machines/srv3/services/cgit/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

{ pkgs, ...}:
let
  cgitHostname = "git.niedzwiedzinski.cyou";

  mirror = pkgs.writeScriptBin "mirror" ''
  #!/bin/sh

  name=`echo "$1" | rev | cut -d'/' -f1 | rev`

  cd /srv/git
  sudo -u git ${pkgs.git}/bin/git clone --mirror $1 $name
  sudo -u git /run/current-system/sw/bin/chmod -R g+w $name
  '';

  newrepo = pkgs.writeScriptBin "newrepo" ''
  #!/bin/sh

  [ -z $1 ] && echo "Pass repo name" && exit 1

  sudo -u git git init --bare /srv/git/$1
  sudo -u git /run/current-system/sw/bin/chmod -R g+w /srv/git/$1
  '';

in
{
  environment.systemPackages = [ newrepo mirror ];
  systemd.services.git-fetch = {
    script = ''
      #!/bin/sh
      cd /srv/git
      for f in `find . -name HEAD`; do
        cd ''${f%HEAD}
        ${pkgs.git}/bin/git fetch
        cd /srv/git
      done
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "git";
    };
  };
  systemd.timers.git-fetch = {
    partOf = [ "git-fetch.service" ];
    wantedBy = ["timers.target" ];
    timerConfig = {
      OnCalendar = "hourly";
      Unit = "git-fetch.service";
    };
  };
  services.nginx.virtualHosts."${cgitHostname}" = {
    locations."=/mylogo.png" = {
      alias = "${./baby-yoda.png.comp}";
    };
    forceSSL = true;
    enableACME = true;
  };
  services.cgit.gitN = {
    enable = true;
    user = "cgit";
    package = pkgs.cgit-pink;
    scanPath = "/srv/git";
    nginx.virtualHost = cgitHostname;
    settings = {
      about-filter = let formatScript = pkgs.writeScriptBin "about-format.sh" ''
          #!/bin/sh
          ${pkgs.coreutils}/bin/cat << EOF
          <style>
          .md blockquote {
            background: #eee;
            font-style: italic;
            padding: 0 1em;
          }
          </style>
          <div class="md">
          EOF
          ${pkgs.coreutils}/bin/cat /dev/stdin | ${pkgs.lowdown}/bin/lowdown
          echo '</div>'
        '';
      in "${formatScript}/bin/about-format.sh";
      cache-size = "1000";
      root-title = cgitHostname;
      root-desc = "Personal git server, because I can";
      readme = ":README.md";
      snapshots = "tar.gz zip";
      clone-prefix = "https://${cgitHostname}";
      section-from-path = "1";
      logo = "/mylogo.png";
    };
  };

  users = {
    groups = { git = {}; };
    users = {
      git = {
        isSystemUser = true;
        group = "git";
        description = "git user";
        home = "/srv/git";
        shell = "${pkgs.git}/bin/git-shell";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com"
        ];
      };
    };
  };
}