kenjim/appa-net
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
appa-net/zet.home.arpa/git-server/README.md
Kenji Morishige 060219d161 added git server info
2026-04-22 14:59:04 -05:00

9.4 KiB
Raw Permalink Blame History

Git Server Configuration

Gitea git server running on zet.home.arpa for managing internal repositories.

Overview

Software: Gitea (Git with a cup of tea)
Version: 1.25.4
Location: zet.home.arpa (172.27.0.35)
URL: http://172.27.0.35:3000/
User: kenjim
Status: Running and operational

Installation Details

Binary and Paths

Component Path Details
Gitea Binary /usr/local/bin/gitea Main executable
Work Directory /var/lib/gitea Data and repositories
Custom Configuration /var/lib/gitea/custom Custom templates, plugins, themes
Config File /etc/gitea/app.ini Gitea configuration (root-owned)
System User git (UID 1002) Service runs as this user
System Group git (GID 1003) Service group

Build Information

  • Build Tool: GNU Make 4.3
  • Language: Go 1.25.6
  • Database: SQLite with unlock notifications
  • Binary Format: bindata (self-contained assets)

System Integration

Systemd Service: gitea.service

[Unit]
Description=Gitea (Git with a cup of tea)
After=network.target

[Service]
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
RestartSec=2s
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea

# Hardening
PrivateTmp=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

Status:

  • Enabled: Yes (auto-start on boot)
  • Active: Yes (running since 2026-04-13 02:31:18 UTC)
  • PID: 1074
  • Memory: 170.5M (peak: 172.5M)

Git Integration

  • Git Version: 2.43.0
  • Git Home: /var/lib/gitea/data/home
  • Git User: git (system user)

Network Configuration

Web Interface

Protocol Address Port Status
HTTP 0.0.0.0 3000 Active
HTTP :: 3000 Active (IPv6)

Access URL: http://172.27.0.35:3000

SSH Access

Protocol Port Status Notes
SSH 22 Active Standard SSH port for Git operations

Clone URL Format: git@172.27.0.35:username/repo.git

Repository Configuration

Repositories

Three repositories are configured:

1. appa-net

  • Owner: kenjim
  • Type: Public
  • Status: Empty
  • Created: 2026-02-26
  • Last Updated: 2026-02-26
  • Clone (SSH): git@172.27.0.35:kenjim/appa-net.git
  • Clone (HTTP): http://172.27.0.35:3000/kenjim/appa-net.git
  • Features Enabled: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions
  • Permissions: Pull-only (no push permission)

2. dotfiles

  • Owner: kenjim
  • Type: Public
  • Status: Has code
  • Language: Shell
  • Created: 2026-02-23
  • Last Updated: 2026-03-30
  • Clone (SSH): git@172.27.0.35:kenjim/dotfiles.git
  • Clone (HTTP): http://172.27.0.35:3000/kenjim/dotfiles.git
  • Features Enabled: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions
  • Size: 265 KB

3. test

  • Owner: kenjim
  • Type: Public
  • Status: Empty
  • Created: 2026-02-23
  • Last Updated: 2026-02-23
  • Clone (SSH): git@172.27.0.35:kenjim/test.git
  • Clone (HTTP): http://172.27.0.35:3000/kenjim/test.git
  • Features Enabled: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions

Repository Features

All repositories have standard Gitea features enabled:

  • Issues: Time tracking, dependencies
  • Wiki: Collaborative documentation
  • Pull Requests: Code review with merge strategies
  • Projects: Kanban-style boards
  • Releases: Version management
  • Packages: Package registry
  • Actions: CI/CD pipelines

Default Repository Settings

  • Merge Strategies:
    • Allow merge commits (default)
    • Allow rebase
    • Allow rebase explicit
    • Allow squash merge
    • Allow fast-forward only merge
    • Allow rebase update
  • Default Merge Style: Merge
  • Maintainer Edit: Not allowed by default
  • Auto-delete Branch: Disabled
  • Whitespace Conflicts: Not ignored

Web Server Configuration

Apache2

  • Status: Installed but not reverse-proxying Gitea
  • Default Site: /etc/apache2/sites-available/000-default.conf
  • Document Root: /var/www/html
  • Gitea Access: Direct on port 3000, not through Apache

Gitea runs as a standalone service, not behind Apache reverse proxy.

