###Private GIT server###
This is a local git repository(s) to host codes, and setup a version control system. Using Git,codes can be pulled, uploaded or cloned over ssh (every contributor needs their own public key added to the server) or via http (clone only, also insecure).
#####Authentication#####
Create a single user 'git' and add the contributors' public keys to .ssh/authorized_keys of the git user. This user can be secured by limiting access and setting up permission.
or
For small/personal use, just add the public keys to the default 'pi' user.
#####Authorization#####
-
If the repo will be used over internet, dont forget to disable password based logins and root logins,
-
Modify firewall setting and install fail2ban or sshguard for enhances security.
-
Disable shell access to git users by specifying user shell for the git user in /etc/passwd as /usr/bin/git-shell (or which git-shell to get the path)
[tip: Generate keys with ssh-keygen and copy it over with ssh-copy-id]
#####Create a bare repository#####
#all repos end in .git which isnt an extension
#add --shared flag to give group write access to repo
$ git in it --bare /path/to/git/container/directory/$reponame.git
This will create an empty repository.
#####Now clone the repository#####
$ git clone git@raspberrypi:/path/to/git/container/directory/$reponame.git
#or if the project exists just add the remote by:
$ git remote add raspberrypi git@raspberrypi:/path/to/git/container/directory/$reponame.git
From here, use the repository as you would with github, although, the users will have to be able to authenticate themselves with the password or key based authentication to push to this repository.
#####Display the code#####
The bare repository has the actual codes obfuscated/encrypted. To host a copy of the code elsewhere or view/download single files from server use the post-receive
hook to checkout the repo at some directory and make that directory available to the server.
Create a file /location/to/git-bare-repo/hooks/post-receive
with the content
#!/bin/sh
GIT_WORK_TREE=/path/where/repo/files/should/be/extracted/ git checkout -f
Make it executable
$ chmod a+x git-bare-repo/hooks/post-receive
[tip: If displaying the codes online, make sure the server has read ac cess to the directory]
#in git container folder
$ chgrp -R $server-username /git-container/
#####Allow public access#####
To allow people to clone the repo from the web, make the directory containing the code publicy accessible and enable the post-update
hook
Create a file /location/to/git-bare-repo/hooks/post-update
with the content
#!/bin/sh
exec git-update-server-info
Make it executable
$ chmod a+x git-bare-repo/hooks/post-update