3 files changed, 193 insertions, 0 deletions
diff --git a/docs/man/gitolfs3-authenticate.1 b/docs/man/gitolfs3-authenticate.1
new file mode 100644
index 0000000..67151e1
--- /dev/null
+++ b/docs/man/gitolfs3-authenticate.1
@@ -0,0 +1,33 @@
+.TH GITOLFS3-AUTHENTICATE 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual"
+.SH NAME
+git-lfs-authenticate \- Git LFS authentication agent for Gitolfs3
+.SH SYNOPSIS
+.B git-lfs-authenticate
+<repository>
+upload/download
+.SH DESCRIPTION
+.B git-lfs-authenticate
+is a Git LFS authentication agent for Gitolfs3.
+When accessible from the Git shell,
+.B git-lfs-authenticate
+can authorize users to access the Gitolfs3 Git LFS server.
+Although
+.B git-lfs-authenticate
+does assume that the user can be trusted, as they have access to the server,
+it is a good idea to restrict the shell for the \fIgit\fR user.
+For example, the user should not be able to modify environment variables, nor
+should the user be able to execute any arbitrary command.
+The Git shell provided by Gitolfs3 may be a good option. (See
+.BR gitolfs3-shell (1).)
+.SH ENVIRONMENT VARIABLES
+.TP
+.B GITOLFS3_HREF_BASE
+.B Required.
+The base URL at which the Gitolfs3 server is available.
+Must end with a slash.
+.TP
+.B GITOLFS3_KEY_PATH
+.B Required.
+The path to the key which is used to authorize the request to the Gitolfs3
+server.
diff --git a/docs/man/gitolfs3-server.1 b/docs/man/gitolfs3-server.1
new file mode 100644
index 0000000..4f384cf
--- /dev/null
+++ b/docs/man/gitolfs3-server.1
@@ -0,0 +1,124 @@
+.TH GITOLFS3-SERVER 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual"
+.SH NAME
+server \- Gitolfs3 Git LFS server
+.SH SYNOPSIS
+.B server
+.SH DESCRIPTION
+.B server
+is the Gitolfs3 Git LFS server. It is primarily configured using environment
+variables.
+A complete reference of the environment variables can be seen below.
+.B Important note:
+The working directory of the Gitolfs3 server should be the folder containing all Git repositories.
+Otherwise, repositories will not be recognized (and nothing will work).
+The Gitolfs3 server uses S3-compatible services as backing storage.
+In the configured S3 bucket, a familiar structure is used:
+.in +2
+lfs-test.git/ ................. repository name
+.in +2
+lfs/objects/ ................ namespace
+.in +2
+4e/ ....................... first byte of the object ID (OID)
+.in +2
+7b/ ..................... second byte of the OID
+.in +2
+4e7bfdb[...]11ce013 ... OID (SHA256)
+.in -10
+Public and private repositories are distinguished using the presence of a
+\fIgit-daemon-export-ok\fR file in the bare repository.
+Unauthenticated users accessing the service over the public internet are
+allowed to download all files from all public repositories.
+Unauthenticated users accessing the service over a trusted network are allowed
+to download all files from all repositories, so also from all private
+repositories.
+Only authenticated users are authorized to upload files.
+For information on access control in private networks, please see the
+documentation for the environment variable
+.BR GITOLFS3_TRUSTED_FORWARDED_HOSTS .
+This server can be used in combination with the Gitolfs3 Git LFS authentication
+agent (see
+.BR gitolfs3-authenticate ).
+For more information, please see the documentation for the environment variable
+.BR GITOLFS3_KEY_PATH .
+.SH ENVIRONMENT VARIABLES
+.TP
+.B GITOLFS3_S3_SECRET_ACCESS_KEY_FILE
+.B Required.
+Path to the Secret Access Key to access the configured S3 service.
+.TP
+.B GITOLFS3_S3_ACCESS_KEY_ID_FILE
+.B Required.
+Path to the Access Key ID to access the configured S3 service.
+.TP
+.B GITOLFS3_S3_REGION
+.B Required.
+The S3 region which the configured bucket is in.
+.TP
+.B GITOLFS3_S3_ENDPOINT
+.B Required.
+The S3 endpoint to use.
+Whether using Amazon S3 or another provider, this URL always be provided.
+In the case of Scaleway Object Storage, this may look like
+\fIhttps://s3.nl-ams.scw.cloud\fR for the region \fInl-ams\fR.
