From a00fcb21abdebcb528b2455592969017b9a0d6bb Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Tue, 21 Dec 2021 22:41:48 +0000
Subject: [PATCH 01/13] Add option to purge users

Add the ability to purge users when deleting them.

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 cmd/admin.go                        | 11 ++++++-
 models/user.go                      |  6 ++--
 options/locale/locale_en-US.ini     |  2 ++
 routers/api/v1/admin/user.go        |  2 +-
 routers/web/admin/users.go          | 19 ++++++------
 routers/web/user/setting/account.go |  2 +-
 services/user/user.go               | 47 +++++++++++++++++++++++++++--
 services/user/user_test.go          | 10 +++---
 templates/admin/user/edit.tmpl      | 26 ++++++++++++++--
 9 files changed, 98 insertions(+), 27 deletions(-)

diff --git a/cmd/admin.go b/cmd/admin.go
index 099803fbf52bb..be8c4f8d1563a 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -149,6 +149,10 @@ var (
 				Name:  "email,e",
 				Usage: "Email of the user to delete",
 			},
+			cli.BoolFlag{
+				Name:  "purge",
+				Usage: "Purge user, all their repositories, organizations and comments",
+			},
 		},
 		Action: runDeleteUser,
 	}
@@ -571,7 +575,12 @@ func runDeleteUser(c *cli.Context) error {
 		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
 	}
 
-	return user_service.DeleteUser(user)
+	purge := false
+	if c.IsSet("purge") {
+		purge = c.Bool("purge")
+	}
+
+	return user_service.DeleteUser(ctx, user, purge)
 }
 
 func runRepoSyncReleases(_ *cli.Context) error {
diff --git a/models/user.go b/models/user.go
index 2e7a84273fae9..c07ed17c26109 100644
--- a/models/user.go
+++ b/models/user.go
@@ -144,7 +144,7 @@ func deleteBeans(e db.Engine, beans ...interface{}) (err error) {
 }
 
 // DeleteUser deletes models associated to an user.
-func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
+func DeleteUser(ctx context.Context, u *user_model.User, purge bool) (err error) {
 	e := db.GetEngine(ctx)
 
 	// ***** START: Watch *****
@@ -207,8 +207,8 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
 		return fmt.Errorf("deleteBeans: %v", err)
 	}
 
-	if setting.Service.UserDeleteWithCommentsMaxTime != 0 &&
-		u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now()) {
+	if purge || (setting.Service.UserDeleteWithCommentsMaxTime != 0 &&
+		u.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now())) {
 
 		// Delete Comments
 		const batchSize = 50
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 3b0092a5ef350..9243c97913ffa 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2420,6 +2420,8 @@ users.update_profile = Update User Account
 users.delete_account = Delete User Account
 users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
 users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
+users.purge = Purge User
+users.purge_help = Forcibly delete user and any repositories or organizations owned by the user. All comments will be deleted too.
 users.deletion_success = The user account has been deleted.
 users.reset_2fa = Reset 2FA
 users.list_status_filter.menu_text = Filter
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 5d2bbdea2f415..13fcd1de0e35e 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -308,7 +308,7 @@ func DeleteUser(ctx *context.APIContext) {
 		return
 	}
 
-	if err := user_service.DeleteUser(u); err != nil {
+	if err := user_service.DeleteUser(ctx, u, ctx.FormBool("purge")); err != nil {
 		if models.IsErrUserOwnRepos(err) ||
 			models.IsErrUserHasOrgs(err) {
 			ctx.Error(http.StatusUnprocessableEntity, "", err)
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 044efa0099128..29176e73b803d 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -386,18 +386,19 @@ func DeleteUser(ctx *context.Context) {
 		return
 	}
 
-	if err = user_service.DeleteUser(u); err != nil {
+	purge := false
+	if ctx.FormString("purge") != "" {
+		purge = true
+	}
+
+	if err = user_service.DeleteUser(ctx, u, purge); err != nil {
 		switch {
 		case models.IsErrUserOwnRepos(err):
 			ctx.Flash.Error(ctx.Tr("admin.users.still_own_repo"))
-			ctx.JSON(http.StatusOK, map[string]interface{}{
-				"redirect": setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")),
-			})
+			ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))
 		case models.IsErrUserHasOrgs(err):
 			ctx.Flash.Error(ctx.Tr("admin.users.still_has_org"))
-			ctx.JSON(http.StatusOK, map[string]interface{}{
-				"redirect": setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")),
-			})
+			ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))
 		default:
 			ctx.ServerError("DeleteUser", err)
 		}
@@ -406,9 +407,7 @@ func DeleteUser(ctx *context.Context) {
 	log.Trace("Account deleted by admin (%s): %s", ctx.User.Name, u.Name)
 
 	ctx.Flash.Success(ctx.Tr("admin.users.deletion_success"))
-	ctx.JSON(http.StatusOK, map[string]interface{}{
-		"redirect": setting.AppSubURL + "/admin/users",
-	})
+	ctx.Redirect(setting.AppSubURL + "/admin/users")
 }
 
 // AvatarPost response for change user's avatar request
diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go
index b73122fa12a17..5f90fd81941f1 100644
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@@ -243,7 +243,7 @@ func DeleteAccount(ctx *context.Context) {
 		return
 	}
 
