commit: VaultMesh Skills collection 
Collection of operational skills for VaultMesh infrastructure including:
- backup-sovereign: Backup and recovery operations
- btc-anchor: Bitcoin anchoring
- cloudflare-tunnel-manager: Cloudflare tunnel management
- container-registry: Container registry operations
- disaster-recovery: Disaster recovery procedures
- dns-sovereign: DNS management
- eth-anchor: Ethereum anchoring
- gitea-bootstrap: Gitea setup and configuration
- hetzner-bootstrap: Hetzner server provisioning
- merkle-forest: Merkle tree operations
- node-hardening: Node security hardening
- operator-bootstrap: Operator initialization
- proof-verifier: Cryptographic proof verification
- rfc3161-anchor: RFC3161 timestamping
- secrets-vault: Secrets management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-27 00:25:00 +00:00

17 lines
542 B
Markdown
Raw Blame History

# Gitea Hardening Notes
## Minimum Hardening
- Put Gitea behind reverse proxy (nginx/Traefik) with TLS
- Disable public registration if not needed
- Enforce 2FA for admin/org owners
- Restrict SSH to known networks or require VPN/tunnel
- Back up the data dir regularly (repos + config + sqlite/db)
## Backups
If using sqlite, backing up `/data/gitea/gitea.db` plus repos is enough.
For Postgres/MySQL, dump database + repos.
## Next Skills
- container-registry (self-hosted with signatures)
- dns-sovereign (PowerDNS + Cloudflare hybrid)
Reference in New Issue View Git Blame Copy Permalink