heckyel/gitolite-cgit-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: heckyel:master
Branches Tags
heckyel:main
heckyel:master
...
pull from: heckyel:main
Branches Tags
heckyel:main
heckyel:master

41 Commits
master ... main

Author SHA1 Message Date
Astound
566719317a
Set custom action trivy 2025-01-20 07:00:17 +08:00
Jesus
92d5171f1f
.gitea: set Trivy DB from AWS 2024-10-13 02:15:33 +08:00
Astound
f5351ce012
Add sync to sourcehut 2024-08-05 02:59:26 +08:00
Astound
b19258aea0
Make .gitolite.rc in runtime 2024-08-05 02:14:45 +08:00
Astound
cfb8706575
workflows: add git sync 2024-08-04 11:39:44 +08:00
Astound
d7182dda32
README.md: update 2024-08-04 11:16:58 +08:00
Astound
497e2c851e
Remove redundant argument from git daemon command in entrypoint.sh 
Removed the `/var/lib/git/repositories` argument from the `git daemon` command since it's redundant with the base-path already defined. This change optimizes the git daemon configuration.
 2024-08-04 09:53:11 +08:00
Astound
d0df1e5bad
workflows: update architectures support 2024-07-21 07:22:28 +08:00
Astound
cd5f00f541
Add trivy scan 2024-07-16 12:22:32 +08:00
Astound
883d7e794e
Rename image 2024-07-16 11:49:44 +08:00
Astound
ef54ac7c6e
Add CI/CD 2024-07-16 11:36:41 +08:00
Astound
bfc9124e82
update to alpine 3.20 2024-07-09 12:48:13 +08:00
Jesus E
738dabdd85
README.md: update 2023-07-03 16:46:42 -04:00
Jesus E
e905549453
Update alpine image version 2023-07-03 16:40:12 -04:00
Jesus E
1e6f82e10d
Add auto-default-branch 2023-07-03 16:23:00 -04:00
Jesus
0dab6b6f05
set upgrade iso steps 2022-10-28 23:49:59 +08:00
Jesús
be5c8595a1
README.md: update 2022-10-09 01:44:57 +08:00
Jesús
ed98f86bab
nginx zero logs 2022-10-09 00:59:32 +08:00
Jesús
31deddce8f
Revert "Remove unimportant volume" 
This reverts commit b4c1e8004bdc7f7c0f784cdb8826bf4724460bd2.
 2022-10-06 11:44:26 +08:00
Jesús
1557c11cba
Add prefix repo site to Dockerfile 2022-10-04 23:30:47 +08:00
Jesús
debcd98e05
Set version image base 2022-10-04 23:23:40 +08:00
Jesús
df92277b50
README.md: update 2022-10-04 23:04:17 +08:00
Jesús
cc48c7f800
README.md: fix space into 'How to interact with git server' step 2022-10-04 22:59:48 +08:00
Jesús
8eda39ee98
README.md: add space into 'How to interact with git server' step 2022-10-04 22:55:19 +08:00
Jesús
c6b64dee3f
README.md: update 2022-10-04 22:52:22 +08:00
Jesús
dfd054336c
Fix Permission denied (publickey,keyboard-interactive) 2022-10-04 12:35:48 +08:00
Jesús
b4c1e8004b
Remove unimportant volume 2022-02-17 22:32:55 -05:00
Jesús
56fb3bb208
Use -n instead of ! -z. 2021-12-31 23:46:37 -05:00
Jesús
25a57b557a
move to right switch branch 2021-12-31 23:37:10 -05:00
Jesús
d121d696bd
Fix divider color in header 2021-12-31 23:35:52 -05:00
Jesús
065d665d74
change to inline-block list items in pager 2021-12-31 23:13:48 -05:00
Jesús
943bced2c9
Fix pager design 2021-12-31 23:03:34 -05:00
Jesús
95cb9fe6c0
change file permissions 2021-11-02 16:41:41 -05:00
Jesús
6535be64b9
syntax-highlighting.py: add nonce-source to CSP support 2021-11-02 15:17:34 -05:00
Jesús
d05ebe3b64
Add nonce-source to CSP support 2021-11-02 15:06:16 -05:00
Jesús
1693bd969b
nginx: headers only main nginx 
resolve the headers only in the NGINX that serves HTTPS and not in the container
 2021-10-25 15:17:48 -05:00
