Portable Hidden Git Server

A minimalistic and reproducible, ready to deploy and immutable git daemon service published as a Tor onion service.

What is this

This project contains a Nix Flake that once built generates a systemd portable service (a single file under the name personal.raw) that can be "plug" to any Linux that supports systemd. The personal.raw file is just a compressed read-only filesystem for Linux containing all what is needed (git, tor, nginx and all their dependencies, and the config files too)

How to build

$ nix build .#portable

Then you have to "attach" the portable service to the systemd system:

# mv result /var/lib/portables/personal.raw
# portablectl attach --enable --now personal

And that's it. You can verify personal.tor-server.service, personal.git-server.service and personal.nginx.service are working properly with:

systemctl status personal.tor-server.service
systemctl status personal.git-server.service
systemctl status personal.nginx.service

Note: it is possible to browse the generated filesystem by building a different flake output called rootfs:

nix build .#rootfs

After that the result link will contain the directory tree instead of the squashed filesystem.

What next

• nginx server to provide git over http.
• support https (certbot)
• use systemd private network's to isolate network communication
• map ports to standard ones with iptable
• make all this more configurable (ips, ports, hidden service private keys)

---

This is heavily "inspired" on the work of Xe's Nix Flakes: Packages and How to Use Them and Дамјан Георгиевски's Tiny Tiny RSS