From 1718b5eb26505fae065384c1963bb738215c247f Mon Sep 17 00:00:00 2001 From: idk Date: Wed, 21 May 2025 23:40:43 -0400 Subject: [PATCH 1/9] Update gitea-debian.yml --- .github/workflows/gitea-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitea-debian.yml b/.github/workflows/gitea-debian.yml index 2835c5d..6f70786 100644 --- a/.github/workflows/gitea-debian.yml +++ b/.github/workflows/gitea-debian.yml @@ -2,7 +2,7 @@ # Triggered an hour after the Gitea stable build # Runs on Ubuntu 22.04 -name: Gitea Nightly Debian Build +name: Gitea Debian Build on: push: # Run on any push schedule: From 3b37a8f8935609f1137d482aaa04dfbfcbb5a9a2 Mon Sep 17 00:00:00 2001 From: idk Date: Wed, 21 May 2025 23:47:54 -0400 Subject: [PATCH 2/9] Update gitea-debian.yml --- .github/workflows/gitea-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitea-debian.yml b/.github/workflows/gitea-debian.yml index 6f70786..49f8cef 100644 --- a/.github/workflows/gitea-debian.yml +++ b/.github/workflows/gitea-debian.yml @@ -45,7 +45,7 @@ jobs: - name: Generate pkg contents in "/build" run: | - BASE=build make install + sudo BASE=build make install ./pkginstall build \ --name go-gitlooseleaf \ --version ${{ steps.get_version.outputs.version }} \ From a6ea21aa77cd70c16222318676685b76f583ac30 Mon Sep 17 00:00:00 2001 From: idk Date: Wed, 21 May 2025 23:48:23 -0400 Subject: [PATCH 3/9] Update gitea-nightly-debian.yml --- .github/workflows/gitea-nightly-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitea-nightly-debian.yml b/.github/workflows/gitea-nightly-debian.yml index dafba47..ac2e8b1 100644 --- a/.github/workflows/gitea-nightly-debian.yml +++ b/.github/workflows/gitea-nightly-debian.yml @@ -45,7 +45,7 @@ jobs: - name: Generate pkg contents in "/build" run: | - BASE=build make install + sudo BASE=build make install ./pkginstall build \ --name go-gitlooseleaf \ --version ${{ steps.get_version.outputs.version }} \ From 33fdaaef428ddc5d8fc89cb907bf2af395fbb951 Mon Sep 17 00:00:00 2001 From: idk Date: Thu, 22 May 2025 00:00:52 -0400 Subject: [PATCH 4/9] Update README.md --- README.md | 118 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 81 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index a269510..bef615b 100644 --- a/README.md +++ b/README.md @@ -1,40 +1,34 @@ # go-gitlooseleaf -A soft-fork of Gitea that enables simultaneous multi-protocol access via standard TLS, I2P, and Tor onion services. This repository contains only the network interface modules and CI configuration needed to build custom Gitea binaries. +A soft-fork of Gitea that enables simultaneous multi-protocol access via standard TLS, I2P, and Tor onion services. This project enhances access to Gitea repositories across diverse network environments without compromising core functionality. + +## Features + +- **Multi-Protocol Access**: Access your Gitea instance simultaneously through: + - Standard HTTPS/TLS connections + - I2P (Invisible Internet Project) network + - Tor onion services +- **Complete Protocol Support**: All Git operations work seamlessly across all networks: + - Web interface for browsing and management + - Git operations over HTTPS + - Git operations over SSH (when using Gitea's built-in SSH server) +- **Minimal Configuration**: Requires minimal changes to standard Gitea setup +- **Censorship Resistance**: Maintains repository availability even when specific networks are blocked ## How It Works -This project leverages GitHub Actions to automatically build a modified version of Gitea that can simultaneously serve content over multiple protocols: -- Standard HTTPS/TLS connections -- I2P (Invisible Internet Project) network -- Tor onion services +go-gitlooseleaf leverages Gitea's modular network architecture to enable multi-protocol access without modifying the core codebase. The implementation replaces Gitea's network interfaces with protocol-aware alternatives: -The beauty of this approach is that it requires no changes to Gitea's core codebase, as Gitea intelligently encapsulates network operations through abstraction: - -1. **Network Listeners**: Gitea uses `graceful.GetListener()` (defined in `modules/graceful/server.go`) for all incoming connections -2. **Network Clients**: Gitea's HTTP client connections can be configured with custom transport implementations - -We take advantage of these abstractions