Jesús
d28adfa173
nginx: remove Strict-Transport-Security 
Strict-Transport-Security is only HTTPS
 2021-10-25 12:19:32 -05:00
Jesús
37475fd3b8
nginx: improve conf 2021-10-25 11:57:56 -05:00
Jesús
f25244ef0d
README.md: update 2021-10-25 10:04:00 -05:00
Jesús
308734f2ea
SSH: disable login root 2021-10-24 16:03:27 -05:00
Jesús
0b80d2615f
SSH: config hard security 2021-10-24 15:48:35 -05:00
11 changed files with 495 additions and 228 deletions
Show Stats Expand all files Collapse all files

40
.gitea/workflows/git-sync.yaml Normal file
View File

@ -0,0 +1,40 @@
name: git-sync-with-mirror
on:
push:
branches: [ main ]
workflow_dispatch:
jobs:
git-sync:
runs-on: ubuntu-latest
steps:
- name: git-sync
env:
git_sync_source_repo: git@git.fridu.us:heckyel/gitolite-cgit-docker.git
git_sync_destination_repo: ssh://git@c.fridu.us/containers/gitolite-cgit-docker.git
if: env.git_sync_source_repo && env.git_sync_destination_repo
uses: wei/git-sync@v3
with:
source_repo: git@git.fridu.us:heckyel/gitolite-cgit-docker.git
source_branch: "main"
destination_repo: ssh://git@c.fridu.us/containers/gitolite-cgit-docker.git
destination_branch: "main"
source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_SSH_PRIVATE_KEY }}
destination_ssh_private_key: ${{ secrets.GIT_SYNC_DESTINATION_SSH_PRIVATE_KEY }}
- name: git-sync-sourcehut
env:
git_sync_source_repo: git@git.fridu.us:heckyel/gitolite-cgit-docker.git
git_sync_destination_repo: git@git.sr.ht:~heckyel/gitolite-cgit-docker
if: env.git_sync_source_repo && env.git_sync_destination_repo
uses: wei/git-sync@v3
with:
source_repo: git@git.fridu.us:heckyel/gitolite-cgit-docker.git
source_branch: "main"
destination_repo: git@git.sr.ht:~heckyel/gitolite-cgit-docker
destination_branch: "main"
source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_SSH_PRIVATE_KEY }}
destination_ssh_private_key: ${{ secrets.GIT_SYNC_DESTINATION_SSH_PRIVATE_KEY }}
continue-on-error: true

91
.gitea/workflows/release.yaml Normal file
View File

@ -0,0 +1,91 @@
name: release
on:
schedule:
- cron: 0 0 * * 5
push:
branches:
- main
jobs:
release-default:
runs-on: ubuntu-latest
container:
image: gitea/runner-images:ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker BuildX
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: --debug
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_REGISTRY_USER }}
password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
- name: Build Docker image
id: build-image
uses: docker/build-push-action@v6
with:
context: gitolite-cgit
file: gitolite-cgit/Dockerfile
platforms: |
linux/amd64
linux/arm/v6
linux/arm/v7
linux/arm64
linux/386
linux/ppc64le
push: false
no-cache: true
tags: |
rusian/gitolite-cgit:latest
- name: Run Trivy scan
uses: astounds/trivy-action@v1
with:
image: 'rusian/gitolite-cgit:latest'
severity: 'CRITICAL,HIGH'
pkg-types: 'os'
format: 'table'
exit-code: '1'
# - name: Install Trivy
# run: |
# curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# trivy --version
# - name: Run Trivy vulnerability scanner
# run: |
# trivy image rusian/gitolite-cgit:latest \
# --format table \
# --db-repository "ghcr.io/aquasecurity/trivy-db:2","public.ecr.aws/aquasecurity/trivy-db" \
# --java-db-repository "ghcr.io/aquasecurity/trivy-java-db:1","public.ecr.aws/aquasecurity/trivy-java-db:1" \
# --exit-code 1 \
# --ignore-unfixed \
# --pkg-types os \
# --severity CRITICAL,HIGH
- name: Push Docker image
