Recent Changes - Search:
Gotd /

Configuring gotd

gotd(8) can help serve git repositories over ssh.

Install

Although gotd(8) is written by OpenBSD developers, it is not part of the base system: 

# pkg_add gotd

Next, we create the folder /var/git to hold the repos: 

# mkdir /var/git

Next, we copy our git repo into /var/git and set the proper permissions: 

# cp -R /path/to/repo/example.git /var/git/
# chmod 755 /var/git/example.git
# chown -R _gotd /var/git/example.git

NOTE: got clone may have difficulty cloning repos not created with got init and import or gotd(8) may have issues with serving them.

Next, configure gotd.conf(5) to grant read-write access. In /etc/gotd.conf: 

repository 'example' {
	path '/var/git/example.git'
	permit rw :commit
}

Now, any user in the group commit will be allowed both read and write access remotely.

To create the commit group: 

# groupadd commit

To assign username to the group commit: 

# usermod -G commit username

Restart gotd(8): 

# rcctl restart gotd

Now the user can clone (read) the repository: 

$ got clone ssh://example.com/example.git 
Connecting to ssh://example.com/example.git 
The authenticity of host 'example.com (203.0.113.2)' can't be established.
ED25519 key fingerprint is SHA256:nyvhQOUX9YJr8DAHW9o0tA9549wYUeXRISRxIgOyC3k.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
...

The user can checkout a working tree, make some changes, commit them, then send the changes to the remote repository using got send: 

$ got send -r example.git

Anonymous login

To permit anonymous login, first create the user and group anonymous: 

# groupadd anonymous
# useradd -d /var/git -g anonymous -s /usr/local/bin/gotsh -c 'Anonymous read-only git' -p '' anonymous

This creates an anonymous account with no password whose home folder is /var/git. We set the login shell to gotsh(8) to prevent interactive shell access. Append a block similar to below to sshd.conf: 

Match User anonymous
	PasswordAuthentication yes
	PermitEmptyPasswords yes
	DisableForwarding yes
	PermitTunnel no
	PermitTTY no

Update gotd.conf(5): 

repository 'example' {
	path '/var/git/example.git'
	permit rw :commit
	permit ro anonymous
}

Email notifications

To provide email notifications upon new commits or tags, use the email to directive: 

repository 'example' {
	path '/var/git/example.git'
	permit rw :commit
	permit ro anonymous
	notify {
	        email to support@example.com
	        email to root
	}
}

This sends an email to support@example.com and the root user with every new commit or tag.

NOTE: This requires a properly configured mail server.

gotctl

gotd(8) can be controlled with gotctl(8).

Login credentials

Normally, login credentials can be handled with passwd(1). An alternative method is to use gotd-secrets.conf(5).