kenjim/appa-net

Fork 0

Files

Kenji Morishige 060219d161 added git server info

2026-04-22 14:59:04 -05:00

9.4 KiB

Raw Permalink Blame History

Git Server Configuration

Gitea git server running on zet.home.arpa for managing internal repositories.

Overview

Software: Gitea (Git with a cup of tea)
Version: 1.25.4
Location: zet.home.arpa (172.27.0.35)
URL: http://172.27.0.35:3000/
User: kenjim
Status: Running and operational

Installation Details

Binary and Paths

Component	Path	Details
Gitea Binary	`/usr/local/bin/gitea`	Main executable
Work Directory	`/var/lib/gitea`	Data and repositories
Custom Configuration	`/var/lib/gitea/custom`	Custom templates, plugins, themes
Config File	`/etc/gitea/app.ini`	Gitea configuration (root-owned)
System User	`git` (UID 1002)	Service runs as this user
System Group	`git` (GID 1003)	Service group

Build Information

Build Tool: GNU Make 4.3
Language: Go 1.25.6
Database: SQLite with unlock notifications
Binary Format: bindata (self-contained assets)

System Integration

Systemd Service: gitea.service

[Unit]
Description=Gitea (Git with a cup of tea)
After=network.target

[Service]
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
RestartSec=2s
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea

# Hardening
PrivateTmp=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

Status:

Enabled: Yes (auto-start on boot)
Active: Yes (running since 2026-04-13 02:31:18 UTC)
PID: 1074
Memory: 170.5M (peak: 172.5M)

Git Integration

Git Version: 2.43.0
Git Home: /var/lib/gitea/data/home
Git User: git (system user)

Network Configuration

Web Interface

Protocol	Address	Port	Status
HTTP	0.0.0.0	3000	Active
HTTP	::	3000	Active (IPv6)

Access URL: http://172.27.0.35:3000

SSH Access

Protocol	Port	Status	Notes
SSH	22	Active	Standard SSH port for Git operations

Clone URL Format: git@172.27.0.35:username/repo.git

Repository Configuration

Repositories

Three repositories are configured:

1. appa-net

Owner: kenjim
Type: Public
Status: Empty
Created: 2026-02-26
Last Updated: 2026-02-26
Clone (SSH): git@172.27.0.35:kenjim/appa-net.git
Clone (HTTP): http://172.27.0.35:3000/kenjim/appa-net.git
Features Enabled: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions
Permissions: Pull-only (no push permission)

2. dotfiles

Owner: kenjim
Type: Public
Status: Has code
Language: Shell
Created: 2026-02-23
Last Updated: 2026-03-30
Clone (SSH): git@172.27.0.35:kenjim/dotfiles.git
Clone (HTTP): http://172.27.0.35:3000/kenjim/dotfiles.git
Features Enabled: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions
Size: 265 KB

3. test

Owner: kenjim
Type: Public
Status: Empty
Created: 2026-02-23
Last Updated: 2026-02-23
Clone (SSH): git@172.27.0.35:kenjim/test.git
Clone (HTTP): http://172.27.0.35:3000/kenjim/test.git
Features Enabled: Issues, Wiki, Pull Requests, Projects, Releases, Packages, Actions

Repository Features

All repositories have standard Gitea features enabled:

Issues: Time tracking, dependencies
Wiki: Collaborative documentation
Pull Requests: Code review with merge strategies
Projects: Kanban-style boards
Releases: Version management
Packages: Package registry
Actions: CI/CD pipelines

Default Repository Settings

Merge Strategies:
- Allow merge commits (default)
- Allow rebase
- Allow rebase explicit
- Allow squash merge
- Allow fast-forward only merge
- Allow rebase update
Default Merge Style: Merge
Maintainer Edit: Not allowed by default
Auto-delete Branch: Disabled
Whitespace Conflicts: Not ignored

Web Server Configuration

Apache2

Status: Installed but not reverse-proxying Gitea
Default Site: /etc/apache2/sites-available/000-default.conf
Document Root: /var/www/html
Gitea Access: Direct on port 3000, not through Apache

Gitea runs as a standalone service, not behind Apache reverse proxy.

Security Configuration

Process Hardening

The Gitea systemd service has the following security settings:

PrivateTmp=true — Private /tmp and /var/tmp
NoNewPrivileges=true — Prevents privilege escalation

User Isolation

Runs as dedicated git system user
Non-root execution
Restricted home directory access

Database

Type: SQLite (embedded)
Features: Unlock notifications enabled
Location: /var/lib/gitea/data/ (not directly accessible)

SQLite provides a simple, file-based database solution without needing a separate database server.

