From 676786639604fe244ba5372471afba4c7824e365 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Fri, 9 Jan 2026 11:11:58 +0200
Subject: Fix sshd_config and cgit permissions

- Remove unsupported UsePAM option from sshd_config
- Run cgit as root to allow cache directory initialization
- Add CHOWN and DAC_OVERRIDE capabilities for cgit
---
 f3s/git-server/helm-chart/templates/deployment.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'f3s/git-server/helm-chart')

diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml
index a3f4568..0446725 100644
--- a/f3s/git-server/helm-chart/templates/deployment.yaml
+++ b/f3s/git-server/helm-chart/templates/deployment.yaml
@@ -71,13 +71,12 @@ spec:
         - name: cgit-cache
           mountPath: /var/cache/cgit
         securityContext:
-          runAsUser: 33
-          runAsGroup: 33
-          runAsNonRoot: true
+          runAsUser: 0
+          runAsGroup: 0
           allowPrivilegeEscalation: false
           capabilities:
             drop: ["ALL"]
-            add: ["NET_BIND_SERVICE"]
+            add: ["NET_BIND_SERVICE", "CHOWN", "DAC_OVERRIDE"]
         resources:
           requests:
             cpu: 50m
-- 
cgit v1.2.3