Merge branch 'main' of github.com:go-i2p/go-gittisane

.github/workflows/gitea-build.yml

@@ -1,5 +1,8 @@
 name: Gitea Build Pipeline
 on:
+  push:
+    branches:
+      - main
   schedule:
     - cron: '0 0 * * *'  # Runs daily at midnight UTC
   workflow_dispatch:      # Allow manual triggers
@@ -72,9 +75,15 @@ jobs:
         working-directory: gitea-source
         run: |
           make clean
+          cp -v ../net_anon.go modules/graceful/net_anon.go
+          cp -v ../net_anon_unix.go modules/graceful/net_anon_unix.go
+          cp -v ../net_anon_windows.go modules/graceful/net_anon_windows.go
+          go mod tidy
           make build
         env:
-          TAGS: bindata sqlite sqlite_unlock_notify
+          TAGS: bindata sqlite sqlite_unlock_notify netgo osusergo
+          GOFLAGS: -ldflags="-extldflags=-static"
+          CO_ENABLED: 0
           
       - name: Prepare Artifact
         shell: bash

.gitignore

@@ -0,0 +1 @@
+downloads

DOCKER.md

@@ -0,0 +1,17 @@
+Docker Instructions:
+====================
+
+The Dockerfile in this repo assumes a completely self-contained setup, where I2P resides in the same container as gitea.
+This is purely for simplicity's sake.
+In order to build it, use:
+
+```sh
+docker build -t go-i2p/go-gittisane .
+```
+
+then in order to run it, use:
+
+```sh
+docker run --name i2p-gittisane -d go-i2p/go-gittisane
+docker log i2p-gittinsane
+```

Dockerfile

@@ -0,0 +1,34 @@
+# Stage 1: Download gittisane
+FROM alpine:latest as downloader
+RUN apk add --no-cache curl bash grep
+WORKDIR /download/
+COPY download.sh .
+RUN /download/download.sh
+RUN ls /download/downloads
+RUN cp /download/downloads/gitea-Linux /download/gittisane-linux-amd64
+
+# Stage 2: Runtime
+FROM geti2p/i2p:latest
+
+# Copy gittisane binary
+COPY --from=downloader /download/gittisane-linux-amd64 /usr/local/bin/gittisane
+RUN chmod +x /usr/local/bin/gittisane
+
+# Create data directories
+RUN mkdir -p /data/gitea
+
+# Configure I2P for SAM
+RUN echo "i2cp.tcp.host=127.0.0.1\n\
+i2cp.tcp.port=7654\n\
+sam.enabled=true\n\
+sam.host=127.0.0.1\n\
+sam.port=7656" >> /i2p/router.config
+
+# Setup volumes
+VOLUME ["/data/gitea", "/i2p/.i2p"]
+WORKDIR /data/gitea
+
+# Create startup script
+COPY start.sh /usr/local/bin/start.sh
+
+ENTRYPOINT ["start.sh"]

LICENSE-gitea.md

@@ -0,0 +1,20 @@
+Copyright (c) 2016 The Gitea Authors
+Copyright (c) 2015 The Gogs Authors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.bbcode