by replacing the default implementations with our multi-protocol versions during the build process. +1. **Network Listeners**: Gitea uses `graceful.GetListener()` (defined in `modules/graceful/server.go`) for all incoming connections, which we replace with our multi-protocol implementation +2. **Automatic Protocol Detection**: The system automatically detects and routes connections through the appropriate protocol +3. **Rate Limiting**: Built-in protection against excessive connection attempts ## Implementation Details -The network listener replacement works because Gitea's default `GetListener()` implementations (`DefaultGetListener()`) are defined in platform-specific files: -- `modules/graceful/net_unix.go` for Unix-like systems -- `modules/graceful/net_windows.go` for Windows - -Our implementation introduces a `MultiGetListener()` function that handles TLS, I2P, and Tor connections using the `go-meta-listener` package, while still supporting Unix sockets for internal functions. - -Similarly, we replace the default HTTP client with a version that can route traffic through the appropriate network (TLS, I2P, or Tor) based on the destination. - -## Current Implementation - -The current implementation in `net_mirror.go` uses: -- `go-meta-listener/mirror` for listening on multiple protocols -- Rate limiting through `go-i2p/go-limit` -- Environment variables (`EMAIL`, `HOSTNAME`) for configuration +The network listener replacement works by providing a custom implementation of Gitea's `GetListener()` function: ```go -// This implements the GetListener function for TLS, I2P, and Onion +// MultiGetListener handles connections across TLS, I2P, and Tor func MultiGetListener(network, address string) (net.Listener, error) { // Support for Unix sockets remains unchanged if network == "unix" || network == "unixpacket" { @@ -51,7 +45,7 @@ func MultiGetListener(network, address string) (net.Listener, error) { return nil, err } - // Apply rate limiting + // Apply rate limiting for protection return limitedlistener.NewLimitedListener(ml, limitedlistener.WithMaxConnections(500), // concurrent connections limitedlistener.WithRateLimit(24), // connections per second @@ -59,20 +53,41 @@ func MultiGetListener(network, address string) (net.Listener, error) { } ``` -## Usage Caveats +## Configuration -While the HTTP interface works seamlessly across all three protocols, other Gitea communication channels require additional configuration: +### Basic Setup -1. **SMTP Client**: If configured, email connections from Gitea will need proper routing: - - For I2P: Use local ports like `127.0.0.1:7659/7660` - - For Tor: Configure appropriate SOCKS proxy settings - -2. **SSH Connections**: Git operations over SSH require additional configuration to properly route through anonymity networks. These settings depend on your specific deployment environment. - -3. **Environment Variables**: +1. **Environment Variables**: - `EMAIL`: Used for TLS certificate generation (required for HTTPS) - `HOSTNAME`: Server hostname (defaults to local machine name if not set) +2. **Gitea Configuration** (app.ini): + ```ini + [server] + START_SSH_SERVER = true # Enable built-in SSH server for multi-protocol SSH support + SSH_PORT = 22 # Must end with "22" for automatic SSH mirroring (e.g., 22, 2222, 10022) + ``` + +### Network Addresses + +Your Gitea instance will be available at: +- HTTPS: `https://yourdomain.com` +- Tor: `http://youronionaddress.onion` (automatically generated) +- I2P: `http://youri2paddress.i2p` (automatically generated) + +Access using Git clients: +```bash +# Clone via HTTPS +git clone https://yourdomain.com/username/repo.git +git clone http://youronionaddress.onion/username/repo.git +git clone http://youri2paddress.i2p/username/repo.git + +# Clone via SSH (when using built-in SSH server) +git clone git@yourdomain.com:username/repo.git +git clone git@youronionaddress.onion:username/repo.git +git clone git@youri2paddress.i2p:username/repo.git +``` + ## Installation You can: @@ -80,8 +95,37 @@ You can: 2. Use the included `install.sh` script to set up a system service 3. Build from source using the GitHub Actions workflows as a reference +## Use Cases + +- **Self-hosting enthusiasts**: Offer your personal Git repositories through multiple networks with a single installation +- **Code hobbyists**: Share your projects with friends regardless of their network constraints or preferences +- **Organizations in regions with network restrictions**: Ensure repository access despite local network limitations +- **Open source projects**: Maximize availability of your codebase to contributors worldwide +- **Educational institutions**: Provide consistent access to course materials and student repositories +- **Privacy-conscious development**: Enable contribution without requiring standard TLS connections + +## FAQ + +**Q: Does this affect Gitea's performance?