5 files changed, 91 insertions, 0 deletions

diff --git a/docker/git-server/Dockerfile b/docker/git-server/Dockerfile
new file mode 100644
index 0000000..4f51485
--- /dev/null
+++ b/docker/git-server/Dockerfile
@@ -0,0 +1,24 @@
+
+FROM debian:latest AS lighttpd-config-generator
+RUN apt-get update && apt-get install -y apache2-utils
+RUN --mount=type=secret,id=git-server,required=true \
+  . /run/secrets/git-server && \
+  htpasswd -cb /user-info ${CRUPEST_GIT_SERVER_USERNAME} ${CRUPEST_GIT_SERVER_PASSWORD}
+ARG ROOT_URL
+ADD cgitrc.template /cgitrc.template
+RUN sed "s|@@ROOT_URL@@|${ROOT_URL}|g" /cgitrc.template > /cgitrc
+
+FROM debian:latest
+RUN apt-get update && apt-get install -y \
+    git cgit lighttpd apache2-utils python3-pygments python3-markdown \
+    tar gzip bzip2 zip unzip tini && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --from=lighttpd-config-generator /user-info /app/
+COPY --from=lighttpd-config-generator /cgitrc /etc/cgitrc
+ADD git-lighttpd.conf git-auth.conf /app/
+ADD --chmod=755 lighttpd-wrapper /app/
+
+VOLUME [ "/git" ]
+ENTRYPOINT ["/usr/bin/tini", "--"]
+CMD [ "/app/lighttpd-wrapper" ]
diff --git a/docker/git-server/cgitrc.template b/docker/git-server/cgitrc.template
new file mode 100644
index 0000000..3d65685
--- /dev/null
+++ b/docker/git-server/cgitrc.template
@@ -0,0 +1,20 @@
+css=/git/static/cgit.css
+logo=/git/static/cgit.png
+root-title=crupest Git Repos
+
+enable-http-clone=0
+enable-commit-graph=1
+enable-index-links=1
+enable-index-owner=0
+enable-log-filecount=1
+enable-log-linecount=1
+section-from-path=1
+
+clone-url=@@ROOT_URL@@/$CGIT_REPO_URL
+snapshots=tar.gz tar.bz2 zip
+source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+readme=:README.md
+readme=:README
+
+scan-path=/git/
diff --git a/docker/git-server/git-auth.conf b/docker/git-server/git-auth.conf
new file mode 100644
index 0000000..2908bec
--- /dev/null
+++ b/docker/git-server/git-auth.conf
@@ -0,0 +1,3 @@
+auth.backend = "htpasswd" 
+auth.backend.htpasswd.userfile = "/app/user-info" 
+auth.require = ( "" => ("method" => "basic", "realm" => "Git Access", "require" => "valid-user") )
diff --git a/docker/git-server/git-lighttpd.conf b/docker/git-server/git-lighttpd.conf
new file mode 100644
index 0000000..5d946bc
--- /dev/null
+++ b/docker/git-server/git-lighttpd.conf
@@ -0,0 +1,41 @@
+server.modules += ("mod_accesslog")
+server.modules += ("mod_auth", "mod_authn_file")
+server.modules += ("mod_setenv", "mod_cgi", "mod_alias")
+
+server.document-root = "/var/www/html/"
+accesslog.filename = "/dev/fd/3"
+
+$HTTP["url"] =^ "/git" {
+    mimetype.assign = ( ".css" => "text/css" )
+
+    $HTTP["url"] =~ "^/git/.*/(HEAD|info/refs|objects/info/[^/]+|git-(upload|receive)-pack)$" {
+        $HTTP["querystring"] =~ "service=git-receive-pack" {
+            include "git-auth.conf"
+        }
+        $HTTP["url"] =~ "^/git/.*/git-receive-pack$" {
+            include "git-auth.conf"
+        }
+        alias.url += ( "/git" => "/usr/lib/git-core/git-http-backend" )
+        setenv.add-environment = (
+            "GIT_PROJECT_ROOT" => "/git",
+            "GIT_HTTP_EXPORT_ALL" => ""
+        )
+        cgi.assign = ("" => "")
+    }
+    else $HTTP["url"] =~ "^/git/.*/((objects/[0-9a-f]{2}/[0-9a-f]{38})|(pack/pack-[0-9a-f]{40}.(pack|idx)))$" {
+        alias.url += (
+            "/git" => "/git",
+        )
+    }
+    else $HTTP["url"] =^ "/git/static" {
+        alias.url += (
+            "/git/static" => "/usr/share/cgit",
+        )
+    }
+    else {
+        alias.url += (
+            "/git" => "/usr/lib/cgit/cgit.cgi",
+        )
+        cgi.assign = ("" => "")
+    }
+}
diff --git a/docker/git-server/lighttpd-wrapper b/docker/git-server/lighttpd-wrapper
new file mode 100755
index 0000000..f071c13
--- /dev/null
+++ b/docker/git-server/lighttpd-wrapper
@@ -0,0 +1,3 @@
+#!/bin/sh
+exec 3>&1
+lighttpd -D -f /app/git-lighttpd.conf