@@ -0,0 +1,70 @@
+[size=150][b]go-gittisane[/b][/size]
+
+[size=100]A soft-fork of gitea with support for running as an I2P service. Just the mod and the CI files.[/size]
+
+[size=150][b]How it works:[/b][/size]
+
+[size=100]This uses GitHub CI to continuously build an I2P-only version of Gitea based on the latest release of Gitea. We can do this without requiring a patch to the Gitea source code. This is because Gitea encapsulates its "Listening" and "Dialing" into functions, which can easily be substituted for alternative versions. For instance, the network listener is set up by a function, `graceful.GetListener() (net.Listener, error)` in the file `modules/graceful/server.go`.  The default implementation of the `GetListener() (net.Listener, error)` function, `DefaultGetListener() (net.Listener, error)` is defined in the `modules/graceful/net_unix.go` for Unix-like systems and `modules/graceful/net_windows.go` for Windows-like systems. A developer who wishes to "Mod" gitea to listen on another kind of connection do so by creating a new file which implements a `GetListener() (net.Listener, error)` function using an alternate listener implementation.[/size]
+
+[size=100]On the client side, the same thing is possible because Go allows you to substitute the underlying transports used for the default HTTP Client. So, in the absence of overriding settings, we can configure it to use SAMv3 to build HTTP connections by default using the same keys as the hidden service. Effectively this is like a "Bidirectional HTTP" tunnel in Java's Hidden Service Manager.[/size]
+
+[size=100]Finally, if you need to include additional libraries, run `go mod tidy` in the root of the gitea checkout to include them.[/size]
+
+[size=100]Here is a complete working example mod:[/size]
+
+[code]// copy this file to modules/graceful/net_anon.go before building gitea
+package graceful
+
+import (
+    "net"
+    "net/http"
+
+    "github.com/go-i2p/onramp"
+)
+
+// First, make sure that the onramp.Garlic API is set up:
+var garlic, i2perr = onramp.NewGarlic("gitea-anon", "127.0.0.1:7656", onramp.OPT_DEFAULTS)
+
+// This implements the GetListener function for I2P. Note the exemption for Unix sockets, which is implemented in net_anon_unix.go and net_anon_windows.go
+func I2PGetListener(network, address string) (net.Listener, error) {
+    // Add a deferral to say that we've tried to grab a listener
+    defer GetManager().InformCleanup()
+    switch network {
+    case "tcp", "tcp4", "tcp6", "i2p", "i2pt":
+        return garlic.Listen()
+    case "unix", "unixpacket":
+        // I2P isn't really a replacement for the stuff you use Unix sockets for and it's also not an anonymity risk, so treat them normally
+        unixAddr, err := net.ResolveUnixAddr(network, address)
+        if err != nil {
+            return nil, err
+        }
+        return GetListenerUnix(network, unixAddr)
+    default:
+        return nil, net.UnknownNetworkError(network)
+    }
+}
+
+// We use `init() to ensure that the I2P Listeners and Dialers are correctly placed at runtime`
+func init() {
+    if i2perr != nil {
+        panic(i2perr)
+    }
+    GetListener = I2PGetListener
+    httpClient := &http.Client{
+        Transport: &http.Transport{
+            Dial: garlic.Dial,
+        },
+    }
+
+    http.DefaultClient = httpClient
+    http.DefaultTransport = httpClient.Transport
+}
+[/code]
+[size=125][b]Caveats[/b][/size]
+
+[size=100]Gitea makes a few other kinds of connections, besides `HTTP`, if instructed to do so in the config file. For instance, there is an SMTP client. This is not anonymized in this configuration. Probably ask Postman if it's OK to use `127.0.0.1:7659/7660`. Similarly, SSH client connections are not anonymized in this configuration. Similar adjustments to the configuration can be made to also route these across I2P but aren't documented here at this time.[/size]
+
+[size=125][b]License[/b][/size]
+
+[size=100]Both this mod and gitea are licensed under the MIT license. See LICENSE for net_anon*.go in this repository. LICENSE-gitea.md is a copy of the Gitea license from [url=https://github.com/go-gitea/gitea][color=#388d40]https://github.com/go-gitea/gitea[/color][/url][/size]
+

