qbit/gitle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial

Browse Source
This commit is contained in:
Aaron Bieber 2022-06-21 11:10:38 -06:00
commit eff5cc3c05
No known key found for this signature in database
6 changed files with 137 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.envrc Normal file
View File

@ -0,0 +1 @@
use_nix

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.idea

14
go.mod Normal file
View File

@ -0,0 +1,14 @@
module suah.dev/gitle
go 1.18
require github.com/sosedoff/gitkit v0.3.0
require (
github.com/gofrs/uuid v4.0.0+incompatible // indirect
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678 // indirect
suah.dev/protect v1.2.0 // indirect
)
replace github.com/sosedoff/gitkit => ../gitkit

27
go.sum Normal file
View File

@ -0,0 +1,27 @@
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/sosedoff/gitkit v0.3.0 h1:TfINVRNUM+GcFa+LGhZ3RcWN86Im1M6i8qs0IsgMy90=
github.com/sosedoff/gitkit v0.3.0/go.mod h1:V3EpGZ0nvCBhXerPsbDeqtyReNb48cwP9KtkUYTKT5I=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678 h1:J27LZFQBFoihqXoegpscI10HpjZ7B5WQLLKL2FZXQKw=
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
suah.dev/protect v1.2.0 h1:4G4V43yVYXCjLFzaE9QJR0fLo3rf5vNBS9YxyoI19DU=
suah.dev/protect v1.2.0/go.mod h1:Ocn1yqUskqe/is6N2bxQxtT+fegbvQsOFyHbJAQu9XE=

88
main.go Normal file
View File

@ -0,0 +1,88 @@
package main
import (
"fmt"
"golang.org/x/crypto/ssh"
"io/ioutil"
"log"
"os"
"suah.dev/protect"
"github.com/sosedoff/gitkit"
)
func envOr(name string, def string) string {
s := os.Getenv(name)
if s == "" {
return def
}
return s
}
func main() {
repos := envOr("GITLE_REPOS", "/var/gitle/repos")
keys := envOr("GITLE_KEYS", "/var/gitle/keys")
akSrc := envOr("GITLE_AUTH_KEYS", "var/gitle/authorized_keys")
hostKey := envOr("GITLE_HOST_KEY", "/var/gitle/key")
protect.Unveil(repos, "rwc")
protect.Unveil(keys, "r")
protect.Unveil(akSrc, "r")
protect.Unveil(hostKey, "r")
protect.Unveil("/dev", "r")
protect.Unveil("/dev/null", "rw")
protect.Unveil("/usr/local/bin/", "rx")
protect.UnveilBlock()
server := gitkit.NewSSH(gitkit.Config{
Dir: repos,
KeyDir: keys,
AutoCreate: true,
})
akb, err := ioutil.ReadFile(akSrc)
if err != nil {
log.Fatalf("can't load authorized keys file: %s, err: %v", akSrc, err)
}
akMap := map[string]bool{}
for len(akb) > 0 {
pubKey, _, _, rest, err := ssh.ParseAuthorizedKey(akb)
if err != nil {
log.Fatalf("failed to read pubKey entry: %v", err)
}
akMap[string(pubKey.Marshal())] = true
akb = rest
}
b, err := ioutil.ReadFile(hostKey)
if err != nil {
log.Fatalf("failed to read %s: %v", hostKey, err)
}
pk, err := ssh.ParsePrivateKey(b)
if err != nil {
log.Fatalf("failed to parse %s: %v", hostKey, err)
}
server.SSHConfig = &ssh.ServerConfig{
ServerVersion: "SSH-2.0-gitle",
PublicKeyCallback: func(conn ssh.ConnMetadata, pubKey ssh.PublicKey) (*ssh.Permissions, error) {
if akMap[string(pubKey.Marshal())] {
return &ssh.Permissions{
Extensions: map[string]string{
"pubkey-fp": ssh.FingerprintSHA256(pubKey),
},
}, nil
}
return nil, fmt.Errorf("unknown public key for %q", conn.User())
},
}
server.SSHConfig.AddHostKey(pk)
server.SetupDone = true
err = server.ListenAndServe(":2222")
if err != nil {
log.Fatalf("failed to listen: %v\n", err)
}
}

6
shell.nix Normal file
View File

@ -0,0 +1,6 @@
{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell {
nativeBuildInputs = with pkgs.buildPackages; [
go_1_18
];
}