From bc5c44dd049bad3b007be48b3f8d90886d63c105 Mon Sep 17 00:00:00 2001 From: System administrator Date: Mon, 29 May 2017 13:26:10 +0200 Subject: Initial commit --- images/git/Dockerfile | 35 ++ images/git/cgit/about-formatting.sh | 3 + images/git/cgit/cgit.sass | 663 ++++++++++++++++++++++++++++++++ images/git/cgit/cgitrc | 46 +++ images/git/cgit/syntax-highlighting3.sh | 121 ++++++ images/git/gitolite/admin.pub | 1 + images/git/gitolite/generate_certs.sh | 7 + images/git/gitolite/gitolite.rc | 204 ++++++++++ images/git/gitolite/sshd_config | 55 +++ images/git/nginx/nginx.conf | 51 +++ images/git/service/daemon/run | 2 + images/git/service/fcgiwrap/run | 2 + images/git/service/nginx/run | 2 + images/git/service/sshd/run | 4 + 14 files changed, 1196 insertions(+) create mode 100644 images/git/Dockerfile create mode 100755 images/git/cgit/about-formatting.sh create mode 100644 images/git/cgit/cgit.sass create mode 100644 images/git/cgit/cgitrc create mode 100755 images/git/cgit/syntax-highlighting3.sh create mode 100644 images/git/gitolite/admin.pub create mode 100644 images/git/gitolite/generate_certs.sh create mode 100644 images/git/gitolite/gitolite.rc create mode 100644 images/git/gitolite/sshd_config create mode 100644 images/git/nginx/nginx.conf create mode 100644 images/git/service/daemon/run create mode 100644 images/git/service/fcgiwrap/run create mode 100644 images/git/service/nginx/run create mode 100644 images/git/service/sshd/run (limited to 'images/git') diff --git a/images/git/Dockerfile b/images/git/Dockerfile new file mode 100644 index 0000000..bd8589e --- /dev/null +++ b/images/git/Dockerfile @@ -0,0 +1,35 @@ +FROM alpine:3.5 AS builder + +RUN apk add --no-cache sassc + +ADD cgit/cgit.sass /app/ +RUN sassc -t compressed /app/cgit.sass /app/cgit.css + +FROM server_runit AS final + +RUN apk add --no-cache sudo shadow \ + git gitolite git-daemon \ + openssh openssh-client \ + cgit highlight markdown \ + nginx spawn-fcgi fcgiwrap + +# gitolite +RUN mkdir -p /data /data/log +RUN echo 'git:*' | chpasswd +RUN usermod --home /data/git --move-home git + +ADD gitolite/ /app/ +RUN ln -s /app/gitolite.rc /data/git/.gitolite.rc +RUN chown -R git:git /app/gitolite.rc /data/log /data/git +RUN sudo -u git GL_LOGFILE=/data/log/gitolite gitolite setup -pk /app/admin.pub + +ADD gitolite/sshd_config /etc/ssh/ +ADD gitolite/generate_certs.sh /app/ + +# cgit +ADD cgit/cgitrc /etc/ +ADD cgit/syntax-highlighting3.sh /app/ +ADD cgit/about-formatting.sh /app/ +COPY --from=builder /app/cgit.css /usr/share/webapps/cgit/cgit.css + +ADD nginx/nginx.conf /etc/nginx/nginx.conf diff --git a/images/git/cgit/about-formatting.sh b/images/git/cgit/about-formatting.sh new file mode 100755 index 0000000..2b55866 --- /dev/null +++ b/images/git/cgit/about-formatting.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +exec markdown diff --git a/images/git/cgit/cgit.sass b/images/git/cgit/cgit.sass new file mode 100644 index 0000000..02337b5 --- /dev/null +++ b/images/git/cgit/cgit.sass @@ -0,0 +1,663 @@ +$base03: #002b36; +$base02: #073642; +$base01: #586e75; +$base00: #657b83; +$base0: #839496; +$base1: #93a1a1; +$base2: #eee8d5; +$base3: #fdf6e3; +$yellow: #b58900; +$orange: #cb4b16; +$red: #dc322f; +$magenta: #d33682; +$violet: #6c71c4; +$blue: #268bd2; +$cyan: #2aa198; +$green: #859900; + +// highlighting + +//div +// &.highlight +// background-color: $base03 +// span +// &.k +// color: $green +// &.nf +// color: $blue +// &.p +// color: $base1 +// &.s +// color: $red +// background-color: $base03 + + +div + &.highlight + background-color: #002b36 + color: #93a1a1 + .c + color: #586e75 + .err, .g + color: #93a1a1 + .k + color: #859900 + .l, .n + color: #93a1a1 + .o + color: #859900 + .x + color: #cb4b16 + .p + color: #93a1a1 + .cm + color: #586e75 + .cp + color: #859900 + .c1 + color: #586e75 + .cs + color: #859900 + .gd + color: #2aa198 + .ge + color: #93a1a1 + font-style: italic + .gr + color: #dc322f + .gh + color: #cb4b16 + .gi + color: #859900 + .go, .gp + color: #93a1a1 + .gs + color: #93a1a1 + font-weight: bold + .gu + color: #cb4b16 + .gt + color: #93a1a1 + .kc + color: #cb4b16 + .kd + color: #268bd2 + .kn, .kp + color: #859900 + .kr + color: #268bd2 + .kt + color: #dc322f + .ld + color: #93a1a1 + .m, .s + color: #2aa198 + background-color: $base03 + .na + color: #93a1a1 + .nb + color: #B58900 + .nc + color: #268bd2 + .no + color: #cb4b16 + .nd + color: #268bd2 + .ni, .ne + color: #cb4b16 + .nf + color: #268bd2 + .nl, .nn, .nx, .py + color: #93a1a1 + .nt, .nv + color: #268bd2 + .ow + color: #859900 + .w + color: #93a1a1 + .mf, .mh, .mi, .mo + color: #2aa198 + .sb + color: #586e75 + .sc + color: #2aa198 + .sd + color: #93a1a1 + .s2 + color: #2aa198 + .se + color: #cb4b16 + .sh + color: #93a1a1 + .si, .sx + color: #2aa198 + .sr + color: #dc322f + .s1, .ss + color: #2aa198 + .bp, .vc, .vg, .vi + color: #268bd2 + .il + color: #2aa198 + +// end highlighting + +body + background-color: $base03 + +div + &#cgit + padding: 0em + margin: 0em + font-family: sans-serif + font-size: 10pt + color: $base0 + background: $base03 + padding: 4px + a + color: lightblue + text-decoration: none + &:hover + text-decoration: underline + table + border-collapse: collapse + &#header + width: 100% + margin-bottom: 1em + td + &.logo + width: 96px + vertical-align: top + &.main + font-size: 250% + padding-left: 10px + white-space: nowrap + a + color: $base1 + &.form + text-align: right + vertical-align: bottom + padding-right: 1em + padding-bottom: 2px + white-space: nowrap + form, input, select + font-size: 90% + &.sub + color: #777 + border-top: solid 1px $base02 + padding-left: 10px + &.tabs + border-bottom: solid 3px $base02 + border-collapse: collapse + margin-top: 2em + margin-bottom: 0px + width: 100% + td + padding: 0px 1em + vertical-align: bottom + a + padding: 2px 0.75em + color: #d3d3d3 + font-size: 110% + &.active + color: #d3d3d3 + background-color: $base02 + &.form + text-align: right + form + padding-bottom: 2px + font-size: 90% + white-space: nowrap + input, select + font-size: 90% + div + &.path + margin: 0px + padding: 5px 2em 2px 2em + color: $base1 + background-color: $base03 + &.content + margin: 0px + padding: 2em + border-bottom: solid 3px $base02 + table.list + width: 100% + border: none + border-collapse: collapse + tr + background: $base03 + &.logheader + background: $base03 + &:hover, &.nohover:hover + background: $base02 + th + font-weight: bold + /* color: #888; + *border-top: dashed 1px #888; + *border-bottom: dashed 1px #888; + padding: 0.1em 0.5em 0.05em 0.5em + vertical-align: baseline + td + border: none + padding: 0.1em 0.5em 0.1em 0.5em + &.commitgraph + font-family: monospace + white-space: pre + .column1 + color: #a00 + .column2 + color: #0a0 + .column3 + color: #aa0 + .column4 + color: #00a + .column5 + color: #a0a + .column6 + color: #0aa + &.logsubject + font-family: monospace + font-weight: bold + &.logmsg + font-family: monospace + white-space: pre + padding: 0 0.5em + a + color: #d3d3d3 + &.ls-dir + font-weight: bold + color: #00f + &:hover + color: lightblue + img + border: none + input#switch-btn + margin: 2px 0px 0px 0px + td#sidebar input.txt + width: 100% + margin: 2px 0px 0px 0px + table#grid + margin: 0px + td#content + vertical-align: top + padding: 1em 2em 1em 1em + border: none + div#summary + vertical-align: top + margin-bottom: 1em + table#downloads + float: right + border-collapse: collapse + border: solid 1px #777 + margin-left: 0.5em + margin-bottom: 0.5em + th + background-color: #ccc + div + &#blob + border: solid 1px black + &.error + color: red + font-weight: bold + margin: 1em 2em + a + &.ls-blob, &.ls-dir, &.ls-mod + font-family: monospace + td + &.ls-size + text-align: right + font-family: monospace + width: 10em + &.ls-mode + font-family: