#!/bin/sh set -e DOMAIN="${1:?Usage: $0 [repo-dir]}" REPO_DIR="${2:-/home/git}" for cmd in git sshd; do command -v "$cmd" >/dev/null || { echo "missing: $cmd"; exit 1; } done echo "==> git user" if ! id git >/dev/null 2>&1; then adduser --system --group --home "$REPO_DIR" --shell /usr/bin/git-shell git fi mkdir -p "$REPO_DIR/.ssh" chmod 700 "$REPO_DIR/.ssh" touch "$REPO_DIR/.ssh/authorized_keys" chmod 600 "$REPO_DIR/.ssh/authorized_keys" chown -R git:git "$REPO_DIR" echo "==> gitweb binary" install -m 755 gitweb /usr/local/bin/gitweb echo "==> sshd-git (port 2222)" cat > /etc/ssh/sshd_config_git < /etc/systemd/system/sshd-git.service <<'EOF' [Unit] Description=OpenSSH git-only SSH (port 2222) After=network.target [Service] Type=notify ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_config_git Restart=on-failure [Install] WantedBy=multi-user.target EOF echo "==> gitweb service" cat > /etc/systemd/system/gitweb.service < caddy" if command -v caddy >/dev/null 2>&1; then grep -q "$DOMAIN" /etc/caddy/Caddyfile 2>/dev/null || cat >> /etc/caddy/Caddyfile < firewall" iptables -C INPUT -p tcp --dport 2222 -j ACCEPT 2>/dev/null || \ iptables -A INPUT -p tcp --dport 2222 -j ACCEPT command -v netfilter-persistent >/dev/null && netfilter-persistent save 2>/dev/null || true echo "==> start" systemctl daemon-reload systemctl enable --now sshd-git gitweb command -v caddy >/dev/null && systemctl reload caddy echo "done. add keys to $REPO_DIR/.ssh/authorized_keys" echo "create repos: sudo -u git git init --bare $REPO_DIR/name.git"