uses: docker/build-push-action@v6
with:
context: gitolite-cgit
file: gitolite-cgit/Dockerfile
platforms: |
linux/amd64
linux/arm/v6
linux/arm/v7
linux/arm64
linux/386
linux/ppc64le
push: true
no-cache: false
tags: |
rusian/gitolite-cgit:latest

69
README.md
View File

@ -17,7 +17,7 @@ $ docker pull rusian/gitolite-cgit
2. Run the image with provided environment:
```console
$ docker run -e SSH_KEY="$(cat ~/.ssh/id_ed25519.pub)" -e SSH_KEY_NAME="$(whoami)" -p 22:22 -p 80:80 -p 9418:9418 -v repo:/var/lib/git/ rusian/gitolite-cgit
$ docker run -e SSH_KEY="$(cat ~/.ssh/id_ed25519.pub)" -e SSH_KEY_NAME="$(whoami)" -p 22:22 -p 80:80 -p 9418:9418 -v repo:/var/lib/git rusian/gitolite-cgit
```
### Environment
@ -37,7 +37,7 @@ $ docker run -e SSH_KEY="$(cat ~/.ssh/id_ed25519.pub)" -e SSH_KEY_NAME="$(whoami
### Volume
- `/var/lib/git`: gitolite home folder, store all repositories, `gitolite-admin` repo, ...
- `/var/lib/git`: gitolite home folder, store all repositories like `gitolite-admin`
- `/etc/ssh/`: store all generated SSH server key
### How to interact with git server
@ -45,9 +45,23 @@ $ docker run -e SSH_KEY="$(cat ~/.ssh/id_ed25519.pub)" -e SSH_KEY_NAME="$(whoami
Cgit webpage: `http://<server_ip>/`
Supported clone method:
- SSH: authentication with gitolite configuration inside `gitolite-admin`. For more information, pls refer to [basic administration](https://gitolite.com/gitolite/basic-admin.html). Syntax: `git clone ssh://git@<server_ip>/<repo_name>`
- HTTP: `enable-http-clone=1` by default, which let cgit act as a dumb HTTP enpoint for git clones. You can disable that by edit /etc/cgitrc. I may consider to add more feature, so you can set config from `docker run` or `docker-compose.yml`. `git push` is not supported via HTTP at this moment. Syntax: `git clone http://<server_ip>/<repo_name>`
- GIT: `git daemon` is enabled by default with `upload-pack` service (this serves git fetch-pack and git ls-remote clients), allowing anonymous fetch, clone. Syntax: `git clone git://<server_ip>/<repo_path>`
- SSH: authentication with gitolite configuration inside `gitolite-admin`.
For more information, please refer to [basic administration](https://gitolite.com/gitolite/basic-admin.html).
git clone ssh://git@<server_ip>/<repo_name>
- HTTP: `enable-http-clone=1` by default, which let cgit act as a dumb HTTP enpoint for git clones.
You can disable that by edit /etc/cgitrc. I may consider to add more feature, so you can set config
from `docker run` or `docker-compose.yml`. `git push` is not supported via HTTP.
git clone http://<server_ip>/<repo_name>
- GIT: `git daemon` is enabled by default with `upload-pack` service
(this serves git fetch-pack and git ls-remote clients), allowing anonymous
fetch, clone.
git clone git://<server_ip>/<repo_path>
## Docker-compose
@ -59,7 +73,9 @@ $ docker pull rusian/gitolite-cgit
2. Create environment file
In this repo, I create `gitolite` admin with the host public key and username. In case, you are running this on server, you need to enter SSH_KEY and SSH_KEY_NAME into `config.env`:
I create `gitolite` admin with the host public key and username.
