gitolite-pystagit
parent
471f387e0f
commit
f82acd5fb5
2
Makefile
2
Makefile
|
@ -1,4 +1,4 @@
|
||||||
images=backup buku ddclient gitolite gitolite-stagit git-daemon rss-bridge syncthing tasks tor vdirsyncer wallabag xandikos
|
images=backup buku ddclient gitolite gitolite-pystagit git-daemon rss-bridge syncthing tasks tor vdirsyncer wallabag xandikos
|
||||||
.PHONY: all $(images)
|
.PHONY: all $(images)
|
||||||
all: $(images)
|
all: $(images)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
FROM alpine:3.13
|
||||||
|
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
gitolite \
|
||||||
|
libgit2 \
|
||||||
|
openssh-server \
|
||||||
|
python3 \
|
||||||
|
su-exec && \
|
||||||
|
apk add --no-cache --virtual .build-deps \
|
||||||
|
gcc \
|
||||||
|
libffi-dev \
|
||||||
|
libgit2-dev \
|
||||||
|
musl-dev \
|
||||||
|
py3-pip \
|
||||||
|
python3-dev && \
|
||||||
|
git clone https://github.com/gthar/pystagit.git /tmp/pystagit && \
|
||||||
|
pip install /tmp/pystagit && \
|
||||||
|
rm -r /tmp/pystagit && \
|
||||||
|
apk del .build-deps && \
|
||||||
|
passwd -u git && \
|
||||||
|
mkdir -p /opt/gitolite-local/hooks/common
|
||||||
|
|
||||||
|
COPY sshd_config /etc/ssh/sshd_config
|
||||||
|
COPY gitolite.rc /var/lib/git/.gitolite.rc
|
||||||
|
|
||||||
|
COPY bin/. /usr/local/bin/
|
||||||
|
COPY local_code/. /opt/gitolite-local/
|
||||||
|
|
||||||
|
RUN chown -R git:git /var/lib/git && \
|
||||||
|
chmod +x \
|
||||||
|
/usr/local/bin/entrypoint \
|
||||||
|
/usr/local/bin/build-pystagit-index \
|
||||||
|
/usr/local/bin/build-pystagit-repo \
|
||||||
|
/usr/local/bin/build-pystagit-repos \
|
||||||
|
/opt/gitolite-local/hooks/common/post-receive \
|
||||||
|
/opt/gitolite-local/triggers/build-pystagit-index \
|
||||||
|
/opt/gitolite-local/triggers/build-pystagit-repo \
|
||||||
|
/opt/gitolite-local/triggers/build-pystagit-repos
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
||||||
|
CMD ["/usr/sbin/sshd", "-D", "-e"]
|
|
@ -0,0 +1,16 @@
|
||||||
|
USERNAME = rilla
|
||||||
|
IMG_NAME = gitolite-pystagit
|
||||||
|
|
||||||
|
.PHONY: build build-nc
|
||||||
|
|
||||||
|
BIN=$(wildcard bin/*)
|
||||||
|
HOOKS=$(wildcard local_code/hooks/*)
|
||||||
|
TRIGGERS=$(wildcard local_code/triggers/*)
|
||||||
|
|
||||||
|
DEPS=Dockerfile $(BIN) $(HOOKS) $(TRIGGERS) gitolite.rc sshd_config
|
||||||
|
|
||||||
|
build: $(DEPS)
|
||||||
|
docker build -t $(USERNAME)/$(IMG_NAME) .
|
||||||
|
|
||||||
|
build-nc: $(DEPS)
|
||||||
|
docker build --no-cache -t $(USERNAME)/$(IMG_NAME) .