monospace + width: 10em + table + &.blob + margin-top: 0.5em + td + &.lines + margin: 0 + padding: 0 0 0 0.5em + vertical-align: top + color: $base1 + &.linenumbers + margin: 0 + padding: 0 0.5em 0 0.5em + vertical-align: top + text-align: right + border-right: 1px solid $base01 + pre + padding: 0 + margin: 0 + td.linenumbers a + color: gray + text-align: right + text-decoration: none + &.ssdiff td.lineno a + color: gray + text-align: right + text-decoration: none + &.blob td.linenumbers a:hover, &.ssdiff td.lineno a:hover + color: black + &.bin-blob + margin-top: 0.5em + border: solid 1px black + th + font-family: monospace + white-space: pre + border: solid 1px #777 + padding: 0.5em 1em + td + font-family: monospace + white-space: pre + border-left: solid 1px #777 + padding: 0em 1em + &.nowrap td + white-space: nowrap + &.commit-info + border-collapse: collapse + margin-top: 1.5em + div.cgit-panel + float: right + margin-top: 1.5em + table + border-collapse: collapse + background-color: $base02 + th + text-align: center + td + padding: 0.25em 0.5em + &.label + padding-right: 0.5em + &.ctrl + padding-left: 0.5em + table.commit-info + th + text-align: left + font-weight: normal + padding: 0.1em 1em 0.1em 0.1em + vertical-align: top + td + font-weight: normal + padding: 0.1em 1em 0.1em 0.1em + div + &.commit-subject + font-weight: bold + font-size: 125% + margin: 1.5em 0em 0.5em 0em + padding: 0em + &.commit-msg + white-space: pre + font-family: monospace + &.notes-header + font-weight: bold + padding-top: 1.5em + &.notes + white-space: pre + font-family: monospace + border: solid 1px #ee9 + background-color: #ffd + padding: 0.3em 2em 0.3em 1em + float: left + &.notes-footer + clear: left + &.diffstat-header + font-weight: bold + padding-top: 1.5em + table.diffstat + border-collapse: collapse + background-color: $base02 + th + font-weight: normal + text-align: left + text-decoration: underline + padding: 0.1em 1em 0.1em 0.1em + font-size: 100% + td + padding: 0.2em 0.2em 0.1em 0.1em + font-size: 100% + border: none + &.mode + white-space: nowrap + span.modechange + padding-left: 1em + color: $red + &.add a + color: $green + &.del a + color: $red + &.upd a + color: $blue + &.graph + width: 500px + vertical-align: middle + table + border: none + td + padding: 0px + border: 0px + height: 7pt + &.add + background-color: $green + &.rem + background-color: $red + div.diffstat-summary + color: $base0 + padding-top: 0.5em + table.diff + width: 100% + td + font-family: monospace + white-space: pre + div + &.head + font-weight: bold + margin-top: 1em + color: $base0 + &.hunk + color: $base0 + &.add + color: $green + &.del + color: $red + .sha1 + font-family: monospace + font-size: 90% + .left + text-align: left + .right + text-align: right + table.list td.reposection + font-style: italic + color: #888 + a + &.button + font-size: 80% + padding: 0em 0.5em + &.primary + font-size: 100% + &.secondary + font-size: 90% + td.toplevel-repo + table.list td.sublevel-repo + padding-left: 1.5em + ul.pager + list-style-type: none + text-align: center + margin: 1em 0em 0em 0em + padding: 0 + li + display: inline-block + margin: 0.25em 0.5em + a + color: #777 + .current + font-weight: bold + span + &.age-mins + font-weight: bold + color: $green + &.age-hours + color: $green + &.age-days + color: $green + &.age-weeks + color: $base0 + &.age-months + color: $base0 + &.age-years + color: $base00 + div.footer + margin-top: 0.5em + text-align: center + font-size: 80% + color: $base01 + a + &.branch-deco + color: $green !important + margin: 0px 0.5em + padding: 0px 0.25em + background-color: $base02 + // border: solid 1px #007700 + &.tag-deco + // color: #000 !important + margin: 0px 0.5em + padding: 0px 0.25em + background-color: $base02 + // border: solid 1px #777700 + &.remote-deco + color: #000 !important + margin: 0px 0.5em + padding: 0px 0.25em + background-color: #ccccff + border: solid 1px #000077 + &.deco + color: $red !important + margin: 0px 0.5em + padding: 0px 0.25em + background-color: $base02 + // border: solid 1px #770000 + div.commit-subject a + &.branch-deco, &.tag-deco, &.remote-deco, &.deco + margin-left: 1em + font-size: 75% + table + &.stats + border: solid 1px black + border-collapse: collapse + th + text-align: left + padding: 1px 0.5em + background-color: #eee + border: solid 1px black + td + text-align: right + padding: 1px 0.5em + border: solid 1px black + &.total + font-weight: bold + text-align: left + &.sum + color: #c00 + font-weight: bold + /* background-color: #eee; + &.left + text-align: left + &.vgraph + border-collapse: separate + border: solid 1px black + height: 200px + th + background-color: #eee + font-weight: bold + border: solid 1px white + padding: 1px 0.5em + td + vertical-align: bottom + padding: 0px 10px + div.bar + background-color: #eee + &.hgraph + border: solid 1px black + width: 800px + th + background-color: #eee + font-weight: bold + border: solid 1px black + padding: 1px 0.5em + td + vertical-align: middle + padding: 2px 2px + div.bar + background-color: #eee + height: 1em + &.ssdiff + width: 100% + td + font-size: 75% + font-family: monospace + white-space: pre + padding: 1px 4px 1px 4px + border-left: solid 1px #aaa + border-right: solid 1px #aaa + &.add + color: black + background: #cfc + min-width: 50% + &.add_dark + color: black + background: #aca + min-width: 50% + span.add + background: #cfc + font-weight: bold + td + &.del + color: black + background: #fcc + min-width: 50% + &.del_dark + color: black + background: #caa + min-width: 50% + span.del + background: #fcc + font-weight: bold + td + &.changed + color: black + background: #ffc + min-width: 50% + &.changed_dark + color: black + background: #cca + min-width: 50% + &.lineno + color: black + background: #eee + text-align: right + width: 3em + min-width: 3em + &.hunk + color: black + background: #ccf + border-top: solid 1px #aaa + border-bottom: solid 1px #aaa + &.head + border-top: solid 1px #aaa + border-bottom: solid 1px #aaa + div.head + font-weight: bold + color: black + &.foot + border-top: solid 1px #aaa + border-left: none + border-right: none + border-bottom: none + &.space + border: none + div + min-height: 3em + &.linenodiv + background-color: inherit !important + color: lightgray diff --git a/images/git/cgit/cgitrc b/images/git/cgit/cgitrc new file mode 100644 index 0000000..0afc48d --- /dev/null +++ b/images/git/cgit/cgitrc @@ -0,0 +1,46 @@ +css=/cgit.css +logo=/cgit.png + +root-title=tx0.co +clone-prefix=git://tx0.co https://g.tx0.co/git git@tx0.co: +snapshots=tar.gz tar.xz tar.bz2 zip +readme=master:README.md +about-filter=/app/about-formatting.sh +#/usr/lib/cgit/filters/about-formatting.sh +source-filter=/app/syntax-highlighting3.sh +enable-http-clone=0 +strict-export=git-daemon-export-ok + +noplainemail=1 + +enable-index-owner=0 +enable-index-links=0 +enable-commit-graph=1 +enable-log-filecount=1 +enable-log-linecount=1 + +# if you do not want that webcrawler (like google) index your site +robots=noindex, nofollow + +# if cgit messes up links, use a virtual-root. For example has cgit.example.org/ this value: +virtual-root=/ +root-desc=Foo. + +enable-git-config=1 +section-from-path=1 +remove-suffix=1 + +project-list=/data/git/projects.list +scan-path=/data/git/repositories + +mimetype.gif=image/gif +mimetype.html=text/html +mimetype.jpg=image/jpg +mimetype.jpeg=image/jpg +mimetype.pdf=application/pdf +mimetype.png=image/png +mimetype.svg=image/svg+xml + +readme=:README.md +readme=:README.txt +readme=:README diff --git a/images/git/cgit/syntax-highlighting3.sh b/images/git/cgit/syntax-highlighting3.sh new file mode 100755 index 0000000..c22337b --- /dev/null +++ b/images/git/cgit/syntax-highlighting3.sh @@ -0,0 +1,121 @@ +#!