Next: , Previous: , Up: Services   [Contents][Index]


6.2.7.23 Version Control Services

The (gnu services version-control) module provides a service to allow remote access to local Git repositories. There are two options: the git-daemon-service, which provides access to repositories via the git:// unsecured TCP-based protocol, or extending the nginx web server to proxy some requests to git-http-backend.

Scheme Procedure: git-daemon-service [#:config (git-daemon-configuration)]

Return a service that runs git daemon, a simple TCP server to expose repositories over the Git protocol for anonymous access.

The optional config argument should be a <git-daemon-configuration> object, by default it allows read-only access to exported25 repositories under /srv/git.

Data Type: git-daemon-configuration

Data type representing the configuration for git-daemon-service.

package (default: git)

Package object of the Git distributed version control system.

export-all? (default: #f)

Whether to allow access for all Git repositories, even if they do not have the git-daemon-export-ok file.

base-path (default: /srv/git)

Whether to remap all the path requests as relative to the given path. If you run git daemon with (base-path "/srv/git") on example.com, then if you later try to pull git://example.com/hello.git, git daemon will interpret the path as /srv/git/hello.git.

user-path (default: #f)

Whether to allow ~user notation to be used in requests. When specified with empty string, requests to git://host/~alice/foo is taken as a request to access foo repository in the home directory of user alice. If (user-path "path") is specified, the same request is taken as a request to access path/foo repository in the home directory of user alice.

listen (default: ’())

Whether to listen on specific IP addresses or hostnames, defaults to all.

port (default: #f)

Whether to listen on an alternative port, which defaults to 9418.

whitelist (default: ’())

If not empty, only allow access to this list of directories.

extra-options (default: ’())

Extra options will be passed to git daemon, please run man git-daemon for more information.

The git:// protocol lacks authentication. When you pull from a repository fetched via git://, you don’t know that the data you receive was modified is really coming from the specified host, and you have your connection is subject to eavesdropping. It’s better to use an authenticated and encrypted transport, such as https. Although Git allows you to serve repositories using unsophisticated file-based web servers, there is a faster protocol implemented by the git-http-backend program. This program is the back-end of a proper Git web service. It is designed to sit behind a FastCGI proxy. See Web Services, for more on running the necessary fcgiwrap daemon.

Guix has a separate configuration data type for serving Git repositories over HTTP.

Data Type: git-http-configuration

Data type representing the configuration for git-http-service.

package (default: git)

Package object of the Git distributed version control system.

git-root (default: /srv/git)

Directory containing the Git repositories to expose to the world.

export-all? (default: #f)

Whether to expose access for all Git repositories in git-root, even if they do not have the git-daemon-export-ok file.

uri-path (default: /git/)

Path prefix for Git access. With the default /git/ prefix, this will map http://server/git/repo.git to /srv/git/repo.git. Requests whose URI paths do not begin with this prefix are not passed on to this Git instance.

fcgiwrap-socket (default: 127.0.0.1:9000)

The socket on which the fcgiwrap daemon is listening. See Web Services.

There is no git-http-service-type, currently; instead you can create an nginx-location-configuration from a git-http-configuration and then add that location to a web server.

Scheme Procedure: git-http-nginx-location-configuration [config=(git-http-configuration)]

Compute an nginx-location-configuration that corresponds to the given Git http configuration. An example nginx service definition to serve the default /srv/git over HTTPS might be:

(service nginx-service-type
         (nginx-configuration
          (server-blocks
           (list
            (nginx-server-configuration
             (http-port #f)
             (server-name "git.my-host.org")
             (ssl-certificate
              "/etc/letsencrypt/live/git.my-host.org/fullchain.pem")
             (ssl-certificate-key
              "/etc/letsencrypt/live/git.my-host.org/privkey.pem")
             (locations
              (list
               (git-http-nginx-location-configuration
                (git-http-configuration (uri-path "/"))))))))))

This example assumes that you are using Let’s Encrypt to get your TLS certificate. See Certificate Services. The default certbot service will redirect all HTTP traffic on git.my-host.org to HTTPS. You will also need to add an fcgiwrap proxy to your system services. See Web Services.


Footnotes

(25)

By creating the magic file "git-daemon-export-ok" in the repository directory.


Next: , Previous: , Up: Services   [Contents][Index]