CGIT CONTAINER

Cgit with automatic HTTPS (cgit + caddy + Let's Encrypt).

Requirements:
    - Public IPv4 address
    - Domain pointing to the IP
    - /git directory for bare repos

Host setup (one-time):
    cat > /etc/sysctl.d/99-container-routing.conf << 'EOF'
    net.ipv4.ip_forward=1
    net.ipv4.conf.enp1s0.proxy_arp=1
    EOF
    sysctl -p /etc/sysctl.d/99-container-routing.conf
    mkdir -p /git/.ssh

Run:
    ./start_container.sh

Run (manual):
    podman run -d \
        --name cgit \
        --network public-routed \
        --ip 10.89.0.2 \
        --cap-add=NET_ADMIN \
        --env-file config.env \
        -v cgit_data:/data \
        -v /git:/git \
        localhost/cgit

    sleep 2
    podman exec cgit ip addr add 37.27.166.242/32 dev eth0
    ip route add 37.27.166.242/32 via 10.89.0.2

SSH keys:
    Drop .pub files in /git/.ssh/, they're combined into authorized_keys on run.

Create repo:
    git init --bare /git/myrepo

Git config (one-time):
    git config --global user.name "hc"
    git config --global user.email "hc@a.nub.ninja"

Init and push local repo:
    REPO=myrepo TARGET=git HOST=root@git2.noml.ch \
        && git config --global init.defaultBranch main \
        && git init \
        && ssh "$HOST" "set -e; git config --global init.defaultBranch main; git init --bare /$TARGET/$REPO" \
        && (git remote remove origin_$TARGET 2>/dev/null; git remote add origin_$TARGET "$HOST:/$TARGET/$REPO") \
        && git add -A && git commit -m "initial commit" \
        && git push origin_$TARGET --all

Restart:
    podman restart cgit

Stop:
    podman stop cgit && podman rm cgit && ip route del 37.27.166.242/32

Cleanup:
    podman stop cgit
    podman rm cgit
    podman volume rm cgit_data
    ip route del 37.27.166.242/32
    podman network rm public-routed    # only if no other containers use it

Logs:
    podman logs -f cgit

Processes:
    podman exec cgit ps aux

Shell:
    podman exec -it cgit sh