From mboxrd@z Thu Jan  1 00:00:00 1970
From: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Subject: Using Cgit with Gitolite
Date: Sun, 24 Nov 2019 23:37:24 +0100
Message-ID: <20191124223724.tr4nnyn426pg25oy@pelzflorian.localdomain>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="2ye2jeujyaqsmgdq"
Content-Transfer-Encoding: 7bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:55759)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <pelzflorian@pelzflorian.de>) id 1iZ0VV-000891-3O
 for guix-devel@gnu.org; Sun, 24 Nov 2019 17:37:30 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <pelzflorian@pelzflorian.de>) id 1iZ0VT-0007C9-Of
 for guix-devel@gnu.org; Sun, 24 Nov 2019 17:37:28 -0500
Received: from pelzflorian.de ([5.45.111.108]:38688 helo=mail.pelzflorian.de)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <pelzflorian@pelzflorian.de>)
 id 1iZ0VT-0007Ar-8R
 for guix-devel@gnu.org; Sun, 24 Nov 2019 17:37:27 -0500
Received: from pelzflorian.localdomain (unknown [5.45.111.108])
 by mail.pelzflorian.de (Postfix) with ESMTPSA id C3C533604DA
 for <guix-devel@gnu.org>; Sun, 24 Nov 2019 23:37:24 +0100 (CET)
Content-Disposition: inline
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org


--2ye2jeujyaqsmgdq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello!

I am in the process of setting up a server and use Cgit with Gitolite.

I would like to add instructions to the Guix manual, but I have some
questions:

1) In order to make Cgit see my repos I need to use

(define git-group-permissions-activation
  #~(let ((dir "/var/lib/gitolite"))
      (if (file-exists? dir)
          (chmod dir #o755)
          (format #t "WARNING: ~a does not exist yet; reconfigure again!"=
))))

(define git-services
  (list
   ...
   (simple-service 'git-group-permissions activation-service-type
                   git-group-permissions-activation)))

Does this have robust guarantees to always be executed after adding
the gitolite git user and its home directory?

I am also not sure if/how it should be added to the Gitolite service.
Perhaps the gitolite-service=E2=80=99s activation should set the permissi=
ons
of its home directory to the complement of its umask by default?

2) I also need to set Gitolite=E2=80=99s umask to #o0022 in order to give=
 read
permissions to other users not in the git group.  With #o0027 Cgit
tells me =E2=80=9CNo repositories found=E2=80=9C.  Without success I trie=
d adding
nginx to the git group or setting the fcgiwrap group to git, but Cgit
still has no read access.  I do not understand the reason because
afterwards with `sudo -u nginx git clone file:///=E2=80=A6` I can access =
the
repos but Cgit cannot.  Is this possible?  Am I doing something wrong?

3) It appears I need to add openssh-service to use Gitolite.  I
believe it should be documented in the manual.  WDYT?


I attach a minimal Guix System configuration for testing using `guix
system vm-image config.scm`.  I test with it by using NetworkManager
with dnsmasq as described in =E2=80=9Cinfo "(guix)Networking Services"=E2=
=80=9D.

My full working config so far is at:

https://mailbaby.de/git/machine-mailbaby-de/tree/config.scm?id=3D6c45ba19=
f8d5ff646f05563c642b6433c5acd988

Regards,
Florian
--2ye2jeujyaqsmgdq
Content-Type: application/vnd.lotus-screencam
Content-Disposition: attachment; filename="config.scm"
Content-Transfer-Encoding: quoted-printable

(use-modules (gnu))=0A(use-service-modules cgit networking ssh version-cont=
rol web)=0A=0A(define git-group-permissions-activation=0A  #~(let ((dir "/v=
ar/lib/gitolite"))=0A      (if (file-exists? dir)=0A          (chmod dir #o=
755)=0A          (format #t "WARNING: ~a does not exist yet; reconfigure ag=
ain!"))))=0A=0A(define git-services=0A  (list=0A   (service gitolite-servic=
e-type=0A    (gitolite-configuration=0A     (admin-pubkey (plain-file=0A   =
                 "pelzflorian.pub"=0A                    "\=0Assh-ed25519 A=
AAAC3NzaC1lZDI1NTE5AAAAIEkSgMQnpb+1p6Z+8ZCm3tOjSA4vz2MQ/qX2XfXQly4l pelzflo=
rian@florianmacbook"))=0A     (rc-file=0A      (gitolite-rc-file=0A       (=
umask #o0022)))))=0A   (service cgit-service-type=0A    (cgit-configuration=
=0A     (repository-directory "/var/lib/gitolite/repositories")))=0A   (sim=
ple-service 'git-group-permissions activation-service-type=0A              =
     git-group-permissions-activation)))=0A=0A(operating-system=0A (host-na=
me "gittestvm")=0A (timezone "Europe/Berlin")=0A (services=0A  (append=0A  =
 git-services=0A   (list (service dhcp-client-service-type)=0A         (ser=
vice openssh-service-type) ;; THIS IS NECESSARY FOR GITOLITE=0A         (se=
rvice nginx-service-type))=0A   %base-services))=0A (bootloader=0A  (bootlo=
ader-configuration=0A   (bootloader grub-bootloader)=0A   (target "/dev/sda=
")))=0A (file-systems=0A  (cons* (file-system=0A          (mount-point "/")=
=0A          (device "/dev/sda")=0A          (type "ext4"))=0A         %bas=
e-file-systems)))=0A
--2ye2jeujyaqsmgdq--