-	if err := user.DeleteUser(ctx.User); err != nil {
+	if err := user.DeleteUser(ctx, ctx.User, false); err != nil {
 		switch {
 		case models.IsErrUserOwnRepos(err):
 			ctx.Flash.Error(ctx.Tr("form.still_own_repo"))
diff --git a/services/user/user.go b/services/user/user.go
index 21f1a74f62f62..8cf19328b299a 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -27,11 +27,52 @@ import (
 // DeleteUser completely and permanently deletes everything of a user,
 // but issues/comments/pulls will be kept and shown as someone has been deleted,
 // unless the user is younger than USER_DELETE_WITH_COMMENTS_MAX_DAYS.
-func DeleteUser(u *user_model.User) error {
+func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 	if u.IsOrganization() {
 		return fmt.Errorf("%s is an organization not a user", u.Name)
 	}
 
+	if purge {
+		// Delete all repos belonging to this user
+		for page := 1; ; page++ {
+			repos, _, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
+				ListOptions: db.ListOptions{
+					PageSize: models.RepositoryListDefaultPageSize,
+					Page:     page,
+				},
+				Private: true,
+				OwnerID: u.ID,
+			})
+			if err != nil {
+				return fmt.Errorf("SearchRepositoryByName: %v", err)
+			}
+			if len(repos) == 0 {
+				break
+			}
+			for _, repo := range repos {
+				if err := models.DeleteRepository(u, u.ID, repo.ID); err != nil {
+					return fmt.Errorf("unable to delete repositories for %s[%d]. Error: %v", u.Name, u.ID, err)
+				}
+			}
+		}
+
+		// Delete Orgs
+		orgs, err := models.GetUserOrgsList(u)
+		if err != nil {
+			return fmt.Errorf("unable to org list for %s[%d]. Error: %v", u.Name, u.ID, err)
+		}
+		for _, org := range orgs {
+			if err := models.RemoveOrgUser(org.ID, u.ID); err != nil {
+				if models.IsErrLastOrgOwner(err) {
+					err = models.DeleteOrganization(ctx, org)
+				}
+				if err != nil {
+					return fmt.Errorf("unable to remove user %s[%d] from org %s[%d]. Error: %v", u.Name, u.ID, org.Name, org.ID, err)
+				}
+			}
+		}
+	}
+
 	ctx, committer, err := db.TxContext()
 	if err != nil {
 		return err
@@ -57,7 +98,7 @@ func DeleteUser(u *user_model.User) error {
 		return models.ErrUserHasOrgs{UID: u.ID}
 	}
 
-	if err := models.DeleteUser(ctx, u); err != nil {
+	if err := models.DeleteUser(ctx, u, purge); err != nil {
 		return fmt.Errorf("DeleteUser: %v", err)
 	}
 
@@ -108,7 +149,7 @@ func DeleteInactiveUsers(ctx context.Context, olderThan time.Duration) error {
 			return db.ErrCancelledf("Before delete inactive user %s", u.Name)
 		default:
 		}
-		if err := DeleteUser(u); err != nil {
+		if err := DeleteUser(ctx, u, false); err != nil {
 			// Ignore users that were set inactive by admin.
 			if models.IsErrUserOwnRepos(err) || models.IsErrUserHasOrgs(err) {
 				continue
diff --git a/services/user/user_test.go b/services/user/user_test.go
index 5b35db790cb73..d8045f191fab5 100644
--- a/services/user/user_test.go
+++ b/services/user/user_test.go
@@ -30,7 +30,7 @@ func TestDeleteUser(t *testing.T) {
 		ownedRepos := make([]*repo_model.Repository, 0, 10)
 		assert.NoError(t, db.GetEngine(db.DefaultContext).Find(&ownedRepos, &repo_model.Repository{OwnerID: userID}))
 		if len(ownedRepos) > 0 {
-			err := DeleteUser(user)
+			err := DeleteUser(db.DefaultContext, user, false)
 			assert.Error(t, err)
 			assert.True(t, models.IsErrUserOwnRepos(err))
 			return
@@ -44,7 +44,7 @@ func TestDeleteUser(t *testing.T) {
 				return
 			}
 		}
-		assert.NoError(t, DeleteUser(user))
+		assert.NoError(t, DeleteUser(db.DefaultContext, user, false))
 		unittest.AssertNotExistsBean(t, &user_model.User{ID: userID})
 		unittest.CheckConsistencyFor(t, &user_model.User{}, &repo_model.Repository{})
 	}
@@ -54,7 +54,7 @@ func TestDeleteUser(t *testing.T) {
 	test(11)
 
 	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)
-	assert.Error(t, DeleteUser(org))
+	assert.Error(t, DeleteUser(db.DefaultContext, org, false))
 }
 
 func TestCreateUser(t *testing.T) {
@@ -69,7 +69,7 @@ func TestCreateUser(t *testing.T) {
 
 	assert.NoError(t, user_model.CreateUser(user))
 
-	assert.NoError(t, DeleteUser(user))
+	assert.NoError(t, DeleteUser(db.DefaultContext, user, false))
 }
 
 func TestCreateUser_Issue5882(t *testing.T) {
@@ -98,6 +98,6 @@ func TestCreateUser_Issue5882(t *testing.T) {
 
 		assert.Equal(t, !u.AllowCreateOrganization, v.disableOrgCreation)
 
-		assert.NoError(t, DeleteUser(v.user))
+		assert.NoError(t, DeleteUser(db.DefaultContext, v.user, false))
 	}
 }
diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
index 17bd2b936c5ee..794b84a765608 100644
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -151,7 +151,7 @@
 
