# stagit

This is my personal fork of [stagit](https://git.codemadness.org/stagit/)
combined with access control scripts inspired by
[gitolite](https://gitolite.com/gitolite/). Together they are a simple yet
powerful solution for hosting git repositories.

-	SSH Access to repos is controlled using the `command` option in
	`~/.ssh/authorized_keys`. All (git-)users use the same (ssh-)user.
-	The `post-update` git hook is used to automatically create/update a static
	website for public repositories.

## Installation and setup

```
$ make
$ make install
```

Then setup access control:

-	Create a user `git`
-	As that user, create the files `~/stagit.conf` and `~/.ssh/authorized_keys`
	(see next sections).
-	Whenever you change the config, run `python3 -m stagit` to apply the
	changes, e.g. create repositories. (Note that this will never delete a
	repository to prevent data loss.)

## stagit.conf

```
[private]
ssh  = admin hobbs
post-update = git --work-tree=/var/www/example checkout -f main

[example]
desc = my shiny new project
ssh  = @all
http = yes
```

-	Every section defines one repo.
-	The `ssh` key controls which users can access the repositories via ssh.
-	The special user `@all` matches all users.
-	The `http` key is boolean and enables anonymous access via website and
	[git-daemon](https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon) /
	[git-http-backend](https://git-scm.com/book/en/v2/Git-on-the-Server-Smart-HTTP).

## Authorized keys

The authorized keys file should look roughly like this:

```
command="/usr/lib/stagit/shell admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa … admin@example.com
command="/usr/lib/stagit/shell hobbs",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa … hobbs@example.com
```

It is mostly a regular authorized keys file with some restrictions. Most
importantly, the user is restricted to the stagit shell, so no regular shell
access is possible.

Note that the stagit shell gets the username to use as first argument.

## Differences to the originals

-	General
	-	Everything is stripped down to the essentials (YMMV). That is not to say
		that the missing features are not relevant, but they are not relevant to my
		specific usecase.
	-	The integration between access control and static website is hardcoded,
		which makes it simpler but also less flexible.
-	Compared to stagit
	-	The UI takes some inspiration from github.
	-	README is rendered using [cmark](https://github.com/commonmark/cmark).
	-	I wanted to use a proper (but minimal) templating library but did not find
		one. So I ended up with a crude pre-processing script.
-	Compared to gitolite
	-	Config and keys are not tracked in an admin repository. I can just as well
		log into the server.
	-	If you want to add custom hooks you should add them directly to the source
		code.
	-	The conffile format is different and does not support some advanced
		features.
	-	The access control scripts are implemented in python instead of perl. I
		just don't know much perl, that's why.

## Customization

The source code is meant to be hackable, so feel free to mess around.