diff --git a/Dockerfile b/Dockerfile index 7de0ed8..5c2a933 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM node:latest # install nginx -RUN apt-get update && apt-get install -y nginx git fcgiwrap spawn-fcgi +RUN apt-get update && apt-get install -y nginx git fcgiwrap spawn-fcgi pass ENV GIT_PEAR=/srv/repos/pear EXPOSE 80 STOPSIGNAL SIGTERM @@ -23,7 +23,7 @@ RUN npm link RUN mkdir -p /srv/repos/pear - +COPY docker/gna.sh /app/ COPY docker/nginx-default-config /etc/nginx/sites-enabled/default WORKDIR /app diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 38f14a6..3b9788a 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -3,6 +3,8 @@ exec > >(tee -a "/tmp/deployment.log") 2>&1 export GIT_PEAR=/srv/repos/pear +export GIT_PEAR_AUTH="nip98" +export GIT_PEAR_AUTH_NSEC="nsec1lnumf25dacf7804ezv4zyd262j08g3n9h6h2fdntwgpxmhwqhw3sy3vjkp" git pear daemon -s # if $1 exists if [ -n "$1" ]; then @@ -16,7 +18,9 @@ if [[ $REPO_NAME =~ ^https.* ]]; then mkdir -p /srv/repos/"$ORIGINAL_NAME" git clone $REPO_NAME /srv/repos/"$ORIGINAL_NAME" cd /srv/repos/"$ORIGINAL_NAME" - git pear init -s + git pear init . + git pear share . public + git pear acl add $USER_NPUB:admin # enter pear repo and expose http cd /srv/repos/pear/"$ORIGINAL_NAME"/ echo "[http]" >> config @@ -27,8 +31,9 @@ fi if [[ ! $REPO_NAME =~ ^https.* ]]; then mkdir -p /srv/repos/"$REPO_NAME" cd /srv/repos/"$REPO_NAME" - git init - git pear init -s + git pear init . + git pear share . public + git pear acl add $USER_NPUB:admin # enter pear repo and expose http cd /srv/repos/pear/"$REPO_NAME"/ echo "[http]" >> config diff --git a/docker/gna.sh b/docker/gna.sh new file mode 100644 index 0000000..5a4c12c --- /dev/null +++ b/docker/gna.sh @@ -0,0 +1,60 @@ +#!/bin/bash +set -e + +if ! [ -x "$(command -v nak)" ]; then + echo 'Error: nak is not installed.' >&2 + echo 'Please install nak from https://github.com/fiatjaf/nak/tree/master' +fi + +if ! [ -x "$(command -v jq)" ]; then + echo 'Error: jq is not installed.' >&2 + echo 'Please install jq from https://stedolan.github.io/jq/download/' +fi + +if ! [ -x "$(command -v pass)" ]; then + echo 'Error: pass is not installed.' >&2 + echo 'Please install pass from https://www.passwordstore.org/' +fi + +echo "Please insert you NSEC:" +read -s SK +DECODED=$(nak decode $SK) +PUBLIC_KEY=$(echo $DECODED | jq -r .pubkey) +PRIVATE_KEY=$(echo $DECODED | jq -r .private_key) +PASS_PATH="nostr/$PUBLIC_KEY" +{ echo $PRIVATE_KEY ; echo $PRIVATE_KEY ; } | pass insert $PASS_PATH + +read -p "Provide path to git repository or press \"Enter\" to use curent directory:" GIT_REPO +GIT_REPO=${GIT_REPO:-.} + +if [ ! -d "$GIT_REPO/.git" ]; then + echo "$GIT_REPO is not a directory. Exiting..." + exit 1 +fi + +HOOK=`cat <<'EOF' +#!/bin/sh\n +\n +url="$2"\n +commit=$(git rev-parse HEAD)\n +privKey=$(pass PASS_PATH)\n +EVENT="{\"content\":\"\",\"kind\":27235,\"created_at\":$(date +%s),\"tags\":[[\"u\",\"$url\"],[\"method\",\"push\"],[\"payload\",\"$commit\"]]}"\n +SIGNED=$(echo -n $EVENT | nak event -sec $privKey)\n +NOSTR_AUTH_HEADER=$(echo -n $SIGNED | base64 -w 0)\n +git config http.$url.extraHeader "X-Authorization: Nostr $NOSTR_AUTH_HEADER"\n +EOF +` +PASS_PATH=$(sed 's/\//\\\//g' <<< "$PASS_PATH") +PATTERN="s/PASS_PATH/$PASS_PATH/g" +HOOK=$(sed "$PATTERN" <<< "$HOOK") + +echo "Installing git hooks..." +if [ -f "$GIT_REPO/.git/hooks/pre-push" ]; then + echo "pre-push hook already exists. Skipping..." +else + echo "Installing pre-push hook..." + echo -e $HOOK >> $GIT_REPO/.git/hooks/pre-push + chmod +x $GIT_REPO/.git/hooks/pre-push +fi + +echo "Done!"