 				<div class="field">
 					<button class="ui green button">{{.i18n.Tr "admin.users.update_profile"}}</button>
-					<div class="ui red button delete-button" data-url="{{$.Link}}/delete" data-id="{{.User.ID}}">{{.i18n.Tr "admin.users.delete_account"}}</div>
+					<div class="ui red button show-modal" data-modal="#delete-user-modal" data-url="{{$.Link}}/delete" data-id="{{.User.ID}}">{{.i18n.Tr "admin.users.delete_account"}}</div>
 				</div>
 			</form>
 		</div>
@@ -196,7 +196,7 @@
 	</div>
 </div>
 
-<div class="ui small basic delete modal">
+<div class="ui small basic delete modal" id="delete-user-modal">
 	<div class="ui icon header">
 		{{svg "octicon-trash"}}
 		{{.i18n.Tr "settings.delete_account_title"}}
@@ -204,6 +204,26 @@
 	<div class="content">
 		<p>{{.i18n.Tr "settings.delete_account_desc"}}</p>
 	</div>
-	{{template "base/delete_modal_actions" .}}
+	<form class="ui form" method="POST" action="{{.Link}}/delete">
+		{{$.CsrfTokenHtml}}
+		<input type="hidden" name="id">
+		<div class="field">
+			<div class="ui checkbox">
+				<label for="purge">{{.i18n.Tr "admin.users.purge"}}</label>
+				<input name="purge" type="checkbox">
+			</div>
+			<p class="help">{{.i18n.Tr "admin.users.purge_help"}}</p>
+		</div>
+		<div class="text right actions">
+			<div class="ui red basic inverted cancel button">
+				{{svg "octicon-x"}}
+				{{.i18n.Tr "modal.no"}}
+			</div>
+			<button class="ui green basic inverted ok button">
+				{{svg "octicon-check"}}
+				{{.i18n.Tr "modal.yes"}}
+			</button>
+		</div>
+	</form>
 </div>
 {{template "base/footer" .}}

From 49a5232856388b3161417ac179c8a98419fde169 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Wed, 22 Dec 2021 09:11:39 +0000
Subject: [PATCH 02/13] fix paging and pre-disable the user

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 services/user/user.go | 62 +++++++++++++++++++++++++++++++------------
 1 file changed, 45 insertions(+), 17 deletions(-)

diff --git a/services/user/user.go b/services/user/user.go
index 8cf19328b299a..4cbb090d27fd9 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -33,12 +33,27 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 	}
 
 	if purge {
+		// Disable the user first
+		if err := user_model.UpdateUserCols(ctx, &user_model.User{
+			ID:              u.ID,
+			IsActive:        false,
+			IsRestricted:    true,
+			IsAdmin:         false,
+			ProhibitLogin:   true,
+			Passwd:          "",
+			Salt:            "",
+			PasswdHashAlgo:  "",
+			MaxRepoCreation: 0,
+		}, "is_active", "is_restricted", "is_admin", "prohibit_login", "max_repo_creation", "passwd", "salt", "passwd_hash_algo"); err != nil {
+			return fmt.Errorf("unable to disable user: %s[%d] prior to purge. UpdateUserCols: %w", u.Name, u.ID, err)
+		}
+
 		// Delete all repos belonging to this user
-		for page := 1; ; page++ {
-			repos, _, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
+		for {
+			repos, _, err := models.GetUserRepositories(&models.SearchRepoOptions{
 				ListOptions: db.ListOptions{
 					PageSize: models.RepositoryListDefaultPageSize,
-					Page:     page,
+					Page:     1,
 				},
 				Private: true,
 				OwnerID: u.ID,
@@ -57,17 +72,29 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 		}
 
 		// Delete Orgs
-		orgs, err := models.GetUserOrgsList(u)
-		if err != nil {
-			return fmt.Errorf("unable to org list for %s[%d]. Error: %v", u.Name, u.ID, err)
-		}
-		for _, org := range orgs {
-			if err := models.RemoveOrgUser(org.ID, u.ID); err != nil {
-				if models.IsErrLastOrgOwner(err) {
-					err = models.DeleteOrganization(ctx, org)
-				}
-				if err != nil {
-					return fmt.Errorf("unable to remove user %s[%d] from org %s[%d]. Error: %v", u.Name, u.ID, org.Name, org.ID, err)
+		for {
+			orgs, err := models.FindOrgs(models.FindOrgOptions{
+				ListOptions: db.ListOptions{
+					PageSize: models.RepositoryListDefaultPageSize,
+					Page:     1,
+				},
+				UserID:         u.ID,
+				IncludePrivate: true,
+			})
+			if err != nil {
+				return fmt.Errorf("unable to find org list for %s[%d]. Error: %v", u.Name, u.ID, err)
+			}
+			if len(orgs) == 0 {
+				break
+			}
+			for _, org := range orgs {
+				if err := models.RemoveOrgUser(org.ID, u.ID); err != nil {
+					if models.IsErrLastOrgOwner(err) {
+						err = models.DeleteOrganization(ctx, org)
+					}
+					if err != nil {
+						return fmt.Errorf("unable to remove user %s[%d] from org %s[%d]. Error: %v", u.Name, u.ID, org.Name, org.ID, err)
+					}
 				}
 			}
 		}
@@ -80,7 +107,8 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 	defer committer.Close()
 
