modules/cgit: Stop exposing all repositories as http clones
HEAD mainThis feature has recently been added to nixpkgs to fix the security
vulnerability.
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/by-name/gi/git-server/module.nix b/modules/by-name/gi/git-server/module.nix
index db35897..4ddfca4 100644
--- a/modules/by-name/gi/git-server/module.nix
+++ b/modules/by-name/gi/git-server/module.nix
@@ -88,6 +88,12 @@ in {
scanPath = "${config.services.gitolite.dataDir}/repositories";
user = "git";
group = "git";
+
+ # Don't bypass `cgit` when performing a http only clone.
+ # This is slightly slower, but we don't need to worry about the access
+ # restrictions also being by-passed.
+ gitHttpBackend.enable = false;
+
settings = {
branch-sort = "age";
|
