1 d3dca3c2 2020-04-23 op I've just finished to configure gitolite and cgit to manage some git
  2 d3dca3c2 2020-04-23 op repos of mine (and friends), so I'm posting here the setup before
  3 d3dca3c2 2020-04-23 op forgetting the details.
  4 d3dca3c2 2020-04-23 op 
  5 d3dca3c2 2020-04-23 op The final result is a git server with both a web view, HTTP clone and
  6 d3dca3c2 2020-04-23 op ssh for you and your users.
  7 d3dca3c2 2020-04-23 op 
  8 d3dca3c2 2020-04-23 op It requires more work than, say, gitea or gitlab, and has a few
  9 d3dca3c2 2020-04-23 op moving parts.  Nevertheless, it's a modular solution (you can replace
 10 d3dca3c2 2020-04-23 op cgit with gitweb for instance) and it does not have obnoxious web guis
 11 d3dca3c2 2020-04-23 op to manage things.  The whole gitolite config is itself a git
 12 d3dca3c2 2020-04-23 op repository, so you can use the tools you're familiar with (a bit of
 13 d3dca3c2 2020-04-23 op ssh, git and your preferred `$EDITOR`) to build and maintain your own
 14 d3dca3c2 2020-04-23 op git server.
 15 d3dca3c2 2020-04-23 op 
 16 d3dca3c2 2020-04-23 op ## gitolite
 17 d3dca3c2 2020-04-23 op 
 18 d3dca3c2 2020-04-23 op Install gitolite, it's easy.  Follow the [installation
 19 d3dca3c2 2020-04-23 op guide](https://gitolite.com/gitolite/quick_install#distro-package-install).
 20 d3dca3c2 2020-04-23 op I've done that on a new user called "git".  This will create two repos
 21 d3dca3c2 2020-04-23 op in `~git/repositories`: `gitolite-admin` and `testing`.  With the
 22 d3dca3c2 2020-04-23 op default configuration testing will be read-write for all users (in the
 23 d3dca3c2 2020-04-23 op gitolite sense).
 24 d3dca3c2 2020-04-23 op 
 25 d3dca3c2 2020-04-23 op You should import your own ssh public key.  Try to clone the
 26 d3dca3c2 2020-04-23 op `gitolite-admin` repo with `git clone
 27 d3dca3c2 2020-04-23 op git@your.own.host:gitolite-admin` to test the setup and, eventually,
 28 d3dca3c2 2020-04-23 op add more users and repos.
 29 d3dca3c2 2020-04-23 op 
 30 d3dca3c2 2020-04-23 op ## cgit
 31 d3dca3c2 2020-04-23 op 
 32 d3dca3c2 2020-04-23 op I'm using nginx plus fcgiwrap on a FreeBSD system, but other options
 33 d3dca3c2 2020-04-23 op are available.  (For instance, if you're using OpenBSD than you have
 34 d3dca3c2 2020-04-23 op httpd and slowcgi already in base.)
 35 d3dca3c2 2020-04-23 op 
 36 d3dca3c2 2020-04-23 op For reference, my configuration file is `/usr/local/etc/cgit-op.conf`
 37 d3dca3c2 2020-04-23 op and contains:
 38 a3ab6f61 2020-09-22 op ```conf
 39 d3dca3c2 2020-04-23 op css=/mine.css
 40 d3dca3c2 2020-04-23 op logo=/logo.png
 41 d3dca3c2 2020-04-23 op 
 42 d3dca3c2 2020-04-23 op head-include=/usr/local/lib/cgit/theme/head.html
 43 d3dca3c2 2020-04-23 op 
 44 d3dca3c2 2020-04-23 op enable-http-clone=1
 45 d3dca3c2 2020-04-23 op enable-index-links=1
 46 d3dca3c2 2020-04-23 op remove-suffix=1
 47 d3dca3c2 2020-04-23 op enable-commit-graph=1
 48 d3dca3c2 2020-04-23 op enable-log-filecount=1
 49 d3dca3c2 2020-04-23 op enable-git-config=1
 50 d3dca3c2 2020-04-23 op 
 51 d3dca3c2 2020-04-23 op source-filter=/usr/local/lib/cgit/filters/syntax-high.py
 52 d3dca3c2 2020-04-23 op about-filter=/usr/local/lib/cgit/filters/about-formatting.sh
 53 d3dca3c2 2020-04-23 op 
 54 d3dca3c2 2020-04-23 op virtual-root=/
 55 d3dca3c2 2020-04-23 op enable-index-links=1
