summaryrefslogtreecommitdiff
path: root/f3s/git-server/docker-image/sshd_config
AgeCommit message (Collapse)Author
2026-01-10Fix git-server non-root deploymentPaul Buetow
- Generate SSH host keys in initContainer with correct ownership - Remove deprecated UsePrivilegeSeparation from sshd_config - Fix NFS repository permissions (UID 1001, GID 33) - Configure git shared repository mode
2026-01-09Use proper security contexts for NFS access without chownPaul Buetow
Changes: - Set fsGroup: 33 at pod level for proper NFS group access - Updated git user to UID 1001, GID 33 (www-data) to match NFS ownership - Run git-server container as UID 1001:33 (non-root) - Run cgit container as UID 33:33 (non-root) - Disabled SSH privilege separation (UsePrivilegeSeparation no) - Removed unnecessary capabilities (SETGID, SETUID, SYS_CHROOT) This follows the same pattern as filebrowser and webdav services, using security contexts instead of chown operations on NFS. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09Reduce SSH logging from DEBUG3 to INFOPaul Buetow
Debug logging was useful for troubleshooting but not needed in production. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09Add SSH connectivity for git-server and configure ArgoCDPaul Buetow
- Enable SYS_CHROOT capability for git-server SSH to work in containers - Configure ArgoCD repo-server to use SSH key for git-server access - Set DEBUG3 logging in sshd for troubleshooting (temp) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09Fix sshd_config and cgit permissionsPaul Buetow
- Remove unsupported UsePAM option from sshd_config - Run cgit as root to allow cache directory initialization - Add CHOWN and DAC_OVERRIDE capabilities for cgit
2026-01-09Add self-hosted git server with SSH and cgit web UIPaul Buetow
Deploy a self-hosted git repository solution to replace external Codeberg dependency. Components: - SSH git server: Alpine-based container with OpenSSH and git - cgit web UI: Browse repositories at cgit.f3s.buetow.org - Single pod design: git-server + cgit containers sharing storage Infrastructure: - Docker image in git-server/docker-image/ with Justfile build automation - Helm chart in git-server/helm-chart/ for Kubernetes deployment - 5Gi ReadWriteMany PVC for NFS-backed repository storage - ClusterIP service for ArgoCD internal access - NodePort 30022 for external SSH push access - Traefik ingress for cgit web UI ArgoCD Application manifest deployed to cicd namespace. Note: SSH keys must be created as Kubernetes secrets manually, not in git. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-09 08:31:09 +0000