+.TP
+.B GITOLFS3_S3_BUCKET
+.B Required.
+The S3 bucket to use.
+Should be in the configured region (see
+.BR GITOLFS_S3_ENDPOINT ).
+.TP
+.B GITOLFS3_BASE_URL
+.B Required.
+The base URL under which the Gitolfs3 server itself runs.
+This is required so that the server can generate hyperlinks that refer to
+itself.
+.TP
+.B GITOLFS3_KEY_PATH
+.B Required.
+Path to the key that is used to generate and verify tags (MACs) for requests.
+Must correspond with the key used by
+.BR gitolfs3-authenticate (1),
+if using.
+.TP
+.B GITOLFS3_LISTEN_HOST
+.B Required.
+The host on which the Gitolfs3 server should listen.
+.TP
+.B GITOLFS3_LISTEN_PORT
+.B Required.
+The port on which the Gitolfs3 server should listen.
+.TP
+.B GITOLFS3_DOWNLOAD_LIMIT
+.B Required.
+The maximum amount of file bytes which may be downloaded within the span of an
+hour.
+The server keeps track of the amount of bytes downloaded in the last hour in a
+file called \fI.gitofls3-dlimit\fR, which it stores in its working directory.
+Every hour, the counter is reset.
+When the server crashes, the counter is not reset.
+This means that the implementation is pretty messy, and that repeated crashes
+of the server turn this 'hour' into practical 'infinity'.
+The main purpose of this feature is to prevent incurring unforeseen egress
+costs.
+.B Note:
+Only untrusted hosts are held to this limit.
+.TP
+.B GITOLFS3_TRUSTED_FORWARDED_HOSTS
+.B Optional.
+A comma-separated list of hosts which can be classified as 'trusted'.
+If a request comes in for which the X-Forwarded-Host header contains one of the
+hosts in this list, then the user is automatically generated read access to all
+repositories, regardless of the presence of a \fIgit-daemon-export-ok\fR file.
+Furthermore, presigned URLs are returned for download requests, instead of
+downloads being proxied through the Gitolfs3 server.
+.B Note:
+There must be no space between the comma-separated items.
diff --git a/docs/man/gitolfs3-shell.1 b/docs/man/gitolfs3-shell.1
new file mode 100644
index 0000000..56eac31
--- /dev/null
+++ b/docs/man/gitolfs3-shell.1
@@ -0,0 +1,36 @@
+.TH GITOLFS3-SHELL 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual"
+.SH NAME
+shell \- Gitolfs3 shell
+.SH SYNOPSIS
+.B shell
+-c <command>
+.SH DESCRIPTION
+.B shell
+is the Gitolfs3 shell.
+.SH COMMANDS
+.TP
+.B git-receive-pack \fR<repsitory>\fB
+Alternatively, using \fBgit receive-pack\fR is also allowed.
+No other arguments nor options than indicated above are processed nor allowed.
+See
+.BR git-receive-pack (1).
+.TP
+.B git-upload-archive \fR<repsitory>\fB
+Alternatively, using \fBgit upload-archive\fR is also allowed.
+No other arguments nor options than indicated above are processed nor allowed.
+See
+.BR git-upload-archive (1).
+.TP
+.B git-upload-pack \fR<repsitory>\fB
+Alternatively, using \fBgit upload-pack\fR is also allowed.
+No other arguments nor options than indicated above are processed nor allowed.
+See
+.BR git-upload-pack (1).
+.TP
+.B git-lfs-authenticate \fR<repository> upload/download\fB
+Outputs a JSON document containing a reference to the Gitolfs3 Git LFS endpoint
+for the indicated repository and an accompanying tag/MAC to authenticate with
+the Gitolfs3 server.
+Only valid for the indicated repository and operation.
+See
+.BR gitolfs3-authenticate (1).

diff --git a/docs/man/gitolfs3-authenticate.1 b/docs/man/gitolfs3-authenticate.1 new file mode 100644 index 0000000..67151e1 --- /dev/null +++ b/docs/man/gitolfs3-authenticate.1
@@ -0,0 +1,33 @@
	1	.TH GITOLFS3-AUTHENTICATE 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual"
	2	.SH NAME
	3	git-lfs-authenticate \- Git LFS authentication agent for Gitolfs3
	4	.SH SYNOPSIS
	5	.B git-lfs-authenticate
	6	<repository>
	7	upload/download
	8	.SH DESCRIPTION
	9	.B git-lfs-authenticate
	10	is a Git LFS authentication agent for Gitolfs3.
