blob: a75fa826dfc45c14d50063144ceadaa99e6140ce (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
{ lib, config, ... }:
let
inherit (config.networking) domain;
root = "/var/git";
in {
services = {
gitolite = {
enable = true;
enableGitAnnex = true;
dataDir = root;
user = "git";
group = "git";
# the umask is necessary to give the git group read permissions, otherwise
# git-daemon et al can't access the repos
extraGitoliteRc = ''
$RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
$RC{UMASK} = 0027;
'';
adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [
builtins.readFile
(lib.strings.splitString "\n")
lib.lists.head
];
# TODO: this is broken
# commonHooks = [ ./git-hooks ];
};
gitDaemon = {
enable = true;
basePath = "${root}/repositories";
listenAddress = "simatime.com";
user = "gitDaemon";
group = "gitDaemon";
};
nginx.virtualHosts.${domain}.cgit = {
enable = true;
location = "/git";
virtual-root = "/git";
css = "/git/cgit.css";
logo = "/git/cgit.png";
root-title = "ben's git repos";
root-desc = "building";
enable-git-config = 1;
clone-url = lib.strings.concatStringsSep " " [
"https://$HTTP_HOST/git/$CGIT_REPO_URL"
"git://$HTTP_HOST/$CGIT_REPO_URL"
"git@$HTTP_HOST:$CGIT_REPO_URL"
];
include = [
# these depend on order, scan-path must come last
(builtins.toFile "cgitrc" ''
strict-export=git-daemon-export-ok
scan-path=${root}/repositories
'')
];
};
};
# need to specify that these users can access git files by being part of the
# git group
users.users = {
gitDaemon = {
isSystemUser = true;
description = "Git daemon user";
extraGroups = [ "git" ];
};
"nginx".extraGroups = [ "git" ];
};
users.groups = {
gitDaemon = {};
};
}
|