 56 d3dca3c2 2020-04-23 op enable-index-owner=0
 57 d3dca3c2 2020-04-23 op snapshots=tar.gz tar.bz2
 58 d3dca3c2 2020-04-23 op root-title=Stuff
 59 d3dca3c2 2020-04-23 op root-desc=some git repos of mine
 60 d3dca3c2 2020-04-23 op local-time=1
 61 d3dca3c2 2020-04-23 op 
 62 d3dca3c2 2020-04-23 op # path to the root about file
 63 d3dca3c2 2020-04-23 op #root-readme=/usr/local/lib/cgit/theme/about.html
 64 d3dca3c2 2020-04-23 op 
 65 d3dca3c2 2020-04-23 op # search for these files in the root fo the default branch
 66 d3dca3c2 2020-04-23 op readme=:README.md
 67 d3dca3c2 2020-04-23 op readme=:readme.md
 68 d3dca3c2 2020-04-23 op readme=:README.mkd
 69 d3dca3c2 2020-04-23 op readme=:readme.mkd
 70 d3dca3c2 2020-04-23 op readme=:README.rst
 71 d3dca3c2 2020-04-23 op readme=:readme.rst
 72 d3dca3c2 2020-04-23 op readme=:README.html
 73 d3dca3c2 2020-04-23 op readme=:readme.html
 74 d3dca3c2 2020-04-23 op readme=:README.htm
 75 d3dca3c2 2020-04-23 op readme=:readme.htm
 76 d3dca3c2 2020-04-23 op readme=:README.txt
 77 d3dca3c2 2020-04-23 op readme=:readme.txt
 78 d3dca3c2 2020-04-23 op readme=:README
 79 d3dca3c2 2020-04-23 op readme=:readme
 80 d3dca3c2 2020-04-23 op readme=:INSTALL.md
 81 d3dca3c2 2020-04-23 op readme=:install.md
 82 d3dca3c2 2020-04-23 op readme=:INSTALL.mkd
 83 d3dca3c2 2020-04-23 op readme=:install.mkd
 84 d3dca3c2 2020-04-23 op readme=:INSTALL.rst
 85 d3dca3c2 2020-04-23 op readme=:install.rst
 86 d3dca3c2 2020-04-23 op readme=:INSTALL.html
 87 d3dca3c2 2020-04-23 op readme=:install.html
 88 d3dca3c2 2020-04-23 op readme=:INSTALL.htm
 89 d3dca3c2 2020-04-23 op readme=:install.htm
 90 d3dca3c2 2020-04-23 op readme=:INSTALL.txt
 91 d3dca3c2 2020-04-23 op readme=:install.txt
 92 d3dca3c2 2020-04-23 op readme=:INSTALL
 93 d3dca3c2 2020-04-23 op readme=:install
 94 d3dca3c2 2020-04-23 op 
 95 d3dca3c2 2020-04-23 op scan-path=/home/git/repositories
 96 d3dca3c2 2020-04-23 op ```
 97 d3dca3c2 2020-04-23 op 
 98 d3dca3c2 2020-04-23 op The important bits of all of these are only:
 99 a3ab6f61 2020-09-22 op ```conf
100 d3dca3c2 2020-04-23 op enable-git-config=1
101 d3dca3c2 2020-04-23 op ```
102 d3dca3c2 2020-04-23 op and
103 a3ab6f61 2020-09-22 op ```conf
104 d3dca3c2 2020-04-23 op scan-path=/home/git/repositories
105 d3dca3c2 2020-04-23 op ```
106 d3dca3c2 2020-04-23 op 
107 d3dca3c2 2020-04-23 op The first let us configure per-repo cgit options via the standard git
108 d3dca3c2 2020-04-23 op config file, while the second lets cgit discovers the repos by
109 d3dca3c2 2020-04-23 op searching in that path.
110 d3dca3c2 2020-04-23 op 
111 d3dca3c2 2020-04-23 op If you're curious, I used `head-include` to add some `<meta>` tags and
112 d3dca3c2 2020-04-23 op modified the default CSS to render the pages *decently* on mobile
113 d3dca3c2 2020-04-23 op screens.  More work is needed.
114 d3dca3c2 2020-04-23 op 
115 d3dca3c2 2020-04-23 op ### Note about permissions
116 d3dca3c2 2020-04-23 op 
117 d3dca3c2 2020-04-23 op You are probably running cgit with the `www` user and gitolite with
118 d3dca3c2 2020-04-23 op the `git` user so you have a permission problem.  While you can do
119 d3dca3c2 2020-04-23 op fancy stuff with `mount_nullfs`/`mount --bind` and whatnot or by
120 d3dca3c2 2020-04-23 op changing the default path for the repositories, I didn't want to.
