From mboxrd@z Thu Jan 1 00:00:00 1970 From: "pelzflorian (Florian Pelz)" Subject: Using Cgit with Gitolite Date: Sun, 24 Nov 2019 23:37:24 +0100 Message-ID: <20191124223724.tr4nnyn426pg25oy@pelzflorian.localdomain> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="2ye2jeujyaqsmgdq" Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:55759) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iZ0VV-000891-3O for guix-devel@gnu.org; Sun, 24 Nov 2019 17:37:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iZ0VT-0007C9-Of for guix-devel@gnu.org; Sun, 24 Nov 2019 17:37:28 -0500 Received: from pelzflorian.de ([5.45.111.108]:38688 helo=mail.pelzflorian.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iZ0VT-0007Ar-8R for guix-devel@gnu.org; Sun, 24 Nov 2019 17:37:27 -0500 Received: from pelzflorian.localdomain (unknown [5.45.111.108]) by mail.pelzflorian.de (Postfix) with ESMTPSA id C3C533604DA for ; Sun, 24 Nov 2019 23:37:24 +0100 (CET) Content-Disposition: inline List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --2ye2jeujyaqsmgdq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello! I am in the process of setting up a server and use Cgit with Gitolite. I would like to add instructions to the Guix manual, but I have some questions: 1) In order to make Cgit see my repos I need to use (define git-group-permissions-activation #~(let ((dir "/var/lib/gitolite")) (if (file-exists? dir) (chmod dir #o755) (format #t "WARNING: ~a does not exist yet; reconfigure again!"= )))) (define git-services (list ... (simple-service 'git-group-permissions activation-service-type git-group-permissions-activation))) Does this have robust guarantees to always be executed after adding the gitolite git user and its home directory? I am also not sure if/how it should be added to the Gitolite service. Perhaps the gitolite-service=E2=80=99s activation should set the permissi= ons of its home directory to the complement of its umask by default? 2) I also need to set Gitolite=E2=80=99s umask to #o0022 in order to give= read permissions to other users not in the git group. With #o0027 Cgit tells me =E2=80=9CNo repositories found=E2=80=9C. Without success I trie= d adding nginx to the git group or setting the fcgiwrap group to git, but Cgit still has no read access. I do not understand the reason because afterwards with `sudo -u nginx git clone file:///=E2=80=A6` I can access = the repos but Cgit cannot. Is this possible? Am I doing something wrong? 3) It appears I need to add openssh-service to use Gitolite. I believe it should be documented in the manual. WDYT? I attach a minimal Guix System configuration for testing using `guix system vm-image config.scm`. I test with it by using NetworkManager with dnsmasq as described in =E2=80=9Cinfo "(guix)Networking Services"=E2= =80=9D. My full working config so far is at: https://mailbaby.de/git/machine-mailbaby-de/tree/config.scm?id=3D6c45ba19= f8d5ff646f05563c642b6433c5acd988 Regards, Florian --2ye2jeujyaqsmgdq Content-Type: application/vnd.lotus-screencam Content-Disposition: attachment; filename="config.scm" Content-Transfer-Encoding: quoted-printable (use-modules (gnu))=0A(use-service-modules cgit networking ssh version-cont= rol web)=0A=0A(define git-group-permissions-activation=0A #~(let ((dir "/v= ar/lib/gitolite"))=0A (if (file-exists? dir)=0A (chmod dir #o= 755)=0A (format #t "WARNING: ~a does not exist yet; reconfigure ag= ain!"))))=0A=0A(define git-services=0A (list=0A (service gitolite-servic= e-type=0A (gitolite-configuration=0A (admin-pubkey (plain-file=0A = "pelzflorian.pub"=0A "\=0Assh-ed25519 A= AAAC3NzaC1lZDI1NTE5AAAAIEkSgMQnpb+1p6Z+8ZCm3tOjSA4vz2MQ/qX2XfXQly4l pelzflo= rian@florianmacbook"))=0A (rc-file=0A (gitolite-rc-file=0A (= umask #o0022)))))=0A (service cgit-service-type=0A (cgit-configuration= =0A (repository-directory "/var/lib/gitolite/repositories")))=0A (sim= ple-service 'git-group-permissions activation-service-type=0A = git-group-permissions-activation)))=0A=0A(operating-system=0A (host-na= me "gittestvm")=0A (timezone "Europe/Berlin")=0A (services=0A (append=0A = git-services=0A (list (service dhcp-client-service-type)=0A (ser= vice openssh-service-type) ;; THIS IS NECESSARY FOR GITOLITE=0A (se= rvice nginx-service-type))=0A %base-services))=0A (bootloader=0A (bootlo= ader-configuration=0A (bootloader grub-bootloader)=0A (target "/dev/sda= ")))=0A (file-systems=0A (cons* (file-system=0A (mount-point "/")= =0A (device "/dev/sda")=0A (type "ext4"))=0A %bas= e-file-systems)))=0A --2ye2jeujyaqsmgdq--