20 files changed, 636 insertions, 155 deletions
diff --git a/models/admin/notice_test.go b/models/admin/notice_test.go
deleted file mode 100644
index f3767392d1..0000000000
--- a/models/admin/notice_test.go
+++ /dev/null
@@ -1,117 +0,0 @@
-// Copyright 2017 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package admin_test
-
-import (
-	"testing"
-
-	"code.gitea.io/gitea/models/admin"
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestNotice_TrStr(t *testing.T) {
-	notice := &admin.Notice{
-		Type:        admin.NoticeRepository,
-		Description: "test description",
-	}
-	assert.Equal(t, "admin.notices.type_1", notice.TrStr())
-}
-
-func TestCreateNotice(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	noticeBean := &admin.Notice{
-		Type:        admin.NoticeRepository,
-		Description: "test description",
-	}
-	unittest.AssertNotExistsBean(t, noticeBean)
-	assert.NoError(t, admin.CreateNotice(db.DefaultContext, noticeBean.Type, noticeBean.Description))
-	unittest.AssertExistsAndLoadBean(t, noticeBean)
-}
-
-func TestCreateRepositoryNotice(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	noticeBean := &admin.Notice{
-		Type:        admin.NoticeRepository,
-		Description: "test description",
-	}
-	unittest.AssertNotExistsBean(t, noticeBean)
-	assert.NoError(t, admin.CreateRepositoryNotice(noticeBean.Description))
-	unittest.AssertExistsAndLoadBean(t, noticeBean)
-}
-
-// TODO TestRemoveAllWithNotice
-
-func TestCountNotices(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-	assert.Equal(t, int64(3), admin.CountNotices())
-}
-
-func TestNotices(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	notices, err := admin.Notices(1, 2)
-	assert.NoError(t, err)
-	if assert.Len(t, notices, 2) {
-		assert.Equal(t, int64(3), notices[0].ID)
-		assert.Equal(t, int64(2), notices[1].ID)
-	}
-
-	notices, err = admin.Notices(2, 2)
-	assert.NoError(t, err)
-	if assert.Len(t, notices, 1) {
-		assert.Equal(t, int64(1), notices[0].ID)
-	}
-}
-
-func TestDeleteNotice(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 3})
-	assert.NoError(t, admin.DeleteNotice(3))
-	unittest.AssertNotExistsBean(t, &admin.Notice{ID: 3})
-}
-
-func TestDeleteNotices(t *testing.T) {
-	// delete a non-empty range
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 1})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 2})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 3})
-	assert.NoError(t, admin.DeleteNotices(1, 2))
-	unittest.AssertNotExistsBean(t, &admin.Notice{ID: 1})
-	unittest.AssertNotExistsBean(t, &admin.Notice{ID: 2})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 3})
-}
-
-func TestDeleteNotices2(t *testing.T) {
-	// delete an empty range
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 1})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 2})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 3})
-	assert.NoError(t, admin.DeleteNotices(3, 2))
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 1})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 2})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 3})
-}
-
-func TestDeleteNoticesByIDs(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 1})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 2})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 3})
-	assert.NoError(t, admin.DeleteNoticesByIDs([]int64{1, 3}))
-	unittest.AssertNotExistsBean(t, &admin.Notice{ID: 1})
-	unittest.AssertExistsAndLoadBean(t, &admin.Notice{ID: 2})
-	unittest.AssertNotExistsBean(t, &admin.Notice{ID: 3})
-}
diff --git a/models/avatars/avatar.go b/models/avatars/avatar.go
index 9f7b0c474f..418e9b9ccc 100644
--- a/models/avatars/avatar.go
+++ b/models/avatars/avatar.go
@@ -13,6 +13,7 @@ import (
 	"sync"
 
 	"code.gitea.io/gitea/models/db"
+	system_model "code.gitea.io/gitea/models/system"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/log"
@@ -72,7 +73,7 @@ func GetEmailForHash(md5Sum string) (string, error) {
 // LibravatarURL returns the URL for the given email. Slow due to the DNS lookup.
 // This function should only be called if a federated avatar service is enabled.
 func LibravatarURL(email string) (*url.URL, error) {
-	urlStr, err := setting.LibravatarService.FromEmail(email)
+	urlStr, err := system_model.LibravatarService.FromEmail(email)
 	if err != nil {
 		log.Error("LibravatarService.FromEmail(email=%s): error %v", email, err)
 		return nil, err
@@ -149,8 +150,10 @@ func generateEmailAvatarLink(email string, size int, final bool) string {
 		return DefaultAvatarLink()
 	}
 
