diff --git a/homelab/applications/gitea/README.md b/homelab/applications/gitea/README.md index 28a125e..a90488f 100644 --- a/homelab/applications/gitea/README.md +++ b/homelab/applications/gitea/README.md @@ -1,28 +1,38 @@ # Gitea -## Set up database -- Create database user called `gitea` incl. password +## Prerequisites +### Set up database - Create database called `gitea` in Postgres -- Define new user as owner of the database -- Store database credentials in 1Password -## Set up non-root user for container -We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called `gitea-user` & group called `gitea-group` set up. +### Set up non-root user for container +We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called `gitea` set up -1. Check if user `gitea-user` & group `gitea-group` exist and if the UID/GID is 1003 +1. Check if user `gitea` ``` -cat /etc/passwd | grep gitea-user -cat /etc/group | grep gitea-group +cat /etc/passwd | grep gitea ``` -In case user/group exists but the UID/GID is not 1003, please adjust it via +In case user doesn't exist, please create the user by running ``` -sudo usermod -u 1003 gitea-user -sudo groupmod -g 1003 gitea-group +sudo useradd gitea ``` -In case user/group doesn't exist at all, please create the user & group incl. the right UID/GID by running +2. `data` & `config` folder ownership +Also you need to make sure that the `gitea` owner owns the volumes mounted for docker ``` -sudo groupadd -g 1003 gitea-group -sudo useradd -g gitea-group -u 1003 gitea-user -``` \ No newline at end of file +sudo chown -R gitea:gitea data +sudo chmod 770 data + +sudo chown -R gitea:gitea config +sudo chmod 770 config +``` + +3. Adjust compose.yml +Within `services > gitea > user`, make sure to replace `gitea` with the UID of the user on your machine +``` +cat /etc/passwd | grep gitea +``` + +## Initial setup +1. `docker compose up -d` +2. Open IP:8030 and continue set up \ No newline at end of file diff --git a/homelab/applications/gitea/compose.yml b/homelab/applications/gitea/compose.yml index 576c4ce..9f752b9 100644 --- a/homelab/applications/gitea/compose.yml +++ b/homelab/applications/gitea/compose.yml @@ -2,15 +2,9 @@ services: gitea: image: docker.gitea.com/gitea:1-rootless container_name: gitea - user: "1003:1003" + user: "gitea" environment: - USER_UID: "1003" - USER_GID: "1003" DISABLE_REGISTRATION: true - GITEA__database__DB_TYPE: postgres - GITEA__database__HOST: postgres:5432 - GITEA__database__NAME: gitea - GITEA__database__USER: gitea restart: always volumes: ['./data:/var/lib/gitea', './config:/etc/gitea'] ports: ['8030:3000', '2222:2222'] diff --git a/homelab/applications/postgres/README.md b/homelab/applications/postgres/README.md index a4ccb77..a7ea7f7 100644 --- a/homelab/applications/postgres/README.md +++ b/homelab/applications/postgres/README.md @@ -19,7 +19,7 @@ sudo chmod 770 data ``` 3. Adjust compose.yml -Within `services > postgres > user`, make sure to replare `postgres` with the UID of the user on your machine +Within `services > postgres > user`, make sure to replace `postgres` with the UID of the user on your machine ``` cat /etc/passwd | grep postgres ```