[neilv]

Is there a rock-solid git server that I can use on a home server for versioned immutable backups of misc. files on personal devices (e.g., account config), as well as private software development git repos?

(I've done a cheaper version of this -- except for the immutable part, and the separation of accounts between devices -- in the past using SSH+SVN to a home server, and it was great.)

I was thinking immutable from the perspective of a device. A given device can pull branches of certain repos, and make commits to the branches. But a device's user account on the git server doesn't have permission to affect past commits. So, for example, if my dodgy Linux smartphone is compromised, a hypothetical person who isn't being nice can't do anything to my backups, other than make bogus additional commits.

Maybe each device has its own branch (e.g., `big-laptop`, `little-laptop`, `smartphone`, `media-server`), where they can commit their changes, and maybethey can pull from main/trunk. And then the physical console for the git server lets me inspect and merge changes from the different devices, so that other devices can pick up those changes.

I thought about starting with Gitlab CE, but that's pretty big, so, even if the features could be made to do what I want, I don't know whether I'd always be running too many vulnerabilities that defeat some of my purposes.

[rsync]

"Is there a rock-solid git server that I can use on a home server for versioned immutable backups ..."

A few things ...

First, 'git' is built into the rsync.net platform and you can do anything you like with it, remotely, over ssh:

  ssh user@rsync.net "git clone git://github.com/freebsd/freebsd.git freebsd"

I personally track a number of repos I consider important and keep my own source trees up to date without running git locally.

Second, the ZFS snapshots that are taken, nightly, of your entire rsync.net account are immutable (read-only) so if you clone/update your git repos into your account, they are protected from ransomeware/mallory.

Third, we finally have LFS / git-lfs support which pleases me greatly.

[strogonoff]

A question I had for a long time: is rsync.net affiliated in some way with the authors of the rsync utility?

[rsync]

No, there is no affiliation at all.

However, in late 2005 / early 2006, when we spun it out[1] as a standalone corporation and registered the domain name, etc., I did request, and receive, explicit permission from the authors/maintainers of rsync to adopt, and use, the rsync.net name.

[1] rsync.net began operation in 2001 as an add-on feature to JohnCompanies which was the first provider of the VPS as we now know it.

[strogonoff]

Thanks for elaborating. I sort of wish this was mentioned somewhere in a FAQ section but maybe that’s just me.

[rav]

Maybe this git-config setting will do what you need?

       receive.denyNonFastForwards

"If set to true, git-receive-pack will deny a ref update which is not a fast-forward. Use this to prevent such an update via a push, even if that push is forced. This configuration variable is set when initializing a shared repository."

[cogman10]

Depends on what you are after, but why not GIT + SSH and run regular snapshots of the repo? That way a dodgy person doing bad things could ultimately be undone relatively quickly.

Any sort of backup of the git repo would also achieve the same thing.

If you are super paranoid, you could also do git over email ala the linux kernel on sensitive repos and only apply trusted patches yourself.

[nucleardog]

gitea is super easy to set up and self-host. It has branch permissions. Relatively straightforward to, e.g., allow devices to push only to their own branch but not allow force pushes that overwrite old commits.

[CGamesPlay]

I recently asked myself the same question, found no satisfactory answers, and wrote a solution. It uses the backup software "restic" to provide secure hosting on a variety of cloud providers. Restic is immutable by design, and my software basically "backs up" the .git folder to a restic repository. I use S3, but you could easily use any cloud storage provider or local NAS or anything else restic supports.

Shameless plug: https://github.com/CGamesPlay/git-remote-restic

[moehm]

> A given device can pull branches of certain repos, and make commits to the branches. But a device's user account on the git server doesn't have permission to affect past commits. So, for example, if my dodgy Linux smartphone is compromised...

Yes, Gitolite can do this.

R is read access only

RW is read and write access

RW+ is read, write and the ability to overwrite history (rebasing)

[LanternLight83]

I was going to say, I've got my got server on my NAS, which is itself on a ZFS filesystem, through which snapshots provide immutable backups;

But considering the case of a malicious got contributer, access to any of my devices and ssh keys is already a wayyy bigger issue to begin with, and likely entails restoring the rest of the system to a known-secure state due the sheer number of files an intruder could have tampered with outside of version-controlled directories.

[ghostbrainalpha]

Is there any reason your example would ever happen? That seems a little far fetched of a security concern to me.

[neilv]

It absolutely happens for some organizations. There's industries around it.

And anyway, seems like good practice, and shouldn't be hard to do, and should fit with workflows already familiar from work.

What would be bad practice is to give less-trusted devices (e.g., Linux development phones, or some disposable PC on which I had to install some sketchy software) access to all my files and backups.

Using git this way might be a simple (given we have to know git anyway) way to give the goodness of backups and selectively syncing various kinds of files both ways with the less-trusted devices.

[3np]

Gitolite/gogs/gitea should all be capable to enforce policies like what you described.

If your concern is data loss/malware, anything on the git level is going to be insufficient (but can still be useful of course, as you said)

I’d echo the suggestion of zfs snapshots replicated on a separate mirror of disks. I can recommend zrepl to set up the snapshotting/replication/pruning part. Syncoid is another popular one.

[adrianmsmith]

Is there a reason you can’t continue to use Subversion for this? Sounds like its feature set (immutable commits) is closer to your requirements? Subversion still exists and is still easy to set up on a home server. (It’s what I still use for this purpose, even in 2021.)