README.md

@@ -1,2 +1,118 @@
-# go-gittisane
-A soft-fork of gitea with support for running as an I2P service. Just the mod and the CI files.
+# Go-Gittisane
+
+A soft-fork of Gitea with built-in support for running as an I2P (Invisible Internet Project) service. This project provides network implementation files and CI configuration to build Gitea with I2P support.
+
+## What is Go-Gittisane?
+
+Go-Gittisane enables you to run the Gitea git server with anonymity features through the I2P network. All HTTP traffic - both incoming requests to your Gitea instance and outgoing requests from it - are routed through I2P, providing privacy and censorship resistance.
+
+## How it Works
+
+### Technical Explanation
+
+Go-Gittisane leverages Gitea's modular network architecture to replace the standard TCP/IP networking with I2P connectivity:
+
+1. **Network Module Substitution**: Gitea encapsulates its network operations in the `graceful` package. By providing alternative implementations of key functions like `GetListener()`, we can redirect all network traffic through I2P.
+
+2. **I2P Integration**: The core modification is in `net_anon.go`, which uses the `github.com/go-i2p/onramp` library to establish I2P connectivity. This file:
+   - Creates an I2P "Garlic" router connection
+   - Implements a custom `GetListener` function that returns I2P listeners 
+   - Configures Go's HTTP client to use I2P for outbound connections
+
+3. **Platform-Specific Handling**: Unix socket connections (used for local IPC) are handled normally since they don't present anonymity risks. These implementations are in `net_anon_unix.go` and `net_anon_windows.go`.
+
+### Automated Builds
+
+This repository contains a GitHub Actions workflow that:
+1. Checks for new Gitea releases daily
+2. Downloads the Gitea source code for the latest release
+3. Applies our I2P network modifications
+4. Builds binaries for Linux, Windows, and macOS
+5. Creates a new release with these modified binaries
+
+## Deployment Options
+
+### Using Pre-built Binaries
+
+1. Download the latest release for your platform from the [Releases page](https://github.com/go-i2p/go-gittisane/releases)
+2. Ensure you have I2P router running with SAM enabled on port 7656
+3. Run the gittisane binary(it has identical options as gitea)
+
+## Implementation Details
+
+The core networking modification looks like this:
+
+```go
+// This file gets copied to modules/graceful/net_anon.go during build
+package graceful
+
+import (
+    "net"
+    "net/http"
+
+    "github.com/go-i2p/onramp"
+)
+
+// Set up I2P connectivity
+var garlic, i2perr = onramp.NewGarlic("gitea-anon", "127.0.0.1:7656", onramp.OPT_DEFAULTS)
+
+// Custom implementation of GetListener for I2P
+func I2PGetListener(network, address string) (net.Listener, error) {
+    defer GetManager().InformCleanup()
+    switch network {
+    case "tcp", "tcp4", "tcp6", "i2p", "i2pt":
+        return garlic.Listen()
+    case "unix", "unixpacket":
+        // Unix sockets handled normally
+        unixAddr, err := ResolveUnixAddr(network, address)
+        if err != nil {
+            return nil, err
+        }
+        return GetListenerUnixWrapper(network, unixAddr)
+    default:
+        return nil, net.UnknownNetworkError(network)
+    }
+}
+
+// Initialize everything at runtime
+func init() {
+    if i2perr != nil {
+        panic(i2perr)
+    }
+    GetListener = I2PGetListener
+    httpClient := &http.Client{
+        Transport: &http.Transport{
+            Dial: garlic.Dial,
+        },
+    }
+
+    http.DefaultClient = httpClient
+    http.DefaultTransport = httpClient.Transport
+}
+```
+
+## Caveats and Limitations
+
+While HTTP traffic is anonymized, other types of connections might not be:
+
+1. **SMTP**: Email sending from Gitea is not automatically routed through I2P
+2. **SSH**: Git operations using SSH are not automatically anonymized
+3. **External Services**: Webhooks and other external connections will use I2P, but services must support I2P addresses
+
+These limitations can be addressed with additional configuration but are beyond the scope of the default implementation.
+
+## Requirements
+
+- Go 1.21 or later (for building from source)
+- Running I2P router with SAM API enabled on port 7656
+- Standard Gitea requirements (database, etc.)
+
+## License
+
+Both this modification and Gitea are licensed under the MIT license.
+- See [LICENSE](LICENSE) for the license covering the files in this repository
+- See [LICENSE-gitea.md](LICENSE-gitea.md) for the Gitea license
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.