121 d3dca3c2 2020-04-23 op 
122 d3dca3c2 2020-04-23 op I'm still not sure if this is the best way to handle things, but I
123 d3dca3c2 2020-04-23 op made fcgiwrap use the `git` user with
124 a3ab6f61 2020-09-22 op ```conf
125 d3dca3c2 2020-04-23 op fcgiwrap_user="git"
126 d3dca3c2 2020-04-23 op ```
127 d3dca3c2 2020-04-23 op in `/etc/rc.conf` plus a manual `chown(8)` on the socket.  Now cgit
128 d3dca3c2 2020-04-23 op and gitolite are run by the same user.  Problem solved.
129 d3dca3c2 2020-04-23 op 
130 d3dca3c2 2020-04-23 op ## hide some repositories!
131 d3dca3c2 2020-04-23 op 
132 d3dca3c2 2020-04-23 op This was the basic setup to have cgit display the repositories managed
133 d3dca3c2 2020-04-23 op by gitolite, as well as having both public HTTP and authenticated ssh
134 d3dca3c2 2020-04-23 op clone.  Pretty neat.
135 d3dca3c2 2020-04-23 op 
136 d3dca3c2 2020-04-23 op But, you have no way (still) to hide some repositories.  For instance,
137 d3dca3c2 2020-04-23 op the `gitolite-admin` repositorie is public readable (not writable).
138 d3dca3c2 2020-04-23 op It may be fine for you, but I wanted a way to have *private*
139 d3dca3c2 2020-04-23 op repositories, while still having the repos managed by gitolite.
140 d3dca3c2 2020-04-23 op 
141 d3dca3c2 2020-04-23 op If you set `enable-git-config` in cgit configuration file, now you can
142 d3dca3c2 2020-04-23 op control some cgit per-repo options via
143 d3dca3c2 2020-04-23 op `~git/repositories/$REPO/config`.  You can create a section that looks
144 d3dca3c2 2020-04-23 op like this:
145 a3ab6f61 2020-09-22 op ```conf
146 d3dca3c2 2020-04-23 op [cgit]
147 d3dca3c2 2020-04-23 op 	ignore = 1
148 d3dca3c2 2020-04-23 op ```
149 d3dca3c2 2020-04-23 op to make cgit ignore that repo.  Check the documentation of cgit for
150 d3dca3c2 2020-04-23 op the list of parameters you can set.
151 d3dca3c2 2020-04-23 op 
152 d3dca3c2 2020-04-23 op But it's tedious and needs manual work per-repo.  That's something
153 d3dca3c2 2020-04-23 op that needs to be automatized.
154 d3dca3c2 2020-04-23 op 
155 d3dca3c2 2020-04-23 op Fortunately, gitolite lets us set git configurations via the
156 d3dca3c2 2020-04-23 op `gitolite.conf` file.  You first need to set `GIT_CONFIG_KEYS` to
157 d3dca3c2 2020-04-23 op `'.*'` in `~git/.gitolite.rc`.  (`.*` is the broader, probably
158 d3dca3c2 2020-04-23 op `cgit.*` is enough, haven't tested tho).
159 d3dca3c2 2020-04-23 op 
160 d3dca3c2 2020-04-23 op Now, in your `gitolite.conf` you can
161 a3ab6f61 2020-09-22 op ```conf
162 d3dca3c2 2020-04-23 op repo gitolite-admin
163 d3dca3c2 2020-04-23 op     config cgit.ignore=1
164 d3dca3c2 2020-04-23 op ```
165 d3dca3c2 2020-04-23 op and BOOM, it's hidden and unreachable via cgit (both via web and http
166 d3dca3c2 2020-04-23 op clone).
167 d3dca3c2 2020-04-23 op 
168 d3dca3c2 2020-04-23 op But (there are too many 'but' in this section, hu?) we can do even
169 d3dca3c2 2020-04-23 op better:
170 a3ab6f61 2020-09-22 op ```conf
171 d3dca3c2 2020-04-23 op @hiddenrepos = gitolite-admin
172 d3dca3c2 2020-04-23 op @hiddenrepos = private-stuff
173 d3dca3c2 2020-04-23 op @hiddenrepos = next-gen-revolutionary-stuff
174 d3dca3c2 2020-04-23 op 
175 d3dca3c2 2020-04-23 op repo @hiddenrepos
176 d3dca3c2 2020-04-23 op     config cgit.ignore=1
177 d3dca3c2 2020-04-23 op ```
178 d3dca3c2 2020-04-23 op to bulk-hide repositories.
179 d3dca3c2 2020-04-23 op 
180 d3dca3c2 2020-04-23 op Neat.