Source code repository server
My new Mac Mini has been useful as a workstation, but sometimes I need a server dedicated to distributing media files or storing the source code for my programming projects. I’ve set out to address latter issue first, and this post documents my progress.
Here are the requirements for the source code repository server:
- Long term persistance
- VM still works when copied to another machine.
- VM is backed up at least once per week and tested, either manually or automatically.
- Each repository is backed up by cloning it to a physical machine at least daily.
- All backups are verified with some kind of automated consistency check.
- Repositories can only be accessed from other machines (physical or virtual) via a secure channel like SSH.
- Repositories are stored in a specialized account managed only by the repository server administrator (me).
- Physical machines in my local network can request a working copy of a repository.
- Source control interactions with repositories are regulated by access control lists managed by the repository administrator.
- Centralized repository supports hooks for automated standardization of code formatting, preventing commits that break tests or build script, or various other quality assurance measures.
- Supports executing build scripts on a regular basis for specific repositories and storing dated copies of those builds. It should be known exactly what code was used to make the build, perhaps using a hash for tracking repository state.
Long term persistance
I’ve often used VirtualBox to address any virtual machine needs, but eventually I got annoyed with configuring everything in the GUI. VirtualBox does have an API and ways to make this easier for those who want more consistent control, but I couldn’t yet justify delving that deep.
Fortunately somebody else must have felt the same because there’s a great utility called Vagrant for creating and managing many virtual machines. Underneath it uses VirtualBox. For now I’m using Vagrant to manage the source code repository VM on my Mac Mini. I haven’t tested whether all the long term persistance requirements will be satisfied yet. Not too worried, though, because everything I’ve read and tried with Vagrant makes this seem realistic. Of course I’ll come back to those requirements after addressing bigger concerns.
Security and Extensibility
These two requirement categories are lumped together because they both hinge on a critical decision: What source control management tool should I use?
A company called SourceGear recently made a new distributed version control system (DVCS) called Veracity. There’s an interesting, free book by the founder of SourceGear about using various DVCSs called Version Control By Example, and it discusses Veracity. I spent a fair amount of time experimenting with Veracity, and I really like where it’s going. It doesn’t currently meet my security requirements yet. I’d consider adding the necessary features to Veracity, but I want to get up and running with my repository server. Maybe someday Veracity will have those features, or I’ll feel up to hacking on it. Not yet though.
Git works well for me. I’ve been using it in my personal projects for the past couple years, but have found my work isn’t easily accessible from all my computers. This isn’t git’s fault because it’s easy to clone a repository from another machine. What I really need is a centralized server that’s up nearly all the time. Github is good for that, but I don’t necessarily want all my projects hosted publicly. Yes, they have paid plans, but they seem far more expensive and restrictive than I’d like. Hence the need for this project.
Supposing I use Git, how can I satisfy both the security and extensibility requirements? Git supports hooks, so the SCM part of the extensibility requirements is automatically addressed. The protocol support in Git is pretty good, and includes SSH. I could make a new user on the repository server itself and attempt to manage the file permissions correctly for each project, but that seems a tad painful.
Gitolite comes to the rescue. It uses concise access control lists to dictate who has what rights to which repositories. Transactions occur over SSH. Seems like just what I need.