diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index dd34469..0148580 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -43,22 +43,58 @@
     group: "{{ gitea_group }}"
     mode: '0700'
 
+# Socket access setup (following Authentik pattern)
+- name: Add git user to postgres group for socket access
+  user:
+    name: "{{ gitea_user }}"
+    groups: postgres
+    append: true
+
+- name: Ensure git can access PostgreSQL socket directory
+  file:
+    path: "/var/run/postgresql"
+    mode: '0770'
+    group: postgres
+  become: true
+
+- name: Test PostgreSQL socket connectivity
+  postgresql_ping:
+    login_unix_socket: "/var/run/postgresql"
+    login_user: "{{ gitea_user }}"
+  become: true
+  become_user: "{{ gitea_user }}"
+
 # Self-contained database management
-- name: Create Gitea database user
+- name: Create Gitea database user via socket
   postgresql_user:
     name: "{{ gitea_db_user }}"
     password: "{{ gitea_db_password }}"
     encrypted: yes
-  become: yes
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
   become_user: postgres
 
-- name: Create Gitea database
+- name: Create Gitea database via socket
   postgresql_db:
     name: "{{ gitea_db_name }}"
     owner: "{{ gitea_db_user }}"
     encoding: UTF8
     template: template0
-  become: yes
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
+  become_user: postgres
+
+- name: Grant Gitea database privileges
+  postgresql_privs:
+    db: "{{ gitea_db_name }}"
+    privs: ALL
+    type: database
+    role: "{{ gitea_db_user }}"
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
   become_user: postgres
 
 - name: Deploy Gitea configuration