API Access

API Endpoint

Base URL: http://172.27.0.35:3000/api/v1

Available Endpoints:

/version — API and Gitea version
/repos/search — Search repositories
User management, repository management, and more

Authentication

Token-based authentication
User credentials can be generated in the web UI under Settings → Applications

Logging

Systemd Logs

View service logs:

journalctl -u gitea -n 20 --no-pager   # Last 20 lines
journalctl -u gitea -f                  # Follow live logs
systemctl status gitea --no-pager       # Service status

Application Logs

Logs are written to the console/systemd journal and available through journalctl.

File Permissions

Path	Owner	Permissions	Notes
`/usr/local/bin/gitea`	root	755	Executable by all
`/var/lib/gitea`	git	750	Read/write by git user only
`/var/lib/gitea/custom`	git	750	Custom configuration
`/etc/gitea/app.ini`	root	640	Config readable by git group

Access Control

Users

User: kenjim
Created: 2026-02-23
Email: kenji@kenjim.com
Visibility: Public profile

Permissions:

No admin rights
No push access to repositories (pull-only on current setup)

Configuration Management

Configuration File Location

The main configuration file is at /etc/gitea/app.ini but is not readable by unprivileged users.

To view or modify configuration:

SSH to zet.home.arpa
Use sudo to edit /etc/gitea/app.ini
Restart the service: sudo systemctl restart gitea

Configuration Sections (Typical)

Common Gitea configuration includes:

[server] — HTTP/HTTPS, domain, port
[database] — Database connection
[repository] — Repository settings
[ui] — UI customization
[security] — Security settings
[auth] — Authentication configuration

Managing the Service

Start/Stop/Restart

sudo systemctl start gitea     # Start the service
sudo systemctl stop gitea      # Stop the service
sudo systemctl restart gitea   # Restart the service
sudo systemctl status gitea    # Check status

Enable/Disable on Boot

sudo systemctl enable gitea    # Enable (already enabled)
sudo systemctl disable gitea   # Disable auto-start

Backup Considerations

Database: Stored in /var/lib/gitea/ (SQLite)
Repositories: In /var/lib/gitea/repositories/
Configuration: /etc/gitea/app.ini
Custom Content: /var/lib/gitea/custom/

Backup Strategy:

# As root, backup the entire gitea directory
sudo tar -czf gitea-backup-$(date +%Y-%m-%d).tar.gz \
  /var/lib/gitea /etc/gitea

Cloning Repositories

Using SSH

Requires SSH key setup. Clone format:

git clone git@172.27.0.35:kenjim/appa-net.git

Using HTTPS

No authentication required for public repositories:

git clone http://172.27.0.35:3000/kenjim/appa-net.git

Web Interface

Access repositories at: http://172.27.0.35:3000/kenjim/repository-name

Pushing Changes

Current user permissions: Pull-only

To push changes:

Request admin permission in the repository settings, OR
Contact the repository administrator to grant push access

Monitoring

Memory Usage

Current:

Usage: 170.5 MB
Peak: 172.5 MB

Monitor over time:

watch -n 5 'ps aux | grep gitea | grep -v grep'

Uptime

Service has been running since 2026-04-13 (9 days) without restart.

Disk Usage

Check Gitea data directory:

du -sh /var/lib/gitea
du -sh /var/lib/gitea/repositories

Troubleshooting

Issue	Symptom	Solution
Can't access web UI	Port 3000 unreachable	Check firewall rules, verify Gitea is running
SSH clone fails	Permission denied	Check SSH keys, verify user can access git@172.27.0.35
Database locked	Gitea crashes on startup	Check `/var/lib/gitea/` permissions
High memory usage	Memory exceeding 200MB+	Restart service, check for memory leaks

Future Enhancements

Configure Apache2 reverse proxy for Gitea
Enable HTTPS/TLS certificates
Set up regular automated backups
Configure LDAP or OAuth authentication
Enable email notifications
Configure webhooks for CI/CD
Set up Actions/CI runners

Last Updated: 2026-04-22
Discovered: During infrastructure investigation
Service Running Since: 2026-04-13 02:31:18 UTC

9.4 KiB Raw Permalink Blame History

Git Server Configuration

Overview

Installation Details

Binary and Paths

Build Information

System Integration

Git Integration

Network Configuration

Web Interface

SSH Access

Repository Configuration

Repositories

1. appa-net

2. dotfiles

3. test

Repository Features

Default Repository Settings

Web Server Configuration

Apache2

Security Configuration

Process Hardening

User Isolation

Database

API Access

API Endpoint

Authentication

Logging

Systemd Logs

Application Logs

File Permissions

Access Control

Users

Configuration Management

Configuration File Location

Configuration Sections (Typical)

Managing the Service

Start/Stop/Restart

Enable/Disable on Boot

Backup Considerations

Cloning Repositories

Using SSH

Using HTTPS

Web Interface

Pushing Changes

Monitoring

Memory Usage

Uptime

Disk Usage

Troubleshooting

Future Enhancements

9.4 KiB

Raw Permalink Blame History