** +A: There is minimal performance impact for standard TLS connections. I2P and Tor connections will have the typical latency associated with these networks. + +**Q: How do I view my .onion and .i2p addresses?** +A: After starting the service, addresses are displayed in the logs and stored in `./certs/hostname.onion` and `./certs/hostname.i2p`. + +**Q: Can users have different identities on different protocols?** +A: No, user accounts are shared across all protocols. This is an availability enhancement, not an anonymity solution. + +**Q: Is this compatible with Gitea upgrades?** +A: Each version is built against a specific Gitea release. Check the releases page for compatibility information. + +**Q: Do I need to run Tor and I2P services separately?** +A: No, go-gitlooseleaf includes embedded Tor and I2P capabilities, no separate services needed. + +**Q: Why must the SSH port end with "22"?** +A: The automatic protocol detection for SSH connections relies on recognizing the port number pattern. Any port ending in "22" (such as 22, 2222, 10022) will work correctly. + ## License Both this modification and Gitea itself are licensed under the MIT license. - See [LICENSE](LICENSE) for this project's license -- See [LICENSE-gitea.md](LICENSE-gitea.md) for the Gitea license from https://github.com/go-gitea/gitea +- See [LICENSE-gitea.md](LICENSE-gitea.md) for the Gitea license From 5f84fd9f8c37114921988bb661060b23bcda3a85 Mon Sep 17 00:00:00 2001 From: idk Date: Thu, 22 May 2025 00:11:45 -0400 Subject: [PATCH 5/9] Update Makefile --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 12372f6..8e134ba 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,7 @@ download: setup-user: @echo "Setting up git user and directories..." ./preinst + mkdir -p $(BASE)/usr/local/bin mkdir -p $(DATA_PATH)/custom mkdir -p $(DATA_PATH)/data mkdir -p $(DATA_PATH)/log @@ -94,4 +95,4 @@ uninstall: disable # Clean up clean: @echo "Cleaning up..." - rm -rf downloads \ No newline at end of file + rm -rf downloads From 9715b9aae816cd238c30d52649cb2197d83b91ed Mon Sep 17 00:00:00 2001 From: idk Date: Thu, 22 May 2025 00:13:40 -0400 Subject: [PATCH 6/9] Update Makefile --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 8e134ba..6b6dc48 100644 --- a/Makefile +++ b/Makefile @@ -38,6 +38,7 @@ setup-user: @echo "Setting up git user and directories..." ./preinst mkdir -p $(BASE)/usr/local/bin + mkdir -p $(SYSTEMD_PATH) mkdir -p $(DATA_PATH)/custom mkdir -p $(DATA_PATH)/data mkdir -p $(DATA_PATH)/log From 0a9880b9063b988ba78dfefcf16ba9444d03f3c8 Mon Sep 17 00:00:00 2001 From: idk Date: Thu, 22 May 2025 00:15:44 -0400 Subject: [PATCH 7/9] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bef615b..d7d4053 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ A: No, user accounts are shared across all protocols. This is an availability en A: Each version is built against a specific Gitea release. Check the releases page for compatibility information. **Q: Do I need to run Tor and I2P services separately?** -A: No, go-gitlooseleaf includes embedded Tor and I2P capabilities, no separate services needed. +A: Yes, you need to run Tor and I2P routers. **Q: Why must the SSH port end with "22"?