In case, you are running this on server, you need to enter
**SSH_KEY** and **SSH_KEY_NAME** into `config.env`:
```
#
@ -77,7 +93,8 @@ CGIT_CLONE_PREFIX=http://<YOUR-DOMAIN> ssh://git@<YOUR-DOMAIN>
CGIT_SNAPSHOT=tar.gz tar.bz2 tar.xz
```
For convience, I create a script for user who use the public key and name from the host running Docker:
For convience, I create a `bootstrap.sh` script for user who use public
key and name from the host running Docker:
```bash
# change ssh_key, ssh_key_name to reflect your current setup
@ -90,6 +107,12 @@ sed -i.bak \
"$(dirname "$0")/config.env"
```
Generate public key and private key:
```console
sh bootstrap.sh
```
3. Create `docker-compose.yml`:
```yml
@ -101,7 +124,8 @@ services:
container_name: gitolite-cgit
env_file: config.env
volumes:
- git:/var/lib/git/
- git:/etc/ssh
- git:/var/lib/git
ports:
- 22:22
- 80:80
@ -136,7 +160,8 @@ services:
container_name: gitolite-cgit
env_file: config.env
volumes:
- git:/var/lib/git/
- git:/etc/ssh
- git:/var/lib/git
- ./cgitrc:/etc/cgitrc
ports:
- 22:22
@ -150,7 +175,7 @@ volumes:
## Build docker image
```console
$ git clone https://git.sr.ht/~heckyel/gitolite-cgit-docker
$ git clone https://c.hgit.ga/containers/gitolite-cgit-docker.git
```
```console
@ -220,3 +245,27 @@ repo CREATOR/[a-zA-Z0-9].*
R = @all
config gitweb.owner = %GL_CREATOR
```
#### Set default branch
```console
ssh git@gitolite-host symbolic-ref public/foo HEAD refs/heads/main
```
Real sample:
```console
ssh git@c.fridu.us symbolic-ref containers/gitolite-cgit-docker HEAD refs/heads/main
```
#### Delete branch
```console
git push origin :branch
```
Real sample:
```console
git push origin :master
```

7
gitolite-cgit/Dockerfile
View File

@ -1,8 +1,10 @@
FROM alpine:latest
FROM index.docker.io/alpine:3.20
LABEL MAINTAINER="heckyel@riseup.net"
# Install needed packages
RUN set -xe \
&& apk update \
&& apk upgrade \
&& apk add --no-cache --purge -uU \
# Install gitolite
gitolite git openssh \
@ -32,11 +34,12 @@ WORKDIR /var/lib/git
COPY cgit.css /usr/share/webapps/cgit/cgit.css
COPY md2html /usr/lib/cgit/filters/html-converters/md2html
COPY syntax-highlighting.py /usr/lib/cgit/filters/syntax-highlighting.py
COPY gitolite.rc /var/lib/git/.gitolite.rc
COPY auto-default-branch.sh /usr/lib/gitolite/triggers/auto-default-branch
COPY entrypoint.sh /
RUN chmod u+x /usr/lib/cgit/filters/html-converters/md2html
RUN chmod u+x /usr/lib/cgit/filters/syntax-highlighting.py
RUN chmod a+x /usr/lib/gitolite/triggers/auto-default-branch
RUN chmod u+x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

29
gitolite-cgit/auto-default-branch.sh Normal file
View File

@ -0,0 +1,29 @@
#!/bin/sh
info() { printf >&2 %s\\n "$*" ; }
die() { info "$*" ; exit 1 ; }
ensure_HEAD() {
[ "$1" = 'POST_GIT' ] || die "unsupported trigger '$1'"
cd "$GL_REPO_BASE/$2.git"
# everything OK if the default in HEAD points to a real branch
git show-ref --quiet --verify "$(git symbolic-ref HEAD)" && return 0
# there *might* be a mismatch, so let's find out a real branch
local head
head="$(git show-ref --heads | head -1 | sed -e 's/^.* //')"
# the repo might still be empty
[ -n "$head" ] || return 0
# we have a default branch that we can set here
info "setting HEAD to <$head>"
git symbolic-ref HEAD "$head" -m "Default HEAD to branch <$head>"
}
set -eu
ensure_HEAD "$@"

17
gitolite-cgit/cgit.css
View File

@ -2,6 +2,7 @@
--background: #212529;
--bg-strong: #131618;
--p-color: #131618;
--bd-color: #0062cc;
--brand-color: #0062cc;
--brand-lg-color: #3395ff;
--add-color: #00e676;
@ -81,7 +82,7 @@ color: var(--text);
}
table#header td.form {
text-align: left;
text-align: right;
vertical-align: bottom;
padding-right: 1em;
padding-bottom: 2px;
@ -96,7 +97,7 @@ font-size: 90%;
table#header td.sub {
color: var(--text);
border-top: solid 1px var(--background);
border-top: solid 1px var(--bd-color);
padding-left: 10px;
}
@ -560,6 +561,18 @@ color: var(--text);
margin: 0em 0.5em;
}
ul.pager {
list-style-type: none;
text-align: center;
margin: 1em 0em 0em 0em;
padding: 0;
}
ul.pager li {
display: inline-block;
margin: 0.25em 0.5em;
}
span.age-mins {
font-weight: bold;
color: #0c0;

262
gitolite-cgit/entrypoint.sh Executable file → Normal file
View File

@ -30,7 +30,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin no
#StrictModes yes
MaxAuthTries 3
#MaxSessions 10
@ -118,14 +118,231 @@ Subsystem sftp /usr/lib/ssh/sftp-server
# ForceCommand cvs server
# Algorithms
Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
MACs umac-128@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com
Ciphers chacha20-poly1305@openssh.com
KexAlgorithms curve25519-sha256@libssh.org
MACs hmac-sha2-512-etm@openssh.com
HostKeyAlgorithms=ssh-ed25519
EOF
fi
# -------------------------
# /var/lib/git/.gitolite.rc
# -------------------------
if [ ! -f /var/lib/git/.gitolite.rc ]; then
cat > /var/lib/git/.gitolite.rc <<- 'EOF'
