# Gitea Service Unit File

Systemd service configuration for Gitea git server.

```ini
[Unit]
Description=Gitea (Git with a cup of tea)
After=network.target

[Service]
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea

# Hardening
PrivateTmp=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target
```

**Location**: `/etc/systemd/system/gitea.service`

**File Format**: Systemd unit file (INI-style)

## Key Configuration Parameters

### [Unit] Section
- **Description**: Gitea (Git with a cup of tea)
- **After**: Service starts after network is available

### [Service] Section

#### Execution
- **Type**: simple (traditional foreground process)
- **User**: git (unprivileged system user)
- **Group**: git (service group)
- **WorkingDirectory**: /var/lib/gitea (Gitea data directory)
- **ExecStart**: Command to start Gitea with config file

#### Restart Policy
- **Restart**: always (auto-restart on exit)
- **RestartSec**: 2s (wait 2 seconds before restarting)

#### Environment
- **USER**: git
- **HOME**: /home/git
- **GITEA_WORK_DIR**: /var/lib/gitea

#### Security Hardening
- **PrivateTmp**: true
  - Isolates /tmp and /var/tmp for the process
  - Prevents temp file leaks between processes
  
- **NoNewPrivileges**: true
  - Prevents capability escalation
  - Drops all capabilities except those explicitly granted

### [Install] Section
- **WantedBy**: multi-user.target
  - Service is wanted by the multi-user runlevel
  - Enables auto-start on boot when enabled

## Service Management Commands

### Status and Control
```bash
sudo systemctl status gitea              # Check current status
sudo systemctl start gitea               # Start the service
sudo systemctl stop gitea                # Stop the service
sudo systemctl restart gitea             # Restart the service
sudo systemctl enable gitea              # Enable auto-start on boot
sudo systemctl disable gitea             # Disable auto-start on boot
```

### Monitoring
```bash
journalctl -u gitea -n 50 --no-pager    # Last 50 log lines
journalctl -u gitea -f                   # Follow live logs
journalctl -u gitea --since "2 hours ago" # Logs from last 2 hours
```

### Reload Systemd
If you edit the unit file:
```bash
sudo systemctl daemon-reload
sudo systemctl restart gitea
```

## Lifecycle

1. **Systemd Start**: Systemd reads the unit file
2. **Environment Setup**: Sets USER=git, HOME=/home/git, GITEA_WORK_DIR
3. **Process Isolation**: Activates PrivateTmp and security restrictions
4. **Gitea Launch**: Executes `/usr/local/bin/gitea web --config /etc/gitea/app.ini`
5. **Crash Handling**: If process exits, waits 2 seconds and restarts automatically

## Notes

- Service runs in foreground (Type=simple) rather than daemon mode
- Output goes to systemd journal (viewable via `journalctl`)
- Working directory is `/var/lib/gitea` where Gitea stores data
- Restart policy ensures automatic recovery from crashes
- Security hardening prevents privilege escalation and temp file exposure

---

**Last Updated**: 2026-04-22  
**Source**: `/etc/systemd/system/gitea.service` on zet.home.arpa