commit 1e2ac9d1992335e672df8a27b71faa1cef3ce564
parent c772c5a5c7f8dddd39cefdb2522ee0850f256756
Author: Kévin Le Gouguec <kevin.legouguec@gmail.com>
Date: Wed, 4 Aug 2021 21:40:19 +0200
Note down setup for Git services on VPS
Slightly redundant with guides/cloud/git.org; trying to simplify
things (e.g. let --shared=group handle the setgid shenanigans).
Diffstat:
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org
@@ -43,7 +43,8 @@ So instead, I'll
sudo hostnamectl set-hostname $fqdn
#+end_src
-* Web server
+* Services
+** Web server
Run ~sudo apt install nginx~; then, in
=/etc/nginx/sites-available/$FQDN=:
#+begin_src conf
@@ -65,7 +66,7 @@ server {
Use one =access_log= file per site, to simplify analytics.
Run ~sudo systemctl restart nginx~.
-** fail2ban
+*** fail2ban
With the following files in =$HOME=:
#+begin_src conf
# nginx-botsearch.local
@@ -99,3 +100,16 @@ sudo systemctl restart fail2ban
Check how these rules fare against real bot searches with
~fail2ban-regex /var/log/nginx/access.log
/etc/fail2ban/filter.d/nginx-botsearch.local~.
+** Git server
+*** SSH access
+#+begin_src sh
+$ sudo apt install git
+$ sudo tee -a /etc/shells <<< $(which git-shell)
+$ sudo adduser git --disabled-password --shell $(which git-shell)
+$ sudo mkdir /srv/git
+$ sudo chown git:git /srv/git
+# For every new repo:
+$ sudo -u git git init --bare --shared=group /srv/git/${repo}
+#+end_src
+
+*** TODO Web mirror