# configuration variables for gitolite
# This file is in perl syntax. But you do NOT need to know perl to edit it --
# just mind the commas, use single quotes unless you know what you're doing,
# and make sure the brackets and braces stay matched up!
# (Tip: perl allows a comma after the last item in a list also!)
# HELP for commands can be had by running the command with "-h".
# HELP for all the other FEATURES can be found in the documentation (look for
# "list of non-core programs shipped with gitolite" in the master index) or
# directly in the corresponding source file.
%RC = (
# ------------------------------------------------------------------
# default umask gives you perms of '0700'; see the rc file docs for
# how/why you might change this
UMASK => 0027,
# look for "git-config" in the documentation
GIT_CONFIG_KEYS => '.*',
# comment out if you don't need all the extra detail in the logfile
LOG_EXTRA => 1,
# logging options
# 1. leave this section as is for 'normal' gitolite logging (default)
# 2. uncomment this line to log ONLY to syslog:
# LOG_DEST => 'syslog',
# 3. uncomment this line to log to syslog and the normal gitolite log:
# LOG_DEST => 'syslog,normal',
# 4. prefixing "repo-log," to any of the above will **also** log just the
# update records to "gl-log" in the bare repo directory:
# LOG_DEST => 'repo-log,normal',
# LOG_DEST => 'repo-log,syslog',
# LOG_DEST => 'repo-log,syslog,normal',
# syslog 'facility': defaults to 'local0', uncomment if needed. For example:
# LOG_FACILITY => 'local4',
# roles. add more roles (like MANAGER, TESTER, ...) here.
# WARNING: if you make changes to this hash, you MUST run 'gitolite
# compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
ROLES => {
READERS => 1,
WRITERS => 1,
},
# enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
# CACHE => 'Redis',
# ------------------------------------------------------------------
# rc variables used by various features
# the 'info' command prints this as additional info, if it is set
# SITE_INFO => 'Please see http://blahblah/gitolite for more help',
# the CpuTime feature uses these
# display user, system, and elapsed times to user after each git operation
# DISPLAY_CPU_TIME => 1,
# display a warning if total CPU times (u, s, cu, cs) crosses this limit
# CPU_TIME_WARN_LIMIT => 0.1,
# the Mirroring feature needs this
# HOSTNAME => "foo",
# TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
# CACHE_TTL => 600,
# ------------------------------------------------------------------
# suggested locations for site-local gitolite code (see cust.html)
# this one is managed directly on the server
# LOCAL_CODE => "$ENV{HOME}/local",
# or you can use this, which lets you put everything in a subdirectory
# called "local" in your gitolite-admin repo. For a SECURITY WARNING
# on this, see http://gitolite.com/gitolite/non-core.html#pushcode
# LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
# ------------------------------------------------------------------
# List of commands and features to enable
ENABLE => [
# COMMANDS
# These are the commands enabled by default
'help',
'desc',
'info',
'perms',
'writable',
'symbolic-ref',
# Uncomment or add new commands here.
'create',
'fork',
'mirror',
'readme',
'sskm',
'D',
# These FEATURES are enabled by default.
# essential (unless you're using smart-http mode)
'ssh-authkeys',
# creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz'
'git-config',
# creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
'daemon',
# creates projects.list file; if you don't use gitweb, comment this out
'gitweb',