 	// Note: A user owns any repository or belongs to any organization
-	//	cannot perform delete operation.
+	//	cannot perform delete operation. This causes a race with the purge above
+	//  however consistency requires that we ensure that this is the case
 
 	// Check ownership of repository.
 	count, err := repo_model.GetRepositoryCount(ctx, u.ID)
@@ -118,7 +146,7 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 	//	so just keep error logs of those operations.
 	path := user_model.UserPath(u.Name)
 	if err := util.RemoveAll(path); err != nil {
-		err = fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
+		err = fmt.Errorf("failed to RemoveAll %s: %v", path, err)
 		_ = admin_model.CreateNotice(db.DefaultContext, admin_model.NoticeTask, fmt.Sprintf("delete user '%s': %v", u.Name, err))
 		return err
 	}
@@ -126,7 +154,7 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 	if u.Avatar != "" {
 		avatarPath := u.CustomAvatarRelativePath()
 		if err := storage.Avatars.Delete(avatarPath); err != nil {
-			err = fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
+			err = fmt.Errorf("failed to remove %s: %v", avatarPath, err)
 			_ = admin_model.CreateNotice(db.DefaultContext, admin_model.NoticeTask, fmt.Sprintf("delete user '%s': %v", u.Name, err))
 			return err
 		}

From 465537257c33902273728a0b096399a8db664c54 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Wed, 22 Dec 2021 09:57:19 +0000
Subject: [PATCH 03/13] fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 integrations/admin_user_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/integrations/admin_user_test.go b/integrations/admin_user_test.go
index d657f65fa55e4..ebf4c4512096e 100644
--- a/integrations/admin_user_test.go
+++ b/integrations/admin_user_test.go
@@ -76,7 +76,7 @@ func TestAdminDeleteUser(t *testing.T) {
 	req := NewRequestWithValues(t, "POST", "/admin/users/8/delete", map[string]string{
 		"_csrf": csrf,
 	})
-	session.MakeRequest(t, req, http.StatusOK)
+	session.MakeRequest(t, req, http.StatusFound)
 
 	assertUserDeleted(t, 8)
 	unittest.CheckConsistencyFor(t, &user_model.User{})

From 2df52bd34887440bdce8450829402fc9ecb37a8e Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Fri, 31 Dec 2021 17:03:08 +0000
Subject: [PATCH 04/13] Add force logout

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 services/user/user.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/services/user/user.go b/services/user/user.go
index 4cbb090d27fd9..7ba521140f989 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -19,6 +19,7 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/avatar"
+	"code.gitea.io/gitea/modules/eventsource"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
@@ -48,6 +49,12 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 			return fmt.Errorf("unable to disable user: %s[%d] prior to purge. UpdateUserCols: %w", u.Name, u.ID, err)
 		}
 
+		// Force any logged in sessions to log out
+		// FIXME: We also need to tell the session manager to log them out too.
+		eventsource.GetManager().SendMessage(u.ID, &eventsource.Event{
+			Name: "logout",
+		})
+
 		// Delete all repos belonging to this user
 		for {
 			repos, _, err := models.GetUserRepositories(&models.SearchRepoOptions{

From eaea4314d2b1270e06fda59c61b572903476b601 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Sun, 19 Jun 2022 17:12:04 +0100
Subject: [PATCH 05/13] use FormBool

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 routers/web/admin/users.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 5be7e6dc8a8db..842a413fed7aa 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -416,10 +416,7 @@ func DeleteUser(ctx *context.Context) {
 		return
 	}
 
-	purge := false
-	if ctx.FormString("purge") != "" {
-		purge = true
-	}
+	purge := ctx.FormBool("purge")
 
 	// admin should not delete themself
 	if u.ID == ctx.Doer.ID {

From 68aaddc4ebe39d4e6f73bf39481dd937de1c7683 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Sun, 19 Jun 2022 18:30:50 +0100
Subject: [PATCH 06/13] Add some comments as to why a transaction is
 inappropriate

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 cmd/admin.go                   |  7 +------
 services/user/user.go          | 17 +++++++++++++++--
 templates/admin/user/edit.tmpl | 11 +----------
 3 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/cmd/admin.go b/cmd/admin.go
index 7558917a907dd..524cc30563880 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -679,12 +679,7 @@ func runDeleteUser(c *cli.Context) error {
 		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
 	}
 
-	purge := false
-	if c.IsSet("purge") {
-		purge = c.Bool("purge")
-	}
-
-	return user_service.DeleteUser(ctx, user, purge)
+	return user_service.DeleteUser(ctx, user, c.Bool("purge"))
 }
 
 func runGenerateAccessToken(c *cli.Context) error {
diff --git a/services/user/user.go b/services/user/user.go
index 91786db36e0dc..627532e1a7e42 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -37,6 +37,7 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 
 	if purge {
 		// Disable the user first
+		// NOTE: This is deliberately not within a transaction as it must disable the user immediately to prevent any further action by the user to be purged.
 		if err := user_model.UpdateUserCols(ctx, &user_model.User{
 			ID:              u.ID,
 			IsActive:        false,
@@ -58,6 +59,12 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 		})
 
