feat(git): use non-root and add robots.

8 files changed, 14 insertions, 7 deletions

diff --git a/.editorconfig b/.editorconfig
index 97c3ded..529f610 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -4,7 +4,7 @@ root = true
 end_of_line = lf
 charset = utf-8
 indent_style = space
-indent_size = 2
+indent_size = 4
 trim_trailing_whitespace = true
 
 [gitconfig]
diff --git a/services/docker/git-server/Dockerfile b/services/docker/git-server/Dockerfile
index b725122..274ba6a 100644
--- a/services/docker/git-server/Dockerfile
+++ b/services/docker/git-server/Dockerfile
@@ -3,13 +3,14 @@ RUN apt-get update && apt-get install -y \
     git cgit lighttpd apache2-utils python3-pygments python3-markdown \
     tar gzip bzip2 zip unzip tini && \
     rm -rf /var/lib/apt/lists/*
+RUN groupadd -g 1000 git && useradd -m -u 1000 -g 1000 -s /usr/bin/bash git
 
 ENV GIT_CONFIG_SYSTEM=/etc/gitconfig GIT_CONFIG_GLOBAL=/git/private/gitconfig
 
 ADD gitconfig /etc/gitconfig
-ADD --chmod=755 hooks/* /etc/git/hooks/
-ADD git-lighttpd.conf git-auth.conf /app/
-ADD --chmod=755 lighttpd-wrapper.bash /app/
+ADD hooks/* /etc/git/hooks/
+ADD git-lighttpd.conf git-auth.conf lighttpd-wrapper.bash /app/
 
+USER git:git
 VOLUME [ "/git" ]
 CMD [ "tini", "--", "/app/lighttpd-wrapper.bash" ]
diff --git a/services/docker/git-server/git-lighttpd.conf b/services/docker/git-server/git-lighttpd.conf
index ba8e592..567303a 100644
--- a/services/docker/git-server/git-lighttpd.conf
+++ b/services/docker/git-server/git-lighttpd.conf
@@ -2,6 +2,7 @@ server.modules += ("mod_accesslog")
 server.modules += ("mod_auth", "mod_authn_file", "mod_access")
 server.modules += ("mod_setenv", "mod_cgi", "mod_alias")
 
+server.port = 3636
 server.document-root = "/var/www/html/"
 accesslog.filename = "/dev/fd/3"
 
diff --git a/services/docker/git-server/hooks/update b/services/docker/git-server/hooks/update
index 4cfcacc..4cfcacc 100644..100755
--- a/services/docker/git-server/hooks/update
+++ b/services/docker/git-server/hooks/update
diff --git a/services/templates/cgitrc.template b/services/templates/cgitrc.template
index ffffaae..4cc88d2 100644
--- a/services/templates/cgitrc.template
+++ b/services/templates/cgitrc.template
@@ -10,12 +10,11 @@ enable-log-filecount=1
 enable-log-linecount=1
 section-from-path=1
 
-clone-url=@@CRUPEST_ROOT_URL@@/$CGIT_REPO_URL
+clone-url=@@CRUPEST_ROOT_URL@@$CGIT_REPO_URL
 snapshots=tar.gz tar.bz2 zip
 source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
 about-filter=/usr/lib/cgit/filters/about-formatting.sh
 readme=:README.md
 readme=:README
 
-remove-suffix=1
 scan-path=/git/
diff --git a/services/templates/nginx/conf.d/root.conf.template b/services/templates/nginx/conf.d/root.conf.template
index dd223c2..28c2fea 100644
--- a/services/templates/nginx/conf.d/root.conf.template
+++ b/services/templates/nginx/conf.d/root.conf.template
@@ -14,7 +14,7 @@ server {
     location /git/ {
         include common/proxy-common;
         client_max_body_size 5G;
-        proxy_pass http://git-server:80;
+        proxy_pass http://git-server:3636;
     }
 
     location = /github {
diff --git a/www/config/_default/hugo.yaml b/www/config/_default/hugo.yaml
index d66ef30..4ade102 100644
--- a/www/config/_default/hugo.yaml
+++ b/www/config/_default/hugo.yaml
@@ -2,6 +2,8 @@ baseURL: "https://crupest.life/"
 title: "crupest's life"
 copyright: "CC BY-NC 4.0"
 
+enableRobotsTXT: true
+
 languageCode: "en"
 defaultContentLanguage: "en"
 hasCJKLanguage: true
diff --git a/www/layouts/robots.txt b/www/layouts/robots.txt
new file mode 100644
index 0000000..962c62a
--- /dev/null
+++ b/www/layouts/robots.txt
@@ -0,0 +1,4 @@
+User-agent: *
+Disallow: /git/*/snapshot/*
+Disallow: /git/*/blame/*
+Allow: /