Fix gitea-init.sh running as root — drop to git user via su-exec

The Gitea Docker entrypoint sets up directories as root then exec's
the CMD still as root. Gitea refuses to run as root, so our init
script must re-exec itself as the 'git' user via su-exec before
running any gitea commands.

Bunker Admin

scripts/gitea-init.sh

@@ -6,16 +6,24 @@
 # Runs database migrations, creates the admin user (if credentials are provided
 # and the user doesn't already exist), then starts the Gitea web server.
 #
-# This script is exec'd by /usr/bin/entrypoint, which has already:
+# The Gitea entrypoint (/usr/bin/entrypoint) has already:
-#   - Set up UID/GID
+#   - Set up UID/GID, created directories, generated app.ini from GITEA__* env vars
-#   - Created directories with correct permissions
+# But it exec's our CMD still as root — Gitea refuses to run as root.
-#   - Converted GITEA__* env vars into /data/gitea/conf/app.ini
+# We must drop to the 'git' user before running any gitea commands.
 # =============================================================================
 set -e
 
 PREFIX="[gitea-init]"
 log()  { echo "$PREFIX $1"; }
 
+# Drop privileges: Gitea refuses to run as root. The Docker entrypoint
+# sets up directories as root, then exec's the CMD (us) — still as root.
+# Re-exec this script as the 'git' user via su-exec.
+if [ "$(id -u)" = "0" ]; then
+  log "Dropping to git user..."
+  exec su-exec git "$0" "$@"
+fi
+
 # --- Step 1: Run database migrations ---
 log "Running database migrations..."
 MIGRATE_OK=false