 		// Delete all repos belonging to this user
+		// Now this is not within a transaction because there are internal transactions within the DeleteRepository
+		// BUT: the db will still be consistent even if a number of repos have already been deleted.
+		// And in fact we want to capture any repositories that are being created in other transactions in the meantime
+		//
+		// An alternative option here would be write a DeleteAllRepositoriesForUserID function which would delete all of the repos
+		// but such a function would likely get out of date
 		for {
 			repos, _, err := repo_model.GetUserRepositories(&repo_model.SearchRepoOptions{
 				ListOptions: db.ListOptions{
@@ -75,12 +82,18 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 			}
 			for _, repo := range repos {
 				if err := models.DeleteRepository(u, u.ID, repo.ID); err != nil {
-					return fmt.Errorf("unable to delete repositories for %s[%d]. Error: %v", u.Name, u.ID, err)
+					return fmt.Errorf("unable to delete repository %s for %s[%d]. Error: %v", repo.Name, u.Name, u.ID, err)
 				}
 			}
 		}
 
-		// Delete Orgs
+		// Remove from Organizations and delete last owner organizations
+		// Now this is not within a transaction because there are internal transactions within the DeleteOrganization
+		// BUT: the db will still be consistent even if a number of organizations memberships and organizations have already been deleted
+		// And in fact we want to capture any organization additions that are being created in other transactions in the meantime
+		//
+		// An alternative option here would be write a function which would delete all organizations but it seems
+		// but such a function would likely get out of date
 		for {
 			orgs, err := organization.FindOrgs(organization.FindOrgOptions{
 				ListOptions: db.ListOptions{
diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
index c18f2bb8182f0..e2a4d4aa3d429 100644
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -214,16 +214,7 @@
 			</div>
 			<p class="help">{{.i18n.Tr "admin.users.purge_help"}}</p>
 		</div>
-		<div class="text right actions">
-			<div class="ui red basic inverted cancel button">
-				{{svg "octicon-x"}}
-				{{.i18n.Tr "modal.no"}}
-			</div>
-			<button class="ui green basic inverted ok button">
-				{{svg "octicon-check"}}
-				{{.i18n.Tr "modal.yes"}}
-			</button>
-		</div>
+		{{template "base/delete_modal_actions" .}}
 	</form>
 </div>
 {{template "base/footer" .}}

From dae68c80bf6dc7d6f0a008fd5e8750e29f08a66b Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Sun, 19 Jun 2022 19:27:52 +0100
Subject: [PATCH 07/13] Delete Packages too

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 models/packages/package_version.go     |  9 ++++++---
 services/packages/container/cleanup.go |  2 +-
 services/packages/packages.go          | 28 ++++++++++++++++++++++++++
 services/user/user.go                  |  8 +++++++-
 4 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/models/packages/package_version.go b/models/packages/package_version.go
index 78e76c50545ee..66b2bc98c9832 100644
--- a/models/packages/package_version.go
+++ b/models/packages/package_version.go
@@ -107,7 +107,7 @@ func getVersionByNameAndVersion(ctx context.Context, ownerID int64, packageType
 			ExactMatch: true,
 			Value:      version,
 		},
-		IsInternal: isInternal,
+		IsInternal: util.OptionalBoolOf(isInternal),
 		Paginator:  db.NewAbsoluteListOptions(0, 1),
 	})
 	if err != nil {
@@ -171,7 +171,7 @@ type PackageSearchOptions struct {
 	Name            SearchValue       // only results with the specific name are found
 	Version         SearchValue       // only results with the specific version are found
 	Properties      map[string]string // only results are found which contain all listed version properties with the specific value
-	IsInternal      bool
+	IsInternal      util.OptionalBool
 	HasFileWithName string            // only results are found which are associated with a file with the specific name
 	HasFiles        util.OptionalBool // only results are found which have associated files
 	Sort            string
@@ -179,7 +179,10 @@ type PackageSearchOptions struct {
 }
 
 func (opts *PackageSearchOptions) toConds() builder.Cond {
-	var cond builder.Cond = builder.Eq{"package_version.is_internal": opts.IsInternal}
+	cond := builder.NewCond()
+	if !opts.IsInternal.IsNone() {
+		cond = builder.Eq{"package_version.is_internal": opts.IsInternal.IsTrue()}
+	}
 
 	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"package.owner_id": opts.OwnerID})
diff --git a/services/packages/container/cleanup.go b/services/packages/container/cleanup.go
index 390a0b7b052d5..3e44f9aa1a0f6 100644
--- a/services/packages/container/cleanup.go
+++ b/services/packages/container/cleanup.go
@@ -59,7 +59,7 @@ func cleanupExpiredUploadedBlobs(ctx context.Context, olderThan time.Duration) e
 			ExactMatch: true,
 			Value:      container_model.UploadVersion,
 		},
-		IsInternal: true,
+		IsInternal: util.OptionalBoolTrue,
 		HasFiles:   util.OptionalBoolFalse,
 	})
 	if err != nil {
diff --git a/services/packages/packages.go b/services/packages/packages.go
index 7f25fce5b85cc..0ebf6e7df0cd8 100644
--- a/services/packages/packages.go
+++ b/services/packages/packages.go
@@ -13,6 +13,7 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	packages_model "code.gitea.io/gitea/models/packages"
+	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
@@ -451,3 +452,30 @@ func GetPackageFileStream(ctx context.Context, pf *packages_model.PackageFile) (
 	}
 	return s, pf, err
 }
+
+// RemoveAllPackages for User
+func RemoveAllPackages(ctx context.Context, userID int64) (int, error) {
+	count := 0
+	for {
+		pkgVersions, _, err := packages_model.SearchVersions(ctx, &packages_model.PackageSearchOptions{
+			Paginator: &db.ListOptions{
+				PageSize: repo_model.RepositoryListDefaultPageSize,
+				Page:     1,
+			},
+			OwnerID: userID,
+		})
+		if err != nil {
+			return count, fmt.Errorf("GetOwnedPackages[%d]: %w", userID, err)
+		}
+		if len(pkgVersions) == 0 {
+			break
+		}
+		for _, pv := range pkgVersions {
+			if err := DeletePackageVersionAndReferences(ctx, pv); err != nil {
+				return count, fmt.Errorf("unable to delete package %d:%s[%d]. Error: %w", pv.PackageID, pv.Version, pv.ID, err)
+			}
+			count++
+		}
+	}
+	return count, nil
+}
diff --git a/services/user/user.go b/services/user/user.go
index 627532e1a7e42..448b7c2daf8dc 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -23,8 +23,10 @@ import (
 	"code.gitea.io/gitea/modules/avatar"
 	"code.gitea.io/gitea/modules/eventsource"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/services/packages"
 )
 
