# Plugin SyncGit by Céondo Ltd
The SyncGit plugin allow the direct creation and synchronisation of
git repositories with the InDefero database. This requires giving
access to the repositories using a dedicated SSH account, usually the
`git` account.
## Prerequisites
A good understanding of:
* the security issues related to using a SSH account on a server;
* the principle of public/private SSH keys;
* the rights/ownership of files on a Linux/BSD/nix system;
Yes, what you are going to do has security implications.
## Git user configuration
On your system, you will need to create a new `git` account. This
account will only be used to access the git repositories and at the
moment cannot be shared for other use.
First create a new git account:
$ sudo adduser \
--system \
--shell /bin/sh \
--gecos 'git version control' \
--group \
--disabled-password \
--home /home/git \
git
Then, we need to create the base SSH files with the right permissions:
$ sudo su git
$ mkdir /home/git/.ssh
$ touch /home/git/.ssh/authorized_keys
$ chmod 0700 /home/git/.ssh
$ chmod 0600 /home/git/.ssh/authorized_keys
$ exit
We add the `www-data` user to the `git` group so it can access the
repositories to read the content:
$ sudo usermod -a -G git www-data
Do not forget to restart Apache or your fastcgi process to take the
group addition into account.
## Creation of the repositories base
For each project using git in InDefero a corresponding bare repository
will be created in `/home/git/repositories`. For example, if the
shortname of your project is `wonder`, it will be created in
`/home/git/repositories/wonder.git`
$ sudo -H -u git mkdir /home/git/repositories
## InDefero Configuration
First, you need to have python installed on your system to be able to
run the very small python script `gitserve.py` in the `scripts`
folder. Here is a configuration example:
$cfg['git_repositories'] = '/home/git/repositories/%s.git';
$cfg['git_remote_url'] = 'git://yourdomain.com/%s.git';
$cfg['idf_plugin_syncgit_path_gitserve'] = '/home/www/indefero/scripts/gitserve.py'; # yes .py
$cfg['idf_plugin_syncgit_path_authorized_keys'] = '/home/git/.ssh/authorized_keys';
$cfg['idf_plugin_syncgit_sync_file'] = '/tmp/SYNC-GIT';
# Remove the git repositories which do not have a corresponding project
# This is run at cron time
$cfg['idf_plugin_syncgit_remove_orphans'] = false;
# git account home dir
$cfg['idf_plugin_syncgit_git_home_dir'] = '/home/git';
# where are going to be the git repositories
$cfg['idf_plugin_syncgit_base_repositories'] = '/home/git/repositories';
When someone will change his SSH key or add a new one, the
`/tmp/SYNC-GIT` file will be created. The cron job
`/home/www/indefero/scripts/gitcron.php` will see the file and update
the content of the `authorized_keys` file.
## Cron Job Configuration
You need to run a cron job every now and then to synchronize the SSH
keys. The command to run in the cron job is:
php /home/www/indefero/scripts/gitcron.php
The user of the cron job must be `git`.
## Git daemon configuration
Put in `/etc/event.d/local-git-daemon` the following:
start on startup
stop on shutdown
exec /usr/bin/git-daemon \
--user=git --group=git \
--verbose \
--reuseaddr \
--base-path=/home/git/repositories/ \
/home/git/repositories/
respawn
Then run:
$ sudo start local-git-daemon
