Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/huumn/gitern
an ssh based multitenant git host
https://github.com/huumn/gitern
git golang nostr ssh
Last synced: 4 days ago
JSON representation
an ssh based multitenant git host
- Host: GitHub
- URL: https://github.com/huumn/gitern
- Owner: huumn
- License: mit
- Created: 2023-06-02T03:17:52.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2023-06-03T00:30:35.000Z (over 1 year ago)
- Last Synced: 2024-10-06T06:41:57.630Z (3 months ago)
- Topics: git, golang, nostr, ssh
- Language: Go
- Homepage: https://gitern.com
- Size: 5.17 MB
- Stars: 12
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
This is the source for https://gitern.com ... in summary it's
1. a multitenant git host
2. that uses ssh keys for auth exclusively
3. and has a command-line uiI'm sharing it hoping it might be able to help someone build a git host on nostr. This isn't particularly relevant to be honest but does
1. have novel auth and
2. is very minimalI will one day describe more about how it works (especially if someone bothers to ask), but this gist is:
- lots of SSHD hacks
- users are progressively chroot/jailed into isolated parts of the filesytem upon authentication with different sets of commands availableAs a starting point, this is where auth begins (this is from the sshd config):
```txt
Match User git
AuthorizedKeysCommand /usr/bin/gitern-authorized-keys %f %t %k
AuthorizedKeysCommandUser authorized-keys-command
ForceCommand gitern-intake
AcceptEnv none
ChrootDirectory /jail
```They then get forced through `gitern-intake` whose source is `/cmd/intake/intake.go`.
That should be enough for someone curious to start. Huzzah!
Extra credit
---------------
I also wrote a remote helper for gitern that end to end encrypts git repos: https://github.com/huumn/git-remote-gitern ... It's pretty inefficient and naive but it kind of shows how you might do something ***really freaking weird*** with git that runs exclusively on the client (no special git server required).