37 lines
1.4 KiB
Markdown
37 lines
1.4 KiB
Markdown
# Gitea
|
|
## Set up database
|
|
- Create database user called `gitea` incl. password
|
|
- Create database called `gitea` in Postgres
|
|
- Define new user as owner of the database
|
|
- Store database credentials in 1Password
|
|
|
|
## Set up non-root user for container
|
|
We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called `gitea-user` & group called `gitea-group` set up.
|
|
|
|
1. Check if user `gitea-user` & group `gitea-group` exist and if the UID/GID is 1003
|
|
|
|
```
|
|
cat /etc/passwd | grep gitea-user
|
|
cat /etc/group | grep gitea-group
|
|
```
|
|
|
|
In case user/group exists but the UID/GID is not 1003, please adjust it via
|
|
```
|
|
sudo usermod -u 1003 gitea-user
|
|
sudo groupmod -g 1003 gitea-group
|
|
```
|
|
|
|
In case user/group doesn't exist at all, please create the user & group incl. the right UID/GID by running
|
|
```
|
|
sudo groupadd -g 1003 gitea-group
|
|
sudo useradd -g gitea-group -u 1003 gitea-user
|
|
```
|
|
|
|
## About secrets
|
|
In order to manage secrets centrally in 1Password and due to the need for secrets in Gitea, using `docker compose` directly in the terminal does not work.
|
|
|
|
## Bring up/tear down container
|
|
Please use the `start.sh` to spin up the container
|
|
### Prerequisites start.sh
|
|
- User executing the script is part of the `docker` group
|
|
- Env variable `OP_SERVICE_ACCOUNT_TOKEN` is set up \[check out top-level README.md for more information on how to set this up\] |