diff --git a/debian/cgit-config.postinst b/debian/cgit-config.postinst index 98951d6..0383fae 100644 --- a/debian/cgit-config.postinst +++ b/debian/cgit-config.postinst @@ -1,12 +1,63 @@ #!/bin/sh -# -# TODO: Handle "$1". -set -e +set -eu #DEBHELPER# -# TODO: Setup git user and stuff. +case "$1" in + install|upgrade) -deb-systemd-helper enable fcgiwrap -deb-systemd-invoke restart fcgiwrap + # Sane defaults: + git_home="${GIT_HOME:-/var/git}" + git_user="${GIT_USER:-git}" + git_name="${GIT_NAME:-git}" + git_group="${GIT_GROUP:-www-data}" + + # create user to avoid running server as root + # 1. create group if not existing + if ! getent group | grep -q "^$git_group:" ; then + printf 'Adding group %s..\n' "$git_group" + addgroup --quiet --system "$git_group" 2>/dev/null + printf '..done\n' + fi + + # 2. create homedir if not existing + if [ -d "$git_home" ]; then + # `/var` *must* exist. + mkdir -- "$git_home" + fi + + # 3. create user if not existing + if ! getent passwd "$git_user"; then + printf 'Adding system user %s..\n' "$git_user" + # XXX: Do I really want a shell here? + adduser --quiet \ + --system \ + --ingroup "$git_group" \ + --home "$git_home" \ + --shell /bin/bash \ + --disabled-password \ + "$git_user" + printf '..done\n' + fi + + # 4. adjust passwd entry + usermod \ + -c "$git_name" \ + -d "$git_home" \ + -g "$git_group" \ + "$git_user" + + # 5. adjust file and directory permissions + if ! dpkg-statoverride --list "$git_home" >/dev/null + then + chown -R "$git_user":"$git_group" "$git_home" + chmod u=rwx,g=rxs,o= "$git_home" + fi + + deb-systemd-helper enable fcgiwrap + deb-systemd-invoke restart fcgiwrap + deb-systemd-invoke restart nginx + ;; + # TODO: Handle remove, not that I need it yet though. +esac