Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lontivero/phgs

Personal Hidden Git Server
https://github.com/lontivero/phgs

Last synced: 30 days ago
JSON representation

Personal Hidden Git Server

Host: GitHub
URL: https://github.com/lontivero/phgs
Owner: lontivero
License: mit
Created: 2022-08-28T16:56:02.000Z (about 2 years ago)
Default Branch: master
Last Pushed: 2022-08-28T20:45:28.000Z (about 2 years ago)
Last Synced: 2024-08-05T15:06:32.614Z (3 months ago)
Language: Nix
Size: 4.88 KB
Stars: 23
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

# Portable Hidden Git Server

A minimalistic and reproducible, ready to deploy and immutable [git daemon](https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon) service published as a [Tor onion service](https://community.torproject.org/onion-services/).

## What is this

This project contains a [Nix Flake](https://xeiaso.net/blog/series/nix-flakes) that once built generates a [systemd portable service](https://systemd.io/PORTABLE_SERVICES/)
(a single file under the name `personal.raw`) that can be "plug" to any Linux that supports systemd. The `personal.raw` file is just a
compressed read-only filesystem for Linux containing all what is needed (`git`, `tor`, `nginx` and all their dependencies, and the config files too)

## How to build

```console
$ nix build .#portable
```

Then you have to "attach" the portable service to the systemd system:

```console
# mv result /var/lib/portables/personal.raw
# portablectl attach --enable --now personal
```

And that's it. You can verify `personal.tor-server.service`, `personal.git-server.service` and `personal.nginx.service` are working properly with:

```console
systemctl status personal.tor-server.service
systemctl status personal.git-server.service
systemctl status personal.nginx.service
```

**Note:** it is possible to browse the generated filesystem by building a different flake output called `rootfs`:

```console
nix build .#rootfs
```

After that the `result` link will contain the directory tree instead of the squashed filesystem.

## What next

* nginx server to provide git over http.
* support https (certbot)
* use systemd private network's to isolate network communication
* map ports to standard ones with iptable
* make all this more configurable (ips, ports, hidden service private keys)

----

This is heavily "inspired" on the work of [Xe](https://xeiaso.net/)'s [Nix Flakes: Packages and How to Use Them](https://xeiaso.net/blog/nix-flakes-2-2022-02-27) and Дамјан Георгиевски's [Tiny Tiny RSS](https://github.com/gdamjan/tt-rss-service)