+	enableFederatedAvatar, _ := system_model.GetSetting(system_model.KeyPictureEnableFederatedAvatar)
+
 	var err error
-	if setting.EnableFederatedAvatar && setting.LibravatarService != nil {
+	if enableFederatedAvatar != nil && enableFederatedAvatar.GetValueBool() && system_model.LibravatarService != nil {
 		emailHash := saveEmailHash(email)
 		if final {
 			// for final link, we can spend more time on slow external query
@@ -166,12 +169,16 @@ func generateEmailAvatarLink(email string, size int, final bool) string {
 			urlStr += "?size=" + strconv.Itoa(size)
 		}
 		return urlStr
-	} else if !setting.DisableGravatar {
+	}
+
+	disableGravatar, _ := system_model.GetSetting(system_model.KeyPictureDisableGravatar)
+	if disableGravatar != nil && !disableGravatar.GetValueBool() {
 		// copy GravatarSourceURL, because we will modify its Path.
-		avatarURLCopy := *setting.GravatarSourceURL
+		avatarURLCopy := *system_model.GravatarSourceURL
 		avatarURLCopy.Path = path.Join(avatarURLCopy.Path, HashEmail(email))
 		return generateRecognizedAvatarURL(avatarURLCopy, size)
 	}
+
 	return DefaultAvatarLink()
 }
 
diff --git a/models/avatars/avatar_test.go b/models/avatars/avatar_test.go
index 4d6255ca5f..ace5445fc0 100644
--- a/models/avatars/avatar_test.go
+++ b/models/avatars/avatar_test.go
@@ -2,12 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package avatars
+package avatars_test
 
 import (
-	"net/url"
 	"testing"
 
+	avatars_model "code.gitea.io/gitea/models/avatars"
+	system_model "code.gitea.io/gitea/models/system"
 	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/stretchr/testify/assert"
@@ -15,40 +16,43 @@ import (
 
 const gravatarSource = "https://secure.gravatar.com/avatar/"
 
-func disableGravatar() {
-	setting.EnableFederatedAvatar = false
-	setting.LibravatarService = nil
-	setting.DisableGravatar = true
+func disableGravatar(t *testing.T) {
+	err := system_model.SetSettingNoVersion(system_model.KeyPictureEnableFederatedAvatar, "false")
+	assert.NoError(t, err)
+	err = system_model.SetSettingNoVersion(system_model.KeyPictureDisableGravatar, "true")
+	assert.NoError(t, err)
+	system_model.LibravatarService = nil
 }
 
 func enableGravatar(t *testing.T) {
-	setting.DisableGravatar = false
-	var err error
-	setting.GravatarSourceURL, err = url.Parse(gravatarSource)
+	err := system_model.SetSettingNoVersion(system_model.KeyPictureDisableGravatar, "false")
+	assert.NoError(t, err)
+	setting.GravatarSource = gravatarSource
+	err = system_model.Init()
 	assert.NoError(t, err)
 }
 
 func TestHashEmail(t *testing.T) {
 	assert.Equal(t,
 		"d41d8cd98f00b204e9800998ecf8427e",
-		HashEmail(""),
+		avatars_model.HashEmail(""),
 	)
 	assert.Equal(t,
 		"353cbad9b58e69c96154ad99f92bedc7",
-		HashEmail("gitea@example.com"),
+		avatars_model.HashEmail("gitea@example.com"),
 	)
 }
 
 func TestSizedAvatarLink(t *testing.T) {
 	setting.AppSubURL = "/testsuburl"
 
-	disableGravatar()
+	disableGravatar(t)
 	assert.Equal(t, "/testsuburl/assets/img/avatar_default.png",
-		GenerateEmailAvatarFastLink("gitea@example.com", 100))
+		avatars_model.GenerateEmailAvatarFastLink("gitea@example.com", 100))
 
 	enableGravatar(t)
 	assert.Equal(t,
 		"https://secure.gravatar.com/avatar/353cbad9b58e69c96154ad99f92bedc7?d=identicon&s=100",
-		GenerateEmailAvatarFastLink("gitea@example.com", 100),
+		avatars_model.GenerateEmailAvatarFastLink("gitea@example.com", 100),
 	)
 }
diff --git a/models/admin/main_test.go b/models/avatars/main_test.go
index 23277fe37c..0e98d8f64d 100644
--- a/models/admin/main_test.go
+++ b/models/avatars/main_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package admin_test
+package avatars_test
 
