diff options
Diffstat (limited to 'services/docker/git-server/app')
5 files changed, 110 insertions, 0 deletions
| diff --git a/services/docker/git-server/app/git/gitconfig b/services/docker/git-server/app/git/gitconfig new file mode 100644 index 0000000..5cc41dd --- /dev/null +++ b/services/docker/git-server/app/git/gitconfig @@ -0,0 +1,3 @@ +[core] +	autocrlf = false +	hooksPath = /app/git/hooks/ diff --git a/services/docker/git-server/app/git/hooks/update b/services/docker/git-server/app/git/hooks/update new file mode 100755 index 0000000..d6bfc1a --- /dev/null +++ b/services/docker/git-server/app/git/hooks/update @@ -0,0 +1,38 @@ +#!/usr/bin/bash + +set -e -o pipefail + +ref="$1" +old="$2" +new="$3" +protected_file="$GIT_DIR/protected" + +die() { +  echo "error: $*" > /dev/stderr +  exit 1 +} + +if [[ -f "$protected_file" ]]; then +  while read -r line; do +    if grep -q -E "$line" - <<< "$ref" ; then +      if grep -q -E "^0+$" <<< "$new"; then +        die "protected branch $ref (rule: $line) cannot be deleted" +      fi + +      if ! git merge-base --is-ancestor "$old" "$new"; then +        die "protected branch $ref (rule: $line) is not fast-forward $(expr substr "$old" 1 8) -> $(expr substr "$new" 1 8)" +      fi +    fi +  done <"$protected_file" +fi + +global_hook="/git/hooks/update" +local_hook="$GIT_DIR/hooks/update" + +if [[ -x "$global_hook" ]]; then +  "$global_hook" "$ref" "$old" "$new" +fi + +if [[ -x "$local_hook" ]]; then +  "$local_hook" "$ref" "$old" "$new" +fi diff --git a/services/docker/git-server/app/lighttpd-wrapper.bash b/services/docker/git-server/app/lighttpd-wrapper.bash new file mode 100755 index 0000000..54079ad --- /dev/null +++ b/services/docker/git-server/app/lighttpd-wrapper.bash @@ -0,0 +1,9 @@ +#!/usr/bin/bash + +set -e + +[[ -f /git/user-info ]] || touch -a /git/user-info + +exec 3>&1 +exec 4>&1 +exec lighttpd -D -f /app/lighttpd/lighttpd.conf diff --git a/services/docker/git-server/app/lighttpd/auth.conf b/services/docker/git-server/app/lighttpd/auth.conf new file mode 100644 index 0000000..d643659 --- /dev/null +++ b/services/docker/git-server/app/lighttpd/auth.conf @@ -0,0 +1,3 @@ +auth.backend = "htpasswd" +auth.backend.htpasswd.userfile = "/git/user-info" +auth.require = ( "" => ("method" => "basic", "realm" => "Git Access", "require" => "valid-user") ) diff --git a/services/docker/git-server/app/lighttpd/lighttpd.conf b/services/docker/git-server/app/lighttpd/lighttpd.conf new file mode 100644 index 0000000..a96a778 --- /dev/null +++ b/services/docker/git-server/app/lighttpd/lighttpd.conf @@ -0,0 +1,57 @@ +server.modules += ("mod_accesslog") +server.modules += ("mod_rewrite") +server.modules += ("mod_auth", "mod_authn_file", "mod_access") +server.modules += ("mod_alias", "mod_setenv", "mod_cgi") + +server.port = 3636 +server.document-root = "/var/www/html/" +accesslog.filename = "/dev/fd/3" +server.breakagelog = "/dev/fd/4" + +$HTTP["url"] =^ "/git" { +    mimetype.assign = ( ".css" => "text/css" ) + +    $HTTP["url"] =^ "/git/private" { +        include "auth.conf" +    } + +    $HTTP["url"] =~ "^/git/.*/(HEAD|info/refs|objects/info/[^/]+|git-(upload|receive)-pack)$" { +        url.rewrite-once = ( +            "^/git/private"  => "$0", +            "^/git(.*)" => "/git/public$1" +        ) + +        $HTTP["querystring"] =~ "service=git-receive-pack" { +            include "auth.conf" +        } +        $HTTP["url"] =~ "^/git/.*/git-receive-pack$" { +            include "auth.conf" +        } +        alias.url += ( "/git" => "/usr/lib/git-core/git-http-backend" ) +        setenv.add-environment = ( +            "GIT_PROJECT_ROOT" => "/git/repos", +            "GIT_HTTP_EXPORT_ALL" => "" +        ) +        cgi.assign = ("" => "") +    } +    else $HTTP["url"] =~ "^/git/.*/((objects/[0-9a-f]{2}/[0-9a-f]{38})|(pack/pack-[0-9a-f]{40}.(pack|idx)))$" { +        alias.url += ( +            "/git/private" => "/git/repos/private", +            "/git" => "/git/repos/public", +        ) +    } +    else $HTTP["url"] =^ "/git/static" { +        alias.url += ( +            "/git/static" => "/usr/share/cgit", +        ) +    } +    else { +        alias.url += ( +            "/git" => "/usr/lib/cgit/cgit.cgi", +        ) +        setenv.add-environment = ( +            "CGIT_CONFIG" => "/app/cgit/cgitrc" +        ) +        cgi.assign = ("" => "") +    } +} | 
