Luke's Web Site

Setting up a Simple Git Mirror with Soft Serve

I just got my old Raspberry Pi set up for the first time in years with Tailscale, and I found a perfect little project for it. It turned out simpler than I expected so I thought I’d write it up here.

I set up the self-hostable Git server Soft Serve on my Pi so that it mirrors my GitHub repos. Now if GitHub has an outage, I’ve got a copy of all my repos on my network. I can also use it as a remote for sensitive projects like coursework, which I don’t have the right to distribute.

I did it by following Charm’s excellent guide for setting up Soft Serve self-hosted. My Pi is running Ubuntu 22.04 so I had zero problems with the guide. But since I’m only accessing the Pi over Tailscale, I skipped the TLS certificate section and the domain setup, and kept the default ports. I also tried to skip SSH key authentication since Tailscale knows who I am, but Soft Serve’s authentication is designed with the assumption that you have an SSH key, so I couldn’t go without one.

The bit of trouble came because I store my SSH keys in 1Password, not on disk in ~/.ssh. 1Password usually just handles everything and it works great, but for Soft Serve I need to specify which key 1Password should hand over to verify me. The solution is in 1Password’s docs: I can export my public key and keep the private key in 1Password. Then in ~/.ssh/config, I added an entry for the host that looks something like this: 

Host soft-pi
    HostName 0.0.0.0 # tailscale IP
    User ubuntu
    Port 23231
    IdentityFile ~/.ssh/id_ed25519.pub
    IdentitiesOnly yes

With this configuration, whenever I use ssh soft-pi, 1Password’s SSH agent figures out which key I’m asking for from my vault, prompts for authentication, and passes my key along to Soft Serve.

With Soft Serve running on my Pi and a functioning admin key, I imported my repos from GitHub. I ran the following from a shell on my laptop to import a repository called nvim: 

ssh soft-pi repo import -m nvim https://github.com/lukewiebe/nvim

That worked and now I can clone my nvim repo using git clone ssh://soft-pi/nvim as long as I’m connected to Tailscale. Two things here:

  1. The above import command doesn’t work if I use the URLgit@github.com:lukewiebe/nvim.git. Maybe those are non-standard or harder to use for some reason?
  2. Turns out Git is pretty smart and when you use an ssh:// URL to clone, it checks your ~/.ssh/config for hosts and resolves them. This is how git clone ssh://soft-pi/<repo> works. I thought that config file was just for the ssh client on the command line, so it’s cool to see that other clients can use it too.

That’s it! If you’re trying to set up self-hosted Soft Serve and you’ve got questions about this post, feel free to contact me by email. Anything sent to this domain (no subdomain) comes to me.