 import (
 	"path/filepath"
diff --git a/models/fixtures/system_setting.yml b/models/fixtures/system_setting.yml
new file mode 100644
index 0000000000..6c960168fc
--- /dev/null
+++ b/models/fixtures/system_setting.yml
@@ -0,0 +1,15 @@
+-
+  id: 1
+  setting_key: 'disable_gravatar'
+  setting_value: 'false'
+  version: 1
+  created: 1653533198
+  updated: 1653533198
+
+-
+  id: 2
+  setting_key: 'enable_federated_avatar'
+  setting_value: 'false'
+  version: 1
+  created: 1653533198
+  updated: 1653533198
diff --git a/models/issues/issue.go b/models/issues/issue.go
index 737b625abc..786c969522 100644
--- a/models/issues/issue.go
+++ b/models/issues/issue.go
@@ -13,7 +13,6 @@ import (
 	"strconv"
 	"strings"
 
-	admin_model "code.gitea.io/gitea/models/admin"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/foreignreference"
 	"code.gitea.io/gitea/models/organization"
@@ -21,6 +20,7 @@ import (
 	access_model "code.gitea.io/gitea/models/perm/access"
 	project_model "code.gitea.io/gitea/models/project"
 	repo_model "code.gitea.io/gitea/models/repo"
+	system_model "code.gitea.io/gitea/models/system"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
@@ -2470,7 +2470,7 @@ func DeleteOrphanedIssues() error {
 
 	// Remove issue attachment files.
 	for i := range attachmentPaths {
-		admin_model.RemoveAllWithNotice(db.DefaultContext, "Delete issue attachment", attachmentPaths[i])
+		system_model.RemoveAllWithNotice(db.DefaultContext, "Delete issue attachment", attachmentPaths[i])
 	}
 	return nil
 }
diff --git a/models/main_test.go b/models/main_test.go
index 49b6e3e560..3584001569 100644
--- a/models/main_test.go
+++ b/models/main_test.go
@@ -14,6 +14,8 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 
+	_ "code.gitea.io/gitea/models/system"
+
 	"github.com/stretchr/testify/assert"
 )
 
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index 2a38772180..afe1445a23 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -415,6 +415,8 @@ var migrations = []Migration{
 	NewMigration("Alter gpg_key/public_key content TEXT fields to MEDIUMTEXT", alterPublicGPGKeyContentFieldsToMediumText),
 	// v226 -> v227
 	NewMigration("Conan and generic packages do not need to be semantically versioned", fixPackageSemverField),
+	// v227 -> v228
+	NewMigration("Create key/value table for system settings", createSystemSettingsTable),
 }
 
 // GetCurrentDBVersion returns the current db version
diff --git a/models/migrations/v227.go b/models/migrations/v227.go
new file mode 100644
index 0000000000..8a3a9c877e
--- /dev/null
+++ b/models/migrations/v227.go
@@ -0,0 +1,64 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"fmt"
+	"strconv"
+
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+type SystemSetting struct {
+	ID           int64              `xorm:"pk autoincr"`
+	SettingKey   string             `xorm:"varchar(255) unique"` // ensure key is always lowercase
+	SettingValue string             `xorm:"text"`
+	Version      int                `xorm:"version"` // prevent to override
+	Created      timeutil.TimeStamp `xorm:"created"`
+	Updated      timeutil.TimeStamp `xorm:"updated"`
+}
+
+func insertSettingsIfNotExist(x *xorm.Engine, sysSettings []*SystemSetting) error {
+	sess := x.NewSession()
+	defer sess.Close()
+	if err := sess.Begin(); err != nil {
+		return err
+	}
+	for _, setting := range sysSettings {
+		exist, err := sess.Table("system_setting").Where("setting_key=?", setting.SettingKey).Exist()
+		if err != nil {
+			return err
+		}
+		if !exist {
+			if _, err := sess.Insert(setting); err != nil {
+				return err
+			}
+		}
+	}
+	return sess.Commit()
+}
+
+func createSystemSettingsTable(x *xorm.Engine) error {
+	if err := x.Sync2(new(SystemSetting)); err != nil {
+		return fmt.Errorf("sync2: %v", err)
+	}
+
+	// migrate xx to database
+	sysSettings := []*SystemSetting{
+		{
+			SettingKey:   "picture.disable_gravatar",
+			SettingValue: strconv.FormatBool(setting.DisableGravatar),
+		},
+		{
+			SettingKey:   "picture.enable_federated_avatar",
+			SettingValue: strconv.FormatBool(setting.EnableFederatedAvatar),
+		},
+	}
+
+	return insertSettingsIfNotExist(x, sysSettings)
+}
diff --git a/models/repo.go b/models/repo.go
index 94e6249842..65159f14af 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -22,6 +22,7 @@ import (
 	access_model "code.gitea.io/gitea/models/perm/access"
 	project_model "code.gitea.io/gitea/models/project"
 	repo_model "code.gitea.io/gitea/models/repo"
+	system_model "code.gitea.io/gitea/models/system"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/models/webhook"
@@ -32,9 +33,13 @@ import (
 	"xorm.io/builder"
 )
 
