feat(git-server): add git server.

author: Yuqian Yang <crupest@crupest.life> 2025-02-19 01:55:29 +0800
committer: Yuqian Yang <crupest@crupest.life> 2025-02-19 01:57:24 +0800
commit: 29bf91b8f57ec28492bb882d9f4d38fb12c9519a (patch)
tree: 8eb12e9eca946a66079ffa07369949394faaeefe
parent: ac21570aa3468a316b747cfbd8241ccdfe6039b3 (diff)
download: crupest-29bf91b8f57ec28492bb882d9f4d38fb12c9519a.tar.gz
crupest-29bf91b8f57ec28492bb882d9f4d38fb12c9519a.tar.bz2
crupest-29bf91b8f57ec28492bb882d9f4d38fb12c9519a.zip
8 files changed, 119 insertions, 0 deletions
diff --git a/docker/git-server/Dockerfile b/docker/git-server/Dockerfile
new file mode 100644
index 0000000..4f51485
--- /dev/null
+++ b/docker/git-server/Dockerfile
@@ -0,0 +1,24 @@
+
+FROM debian:latest AS lighttpd-config-generator
+RUN apt-get update && apt-get install -y apache2-utils
+RUN --mount=type=secret,id=git-server,required=true \
+  . /run/secrets/git-server && \
+  htpasswd -cb /user-info ${CRUPEST_GIT_SERVER_USERNAME} ${CRUPEST_GIT_SERVER_PASSWORD}
+ARG ROOT_URL
+ADD cgitrc.template /cgitrc.template
+RUN sed "s|@@ROOT_URL@@|${ROOT_URL}|g" /cgitrc.template > /cgitrc
+
+FROM debian:latest
+RUN apt-get update && apt-get install -y \
+    git cgit lighttpd apache2-utils python3-pygments python3-markdown \
+    tar gzip bzip2 zip unzip tini && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --from=lighttpd-config-generator /user-info /app/
+COPY --from=lighttpd-config-generator /cgitrc /etc/cgitrc
+ADD git-lighttpd.conf git-auth.conf /app/
+ADD --chmod=755 lighttpd-wrapper /app/
+
+VOLUME [ "/git" ]
+ENTRYPOINT ["/usr/bin/tini", "--"]
+CMD [ "/app/lighttpd-wrapper" ]
diff --git a/docker/git-server/cgitrc.template b/docker/git-server/cgitrc.template
new file mode 100644
index 0000000..3d65685
--- /dev/null
+++ b/docker/git-server/cgitrc.template
@@ -0,0 +1,20 @@
+css=/git/static/cgit.css
+logo=/git/static/cgit.png
+root-title=crupest Git Repos
+
+enable-http-clone=0
+enable-commit-graph=1
+enable-index-links=1
+enable-index-owner=0
+enable-log-filecount=1
+enable-log-linecount=1
+section-from-path=1
+
+clone-url=@@ROOT_URL@@/$CGIT_REPO_URL
+snapshots=tar.gz tar.bz2 zip
+source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+readme=:README.md
+readme=:README
+
+scan-path=/git/
diff --git a/docker/git-server/git-auth.conf b/docker/git-server/git-auth.conf
new file mode 100644
index 0000000..2908bec
--- /dev/null
+++ b/docker/git-server/git-auth.conf
@@ -0,0 +1,3 @@
+auth.backend = "htpasswd" 
+auth.backend.htpasswd.userfile = "/app/user-info" 
+auth.require = ( "" => ("method" => "basic", "realm" => "Git Access", "require" => "valid-user") )
diff --git a/docker/git-server/git-lighttpd.conf b/docker/git-server/git-lighttpd.conf
new file mode 100644
index 0000000..5d946bc
--- /dev/null
+++ b/docker/git-server/git-lighttpd.conf
@@ -0,0 +1,41 @@
+server.modules += ("mod_accesslog")
+server.modules += ("mod_auth", "mod_authn_file")
+server.modules += ("mod_setenv", "mod_cgi", "mod_alias")
+
+server.document-root = "/var/www/html/"
+accesslog.filename = "/dev/fd/3"
+
+$HTTP["url"] =^ "/git" {
+    mimetype.assign = ( ".css" => "text/css" )
+
+    $HTTP["url"] =~ "^/git/.*/(HEAD|info/refs|objects/info/[^/]+|git-(upload|receive)-pack)$" {
+        $HTTP["querystring"] =~ "service=git-receive-pack" {
+            include "git-auth.conf"
+        }
+        $HTTP["url"] =~ "^/git/.*/git-receive-pack$" {
+            include "git-auth.conf"
+        }
+        alias.url += ( "/git" => "/usr/lib/git-core/git-http-backend" )
+        setenv.add-environment = (
+            "GIT_PROJECT_ROOT" => "/git",
+            "GIT_HTTP_EXPORT_ALL" => ""
+        )
+        cgi.assign = ("" => "")
+    }
+    else $HTTP["url"] =~ "^/git/.*/((objects/[0-9a-f]{2}/[0-9a-f]{38})|(pack/pack-[0-9a-f]{40}.(pack|idx)))$" {
+        alias.url += (
+            "/git" => "/git",
+        )
+    }
+    else $HTTP["url"] =^ "/git/static" {
+        alias.url += (
+            "/git/static" => "/usr/share/cgit",
+        )
+    }
+    else {
+        alias.url += (
+            "/git" => "/usr/lib/cgit/cgit.cgi",
+        )
+        cgi.assign = ("" => "")
+    }
+}
diff --git a/docker/git-server/lighttpd-wrapper b/docker/git-server/lighttpd-wrapper
new file mode 100755
index 0000000..f071c13
--- /dev/null
+++ b/docker/git-server/lighttpd-wrapper
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 3>&1
+lighttpd -D -f /app/git-lighttpd.conf
diff --git a/templates/docker-compose.yaml.template b/templates/docker-compose.yaml.template
index fdf0d11..124c9d5 100644
--- a/templates/docker-compose.yaml.template
+++ b/templates/docker-compose.yaml.template
@@ -139,6 +139,23 @@ services:
       - /etc/localtime:/etc/localtime:ro
     restart: on-failure:3
 
