diff options
Diffstat (limited to 'services/docker/git-server/app')
5 files changed, 110 insertions, 0 deletions
diff --git a/services/docker/git-server/app/git/gitconfig b/services/docker/git-server/app/git/gitconfig new file mode 100644 index 0000000..5cc41dd --- /dev/null +++ b/services/docker/git-server/app/git/gitconfig @@ -0,0 +1,3 @@ +[core] + autocrlf = false + hooksPath = /app/git/hooks/ diff --git a/services/docker/git-server/app/git/hooks/update b/services/docker/git-server/app/git/hooks/update new file mode 100755 index 0000000..d6bfc1a --- /dev/null +++ b/services/docker/git-server/app/git/hooks/update @@ -0,0 +1,38 @@ +#!/usr/bin/bash + +set -e -o pipefail + +ref="$1" +old="$2" +new="$3" +protected_file="$GIT_DIR/protected" + +die() { + echo "error: $*" > /dev/stderr + exit 1 +} + +if [[ -f "$protected_file" ]]; then + while read -r line; do + if grep -q -E "$line" - <<< "$ref" ; then + if grep -q -E "^0+$" <<< "$new"; then + die "protected branch $ref (rule: $line) cannot be deleted" + fi + + if ! git merge-base --is-ancestor "$old" "$new"; then + die "protected branch $ref (rule: $line) is not fast-forward $(expr substr "$old" 1 8) -> $(expr substr "$new" 1 8)" + fi + fi + done <"$protected_file" +fi + +global_hook="/git/hooks/update" +local_hook="$GIT_DIR/hooks/update" + +if [[ -x "$global_hook" ]]; then + "$global_hook" "$ref" "$old" "$new" +fi + +if [[ -x "$local_hook" ]]; then + "$local_hook" "$ref" "$old" "$new" +fi diff --git a/services/docker/git-server/app/lighttpd-wrapper.bash b/services/docker/git-server/app/lighttpd-wrapper.bash new file mode 100755 index 0000000..54079ad --- /dev/null +++ b/services/docker/git-server/app/lighttpd-wrapper.bash @@ -0,0 +1,9 @@ +#!/usr/bin/bash + +set -e + +[[ -f /git/user-info ]] || touch -a /git/user-info + +exec 3>&1 +exec 4>&1 +exec lighttpd -D -f /app/lighttpd/lighttpd.conf diff --git a/services/docker/git-server/app/lighttpd/auth.conf b/services/docker/git-server/app/lighttpd/auth.conf new file mode 100644 index 0000000..d643659 --- /dev/null +++ b/services/docker/git-server/app/lighttpd/auth.conf @@ -0,0 +1,3 @@ +auth.backend = "htpasswd" +auth.backend.htpasswd.userfile = "/git/user-info" +auth.require = ( "" => ("method" => "basic", "realm" => "Git Access", "require" => "valid-user") ) diff --git a/services/docker/git-server/app/lighttpd/lighttpd.conf b/services/docker/git-server/app/lighttpd/lighttpd.conf new file mode 100644 index 0000000..a96a778 --- /dev/null +++ b/services/docker/git-server/app/lighttpd/lighttpd.conf @@ -0,0 +1,57 @@ +server.modules += ("mod_accesslog") +server.modules += ("mod_rewrite") +server.modules += ("mod_auth", "mod_authn_file", "mod_access") +server.modules += ("mod_alias", "mod_setenv", "mod_cgi") + +server.port = 3636 +server.document-root = "/var/www/html/" +accesslog.filename = "/dev/fd/3" +server.breakagelog = "/dev/fd/4" + +$HTTP["url"] =^ "/git" { + mimetype.assign = ( ".css" => "text/css" ) + + $HTTP["url"] =^ "/git/private" { + include "auth.conf" + } + + $HTTP["url"] =~ "^/git/.*/(HEAD|info/refs|objects/info/[^/]+|git-(upload|receive)-pack)$" { + url.rewrite-once = ( + "^/git/private" => "$0", + "^/git(.*)" => "/git/public$1" + ) + + $HTTP["querystring"] =~ "service=git-receive-pack" { + include "auth.conf" + } + $HTTP["url"] =~ "^/git/.*/git-receive-pack$" { + include "auth.conf" + } + alias.url += ( "/git" => "/usr/lib/git-core/git-http-backend" ) + setenv.add-environment = ( + "GIT_PROJECT_ROOT" => "/git/repos", + "GIT_HTTP_EXPORT_ALL" => "" + ) + cgi.assign = ("" => "") + } + else $HTTP["url"] =~ "^/git/.*/((objects/[0-9a-f]{2}/[0-9a-f]{38})|(pack/pack-[0-9a-f]{40}.(pack|idx)))$" { + alias.url += ( + "/git/private" => "/git/repos/private", + "/git" => "/git/repos/public", + ) + } + else $HTTP["url"] =^ "/git/static" { + alias.url += ( + "/git/static" => "/usr/share/cgit", + ) + } + else { + alias.url += ( + "/git" => "/usr/lib/cgit/cgit.cgi", + ) + setenv.add-environment = ( + "CGIT_CONFIG" => "/app/cgit/cgitrc" + ) + cgi.assign = ("" => "") + } +} |