/bin/sh +# This script can be used to implement syntax highlighting in the cgit +# tree-view by refering to this file with the source-filter or repo.source- +# filter options in cgitrc. +# +# This script requires a shell supporting the ${var##pattern} syntax. +# It is supported by at least dash and bash, however busybox environments +# might have to use an external call to sed instead. +# +# Note: the highlight command (http://www.andre-simon.de/) uses css for syntax +# highlighting, so you'll probably want something like the following included +# in your css file: +# +# Style definition file generated by highlight 2.4.8, http://www.andre-simon.de/ +# +# table.blob .num { color:#2928ff; } +# table.blob .esc { color:#ff00ff; } +# table.blob .str { color:#ff0000; } +# table.blob .dstr { color:#818100; } +# table.blob .slc { color:#838183; font-style:italic; } +# table.blob .com { color:#838183; font-style:italic; } +# table.blob .dir { color:#008200; } +# table.blob .sym { color:#000000; } +# table.blob .kwa { color:#000000; font-weight:bold; } +# table.blob .kwb { color:#830000; } +# table.blob .kwc { color:#000000; font-weight:bold; } +# table.blob .kwd { color:#010181; } +# +# +# Style definition file generated by highlight 2.6.14, http://www.andre-simon.de/ +# +# body.hl { background-color:#ffffff; } +# pre.hl { color:#000000; background-color:#ffffff; font-size:10pt; font-family:'Courier New';} +# .hl.num { color:#2928ff; } +# .hl.esc { color:#ff00ff; } +# .hl.str { color:#ff0000; } +# .hl.dstr { color:#818100; } +# .hl.slc { color:#838183; font-style:italic; } +# .hl.com { color:#838183; font-style:italic; } +# .hl.dir { color:#008200; } +# .hl.sym { color:#000000; } +# .hl.line { color:#555555; } +# .hl.mark { background-color:#ffffbb;} +# .hl.kwa { color:#000000; font-weight:bold; } +# .hl.kwb { color:#830000; } +# .hl.kwc { color:#000000; font-weight:bold; } +# .hl.kwd { color:#010181; } +# +# +# Style definition file generated by highlight 3.8, http://www.andre-simon.de/ +# +# body.hl { background-color:#e0eaee; } +# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New';} +# .hl.num { color:#b07e00; } +# .hl.esc { color:#ff00ff; } +# .hl.str { color:#bf0303; } +# .hl.pps { color:#818100; } +# .hl.slc { color:#838183; font-style:italic; } +# .hl.com { color:#838183; font-style:italic; } +# .hl.ppc { color:#008200; } +# .hl.opt { color:#000000; } +# .hl.lin { color:#555555; } +# .hl.kwa { color:#000000; font-weight:bold; } +# .hl.kwb { color:#0057ae; } +# .hl.kwc { color:#000000; font-weight:bold; } +# .hl.kwd { color:#010181; } +# +# +# Style definition file generated by highlight 3.13, http://www.andre-simon.de/ +# +# body.hl { background-color:#e0eaee; } +# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace;} +# .hl.num { color:#b07e00; } +# .hl.esc { color:#ff00ff; } +# .hl.str { color:#bf0303; } +# .hl.pps { color:#818100; } +# .hl.slc { color:#838183; font-style:italic; } +# .hl.com { color:#838183; font-style:italic; } +# .hl.ppc { color:#008200; } +# .hl.opt { color:#000000; } +# .hl.ipl { color:#0057ae; } +# .hl.lin { color:#555555; } +# .hl.kwa { color:#000000; font-weight:bold; } +# .hl.kwb { color:#0057ae; } +# .hl.kwc { color:#000000; font-weight:bold; } +# .hl.kwd { color:#010181; } +# +# +# The following environment variables can be used to retrieve the configuration +# of the repository for which this script is called: +# CGIT_REPO_URL ( = repo.url setting ) +# CGIT_REPO_NAME ( = repo.name setting ) +# CGIT_REPO_PATH ( = repo.path setting ) +# CGIT_REPO_OWNER ( = repo.owner setting ) +# CGIT_REPO_DEFBRANCH ( = repo.defbranch setting ) +# CGIT_REPO_SECTION ( = section setting ) +# CGIT_REPO_CLONE_URL ( = repo.clone-url setting ) +# + +# store filename and extension in local vars +BASENAME="$1" +EXTENSION="${BASENAME##*.}" + +[ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt +[ -z "${EXTENSION}" ] && EXTENSION=txt + +# map Makefile and Makefile.