download.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Set GitHub repo info
+OWNER="go-i2p"
+REPO="go-gittisane"
+
+echo "Fetching latest release info from GitHub..."
+
+# Get latest release data
+RELEASE_DATA=$(curl -s "https://api.github.com/repos/$OWNER/$REPO/releases/latest")
+
+# Extract version number
+VERSION=$(echo "$RELEASE_DATA" | grep -Po '"tag_name": "\K.*?(?=")')
+echo "Latest version: $VERSION"
+
+# Create downloads directory
+mkdir -p downloads
+cd downloads
+
+# Download each asset
+echo "$RELEASE_DATA" | grep -Po '"browser_download_url": "\K.*?(?=")' | while read -r url; do
+    filename=$(basename "$url")
+    echo "Downloading $filename..."
+    curl -L -o "$filename" "$url"
+    
+    # Make Linux/macOS binaries executable
+    if [[ "$filename" != *".exe" ]]; then
+        chmod +x "$filename"
+    fi
+done
+
+echo "Download complete! Files are in the 'downloads' directory"

go.mod

@@ -0,0 +1,22 @@
+module github.com/go-i2p/go-gittisane
+
+go 1.24.2
+
+require (
+	github.com/go-i2p/go-select-cache v0.0.0-20250722003334-fba8c5bb610f
+	github.com/go-i2p/onramp v0.33.92
+)
+
+require (
+	github.com/cretz/bine v0.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/go-i2p/i2pkeys v0.33.10-0.20241113193422-e10de5e60708 // indirect
+	github.com/go-i2p/sam3 v0.33.9 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
+	golang.org/x/crypto v0.32.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+)

go.sum

@@ -0,0 +1,49 @@
+github.com/cretz/bine v0.2.0 h1:8GiDRGlTgz+o8H9DSnsl+5MeBK4HsExxgl6WgzOCuZo=
+github.com/cretz/bine v0.2.0/go.mod h1:WU4o9QR9wWp8AVKtTM1XD5vUHkEqnf2vVSo6dBqbetI=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-i2p/go-select-cache v0.0.0-20250722003334-fba8c5bb610f h1:Zh5oyecB8nONOlVlrGHXCqkk3gam7/6I/LR+BYF2Wuc=
+github.com/go-i2p/go-select-cache v0.0.0-20250722003334-fba8c5bb610f/go.mod h1:ABhJNyNBEHNbLYhRoqOsxHAkOKCFR41SSpwdKNfx8RU=
+github.com/go-i2p/go-select-cache v0.0.0-20250722005532-0478b3779782 h1:eXFTO+aJzdQTEydTdG3kJAiipQajS+KvulG7/2S8cmo=
+github.com/go-i2p/go-select-cache v0.0.0-20250722005532-0478b3779782/go.mod h1:ABhJNyNBEHNbLYhRoqOsxHAkOKCFR41SSpwdKNfx8RU=
+github.com/go-i2p/i2pkeys v0.0.0-20241108200332-e4f5ccdff8c4/go.mod h1:m5TlHjPZrU5KbTd7Lr+I2rljyC6aJ88HdkeMQXV0U0E=
+github.com/go-i2p/i2pkeys v0.33.10-0.20241113193422-e10de5e60708 h1:Tiy9IBwi21maNpK74yCdHursJJMkyH7w87tX1nXGWzg=
+github.com/go-i2p/i2pkeys v0.33.10-0.20241113193422-e10de5e60708/go.mod h1:m5TlHjPZrU5KbTd7Lr+I2rljyC6aJ88HdkeMQXV0U0E=
+github.com/go-i2p/onramp v0.33.92 h1:Dk3A0SGpdEw829rSjW2LqN8o16pUvuhiN0vn36z7Gpc=
+github.com/go-i2p/onramp v0.33.92/go.mod h1:5sfB8H2xk05gAS2K7XAUZ7ekOfwGJu3tWF0fqdXzJG4=
+github.com/go-i2p/sam3 v0.33.9 h1:3a+gunx75DFc6jxloUZTAVJbdP6736VU1dy2i7I9fKA=
+github.com/go-i2p/sam3 v0.33.9/go.mod h1:oDuV145l5XWKKafeE4igJHTDpPwA0Yloz9nyKKh92eo=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