-// NewRepoContext creates a new repository context
-func NewRepoContext() {
+// ItemsPerPage maximum items per page in forks, watchers and stars of a repo
+var ItemsPerPage = 40
+
+// Init initialize model
+func Init() error {
 	unit.LoadUnitConfig()
+	return system_model.Init()
 }
 
 // DeleteRepository deletes a repository for a user or organization.
@@ -267,36 +272,36 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error {
 
 	// Remove repository files.
 	repoPath := repo.RepoPath()
-	admin_model.RemoveAllWithNotice(db.DefaultContext, "Delete repository files", repoPath)
+	system_model.RemoveAllWithNotice(db.DefaultContext, "Delete repository files", repoPath)
 
 	// Remove wiki files
 	if repo.HasWiki() {
-		admin_model.RemoveAllWithNotice(db.DefaultContext, "Delete repository wiki", repo.WikiPath())
+		system_model.RemoveAllWithNotice(db.DefaultContext, "Delete repository wiki", repo.WikiPath())
 	}
 
 	// Remove archives
 	for _, archive := range archivePaths {
-		admin_model.RemoveStorageWithNotice(db.DefaultContext, storage.RepoArchives, "Delete repo archive file", archive)
+		system_model.RemoveStorageWithNotice(db.DefaultContext, storage.RepoArchives, "Delete repo archive file", archive)
 	}
 
 	// Remove lfs objects
 	for _, lfsObj := range lfsPaths {
-		admin_model.RemoveStorageWithNotice(db.DefaultContext, storage.LFS, "Delete orphaned LFS file", lfsObj)
+		system_model.RemoveStorageWithNotice(db.DefaultContext, storage.LFS, "Delete orphaned LFS file", lfsObj)
 	}
 
 	// Remove issue attachment files.
 	for _, attachment := range attachmentPaths {
-		admin_model.RemoveStorageWithNotice(db.DefaultContext, storage.Attachments, "Delete issue attachment", attachment)
+		system_model.RemoveStorageWithNotice(db.DefaultContext, storage.Attachments, "Delete issue attachment", attachment)
 	}
 
 	// Remove release attachment files.
 	for _, releaseAttachment := range releaseAttachments {
-		admin_model.RemoveStorageWithNotice(db.DefaultContext, storage.Attachments, "Delete release attachment", releaseAttachment)
+		system_model.RemoveStorageWithNotice(db.DefaultContext, storage.Attachments, "Delete release attachment", releaseAttachment)
 	}
 
 	// Remove attachment with no issue_id and release_id.
 	for _, newAttachment := range newAttachmentPaths {
-		admin_model.RemoveStorageWithNotice(db.DefaultContext, storage.Attachments, "Delete issue attachment", newAttachment)
+		system_model.RemoveStorageWithNotice(db.DefaultContext, storage.Attachments, "Delete issue attachment", newAttachment)
 	}
 
 	if len(repo.Avatar) > 0 {
diff --git a/models/appstate/appstate.go b/models/system/appstate.go
index aa5a59e1a3..c11a2512ab 100644
--- a/models/appstate/appstate.go
+++ b/models/system/appstate.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package appstate
+package system
 
 import (
 	"context"
diff --git a/models/system/main_test.go b/models/system/main_test.go
new file mode 100644
index 0000000000..a56c76aedc
--- /dev/null
+++ b/models/system/main_test.go
@@ -0,0 +1,21 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package system_test
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+
+	_ "code.gitea.io/gitea/models"        // register models
+	_ "code.gitea.io/gitea/models/system" // register models of system
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+	})
+}
diff --git a/models/admin/notice.go b/models/system/notice.go
index 4d385cf951..3276fa3ffb 100644
--- a/models/admin/notice.go
+++ b/models/system/notice.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package admin
+package system
 