* to .mk +[ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk + +# highlight versions 2 and 3 have different commandline options. Specifically, +# the -X option that is used for version 2 is replaced by the -O xhtml option +# for version 3. +# +# Version 2 can be found (for example) on EPEL 5, while version 3 can be +# found (for example) on EPEL 6. +# +# This is for version 2 +#exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null + +# This is for version 3 +exec highlight --force --inline-css --style=solarized-dark -f -I -O xhtml -S "$EXTENSION" 2>/dev/null diff --git a/images/git/gitolite/admin.pub b/images/git/gitolite/admin.pub new file mode 100644 index 0000000..cd1e155 --- /dev/null +++ b/images/git/gitolite/admin.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDuNResYJNUNlReRIxPMMnI3hAaW5dNs3E2qoeqHsU/nwnL+czVKOkHnG8gQaKSN7q0wVP3o3ozSsGHdYBJ0YrAYMccOPGkPJ6Aua/7LBkxTc1bVbGrPAEVDYfvNKTU0KjbOfUt6bAbtx1KzbzttBHRR14AxHSUH3ELja6a1foATQWyArLmykmo8aFp75n9+b8XVkmtVtSB0VFibMGwLekNgTD1zOZfzqjxD2EQop279Y8s9kfadpxznONLBNgNUZEzkk++MTh2a6OXW4WA2+dH8WaG2hwjghYbqSDlYe9yjyxhRS0ZtUuVlxlMlTsn0MIt/fYlYNSJts4I11ehBQFkzWUv/i/BgKFKX2M1A5fZTI9emlKJ/Iz3EyXNg1VNc/8iCVaWMpKUbT8Hao8qvwihoZegyVZRmCbUDyxVpjy2Qyl3/dl8mjsYbzYK6CyLo198rCeSrYlF7c81KikPmNuibzSL0UHvA94HK7hVWfu+iZKPZOYVdIle25+hZcL+s7GROy5iGWA9qwgaqXShbqhyyg/lXCY8MdyDBdomWrdk9SvQ0hbNLwSrNlcHAoO3H8/HRcoW4/faiFsm8SFF4RnsIYfVNKCUYlf4kspbHUxUWuEMtOxpo/uu3Zs7hI+TQL9FKwrLRgnu72sx0Y1o4PIGHUldSgzoYAxL+EaF3qgYhoOyiVFa5IRioaG9FRFJ1hboq+0XxQXYzJ8z9CrRa/Gxrp/Etqdevm8IjuOWelDAR4UPgeQsvjHvZVxLOGay8wBtA0/My9meouPDn7jzPjfFUcmdB99PM/PfrqJBC+WdldEfURrAeax6b2LidFl3bN4BLGwK0BlPybjgj7jm1THMnnM4F7BmhzA8MN1tmcEIiZSbW3lRjMxTikGkhvq1NbMp/k6ZmMkwJcwORSJRVdji3wYOuQxl2/u+Ey2NtBXyA5TomPvkWR/h9us+2/8WOxVlpjs6PtYEguehLbuqPWANM1FG9ngAMc1yGMp9YXPKQn+xVvOssOK6VoAu57q9zHJ5GQe8Pm6+2Qpq7hWRDkxIfnDGAeLDIlHa4JunX+okSCH14fx2PpwRfQ1UUhp5wnDtcAfkWGmq82HQknAigNWih5LqPthfjMuhUUcgYsciWYFKZbum4/yecfXUUx9SlcAwVrEZ+kwvNw1UsjrRtITsCBaBlSDpioyXYmJ6ldxUOKZiqAvAKeB0zRF3xpALWZuADh22BzWaNeLL8Gw5uR9TV7PGQ9wpd07SRsdabqLtYqg2P0/t+zPlKHNkL80vZjmuYJeHZ6Zmv3K4PsKEsHG3nXcA8PUI09IfvBbUnzlUb46V5K2O6E3iiSeQBRv7jWEkwGZy9/lBMUM7Qxw3a9Hv till@hoeppner.ws diff --git a/images/git/gitolite/generate_certs.sh b/images/git/gitolite/generate_certs.sh new file mode 100644 index 0000000..3b75a9d --- /dev/null +++ b/images/git/gitolite/generate_certs.sh @@ -0,0 +1,7 @@ +if [ ! -e /data/ssh/host_rsa_key ]; then + echo "Generating host keys" + ssh-keygen -t rsa -f /data/ssh/host_rsa_key + ssh-keygen -t dsa -f /data/ssh/host_dsa_key + ssh-keygen -t ecdsa -f /data/ssh/host_ecdsa_key + ssh-keygen -t ed25519 -f /data/ssh/host_ed25519_key +fi diff --git a/images/git/gitolite/gitolite.rc b/images/git/gitolite/gitolite.rc new file mode 100644 index 0000000..2ab1369 --- /dev/null +++ b/images/git/gitolite/gitolite.rc @@ -0,0 +1,204 @@ +# configuration variables for gitolite + +# This file is in perl syntax. But you do NOT need to know perl to edit it -- +# just mind the commas, use single quotes unless you know what you're doing, +# and make sure the brackets and braces stay matched up! + +# (Tip: perl allows a comma after the last item in a list also!) + +# HELP for commands can be had by running the command with "-h". + +# HELP for all the other FEATURES can be found in the documentation (look for +# "list of non-core programs shipped with gitolite" in the master index) or +# directly in the corresponding source file. + +%RC = ( + #GL_REPO_BASE => '/data/projects/', + #GL_ADMIN_BASE => '/data/', + + # ------------------------------------------------------------------ + + # default umask gives you perms of '0700'; see the rc file docs for + # how/why you might change this + UMASK => 0002, + + # look for "git-config" in the documentation + GIT_CONFIG_KEYS => 'hooks\.readme url.