diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2015-05-31 18:02:27 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:53:59 +0200 |
commit | e63885bcc0d46bfe58a32fcfc1d02daae8735929 (patch) | |
tree | 09ecd98acbedd958b23ae6570c956666639f312b /roles/git/files/etc | |
parent | 18fb13fb6bdbf85fddfdaf05bd5fb3ab1db3b9dd (diff) |
Git (gitolite + git-http-backend + gitweb) configuration
By default repos are be readable by gitweb and the web server ('gitweb' and
'www-data' are both in the 'gitolite' group). Private repo owners will have
'chmod -R og-rwx' manually.
To automatically add new repos to gitweb's 'project.list' file, make it
readable to the special 'gitweb' user.
See /usr/share/doc/gitolite3/README.txt.gz for details.
Diffstat (limited to 'roles/git/files/etc')
-rw-r--r-- | roles/git/files/etc/gitweb.conf | 40 | ||||
-rw-r--r-- | roles/git/files/etc/nginx/sites-available/git | 78 | ||||
-rw-r--r-- | roles/git/files/etc/nginx/sites-available/gitweb | 48 |
3 files changed, 166 insertions, 0 deletions
diff --git a/roles/git/files/etc/gitweb.conf b/roles/git/files/etc/gitweb.conf new file mode 100644 index 0000000..8c1dd61 --- /dev/null +++ b/roles/git/files/etc/gitweb.conf @@ -0,0 +1,40 @@ +$site_name = "Fripost Git"; + +# path to git projects (<project>.git) +$projectroot = "/var/lib/gitolite/repositories"; + +# directory to use for temp files +$git_temp = "/tmp"; + +# target of the home link on top of all pages +#$home_link = $my_uri || "/"; + +# html text to include at home page +$home_text = ""; + +# file with project list; by default, simply scan the projectroot dir. +$projects_list = "/var/lib/gitolite/projects.list"; + +#$projects_list = $projectroot; +#$export_ok = "git-daemon-export-ok"; + +# stylesheet to use +push @stylesheets, "static/gitweb.css"; + +# javascript code for gitweb +$javascript = "static/gitweb.js"; + +# logo to use +$logo = "static/git-logo.png"; + +# the 'favicon' +$favicon = "static/git-favicon.png"; + +# git-diff-tree(1) options to use for generated patches +#@diff_opts = ("-M"); +@diff_opts = (); + +# the base url +@git_base_url_list = ( 'git clone ssh://gitolite@git.fripost.org' + , 'git clone https://git.fripost.org' + ) diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git new file mode 100644 index 0000000..9510620 --- /dev/null +++ b/roles/git/files/etc/nginx/sites-available/git @@ -0,0 +1,78 @@ +server { + listen 80; + listen [::]:80; + + server_name git.fripost.org; + + access_log /var/log/nginx/git.access.log; + error_log /var/log/nginx/git.error.log info; + + # Bypass the CGI to return static files stored on disk. Try first repo with + # a trailing '.git', then without. + location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { + root /var/lib/gitolite/repositories; + try_files /$1.git/objects/$2 /$1/objects/$2 =404; + } + + # Disallow push over HTTP(S) + location ~* ^/[^/]+/git-receive-pack$ { + return 403; + } + + location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ { + fastcgi_param PATH_INFO $uri; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_HTTP_EXPORT_ALL 1; + fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + include fastcgi/params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + gzip off; + } + + # Redirect to gitweb otherwise + location ~ ^/([^/]+/?)?$ { + return 302 $scheme://gitweb.fripost.org/$1; + } +} + + +server { + listen 443; + listen [::]:443; + + server_name git.fripost.org; + + include ssl/config; + ssl_certificate /etc/nginx/ssl/git.fripost.org.pem; + ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key; + + access_log /var/log/nginx/git.access.log; + error_log /var/log/nginx/git.error.log info; + + # Bypass the CGI to return static files stored on disk. Try first repo with + # a trailing '.git', then without. + location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { + root /var/lib/gitolite/repositories; + try_files /$1.git/objects/$2 /$1/objects/$2 =404; + } + + # Disallow push over HTTP(S) + location ~* ^/[^/]+/git-receive-pack$ { + return 403; + } + + location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ { + fastcgi_param PATH_INFO $uri; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_HTTP_EXPORT_ALL 1; + fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + include fastcgi/params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + gzip off; + } + + # Redirect to gitweb otherwise + location ~ ^/([^/]+/?)?$ { + return 302 $scheme://gitweb.fripost.org/$1; + } +} diff --git a/roles/git/files/etc/nginx/sites-available/gitweb b/roles/git/files/etc/nginx/sites-available/gitweb new file mode 100644 index 0000000..3814145 --- /dev/null +++ b/roles/git/files/etc/nginx/sites-available/gitweb @@ -0,0 +1,48 @@ +server { + listen 80; + listen [::]:80; + + server_name gitweb.fripost.org; + + access_log /var/log/nginx/gitweb.access.log; + error_log /var/log/nginx/gitweb.error.log info; + + location ^~ /static/ { + alias /usr/share/gitweb/static/; + } + + try_files $uri @fcgi; + location @fcgi { + root /var/lib/gitolite/repositories; + include fastcgi/params; + fastcgi_pass unix:/run/gitweb.socket; + gzip off; + } +} + + +server { + listen 443; + listen [::]:443; + + server_name gitweb.fripost.org; + + include ssl/config; + ssl_certificate /etc/nginx/ssl/git.fripost.org.pem; + ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key; + + access_log /var/log/nginx/gitweb.access.log; + error_log /var/log/nginx/gitweb.error.log info; + + location ^~ /static/ { + alias /usr/share/gitweb/static/; + } + + try_files $uri @fcgi; + location @fcgi { + root /var/lib/gitolite/repositories; + include fastcgi/params; + fastcgi_pass unix:/run/gitweb.socket; + gzip off; + } +} |