# These FEATURES are disabled by default; uncomment to enable. If you
# need to add new ones, ask on the mailing list :-)
# user-visible behaviour
# prevent wild repos auto-create on fetch/clone
# 'no-create-on-read',
# no auto-create at all (don't forget to enable the 'create' command!)
# 'no-auto-create',
# access a repo by another (possibly legacy) name
# 'Alias',
# give some users direct shell access. See documentation in
# sts.html for details on the following two choices.
# "Shell $ENV{HOME}/.gitolite.shell-users",
# 'Shell alice bob',
# set default roles from lines like 'option default.roles-1 = ...', etc.
# 'set-default-roles',
# show more detailed messages on deny
# 'expand-deny-messages',
# show a message of the day
# 'Motd',
# system admin stuff
# enable mirroring (don't forget to set the HOSTNAME too!)
# 'Mirroring',
# allow people to submit pub files with more than one key in them
# 'ssh-authkeys-split',
# selective read control hack
# 'partial-copy',
# manage local, gitolite-controlled, copies of read-only upstream repos
# 'upstream',
# updates 'description' file instead of 'gitweb.description' config item
# 'cgit',
# allow repo-specific hooks to be added
# 'repo-specific-hooks',
# performance, logging, monitoring...
# be nice
# 'renice 10',
# log CPU times (user, system, cumulative user, cumulative system)
# 'CpuTime',
# syntactic_sugar for gitolite.conf and included files
# allow backslash-escaped continuation lines in gitolite.conf
# 'continuation-lines',
# create implicit user groups from directory names in keydir/
# 'keysubdirs-as-groups',
# allow simple line-oriented macros
# 'macros',
# Kindergarten mode
# disallow various things that sensible people shouldn't be doing anyway
# 'Kindergarten',
],
POST_GIT => [
'auto-default-branch',
],
);
# ------------------------------------------------------------------------------
# per perl rules, this should be the last line in such a file:
1;
# Local variables:
# mode: perl
# End:
# vim: set syn=perl:
EOF
fi
# -------------------------------
# Validate environment variables
# -------------------------------
# Create ssh host key if not present
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
@ -296,17 +513,17 @@ scan-path=/var/lib/git/repositories
EOF
# Append clone-prefix
if [ ! -z "$CGIT_CLONE_PREFIX" ]; then
if [ -n "$CGIT_CLONE_PREFIX" ]; then
echo "# Specify some default clone prefixes" >> /etc/cgitrc
echo "clone-prefix=$CGIT_CLONE_PREFIX" >> /etc/cgitrc
fi
if [ ! -z "$CGIT_ROOT_TITLE" ]; then
if [ -n "$CGIT_ROOT_TITLE" ]; then
echo "# Set the title and heading of the repository index page" >> /etc/cgitrc
echo "root-title=$CGIT_ROOT_TITLE" >> /etc/cgitrc
fi
if [ ! -z "$CGIT_DESC" ]; then
if [ -n "$CGIT_DESC" ]; then
echo "# Set description repository" >> /etc/cgitrc
echo "root-desc=$CGIT_DESC" >> /etc/cgitrc
fi
@ -318,12 +535,16 @@ EOF
# /usr/lib/cgit/filters/syntax-highlighting.sh
# Nginx configuration
rm -v /etc/nginx/http.d/default.conf || true
rm -f /etc/nginx/http.d/default.conf || true
cat > /etc/nginx/http.d/cgit.conf <<- EOF
server {
listen 80 default_server;
server_name localhost;
# Logs
access_log /dev/null;
error_log /dev/null;
root /usr/share/webapps/cgit;
try_files \$uri @cgit;
@ -355,6 +576,26 @@ EOF
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
gzip_min_length 1000; # default is 20 bytes
gzip_buffers 16 8k;
gzip_comp_level 2; # default is 1
client_body_timeout 30s; # default is 60
client_header_timeout 10s; # default is 60
send_timeout 10s; # default is 60
keepalive_timeout 10s; # default is 75
resolver_timeout 10s; # default is 30
reset_timedout_connection on;
proxy_ignore_client_abort on;
