summary refs log tree commit diff stats
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/git/cgit.nix62
-rw-r--r--modules/git/git.nix33
2 files changed, 95 insertions, 0 deletions
diff --git a/modules/git/cgit.nix b/modules/git/cgit.nix
new file mode 100644
index 0000000..900f350
--- /dev/null
+++ b/modules/git/cgit.nix
@@ -0,0 +1,62 @@
+{ config, pkgs, lib , ... }:
+{
+
+  services.cgit.git = {
+    enable = true;
+    package = pkgs.cgit-pink;
+    user = "git";
+    group = "git";
+    scanPath = "/null";
+
+    extraConfig = ''
+      root-title=git.krinitsin
+      root-desc=github mirror
+      footer=
+      logo=
+      css=/cur-cgit.css
+
+      clone-url=git@krinitsin.com:$CGIT_REPO_URL
+      snapshots=tar.gz zip
+
+      cache-size=1000
+
+      enable-index-owner=0
+      enable-http-clone=0
+      enable-blame=1
+      enable-commit-graph=1
+
+
+      enable-log-filecount=1
+      enable-log-linecount=1
+      branch-sort=age
+
+      max-stats=quarter
+
+      source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+      about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+
+      readme=:README.md
+      readme=:readme.md
+
+      enable-follow-links=1
+      enable-git-config=1
+      remove-suffix=1
+
+      scan-path=/var/lib/git-server
+    '';
+
+    nginx = {
+      virtualHost = "git.krinitsin.com";
+      location = "/";
+    };
+  };
+
+  services.nginx.virtualHosts."git.krinitsin.com" = {
+    forceSSL = true;
+    useACMEHost = "krinitsin.com";
+    locations."= /cur-cgit.css".alias = /var/www/cur-cgit.css;
+  };
+
+  security.acme.certs."krinitsin.com".extraDomainNames = [ "git.krinitsin.com" ];
+
+}
diff --git a/modules/git/git.nix b/modules/git/git.nix
new file mode 100644
index 0000000..f39ed38
--- /dev/null
+++ b/modules/git/git.nix
@@ -0,0 +1,33 @@
+{ pkgs, libs, config, ... }:
+{
+
+  users.users.git = {
+    isSystemUser = true;
+    group = "git";
+    home = "/var/lib/git-server";
+    createHome = true;
+    shell = "${pkgs.git}/bin/git-shell";
+    openssh.authorizedKeys.keys = config.users.users.admin.openssh.authorizedKeys.keys;
+  };
+
+  users.groups.git = {};
+
+  services.openssh.extraConfig = ''
+    Match user git
+      AllowTcpForwarding no
+      AllowAgentForwarding no
+      PasswordAuthentication no
+      PermitTTY no
+      X11Forwarding no
+  '';
+
+  systemd.services.github-mirror = {
+    enable = true;
+    wantedBy = ["multi-user.target"];
+    serviceConfig = {
+      ExecStart = ''/run/current-system/sw/bin/bash /var/lib/git-server/mirror-script.sh'';
+      User = ''git'';
+      Group = ''git'';
+    };
+  };
+}