Minimal git Infrastructure: Difference between revisions

From Run Your Own
Jump to navigation Jump to search
Line 29: Line 29:
  setfacl -Rm g:gitusers:rwX /var/www/git.lurk.org/
  setfacl -Rm g:gitusers:rwX /var/www/git.lurk.org/
  setfacl -d -Rm g:gitusers:rwX /var/www/git.lurk.org/
  setfacl -d -Rm g:gitusers:rwX /var/www/git.lurk.org/
* Add the local users who should have access to full read-write access to the <code>gitusers</code> group:
adduser alice gitusers
adduser bob gitusers
# etc...
* Create a new nginx site config for the static website in <code>/etc/nginx/sites-enabled/sites-available/git.lurk.org</code>:
<code>
server {
    listen 443;
    server_name git.lurk.org;
    root /var/www/git.lurk.org/;
    autoindex on;
    access_log /var/log/nginx/git.lurk.org-access.log;
    error_log /var/log/nginx/git.lurk.org-error.log;
}
</code>
* Enable it and reload nginx:


== Usage ==
== Usage ==

Revision as of 19:09, 1 August 2019

Goal: To run your own minimal git infrastructure exclusively for your shell users (sorry no guest, no wiki, no issue tracker, and send patches via email plz or GTFO), making use of ancient ACL magic, and providing a web interface with stagit for public repos browsing and anonymous read-only clone/pull. In this example we use LURK's domain name and server setup as an example.

Prerequisites

Installs

  • Install libgit2 headers and ACL tools, on Debian:
apt install libgit2-dev acl
  • Compile and install stagit, a static git page generator:
cd /usr/src
git clone git://git.codemadness.org/stagit
cd stagit
make && make install

configs

We need two directories, one for serving the public static files, and one for keeping the bare git repositories.

  • create these directories for your repos and for stagit:
mkdir -p /var/www/git.lurk.org/repos
addgroup gitusers
  • Give this group the permissions to modify each others files in the git folders:
setfacl -Rm g:gitusers:rwX /var/www/git.lurk.org/
setfacl -d -Rm g:gitusers:rwX /var/www/git.lurk.org/
  • Add the local users who should have access to full read-write access to the gitusers group:
adduser alice gitusers
adduser bob gitusers
# etc...
  • Create a new nginx site config for the static website in /etc/nginx/sites-enabled/sites-available/git.lurk.org:

server {

   listen 443;
   server_name git.lurk.org;
   root /var/www/git.lurk.org/;
   autoindex on;
   access_log /var/log/nginx/git.lurk.org-access.log;
   error_log /var/log/nginx/git.lurk.org-error.log;

}

  • Enable it and reload nginx:

Usage