Upstream docs: https://gitea.com/gitea/docs
Everything not listed in this document behaves identically to upstream Gitea. If a feature, setting, or behavior is not mentioned here, the upstream documentation is accurate and fully applicable.
Gitea is a community managed lightweight code hosting solution written in Go. This repository packages Gitea for StartOS.
- Image and Container Runtime
- Volume and Data Layout
- Installation and First-Run Flow
- Configuration Management
- Network Access and Interfaces
- Actions (StartOS UI)
- SMTP / Email
- Backups and Restore
- Health Checks
- Dependencies
- Limitations and Differences
- What Is Unchanged from Upstream
- Contributing
- Quick Reference for AI Consumers
| Aspect | Standard Docker/Compose | StartOS |
|---|---|---|
| Image | gitea/gitea (upstream) |
Same image, unmodified |
| Architectures | Depends on host | x86_64, aarch64, riscv64 |
| Container orchestration | Docker / Docker Compose | StartOS SDK (SubContainer) — no user-facing docker-compose.yml |
| Entrypoint | Default Gitea entrypoint | Same (via sdk.useEntrypoint()) |
The upstream Gitea image is used unmodified. No custom Dockerfile exists. StartOS wraps the container with its own lifecycle management, health checks, and action system.
| Aspect | Standard Docker/Compose | StartOS |
|---|---|---|
| Primary volume | User-defined bind mount or named volume | Single managed volume main, mounted at /data |
| LFS storage | Configurable | Hardcoded to /data/git/lfs |
| Extra metadata | None | /data/store.json — StartOS-managed settings file (see Configuration Management) |
| Database | Configurable (SQLite, PostgreSQL, MySQL) | Defaults to SQLite inside /data (no external DB dependency) |
All persistent state lives under /data on a single StartOS-managed volume. There is no separate database container.
Standard Gitea presents a web-based installation wizard on first launch where you configure the database, admin account, server URL, and more.
On StartOS, this wizard is skipped entirely. The wrapper handles setup automatically:
-
Pre-install: A
store.jsonfile is written with:- A randomly generated 32-character
SECRET_KEY ROOT_URLset to empty (populated during init)- User registration disabled by default
- SMTP disabled by default
- A randomly generated 32-character
-
Init: The primary URL is auto-selected from available interface addresses (prefers
.local). -
First start: The environment variable
GITEA__security__INSTALL_LOCK=trueis set, which tells Gitea to skip its installation wizard. -
Admin user creation: A oneshot task checks whether any admin users exist. If none are found, StartOS surfaces an "important" task prompting the user to create their first admin account (username, email). A strong 22-character password is auto-generated and displayed once.
Key difference: There is no web-based setup wizard. Admin account creation happens through the StartOS action system, not through the Gitea UI.
Gitea normally uses app.ini or environment variables for configuration. On StartOS, a subset of settings are managed externally via environment variables injected at container start, with values persisted in /data/store.json.
These settings are controlled exclusively through StartOS actions and cannot be changed via app.ini or the Gitea admin panel:
| Setting | Env Var | Managed Via |
|---|---|---|
| Server root URL | GITEA__server__ROOT_URL |
"Set Primary URL" action |
| Install lock | GITEA__security__INSTALL_LOCK |
Always true (hardcoded) |
| Secret key | GITEA__security__SECRET_KEY |
Auto-generated at install, stored in store.json |
| User registration | GITEA__service__DISABLE_REGISTRATION |
"Enable/Disable Registrations" action |
| LFS path | GITEA__lfs__PATH |
Always /data/git/lfs (hardcoded) |
| SMTP/mailer | GITEA__mailer__* |
"Configure SMTP" action |
Everything else — repository settings, webhook configuration, OAuth, labels, user management, organization settings, etc. — works exactly as documented upstream via Gitea's admin panel or app.ini.
StartOS exposes two network interfaces for Gitea:
- Purpose: Web UI and git-over-HTTP
- Protocols available:
- HTTPS over
.local(LAN via mDNS) - HTTP over
.onion(Tor — encrypted by Tor itself)
- HTTPS over
- Purpose: git-over-SSH
- Username:
git
| Access method | Supported |
|---|---|
| LAN IP:port | Yes |
.local:port (mDNS) |
Yes |
.onion (Tor) |
Yes |
| Public/private custom domains | Yes — can be configured in StartOS and selected as primary URL |
| SSH over LAN | Yes (via LAN IP:port or custom domain) |
| SSH over Tor | Yes |
Each interface gets a unique port on the LAN. You can access Gitea via <lan-ip>:<port> or <hostname>.local:<port>. Public or private domains can be added in StartOS and selected as the primary URL via the "Set Primary URL" action.
Requires a Tor proxy running on port 9050 on the client machine.
# Global config
git config --global http.proxy "socks5h://127.0.0.1:9050"
# Per-repo clone
git clone http://<onion-address>/<user>/<repo> \
--config "http.proxy=socks5h://127.0.0.1:9050"
# Or via environment variable
http_proxy=socks5h://127.0.0.1:9050 git clone http://<onion-address>/<user>/<repo>Add to ~/.ssh/config:
Host *.onion
ProxyCommand /usr/bin/nc -x localhost:9050 -X5 %h %p
Requires netcat (nc) installed on the client.