	11	When accessible from the Git shell,
	12	.B git-lfs-authenticate
	13	can authorize users to access the Gitolfs3 Git LFS server.
	14
	15	Although
	16	.B git-lfs-authenticate
	17	does assume that the user can be trusted, as they have access to the server,
	18	it is a good idea to restrict the shell for the \fIgit\fR user.
	19	For example, the user should not be able to modify environment variables, nor
	20	should the user be able to execute any arbitrary command.
	21	The Git shell provided by Gitolfs3 may be a good option. (See
	22	.BR gitolfs3-shell (1).)
	23	.SH ENVIRONMENT VARIABLES
	24	.TP
	25	.B GITOLFS3_HREF_BASE
	26	.B Required.
	27	The base URL at which the Gitolfs3 server is available.
	28	Must end with a slash.
	29	.TP
	30	.B GITOLFS3_KEY_PATH
	31	.B Required.
	32	The path to the key which is used to authorize the request to the Gitolfs3
	33	server.


diff --git a/docs/man/gitolfs3-server.1 b/docs/man/gitolfs3-server.1 new file mode 100644 index 0000000..4f384cf --- /dev/null +++ b/docs/man/gitolfs3-server.1
@@ -0,0 +1,124 @@
	1	.TH GITOLFS3-SERVER 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual"
	2	.SH NAME
	3	server \- Gitolfs3 Git LFS server
	4	.SH SYNOPSIS
	5	.B server
	6	.SH DESCRIPTION
	7	.B server
	8	is the Gitolfs3 Git LFS server. It is primarily configured using environment
	9	variables.
	10	A complete reference of the environment variables can be seen below.
	11
	12	.B Important note:
	13	The working directory of the Gitolfs3 server should be the folder containing all Git repositories.
	14	Otherwise, repositories will not be recognized (and nothing will work).
	15
	16	The Gitolfs3 server uses S3-compatible services as backing storage.
	17	In the configured S3 bucket, a familiar structure is used:
	18	.in +2
	19	lfs-test.git/ ................. repository name
	20	.in +2
	21	lfs/objects/ ................ namespace
	22	.in +2
	23	4e/ ....................... first byte of the object ID (OID)
	24	.in +2
	25	7b/ ..................... second byte of the OID
	26	.in +2
	27	4e7bfdb[...]11ce013 ... OID (SHA256)
	28	.in -10
	29
	30	Public and private repositories are distinguished using the presence of a
	31	\fIgit-daemon-export-ok\fR file in the bare repository.
	32	Unauthenticated users accessing the service over the public internet are
	33	allowed to download all files from all public repositories.
	34	Unauthenticated users accessing the service over a trusted network are allowed
	35	to download all files from all repositories, so also from all private
	36	repositories.
	37	Only authenticated users are authorized to upload files.
	38	For information on access control in private networks, please see the
	39	documentation for the environment variable
	40	.BR GITOLFS3_TRUSTED_FORWARDED_HOSTS .
	41
	42	This server can be used in combination with the Gitolfs3 Git LFS authentication
	43	agent (see
	44	.BR gitolfs3-authenticate ).
	45	For more information, please see the documentation for the environment variable
	46	.BR GITOLFS3_KEY_PATH .
	47	.SH ENVIRONMENT VARIABLES
	48	.TP
	49	.B GITOLFS3_S3_SECRET_ACCESS_KEY_FILE
	50	.B Required.
	51	Path to the Secret Access Key to access the configured S3 service.
	52	.TP
	53	.B GITOLFS3_S3_ACCESS_KEY_ID_FILE
	54	.B Required.
	55	Path to the Access Key ID to access the configured S3 service.
	56	.TP
	57	.B GITOLFS3_S3_REGION
	58	.B Required.
	59	The S3 region which the configured bucket is in.
	60	.TP
	61	.B GITOLFS3_S3_ENDPOINT
	62	.B Required.
	63	The S3 endpoint to use.
	64	Whether using Amazon S3 or another provider, this URL always be provided.
	65	In the case of Scaleway Object Storage, this may look like
	66	\fIhttps://s3.nl-ams.scw.cloud\fR for the region \fInl-ams\fR.
