mucas/mucas-central
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dd3ea726dba7b5c8eebc772355949303d70018dc
mucas-central/homelab/applications/gitea/README.md
Amar Saljic dd3ea726db made changes in order to make gitea work
2025-11-02 11:45:24 +01:00

1.3 KiB
Raw Blame History

// TODO: refactor for gitea

Gitea

Set up database

  • Create database called gitea
  • Create database user called gitea incl. password
  • Store database credentials in 1Password

Set up non-root user for container

We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called gitea-user & group called gitea-group set up.

  1. Check if user postgres exists and if the UID is 1002
cat /etc/passwd | grep gitea

In case the postgres user exists but the UID is not 1002, please adjust it via

sudo usermod -u 1002 postgres

In case the postgres user doesn't exist at all, please create the user incl. the right UID by running

sudo useradd -u 1002 postgres

About secrets

In order to manage secrets centrally in 1Password and due to the need for secrets in Postgres, using docker compose directly in the terminal does not work.

Bring up/tear down container

Please use the start.sh to spin up the container

Prerequisites start.sh

  • User executing the script is part of the docker group
  • Env variable OP_SERVICE_ACCOUNT_TOKEN is set up [check out top-level README.md for more information on how to set this up]