peer to peer network with iroh

Iroh is a peer to peer protocol that can connect any two devices on the planet -- fast!

It can be used with git-annex, to connect together two repositories.

dependencies

To use this, you need a few things:

Install dumbpipe. This will be used to talk over Iroh. Note that this needs version 0.33 or newer of dumbpipe.
Download git-annex-p2p-iroh and make the script executable.
You also need to install Magic Wormhole - here are the installation instructions.
You need git-annex version 10.20251103 or newer. Older versions of git-annex unfortunately had a bug that prevents this process from working correctly.

pairing two repositories

You have two git-annex repositories on different computers, and want to connect them together over Iroh so they share their contents. Or, you and a friend want to connect your repositories together. Pairing is an easy way to accomplish this.

In each git-annex repository, run these commands:

git annex p2p --enable iroh
git annex remotedaemon

Now git-annex is listening for connections on Iroh, but it will only talk to peers after pairing with them.

In both repositories, run this command:

git annex p2p --pair

This will print out a pairing code, like "11-incredible-tumeric", and prompt for you to enter the other repository's pairing code.

So you have to get in contact with your friend to exchange codes. See the section below "how to exchange pairing codes" for tips on how to do that securely.

Once the pairing codes are exchanged, the two repositories will be connected to one-another via Iroh. Each will have a git remote, with a name like "peer1", which connects to the other repository.

Then, you can run commands like git annex sync peer1 --content to sync with the paired repository.

Pairing connects just two repositories, but you can repeat the process to pair with as many other repositories as you like, in order to build up larger networks of repositories.

example session

Here's how it all looks:

$ git annex p2p --enable iroh
p2p enable iroh ok
$ git annex remotedaemon
$ git annex p2p --pair
p2p pair peer1 (using Magic Wormhole) 

This repository's pairing code is: 11-incredible-tumeric

Enter the other repository's pairing code: 1-revenue-icecream
Exchanging pairing data...
Successfully exchanged pairing data. Connecting to peer1...
ok
$ git annex sync peer1 --content
    commit 
On branch master
nothing to commit, working tree clean
ok
pull peer1 
remote: Enumerating objects: 10, done.
remote: Counting objects: 100% (10/10), done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 8 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (8/8), done.
From p2p-annex::iroh:endpointadroxtad5dj5vaweczqnmkhk2sb7dmysazljjul6zeug7bexymejaaa
   452db22..a894c60  git-annex  -> peer1/git-annex
   c0ac431..44ca7f6  master     -> peer1/master

Updating c0ac431..44ca7f6
Fast-forward
 amazing_file | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 amazing_file
ok
(merging peer1/git-annex into git-annex...)
get amazing_file (from peer1...) 
(checksum...) ok

how to exchange pairing codes

When pairing with a friend's repository, you have to exchange pairing codes. How to do this securely?

The pairing codes can only be used once, so it's ok to exchange them in a way that someone else can access later. However, if someone can overhear your exchange of codes in real time, they could trick you into pairing with them.

Here are some suggestions for how to exchange the codes, with the most secure ways first:

In person.
In an encrypted message (gpg signed email, Off The Record (OTR) conversation, etc).
By a voice phone call.

starting git-annex remotedaemon on boot

Notice the git annex remotedaemon being run in the above examples. That command listens for incoming Iroh connections so that other peers can connect to your repository over Tor.

So, you may want to arrange for the remotedaemon to be started on boot. You can do that with a simple cron job:

@reboot cd ~/myannexrepo && git annex remotedaemon

If you use the git-annex assistant, and have it auto-starting on boot, it will take care of starting the remotedaemon for you.

speed of large transfers

This should be fast! Iroh often gets peers directly connected to one-another, handling the necessary punching through firewalls and NAT. In some cases, when Iroh is not able to do that, traffic will be sent via a relay, which could be slower.