echo "[ 1/9] Setting up Git" if ! id git >/dev/null 2>&1; then useradd -m -b /srv git [ $? -eq 0 ] || exit $? else echo "[SKIP] Git user already created." fi GIT_HOME=$( grep git /etc/passwd | cut -d: -f6 ) if [ "$GIT_HOME" = "" ]; then echo "[ERROR] No git home!" exit 1 fi echo "[INFO] Git home: $GIT_HOME" if ! command -v git >/dev/null 2>&1; then apt-get install -y git [ $? -eq 0 ] || exit $? else echo "[SKIP] Git already installed." fi if ls /usr/lib/git-core/git-http-backend >/dev/null 2>&1; then GIT_HTTP_BACKEND=/usr/lib/git-core/git-http-backend elif ls /usr/libexec/git-core/git-http-backend >/dev/null 2>&1; then GIT_HTTP_BACKEND=/usr/libexec/git-core/git-http-backend else echo "[ERROR] git-http-backend not found!" exit 1 fi echo "[INFO] git-http-backend: $GIT_HTTP_BACKEND" echo "[ 2/9] Setting up cgit" if [ ! command -v /usr/share/webapps/cgit/cgit.cgi >/dev/null 2>&1 ] && [ ! command -v /usr/lib/cgit/cgit.cgi >/dev/null 2>&1 ]; then apt-get install -y cgit [ $? -eq 0 ] || exit $? else echo "[SKIP] cgit already installed." fi if command -v /usr/share/webapps/cgit/cgit.cgi >/dev/null 2>&1; then CGIT_CGI=/usr/share/webapps/cgit/cgit.cgi elif command -v /usr/lib/cgit/cgit.cgi >/dev/null 2>&1; then CGIT_CGI=/usr/lib/cgit/cgit.cgi else echo "[ERROR] cgit not found!" exit 1 fi echo "[INFO] Found cgit: $CGIT_CGI" echo "[ 3/9] Setting up nginx" if ! command -v nginx >/dev/null 2>&1; then apt-get install -y nginx [ $? -eq 0 ] || exit $? else echo "[SKIP] nginx already installed." fi echo "[ 4/9] Setting up certbot" if ! command -v certbot >/dev/null 2>&1; then apt-get install -y python3-certbot-nginx [ $? -eq 0 ] || exit $? else echo "[SKIP] certbot already installed." fi echo "[ 5/9] Setting up fcgiwrap" if ! command -v fcgiwrap >/dev/null 2>&1; then apt-get install -y fcgiwrap [ $? -eq 0 ] || exit $? else echo "[SKIP] fcgiwrap already installed." fi echo "[ 6/9] Setting up htpasswd" if ! command -v htpasswd >/dev/null 2>&1; then apt-get install -y apache2-utils [ $? -eq 0 ] || exit $? else echo "[SKIP] htpasswd already installed." fi echo "[ 7/9] Setting up GCC" if ! command -v gcc >/dev/null 2>&1; then apt-get install -y gcc [ $? -eq 0 ] || exit $? else echo "[SKIP] GCC already installed." fi echo "[ 8/9] Compiling and setting up CGI program" COMPILE="\ -Wno-old-style-declaration \ -Wno-missing-field-initializers -Wno-missing-braces \ -Wall -Wextra -Werror -pedantic -mshstk \ -O3 -o main main.c" SAN=-fsanitize=address,undefined,leak if gcc $SAN $COMPILE >/dev/null 2>&1; then gcc $SAN $COMPILE [ $? -eq 0 ] || exit $? else echo "[INFO] Sanitizers are disabled." gcc $COMPILE [ $? -eq 0 ] || exit $? fi chown root:root main [ $? -eq 0 ] || exit $? mv -f main /srv/ [ $? -eq 0 ] || exit $? mv -f static /srv/static [ $? -eq 0 ] || exit $? echo "[ 9/9] Configuring" if [ ! -d /etc/nginx/sites-available ]; then mkdir /etc/nginx/sites-available [ $? -eq 0 ] || exit $? fi if [ ! -d /etc/nginx/sites-enabled ]; then mkdir /etc/nginx/sites-enabled [ $? -eq 0 ] || exit $? fi if [ ! -f /etc/nginx/sites-enabled/default ]; then ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default [ $? -eq 0 ] || exit $? fi cat </etc/nginx/sites-available/default server { listen 80; listen [::]:80; server_name _; location ~ ^/git_write/ { rewrite ^/git_write/(.*) /\$1 break; auth_basic "Git"; auth_basic_user_file $GIT_HOME.htpasswd; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $GIT_HTTP_BACKEND; fastcgi_param GIT_PROJECT_ROOT $GIT_HOME; fastcgi_param PATH_INFO \$uri; fastcgi_pass unix:/var/run/fcgiwrap.socket; } location ~ ^/git_read/ { rewrite ^/git_read/(.*) /\$1 break; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $GIT_HTTP_BACKEND; fastcgi_param GIT_PROJECT_ROOT $GIT_HOME; fastcgi_param PATH_INFO \$uri; fastcgi_pass unix:/var/run/fcgiwrap.socket; } location ~ \\.git { if (\$arg_service = git-receive-pack) { rewrite /(.*) /git_write/\$1 last; } if (\$uri ~ ^/.*/git-receive-pack\$) { rewrite /(.*) /git_write/\$1 last; } if (\$arg_service = git-upload-pack) { rewrite /(.*) /git_read/\$1 last; } if (\$uri ~ ^/.*/git-upload-pack\$) { rewrite /(.*) /git_read/\$1 last; } } location ^~ /git/ { rewrite ^/git/(.*) /\$1 break; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $CGIT_CGI; fastcgi_param PATH_INFO \$uri; fastcgi_param QUERY_STRING \$args; fastcgi_pass unix:/var/run/fcgiwrap.socket; } location ~* \\.(txt|asc|htm|css|svg|jpg|png|gif|ico|woff|woff2|js|wasm|mp3)\$ { rewrite ^/(.*) /static/plain/\$1 break; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $CGIT_CGI; fastcgi_param PATH_INFO \$uri; fastcgi_param QUERY_STRING \$args; fastcgi_pass unix:/var/run/fcgiwrap.socket; } location / { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /srv/main.cgi; fastcgi_pass unix:/var/run/fcgiwrap.socket; } } EOF [ $? -eq 0 ] || exit $? echo "[INFO] Written /etc/nginx/sites-available/default:" cat /etc/nginx/sites-available/default cat </etc/nginx/mime.types types { text/plain txt; text/plain asc; text/html htm; text/css css; image/svg+xml svg; image/jpeg jpg; image/png png; image/gif gif; image/x-icon ico; application/font-woff woff; application/font-woff2 woff2; application/javascript js; application/wasm wasm; audio/mpeg mp3; } EOF [ $? -eq 0 ] || exit $? echo "[INFO] Written /etc/nginx/mime.types:" cat /etc/nginx/mime.types cat </etc/nginx/nginx.conf user git; worker_processes 1; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; } http { sendfile on; tcp_nopush on; types_hash_max_size 2048; server_names_hash_bucket_size 256; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } EOF [ $? -eq 0 ] || exit $? echo "[INFO] Written /etc/nginx/nginx.conf:" cat /etc/nginx/nginx.conf echo "[INFO] All done!"