 // DeleteUser completely and permanently deletes everything of a user,
@@ -122,7 +124,11 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 		}
 
 		// Delete Packages
-		// FIXME:
+		if setting.Packages.Enabled {
+			if _, err := packages.RemoveAllPackages(ctx, u.ID); err != nil {
+				return err
+			}
+		}
 	}
 
 	ctx, committer, err := db.TxContext()

From 7af3e8e87d6e5225ac0fe39ee31d3efbc6e097e4 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Sun, 19 Jun 2022 19:30:50 +0100
Subject: [PATCH 08/13] update locale_en-US.ini to include that we delete
 packages

Co-authored-by: delvh <dev.lh@web.de>
---
 options/locale/locale_en-US.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 29d9ea36c8c1a..534607d4cf40a 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2539,7 +2539,7 @@ users.cannot_delete_self = "You cannot delete yourself"
 users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
 users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
 users.purge = Purge User
-users.purge_help = Forcibly delete user and any repositories or organizations owned by the user. All comments will be deleted too.
+users.purge_help = Forcibly delete user and any repositories, organizations, and packages owned by the user. All comments will be deleted too.
 users.still_own_packages = This user still owns one or more packages. Delete these packages first.
 users.deletion_success = The user account has been deleted.
 users.reset_2fa = Reset 2FA

From a53d2ccbdc8641601f2fd90794294021487f4f8d Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Sun, 19 Jun 2022 20:47:18 +0100
Subject: [PATCH 09/13] as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 models/repo.go             | 2 +-
 routers/web/admin/users.go | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/models/repo.go b/models/repo.go
index c64788a4d333d..cb1876d66d031 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -343,7 +343,7 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error {
 	}
 
 	if err := project_model.DeleteProjectByRepoIDCtx(ctx, repoID); err != nil {
-		return fmt.Errorf("unable delete projects for repo[%d]: %v", repoID, err)
+		return fmt.Errorf("unable to delete projects for repo[%d]: %v", repoID, err)
 	}
 
 	// Remove LFS objects
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 842a413fed7aa..88ea8853d49ed 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -416,8 +416,6 @@ func DeleteUser(ctx *context.Context) {
 		return
 	}
 
-	purge := ctx.FormBool("purge")
-
 	// admin should not delete themself
 	if u.ID == ctx.Doer.ID {
 		ctx.Flash.Error(ctx.Tr("admin.users.cannot_delete_self"))
@@ -427,7 +425,7 @@ func DeleteUser(ctx *context.Context) {
 		return
 	}
 
-	if err = user_service.DeleteUser(ctx, u, purge); err != nil {
+	if err = user_service.DeleteUser(ctx, u, ctx.FormBool("purge")); err != nil {
 		switch {
 		case models.IsErrUserOwnRepos(err):
 			ctx.Flash.Error(ctx.Tr("admin.users.still_own_repo"))

From d4354b48b368f6f3ea067f0c92fae640bde025e1 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Mon, 20 Jun 2022 10:15:59 +0100
Subject: [PATCH 10/13] Cope with DELETE JOINS

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 models/project/project.go | 39 +++++++++++++++++++++++++++++++--------
 1 file changed, 31 insertions(+), 8 deletions(-)

diff --git a/models/project/project.go b/models/project/project.go
index 64bbd6b428302..01ecc084b61b8 100644
--- a/models/project/project.go
+++ b/models/project/project.go
@@ -332,14 +332,37 @@ func DeleteProjectByIDCtx(ctx context.Context, id int64) error {
 }
 
