From 4ccc433eb999b8557cf0607eadca155b078b6a72 Mon Sep 17 00:00:00 2001
From: bunker-admin <admin@thebunkerops.ca>
Date: Thu, 23 Apr 2026 10:54:24 -0600
Subject: [PATCH] fix(gitea): fall back to INITIAL_ADMIN_PASSWORD for
 gitea-init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously both compose files defaulted GITEA_ADMIN_PASSWORD to empty,
and scripts/gitea-init.sh silently skipped admin creation on blank input.
If config.sh failed to propagate the password (e.g. Docs Comments not
enabled, or --admin-password omitted), fresh installs ended up with a
Gitea container running but zero users — and the admin GUI's Gitea setup
wizard had no token to progress.

Changes:
- docker-compose.yml + docker-compose.prod.yml: GITEA_ADMIN_PASSWORD now
  falls back to INITIAL_ADMIN_PASSWORD when unset
- .env.example: declare GITEA_ADMIN_PASSWORD= with explanatory comment so
  users discover the override
- scripts/gitea-init.sh: silent skip becomes a loud WARN so a broken
  config is visible in compose logs

Bunker Admin
---
 .env.example            | 3 +++
 docker-compose.prod.yml | 4 ++--
 docker-compose.yml      | 4 ++--
 scripts/gitea-init.sh   | 5 ++++-
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/.env.example b/.env.example
index f4f9a929..d7420320 100644
--- a/.env.example
+++ b/.env.example
@@ -231,6 +231,9 @@ GITEA_WEB_PORT=3030
 GITEA_SSH_PORT=2222
 # Admin user (auto-created on first boot by gitea-init.sh)
 GITEA_ADMIN_USER=admin
+# Leave blank to reuse INITIAL_ADMIN_PASSWORD (compose resolves the fallback).
+# Set only if you want a distinct password for the Gitea admin account.
+GITEA_ADMIN_PASSWORD=
 GITEA_DB_TYPE=mysql
 GITEA_DB_HOST=gitea-db:3306
 GITEA_DB_NAME=gitea
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index cba420ee..5462daff 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -133,7 +133,7 @@ services:
       # Gitea (docs comments, version history, auto-setup)
       - GITEA_URL=${GITEA_URL:-http://gitea-changemaker:3000}
       - GITEA_API_TOKEN=${GITEA_API_TOKEN:-}
-      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD:-}
+      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD:-${INITIAL_ADMIN_PASSWORD}}
       - GITEA_DOCS_REPO=${GITEA_DOCS_REPO:-admin/changemaker.lite}
       - GITEA_DOCS_PREFIX=${GITEA_DOCS_PREFIX:-mkdocs/docs}
       - GITEA_DOCS_BRANCH=${GITEA_DOCS_BRANCH:-v2}
@@ -754,7 +754,7 @@ services:
     restart: "no"
     environment:
       - GITEA_ADMIN_USER=${GITEA_ADMIN_USER:-admin}
-      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD:-}
+      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD:-${INITIAL_ADMIN_PASSWORD}}
       - GITEA_ADMIN_EMAIL=${INITIAL_ADMIN_EMAIL:-admin@cmlite.org}
     volumes:
       - gitea-data:/data
diff --git a/docker-compose.yml b/docker-compose.yml
index 74949171..f5f6335b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -134,7 +134,7 @@ services:
       # Gitea (docs comments, version history, auto-setup)
       - GITEA_URL=${GITEA_URL:-http://gitea-changemaker:3000}
       - GITEA_API_TOKEN=${GITEA_API_TOKEN:-}
-      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD:-}
+      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD:-${INITIAL_ADMIN_PASSWORD}}
       - GITEA_DOCS_REPO=${GITEA_DOCS_REPO:-admin/changemaker.lite}
       - GITEA_DOCS_PREFIX=${GITEA_DOCS_PREFIX:-mkdocs/docs}
       - GITEA_DOCS_BRANCH=${GITEA_DOCS_BRANCH:-v2}
@@ -773,7 +773,7 @@ services:
     restart: "no"
     environment:
       - GITEA_ADMIN_USER=${GITEA_ADMIN_USER:-admin}
-      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD:-}
+      - GITEA_ADMIN_PASSWORD=${GITEA_ADMIN_PASSWORD:-${INITIAL_ADMIN_PASSWORD}}
       - GITEA_ADMIN_EMAIL=${INITIAL_ADMIN_EMAIL:-admin@cmlite.org}
     volumes:
       - gitea-data:/data
diff --git a/scripts/gitea-init.sh b/scripts/gitea-init.sh
index 879a16b2..daac9f9c 100755
--- a/scripts/gitea-init.sh
+++ b/scripts/gitea-init.sh
@@ -31,7 +31,10 @@ fi
 log "Found app.ini at $GITEA_CUSTOM/conf/app.ini"
 
 if [ -z "$GITEA_ADMIN_USER" ] || [ -z "$GITEA_ADMIN_PASSWORD" ] || [ -z "$GITEA_ADMIN_EMAIL" ]; then
-  log "No GITEA_ADMIN_USER/PASSWORD/EMAIL set — skipping"
+  log "WARN: GITEA_ADMIN_USER/PASSWORD/EMAIL is blank — admin user will NOT be created."
+  log "WARN: The Gitea Setup wizard in the admin GUI cannot proceed without this admin."
+  log "WARN: Fix: set GITEA_ADMIN_PASSWORD (or INITIAL_ADMIN_PASSWORD) in .env, then rerun:"
+  log "WARN:   docker compose up -d gitea-init"
   exit 0
 fi