|
|
@ -0,0 +1,26 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
PYSTAGIT_BASE="${PYSTAGIT_BASE:-/var/lib/git/stagit}"
|
||||||
|
GL_REPO_BASE="${GL_REPO_BASE:-/var/lib/git/repositories}"
|
||||||
|
|
||||||
|
mk_index () {
|
||||||
|
gitolite list-phy-repos | \
|
||||||
|
gitolite access % stagit R any | \
|
||||||
|
awk \
|
||||||
|
-F'\t' \
|
||||||
|
-v d="${GL_REPO_BASE}" \
|
||||||
|
'{if ($3 !~ "DENIED") print d"/"$1".git"}' | \
|
||||||
|
xargs -r /usr/local/bin/stagit-index | \
|
||||||
|
sed 's|\(<a href=".*\)/log.html\(">\)|\1\2|' > \
|
||||||
|
"${1}/index.html"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -n "${SITES}" ]; then
|
||||||
|
for site in ${SITES}; do
|
||||||
|
mk_index "${PYSTAGIT_BASE}-${site}"
|
||||||
|
done
|
||||||
|
else
|
||||||
|
mk_index "${PYSTAGIT_BASE}"
|
||||||
|
fi
|
|
@ -0,0 +1,70 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
[ -z "${1}" ] && exit
|
||||||
|
|
||||||
|
PYSTAGIT_BASE="${PYSTAGIT_BASE:-/var/lib/git/pystagit}"
|
||||||
|
GL_REPO_BASE="${GL_REPO_BASE:-/var/lib/git/repositories}"
|
||||||
|
|
||||||
|
# shellcheck disable=SC1091
|
||||||
|
[ -f /etc/env ] && . /etc/env
|
||||||
|
|
||||||
|
run_pystagit () {
|
||||||
|
repo_dir="${GL_REPO_BASE}/${1}.git"
|
||||||
|
if [ -n "${2}" ]; then
|
||||||
|
out_dir="${PYSTAGIT_BASE}-${2}/${1}"
|
||||||
|
else
|
||||||
|
out_dir="${PYSTAGIT_BASE}/${1}"
|
||||||
|
fi
|
||||||
|
mkdir -p "${out_dir}" && \
|
||||||
|
cd "${out_dir}" && \
|
||||||
|
/usr/local/bin/pystagit "${repo_dir}" && \
|
||||||
|
ln -sf files.html index.html
|
||||||
|
}
|
||||||
|
|
||||||
|
set_url () {
|
||||||
|
url_file="${GL_REPO_BASE}/${1}.git/url"
|
||||||
|
if [ -n "${2}" ]; then
|
||||||
|
echo "${2}/${1}" > "${url_file}"
|
||||||
|
else
|
||||||
|
echo "url not set"
|
||||||
|
rm -f "${url_file}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
set_owner () {
|
||||||
|
owner_file="${GL_REPO_BASE}/${1}.git/owner"
|
||||||
|
if owner=$(gitolite git-config "${1}" gitweb.owner); then
|
||||||
|
echo "setting owner for '${1}'"
|
||||||
|
echo "${owner}" > "${owner_file}"
|
||||||
|
else
|
||||||
|
echo "usetting owner for '${1}'"
|
||||||
|
rm -f "${owner_file}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "running pystagit for '${1}'"
|
||||||
|
|
||||||
|
if gitolite access "${1}" pystagit R any; then
|
||||||
|
|
||||||
|
set_owner "${1}"
|
||||||
|
|
||||||
|
if [ -n "${SITES}" ]; then
|
||||||
|
_i=1
|
||||||
|
for site in ${SITES}; do
|
||||||
|
url=$(printf "%s" "${URLS}" | cut -d " " -f "$_i")
|
||||||
|
set_url "${1}" "${url}"
|
||||||
|
run_pystagit "${1}" "${site}"
|
||||||
|
_i=$((_i+1))
|
||||||
|
done
|
||||||
|
|
||||||
|
else
|
||||||
|
url=$(printf "%s" "${URLS}" | cut -d " " -f 1)
|
||||||
|
set_url "${1}" "${url}"
|
||||||
|
run_pystagit "${1}" ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
else
|
||||||
|
rm -rf "${PYSTAGIT_BASE}"*"/${1}.git"
|
||||||
|
fi
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
for repo in $(gitolite list-phy-repos); do
|
||||||
|
/usr/local/bin/build-pystagit-repo "${repo}"
|
||||||
|
done
|
|
@ -0,0 +1,49 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
su-exec git env | awk -F"=" '{ print $1"=\""$2"\"" }' > /etc/env
|
||||||
|
|
||||||
|
for algorithm in rsa dsa ecdsa ed25519; do
|
||||||
|
keyfile="/etc/ssh/keys/ssh_host_${algorithm}_key"
|
||||||
|
[ -f "$keyfile" ] || \
|
||||||
|
ssh-keygen -q -N '' -f "$keyfile" -t "$algorithm"
|
||||||
|
done
|
||||||
|
|
||||||
|
BASE_DIR=/var/lib/git
|
||||||
|
|
||||||
|
echo "fixing permissions..."