 func DeleteProjectByRepoIDCtx(ctx context.Context, repoID int64) error {
-	if _, err := db.GetEngine(ctx).Table("project_issue").Join("INNER", "project", "`project`.id = `project_issue`.project_id").Where("`project`.repo_id = ? ", repoID).Delete(&ProjectIssue{}); err != nil {
-		return err
-	}
-	if _, err := db.GetEngine(ctx).Table("project_board").Join("INNER", "project", "`project`.id = `project_board`.project_id").Where("`project`.repo_id = ? ", repoID).Delete(&Board{}); err != nil {
-		return err
-	}
-	if _, err := db.GetEngine(ctx).Table("project").Where("`project`.repo_id = ? ", repoID).Delete(&Project{}); err != nil {
-		return err
+	switch {
+	case setting.Database.UseSQLite3:
+		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_issue WHERE project_issue.id IN (SELECT project_issue.id FROM project_issue INNER JOIN project WHERE project.id = project_issue.project_id AND project.repo_id = ?)", repoID); err != nil {
+			return err
+		}
+		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_board WHERE project_board.id IN (SELECT project_board.id FROM project_board INNER JOIN project WHERE project.id = project_board.project_id AND project.repo_id = ?)", repoID); err != nil {
+			return err
+		}
+		if _, err := db.GetEngine(ctx).Table("project").Where("repo_id = ? ", repoID).Delete(&Project{}); err != nil {
+			return err
+		}
+	case setting.Database.UsePostgreSQL:
+		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_issue USING project WHERE project.id = project_issue.project_id AND project.repo_id = ? ", repoID); err != nil {
+			return err
+		}
+		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_board USING project WHERE project.id = project_board.project_id AND project.repo_id = ? ", repoID); err != nil {
+			return err
+		}
+		if _, err := db.GetEngine(ctx).Table("project").Where("repo_id = ? ", repoID).Delete(&Project{}); err != nil {
+			return err
+		}
+	default:
+		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_issue INNER JOIN project ON project.id = project_issue.project_id WHERE project.repo_id = ? ", repoID); err != nil {
+			return err
+		}
+		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_board INNER JOIN project ON project.id = project_board.project_id WHERE project.repo_id = ? ", repoID); err != nil {
+			return err
+		}
+		if _, err := db.GetEngine(ctx).Table("project").Where("repo_id = ? ", repoID).Delete(&Project{}); err != nil {
+			return err
+		}
 	}
 
 	return updateRepositoryProjectCount(ctx, repoID)

From 3ecaeb76352b2f9c8547ede53b1a35c3eb0f447f Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Mon, 20 Jun 2022 16:30:19 +0100
Subject: [PATCH 11/13] fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 integrations/admin_user_test.go | 2 +-
 routers/web/admin/users.go      | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/integrations/admin_user_test.go b/integrations/admin_user_test.go
index 825686bbdcab1..a2020652b747f 100644
--- a/integrations/admin_user_test.go
+++ b/integrations/admin_user_test.go
@@ -76,7 +76,7 @@ func TestAdminDeleteUser(t *testing.T) {
 	req := NewRequestWithValues(t, "POST", "/admin/users/8/delete", map[string]string{
 		"_csrf": csrf,
 	})
-	session.MakeRequest(t, req, http.StatusFound)
+	session.MakeRequest(t, req, http.StatusSeeOther)
 
 	assertUserDeleted(t, 8)
 	unittest.CheckConsistencyFor(t, &user_model.User{})
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 88ea8853d49ed..aab633ec84b24 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -419,9 +419,7 @@ func DeleteUser(ctx *context.Context) {
 	// admin should not delete themself
 	if u.ID == ctx.Doer.ID {
 		ctx.Flash.Error(ctx.Tr("admin.users.cannot_delete_self"))
-		ctx.JSON(http.StatusOK, map[string]interface{}{
-			"redirect": setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")),
-		})
+		ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))
 		return
 	}
 

From 9e5685fe11f0dd4e7d2336b07b3995cbaaa9a326 Mon Sep 17 00:00:00 2001
From: Andrew Thornton <art27@cantab.net>
Date: Mon, 20 Jun 2022 17:44:08 +0100
Subject: [PATCH 12/13] attempt to fix mysql query

Signed-off-by: Andrew Thornton <art27@cantab.net>
---
 integrations/integration_test.go |  9 +++++++--
 integrations/mysql.ini.tmpl      | 30 +++++++++++++++---------------
 models/project/project.go        |  4 ++--
 3 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/integrations/integration_test.go b/integrations/integration_test.go
index 8a43de7c45fa9..230f780175c9c 100644
--- a/integrations/integration_test.go
+++ b/integrations/integration_test.go
@@ -188,8 +188,13 @@ func initIntegrationTest() {
 
 	switch {
 	case setting.Database.UseMySQL:
-		db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@tcp(%s)/",
-			setting.Database.User, setting.Database.Passwd, setting.Database.Host))
+		connType := "tcp"
+		if len(setting.Database.Host) > 0 && setting.Database.Host[0] == '/' { // looks like a unix socket
+			connType = "unix"
+		}
+
+		db, err := sql.Open("mysql", fmt.Sprintf("%s:%s@%s(%s)/",
+			setting.Database.User, setting.Database.Passwd, connType, setting.Database.Host))
 		defer db.Close()
 		if err != nil {
 			log.Fatal("sql.Open: %v", err)
diff --git a/integrations/mysql.ini.tmpl b/integrations/mysql.ini.tmpl
index 4df49336424a6..1a3f9a75a90a4 100644
--- a/integrations/mysql.ini.tmpl
+++ b/integrations/mysql.ini.tmpl
@@ -9,12 +9,12 @@ USER     = {{TEST_MYSQL_USERNAME}}
 PASSWD   = {{TEST_MYSQL_PASSWORD}}
 SSL_MODE = disable
 
