# gruau

*Jonathan Frech, 2022-01 to 2022-07*

Gruau is a thin SSH-Web-git layer to manage remote repositories with a light
authentication model.

# server layout
Each repository is a bare repository named `gruau-repositories-root/~owner/repo.git`.

## initializing a new repository
```sh
(gruau server)
$ git init --bare --initial-branch=master gruau-repositories-root/~owner/repo.git
```

## moving a repository to gruau
```sh
(local machine)
$ git clone --mirror git@evilcorp.com:~user/repo.git refugee.git
$ git push --mirror git@git.jfrech.com:~owner/repo.git refugee.git
```

# authentication configuration

## semipulic: dumb HTTP transport via authentication token

### acquiring an auth token
```sh
$ ssh -T authtoken@git.jfrech.com
```

#### building a go package with semipublic dependencies
```sh
$ git config --global http.'https://git.jfrech.com/'.extraHeader "X-Gruau-Auth: $(ssh -i"$HOME/.ssh/machine" -T authtoken@git.jfrech.com)"
$ go build
```
See also: https://go.dev/doc/faq#git\_https

## sample `~owner/access.cnf` configuration file
```
key ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ~owner (e.g. desktop machine)
key ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ~owner (e.g. another desktop machine)
key ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ~owner (e.g. laptop)

private ~owner/secrets.git

shared ~owner/repo.git ~collaborator
shared ~owner/another-repo.git ~collaborator
shared ~owner/another-repo.git ~another-collaborator

key ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ~owner/machine.mch (e.g. a VPS box)
semipublic ~owner/deployment.git ~owner/machine.mch

public ~owner/epic-repo.git
public ~owner/website.git
```

## sample `gruau.service` systemd service file
**TODO**