|
||||||
|
|
||||||
|
mkdir -p \
|
||||||
|
"${BASE_DIR}/.gitolite/conf" \
|
||||||
|
"${BASE_DIR}/.gitolite/hooks" \
|
||||||
|
"${BASE_DIR}/.gitolite/keydir" \
|
||||||
|
"${BASE_DIR}/.gitolite/logs"
|
||||||
|
chown -R git:git \
|
||||||
|
"${BASE_DIR}/.gitolite" \
|
||||||
|
"${BASE_DIR}/.ssh" \
|
||||||
|
"${BASE_DIR}/pystagit"* \
|
||||||
|
"${BASE_DIR}/repositories"
|
||||||
|
|
||||||
|
if [ ! -f "${BASE_DIR}/.ssh/authorized_keys" ]; then
|
||||||
|
if [ -z "$SSH_KEY" ]; then
|
||||||
|
echo "SSH_KEY needs to be set"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
SSH_KEY_NAME=${SSH_KEY_NAME:-admin}
|
||||||
|
echo "$SSH_KEY" > "/tmp/${SSH_KEY_NAME}.pub"
|
||||||
|
echo "gitolite's initial setup"
|
||||||
|
su-exec git gitolite setup -pk "/tmp/${SSH_KEY_NAME}.pub"
|
||||||
|
rm "/tmp/${SSH_KEY_NAME}.pub"
|
||||||
|
else
|
||||||
|
# stuff is already set up, but check the setup anyway
|
||||||
|
echo "gitolite's sanity setup"
|
||||||
|
su-exec git gitolite setup
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "building static site"
|
||||||
|
su-exec git build-pystagit-repos
|
||||||
|
su-exec git build-pystagit-index
|
||||||
|
|
||||||
|
echo "gitolite is ready,starting sshd"
|
||||||
|
exec "$@"
