Introduction

I'm using sourceforge since November 2000 (aargs time's fly). But now I want to host my projects on my server.
For that purpose I've decided to give a try to got from gameoftrees.org. This is a very young project, but it's also my idea to convince others to give a try to this tool.

That said, it must be clear from the beginning that got is not git, and will never (as stated in the faq), but got is compatible with git repositories and offer a simpler and more secured system.

Context

I have FreeBSD and OpenBSD laptops on which I do some developments. Those are my "dev" machines.
I have an OpenBSD webserver which will present my projects.

I will install got on my dev machines and gotwebd and gotd on the server machine.

On the server side

1. Install and configure repository

pkg_add gotd

Create a repository:

got init /path/to/repos/myproject.git
chown -R _gotd:_gotd /path/to/repos
chmod -R 750 /path/to/repos

As suggested by Stefan Sperling (many thanks to him for his review and suggestion), removing read by other groups (0 in 750) avoids local user to bypass the access permissions as configured in /etc/gotd.conf ;).

Then we have to add the group _gotd to the user _gotwebd:

usermod -G _gotd _gotwebd

Doing so, gotwebd process has readonly access to /path/to/repos.

Edit /etc/gotd.conf:

repository "myproject" {
    path "/path/to/repos/myproject.git"
    permit ro anon
    permit rw myuser
}

listen on socket "/var/run/gotd.sock"

Enable and start:

rcctl enable gotd
rcctl start gotd

2. Create anonymous user

useradd -m -s /usr/local/bin/gotsh -c "Anonymous" anon

Verify in /etc/passwd that there is no password defined.
The key is to have empty password field (the :: after username)
vipw should show something like this

anon::1002:1002::0:0:Anonymous:/home/anon:/usr/local/bin/gotsh

3. Configure SSH for anonymous access

Edit /etc/ssh/sshd_config, add at the end:

Match User anon
    PermitEmptyPasswords yes
    PasswordAuthentication yes
    DisableForwarding yes
    PermitTTY no

Restart SSH:

rcctl restart sshd

4. Tests our gotd service

From my dev machine, I can now clone anonymously:

cd /myrepos
git clone ssh://anon@mysite.be/myproject

No password, no SSH keys required!
I should see /myrepos/myproject.git

I can also clone with my normal user:

rm -fr /myrepos/myproject.git
git clone ssh://myuser@mysite.be/myproject

Let's go further and checkout this project:

cd ~/myprojecs/
got checkout /myrepos/myproject.git

I should have a new folder for my project: ~/myprojects/myproject.
Now I can do changes and push them to the server

do some changes in the code and commit it via "got commit"
got send -v

With the -v parameter we should see that it connects the server and try to push the changes.

5. Now we install the web interface

pkg_add gotwebd

In the /etc/gotwbd.conf file we must, at least see the following:

server "default" {
    site_name               "<web page title>"
    site_owner              "<your name will be presented at the footer of the web page>"
    site_link               "https://repo.<server name>"

    repos_path              "/path/to/repos"

    # Nice-to-haves (all optional)
    show_repo_owner         on
    show_repo_description   on
    show_repo_cloneurl      on
}

rcctl enable gotwebd
rcctl start gotwebd

This will generate a fastcgi process using the socket /run/gotweb.sock

Since I'm using nginx as reverse proxy on my web server, I will add the following lines to te nginx.conf file:

server {
    listen 443 ssl;
    server_name repo.<sever name>;
    access_log /var/log/nginx/<server name>.access.log;
    error_log /var/log/nginx/error.log;

    ssl_certificate     /etc/ssl/<server name>.fullchain.pem;
    ssl_certificate_key /etc/ssl/private/<server name>.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    # Main gotwebd FastCGI handler — catch everything else
    location / {
        include         fastcgi_params;           
        fastcgi_pass    unix:/run/gotweb.sock;

        fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param   GATEWAY_INTERFACE  CGI/1.1;

        # Optional: increase timeouts if repos are large/slow
        fastcgi_read_timeout 300;
   }
   # to get static files. Remember this is chrooted in /var/www
   location ~ ^/(.*\.(css|png|svg|ico|jpg|gif|js))$ {
       alias /htdocs/gotwebd/$1;
       expires 30d;
       access_log off;
   }

Thanks to gotwebd package, sttic files are already installed in /var/www/htdocs/gotwebd

rcctl restart nginx

Now, you should see all your repositories on your webpage ;)

On the development machines side

got is available for both OpenBSD and Freebsd from their respective packages.

pkg install got # on Freebsd
pkg_add got     # on OpenBSD

I do a separation of the repository than the project's folder.
My repos are in ~/got/ and my project's folders are in ~/projects/

By doing so, I can manage my repositories. For example I can rsync my ~/got/ folders to the server to /path/to/repos. This is a alternative to got send which has his own pro and cons. On FreeBSD I can put then on different dataset with different rules (snapshots, ...).

So, I usually do:

cd ~/got/
got clone ssh://repo.vincentdelft.de/vdcron
cd ~/projects/
got checkout ~/got/vdcron.git

Then, I will have my project in his own folder. In this case ~/projects/vdcron
I can do normal actions like got diff, got status, got commit, got log, ... and got send.

Indeed, by doing the got clone and got checkout we have the original source in one of the config file of got.
In such case, doing got send changes will be send to the original server.
Easy no ?