~sircmpwn/sr.ht-docs

ref: 6d0f506eef98a0284f521d89d1714d1ac19a1b17 sr.ht-docs/hg.sr.ht/configuration.md -rw-r--r-- 1.7 KiB
6d0f506eDrew DeVault builds.sr.ht-migration.md: clarify delegate builds 4 months ago

#title: hg.sr.ht Configuration

This document covers the configuration process for hg.sr.ht.

#Cronjobs

  • hgsrht-periodic: The recommended configuration is */20 * * * * hgsrht-periodic.
  • hgsrht-clonebundles (optional): It is recommend to run this job daily.

#Storage

#Repository

Note: If hg.sr.ht was installed in a package, you may skip this section.

As a repository hosting service, hg.sr.ht requires a place for storing repositories (we recommend /var/lib/hg/). It also requires a hg user who has ownership over the repository storage location.

#SSH Dispatch

At the moment, hg.sr.ht uses git.sr.ht's SSH dispatcher, which you need to set up as the system-wide SSH authorization hook. See git.sr.ht's Configuration page for more information.

Once this is done, you need to make the hg.sr.ht authorization hook be part of the SSH dispatching, via the hgsrht-keys and hgsrht-shell scripts. See the [dispatch] section of your hg.sr.ht configuration for more details.

Authorization logs are written to hg-srht-shell.

#HTTP(S) Cloning

hg.sr.ht does not do HTTP(S) cloning for you, so you'll need to set it up yourself in Nginx. Here's an example Nginx configuration:

location = /authorize {
		proxy_pass http://127.0.0.1:5001;
		proxy_pass_request_body off;
		proxy_set_header Content-Length "";
		proxy_set_header X-Original-URI $request_uri;
}

location ~ ^/[~^][a-z0-9_]+/[a-zA-Z0-9_.-]+/\.hg.*$ {
		auth_request /authorize;
		root /var/lib/mercurial;
}

It is important that you set up the /authorize endpoint to enforce the privacy of private repositories.