{ self, config, lib, pkgs, ... }: { environment.systemPackages = [ pkgs.gitea ]; services.cgit = let settings = { css = "https://cdn.vapor.systems/cgit/cgit.css"; head-include = "${pkgs.writeText "cgit-head.html" '' ''}"; cache-root = "/var/cache/cgit"; cache-size = 50; enable-follow-links = true; enable-commit-graph = true; enable-git-config = true; enable-http-clone = true; enable-index-links = true; enable-index-owner = true; enable-log-linecount = true; enable-subject-links = true; max-repodesc-length = 120; clone-url = "https://$HTTP_HOST/$CGIT_REPO_URL"; source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; # about-filter = "${pkgs.asciidoctor}" }; in { audron = { inherit settings; enable = true; repos = { "dotfiles.git" = { desc = "Fully Managed NixOS System Dotfiles"; path = "/home/audron/dotfiles.git"; }; }; nginx.virtualHost = "git.audron.dev"; }; "vapor-systems" = { inherit settings; enable = true; scanPath = "/var/lib/git"; nginx.virtualHost = "git.vapor.systems"; }; }; services.nginx.virtualHosts = { "git.audron.dev" = { forceSSL = true; useACMEHost = "audron.dev"; }; "git.vapor.systems" = { forceSSL = true; useACMEHost = "vapor.systems"; }; }; users.users = { cgit.extraGroups = [ "users" ]; git = { isSystemUser = true; group = "git"; home = "/var/lib/git"; createHome = true; shell = "${pkgs.git}/bin/git-shell"; openssh.authorizedKeys.keys = lib.flatten ( lib.map (user: user.openssh.authorizedKeys.keys or [ ]) ( lib.filter (user: user.isNormalUser) (lib.attrValues config.users.users) ) ); }; }; users.groups.git = { }; services.openssh = { enable = true; extraConfig = '' Match user git AllowTcpForwarding no AllowAgentForwarding no PasswordAuthentication no PermitTTY no X11Forwarding no ''; }; security.acme.certs = { "vapor.systems" = { extraDomainNames = [ "*.vapor.systems" ]; }; "audron.dev" = { extraDomainNames = [ "*.audron.dev" ]; }; }; }