net_anon.go

@@ -0,0 +1,56 @@
+// copy this file to modules/graceful/net_anon.go before building gitea
+package graceful
+
+import (
+	"net"
+	"net/http"
+
+	selectcache "github.com/go-i2p/go-select-cache"
+	"github.com/go-i2p/onramp"
+)
+
+// First, make sure that the onramp.Garlic API is set up:
+var garlic, i2perr = onramp.NewGarlic("gitea-anon", "127.0.0.1:7656", onramp.OPT_DEFAULTS)
+
+// This implements the GetListener function for I2P. Note the exemption for Unix sockets.
+func I2PGetListener(network, address string) (net.Listener, error) {
+	// Add a deferral to say that we've tried to grab a listener
+	defer GetManager().InformCleanup()
+	switch network {
+	case "tcp", "tcp4", "tcp6", "i2p", "i2pt":
+		config := selectcache.DefaultCacheConfig()
+		config.MaxMemoryMB = 512
+		config.MaxEntries = 10000
+		listener, err := garlic.Listen(network, address)
+		if err != nil {
+			return nil, err
+		}
+		// Wrap with caching listener
+		return selectcache.NewCachingListener(listener, config), nil
+	case "unix", "unixpacket":
+		// I2P isn't really a replacement for the stuff you use Unix sockets for and it's also not an anonymity risk, so treat them normally
+		unixAddr, err := ResolveUnixAddr(network, address)
+		if err != nil {
+			return nil, err
+		}
+		return GetListenerUnixWrapper(network, unixAddr)
+	default:
+		return nil, net.UnknownNetworkError(network)
+	}
+}
+
+// We use `init() to ensure that the I2P Listeners and Dialers are correctly placed at runtime`
+func init() {
+	if i2perr != nil {
+		panic(i2perr)
+	}
+	GetListener = I2PGetListener
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			Dial: garlic.Dial,
+		},
+	}
+
+	http.DefaultClient = httpClient
+	http.DefaultTransport = httpClient.Transport
+}

net_anon_unix.go

@@ -0,0 +1,31 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+// This code is heavily inspired by the archived gofacebook/gracenet/net.go handler
+
+//go:build !windows
+
+package graceful
+
+import (
+	"fmt"
+	"net"
+)
+
+func ResolveUnixAddr(network, address string) (net.Addr, error) {
+	switch network {
+	case "unix", "unixpacket":
+		return net.ResolveUnixAddr(network, address)
+	default:
+		return nil, fmt.Errorf("unknown network type %s", network)
+	}
+}
+
+func GetListenerUnixWrapper(network string, addr net.Addr) (net.Listener, error) {
+	switch addr.(type) {
+	case *net.UnixAddr:
+		return GetListenerUnix(network, addr.(*net.UnixAddr))
+	default:
+		return nil, fmt.Errorf("unknown address type %T", addr)
+	}
+}

net_anon_windows.go

@@ -0,0 +1,27 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+// This code is heavily inspired by the archived gofacebook/gracenet/net.go handler
+
+//go:build windows
+
+package graceful
+
+import "net"
+
+func ResolveUnixAddr(network, address string) (net.Addr, error) {
+	switch network {
+	case "unix", "unixpacket":
+		return net.ResolveUnixAddr(network, address)
+	case "tcp", "tcp4", "tcp6":
+		return net.ResolveTCPAddr(network, address)
+	case "udp", "udp4", "udp6":
+		return net.ResolveUDPAddr(network, address)
+	default:
+		return nil, net.UnknownNetworkError(network)
+	}
+}
+
+func GetListenerUnixWrapper(network string, addr net.Addr) (net.Listener, error) {
+	return net.Listen(network, addr.String())
+}

start.sh

@@ -0,0 +1,10 @@
+#! /bin/sh
+nohup /startapp.sh 2> err.log 1> log.log &
+export countdown=30
+while [ countdown -gt 0 ]; do
+    echo "Waiting for app to start... $countdown seconds left"
+    countdown=$((countdown - 1))
+    sleep 1
+done
+ls /usr/local/bin
+/usr/local/bin/gittisane web