From 17489120d557d9af614693ff6ee60a904ede4629 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Tue, 17 Mar 2020 01:11:18 +0100
Subject: [PATCH] GitWeb / git server setup.

---
 .../etc/nginx/sites-available/static.nginx    |  8 -----
 buster/etc_files/website/etc/gitweb.conf      | 19 ++++++++++++
 .../etc/nginx/sites-available/website.nginx   | 31 +++++++++++++++++++
 .../{setup_web_static.sh => setup_website.sh} | 21 +++++++++----
 4 files changed, 65 insertions(+), 14 deletions(-)
 delete mode 100644 buster/etc_files/web_static/etc/nginx/sites-available/static.nginx
 create mode 100644 buster/etc_files/website/etc/gitweb.conf
 create mode 100644 buster/etc_files/website/etc/nginx/sites-available/website.nginx
 rename buster/setup_scripts/{setup_web_static.sh => setup_website.sh} (56%)

diff --git a/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx b/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx
deleted file mode 100644
index a1e57d0..0000000
--- a/buster/etc_files/web_static/etc/nginx/sites-available/static.nginx
+++ /dev/null
@@ -1,8 +0,0 @@
-server {
-    listen 443 ssl;
-    server_name REPLACE_fqdn_ECALPER;
-    ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
-    root /var/www/html/;
-    index index.html index.htm index.nginx-debian.html;
-}
diff --git a/buster/etc_files/website/etc/gitweb.conf b/buster/etc_files/website/etc/gitweb.conf
new file mode 100644
index 0000000..c6d6f29
--- /dev/null
+++ b/buster/etc_files/website/etc/gitweb.conf
@@ -0,0 +1,19 @@
+# path to git projects (<project>.git)
+$projectroot = "/var/repos";
+
+# directory to use for temp files
+# explicitely set by Debian so it's probably a good choice
+$git_temp = "/tmp";
+
+# git-diff-tree(1) options to use for generated patches
+# we don't want to to guess renames, so empty
+@diff_opts = ();
+
+# Base path for where to find the repos for cloning.
+@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone');
+
+# allow snapshots
+$feature{'snapshot'}{'default'} = ['zip', 'tgz'];
+
+# insert header for GDPR compliance
+#$site_header = "/var/www/header.html"
diff --git a/buster/etc_files/website/etc/nginx/sites-available/website.nginx b/buster/etc_files/website/etc/nginx/sites-available/website.nginx
new file mode 100644
index 0000000..05c9a4b
--- /dev/null
+++ b/buster/etc_files/website/etc/nginx/sites-available/website.nginx
@@ -0,0 +1,31 @@
+server {
+    listen 443 ssl;
+    server_name REPLACE_fqdn_ECALPER;
+    ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+    root /var/www/html/;
+    index index.html index.htm index.nginx-debian.html;
+
+    # serve /var/repos/* for HTTPS git cloning
+    location ~ /repos/clone(/.*) {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+        # fastcgi_param GIT_HTTP_EXPORT_ALL "";
+        fastcgi_param GIT_PROJECT_ROOT /var/repos;
+        fastcgi_param PATH_INFO $1;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+    }
+
+    # gitweb static files
+    location /repos/static/ {
+        alias /usr/share/gitweb/static/;
+    }
+
+    # gitweb; this needs packages fcgiwrap and gitweb
+    location /repos/ {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
+        fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+    }
+}
diff --git a/buster/setup_scripts/setup_web_static.sh b/buster/setup_scripts/setup_website.sh
similarity index 56%
rename from buster/setup_scripts/setup_web_static.sh
rename to buster/setup_scripts/setup_website.sh
index 4c17398..a9909fb 100755
--- a/buster/setup_scripts/setup_web_static.sh
+++ b/buster/setup_scripts/setup_website.sh
@@ -3,16 +3,17 @@ set -e
 set -x
 # Heavily inspired by <https://docs-develop.pleroma.social/backend/installation/debian_based_en/>
 
-if [ "$#" -ne 1 ]; then
-    echo 'Need domain name as argument.'
+if [ "$#" -ne 2 ]; then
+    echo 'Need domain name and mail as argument.'
     false
 fi
 domain="$1"
+mail="$2"
 
 # Install configs, set up firewall.
 config_tree_prefix="${HOME}/config/buster"
 ./install_for_target.sh web
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web web_static
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web website
 nft -f /etc/nftables.conf
 
 # Set up letsencrypt certificate. TODO: Is it auto-renewed?
@@ -20,8 +21,16 @@ ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
 certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
 rm /etc/nginx/sites-enabled/default
 
-# Prepare NGINX config for Pleroma.
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/static.nginx
-ln -s /etc/nginx/sites-available/static.nginx /etc/nginx/sites-enabled/static.nginx
+# Set up repos dir.
+mkdir /var/repos
+chown plom:plom /var/repos
+# To use this dir, "git clone --mirror" repo source paths into it as user plom.
+# As user plom, touch git-daemon-export-ok files into it to make the repo
+# publically available.
+
+# Prepare NGINX and GitWeb config.
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx
+ln -s /etc/nginx/sites-available/static.nginx /etc/nginx/sites-enabled/website.nginx
 
 service nginx restart
-- 
2.30.2