Squibid
e20755851c
I'd like less generations please side note: it's a bit weird that you can't specify how many generations you'd like to keep, like what if I want 3 generations to stay available?
101 lines
2.8 KiB
Nix
101 lines
2.8 KiB
Nix
{ pkgs, config, lib, ... }:
|
|
{
|
|
options.git = {
|
|
enable = lib.mkEnableOption "enable git server";
|
|
user = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "git";
|
|
};
|
|
group = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "git";
|
|
};
|
|
cgit = {
|
|
name = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "home";
|
|
};
|
|
port = lib.mkOption {
|
|
type = lib.types.int;
|
|
default = 8091;
|
|
};
|
|
};
|
|
};
|
|
config = lib.mkIf config.git.enable {
|
|
services.gatus.settings.endpoints = [
|
|
{
|
|
name = "cgit site";
|
|
group = "local";
|
|
url = "http://localhost:" + builtins.toString config.git.cgit.port;
|
|
interval = "5m";
|
|
conditions = [ "[connected] == true" "[RESPONSE_TIME] < 300" ];
|
|
}
|
|
];
|
|
|
|
users.users.${config.git.user} = let
|
|
git-shell-wrap = pkgs.writeShellScriptBin "git-shell-wrap" ''
|
|
set -euo pipefail
|
|
cmd=$1; repo=$2
|
|
|
|
# get the repo normalize, and create it only if the client is sending
|
|
# us stuff
|
|
if echo "$repo" | grep -q git-receive-pack; then
|
|
repo=$(echo "$repo" | cut -d"'" -f 2 | sed 's/\.git$//').git
|
|
|
|
# Make sure the repo exists on the server
|
|
repos=${config.users.users.${config.git.user}.home}
|
|
path=$repos/$repo
|
|
if [ ! -d "$path" ]; then
|
|
git init --bare "$path" >/dev/null 2>&1
|
|
fi
|
|
fi
|
|
|
|
# Run git-shell with the original args
|
|
exec ${pkgs.git}/bin/git-shell "$@"
|
|
'';
|
|
in {
|
|
isSystemUser = true;
|
|
inherit (config.git) group;
|
|
home = "/var/lib/git-server";
|
|
createHome = true;
|
|
openssh.authorizedKeys.keys = config.ssh.keys;
|
|
packages = [ git-shell-wrap ];
|
|
shell = "${git-shell-wrap}/bin/git-shell-wrap";
|
|
};
|
|
users.groups.${config.git.group} = {};
|
|
|
|
networking.firewall.allowedTCPPorts = [ config.git.cgit.port ];
|
|
services = {
|
|
cgit.${config.git.cgit.name} = {
|
|
enable = true;
|
|
inherit (config.git) user group;
|
|
scanPath = config.users.users.${config.git.user}.home;
|
|
gitHttpBackend.checkExportOkFiles = false;
|
|
settings = {
|
|
root-desc = "local git repo store path: ${config.users.users.${config.git.user}.home}";
|
|
snapshots = "all";
|
|
enable-commit-graph = true;
|
|
enable-follow-links = true;
|
|
enable-http-clone = true;
|
|
enable-remote-branches = true;
|
|
};
|
|
};
|
|
nginx.virtualHosts.${config.git.cgit.name}.listen = [{
|
|
addr = "0.0.0.0";
|
|
port = config.git.cgit.port;
|
|
}];
|
|
|
|
openssh = {
|
|
enable = true;
|
|
extraConfig = ''
|
|
Match user git
|
|
AllowTcpForwarding no
|
|
AllowAgentForwarding no
|
|
PasswordAuthentication no
|
|
PermitTTY no
|
|
X11Forwarding no
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|