initial commit

8 files changed, 227 insertions, 0 deletions

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..fcadb2c
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+* text eol=lf
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e561504
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/repositories/
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c0e2943
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+# git.zue.dev
+
+> Server configuration for my git server, powered by Docker.
+
+## Abstract
+
+This repository contains the necessary configuration files and instructions to set up an opinionated self-hosted git server using Docker. The server is designed to be secure, efficient, and easy to manage, allowing users to host their git repositories without relying on third-party services.
diff --git a/cgitrc b/cgitrc
new file mode 100644
index 0000000..a4be584
--- /dev/null
+++ b/cgitrc
@@ -0,0 +1,68 @@
+# https://linux.die.net/man/5/cgitrc
+
+root-title=git.zue.dev
+root-desc=If it's on this site, I'm working on it.
+root-readme=/root-readme.html
+header=/header.html
+
+# enable commit graph on repo "log" page
+enable-commit-graph=1
+
+# disable showing owner of the repository
+enable-index-owner=0
+
+# enable printing the number of modified files for each commit on the repository log page
+enable-log-filecount=1
+
+# enable printing the number of added and removed lines for each commit on the repository log page
+enable-log-linecount=1
+
+# use git config to set any repo specific settings
+enable-git-config=1
+
+# enable showing remote branches
+enable-remote-branches=1
+
+# enable snapshot downloads
+snapshots=tar tar.gz tar.bz2 tar.xz zip
+
+# disable cache to make sure cgit always shows the latest changes
+cache-size=0
+
+scan-path=/srv/git
+
+# this has to be empty for cgit to work with a reverse proxy
+virtual-root=
+
+#
+# Search for these files in the root of the default branch of repositories
+# for coming up with the about page:
+#
+readme=:README.md
+readme=:readme.md
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.rst
+readme=:readme.rst
+readme=:README.html
+readme=:readme.html
+readme=:README.htm
+readme=:readme.htm
+readme=:README.txt
+readme=:readme.txt
+readme=:README
+readme=:readme
+readme=:INSTALL.md
+readme=:install.md
+readme=:INSTALL.mkd
+readme=:install.mkd
+readme=:INSTALL.rst
+readme=:install.rst
+readme=:INSTALL.html
+readme=:install.html
+readme=:INSTALL.htm
+readme=:install.htm
+readme=:INSTALL.txt
+readme=:install.txt
+readme=:INSTALL
+readme=:install
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..204c145
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,81 @@
+services:
+  git:
+    build:
+      context: .
+      dockerfile_inline: |
+        # This Dockerfile sets up a simple SSH server for hosting git repositories. It installs the necessary packages, creates the required directories, and configures SSH to allow access using authorized keys.
+
+        # Start with a base Debian image
+        FROM debian:13.4
+
+        # Install dependencies and clean up apt cache to reduce image size
+        RUN apt-get update && apt-get install -y --no-install-recommends \
+          openssh-server \
+          git \
+          && rm -rf /var/lib/apt/lists/*
+
+        # Create the privilage separation directory as openssh-server post-install script doesn't do it in docker build context
+        RUN mkdir -p /var/run/sshd
+
+        # Create a git user and set up the home directory
+        RUN useradd -m -s /bin/bash git
+
+        # Create the repositories directory and set appropriate permissions
+        RUN mkdir -p /repositories && chown git:git /repositories
+
+        # Disallow password authentication for security reasons
+        RUN echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
+
+        # Copy the entrypoint script into the container
+        COPY entrypoint.bash /
+
+        # Make the entrypoint script executable
+        RUN chmod +x /entrypoint.bash
+
+        # Expose port 22 for SSH access
+        EXPOSE 22
+
+        # Define our entrypoint
+        ENTRYPOINT [ "/entrypoint.bash" ]
+    environment:
+      AUTHORIZED_KEYS: |
+        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0kwVbA9ZdXOAuiyPeXsJ7HSujPtCIYtFPl2GdajHDT0SwsZDUMNr/p6Y9DyQjOI1zqD73ndGSOIe6EY7adB3L6ZSODvDwFlGMtP5sXE0UESOcJJdU7m4wHWieM3xal5nz1Y2BJyp2x04Ol5+kpak9A4MqUcHz29Z4ubgPG/UUWENoKZIfHXSCZfvJBO82InrvieAu/dpKzmtkXNJ9bP+fSkiNnCOVo+ZvCbIuZm8tOoQIhshzdeVhfNmdUj9LNErkoGoJ+CA13eXYlqT9B8o45E+M8lLxQr/RpzCk/3likszBzVqITB6Vkrvey8BcHhcbrs+5LYbxvb6s+1bsRHNAwO+w7SgrD3eX8AQqFKvb6xzrFji+996NWSC2hVLcKZyDvSM2p6ws4IDLFLD64IS+73SEZv2fN847j0vmqJqXYPpB/jQKuUG+rWeonkDXBfPjFrHtp75nk5bSBBDi+LQBGW52nz6/gtOWP46USV46BW2zF+YFSyw/2Ta7DMhrvXlLWuDV/CpK0FytpHjQWjHoiDfrZfiDAOu8sPIiH7hjZevHqzNJ+xOZDNqNbYqxxB1gLeK4u6xX9c4Jkk259r09tMutFACbzxxPQr3LYBKW8IrPcX1rfuE4+aZ1UysfjG/2FmKOPeWca9tVSQUK7RSThvzWDGdm0gXxI0HrPwmfZQ== zuedev
+    ports:
+      - "2222:22"
+    volumes:
+      - ./repositories:/repositories
+  
+  cgit:
+    build:
+      context: .
