{ config, lib, pkgs, ... }: let cfg = config.vhack.git-server; in { options.vhack.git-server.enable = lib.mkEnableOption "a lightweight git-server, realised with cgit and gitolite."; config = lib.mkIf cfg.enable { services = { gitolite = { enable = true; adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe4o1PM6VasT3KZNl5NYvgkkBrPOg36dqsywd10FztS openpgp:0x21D20D6A"; dataDir = "/srv/gitolite"; user = "gitolite"; group = "gitolite"; extraGitoliteRc = '' $RC{UMASK} = 0027; # Enable group access, important for cgit. ''; }; cgit."git.vhack.eu" = { enable = true; package = pkgs.cgit-pink; scanPath = "${config.services.gitolite.dataDir}/repositories"; settings = { section-from-path = true; project-list = "${config.services.gitolite.dataDir}/projects.list"; source-filter = "${config.services.cgit."git.vhack.eu".package}/lib/cgit/filters/syntax-highlighting.py"; }; }; nginx.virtualHosts."git.vhack.eu" = { enableACME = true; forceSSL = true; }; }; }; }