blob: f72c1abe7f62a607be40876b1f763006a052f6f7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
git.sr.ht is the git repository hosting service for the sr.ht network.
# Installation
git.sr.ht is a standard sr.ht web service and can be installed through the
[standard procedure](/installation.md). However, there are several additional
steps required.
## Repository storage
You will need to set up a directory for repositories to be stored in - we
suggest `/var/lib/git/`. Also configure a `git` user and assign ownership over
`/var/lib/git/` to this user. The git.sr.ht package will automatically prepare
these for you. If you do not use the package, you must create the user yourself
and ensure that the git.sr.ht web application runs as this user.
## cgit
Presently git.sr.ht's repository viewer is designed as a proxy to
[cgit](https://git.zx2c4.com/cgit/). This is eventually going to change, but
for the time being you must install and configure cgit on your server. Set your
cgitrc file to the following configuration:
virtual-root=/
enable-index-owner=0
embedded=1
noheader=1
source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
clone-url=__CLONE_URL__
snapshots=tar.xz
scan-path=/var/lib/git/
readme=:README
readme=:readme
Then configure nginx to serve cgit to localhost with something like this:
server {
listen 80;
server_name cgit.local;
root /usr/share/webapps/cgit;
try_files $uri @cgit;
location @cgit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
fastcgi_param PATH_INFO $uri;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
fastcgi_pass unix:/run/fcgiwrap.sock;
}
}
Update your git.sr.ht configuration accordingly:
[cgit]
remote=http://cgit.local
repos=/var/lib/git/
## SSH dispatch
It is necessary to configure git.sr.ht's SSH dispatcher as the system-wide SSH
authorization hook. In `/etc/ssh/sshd_config`, configure git-srht-dispatch like
so:
AuthorizedKeysCommand=/usr/bin/git-srht-dispatch "%u" "%h" "%t" "%k"
AuthorizedKeysUser=root
sshd will invoke our dispatcher whenever a connection is made to the server to
obtain a list of authorized keys for the connecting user. The default behavior
is to read the `.ssh/authorized_keys` file from that user's HOME directory, but
the dispatcher can also "dispatch" to other authentication tools for other
users. This is used to authorize and perform git operations via the
`git-srht-keys` and `git-srht-shell`. See the `[dispatch]` section of your
git.sr.ht configuration for details on how this works and how to configure it
for additional services (e.g. man.sr.ht).
Authorization logs are written to `/var/log/git-srht-dispatch` and
`git-srht-shell`.
## Cronjobs
You must also configure `git-srht-periodic` to run periodically with your
favorite cron daemon. We recommend the following crontab:
*/20 * * * * git-srht-periodic
|
