Forgot to use branches, remember kids: use protection
I'd like less generations please side note: it's a bit weird that you can't specify how many generations you'd like to keep, like what if I want 3 generations to stay available?
This commit is contained in:
parent
fcbbf4b8e4
commit
e20755851c
GPG key ID:
BECE5684D3C4005D
13 changed files with 345 additions and 110 deletions
101
hosts/blob/git.nix
Normal file
101
hosts/blob/git.nix
Normal file
|
|
@ -0,0 +1,101 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
options.git = {
|
||||
enable = lib.mkEnableOption "enable git server";
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "git";
|
||||
};
|
||||
group = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "git";
|
||||
};
|
||||
cgit = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "home";
|
||||
};
|
||||
port = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 8091;
|
||||
};
|
||||
};
|
||||
};
|
||||
config = lib.mkIf config.git.enable {
|
||||
services.gatus.settings.endpoints = [
|
||||
{
|
||||
name = "cgit site";
|
||||
group = "local";
|
||||
url = "http://localhost:" + builtins.toString config.git.cgit.port;
|
||||
interval = "5m";
|
||||
conditions = [ "[connected] == true" "[RESPONSE_TIME] < 300" ];
|
||||
}
|
||||
];
|
||||
|
||||
users.users.${config.git.user} = let
|
||||
git-shell-wrap = pkgs.writeShellScriptBin "git-shell-wrap" ''
|
||||
set -euo pipefail
|
||||
cmd=$1; repo=$2
|
||||
|
||||
# get the repo normalize, and create it only if the client is sending
|
||||
# us stuff
|
||||
if echo "$repo" | grep -q git-receive-pack; then
|
||||
repo=$(echo "$repo" | cut -d"'" -f 2 | sed 's/\.git$//').git
|
||||
|
||||
# Make sure the repo exists on the server
|
||||
repos=${config.users.users.${config.git.user}.home}
|
||||
path=$repos/$repo
|
||||
if [ ! -d "$path" ]; then
|
||||
git init --bare "$path" >/dev/null 2>&1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Run git-shell with the original args
|
||||
exec ${pkgs.git}/bin/git-shell "$@"
|
||||
'';
|
||||
in {
|
||||
isSystemUser = true;
|
||||
inherit (config.git) group;
|
||||
home = "/var/lib/git-server";
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = config.ssh.keys;
|
||||
packages = [ git-shell-wrap ];
|
||||
shell = "${git-shell-wrap}/bin/git-shell-wrap";
|
||||
};
|
||||
users.groups.${config.git.group} = {};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ config.git.cgit.port ];
|
||||
services = {
|
||||
cgit.${config.git.cgit.name} = {
|
||||
enable = true;
|
||||
inherit (config.git) user group;
|
||||
scanPath = config.users.users.${config.git.user}.home;
|
||||
gitHttpBackend.checkExportOkFiles = false;
|
||||
settings = {
|
||||
root-desc = "local git repo store path: ${config.users.users.${config.git.user}.home}";
|
||||
snapshots = "all";
|
||||
enable-commit-graph = true;
|
||||
enable-follow-links = true;
|
||||
enable-http-clone = true;
|
||||
enable-remote-branches = true;
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts.${config.git.cgit.name}.listen = [{
|
||||
addr = "0.0.0.0";
|
||||
port = config.git.cgit.port;
|
||||
}];
|
||||
|
||||
openssh = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
Match user git
|
||||
AllowTcpForwarding no
|
||||
AllowAgentForwarding no
|
||||
PasswordAuthentication no
|
||||
PermitTTY no
|
||||
X11Forwarding no
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue