diff --git a/git/README.md b/git/README.md
new file mode 100644
index 0000000..884eeb2
--- /dev/null
+++ b/git/README.md
@@ -0,0 +1,56 @@
+This package provides a central git qube, named sys-git.
+By default the qube has no netvm, but you can set one if you wish.
+
+Some configuration is needed.
+
+# Setting up a new repository
+
+## sys-git
+In sys-git, repositories are stored bare under /home/user/repos
+First, prepare a repository:
+```
+mkdir repos/X
+cd repos/X
+git init --bare
+```
+
+## prepare client
+Then prepare a qube by running:
+`qubesctl --skip0-dom0 --targets=QUBE state.apply git.install_client`
+
+## Work in the client
+You can then use that repository as usual.
+To push to sys-git you must first-  
+`git push --set-upstream sg master`
+
+After making more commits,
+`git push `
+
+# Working with an existing repository
+
+## prepare client, if necessary
+Prepare a qube by running:
+`qubesctl --skip0-dom0 --targets=QUBE state.apply git.install_client`
+
+## Clone the repository in the client
+Configure git, as necessary.  
+Open a terminal in the qube:
+```
+mkdir X
+cd X
+git init
+add-remote sg
+git pull sg master
+```
+
+## Work in the client
+You can then use that repository as usual.
+To push to sys-git you must first-  
+`git push --set-upstream sg master`
+
+After making more commits,  
+`git push `
+
+
+
+
diff --git a/git/add-remote b/git/add-remote
new file mode 100644
index 0000000..4d6534b
--- /dev/null
+++ b/git/add-remote
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+[ -n "$1" ] || exit 1
+
+if [ "$1" = "sg" ]; then
+    git remote add $1 "ext::git-qrexec sys-git 3 `basename $PWD`"
+    exit $?
+fi
+
diff --git a/git/create.sls b/git/create.sls
new file mode 100644
index 0000000..1489acb
--- /dev/null
+++ b/git/create.sls
@@ -0,0 +1,28 @@
+git-present-id:
+  qvm.present:
+    - name: sys-git
+    - template: debian-11
+    - label: gray
+
+git-prefs-id:
+  qvm.prefs:
+    - name: sys-git
+    - netvm: none
+    - memory: 400
+    - maxmem: 800
+    - vcpus: 2
+
+git-features-id:
+  qvm.features:
+    - name: sys-git
+    - disable:
+      - service.cups
+      - service.cups-browsed
+
+'qvm-volume extend sys-git:private 40G' :
+  cmd.run
+
+update_policy_file_git:
+  file.prepend:
+    - name: '/etc/qubes/policy.d/30-user.policy'
+    - text: 'qubes.Git  *  @anyvm  @anyvm ask default_target=sys-git'
diff --git a/git/create.top b/git/create.top
new file mode 100644
index 0000000..695aca2
--- /dev/null
+++ b/git/create.top
@@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - git.create
diff --git a/git/git-qrexec b/git/git-qrexec
new file mode 100644
index 0000000..5e0358e
--- /dev/null
+++ b/git/git-qrexec
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+VMNAME=$1
+
+(echo $GIT_EXT_SERVICE $2 $3; exec cat) | qrexec-client-vm $VMNAME qubes.Git
diff --git a/git/install.sls b/git/install.sls
new file mode 100644
index 0000000..c288cdf
--- /dev/null
+++ b/git/install.sls
@@ -0,0 +1,33 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+{% if grains['nodename'] != 'dom0' %}
+
+/etc/qubes-rpc/qubes.Git:
+  file.managed:
+    - source:
+      - salt://git/qubes.Git
+    - user: root
+    - group: root
+    - mode: 755
+
+/rw/bind-dirs/etc/qubes-rpc/qubes.Git:
+  file.managed:
+    - source:
+      - salt://git/qubes.Git
+    - user: root
+    - group: root
+    - mode: 755
+    - makedirs: True
+
+/rw/config/qubes-bind-dirs.d/50_user.conf:
+  file.append:
+    - text: binds+=( '/etc/qubes-rpc/qubes.Git' )
+    - makedirs: True
+
+/home/user/repos:
+  file.directory:
+    - user: user
+    - group: user
+    - mode: 755
+  
+{% endif %}
diff --git a/git/install.top b/git/install.top
new file mode 100644
index 0000000..5b1d54f
--- /dev/null
+++ b/git/install.top
@@ -0,0 +1,5 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+base:
+  sys-git:
+  - git.install
diff --git a/git/install_client.sls b/git/install_client.sls
new file mode 100644
index 0000000..bf8c219
--- /dev/null
+++ b/git/install_client.sls
@@ -0,0 +1,42 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+{% if grains['nodename'] != 'dom0' %}
+
+/home/user/bin:
+  file.directory:
+    - user: user
+    - group: user
+    - mode: 755
+
+/home/user/bin/add-remote:
+  file.managed:
+    - source: 
+      - salt://git/add-remote
+    - user: user
+    - group: user
+    - mode: 755
+
+/home/user/bin/git-qrexec:
+  file.managed:
+    - source: 
+      - salt://git/git-qrexec
+    - user: user
+    - group: user
+    - mode: 755
+
+update_PATH:
+  file.append:
+    - name: '/home/user/.bashrc'
+    - text: "[[ \":$PATH:\" != *\":/home/user/bin:\"* ]] && export PATH=/home/user/bin:${PATH}"
+
+update_git_config:
+  file.append:
+    - name: '/home/user/.gitconfig'
+    - text: |
+        [protocol "ext"]
+            allow = always
+
+
+
+  
+{% endif %}
diff --git a/git/install_client.top b/git/install_client.top
new file mode 100644
index 0000000..194a42e
--- /dev/null
+++ b/git/install_client.top
@@ -0,0 +1,5 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+base:
+  '*':
+  - git.install_client
diff --git a/git/qubes.Git b/git/qubes.Git
new file mode 100644
index 0000000..f38d632
--- /dev/null
+++ b/git/qubes.Git
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+exec 2>/tmp/log2
+
+read service rel repo
+echo "Params: $service $rel $repo" >&2
+# Adjust regexps if needed
+echo "$repo" | grep -q '^[A-Za-z0-9-]\+$' || exit 1
+echo "$rel" | grep -q '^[0-9.]\+$' || exit 1
+path="/home/user/repos/$repo"
+case $service in
+    git-receive-pack|git-upload-pack)
+        echo "starting $service $path" >&2
+        exec $service $path
+        ;;
+    *)
+        echo "Unsupported service: $service" >&2
+        ;;
+esac