This document covers the installation steps for git.sr.ht, a SourceHut service for hosting git repositories.

#Installation

Familiarize yourself with the general installation documentation before getting started.

• Sample config.ini file

#Daemons

The following daemons are available in the git.sr.ht package:

• git.sr.ht — The web service.
• git.sr.ht-api — The API service.

Enable and start them like so:

# service git.sr.ht start
# service git.sr.ht-api start
# rc-update add git.sr.ht
# rc-update add git.sr.ht-api

#Cronjobs

Install a cronjob to run git.sr.ht-periodic as the git user. The recommended frequency is every 20 minutes:

*/20 * * * * chronic git.sr.ht-periodic

#Configuration

#Repository storage

git.sr.ht requires a location on the host filesystem to store git repositories, which is readable and writable by the "git" user. The recommended location is /var/lib/git.

#Object storage

You may optionally configure an S3-compatible object storage provider to support attaching arbitrary files to git tags.

#SSH dispatch

It is necessary to configure SourceHut's unified SSH dispatcher as the system-wide SSH authorization hook. In /etc/ssh/sshd_config, configure sourcehut-ssh like so:

AuthorizedKeysCommand=/usr/bin/sourcehut-ssh "%u" "%h" "%t" "%k"
AuthorizedKeysCommandUser=root
PermitUserEnvironment SRHT_*

sshd will invoke our dispatcher whenever a connection is made to the server to obtain a list of authorized keys for the connecting user. The default behavior is to read the .ssh/authorized_keys file from that user's HOME directory, but the dispatcher can also authenticate user against a meta.sr.ht instance and "dispatch" to specific shells to handle the connection. This is used to authorize and perform git operations via the git.sr.ht-shell. See the [git.sr.ht] section of your git.sr.ht configuration for details on how this works and how to configure it.

Authorization and shell logs are written to /var/log/sourcehut-ssh and /var/log/git.sr.ht/git.sr.ht-shell respectively.

If you have any issues with dispatch, please make sure the git user is not locked by setting a password for it, and also make sure you can otherwise SSH into it.

#HTTP(S) Cloning

git.sr.ht provides a fastcgi script to facilitate git traffic over HTTP, which you must integrate with your web server. An example configuration for nginx could look like this:

location ~ ^/([^/]+)/([^/]+)/(HEAD|info/refs|objects/info/.*|git-upload-pack).*$ {
    root /var/lib/git;
    fastcgi_pass unix:/run/fcgiwrap.sock;
    fastcgi_param SCRIPT_FILENAME /usr/bin/git.sr.ht-http-clone;
    fastcgi_param PATH_INFO $uri;
    fastcgi_param GIT_PROJECT_ROOT $document_root;
    fastcgi_param GIT_HTTP_EXPORT_ALL "";
    include fastcgi_params;
    gzip off;
}

It is generally necessary to add /var/lib/git to the list of global git "safe" directories with the following command:

# doas git config --system safe.directory "/var/lib/git/*"