Mathieu Virbel
da3a2ac3a4
Rebrand the project from Fence to Greywall, the sandboxing layer of the GreyHaven platform. This updates: - Go module path to gitea.app.monadical.io/monadical/greywall - Binary name, CLI help text, and all usage examples - Config paths (~/.config/greywall/greywall.json), env vars (GREYWALL_*) - Log prefixes ([greywall:*]), temp file prefixes (greywall-*) - All documentation, scripts, CI workflows, and example files - README rewritten with GreyHaven branding and Fence attribution Directory/file renames: cmd/fence → cmd/greywall, pkg/fence → pkg/greywall, docs/why-fence.md → docs/why-greywall.md, example JSON files, and banner.
33 lines
643 B
Markdown
33 lines
643 B
Markdown
# Recipe: `git clone` / `git fetch`
|
|
|
|
Goal: allow fetching code from a limited set of hosts.
|
|
|
|
## HTTPS clone (GitHub example)
|
|
|
|
```json
|
|
{
|
|
"network": {
|
|
"allowedDomains": ["github.com", "api.github.com", "codeload.github.com"]
|
|
},
|
|
"filesystem": {
|
|
"allowWrite": ["."]
|
|
}
|
|
}
|
|
```
|
|
|
|
Run:
|
|
|
|
```bash
|
|
greywall --settings ./greywall.json git clone https://github.com/OWNER/REPO.git
|
|
```
|
|
|
|
## SSH clone
|
|
|
|
SSH traffic may go through SOCKS5 (`ALL_PROXY`) depending on your git/ssh configuration.
|
|
|
|
If it fails, use monitor/debug mode to see what was blocked:
|
|
|
|
```bash
|
|
greywall -m --settings ./greywall.json git clone git@github.com:OWNER/REPO.git
|
|
```
|