 import (
 	"context"
diff --git a/models/system/notice_test.go b/models/system/notice_test.go
new file mode 100644
index 0000000000..768bcca66c
--- /dev/null
+++ b/models/system/notice_test.go
@@ -0,0 +1,117 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package system_test
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/system"
+	"code.gitea.io/gitea/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNotice_TrStr(t *testing.T) {
+	notice := &system.Notice{
+		Type:        system.NoticeRepository,
+		Description: "test description",
+	}
+	assert.Equal(t, "admin.notices.type_1", notice.TrStr())
+}
+
+func TestCreateNotice(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	noticeBean := &system.Notice{
+		Type:        system.NoticeRepository,
+		Description: "test description",
+	}
+	unittest.AssertNotExistsBean(t, noticeBean)
+	assert.NoError(t, system.CreateNotice(db.DefaultContext, noticeBean.Type, noticeBean.Description))
+	unittest.AssertExistsAndLoadBean(t, noticeBean)
+}
+
+func TestCreateRepositoryNotice(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	noticeBean := &system.Notice{
+		Type:        system.NoticeRepository,
+		Description: "test description",
+	}
+	unittest.AssertNotExistsBean(t, noticeBean)
+	assert.NoError(t, system.CreateRepositoryNotice(noticeBean.Description))
+	unittest.AssertExistsAndLoadBean(t, noticeBean)
+}
+
+// TODO TestRemoveAllWithNotice
+
+func TestCountNotices(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	assert.Equal(t, int64(3), system.CountNotices())
+}
+
+func TestNotices(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	notices, err := system.Notices(1, 2)
+	assert.NoError(t, err)
+	if assert.Len(t, notices, 2) {
+		assert.Equal(t, int64(3), notices[0].ID)
+		assert.Equal(t, int64(2), notices[1].ID)
+	}
+
+	notices, err = system.Notices(2, 2)
+	assert.NoError(t, err)
+	if assert.Len(t, notices, 1) {
+		assert.Equal(t, int64(1), notices[0].ID)
+	}
+}
+
+func TestDeleteNotice(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 3})
+	assert.NoError(t, system.DeleteNotice(3))
+	unittest.AssertNotExistsBean(t, &system.Notice{ID: 3})
+}
+
+func TestDeleteNotices(t *testing.T) {
+	// delete a non-empty range
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 1})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 2})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 3})
+	assert.NoError(t, system.DeleteNotices(1, 2))
+	unittest.AssertNotExistsBean(t, &system.Notice{ID: 1})
+	unittest.AssertNotExistsBean(t, &system.Notice{ID: 2})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 3})
+}
+
+func TestDeleteNotices2(t *testing.T) {
+	// delete an empty range
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 1})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 2})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 3})
+	assert.NoError(t, system.DeleteNotices(3, 2))
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 1})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 2})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 3})
+}
+
+func TestDeleteNoticesByIDs(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 1})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 2})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 3})
+	assert.NoError(t, system.DeleteNoticesByIDs([]int64{1, 3}))
+	unittest.AssertNotExistsBean(t, &system.Notice{ID: 1})
+	unittest.AssertExistsAndLoadBean(t, &system.Notice{ID: 2})
+	unittest.AssertNotExistsBean(t, &system.Notice{ID: 3})
+}
diff --git a/models/system/setting.go b/models/system/setting.go
new file mode 100644
index 0000000000..ff8b48e618
--- /dev/null
+++ b/models/system/setting.go
@@ -0,0 +1,261 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package system
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/timeutil"
+
+	"strk.kbt.io/projects/go/libravatar"
+	"xorm.io/builder"
+)
+
+// Setting is a key value store of user settings
+type Setting struct {
+	ID           int64              `xorm:"pk autoincr"`
+	SettingKey   string             `xorm:"varchar(255) unique"` // ensure key is always lowercase
+	SettingValue string             `xorm:"text"`
+	Version      int                `xorm:"version"` // prevent to override
+	Created      timeutil.TimeStamp `xorm:"created"`
+	Updated      timeutil.TimeStamp `xorm:"updated"`
+}
+
+// TableName sets the table name for the settings struct
+func (s *Setting) TableName() string {
+	return "system_setting"
+}
+
+func (s *Setting) GetValueBool() bool {
+	b, _ := strconv.ParseBool(s.SettingValue)
+	return b
+}
+
+func init() {
+	db.RegisterModel(new(Setting))
+}
+
+// ErrSettingIsNotExist represents an error that a setting is not exist with special key
+type ErrSettingIsNotExist struct {