tcp_nopush on; # send headers in one piece
tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
# Enabling the sendfile directive eliminates the step of copying the data into the buffer
# and enables direct copying data from one file descriptor to another.
sendfile on;
sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
aio threads;
}
EOF
@ -368,11 +609,14 @@ spawn-fcgi -s /run/fcgiwrap/fcgiwrap.socket -f /usr/bin/fcgiwrap
chmod 660 /run/fcgiwrap/fcgiwrap.socket
# fix permissions gitolite
chown git:git /var/lib/git
chown git:git -R /var/lib/git
chmod 700 /var/lib/git
chown git:git /var/lib/git/.gitolite.rc
chmod 640 /var/lib/git/.gitolite.rc
# Start git-daemon
git daemon --detach --reuseaddr --base-path=/var/lib/git/repositories /var/lib/git/repositories
git daemon --detach --reuseaddr --base-path=/var/lib/git/repositories
# Start nginx
exec nginx -g "daemon off;"

202
gitolite-cgit/gitolite.rc
View File

@ -1,202 +0,0 @@
# configuration variables for gitolite
# This file is in perl syntax. But you do NOT need to know perl to edit it --
# just mind the commas, use single quotes unless you know what you're doing,
# and make sure the brackets and braces stay matched up!
# (Tip: perl allows a comma after the last item in a list also!)
# HELP for commands can be had by running the command with "-h".
# HELP for all the other FEATURES can be found in the documentation (look for
# "list of non-core programs shipped with gitolite" in the master index) or
# directly in the corresponding source file.
%RC = (
# ------------------------------------------------------------------
# default umask gives you perms of '0700'; see the rc file docs for
# how/why you might change this
UMASK => 0027,
# look for "git-config" in the documentation
GIT_CONFIG_KEYS => '.*',
# comment out if you don't need all the extra detail in the logfile
LOG_EXTRA => 1,
# logging options
# 1. leave this section as is for 'normal' gitolite logging (default)
# 2. uncomment this line to log ONLY to syslog:
# LOG_DEST => 'syslog',
# 3. uncomment this line to log to syslog and the normal gitolite log:
# LOG_DEST => 'syslog,normal',
# 4. prefixing "repo-log," to any of the above will **also** log just the
# update records to "gl-log" in the bare repo directory:
# LOG_DEST => 'repo-log,normal',
# LOG_DEST => 'repo-log,syslog',
# LOG_DEST => 'repo-log,syslog,normal',
# syslog 'facility': defaults to 'local0', uncomment if needed. For example:
# LOG_FACILITY => 'local4',
# roles. add more roles (like MANAGER, TESTER, ...) here.
# WARNING: if you make changes to this hash, you MUST run 'gitolite
# compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
ROLES => {
READERS => 1,
WRITERS => 1,
},
# enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
# CACHE => 'Redis',
# ------------------------------------------------------------------
# rc variables used by various features
# the 'info' command prints this as additional info, if it is set
# SITE_INFO => 'Please see http://blahblah/gitolite for more help',
# the CpuTime feature uses these
# display user, system, and elapsed times to user after each git operation
# DISPLAY_CPU_TIME => 1,
# display a warning if total CPU times (u, s, cu, cs) crosses this limit
# CPU_TIME_WARN_LIMIT => 0.1,
# the Mirroring feature needs this
# HOSTNAME => "foo",
# TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
# CACHE_TTL => 600,
# ------------------------------------------------------------------
# suggested locations for site-local gitolite code (see cust.html)
# this one is managed directly on the server
# LOCAL_CODE => "$ENV{HOME}/local",
# or you can use this, which lets you put everything in a subdirectory
# called "local" in your gitolite-admin repo. For a SECURITY WARNING
# on this, see http://gitolite.com/gitolite/non-core.html#pushcode
# LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
# ------------------------------------------------------------------
# List of commands and features to enable
ENABLE => [