*insteadOf', + + WRITER_CAN_UPDATE_DESC => 1, + + # comment out if you don't need all the extra detail in the logfile + LOG_EXTRA => 1, + # logging options + # 1. leave this section as is for 'normal' gitolite logging (default) + # 2. uncomment this line to log ONLY to syslog: + # LOG_DEST => 'syslog', + # 3. uncomment this line to log to syslog and the normal gitolite log: + # LOG_DEST => 'syslog,normal', + # 4. prefixing "repo-log," to any of the above will **also** log just the + # update records to "gl-log" in the bare repo directory: + # LOG_DEST => 'repo-log,normal', + # LOG_DEST => 'repo-log,syslog', + # LOG_DEST => 'repo-log,syslog,normal', + + # roles. add more roles (like MANAGER, TESTER, ...) here. + # WARNING: if you make changes to this hash, you MUST run 'gitolite + # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE' + ROLES => { + READERS => 1, + WRITERS => 1, + }, + + # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! + # CACHE => 'Redis', + + # ------------------------------------------------------------------ + + # rc variables used by various features + + # the 'info' command prints this as additional info, if it is set + # SITE_INFO => 'Please see http://blahblah/gitolite for more help', + + # the CpuTime feature uses these + # display user, system, and elapsed times to user after each git operation + # DISPLAY_CPU_TIME => 1, + # display a warning if total CPU times (u, s, cu, cs) crosses this limit + # CPU_TIME_WARN_LIMIT => 0.1, + + # the Mirroring feature needs this + # HOSTNAME => "foo", + + # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING! + # CACHE_TTL => 600, + + # ------------------------------------------------------------------ + + # suggested locations for site-local gitolite code (see cust.html) + + # this one is managed directly on the server + # LOCAL_CODE => "$ENV{HOME}/local", + + # or you can use this, which lets you put everything in a subdirectory + # called "local" in your gitolite-admin repo. For a SECURITY WARNING + # on this, see http://gitolite.com/gitolite/non-core.html#pushcode + # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", + + # ------------------------------------------------------------------ + + # List of commands and features to enable + + ENABLE => [ + + # COMMANDS + + # These are the commands enabled by default + 'help', + 'desc', + 'info', + 'perms', + 'writable', + + # Uncomment or add new commands here. + 'create', + # 'fork', + # 'mirror', + # 'readme', + # 'sskm', + 'D', + + # These FEATURES are enabled by default. + + # essential (unless you're using smart-http mode) + 'ssh-authkeys', + + # creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz' + 'git-config', + + # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out + 'daemon', + + # creates projects.list file; if you don't use gitweb, comment this out + 'gitweb', + + # These FEATURES are disabled by default; uncomment to enable. If you + # need to add new ones, ask on the mailing list :-) + + # user-visible behaviour + + # prevent wild repos auto-create on fetch/clone + # 'no-create-on-read', + # no auto-create at all (don't forget to enable the 'create' command!) + # 'no-auto-create', + + # access a repo by another (possibly legacy) name + # 'Alias', + + # give some users direct shell access. See documentation in + # sts.html for details on the following two choices. + # "Shell $ENV{HOME}/.gitolite.shell-users", + # 'Shell alice bob', + + # set default roles from lines like 'option default.roles-1 = ...', etc. + # 'set-default-roles', + + # show more detailed messages on deny + # 'expand-deny-messages', + + # show a message of the day + # 'Motd', + + # system admin stuff + + # enable mirroring (don't forget to set the HOSTNAME too!) + # 'Mirroring', + + # allow people to submit pub files with more than one key in them + # 'ssh-authkeys-split', + + # selective read control hack + # 'partial-copy', + + # manage local, gitolite-controlled, copies of read-only upstream repos + 