+	Key string
+}
+
+// Error implements error
+func (err ErrSettingIsNotExist) Error() string {
+	return fmt.Sprintf("System setting[%s] is not exist", err.Key)
+}
+
+// IsErrSettingIsNotExist return true if err is ErrSettingIsNotExist
+func IsErrSettingIsNotExist(err error) bool {
+	_, ok := err.(ErrSettingIsNotExist)
+	return ok
+}
+
+// ErrDataExpired represents an error that update a record which has been updated by another thread
+type ErrDataExpired struct {
+	Key string
+}
+
+// Error implements error
+func (err ErrDataExpired) Error() string {
+	return fmt.Sprintf("System setting[%s] has been updated by another thread", err.Key)
+}
+
+// IsErrDataExpired return true if err is ErrDataExpired
+func IsErrDataExpired(err error) bool {
+	_, ok := err.(ErrDataExpired)
+	return ok
+}
+
+// GetSetting returns specific setting
+func GetSetting(key string) (*Setting, error) {
+	v, err := GetSettings([]string{key})
+	if err != nil {
+		return nil, err
+	}
+	if len(v) == 0 {
+		return nil, ErrSettingIsNotExist{key}
+	}
+	return v[key], nil
+}
+
+// GetSettings returns specific settings
+func GetSettings(keys []string) (map[string]*Setting, error) {
+	for i := 0; i < len(keys); i++ {
+		keys[i] = strings.ToLower(keys[i])
+	}
+	settings := make([]*Setting, 0, len(keys))
+	if err := db.GetEngine(db.DefaultContext).
+		Where(builder.In("setting_key", keys)).
+		Find(&settings); err != nil {
+		return nil, err
+	}
+	settingsMap := make(map[string]*Setting)
+	for _, s := range settings {
+		settingsMap[s.SettingKey] = s
+	}
+	return settingsMap, nil
+}
+
+type AllSettings map[string]*Setting
+
+func (settings AllSettings) Get(key string) Setting {
+	if v, ok := settings[key]; ok {
+		return *v
+	}
+	return Setting{}
+}
+
+func (settings AllSettings) GetBool(key string) bool {
+	b, _ := strconv.ParseBool(settings.Get(key).SettingValue)
+	return b
+}
+
+func (settings AllSettings) GetVersion(key string) int {
+	return settings.Get(key).Version
+}
+
+// GetAllSettings returns all settings from user
+func GetAllSettings() (AllSettings, error) {
+	settings := make([]*Setting, 0, 5)
+	if err := db.GetEngine(db.DefaultContext).
+		Find(&settings); err != nil {
+		return nil, err
+	}
+	settingsMap := make(map[string]*Setting)
+	for _, s := range settings {
+		settingsMap[s.SettingKey] = s
+	}
+	return settingsMap, nil
+}
+
+// DeleteSetting deletes a specific setting for a user
+func DeleteSetting(setting *Setting) error {
+	_, err := db.GetEngine(db.DefaultContext).Delete(setting)
+	return err
+}
+
+func SetSettingNoVersion(key, value string) error {
+	s, err := GetSetting(key)
+	if IsErrSettingIsNotExist(err) {
+		return SetSetting(&Setting{
+			SettingKey:   key,
+			SettingValue: value,
+		})
+	}
+	if err != nil {
+		return err
+	}
+	s.SettingValue = value
+	return SetSetting(s)
+}
+
+// SetSetting updates a users' setting for a specific key
+func SetSetting(setting *Setting) error {
+	if err := upsertSettingValue(strings.ToLower(setting.SettingKey), setting.SettingValue, setting.Version); err != nil {
+		return err
+	}
+	setting.Version++
+	return nil
+}
+
+func upsertSettingValue(key, value string, version int) error {
+	return db.WithTx(func(ctx context.Context) error {
+		e := db.GetEngine(ctx)
+
+		// here we use a general method to do a safe upsert for different databases (and most transaction levels)
+		// 1. try to UPDATE the record and acquire the transaction write lock
+		//    if UPDATE returns non-zero rows are changed, OK, the setting is saved correctly
+		//    if UPDATE returns "0 rows changed", two possibilities: (a) record doesn't exist  (b) value is not changed
+		// 2. do a SELECT to check if the row exists or not (we already have the transaction lock)
+		// 3. if the row doesn't exist, do an INSERT (we are still protected by the transaction lock, so it's safe)
+		//
+		// to optimize the SELECT in step 2, we can use an extra column like `revision=revision+1`
+		//    to make sure the UPDATE always returns a non-zero value for existing (unchanged) records.
+
+		res, err := e.Exec("UPDATE system_setting SET setting_value=?, version = version+1 WHERE setting_key=? AND version=?", value, key, version)
+		if err != nil {
+			return err
+		}
+		rows, _ := res.RowsAffected()
+		if rows > 0 {
+			// the existing row is updated, so we can return
+			return nil
+		}
+
+		// in case the value isn't changed, update would return 0 rows changed, so we need this check
+		has, err := e.Exist(&Setting{SettingKey: key})
+		if err != nil {
+			return err
+		}
+		if has {
+			return ErrDataExpired{Key: key}
+		}
+
+		// if no existing row, insert a new row
+		_, err = e.Insert(&Setting{SettingKey: key, SettingValue: value})
+		return err
+	})
+}
+
+var (