+      dockerfile_inline: |
+        # This Dockerfile sets up a CGit server using an Alpine Linux base image. It configures CGit with custom settings and serves the repositories from a specified directory.
+
+        # Start with a base Alpine image that has CGit installed
+        FROM joseluisq/alpine-cgit:2.9.0
+
+        ENV USE_CUSTOM_CONFIG="true"
+
+        # Copy the custom cgit configuration file into the container
+        COPY cgitrc /etc/cgitrc
+
+        # Copy the root readme file into the container
+        COPY root-readme.html /root-readme.html
+
+        # Copy the header file into the container
+        COPY header.html /header.html
+    develop:
+      watch:
+        - action: sync+restart
+          path: ./cgitrc
+          target: /etc/cgitrc
+        - action: sync+restart
+          path: ./root-readme.html
+          target: /root-readme.html
+        - action: sync+restart
+          path: ./header.html
+          target: /header.html
+    ports:
+      - "8080:80"
+    volumes:
+      - ./repositories:/srv/git:ro
\ No newline at end of file
diff --git a/entrypoint.bash b/entrypoint.bash
new file mode 100644
index 0000000..80e7c91
--- /dev/null
+++ b/entrypoint.bash
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# This script is the entry point for the git server container. It sets up the necessary environment and starts the git sshd service.
+
+# Do we have an authorized_keys environment variable?
+if [ -n "$AUTHORIZED_KEYS" ]; then
+    echo "Setting up authorized_keys..."
+    mkdir -p /home/git/.ssh
+    echo "$AUTHORIZED_KEYS" > /home/git/.ssh/authorized_keys
+    chmod 600 /home/git/.ssh/authorized_keys
+    chown -R git:git /home/git/.ssh
+else
+    echo "No AUTHORIZED_KEYS environment variable found. Exiting."
+    exit 1
+fi
+
+# Set the correct permissions for the git user
+chown -R git:git /home/git
+
+# Start the SSH service in the background
+echo "Starting SSH service..."
+/usr/sbin/sshd -D -E /var/log/sshd.log &
+
+# Wait for the SSH service to start
+sleep 2
+
+# Watch the SSH log for any errors
+tail -f /var/log/sshd.log
\ No newline at end of file
diff --git a/header.html b/header.html
new file mode 100644
index 0000000..5054151
--- /dev/null
+++ b/header.html
@@ -0,0 +1,25 @@
+<!-- import DarkReader -->
+<script src="https://cdn.jsdelivr.net/npm/darkreader@4.9.125/darkreader.min.js"></script>
+
+<!-- import hljs -->
+<link
+  rel="stylesheet"
+  href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.1/styles/default.min.css"
+/>
+<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.11.1/highlight.min.js"></script>
+
+<!-- run main script -->
+<script>
+  document.addEventListener("DOMContentLoaded", (event) => {
+    // apply syntax highlighting to all code blocks
+    document.querySelectorAll("pre code").forEach((block) => {
+      hljs.highlightElement(block);
+    });
+
+    // set fetch method for DarkReader to use the same origin policy
+    DarkReader.setFetchMethod(window.fetch);
+
+    // auto-enable dark mode if user has set it as their preference
+    DarkReader.auto();
+  });
+</script>
diff --git a/root-readme.html b/root-readme.html
new file mode 100644
index 0000000..b13036c
--- /dev/null
+++ b/root-readme.html
@@ -0,0 +1,16 @@
+<h1>About</h1>
+<p>
+  This site is a self-hosted instance of
+  <a href="https://git.zx2c4.com/cgit/" target="_blank">cgit</a>, a web
+  interface for Git repositories. It is configured to serve repositories from my
+  personal git server and is primarily intended for my own use. However, it is
+  publicly accessible and may contain repositories that are of interest to
+  others. If you find something useful, feel free to clone it and use it as you
+  see fit.
+</p>
+<p>
+  Have an issue to report or a
+  <a href="https://git-send-email.io" target="_blank">patch to submit</a>? Send
+  it to:
+  <a href="mailto:git@zue.dev">git@zue.dev</a>
+</p>