## Gitea docker setup with ssh #### Check if Git is installed Check that Git is installed on the server. If it is not, install it first. Gitea requires Git version >= 2.0. ```bash git --version ``` #### Create a user to run Gitea ```shell adduser \ --system \ --shell /bin/bash \ --gecos 'Git Version Control' \ --group \ --disabled-password \ --home /home/git \ git ``` #### Change pass word for git user ```shell passwd username ``` #### Make user git sudoers ```shell sudo usermod -aG wheel test-user ``` #### Find UID ```bash id -u ``` or for current user ```bash echo $UID ``` change uid and gid in next step for user git #### make folder for gitea and cd in it ```shell mkdir gitea cd gitea touch docker-compose.yml ``` #### docker compose yml config use any editor to change docker-compose.yml with config ```yml version: "3" networks: gitea: external: false services: server: image: gitea/gitea:1.16.9 container_name: gitea environment: - USER_UID=112 #change uid with one from last step - USER_GID=112 #change gid with one from last step - GITEA__database__DB_TYPE=postgres - GITEA__database__HOST=db:5432 - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=gitea restart: always networks: - gitea volumes: - ./gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - /home/git/.ssh/:/data/git/.ssh # add this for ssh support ports: - "3000:3000" - "127.0.0.1:2222:22" #ssh port to 2222 for gitea depends_on: - db db: image: postgres:14 restart: always environment: - POSTGRES_USER=gitea - POSTGRES_PASSWORD=gitea - POSTGRES_DB=gitea networks: - gitea volumes: - ./postgres:/var/lib/postgresql/data ``` #### seting up and down with docker compose ```bash docker compose up -d docker compose down ``` #### Give permission to user its home dir this command is needed when cant use ssh-keygen for another user but root ```bash chown -R git: /home/git/ ``` #### Login as git user ```shell su - username ``` #### Make ssh key pair ```bash sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" ``` #### set right permission for ssh authorized_keys ```bash sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys sudo -u git chmod 600 /home/git/.ssh/authorized_keys ``` Important: The pubkey from the `git` user needs to be added “as is” while all other pubkeys added via the Gitea web interface will be prefixed with `command="/usr [...]`. `/home/git/.ssh/authorized_keys` should then look somewhat like ```bash # SSH pubkey from git user ssh-rsa # other keys from users most likely there is none command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ``` #### Exit from git user and run needed command first exit from user git ```shell exit ``` and then run ```bash cat <<"EOF" | sudo tee /usr/local/bin/gitea #!/bin/sh ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@" EOF sudo chmod +x /usr/local/bin/gitea ``` #### remove git user from sudo ```shell sudo deluser username sudo ```