|
|
@ -0,0 +1,213 @@
|
||||||
|
# configuration variables for gitolite
|
||||||
|
|
||||||
|
# This file is in perl syntax. But you do NOT need to know perl to edit it --
|
||||||
|
# just mind the commas, use single quotes unless you know what you're doing,
|
||||||
|
# and make sure the brackets and braces stay matched up!
|
||||||
|
|
||||||
|
# (Tip: perl allows a comma after the last item in a list also!)
|
||||||
|
|
||||||
|
# HELP for commands can be had by running the command with "-h".
|
||||||
|
|
||||||
|
# HELP for all the other FEATURES can be found in the documentation (look for
|
||||||
|
# "list of non-core programs shipped with gitolite" in the master index) or
|
||||||
|
# directly in the corresponding source file.
|
||||||
|
|
||||||
|
%RC = (
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
# default umask gives you perms of '0700'; see the rc file docs for
|
||||||
|
# how/why you might change this
|
||||||
|
UMASK => 0077,
|
||||||
|
|
||||||
|
# look for "git-config" in the documentation
|
||||||
|
GIT_CONFIG_KEYS => 'gitweb.description gitweb.owner',
|
||||||
|
|
||||||
|
# comment out if you don't need all the extra detail in the logfile
|
||||||
|
LOG_EXTRA => 1,
|
||||||
|
# logging options
|
||||||
|
# 1. leave this section as is for 'normal' gitolite logging (default)
|
||||||
|
# 2. uncomment this line to log ONLY to syslog:
|
||||||
|
# LOG_DEST => 'syslog',
|
||||||
|
# 3. uncomment this line to log to syslog and the normal gitolite log:
|
||||||
|
# LOG_DEST => 'syslog,normal',
|
||||||
|
# 4. prefixing "repo-log," to any of the above will **also** log just the
|
||||||
|
# update records to "gl-log" in the bare repo directory:
|
||||||
|
# LOG_DEST => 'repo-log,normal',
|
||||||
|
# LOG_DEST => 'repo-log,syslog',
|
||||||
|
# LOG_DEST => 'repo-log,syslog,normal',
|
||||||
|
# syslog 'facility': defaults to 'local0', uncomment if needed. For example:
|
||||||
|
# LOG_FACILITY => 'local4',
|
||||||
|
|
||||||
|
# roles. add more roles (like MANAGER, TESTER, ...) here.
|
||||||
|
# WARNING: if you make changes to this hash, you MUST run 'gitolite
|
||||||
|
# compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
|
||||||
|
ROLES => {
|
||||||
|
READERS => 1,
|
||||||
|
WRITERS => 1,
|
||||||
|
},
|
||||||
|
|
||||||
|
# enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
|
||||||
|
# CACHE => 'Redis',
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
# rc variables used by various features
|
||||||
|
|
||||||
|
# the 'info' command prints this as additional info, if it is set
|
||||||
|
# SITE_INFO => 'Please see http://blahblah/gitolite for more help',
|
||||||
|
|
||||||
|
# the CpuTime feature uses these
|
||||||
|
# display user, system, and elapsed times to user after each git operation
|
||||||
|
# DISPLAY_CPU_TIME => 1,
|
||||||
|
# display a warning if total CPU times (u, s, cu, cs) crosses this limit
|
||||||
|
# CPU_TIME_WARN_LIMIT => 0.1,
|
||||||
|
|
||||||
|
# the Mirroring feature needs this
|
||||||
|
# HOSTNAME => "foo",
|
||||||
|
|
||||||
|
# TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
|
||||||
|
# CACHE_TTL => 600,
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
# suggested locations for site-local gitolite code (see cust.html)
|
||||||
|
|
||||||
|
# this one is managed directly on the server
|
||||||
|
LOCAL_CODE => "/opt/gitolite-local",
|
||||||
|
#LOCAL_CODE => "$ENV{HOME}/local",
|
||||||
|
|
||||||
|
# or you can use this, which lets you put everything in a subdirectory
|
||||||
|
# called "local" in your gitolite-admin repo. For a SECURITY WARNING
|
||||||
|
# on this, see http://gitolite.com/gitolite/non-core.html#pushcode
|
||||||
|
# LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------
|
||||||
|
|
||||||
|
#POST_COMPILE => [],
|
||||||
|
POST_COMPILE => [
|
||||||
|
'build-pystagit-repos',
|
||||||
|
'build-pystagit-index'
|
||||||
|
],
|
||||||
|
|
||||||
|
POST_CREATE => [
|
||||||
|
'build-pystagit-repo'