+	GravatarSourceURL *url.URL
+	LibravatarService *libravatar.Libravatar
+)
+
+func Init() error {
+	var disableGravatar bool
+	disableGravatarSetting, err := GetSetting(KeyPictureDisableGravatar)
+	if IsErrSettingIsNotExist(err) {
+		disableGravatar = setting.GetDefaultDisableGravatar()
+		disableGravatarSetting = &Setting{SettingValue: strconv.FormatBool(disableGravatar)}
+	} else if err != nil {
+		return err
+	} else {
+		disableGravatar = disableGravatarSetting.GetValueBool()
+	}
+
+	var enableFederatedAvatar bool
+	enableFederatedAvatarSetting, err := GetSetting(KeyPictureEnableFederatedAvatar)
+	if IsErrSettingIsNotExist(err) {
+		enableFederatedAvatar = setting.GetDefaultEnableFederatedAvatar(disableGravatar)
+		enableFederatedAvatarSetting = &Setting{SettingValue: strconv.FormatBool(enableFederatedAvatar)}
+	} else if err != nil {
+		return err
+	} else {
+		enableFederatedAvatar = disableGravatarSetting.GetValueBool()
+	}
+
+	if setting.OfflineMode {
+		disableGravatar = true
+		enableFederatedAvatar = false
+	}
+
+	if disableGravatar || !enableFederatedAvatar {
+		var err error
+		GravatarSourceURL, err = url.Parse(setting.GravatarSource)
+		if err != nil {
+			return fmt.Errorf("Failed to parse Gravatar URL(%s): %v", setting.GravatarSource, err)
+		}
+	}
+
+	if enableFederatedAvatarSetting.GetValueBool() {
+		LibravatarService = libravatar.New()
+		if GravatarSourceURL.Scheme == "https" {
+			LibravatarService.SetUseHTTPS(true)
+			LibravatarService.SetSecureFallbackHost(GravatarSourceURL.Host)
+		} else {
+			LibravatarService.SetUseHTTPS(false)
+			LibravatarService.SetFallbackHost(GravatarSourceURL.Host)
+		}
+	}
+	return nil
+}
diff --git a/models/system/setting_key.go b/models/system/setting_key.go
new file mode 100644
index 0000000000..5a6ea6ed72
--- /dev/null
+++ b/models/system/setting_key.go
@@ -0,0 +1,11 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package system
+
+// enumerate all system setting keys
+const (
+	KeyPictureDisableGravatar       = "picture.disable_gravatar"
+	KeyPictureEnableFederatedAvatar = "picture.enable_federated_avatar"
+)
diff --git a/models/system/setting_test.go b/models/system/setting_test.go
new file mode 100644
index 0000000000..d25fc05f31
--- /dev/null
+++ b/models/system/setting_test.go
@@ -0,0 +1,53 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package system_test
+
+import (
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/models/system"
+	"code.gitea.io/gitea/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSettings(t *testing.T) {
+	keyName := "server.LFS_LOCKS_PAGING_NUM"
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	newSetting := &system.Setting{SettingKey: keyName, SettingValue: "50"}
+
+	// create setting
+	err := system.SetSetting(newSetting)
+	assert.NoError(t, err)
+	// test about saving unchanged values
+	err = system.SetSetting(newSetting)
+	assert.NoError(t, err)
+
+	// get specific setting
+	settings, err := system.GetSettings([]string{keyName})
+	assert.NoError(t, err)
+	assert.Len(t, settings, 1)
+	assert.EqualValues(t, newSetting.SettingValue, settings[strings.ToLower(keyName)].SettingValue)
+
+	// updated setting
+	updatedSetting := &system.Setting{SettingKey: keyName, SettingValue: "100", Version: newSetting.Version}
+	err = system.SetSetting(updatedSetting)
+	assert.NoError(t, err)
+
+	// get all settings
+	settings, err = system.GetAllSettings()
+	assert.NoError(t, err)
+	assert.Len(t, settings, 3)
+	assert.EqualValues(t, updatedSetting.SettingValue, settings[strings.ToLower(updatedSetting.SettingKey)].SettingValue)
+
+	// delete setting
+	err = system.DeleteSetting(&system.Setting{SettingKey: strings.ToLower(keyName)})
+	assert.NoError(t, err)
+	settings, err = system.GetAllSettings()
+	assert.NoError(t, err)
+	assert.Len(t, settings, 2)
+}
diff --git a/models/unittest/testdb.go b/models/unittest/testdb.go
index 25129137f7..2e6c25ae48 100644
--- a/models/unittest/testdb.go
+++ b/models/unittest/testdb.go
@@ -7,12 +7,12 @@ package unittest
 import (
 	"context"
 	"fmt"
-	"net/url"
 	"os"
 	"path/filepath"
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
+	system_model "code.gitea.io/gitea/models/system"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/setting"
@@ -91,10 +91,8 @@ func MainTest(m *testing.M, testOpts *TestOptions) {
 	setting.AppDataPath = appDataPath
 	setting.AppWorkPath = testOpts.GiteaRootPath
 	setting.StaticRootPath = testOpts.GiteaRootPath
-	setting.GravatarSourceURL, err = url.Parse("https://secure.gravatar.com/avatar/")
-	if err != nil {
-		fatalTestError("url.Parse: %v\n", err)
-	}
+	setting.GravatarSource = "https://secure.gravatar.com/avatar/"
+
 	setting.Attachment.Storage.Path = filepath.Join(setting.AppDataPath, "attachments")
 
