Fix Gitea PostgreSQL socket permission issue

- Add git user to postgres group for Unix socket access - Ensure PostgreSQL socket directory has proper permissions - Add socket connectivity test before database operations - Update database tasks to use explicit socket parameters - Add missing database privileges grant task Resolves timeout issue in 'waiting for gitea to be ready' task caused by permission denied errors when accessing PostgreSQL Unix socket. Follows same pattern as working Authentik role.
2025-12-11 19:33:49 +01:00
parent 30a882b1e1
commit bf53700b7e
1 changed files with 40 additions and 4 deletions
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -43,22 +43,58 @@
    group: "{{ gitea_group }}"
    mode: '0700'

+# Socket access setup (following Authentik pattern)
+- name: Add git user to postgres group for socket access
+  user:
+    name: "{{ gitea_user }}"
+    groups: postgres
+    append: true
+
+- name: Ensure git can access PostgreSQL socket directory
+  file:
+    path: "/var/run/postgresql"
+    mode: '0770'
+    group: postgres
+  become: true
+
+- name: Test PostgreSQL socket connectivity
+  postgresql_ping:
+    login_unix_socket: "/var/run/postgresql"
+    login_user: "{{ gitea_user }}"
+  become: true
+  become_user: "{{ gitea_user }}"
+
 # Self-contained database management
- name: Create Gitea database user
+- name: Create Gitea database user via socket
  postgresql_user:
    name: "{{ gitea_db_user }}"
    password: "{{ gitea_db_password }}"
    encrypted: yes
-  become: yes
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
  become_user: postgres

- name: Create Gitea database
+- name: Create Gitea database via socket
  postgresql_db:
    name: "{{ gitea_db_name }}"
    owner: "{{ gitea_db_user }}"
    encoding: UTF8
    template: template0
-  become: yes
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
+  become_user: postgres
+
+- name: Grant Gitea database privileges
+  postgresql_privs:
+    db: "{{ gitea_db_name }}"
+    privs: ALL
+    type: database
+    role: "{{ gitea_db_user }}"
+    login_unix_socket: "/var/run/postgresql"
+    login_user: postgres
+  become: true
  become_user: postgres

 - name: Deploy Gitea configuration