#!/bin/bash

REPONAME="$1"
REPOPATH="/home/repository/git"
GIT_DIR="$REPOPATH/$REPONAME"

mkdir "$GIT_DIR"

chown -R nobody:nogroup "$GIT_DIR"
chmod -R u=rwX,go=rX    "$GIT_DIR"

setfacl -R    -m u:www-data:rwx                       "$GIT_DIR"
setfacl -R -d -m u:www-data:rwx                       "$GIT_DIR"
setfacl -R    -m g:DOMAIN\\GIT_${REPONAME}_write:rwx "$GIT_DIR" \
    || echo "[ERROR]: Group GIT_${REPONAME}_write DOES NOT EXIST" >&2
setfacl -R -d -m g:DOMAIN\\GIT_${REPONAME}_write:rwx "$GIT_DIR"
setfacl -R    -m g:DOMAIN\\GIT_${REPONAME}_read:rX   "$GIT_DIR" \
    || echo "[ERROR]: Group GIT_${REPONAME}_read DOES NOT EXIST"  >&2
setfacl -R -d -m g:DOMAIN\\GIT_${REPONAME}_read:rX   "$GIT_DIR"

sudo -u www-data git --git-dir="$GIT_DIR" init --bare
sudo -u www-data git --git-dir="$GIT_DIR" update-server-info


### Add hook for dumb HTTP to work along with SSH

cat > "$GIT_DIR/hooks/post-receive" <<EOF
#!/bin/sh

GIT_DIR=\$(git rev-parse --git-dir 2>/dev/null)
if [ -z "\$GIT_DIR" ]; then
    echo >&2 "fatal: post-receive: GIT_DIR not set"
    exit 1
fi

git update-server-info
EOF


### Apache related crap

cat <<EOF > /etc/apache2/locations/git/$REPONAME.location
<Location /$REPONAME>
    DAV on
    #AuthType Basic
    AuthName "GIT $REPONAME"

    # READ
    <Limit GET>
        Require ldap-group CN=GIT_${REPONAME}_read,OU=GITAccessGroups,DC=elegion,DC=local
    </Limit>
    # WRITE
    <Limit GET PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
        Require ldap-group CN=GIT_${REPONAME}_write,OU=GITAccessGroups,DC=elegion,DC=local
    </Limit>

    #Require ldap-group CN=GIT_${REPONAME}_write,OU=GITAccessGroups,DC=elegion,DC=local
</Location>
EOF

/etc/init.d/apache2 restart