|
||||||
|
],
|
||||||
|
|
||||||
|
# List of commands and features to enable
|
||||||
|
ENABLE => [
|
||||||
|
|
||||||
|
# COMMANDS
|
||||||
|
|
||||||
|
# These are the commands enabled by default
|
||||||
|
'help',
|
||||||
|
'desc',
|
||||||
|
'info',
|
||||||
|
'perms',
|
||||||
|
'writable',
|
||||||
|
|
||||||
|
# Uncomment or add new commands here.
|
||||||
|
# 'create',
|
||||||
|
# 'fork',
|
||||||
|
# 'mirror',
|
||||||
|
# 'readme',
|
||||||
|
# 'sskm',
|
||||||
|
# 'D',
|
||||||
|
|
||||||
|
# These FEATURES are enabled by default.
|
||||||
|
|
||||||
|
# essential (unless you're using smart-http mode)
|
||||||
|
'ssh-authkeys',
|
||||||
|
|
||||||
|
# creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz'
|
||||||
|
'git-config',
|
||||||
|
|
||||||
|
# creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
|
||||||
|
'daemon',
|
||||||
|
|
||||||
|
# creates projects.list file; if you don't use gitweb, comment this out
|
||||||
|
#'gitweb',
|
||||||
|
|
||||||
|
# These FEATURES are disabled by default; uncomment to enable. If you
|
||||||
|
# need to add new ones, ask on the mailing list :-)
|
||||||
|
|
||||||
|
# user-visible behaviour
|
||||||
|
|
||||||
|
# prevent wild repos auto-create on fetch/clone
|
||||||
|
# 'no-create-on-read',
|
||||||
|
# no auto-create at all (don't forget to enable the 'create' command!)
|
||||||
|
# 'no-auto-create',
|
||||||
|
|
||||||
|
# access a repo by another (possibly legacy) name
|
||||||
|
# 'Alias',
|
||||||
|
|
||||||
|
# give some users direct shell access. See documentation in
|
||||||
|
# sts.html for details on the following two choices.
|
||||||
|
# "Shell $ENV{HOME}/.gitolite.shell-users",
|
||||||
|
# 'Shell alice bob',
|
||||||
|
|
||||||
|
# set default roles from lines like 'option default.roles-1 = ...', etc.
|
||||||
|
# 'set-default-roles',
|
||||||
|
|
||||||
|
# show more detailed messages on deny
|
||||||
|
# 'expand-deny-messages',
|
||||||
|
|
||||||
|
# show a message of the day
|
||||||
|
# 'Motd',
|
||||||
|
|
||||||
|
# system admin stuff
|
||||||
|
|
||||||
|
# enable mirroring (don't forget to set the HOSTNAME too!)
|
||||||
|
# 'Mirroring',
|
||||||
|
|
||||||
|
# allow people to submit pub files with more than one key in them
|
||||||
|
# 'ssh-authkeys-split',
|
||||||
|
|
||||||
|
# selective read control hack
|
||||||
|
# 'partial-copy',
|
||||||
|
|
||||||
|
# manage local, gitolite-controlled, copies of read-only upstream repos
|
||||||
|
# 'upstream',
|
||||||
|
|
||||||
|
# updates 'description' file instead of 'gitweb.description' config item
|
||||||
|
'cgit',
|
||||||
|
|
||||||
|
# allow repo-specific hooks to be added
|
||||||
|
#'repo-specific-hooks',
|
||||||
|
|
||||||
|
# performance, logging, monitoring...
|
||||||
|
|
||||||
|
# be nice
|
||||||
|
# 'renice 10',
|
||||||
|
|
||||||
|
# log CPU times (user, system, cumulative user, cumulative system)
|
||||||
|
# 'CpuTime',
|
||||||
|
|
||||||
|
|
||||||
|
# syntactic_sugar for gitolite.conf and included files
|
||||||
|
|
||||||
|
# allow backslash-escaped continuation lines in gitolite.conf
|
||||||
|
# 'continuation-lines',
|
||||||
|
|
||||||
|
# create implicit user groups from directory names in keydir/
|
||||||
|
# 'keysubdirs-as-groups',
|
||||||
|
|
||||||
|
# allow simple line-oriented macros
|
||||||
|
'macros',
|
||||||
|
|
||||||
|
# Kindergarten mode
|
||||||
|
|
||||||
|
# disallow various things that sensible people shouldn't be doing anyway
|
||||||
|
# 'Kindergarten',
|
||||||
|
],
|
||||||
|
|
||||||
|
);
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# per perl rules, this should be the last line in such a file:
|
||||||
|
1;
|
||||||
|
|
||||||
|
# Local variables:
|
||||||
|
# mode: perl
|
||||||
|
# End:
|
||||||
|
# vi: ft=perl
|
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
[ -n "${GL_REPO}" ] && \
|
||||||
|
/usr/local/bin/build-pystagit-repo "${GL_REPO}"
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
/usr/local/bin/build-pystagit-index
|
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
[ -n "$2" ] && /usr/local/bin/build-pystagit-repo "$2"
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
/usr/local/bin/build-pystagit-repos
|
|
@ -0,0 +1,23 @@
|
||||||
|
Port 22
|
||||||
|
Protocol 2
|
||||||
|
|
||||||
|
PermitRootLogin no
|
||||||
|
AllowUsers git
|
||||||
|
|
||||||
|
PasswordAuthentication no
|
||||||
|
PermitEmptyPasswords no
|
||||||
|
PubkeyAuthentication yes
|
||||||
|
|
||||||
|
HostKey /etc/ssh/keys/ssh_host_rsa_key
|
||||||
|
HostKey /etc/ssh/keys/ssh_host_dsa_key
|
||||||
|
HostKey /etc/ssh/keys/ssh_host_ecdsa_key
|
||||||
|
HostKey /etc/ssh/keys/ssh_host_ed25519_key
|
||||||
|
|
||||||
|
X11Forwarding no
|
||||||
|
PrintMotd no
|
||||||
|
|
||||||
|
ClientAliveInterval 300
|
||||||
|
ClientAliveCountMax 2
|
||||||
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
|
||||||
|
MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
|
||||||
|
HostKeyAlgorithms ssh-rsa,rsa-sha2-256,rsa-sha2-512
|
Loading…
Reference in New Issue