	67	.TP
	68	.B GITOLFS3_S3_BUCKET
	69	.B Required.
	70	The S3 bucket to use.
	71	Should be in the configured region (see
	72	.BR GITOLFS_S3_ENDPOINT ).
	73	.TP
	74	.B GITOLFS3_BASE_URL
	75	.B Required.
	76	The base URL under which the Gitolfs3 server itself runs.
	77	This is required so that the server can generate hyperlinks that refer to
	78	itself.
	79	.TP
	80	.B GITOLFS3_KEY_PATH
	81	.B Required.
	82	Path to the key that is used to generate and verify tags (MACs) for requests.
	83	Must correspond with the key used by
	84	.BR gitolfs3-authenticate (1),
	85	if using.
	86	.TP
	87	.B GITOLFS3_LISTEN_HOST
	88	.B Required.
	89	The host on which the Gitolfs3 server should listen.
	90	.TP
	91	.B GITOLFS3_LISTEN_PORT
	92	.B Required.
	93	The port on which the Gitolfs3 server should listen.
	94	.TP
	95	.B GITOLFS3_DOWNLOAD_LIMIT
	96	.B Required.
	97	The maximum amount of file bytes which may be downloaded within the span of an
	98	hour.
	99
	100	The server keeps track of the amount of bytes downloaded in the last hour in a
	101	file called \fI.gitofls3-dlimit\fR, which it stores in its working directory.
	102	Every hour, the counter is reset.
	103	When the server crashes, the counter is not reset.
	104	This means that the implementation is pretty messy, and that repeated crashes
	105	of the server turn this 'hour' into practical 'infinity'.
	106
	107	The main purpose of this feature is to prevent incurring unforeseen egress
	108	costs.
	109
	110	.B Note:
	111	Only untrusted hosts are held to this limit.
	112	.TP
	113	.B GITOLFS3_TRUSTED_FORWARDED_HOSTS
	114	.B Optional.
	115	A comma-separated list of hosts which can be classified as 'trusted'.
	116
	117	If a request comes in for which the X-Forwarded-Host header contains one of the
	118	hosts in this list, then the user is automatically generated read access to all
	119	repositories, regardless of the presence of a \fIgit-daemon-export-ok\fR file.
	120	Furthermore, presigned URLs are returned for download requests, instead of
	121	downloads being proxied through the Gitolfs3 server.
	122
	123	.B Note:
	124	There must be no space between the comma-separated items.


diff --git a/docs/man/gitolfs3-shell.1 b/docs/man/gitolfs3-shell.1 new file mode 100644 index 0000000..56eac31 --- /dev/null +++ b/docs/man/gitolfs3-shell.1
@@ -0,0 +1,36 @@
	1	.TH GITOLFS3-SHELL 1 2024-04-29 Gitolfs3 "Gitolfs3 Manual"
	2	.SH NAME
	3	shell \- Gitolfs3 shell
	4	.SH SYNOPSIS
	5	.B shell
	6	-c <command>
	7	.SH DESCRIPTION
	8	.B shell
	9	is the Gitolfs3 shell.
	10	.SH COMMANDS
	11	.TP
	12	.B git-receive-pack \fR<repsitory>\fB
	13	Alternatively, using \fBgit receive-pack\fR is also allowed.
	14	No other arguments nor options than indicated above are processed nor allowed.
	15	See
	16	.BR git-receive-pack (1).
	17	.TP
	18	.B git-upload-archive \fR<repsitory>\fB
	19	Alternatively, using \fBgit upload-archive\fR is also allowed.
	20	No other arguments nor options than indicated above are processed nor allowed.
	21	See
	22	.BR git-upload-archive (1).
	23	.TP
	24	.B git-upload-pack \fR<repsitory>\fB
	25	Alternatively, using \fBgit upload-pack\fR is also allowed.
	26	No other arguments nor options than indicated above are processed nor allowed.
	27	See
	28	.BR git-upload-pack (1).
	29	.TP
	30	.B git-lfs-authenticate \fR<repository> upload/download\fB
	31	Outputs a JSON document containing a reference to the Gitolfs3 Git LFS endpoint
	32	for the indicated repository and an accompanying tag/MAC to authenticate with
	33	the Gitolfs3 server.
	34	Only valid for the indicated repository and operation.
	35	See
	36	.BR gitolfs3-authenticate (1).