From bf53700b7e23dc8079f4213713100af499fe19b6 Mon Sep 17 00:00:00 2001
From: Joakim <joakim@jnss.me>
Date: Thu, 11 Dec 2025 19:33:49 +0100
Subject: [PATCH] Fix Gitea PostgreSQL socket permission issue

- Add git user to postgres group for Unix socket access
- Ensure PostgreSQL socket directory has proper permissions
- Add socket connectivity test before database operations
- Update database tasks to use explicit socket parameters
- Add missing database privileges grant task

Resolves timeout issue in 'waiting for gitea to be ready' task
caused by permission denied errors when accessing PostgreSQL
Unix socket. Follows same pattern as working Authentik role.
---
 roles/gitea/tasks/main.yml | 44 ++++++++++++++++++++++++++++++++++----
 1 file changed, 40 insertions(+), 4 deletions(-)

diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index dd34469..0148580 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -43,22 +43,58 @@
     group: "{{ gitea_group }}"
     mode: '0700'
 
+# Socket access setup (following Authentik pattern)
+- name: Add git user to postgres group for socket access
+  user:
+    name: "{{ gitea_user }}"
+    groups: postgres
+    append: true
+
+- name: Ensure git can access PostgreSQL socket directory
+  file:
+    path: "/var/run/postgresql"
+    mode: '0770'
+    group: postgres
+  become: true
+
+- name: Test PostgreSQL socket connectivity
+  postgresql_ping:
+    login_unix_socket: "/var/run/postgresql"
+    login_user: "{{ gitea_user }}"
+  become: true
+  become_user: "{{ gitea_user }}"
+
 # Self-contained database management
-- name: Create Gitea database user
+- name: Create Gitea database user via socket
   postgresql_user:
     name: "{{ gitea_db_user }}"
     password: "{{ gitea_db_password }}"
     encrypted: yes
-  become: yes
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
   become_user: postgres
 
-- name: Create Gitea database
+- name: Create Gitea database via socket
   postgresql_db:
     name: "{{ gitea_db_name }}"
     owner: "{{ gitea_db_user }}"
     encoding: UTF8
     template: template0
-  become: yes
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
+  become_user: postgres
+
+- name: Grant Gitea database privileges
+  postgresql_privs:
+    db: "{{ gitea_db_name }}"
+    privs: ALL
+    type: database
+    role: "{{ gitea_db_user }}"
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
   become_user: postgres
 
 - name: Deploy Gitea configuration