nixos-dotfiles

https://git.tonybtw.com/nixos-dotfiles.git git://git.tonybtw.com/nixos-dotfiles.git

1,905 bytes raw

{
  config,
  pkgs,
  ...
}: let
  domain = "git.tonybtw.com";
  gitRoot = "/srv/git";
in {
  services.cgit.main = {
    enable = true;
    nginx.virtualHost = domain;
    scanPath = gitRoot;
    gitHttpBackend.enable = false;
    settings = {
      root-title = "Tony's Git";
      root-desc = "Personal git repositories";
      clone-url = "https://${domain}/$CGIT_REPO_URL git://${domain}/$CGIT_REPO_URL";
      enable-git-config = 1;
      enable-index-owner = 0;
      enable-commit-graph = 1;
      enable-log-filecount = 1;
      enable-log-linecount = 1;
      source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
      about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
      readme = ":README.md";
    };
  };

  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
    locations."~ ^/([^/]+)/(HEAD|info/refs|objects|git-upload-pack)$" = {
      fastcgiParams = {
        GIT_HTTP_EXPORT_ALL = "";
        GIT_PROJECT_ROOT = gitRoot;
        PATH_INFO = "$uri";
      };
      extraConfig = ''
        fastcgi_pass unix:/run/fcgiwrap.sock;
      '';
    };
  };

  services.fcgiwrap.instances.git = {
    process.user = "git";
    process.group = "git";
    socket = {inherit (config.services.nginx) user group;};
  };

  systemd.services.git-daemon = {
    description = "Git daemon";
    wantedBy = ["multi-user.target"];
    after = ["network.target"];
    serviceConfig = {
      ExecStart = "${pkgs.git}/bin/git daemon --reuseaddr --base-path=${gitRoot} --export-all --verbose ${gitRoot}";
      User = "git";
      Group = "git";
    };
  };

  users.users.git = {
    isSystemUser = true;
    group = "git";
    home = gitRoot;
    shell = "${pkgs.git}/bin/git-shell";
  };
  users.groups.git = {};

  systemd.tmpfiles.rules = [
    "d ${gitRoot} 0755 git git -"
  ];

  networking.firewall.allowedTCPPorts = [9418];
}

1	`{`
2	`config,`
3	`pkgs,`
4	`...`
5	`}: let`
6	`domain = "git.tonybtw.com";`
7	`gitRoot = "/srv/git";`
8	`in {`
9	`services.cgit.main = {`
10	`enable = true;`
11	`nginx.virtualHost = domain;`
12	`scanPath = gitRoot;`
13	`gitHttpBackend.enable = false;`
14	`settings = {`
15	`root-title = "Tony's Git";`
16	`root-desc = "Personal git repositories";`
17	`clone-url = "https://${domain}/$CGIT_REPO_URL git://${domain}/$CGIT_REPO_URL";`
18	`enable-git-config = 1;`
19	`enable-index-owner = 0;`
20	`enable-commit-graph = 1;`
21	`enable-log-filecount = 1;`
22	`enable-log-linecount = 1;`
23	`source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";`
24	`about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";`
25	`readme = ":README.md";`
26	`};`
27	`};`
28
29	`services.nginx.virtualHosts.${domain} = {`
30	`enableACME = true;`
31	`forceSSL = true;`
32	`locations."~ ^/([^/]+)/(HEAD\|info/refs\|objects\|git-upload-pack)$" = {`
33	`fastcgiParams = {`
34	`GIT_HTTP_EXPORT_ALL = "";`
35	`GIT_PROJECT_ROOT = gitRoot;`
36	`PATH_INFO = "$uri";`
37	`};`
38	`extraConfig = ''`
39	`fastcgi_pass unix:/run/fcgiwrap.sock;`
40	`'';`
41	`};`
42	`};`
43
44	`services.fcgiwrap.instances.git = {`
45	`process.user = "git";`
46	`process.group = "git";`
47	`socket = {inherit (config.services.nginx) user group;};`
48	`};`
49
50	`systemd.services.git-daemon = {`
51	`description = "Git daemon";`
52	`wantedBy = ["multi-user.target"];`
53	`after = ["network.target"];`
54	`serviceConfig = {`
55	`ExecStart = "${pkgs.git}/bin/git daemon --reuseaddr --base-path=${gitRoot} --export-all --verbose ${gitRoot}";`
56	`User = "git";`
57	`Group = "git";`
58	`};`
59	`};`
60
61	`users.users.git = {`
62	`isSystemUser = true;`
63	`group = "git";`
64	`home = gitRoot;`
65	`shell = "${pkgs.git}/bin/git-shell";`
66	`};`
67	`users.groups.git = {};`
68
69	`systemd.tmpfiles.rules = [`
70	`"d ${gitRoot} 0755 git git -"`
71	`];`
72
73	`networking.firewall.allowedTCPPorts = [9418];`
74	`}`