Security Configuration

Process Hardening

The Gitea systemd service has the following security settings:

  • PrivateTmp=true — Private /tmp and /var/tmp
  • NoNewPrivileges=true — Prevents privilege escalation

User Isolation

  • Runs as dedicated git system user
  • Non-root execution
  • Restricted home directory access

Database

  • Type: SQLite (embedded)
  • Features: Unlock notifications enabled
  • Location: /var/lib/gitea/data/ (not directly accessible)

SQLite provides a simple, file-based database solution without needing a separate database server.

API Access

API Endpoint

Base URL: http://172.27.0.35:3000/api/v1

Available Endpoints:

  • /version — API and Gitea version
  • /repos/search — Search repositories
  • User management, repository management, and more

Authentication

  • Token-based authentication
  • User credentials can be generated in the web UI under Settings → Applications

Logging

Systemd Logs

View service logs:

journalctl -u gitea -n 20 --no-pager   # Last 20 lines
journalctl -u gitea -f                  # Follow live logs
systemctl status gitea --no-pager       # Service status

Application Logs

Logs are written to the console/systemd journal and available through journalctl.

File Permissions

Path Owner Permissions Notes
/usr/local/bin/gitea root 755 Executable by all
/var/lib/gitea git 750 Read/write by git user only
/var/lib/gitea/custom git 750 Custom configuration
/etc/gitea/app.ini root 640 Config readable by git group

Access Control

Users

  • User: kenjim
  • Created: 2026-02-23
  • Email: kenji@kenjim.com
  • Visibility: Public profile

Permissions:

  • No admin rights
  • No push access to repositories (pull-only on current setup)

Configuration Management

Configuration File Location

The main configuration file is at /etc/gitea/app.ini but is not readable by unprivileged users.

To view or modify configuration:

  1. SSH to zet.home.arpa
  2. Use sudo to edit /etc/gitea/app.ini
  3. Restart the service: sudo systemctl restart gitea

Configuration Sections (Typical)

Common Gitea configuration includes:

  • [server] — HTTP/HTTPS, domain, port
  • [database] — Database connection
  • [repository] — Repository settings
  • [ui] — UI customization
  • [security] — Security settings
  • [auth] — Authentication configuration

Managing the Service

Start/Stop/Restart

sudo systemctl start gitea     # Start the service
sudo systemctl stop gitea      # Stop the service
sudo systemctl restart gitea   # Restart the service
sudo systemctl status gitea    # Check status

Enable/Disable on Boot

sudo systemctl enable gitea    # Enable (already enabled)
sudo systemctl disable gitea   # Disable auto-start

Backup Considerations

  1. Database: Stored in /var/lib/gitea/ (SQLite)
  2. Repositories: In /var/lib/gitea/repositories/
  3. Configuration: /etc/gitea/app.ini
  4. Custom Content: /var/lib/gitea/custom/

Backup Strategy:

# As root, backup the entire gitea directory
sudo tar -czf gitea-backup-$(date +%Y-%m-%d).tar.gz \
  /var/lib/gitea /etc/gitea

Cloning Repositories

Using SSH

Requires SSH key setup. Clone format:

git clone git@172.27.0.35:kenjim/appa-net.git

Using HTTPS

No authentication required for public repositories:

git clone http://172.27.0.35:3000/kenjim/appa-net.git

Web Interface

Access repositories at: http://172.27.0.35:3000/kenjim/repository-name

Pushing Changes

Current user permissions: Pull-only

To push changes:

  1. Request admin permission in the repository settings, OR
  2. Contact the repository administrator to grant push access

Monitoring

Memory Usage

Current:

  • Usage: 170.5 MB
  • Peak: 172.5 MB

Monitor over time:

watch -n 5 'ps aux | grep gitea | grep -v grep'

Uptime

Service has been running since 2026-04-13 (9 days) without restart.

Disk Usage

Check Gitea data directory:

du -sh /var/lib/gitea
du -sh /var/lib/gitea/repositories

Troubleshooting

Issue Symptom Solution
Can't access web UI Port 3000 unreachable Check firewall rules, verify Gitea is running
SSH clone fails Permission denied Check SSH keys, verify user can access git@172.27.0.35
Database locked Gitea crashes on startup Check /var/lib/gitea/ permissions
High memory usage Memory exceeding 200MB+ Restart service, check for memory leaks

Future Enhancements

  • Configure Apache2 reverse proxy for Gitea
  • Enable HTTPS/TLS certificates
  • Set up regular automated backups
  • Configure LDAP or OAuth authentication
  • Enable email notifications
  • Configure webhooks for CI/CD
  • Set up Actions/CI runners

Last Updated: 2026-04-22
Discovered: During infrastructure investigation
Service Running Since: 2026-04-13 02:31:18 UTC

Reference in New Issue View Git Blame Copy Permalink