From 1b01275abeff1c6c851c5cd09ea17ad635447700 Mon Sep 17 00:00:00 2001
From: Kévin Le Gouguec <kevin.legouguec@gmail.com>
Date: Fri, 6 Aug 2021 23:47:43 +0200
Subject: Add notes for cgit setup

---
 guides/cloud/git.org | 47 ------------------------------------------
 guides/cloud/vps.org | 58 ++++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 54 insertions(+), 51 deletions(-)
 delete mode 100644 guides/cloud/git.org

(limited to 'guides/cloud')

diff --git a/guides/cloud/git.org b/guides/cloud/git.org
deleted file mode 100644
index 11ec021..0000000
--- a/guides/cloud/git.org
+++ /dev/null
@@ -1,47 +0,0 @@
-Necessary configurations for running cgit behind nginx on Debian.
-* nginx
-In =/etc/nginx/sites-available/git.domain.tld=:
-#+begin_src
-server {
-	listen 80;
-	listen [::]:80;
-
-	server_name git.domain.tld;
-
-	root /usr/share/cgit;
-	try_files $uri @cgit;
-
-	location @cgit {
-		include fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
-		fastcgi_param PATH_INFO $uri;
-		fastcgi_param QUERY_STRING $args;
-		fastcgi_param HTTP_HOST $server_name;
-		fastcgi_pass unix:/run/fcgiwrap.socket;
-	}
-}
-#+end_src
-* cgit
-In =/etc/cgitrc=:
-#+begin_src conf
-css=/cgit.css
-logo=/cgit.png
-virtual-root=/
-
-scan-path=/srv/git
-#+end_src
-* git
-#+begin_src sh
-$ sudo echo $(which git-shell) >> /etc/shells
-$ sudo adduser git --disabled-password --shell $(which git-shell)
-# Add SSH keys to ~git/.ssh/authorized_keys, prefixed with:
-# "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty "
-$ sudo addgroup git-data
-$ sudo adduser git git-data
-$ sudo adduser www-data git-data
-$ sudo mkdir /srv/git
-$ sudo chown git:git-data /srv/git
-$ sudo chmod g+s /srv/git
-# For each repo:
-$ sudo -u git git init --bare /srv/git/$repo
-#+end_src
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org
index 1224a17..511c443 100644
--- a/guides/cloud/vps.org
+++ b/guides/cloud/vps.org
@@ -52,12 +52,12 @@ server {
 	listen 80;
 	listen [::]:80;
 
-	root /var/www/$FQDN/html;
-	index index.html;
-
 	server_name $FQDN www.$FQDN;
 	access_log /var/log/nginx/$FQDN.access.log;
 
+	root /var/www/$FQDN/html;
+	index index.html;
+
 	location / {
 		try_files $uri $uri/ =404;
 	}
@@ -112,4 +112,54 @@ $ sudo chown git:git /srv/git
 $ sudo -u git git init --bare --shared=group /srv/git/${repo}
 #+end_src
 
-*** TODO Web mirror
+*** Web mirror
+With =/etc/nginx/sites-available/git.$FQDN=:
+#+begin_src conf
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name git.$FQQN;
+	access_log /var/log/nginx/git.$FQQN.access.log;
+
+	root /usr/share/cgit;
+	try_files $uri @cgit;
+
+	location @cgit {
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
+		fastcgi_param PATH_INFO $uri;
+		fastcgi_param QUERY_STRING $args;
+		fastcgi_param HTTP_HOST $server_name;
+		fastcgi_pass unix:/run/fcgiwrap.socket;
+	}
+}
+#+end_src
+
+And =/etc/cgitrc/=:
+#+begin_src conf
+css=/cgit.css
+logo=/cgit.png
+
+virtual-root=/
+clone-prefix=http://git.$FQDN
+clone-url=http://git.$FQDN/$CGIT_REPO_URL
+
+enable-git-config=1
+enable-http-clone=1
+enable-index-owner=0
+scan-path=/srv/git
+#+end_src
+
+In each repository:
+- fill in =description=,
+- fill =[cgit]= section in =config= (=hide=, =owner=).
+
+Do:
+#+begin_src sh
+$ sudo apt install cgit fcgiwrap
+$ ( cd /etc/sites-enabled/ && ln -s ../sites-avaiable/git.$FQDN . )
+$ sudo systemctl restart nginx
+# Make fail2ban notice the new log file.
+$ sudo systemctl restart fail2ban
+#+end_src
-- 
cgit v1.2.3