+  git-server:
+    pull_policy: build
+    build:
+      context: ./docker/git-server
+      dockerfile: Dockerfile
+      secrets:
+        - "git-server"
+      pull: true
+      args:
+        - ROOT_URL=https://${CRUPEST_DOMAIN}/git
+      tags:
+        - "crupest/git-server:latest"
+    container_name: git-server
+    volumes:
+      - "./data/git:/git"
+    restart: on-failure:3
+
   roundcubemail:
     image: roundcube/roundcubemail:latest
     pull_policy: always
@@ -184,3 +201,7 @@ services:
 volumes:
   blog-public:
   roundcubemail-temp:
+
+secrets:
+  git-server:
+    file: data/config
diff --git a/templates/nginx/conf.d/root.conf.template b/templates/nginx/conf.d/root.conf.template
index b5f12ef..93675ff 100644
--- a/templates/nginx/conf.d/root.conf.template
+++ b/templates/nginx/conf.d/root.conf.template
@@ -11,6 +11,11 @@ server {
         proxy_pass http://2fauth:8000/;
     }
 
+    location /git/ {
+        include common/proxy-common;
+        proxy_pass http://git-server:80;
+    }
+
     location /_$CRUPEST_V2RAY_PATH {
         if ($http_upgrade != "websocket") {
             return 404;
diff --git a/tools/cru-py/cru/service/_config.py b/tools/cru-py/cru/service/_config.py
index b51e21c..e4ab966 100644
--- a/tools/cru-py/cru/service/_config.py
+++ b/tools/cru-py/cru/service/_config.py
@@ -207,6 +207,8 @@ class ConfigManager(AppCommandFeatureProvider):
         _add_random_string("2FAUTH_APP_KEY", "2FAuth App Key")
         _add_text("2FAUTH_MAIL_USERNAME", "2FAuth SMTP user")
         _add_text("2FAUTH_MAIL_PASSWORD", "2FAuth SMTP password")
+        _add_text("GIT_SERVER_USERNAME", "Git server username")
+        _add_text("GIT_SERVER_PASSWORD", "Git server password")
 
     def setup(self) -> None:
         self._config_file_path = self.app.data_dir.add_subpath(
author	Yuqian Yang <crupest@crupest.life>	2025-02-19 01:55:29 +0800
committer	Yuqian Yang <crupest@crupest.life>	2025-02-19 01:57:24 +0800
commit	29bf91b8f57ec28492bb882d9f4d38fb12c9519a (patch)
tree	8eb12e9eca946a66079ffa07369949394faaeefe
parent	ac21570aa3468a316b747cfbd8241ccdfe6039b3 (diff)
download	crupest-29bf91b8f57ec28492bb882d9f4d38fb12c9519a.tar.gz crupest-29bf91b8f57ec28492bb882d9f4d38fb12c9519a.tar.bz2 crupest-29bf91b8f57ec28492bb882d9f4d38fb12c9519a.zip