summary refs log tree commit diff stats
path: root/modules/nixos/vhack/git-server
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/vhack/git-server')
-rw-r--r--modules/nixos/vhack/git-server/default.nix46
1 files changed, 46 insertions, 0 deletions
diff --git a/modules/nixos/vhack/git-server/default.nix b/modules/nixos/vhack/git-server/default.nix
new file mode 100644
index 0000000..550bc90
--- /dev/null
+++ b/modules/nixos/vhack/git-server/default.nix
@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.vhack.git-server;
+in {
+  options.vhack.git-server = {
+    enable = lib.mkEnableOption ''
+      a lightweight git-server, realised with cgit and gitolite.
+    '';
+  };
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      gitolite = {
+        enable = true;
+        adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe4o1PM6VasT3KZNl5NYvgkkBrPOg36dqsywd10FztS openpgp:0x21D20D6A";
+        dataDir = "/srv/gitolite";
+        user = "git";
+        group = "git";
+        extraGitoliteRc = ''
+          $RC{UMASK} = 0027; # Enable group access, important for cgit.
+        '';
+      };
+
+      cgit."git.vhack.eu" = {
+        enable = true;
+        package = pkgs.cgit-pink;
+        scanPath = "${config.services.gitolite.dataDir}/repositories";
+        settings = {
+          enable-http-clone = true;
+          section-from-path = true;
+          project-list = "${config.services.gitolite.dataDir}/projects.list";
+          source-filter = "${config.services.cgit."git.vhack.eu".package}/lib/cgit/filters/syntax-highlighting.py";
+        };
+      };
+
+      nginx.virtualHosts."git.vhack.eu" = {
+        enableACME = true;
+        forceSSL = true;
+      };
+    };
+  };
+}