# Gitea

## Anleitung

[https://docs.gitea.com/installation/install-with-docker](https://docs.gitea.com/installation/install-with-docker)

[https://integrations.goauthentik.io/integrations/services/gitea/](https://integrations.goauthentik.io/integrations/services/gitea/)

[https://docs.gitea.com/administration/config-cheat-sheet](https://docs.gitea.com/administration/config-cheat-sheet)

Runner:

[https://docs.gitea.com/usage/actions/act-runner#install-with-the-docker-image](https://docs.gitea.com/usage/actions/act-runner#install-with-the-docker-image)

[https://docs.gitea.com/usage/actions/act-runner#configuration](https://docs.gitea.com/usage/actions/act-runner#configuration)


## docker-compose.yml mit Runner

update mit v1.25.4 am 03.02.2026

```yaml
services:
  server:
    image: docker.gitea.com/gitea:1.25.4
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=<openssl rand -hex 24>
    restart: always
    networks:
      - gitea
    volumes:
      - app:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3046:3000"
      - "222:22"
    depends_on:
      - db

  db:
    image: docker.io/library/postgres:14
    restart: unless-stopped
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=<openssl rand -hex 24>
      - POSTGRES_DB=gitea
    networks:
      - gitea
    volumes:
      - db:/var/lib/postgresql/data

  runner:
    image: docker.io/gitea/act_runner:0.2.13
    environment:
      CONFIG_FILE: /config.yaml
      GITEA_INSTANCE_URL: "https://git.MEINEDOMAIN.DE"
      GITEA_RUNNER_REGISTRATION_TOKEN: "r5ES....ptLTD" # Token aus gitea web-ui Einstellungen > Actions > Runner > create Runner 
      GITEA_RUNNER_NAME: "gitea-runner-01"
      GITEA_RUNNER_LABELS: "ubuntu-22.04:host"
    volumes:
      - /mnt/fn-volume-01/docker-data/volumes/gitea_runner-cfg/config.yaml:/config.yaml
      - runner-data:/data
      - /var/run/docker.sock:/var/run/docker.sock

networks:
  gitea:
#    external: false
    
volumes:
  app:
  db:
  runner-data:
  
```

## SSH einrichten

Im meiner docker-compose.yml oben ist port 22 im Container auf Port 222 vom Host gemappt. Daher muss noch im Container in der app.ini der SSH-Port angepasst werden:

```bash
nano /var/lib/docker/volumes/gitea_app/_data/gitea/conf
```

```
[server]
...
SSH_PORT = 222
SSH_LISTEN_PORT = 222
...
```

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/Knoimage.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/Knoimage.png)

Danach den Gitea-Container neustarten und in einem Repo unter Code &gt; SSH die Adresse checken, ob der Port übernommen wurde:

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/2vfimage.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/2vfimage.png)

Nicht vergessen, den Port in der Firewall zu öffnen, in meinem Fall Hetzner, ansonsten auch in der ufw

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/t4mimage.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/t4mimage.png)

Um den eigenen SSH-Key verwenden zu können, muss der Public-Key natürlich noch in Gitea eingepflegt werden unter

Profilbild &gt; Einstellungen &gt; SSH / GPG-Schlüssel &gt; Schlüssel hinzufügen &gt; .pub-Key einfügen und benennen

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/5b2image.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/5b2image.png)

ssh testen mit

```
ssh -p 222 -i /home/BENUTZER/.ssh/id_MEINNAME_ed25519 git@git.DEINEDOMAIN.de
```

wenn successfully authenticated, testen mit git clone:

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/Wb9image.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/Wb9image.png)

Falls ein anderer ssh-key angegeben werden muss, kann dies in der ~/.ssh/config eingestellt werden (Datei anlegen, falls nicht vorhanden):

```
~ ❯ cat /home/eike/.ssh/config

Host git.MEINEDOMAIN.de
  HostName git.MEINEDOMAIN.de
  Port 222
  User git
  IdentityFile ~/.ssh/id_MEINNAME_ed25519
```


## OIDC-Settings in Authentik

### app.ini Configuration

[https://docs.gitea.com/administration/config-cheat-sheet](https://docs.gitea.com/administration/config-cheat-sheet)

nano /var/lib/docker/volumes/gitea\_app/\_data/gitea/conf/app.ini:

```ini
[service]
# ...
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = true
ALLOW_ONLY_EXTERNAL_REGISTRATION = true
ENABLE_AUTO_REGISTRATION = true
# ...

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

# ...
```

### Anwendungen &gt; Provider &gt; gitea

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/xJNimage.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/xJNimage.png)

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/caTimage.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/caTimage.png)

### Anwendungen &gt; Anwendungen &gt; Gitea

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/Jf6image.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/Jf6image.png)

### Customization &gt; Eigenschaften &gt; Scope Mapping

gitea scope für gruppen gituser, gitadmin und gitrestricted

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/qQUimage.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/qQUimage.png)

```python
gitea_claims = {}

if request.user.ak_groups.filter(name="gituser").exists():
    gitea_claims["gitea"]= "user"
if request.user.ak_groups.filter(name="gitadmin").exists():
    gitea_claims["gitea"]= "admin"
if request.user.ak_groups.filter(name="gitrestricted").exists():
    gitea_claims["gitea"]= "restricted"

return gitea_claims
```

### Verzeichnis &gt; Gruppen

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/lfiimage.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/lfiimage.png)

### OIDC-Settings in Gitea

Administration &gt; Identität &amp; Zugriff &gt; Authentifizierungsquellen &gt; Neu:

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/xTaimage.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/xTaimage.png)

[![image.png](https://wiki.folkerts.it/uploads/images/gallery/2025-06/scaled-1680-/VJ6image.png)](https://wiki.folkerts.it/uploads/images/gallery/2025-06/VJ6image.png)

<p class="callout warning">groß- und kleinbuchstaben beachten, alles so nennen wie in anleitung (auch scope, gruppen, claims, slug bei provider usw)</p>