gitreef

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit e2e77d94a3e875fffe369a13312427369ecb7374
parent 4c4364ae53a19b90d8b3b6a533f23f093291ed5b
Author: Matthias Jaros <jaros@mailbox.org>
Date:   Mon, 27 Oct 2025 13:50:43 +0100

Added first readme draft

Diffstat:
AREADME | 65+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+), 0 deletions(-)

diff --git a/README b/README @@ -0,0 +1,64 @@ +# README + +Welcome to git-server, a simple and super duper fast server for your git repos. + +The scope of this server is to have a simple, minimal and secure git-server with no unnecessary features and management overhead. +It is for everyone who does not need or want a fancy GUI and more features besides of basic ones. Thus it is small, secure, fast and uses barely memory (under 10MB). + +## Features + +* Dockerized +* Easy config over command line or docker compose +* Fast & Secure with minimal dependencies: Git, SSH, Fish, Sudo +* Build in user management. +* Build in repo management. +* Basic ACL with read/write permissions +* Logfile of all git operations + +## Security + +It is crucial to keep your repos safe from unprivileged access. This is why this server uses a set of limitins settings for ssh and every git operation that is run on it, such as: + +* Minimum basic alpine image with only few required tools installed +* Only pubkey authentication +* No tty and no normal shell login allowed +* All git commands are sanitized and checked +* Repos are kept in a jail under /srv/repos, no git access out if it is allowed. +* User are restricted using a basic ACL file that checks permissions of each user +* Root and git user login is prohibited + +## Examples + +Command line: +```sh +docker run --rm -p "2222:22" git-server -u "user1:ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbm +lzdHAyNTYAAABBBPsl91WPAT8aWwZ6y5WAfXU9PoHzxJ3YG9uFgSmlGQr2HwV+gL/XaTBJ4Brj+pa+R7tfYEBMi+7Navx/ZsEmr9E= mj@xps15" -r "/repo1.git;user1:w" +``` + + +Docker Compose: +```yaml +services: + git-server: + image: docker.it-jaros.com/com.it-jaros.git + ports: + - "2222:22" + environment: + # Note: Variable names cannot have - inside but the values can! + # uid/gid of the user that has access to all repos + - GIT_UID=1000 + - GIT_GID=1000 + # Users in form of USER_<some chars>=<username>:<ssh-key> + - USER_user1=user1:ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPsl91WPAT8aWwZ6y5WAfXU9PoHzxJ3YG9uFgSmlGQr2HwV+gL/XaTBJ4Brj+pa+R7tfYEBMi+7Navx/ZsEmr9E= mj@xps15 + - USER_user2=user2:ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPsl91WPAT8aWwZ6y5WAfXU9PoHzxJ3YG9uFgSmlGQr2HwV+gL/XaTBJ4Brj+pa+R7tfYEBMi+7Navx/ZsEmr9E= mj@xps15 + # Repos in form of REPO_<some chars>=<repo-path>;<user>:<permission>;<user2>:<permission>;... + # Permission can be 'r' or 'w' which stands for read/write + - REPO_repo1=/repo1.git;user1 # user without permission flag has read by default + - REPO_repo2=/repo2.git;user2:w + - REPO_repo3=/repo3.git;user1:r;user2:w + volumes: + # Basic volumes that should be mapped + - ./ssh:/var/ssh + - ./repos:/srv/repos + - ./log:/var/log +``` +\ No newline at end of file