blob: a0b25738f1dab13d121ff664011acf184460b12f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
{
self,
config,
lib,
pkgs,
...
}:
{
environment.systemPackages = [ pkgs.gitea ];
services.cgit =
let
settings = {
css = "https://cdn.vapor.systems/cgit/cgit.css";
head-include = "${pkgs.writeText "cgit-head.html" ''
<script>
/*to prevent Firefox FOUC, this must be here*/
let FF_FOUC_FIX;
</script>
''}";
cache-root = "/var/cache/cgit";
cache-size = 50;
enable-follow-links = true;
enable-commit-graph = true;
enable-git-config = true;
enable-http-clone = true;
enable-index-links = true;
enable-index-owner = true;
enable-log-linecount = true;
enable-subject-links = true;
max-repodesc-length = 120;
clone-url = "https://$HTTP_HOST/$CGIT_REPO_URL";
source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
# about-filter = "${pkgs.asciidoctor}"
};
in
{
audron = {
inherit settings;
enable = true;
repos = {
"dotfiles.git" = {
desc = "Fully Managed NixOS System Dotfiles";
path = "/home/audron/dotfiles.git";
};
};
nginx.virtualHost = "git.audron.dev";
};
"vapor-systems" = {
inherit settings;
enable = true;
scanPath = "/var/lib/git";
nginx.virtualHost = "git.vapor.systems";
};
};
services.nginx.virtualHosts = {
"git.audron.dev" = {
forceSSL = true;
useACMEHost = "audron.dev";
};
"git.vapor.systems" = {
forceSSL = true;
useACMEHost = "vapor.systems";
};
};
users.users = {
cgit.extraGroups = [ "users" ];
git = {
isSystemUser = true;
group = "git";
home = "/var/lib/git";
createHome = true;
shell = "${pkgs.git}/bin/git-shell";
openssh.authorizedKeys.keys = lib.flatten (
lib.map (user: user.openssh.authorizedKeys.keys or [ ]) (
lib.filter (user: user.isNormalUser) (lib.attrValues config.users.users)
)
);
};
};
users.groups.git = { };
services.openssh = {
enable = true;
extraConfig = ''
Match user git
AllowTcpForwarding no
AllowAgentForwarding no
PasswordAuthentication no
PermitTTY no
X11Forwarding no
'';
};
security.acme.certs = {
"vapor.systems" = {
extraDomainNames = [ "*.vapor.systems" ];
};
"audron.dev" = {
extraDomainNames = [ "*.audron.dev" ];
};
};
}
|
