adjusted readme for gitea

homelab/applications/gitea/README.md

@@ -1,31 +1,34 @@
-// TODO: refactor for gitea
 # Gitea
 ## Set up database
-- Create database called `gitea`
 - Create database user called `gitea` incl. password
+- Create database called `gitea` in Postgres
+- Define new user as owner of the database
 - Store database credentials in 1Password
 
 ## Set up non-root user for container
 We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called `gitea-user` & group called `gitea-group` set up. 
 
-1. Check if user `postgres` exists and if the UID is 1002
+1. Check if user `gitea-user` & group `gitea-group` exist and if the UID/GID is 1003
 
 ```
-cat /etc/passwd | grep gitea
+cat /etc/passwd | grep gitea-user
+cat /etc/group | grep gitea-group
 ```
 
-In case the `postgres` user exists but the UID is not 1002, please adjust it via 
+In case user/group exists but the UID/GID is not 1003, please adjust it via 
 ```
-sudo usermod -u 1002 postgres
+sudo usermod -u 1003 gitea-user
+sudo groupmod -g 1003 gitea-group
 ```
 
-In case the `postgres` user doesn't exist at all, please create the user incl. the right UID by running
+In case user/group doesn't exist at all, please create the user & group incl. the right UID/GID by running
 ```
-sudo useradd -u 1002 postgres
+sudo groupadd -g 1003 gitea-group
+sudo useradd -g gitea-group -u 1003 gitea-user
 ```
 
 ## About secrets
-In order to manage secrets centrally in 1Password and due to the need for secrets in Postgres, using `docker compose` directly in the terminal does not work. 
+In order to manage secrets centrally in 1Password and due to the need for secrets in Gitea, using `docker compose` directly in the terminal does not work. 
 
 ## Bring up/tear down container
 Please use the `start.sh` to spin up the container