diff options
| author | Max Audron <audron@cocaine.farm> | 2025-11-14 19:10:26 +0100 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2025-11-14 19:10:26 +0100 |
| commit | 030ccf76cad8afcc9484361644a85c904275b9ef (patch) | |
| tree | b952edadef77a482fe106130d3790fede82049fd /modules/git/default.nix | |
| parent | fix slskd stuff (diff) | |
move git hosting to plain git-shell and cgit
reject modernity, embrace linus
Diffstat (limited to '')
| -rw-r--r-- | modules/git/default.nix | 130 |
1 files changed, 99 insertions, 31 deletions
diff --git a/modules/git/default.nix b/modules/git/default.nix index d5cae6a..a0b2573 100644 --- a/modules/git/default.nix +++ b/modules/git/default.nix @@ -1,50 +1,118 @@ -{ self, config, lib, pkgs, ... }: +{ + self, + config, + lib, + pkgs, + ... +}: { environment.systemPackages = [ pkgs.gitea ]; - services.gitea = { - enable = true; - stateDir = "/var/lib/gitea"; - - appName = "Vapor Git: producing vaporware since 1999"; - database = { - type = "postgres"; - name = "gitea"; - user = "gitea"; - createDatabase = true; - }; + services.cgit = + let + settings = { + css = "https://cdn.vapor.systems/cgit/cgit.css"; + + head-include = "${pkgs.writeText "cgit-head.html" '' + <script> + /*to prevent Firefox FOUC, this must be here*/ + let FF_FOUC_FIX; + </script> + ''}"; + + cache-root = "/var/cache/cgit"; + cache-size = 50; + + enable-follow-links = true; + enable-commit-graph = true; + enable-git-config = true; + enable-http-clone = true; + enable-index-links = true; + enable-index-owner = true; + enable-log-linecount = true; + enable-subject-links = true; + + max-repodesc-length = 120; - settings = { - server = { - DOMAIN = "git.vapor.systems"; - ROOT_URL = "https://git.vapor.systems"; - PROTOCOL = "http+unix"; - HTTP_ADDR = "/run/gitea/http.sock"; + clone-url = "https://$HTTP_HOST/$CGIT_REPO_URL"; + + source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; + # about-filter = "${pkgs.asciidoctor}" }; + in + { + audron = { + inherit settings; + enable = true; + repos = { + "dotfiles.git" = { + desc = "Fully Managed NixOS System Dotfiles"; + path = "/home/audron/dotfiles.git"; + }; + }; - oauth2_client = { - REGISTER_EMAIL_CONFIRM = false; - OPENID_CONNECT_SCOPES = "email profile"; - ENABLE_AUTO_REGISTRATION = true; - ACCOUNT_LINKING = "auto"; + nginx.virtualHost = "git.audron.dev"; }; - service = { - DISABLE_REGISTRATION = true; + "vapor-systems" = { + inherit settings; + enable = true; + scanPath = "/var/lib/git"; + + nginx.virtualHost = "git.vapor.systems"; }; }; + + services.nginx.virtualHosts = { + "git.audron.dev" = { + forceSSL = true; + useACMEHost = "audron.dev"; + }; + + "git.vapor.systems" = { + forceSSL = true; + useACMEHost = "vapor.systems"; + }; }; - security.acme.certs = { - "vapor.systems" = { - extraDomainNames = [ "*.vapor.systems" ]; + users.users = { + cgit.extraGroups = [ "users" ]; + + git = { + isSystemUser = true; + group = "git"; + home = "/var/lib/git"; + createHome = true; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = lib.flatten ( + lib.map (user: user.openssh.authorizedKeys.keys or [ ]) ( + lib.filter (user: user.isNormalUser) (lib.attrValues config.users.users) + ) + ); }; }; - services.nginx = { + users.groups.git = { }; + + services.openssh = { enable = true; - virtualHosts."git.vapor.systems" = - self.lib.nginx.proxyDomain "vapor.systems" "http://unix:/run/gitea/http.sock"; + extraConfig = '' + Match user git + AllowTcpForwarding no + AllowAgentForwarding no + PasswordAuthentication no + PermitTTY no + X11Forwarding no + ''; + }; + + security.acme.certs = { + "vapor.systems" = { + extraDomainNames = [ "*.vapor.systems" ]; + }; + "audron.dev" = { + extraDomainNames = [ "*.audron.dev" ]; + }; }; } |