 	setting.LFS.Storage.Path = filepath.Join(setting.AppDataPath, "lfs")
@@ -112,6 +110,9 @@ func MainTest(m *testing.M, testOpts *TestOptions) {
 	if err = storage.Init(); err != nil {
 		fatalTestError("storage.Init: %v\n", err)
 	}
+	if err = system_model.Init(); err != nil {
+		fatalTestError("models.Init: %v\n", err)
+	}
 
 	if err = util.RemoveAll(repoRootPath); err != nil {
 		fatalTestError("util.RemoveAll: %v\n", err)
diff --git a/models/user/avatar.go b/models/user/avatar.go
index 6a44a3bcb3..1c75c7406b 100644
--- a/models/user/avatar.go
+++ b/models/user/avatar.go
@@ -14,6 +14,7 @@ import (
 
 	"code.gitea.io/gitea/models/avatars"
 	"code.gitea.io/gitea/models/db"
+	system_model "code.gitea.io/gitea/models/system"
 	"code.gitea.io/gitea/modules/avatar"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -67,10 +68,16 @@ func (u *User) AvatarLinkWithSize(size int) string {
 	useLocalAvatar := false
 	autoGenerateAvatar := false
 
+	var disableGravatar bool
+	disableGravatarSetting, _ := system_model.GetSetting(system_model.KeyPictureDisableGravatar)
+	if disableGravatarSetting != nil {
+		disableGravatar = disableGravatarSetting.GetValueBool()
+	}
+
 	switch {
 	case u.UseCustomAvatar:
 		useLocalAvatar = true
-	case setting.DisableGravatar, setting.OfflineMode:
+	case disableGravatar, setting.OfflineMode:
 		useLocalAvatar = true
 		autoGenerateAvatar = true
 	}
diff --git a/models/user/setting.go b/models/user/setting.go
index fbb6fbab30..5fe7c2ec23 100644
--- a/models/user/setting.go
+++ b/models/user/setting.go
@@ -31,6 +31,34 @@ func init() {
 	db.RegisterModel(new(Setting))
 }
 
+// ErrUserSettingIsNotExist represents an error that a setting is not exist with special key
+type ErrUserSettingIsNotExist struct {
+	Key string
+}
+
+// Error implements error
+func (err ErrUserSettingIsNotExist) Error() string {
+	return fmt.Sprintf("Setting[%s] is not exist", err.Key)
+}
+
+// IsErrUserSettingIsNotExist return true if err is ErrSettingIsNotExist
+func IsErrUserSettingIsNotExist(err error) bool {
+	_, ok := err.(ErrUserSettingIsNotExist)
+	return ok
+}
+
+// GetSetting returns specific setting
+func GetSetting(uid int64, key string) (*Setting, error) {
+	v, err := GetUserSettings(uid, []string{key})
+	if err != nil {
+		return nil, err
+	}
+	if len(v) == 0 {
+		return nil, ErrUserSettingIsNotExist{key}
+	}
+	return v[key], nil
+}
+
 // GetUserSettings returns specific settings from user
 func GetUserSettings(uid int64, keys []string) (map[string]*Setting, error) {
 	settings := make([]*Setting, 0, len(keys))