From d1cebc658174a16014c2a3847bdf55bb3553b7fb Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Sat, 7 Feb 2026 19:58:55 +0800
Subject: more robust for ssh floods

---
 docs | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 docs

(limited to 'docs')

diff --git a/docs b/docs
new file mode 100644
index 0000000..89d3373
--- /dev/null
+++ b/docs
@@ -0,0 +1,62 @@
+CGIT CONTAINER
+
+Cgit with automatic HTTPS (cgit + caddy + Let's Encrypt).
+
+Requirements:
+    - Public IPv4 address
+    - Domain pointing to the IP
+    - /git directory for bare repos
+
+Host setup (one-time):
+    cat > /etc/sysctl.d/99-container-routing.conf << 'EOF'
+    net.ipv4.ip_forward=1
+    net.ipv4.conf.enp1s0.proxy_arp=1
+    EOF
+    sysctl -p /etc/sysctl.d/99-container-routing.conf
+    mkdir -p /git/.ssh
+
+Run:
+    ./start_container.sh
+
+Run (manual):
+    podman run -d \
+        --name cgit \
+        --network public-routed \
+        --ip 10.89.0.2 \
+        --cap-add=NET_ADMIN \
+        --env-file config.env \
+        -v cgit_data:/data \
+        -v /git:/git \
+        localhost/cgit
+
+    sleep 2
+    podman exec cgit ip addr add 37.27.166.242/32 dev eth0
+    ip route add 37.27.166.242/32 via 10.89.0.2
+
+SSH keys:
+    Drop .pub files in /git/.ssh/, they're combined into authorized_keys on run.
+
+Create repo:
+    git init --bare /git/myrepo
+
+Restart:
+    podman restart cgit
+
+Stop:
+    podman stop cgit && podman rm cgit && ip route del 37.27.166.242/32
+
+Cleanup:
+    podman stop cgit
+    podman rm cgit
+    podman volume rm cgit_data
+    ip route del 37.27.166.242/32
+    podman network rm public-routed    # only if no other containers use it
+
+Logs:
+    podman logs -f cgit
+
+Processes:
+    podman exec cgit ps aux
+
+Shell:
+    podman exec -it cgit sh
-- 
cgit