CGIT CONTAINER

Cgit with automatic HTTPS (cgit + caddy + Let's Encrypt).

Requirements:
    - Public IPv4 address
    - Domain pointing to the IP
    - /git directory for bare repos

Host setup (one-time):
    cat > /etc/sysctl.d/99-container-routing.conf << 'EOF'
    net.ipv4.ip_forward=1
    net.ipv4.conf.enp1s0.proxy_arp=1
    EOF
    sysctl -p /etc/sysctl.d/99-container-routing.conf
    mkdir -p /git/.ssh

Run:
    ./start_container.sh

Run (manual):
    podman run -d \
        --name cgit \
        --network public-routed \
        --ip 10.89.0.2 \
        --cap-add=NET_ADMIN \
        --env-file config.env \
        -v cgit_data:/data \
        -v /git:/git \
        localhost/cgit

    sleep 2
    podman exec cgit ip addr add 37.27.166.242/32 dev eth0
    ip route add 37.27.166.242/32 via 10.89.0.2

SSH keys:
    Drop .pub files in /git/.ssh/, they're combined into authorized_keys on run.

Create repo:
    git init --bare /git/myrepo

Restart:
    podman restart cgit

Stop:
    podman stop cgit && podman rm cgit && ip route del 37.27.166.242/32

Cleanup:
    podman stop cgit
    podman rm cgit
    podman volume rm cgit_data
    ip route del 37.27.166.242/32
    podman network rm public-routed    # only if no other containers use it

Logs:
    podman logs -f cgit

Shell:
    podman exec -it cgit sh