made changes in order to make gitea work

2025-11-02 11:45:24 +01:00
parent 193f81211d
commit dd3ea726db
5 changed files with 102 additions and 30 deletions
--- a/homelab/applications/gitea/README.md
+++ b/homelab/applications/gitea/README.md
@ -0,0 +1,34 @@
+// TODO: refactor for gitea
+# Gitea
+## Set up database
+- Create database called `gitea`
+- Create database user called `gitea` incl. password
+- Store database credentials in 1Password
+
+## Set up non-root user for container
+We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called `gitea-user` & group called `gitea-group` set up. 
+
+1. Check if user `postgres` exists and if the UID is 1002
+
+```
+cat /etc/passwd | grep gitea
+```
+
+In case the `postgres` user exists but the UID is not 1002, please adjust it via 
+```
+sudo usermod -u 1002 postgres
+```
+
+In case the `postgres` user doesn't exist at all, please create the user incl. the right UID by running
+```
+sudo useradd -u 1002 postgres
+```
+
+## About secrets
+In order to manage secrets centrally in 1Password and due to the need for secrets in Postgres, using `docker compose` directly in the terminal does not work. 
+
+## Bring up/tear down container
+Please use the `start.sh` to spin up the container
+### Prerequisites start.sh
+- User executing the script is part of the `docker` group
+- Env variable `OP_SERVICE_ACCOUNT_TOKEN` is set up \[check out top-level README.md for more information on how to set this up\]