From ec8bd651d57deab371021c27b88f6698376f8e78 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Fri, 9 Jan 2026 11:06:02 +0200 Subject: Add self-hosted git server with SSH and cgit web UI Deploy a self-hosted git repository solution to replace external Codeberg dependency. Components: - SSH git server: Alpine-based container with OpenSSH and git - cgit web UI: Browse repositories at cgit.f3s.buetow.org - Single pod design: git-server + cgit containers sharing storage Infrastructure: - Docker image in git-server/docker-image/ with Justfile build automation - Helm chart in git-server/helm-chart/ for Kubernetes deployment - 5Gi ReadWriteMany PVC for NFS-backed repository storage - ClusterIP service for ArgoCD internal access - NodePort 30022 for external SSH push access - Traefik ingress for cgit web UI ArgoCD Application manifest deployed to cicd namespace. Note: SSH keys must be created as Kubernetes secrets manually, not in git. Co-Authored-By: Claude Sonnet 4.5 --- f3s/git-server/docker-image/Dockerfile | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 f3s/git-server/docker-image/Dockerfile (limited to 'f3s/git-server/docker-image/Dockerfile') diff --git a/f3s/git-server/docker-image/Dockerfile b/f3s/git-server/docker-image/Dockerfile new file mode 100644 index 0000000..382ad0d --- /dev/null +++ b/f3s/git-server/docker-image/Dockerfile @@ -0,0 +1,23 @@ +FROM alpine:3.19 + +# Install OpenSSH server and git +RUN apk add --no-cache openssh git + +# Create git user with UID 1000 and set git-shell as login shell +# This restricts the user to git operations only +RUN adduser -D -u 1000 -s /usr/bin/git-shell git && \ + mkdir -p /home/git/.ssh /repos && \ + chown -R git:git /home/git /repos + +# Generate SSH host keys +# These will be regenerated if not persisted via volume mount +RUN ssh-keygen -A + +# Copy sshd configuration +COPY sshd_config /etc/ssh/sshd_config + +# Expose SSH port +EXPOSE 22 + +# Run SSH daemon in foreground with error logging to stderr +CMD ["/usr/sbin/sshd", "-D", "-e"] -- cgit v1.2.3