-[indexer]
-ISSUE_INDEXER_TYPE = elasticsearch
-ISSUE_INDEXER_CONN_STR = http://elastic:changeme@elasticsearch:9200
-ISSUE_INDEXER_QUEUE_DIR = integrations/gitea-integration-mysql/indexers/issues.queue
-REPO_INDEXER_ENABLED = true
-REPO_INDEXER_PATH = integrations/gitea-integration-mysql/indexers/repos.bleve
+;[indexer]
+;ISSUE_INDEXER_TYPE = elasticsearch
+;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@elasticsearch:9200
+;ISSUE_INDEXER_QUEUE_DIR = integrations/gitea-integration-mysql/indexers/issues.queue
+;REPO_INDEXER_ENABLED = true
+;REPO_INDEXER_PATH = integrations/gitea-integration-mysql/indexers/repos.bleve
 
 [queue]
 TYPE = immediate
@@ -65,15 +65,15 @@ MINIO_BASE_PATH = avatars/
 [repo-avatars]
 MINIO_BASE_PATH = repo-avatars/
 
-[storage]
-STORAGE_TYPE = minio
-SERVE_DIRECT = false
-MINIO_ENDPOINT = minio:9000
-MINIO_ACCESS_KEY_ID = 123456
-MINIO_SECRET_ACCESS_KEY = 12345678
-MINIO_BUCKET = gitea
-MINIO_LOCATION = us-east-1
-MINIO_USE_SSL = false
+; [storage]
+; STORAGE_TYPE = minio
+; SERVE_DIRECT = false
+; MINIO_ENDPOINT = minio:9000
+; MINIO_ACCESS_KEY_ID = 123456
+; MINIO_SECRET_ACCESS_KEY = 12345678
+; MINIO_BUCKET = gitea
+; MINIO_LOCATION = us-east-1
+; MINIO_USE_SSL = false
 
 [mailer]
 ENABLED = true
diff --git a/models/project/project.go b/models/project/project.go
index 01ecc084b61b8..86a77947d8838 100644
--- a/models/project/project.go
+++ b/models/project/project.go
@@ -354,10 +354,10 @@ func DeleteProjectByRepoIDCtx(ctx context.Context, repoID int64) error {
 			return err
 		}
 	default:
-		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_issue INNER JOIN project ON project.id = project_issue.project_id WHERE project.repo_id = ? ", repoID); err != nil {
+		if _, err := db.GetEngine(ctx).Exec("DELETE project_issue FROM project_issue INNER JOIN project ON project.id = project_issue.project_id WHERE project.repo_id = ? ", repoID); err != nil {
 			return err
 		}
-		if _, err := db.GetEngine(ctx).Exec("DELETE FROM project_board INNER JOIN project ON project.id = project_board.project_id WHERE project.repo_id = ? ", repoID); err != nil {
+		if _, err := db.GetEngine(ctx).Exec("DELETE project_board FROM project_board INNER JOIN project ON project.id = project_board.project_id WHERE project.repo_id = ? ", repoID); err != nil {
 			return err
 		}
 		if _, err := db.GetEngine(ctx).Table("project").Where("repo_id = ? ", repoID).Delete(&Project{}); err != nil {

From 3cb1a1df18bb24fb85d4012e587979f3bf5b34cf Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Mon, 20 Jun 2022 18:11:16 +0100
Subject: [PATCH 13/13] Apply suggestions from code review

---
 integrations/mysql.ini.tmpl | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/integrations/mysql.ini.tmpl b/integrations/mysql.ini.tmpl
index 1a3f9a75a90a4..4df49336424a6 100644
--- a/integrations/mysql.ini.tmpl
+++ b/integrations/mysql.ini.tmpl
@@ -9,12 +9,12 @@ USER     = {{TEST_MYSQL_USERNAME}}
 PASSWD   = {{TEST_MYSQL_PASSWORD}}
 SSL_MODE = disable
 
-;[indexer]
-;ISSUE_INDEXER_TYPE = elasticsearch
-;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@elasticsearch:9200
-;ISSUE_INDEXER_QUEUE_DIR = integrations/gitea-integration-mysql/indexers/issues.queue
-;REPO_INDEXER_ENABLED = true
-;REPO_INDEXER_PATH = integrations/gitea-integration-mysql/indexers/repos.bleve
+[indexer]
+ISSUE_INDEXER_TYPE = elasticsearch
+ISSUE_INDEXER_CONN_STR = http://elastic:changeme@elasticsearch:9200
+ISSUE_INDEXER_QUEUE_DIR = integrations/gitea-integration-mysql/indexers/issues.queue
+REPO_INDEXER_ENABLED = true
+REPO_INDEXER_PATH = integrations/gitea-integration-mysql/indexers/repos.bleve
 
 [queue]
 TYPE = immediate
@@ -65,15 +65,15 @@ MINIO_BASE_PATH = avatars/
 [repo-avatars]
 MINIO_BASE_PATH = repo-avatars/
 
-; [storage]
-; STORAGE_TYPE = minio
-; SERVE_DIRECT = false
-; MINIO_ENDPOINT = minio:9000
-; MINIO_ACCESS_KEY_ID = 123456
-; MINIO_SECRET_ACCESS_KEY = 12345678
-; MINIO_BUCKET = gitea
-; MINIO_LOCATION = us-east-1
-; MINIO_USE_SSL = false
+[storage]
+STORAGE_TYPE = minio
+SERVE_DIRECT = false
+MINIO_ENDPOINT = minio:9000
+MINIO_ACCESS_KEY_ID = 123456
+MINIO_SECRET_ACCESS_KEY = 12345678
+MINIO_BUCKET = gitea
+MINIO_LOCATION = us-east-1
+MINIO_USE_SSL = false
 
 [mailer]
 ENABLED = true