** A: The automatic protocol detection for SSH connections relies on recognizing the port number pattern. Any port ending in "22" (such as 22, 2222, 10022) will work correctly. From a330adb44d6c4906207b6365a87e62cb5b2d35d4 Mon Sep 17 00:00:00 2001 From: idk Date: Fri, 23 May 2025 01:23:26 +0000 Subject: [PATCH 8/9] Try and avoid generating go modules --- .github/workflows/forgejo-build.yml | 1 - .github/workflows/forgejo-nightly.yml | 1 - .github/workflows/gitea-build.yml | 1 - .github/workflows/gitea-nightly.yml | 1 - package-lock.json | 6 ++++++ 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/forgejo-build.yml b/.github/workflows/forgejo-build.yml index ea3915b..a78796b 100644 --- a/.github/workflows/forgejo-build.yml +++ b/.github/workflows/forgejo-build.yml @@ -81,7 +81,6 @@ jobs: cp -v ../net_mirror_unix.go modules/graceful/net_mirror_unix.go cp -v ../net_mirror_windows.go modules/graceful/net_mirror_windows.go cat ../go.mod >> go.mod - go mod tidy make build env: TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo diff --git a/.github/workflows/forgejo-nightly.yml b/.github/workflows/forgejo-nightly.yml index 970d940..fb24825 100644 --- a/.github/workflows/forgejo-nightly.yml +++ b/.github/workflows/forgejo-nightly.yml @@ -47,7 +47,6 @@ jobs: cp -v ../net_mirror_unix.go modules/graceful/net_mirror_unix.go cp -v ../net_mirror_windows.go modules/graceful/net_mirror_windows.go cat ../go.mod >> go.mod - go mod tidy make build env: TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo diff --git a/.github/workflows/gitea-build.yml b/.github/workflows/gitea-build.yml index ffbbeae..a2ab40e 100644 --- a/.github/workflows/gitea-build.yml +++ b/.github/workflows/gitea-build.yml @@ -80,7 +80,6 @@ jobs: cp -v ../net_mirror_unix.go modules/graceful/net_mirror_unix.go cp -v ../net_mirror_windows.go modules/graceful/net_mirror_windows.go cat ../go.mod >> go.mod - go mod tidy make build env: TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo diff --git a/.github/workflows/gitea-nightly.yml b/.github/workflows/gitea-nightly.yml index 41b1939..6fb7b89 100644 --- a/.github/workflows/gitea-nightly.yml +++ b/.github/workflows/gitea-nightly.yml @@ -42,7 +42,6 @@ jobs: cp -v ../net_mirror_unix.go modules/graceful/net_mirror_unix.go cp -v ../net_mirror_windows.go modules/graceful/net_mirror_windows.go cat ../go.mod >> go.mod - go mod tidy make build env: TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo diff --git a/package-lock.json b/package-lock.json index e69de29..c68e03b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -0,0 +1,6 @@ +{ + "name": "go-gitlooseleaf", + "lockfileVersion": 3, + "requires": true, + "packages": {} +} From 67046525700d2b0beab2a022be01e7341fde3d17 Mon Sep 17 00:00:00 2001 From: idk Date: Fri, 23 May 2025 01:27:51 +0000 Subject: [PATCH 9/9] Revert, tidy is required --- .github/workflows/forgejo-build.yml | 1 + .github/workflows/forgejo-nightly.yml | 1 + .github/workflows/gitea-build.yml | 1 + .github/workflows/gitea-nightly.yml | 1 + 4 files changed, 4 insertions(+) diff --git a/.github/workflows/forgejo-build.yml b/.github/workflows/forgejo-build.yml index a78796b..ea3915b 100644 --- a/.github/workflows/forgejo-build.yml +++ b/.github/workflows/forgejo-build.yml @@ -81,6 +81,7 @@ jobs: cp -v ../net_mirror_unix.go modules/graceful/net_mirror_unix.go cp -v ../net_mirror_windows.go modules/graceful/net_mirror_windows.go cat ../go.mod >> go.mod + go mod tidy make build env: TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo diff --git a/.github/workflows/forgejo-nightly.yml b/.github/workflows/forgejo-nightly.yml index fb24825..970d940 100644 --- a/.github/workflows/forgejo-nightly.yml +++ b/.github/workflows/forgejo-nightly.yml @@ -47,6 +47,7 @@ jobs: cp -v ../net_mirror_unix.go modules/graceful/net_mirror_unix.go cp -v ../net_mirror_windows.go modules/graceful/net_mirror_windows.go cat ../go.mod >> go.mod + go mod tidy make build env: TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo diff --git a/.github/workflows/gitea-build.yml b/.github/workflows/gitea-build.yml index a2ab40e..ffbbeae 100644 --- a/.github/workflows/gitea-build.yml +++ b/.github/workflows/gitea-build.yml @@ -80,6 +80,7 @@ jobs: cp -v ../net_mirror_unix.go modules/graceful/net_mirror_unix.go cp -v ../net_mirror_windows.go modules/graceful/net_mirror_windows.go cat ../go.mod >> go.mod + go mod tidy make build env: TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo diff --git a/.github/workflows/gitea-nightly.yml b/.github/workflows/gitea-nightly.yml index 6fb7b89..41b1939 100644 --- a/.github/workflows/gitea-nightly.yml +++ b/.github/workflows/gitea-nightly.yml @@ -42,6 +42,7 @@ jobs: cp -v ../net_mirror_unix.go modules/graceful/net_mirror_unix.go cp -v ../net_mirror_windows.go modules/graceful/net_mirror_windows.go cat ../go.mod >> go.mod + go mod tidy make build env: TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo