From 5aaffb5bf2e324b302b3a3fee6ffc2b9244baf8b Mon Sep 17 00:00:00 2001 From: Yuqian Yang Date: Fri, 28 Feb 2025 16:18:56 +0800 Subject: feat(git): use non-root and add robots. --- .editorconfig | 2 +- services/docker/git-server/Dockerfile | 7 ++++--- services/docker/git-server/git-lighttpd.conf | 1 + services/docker/git-server/hooks/update | 0 services/templates/cgitrc.template | 3 +-- services/templates/nginx/conf.d/root.conf.template | 2 +- www/config/_default/hugo.yaml | 2 ++ www/layouts/robots.txt | 4 ++++ 8 files changed, 14 insertions(+), 7 deletions(-) mode change 100644 => 100755 services/docker/git-server/hooks/update create mode 100644 www/layouts/robots.txt diff --git a/.editorconfig b/.editorconfig index 97c3ded..529f610 100644 --- a/.editorconfig +++ b/.editorconfig @@ -4,7 +4,7 @@ root = true end_of_line = lf charset = utf-8 indent_style = space -indent_size = 2 +indent_size = 4 trim_trailing_whitespace = true [gitconfig] diff --git a/services/docker/git-server/Dockerfile b/services/docker/git-server/Dockerfile index b725122..274ba6a 100644 --- a/services/docker/git-server/Dockerfile +++ b/services/docker/git-server/Dockerfile @@ -3,13 +3,14 @@ RUN apt-get update && apt-get install -y \ git cgit lighttpd apache2-utils python3-pygments python3-markdown \ tar gzip bzip2 zip unzip tini && \ rm -rf /var/lib/apt/lists/* +RUN groupadd -g 1000 git && useradd -m -u 1000 -g 1000 -s /usr/bin/bash git ENV GIT_CONFIG_SYSTEM=/etc/gitconfig GIT_CONFIG_GLOBAL=/git/private/gitconfig ADD gitconfig /etc/gitconfig -ADD --chmod=755 hooks/* /etc/git/hooks/ -ADD git-lighttpd.conf git-auth.conf /app/ -ADD --chmod=755 lighttpd-wrapper.bash /app/ +ADD hooks/* /etc/git/hooks/ +ADD git-lighttpd.conf git-auth.conf lighttpd-wrapper.bash /app/ +USER git:git VOLUME [ "/git" ] CMD [ "tini", "--", "/app/lighttpd-wrapper.bash" ] diff --git a/services/docker/git-server/git-lighttpd.conf b/services/docker/git-server/git-lighttpd.conf index ba8e592..567303a 100644 --- a/services/docker/git-server/git-lighttpd.conf +++ b/services/docker/git-server/git-lighttpd.conf @@ -2,6 +2,7 @@ server.modules += ("mod_accesslog") server.modules += ("mod_auth", "mod_authn_file", "mod_access") server.modules += ("mod_setenv", "mod_cgi", "mod_alias") +server.port = 3636 server.document-root = "/var/www/html/" accesslog.filename = "/dev/fd/3" diff --git a/services/docker/git-server/hooks/update b/services/docker/git-server/hooks/update old mode 100644 new mode 100755 diff --git a/services/templates/cgitrc.template b/services/templates/cgitrc.template index ffffaae..4cc88d2 100644 --- a/services/templates/cgitrc.template +++ b/services/templates/cgitrc.template @@ -10,12 +10,11 @@ enable-log-filecount=1 enable-log-linecount=1 section-from-path=1 -clone-url=@@CRUPEST_ROOT_URL@@/$CGIT_REPO_URL +clone-url=@@CRUPEST_ROOT_URL@@$CGIT_REPO_URL snapshots=tar.gz tar.bz2 zip source-filter=/usr/lib/cgit/filters/syntax-highlighting.py about-filter=/usr/lib/cgit/filters/about-formatting.sh readme=:README.md readme=:README -remove-suffix=1 scan-path=/git/ diff --git a/services/templates/nginx/conf.d/root.conf.template b/services/templates/nginx/conf.d/root.conf.template index dd223c2..28c2fea 100644 --- a/services/templates/nginx/conf.d/root.conf.template +++ b/services/templates/nginx/conf.d/root.conf.template @@ -14,7 +14,7 @@ server { location /git/ { include common/proxy-common; client_max_body_size 5G; - proxy_pass http://git-server:80; + proxy_pass http://git-server:3636; } location = /github { diff --git a/www/config/_default/hugo.yaml b/www/config/_default/hugo.yaml index d66ef30..4ade102 100644 --- a/www/config/_default/hugo.yaml +++ b/www/config/_default/hugo.yaml @@ -2,6 +2,8 @@ baseURL: "https://crupest.life/" title: "crupest's life" copyright: "CC BY-NC 4.0" +enableRobotsTXT: true + languageCode: "en" defaultContentLanguage: "en" hasCJKLanguage: true diff --git a/www/layouts/robots.txt b/www/layouts/robots.txt new file mode 100644 index 0000000..962c62a --- /dev/null +++ b/www/layouts/robots.txt @@ -0,0 +1,4 @@ +User-agent: * +Disallow: /git/*/snapshot/* +Disallow: /git/*/blame/* +Allow: / -- cgit v1.2.3