StartOS adds management actions accessible from the service's page in the StartOS UI. These have no equivalent in standard Gitea's admin panel.
| Action | Visibility | Availability | Purpose |
|---|---|---|---|
| Create Admin User | Hidden | Running only | Create first admin account (auto-triggered if none exist) |
| Reset Admin Password | Visible | Running only | Generate new password for an existing admin |
| Set Primary URL | Visible | Any | Choose which URL serves as Gitea's ROOT_URL |
| Enable/Disable Registrations | Visible | Any | Toggle user self-registration |
| Configure SMTP | Visible | Any | Set up email sending |
- Inputs: Username, email
- Outputs: Username and auto-generated 22-character password (displayed once)
- Runs
gitea admin user createinternally
- Inputs: Select from list of existing admin users
- Outputs: Username and new auto-generated 22-character password
- Runs
gitea admin user change-passwordinternally
- Inputs: Select from available HTTP interface URLs (
.local,.onion, custom domains) - Outputs: None (takes effect on next start)
- Affects generated links, clone URLs, email links, etc.
- Inputs: None (toggle action)
- Outputs: None (takes effect on next start)
- Shows warning when enabling: anyone with the URL can create an account
- Disabled by default for security
- Inputs: Mode (disabled, system SMTP, or custom), plus credentials if custom
- Outputs: None (takes effect on next start)
- Custom mode supports overriding the "from" address
| Aspect | Standard Gitea | StartOS |
|---|---|---|
| Configuration | app.ini [mailer] section |
"Configure SMTP" action in StartOS UI |
| System SMTP | N/A | Can use StartOS system-level SMTP credentials |
| Custom SMTP | Via app.ini |
Via action form (server, port, from, login, password) |
| Default state | Disabled unless configured | Disabled |
SMTP settings configured through the Gitea admin panel or app.ini will be overridden by the environment variables set by StartOS on each restart.
| Aspect | Standard Gitea | StartOS |
|---|---|---|
| Backup method | gitea dump or manual file copy |
StartOS backup system — full volume snapshot of /data |
| Backup scope | Configurable | Entire /data volume (repos, DB, LFS, config, store.json) |
| Restore | Manual | StartOS restore flow — volume is fully restored before service starts |
| Scheduling | Manual or via cron | Managed through StartOS backup settings |
The gitea dump command is not used. StartOS backs up the raw volume contents.
| Aspect | Standard Gitea | StartOS |
|---|---|---|
| Endpoint | N/A (or custom Docker healthcheck) | GET /api/healthz on port 3000 |
| Grace period | N/A | 120 seconds |
| Display | N/A | "Web Interface" status shown in StartOS UI |
| Failure message | N/A | "Gitea is still starting. If this persists, please check the logs." |
None. Gitea runs with an embedded SQLite database and has no external service dependencies.
- No web-based installation wizard — setup is fully automated by StartOS.
- No external database — uses embedded SQLite only. No PostgreSQL or MySQL option.
- Certain settings are environment-locked —
ROOT_URL,INSTALL_LOCK,SECRET_KEY,DISABLE_REGISTRATION,LFS_PATH, and mailer settings are injected as environment variables and override anyapp.inivalues. - Registration disabled by default — must be explicitly enabled via action (standard Gitea defaults to enabled).
Everything not listed above works exactly as documented at https://gitea.com/gitea/docs. This includes but is not limited to:
- Repository management (create, fork, mirror, archive, transfer)
- Git operations (push, pull, fetch, LFS)
- Issues, pull requests, milestones, labels, projects
- Wiki pages
- Organization and team management
- Webhooks and integrations
- OAuth2 / OpenID Connect authentication
- Two-factor authentication
- User and admin panel settings (except the env-locked settings above)
- API (
/api/v1/...) - Gitea Actions (CI/CD)
- Package registry
- RSS/Atom feeds
- Markdown rendering, syntax highlighting
- All
app.inisettings not overridden by environment variables
See CONTRIBUTING.md for build instructions and development workflow.
package_id: gitea
image: gitea/gitea
architectures: [x86_64, aarch64, riscv64]
volumes:
main: /data
ports:
http: 3000
ssh: 22
dependencies: none
startos_managed_env_vars:
- GITEA__server__ROOT_URL
- GITEA__security__INSTALL_LOCK
- GITEA__security__SECRET_KEY
- GITEA__service__DISABLE_REGISTRATION
- GITEA__lfs__PATH
- GITEA__mailer__ENABLED
- GITEA__mailer__SMTP_ADDR
- GITEA__mailer__SMTP_PORT
- GITEA__mailer__FROM
- GITEA__mailer__USER
- GITEA__mailer__PASSWD
actions:
- create-admin
- reset-admin
- set-primary-url
- registrations
- manage-smtp