Blob

Date:
Message:
new posts
Actions:
History | Blame | Raw File
1 I've just finished to configure gitolite and cgit to manage some git repos of mine (and friends), so I'm posting here the setup before forgetting the details.

3 The final result is a git server with both a web view, HTTP clone and ssh for you and your users.

5 It requires more work than, say, gitea or gitlab, and has a few moving parts.  Nevertheless, it's a modular solution (you can replace cgit with gitweb for instance) and it does not have obnoxious web guis to manage things.  The whole gitolite config is itself a git repository, so you can use the tools you're familiar with (a bit of ssh, git and your preferred $EDITOR) to build and maintain your own git server.

7 ## gitolite

9 Install gitolite, it's easy, just follow the installation guide.  I've done that on a new user called "git".  This will create two repos in ~git/repositories: gitolite-admin and testing.  With the default configuration testing will be read-write for all users (in the gitolite sense).

11 => https://gitolite.com/gitolite/quick_install#distro-package-install Gitolite install guide

13 You should import your own ssh public key.  Try to clone the “gitolite-admin” repo with:

15 > git clone git@your.own.host:gitolite-admin

17 to test the setup and, eventually, add more users and repos.

19 ## cgit

21 I'm using nginx plus fcgiwrap on a FreeBSD system, but other options are available.  (For instance, if you're using OpenBSD than you have httpd and slowcgi already in base.)

23 For reference, my configuration file is /usr/local/etc/cgit-op.conf and contains:

25 ``` cgit configuration file

26 css=/mine.css

27 logo=/logo.png

29 head-include=/usr/local/lib/cgit/theme/head.html

31 enable-http-clone=1

32 enable-index-links=1

33 remove-suffix=1

34 enable-commit-graph=1

35 enable-log-filecount=1

36 enable-git-config=1

38 source-filter=/usr/local/lib/cgit/filters/syntax-high.py

39 about-filter=/usr/local/lib/cgit/filters/about-formatting.sh

41 virtual-root=/

42 enable-index-links=1

43 enable-index-owner=0

44 snapshots=tar.gz tar.bz2

45 root-title=Stuff

46 root-desc=some git repos of mine

47 local-time=1

49 # path to the root about file

50 #root-readme=/usr/local/lib/cgit/theme/about.html

52 # search for these files in the root fo the default branch

53 readme=:README.md

54 readme=:readme.md

55 readme=:README.mkd

56 readme=:readme.mkd

57 readme=:README.rst

58 readme=:readme.rst

59 readme=:README.html

60 readme=:readme.html

61 readme=:README.htm

62 readme=:readme.htm

63 readme=:README.txt

64 readme=:readme.txt

65 readme=:README

66 readme=:readme

67 readme=:INSTALL.md

68 readme=:install.md

69 readme=:INSTALL.mkd

70 readme=:install.mkd

71 readme=:INSTALL.rst

72 readme=:install.rst

73 readme=:INSTALL.html

74 readme=:install.html

75 readme=:INSTALL.htm

76 readme=:install.htm

77 readme=:INSTALL.txt

78 readme=:install.txt

79 readme=:INSTALL

80 readme=:install

82 scan-path=/home/git/repositories

83 ```

85 The important bits of all of these are only:

86 ``` enable git configuration

87 enable-git-config=1

88 ```

90 and

92 ``` set the parameter “scan-path” to repositories inside the git user home.

93 scan-path=/home/git/repositories

94 ```

96 The first let us configure per-repo cgit options via the standard git config file, while the second lets cgit discovers the repos by searching in that path.

98 If you're curious, I used ‘head-include’ to add some meta tags and modified the default CSS to render the pages *decently* on mobile screens.  More work is needed.

100 ### Note about permissions

102 You are probably running cgit with the www user and gitolite with the git user, so you have a permission problem.  While you can do fancy stuff with mount_nullfs, ‘mount --bind’ and whatnot or by changing the default path for the repositories, I didn't want to.

104 I'm still not sure if this is the best way to handle things, but I made fcgiwrap use the `git` user with

106 ```set fcgiwrap user to git

107 fcgiwrap_user="git"

108 ```

110 in `/etc/rc.conf` plus a manual `chown(8)` on the socket.  Now cgit and gitolite are run by the same user.  Problem solved.

112 ## hide some repositories!

114 This was the basic setup to have cgit display the repositories managed by gitolite, as well as having both public HTTP and authenticated ssh clone.  Pretty neat.

116 But, you have no way (still) to hide some repositories.  For instance, the ‘gitolite-admin’ repository is public readable (not writable).  It may be fine for you, but I wanted a way to have *private* repositories, while still having the repos managed by gitolite.

118 If you set ‘enable-git-config’ in cgit configuration file, now you can control some cgit per-repo options via `~git/repositories/$REPO/config`.  You can create a section that looks like this:

120 ```conf

121 [cgit]

122 	ignore = 1

123 ```

125 to make cgit ignore that repo.  Check the documentation of cgit for the list of parameters you can set.

127 But it's tedious and needs manual work per-repo.  That's something that needs to be automatized.

129 Fortunately, gitolite lets us set git configurations via the gitolite.conf file.  You first need to set ‘GIT_CONFIG_KEYS’ to ‘.*’` in ~git/.gitolite.rc.  (‘.*’ is the broader, probably ‘cgit.*’ is enough, haven't tested tho).

131 Now, in your `gitolite.conf` you can

133 ```conf

134 repo gitolite-admin

135     config cgit.ignore=1

136 ```

138 and BOOM, it's hidden and unreachable via cgit (both via web and http clone).

140 But (there are too many “but” in this section, hu?) we can do even better:

142 ```conf

143 @hiddenrepos = gitolite-admin

144 @hiddenrepos = private-stuff

145 @hiddenrepos = next-gen-revolutionary-stuff

147 repo @hiddenrepos

148     config cgit.ignore=1

149 ```

151 to bulk-hide repositories.

153 Neat.