# COMMANDS
# These are the commands enabled by default
'help',
'desc',
'info',
'perms',
'writable',
# Uncomment or add new commands here.
'create',
'fork',
'mirror',
'readme',
'sskm',
'D',
# These FEATURES are enabled by default.
# essential (unless you're using smart-http mode)
'ssh-authkeys',
# creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz'
'git-config',
# creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
'daemon',
# creates projects.list file; if you don't use gitweb, comment this out
'gitweb',
# These FEATURES are disabled by default; uncomment to enable. If you
# need to add new ones, ask on the mailing list :-)
# user-visible behaviour
# prevent wild repos auto-create on fetch/clone
# 'no-create-on-read',
# no auto-create at all (don't forget to enable the 'create' command!)
# 'no-auto-create',
# access a repo by another (possibly legacy) name
# 'Alias',
# give some users direct shell access. See documentation in
# sts.html for details on the following two choices.
# "Shell $ENV{HOME}/.gitolite.shell-users",
# 'Shell alice bob',
# set default roles from lines like 'option default.roles-1 = ...', etc.
# 'set-default-roles',
# show more detailed messages on deny
# 'expand-deny-messages',
# show a message of the day
# 'Motd',
# system admin stuff
# enable mirroring (don't forget to set the HOSTNAME too!)
# 'Mirroring',
# allow people to submit pub files with more than one key in them
# 'ssh-authkeys-split',
# selective read control hack
# 'partial-copy',
# manage local, gitolite-controlled, copies of read-only upstream repos
# 'upstream',
# updates 'description' file instead of 'gitweb.description' config item
# 'cgit',
# allow repo-specific hooks to be added
# 'repo-specific-hooks',
# performance, logging, monitoring...
# be nice
# 'renice 10',
# log CPU times (user, system, cumulative user, cumulative system)
# 'CpuTime',
# syntactic_sugar for gitolite.conf and included files
# allow backslash-escaped continuation lines in gitolite.conf
# 'continuation-lines',
# create implicit user groups from directory names in keydir/
# 'keysubdirs-as-groups',
# allow simple line-oriented macros
# 'macros',
# Kindergarten mode
# disallow various things that sensible people shouldn't be doing anyway
# 'Kindergarten',
],
);
# ------------------------------------------------------------------------------
# per perl rules, this should be the last line in such a file:
1;
# Local variables:
# mode: perl
# End:
# vim: set syn=perl:

2
gitolite-cgit/md2html
View File

@ -7,7 +7,7 @@ from markdown.extensions.toc import TocExtension
sys.stdin = io.TextIOWrapper(sys.stdin.buffer, encoding='utf-8')
sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
sys.stdout.write('''
<style>
<style nonce="f4eb1bb">
.markdown-body {
font-size: 14px;
line-height: 1.6;

2
gitolite-cgit/syntax-highlighting.py Executable file → Normal file
View File

@ -49,7 +49,7 @@ except TypeError:
# highlight! :-)
# printout pygments' css definitions as well
sys.stdout.write('<style>')
sys.stdout.write('<style nonce="8909ab9">')
sys.stdout.write(formatter.get_style_defs('.highlight'))
sys.stdout.write('</style>')
sys.stdout.write(highlight(data, lexer, formatter, outfile=None))

0
img/img.png → img/cgit.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 25 KiB