mucas/mucas-central
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4ccd00db2d8e9a98832cd02ee0476bccf29a5d25
mucas-central/homelab/applications/gitea
History
Amar Saljic 4ccd00db2d adjusted readme for gitea
2025-11-02 15:59:41 +01:00
..
compose.yml
made changes in order to make gitea work
2025-11-02 11:45:24 +01:00
README.md
adjusted readme for gitea
2025-11-02 15:59:41 +01:00
start.sh
made changes in order to make gitea work
2025-11-02 11:45:24 +01:00

README.md

Gitea

Set up database

  • Create database user called gitea incl. password
  • Create database called gitea in Postgres
  • Define new user as owner of the database
  • Store database credentials in 1Password

Set up non-root user for container

We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called gitea-user & group called gitea-group set up.

  1. Check if user gitea-user & group gitea-group exist and if the UID/GID is 1003
cat /etc/passwd | grep gitea-user
cat /etc/group | grep gitea-group

In case user/group exists but the UID/GID is not 1003, please adjust it via

sudo usermod -u 1003 gitea-user
sudo groupmod -g 1003 gitea-group

In case user/group doesn't exist at all, please create the user & group incl. the right UID/GID by running

sudo groupadd -g 1003 gitea-group
sudo useradd -g gitea-group -u 1003 gitea-user

About secrets

In order to manage secrets centrally in 1Password and due to the need for secrets in Gitea, using docker compose directly in the terminal does not work.

Bring up/tear down container

Please use the start.sh to spin up the container

Prerequisites start.sh

  • User executing the script is part of the docker group
  • Env variable OP_SERVICE_ACCOUNT_TOKEN is set up [check out top-level README.md for more information on how to set this up]