{ lib, config, ... }: let inherit (config.networking) domain; root = "/var/git"; in { services = { gitolite = { enable = true; enableGitAnnex = true; dataDir = root; user = "git"; group = "git"; # the umask is necessary to give the git group read permissions, otherwise # git-daemon et al can't access the repos extraGitoliteRc = '' $RC{SITE_INFO} = 'a computer is a bicycle for the mind.'; $RC{UMASK} = 0027; ''; adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [ builtins.readFile (lib.strings.splitString "\n") lib.lists.head ]; # TODO: this is broken # commonHooks = [ ./git-hooks ]; }; gitDaemon = { enable = true; basePath = "${root}/repositories"; listenAddress = "simatime.com"; user = "gitDaemon"; group = "gitDaemon"; }; nginx.virtualHosts.${domain}.cgit = { enable = true; location = "/git"; virtual-root = "/git"; css = "/git/cgit.css"; logo = "/git/cgit.png"; root-title = "ben's git repos"; root-desc = "building"; enable-git-config = 1; clone-url = lib.strings.concatStringsSep " " [ "https://$HTTP_HOST/git/$CGIT_REPO_URL" "git://$HTTP_HOST/$CGIT_REPO_URL" "git@$HTTP_HOST:$CGIT_REPO_URL" ]; include = [ # these depend on order, scan-path must come last (builtins.toFile "cgitrc" '' strict-export=git-daemon-export-ok scan-path=${root}/repositories '') ]; }; }; # need to specify that these users can access git files by being part of the # git group users.users = { gitDaemon = { isSystemUser = true; description = "Git daemon user"; extraGroups = [ "git" ]; }; "nginx".extraGroups = [ "git" ]; }; users.groups = { gitDaemon = {}; }; }