17:28 <phantomcircuit> BlueMatt, HI

17:29 <BlueMatt> sup

17:44 <phantomcircuit> BlueMatt, gitlab seems pretty complicated, right?

17:49 <BlueMatt> hmm? you mean to self-host it? I didnt look into it too deeply. I think actually the easiest thing to set up would be to a) create a webform that lets you upload an ssh pubkey which then creates a user which is restricted to git-shell, b) restirct each user via GIT_NAMESPACE to a subtree of refs which is prefixed by their ssh pubkey hash or so, c) use gitweb to display all the pushes people have, d) limit upload pack size and do

17:49 <BlueMatt> something to limit how many pushes/hour each remote IP can do.

17:50 <BlueMatt> I think the above basically lets you do an anonymous git project management with an hour or two of setup.

17:50 <BlueMatt> and without all the complication of something like gitlab or gitea where users have ot actually create accounts with emails and passwords and stuff.

17:52 <phantomcircuit> BlueMatt, iirc actually restricting users to git-shell with ssh isn't as trivial as it should be

17:52 <BlueMatt> no, you just set their login shell, its one command

17:52 <BlueMatt> or you can just edit /etc/passwd's shell entry and done.

17:53 <phantomcircuit> in theory yes, but uh

17:53 <BlueMatt> you also have to create an empty git-shell-commands file or something stupid but thats easy.

17:53 <BlueMatt> should work? I'd bet thats literally what github does, so somehow i doubt you'd be the easiest target.

17:53 <phantomcircuit> github i think is using a custom ssh daemon

17:54 <BlueMatt> ah, i could see that. i mean ssh is shit, but i dont think git-shell is the biggest of your worries in that case.

17:54 <BlueMatt> and if you're worried just do a separate git-upload server and then pull from it every minute on the actual git server.

17:56 <BlueMatt> but I think you have the same issue with gitlab or whatever.

17:57 <BlueMatt> the other thing I was thinking about is doing git pushes via https, and then just setting a cookie for user auth. still anonymous, but users have to configure a per-repo cookieFile and set the flag to let the server set cookies locally.

17:57 <BlueMatt> would be a tiny bit more work for users, but the server-side setup would be similar effort.

17:57 <BlueMatt> just via nginx authentication modules instead of ssh.

18:02 <BlueMatt> if you're feeling un-lazy, you can set it up for git.bitcoin.ninja and then I'll just let people use that server for stuff :)

18:28 <BlueMatt> hell, if people use it I'll even make it faster than fucking github cause its trivial to anycast git clones, github still makes them all go back to DCA