diff options
Diffstat (limited to 'tharos/cgit.nix')
| -rw-r--r-- | tharos/cgit.nix | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/tharos/cgit.nix b/tharos/cgit.nix new file mode 100644 index 0000000..b4a75c3 --- /dev/null +++ b/tharos/cgit.nix @@ -0,0 +1,99 @@ +{ self, ... }: +{ + + flake.machines.tharos = + let + path = "/git/infra"; + in + { + nixos = + { + config, + pkgs, + lib, + ... + }: + let + cgit = config.services.cgit.infra.nginx.virtualHost; + nginx = lib.head config.services.nginx.virtualHosts.${cgit}.listen; + in + { + users.groups.git = { }; + users.users = lib.mapAttrs (_: _': { extraGroups = [ "git" ]; }) self.keys; + environment.systemPackages = with pkgs; [ git ]; + + systemd.services.init-git-repos = { + wantedBy = [ "multi-user.target" ]; + before = [ "cgit.service" ]; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + + script = '' + if [ ! -f ${path} ]; then + ${lib.getExe pkgs.git} init --shared=group --bare ${path} + fi + ''; + }; + + systemd.tmpfiles.rules = [ + "d ${path} 2775 root git -" + ]; + + services.cgit.infra = rec { + enable = true; + nginx.virtualHost = "git.${self.domain}"; + repos.infra = { + desc = "Quellcode für die technische Infrastruktur des Stadtteilbeirats Heimfeld"; + inherit path; + clone-url = "https://${nginx.virtualHost}/$CGIT_REPO_URL ssh://${self.domain}${path}"; + }; + settings = { + about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh"; + readme = ":README.md"; + enable-commit-graph = true; + }; + }; + services.nginx.virtualHosts.${cgit}.listen = [ + { + addr = "127.0.0.1"; + port = 8083; + } + ]; + services.caddy.virtualHosts.${cgit}.extraConfig = '' + reverse_proxy localhost:${toString nginx.port} + ''; + }; + vm = + { + config, + lib, + ... + }: + let + httpPort = 700; + cgit = config.services.cgit.infra.nginx.virtualHost; + in + { + services.cgit.infra = { + nginx.virtualHost = lib.mkForce "git.localhost"; + + repos.infra.clone-url = lib.mkForce "http://${cgit}:${ + with config.virtualisation; toString (portOffset + exposedPorts.http.port) + }/$CGIT_REPO_URL ssh://localhost:${ + toString (config.virtualisation.portOffset + lib.head config.services.openssh.ports) + }${path}"; + }; + + services.caddy.virtualHosts = { + "http://${cgit}:${toString config.virtualisation.exposedPorts.http.port}".extraConfig = + config.services.caddy.virtualHosts.${cgit}.extraConfig; + }; + services.getty.helpLine = lib.mkBefore '' + cgit: http://${cgit}:${with config.virtualisation; toString (portOffset + exposedPorts.http.port)} + ''; + }; + }; +} |