'upstream', + + # updates 'description' file instead of 'gitweb.description' config item + 'cgit', + + # allow repo-specific hooks to be added + # 'repo-specific-hooks', + + # performance, logging, monitoring... + + # be nice + # 'renice 10', + + # log CPU times (user, system, cumulative user, cumulative system) + # 'CpuTime', + + # syntactic_sugar for gitolite.conf and included files + + # allow backslash-escaped continuation lines in gitolite.conf + # 'continuation-lines', + + # create implicit user groups from directory names in keydir/ + # 'keysubdirs-as-groups', + + # allow simple line-oriented macros + # 'macros', + + # Kindergarten mode + + # disallow various things that sensible people shouldn't be doing anyway + # 'Kindergarten', + ], + +); + +# ------------------------------------------------------------------------------ +# per perl rules, this should be the last line in such a file: +1; + +# Local variables: +# mode: perl +# End: +# vim: set syn=perl: diff --git a/images/git/gitolite/sshd_config b/images/git/gitolite/sshd_config new file mode 100644 index 0000000..15b448f --- /dev/null +++ b/images/git/gitolite/sshd_config @@ -0,0 +1,55 @@ +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /data/ssh/host_rsa_key +HostKey /data/ssh/host_dsa_key +HostKey /data/ssh/host_ecdsa_key +HostKey /data/ssh/host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Logging +SyslogFacility AUTH +LogLevel VERBOSE + +# Authentication: +LoginGraceTime 120 +PermitRootLogin no +StrictModes yes + +PubkeyAuthentication yes +AuthorizedKeysFile /data/git/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +PasswordAuthentication no + +X11Forwarding no +PrintMotd no +TCPKeepAlive yes +#UseLogin no + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# Subsystem sftp /usr/lib/openssh/sftp-server diff --git a/images/git/nginx/nginx.conf b/images/git/nginx/nginx.conf new file mode 100644 index 0000000..9528692 --- /dev/null +++ b/images/git/nginx/nginx.conf @@ -0,0 +1,51 @@ +worker_processes 1; +user root; +pid /run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + gzip on; + + access_log /dev/stdout; + error_log /dev/stderr; + + # Cgit + server { + listen 80; + root /usr/share/webapps/cgit; + server_name tx0.co; + try_files $uri @cgit; + + location ~ /git(/.*) { + # Set chunks to unlimited, as the body's can be huge + client_max_body_size 0; + + # Forward REMOTE_USER as we want to know when we are authenticated + fastcgi_param REMOTE_USER $remote_user; + fastcgi_pass unix:/run/fcgiwrap.sock; + + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; + # fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /data/git/repositories; + fastcgi_param PATH_INFO $1; + } + + location @cgit { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:/run/fcgiwrap.sock; + } + } +} diff --git a/images/git/service/daemon/run b/images/git/service/daemon/run new file mode 100644 index 0000000..485e706 --- /dev/null +++ b/images/git/service/daemon/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec chpst -ugit git daemon --base-path=/data/git/repositories diff --git a/images/git/service/fcgiwrap/run b/images/git/service/fcgiwrap/run new file mode 100644 index 0000000..4c7efcb --- /dev/null +++ b/images/git/service/fcgiwrap/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec spawn-fcgi -n -s /run/fcgiwrap.sock /usr/bin/fcgiwrap 2>&1 diff --git a/images/git/service/nginx/run b/images/git/service/nginx/run new file mode 100644 index 0000000..ef7f976 --- /dev/null +++ b/images/git/service/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx -g 'daemon off;' 2>&1 diff --git a/images/git/service/sshd/run b/images/git/service/sshd/run new file mode 100644 index 0000000..91abb22 --- /dev/null +++ b/images/git/service/sshd/run @@ -0,0 +1,4 @@ +#!/bin/sh +mkdir -p /data/ssh +chmod +x /app/generate_certs.sh +/app/generate_certs.sh && exec /usr/sbin/sshd -D 2>&1 -- cgit v1.2.3