Fix git-server non-root deployment

- Generate SSH host keys in initContainer with correct ownership
- Remove deprecated UsePrivilegeSeparation from sshd_config
- Fix NFS repository permissions (UID 1001, GID 33)
- Configure git shared repository mode

2 files changed, 8 insertions, 5 deletions

diff --git a/f3s/git-server/docker-image/sshd_config b/f3s/git-server/docker-image/sshd_config
index 783f31b..1af7b59 100644
--- a/f3s/git-server/docker-image/sshd_config
+++ b/f3s/git-server/docker-image/sshd_config
@@ -7,9 +7,6 @@ Port 22
 AddressFamily any
 ListenAddress 0.0.0.0
 
-# Run without privilege separation (required for non-root)
-UsePrivilegeSeparation no
-
 # Host Keys
 HostKey /etc/ssh/ssh_host_ed25519_key
 HostKey /etc/ssh/ssh_host_rsa_key
diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml
index 759794b..e11d9a9 100644
--- a/f3s/git-server/helm-chart/templates/deployment.yaml
+++ b/f3s/git-server/helm-chart/templates/deployment.yaml
@@ -24,9 +24,15 @@ spec:
         - /bin/sh
         - -c
         - |
-          # Setup SSH host keys directory
+          # Install openssh for key generation
+          apk add --no-cache openssh
+          # Setup SSH host keys directory and generate keys
           mkdir -p /ssh-init
-          chown -R 0:0 /ssh-init
+          ssh-keygen -A -f /ssh-init/..
+          mv /ssh-init/../etc/ssh/ssh_host_* /ssh-init/
+          chown -R 1001:33 /ssh-init
+          chmod 600 /ssh-init/ssh_host_*_key
+          chmod 644 /ssh-init/ssh_host_*_key.pub
           # Setup authorized_keys with correct ownership
           # The /ssh-git mount point IS the .ssh directory
           # UID 1001 and GID 33 match the NFS file ownership