From bec082690379f1299f22876832920cdc0cfceae5 Mon Sep 17 00:00:00 2001 From: Marc Coquand Date: Mon, 22 Jan 2024 19:06:39 -0600 Subject: Set up gitolite + cgit --- configuration.nix | 74 +++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 7 deletions(-) diff --git a/configuration.nix b/configuration.nix index 079b7c7..137dded 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, inputs, ... }: { +{ pkgs, inputs, ... }: { imports = [ ./hardware-configuration.nix ./networking.nix # generated at runtime by nixos-infect @@ -49,6 +49,44 @@ }; }; + services.cgit.mccd = { + scanPath = "/srv/git/repositories"; + enable = true; + nginx.virtualHost = "git.mccd.space"; + settings = { + css = "/cgit.css"; + logo = ""; + favicon = ""; + enable-index-owner = "0"; + snapshots = "tar.gz tar.bz2 zip"; + about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; + source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; + clone-url = (pkgs.lib.concatStringsSep " " [ + "https://git.mccd.space/$CGIT_REPO_URL" + "ssh://git@git.mccd.space:$CGIT_REPO_URL" + ]); + readme = ":README.md"; + remove-suffix = "1"; + "mimetype.gif" = "image/gif"; + "mimetype.html" = "text/html"; + "mimetype.jpg" = "image/jpeg"; + "mimetype.jpeg" = "image/jpeg"; + "mimetype.pdf" = "application/pdf"; + "mimetype.png" = "image/png"; + "mimetype.svg" = "image/svg+xml"; + "repo.owner" = "Marc"; + enable-log-filecount = 1; + enable-follow-links = 1; + enable-log-linecount = 1; + enable-git-config = 1; + enable-commit-graph = 1; + project-list = "/srv/git/projects.list"; + root-title = "git.mccd ߸"; + root-desc = ""; + }; + }; + + services.freshrss = { enable = true; defaultUser = "freshrss"; @@ -69,6 +107,12 @@ recommendedProxySettings = true; recommendedTlsSettings = true; + virtualHosts."git.mccd.space" = { + forceSSL = true; + enableACME = true; + }; + + virtualHosts."rss.mccd.space" = { forceSSL = true; enableACME = true; @@ -93,17 +137,33 @@ defaults.email = "marcc@mccd.space"; }; - environment.systemPackages = with pkgs; [ git vim fd php ]; + environment.systemPackages = with pkgs; [ git vim fd php python311Packages.markdown ]; + + programs.git.enable = true; + users.groups.git = {}; + services.sshguard.enable = true; + + services.gitolite = { + enable = true; + user = "git"; + group = "git"; + extraGitoliteRc = '' + $RC{UMASK} = 0077; + $RC{GIT_CONFIG_KEYS} = 'gitweb.owner gitweb.description'; + ''; + dataDir = "/srv/git"; + adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcVScuh69V2OoYvMvPPgg0V2rNOaaEBBKpfsflnb97u1XltWeO9GnjkSfnfkY73M67eWuMwf9VwSjcYuDAguUEtCBlFEiZydmqgA5efqHwTIoxAegXL4Imb/pWnvryFQ7bbpcbY6gCNIskGMsUOv67AVXL5zPcFPmh/gQEOQH+Zp7AaJ264HWkwBuM63OYxuQ4vB/6jxWGW8j6UF9dvqemtRyFytpXW8R7y3B7sbI+tO+vuB2+O5NNguv3KStT00ktfLxoZJ2koAIb0HBOoKlbeoFVR/K3S8NeWbsZQMHY1W519rQm3TN6rDBLjdRDYQS1Y5ECNAfgbdrz5Ed8R1P1AqqzBAfEp0ooFeitN8BDrwbntiMF+qpPWzNIzJkWOgpfU7YBr/JCsSdtnVAMJo4lKC3mu5PKGROUE/rfd0/rn03HD/rgyhPvREtwUrfQTc4VzQP2Ntdw3tsZRpaNk7FZPtXApKu9Wt6TwS74n6ma4Q33opfqyDV0UzpsUCYncx8= marcc@mccd"; + }; users.users.git = { - isNormalUser = true; - home = "/home/git"; - description = "Git User"; - extraGroups = [ "wheel" "networkmanager" "git" ]; + isSystemUser = true; + home = "/srv/git"; + group = "git"; + extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcVScuh69V2OoYvMvPPgg0V2rNOaaEBBKpfsflnb97u1XltWeO9GnjkSfnfkY73M67eWuMwf9VwSjcYuDAguUEtCBlFEiZydmqgA5efqHwTIoxAegXL4Imb/pWnvryFQ7bbpcbY6gCNIskGMsUOv67AVXL5zPcFPmh/gQEOQH+Zp7AaJ264HWkwBuM63OYxuQ4vB/6jxWGW8j6UF9dvqemtRyFytpXW8R7y3B7sbI+tO+vuB2+O5NNguv3KStT00ktfLxoZJ2koAIb0HBOoKlbeoFVR/K3S8NeWbsZQMHY1W519rQm3TN6rDBLjdRDYQS1Y5ECNAfgbdrz5Ed8R1P1AqqzBAfEp0ooFeitN8BDrwbntiMF+qpPWzNIzJkWOgpfU7YBr/JCsSdtnVAMJo4lKC3mu5PKGROUE/rfd0/rn03HD/rgyhPvREtwUrfQTc4VzQP2Ntdw3tsZRpaNk7FZPtXApKu9Wt6TwS74n6ma4Q33opfqyDV0UzpsUCYncx8= marcc@mccd" ]; }; - boot.cleanTmpDir = true; + boot.tmp.cleanOnBoot = true; zramSwap.enable = true; networking.hostName = "nix"; networking.domain = "ann"; -- cgit v1.2.3