diff options
author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-20 13:58:21 +0100 |
---|---|---|
committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-20 13:58:21 +0100 |
commit | 33639143ea50404a04bc4c454435aff1bd79dd4b (patch) | |
tree | ede4b6832bb86ac30281fc22700ae1fe40658f37 /modules/by-name/gi/git-server/module.nix | |
parent | fix(treewide): Update to nixos release 24.11 (diff) | |
download | nixos-server-33639143ea50404a04bc4c454435aff1bd79dd4b.zip |
refactor({modules,test}): Migrate to a `by-name` structure
Diffstat (limited to 'modules/by-name/gi/git-server/module.nix')
-rw-r--r-- | modules/by-name/gi/git-server/module.nix | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/modules/by-name/gi/git-server/module.nix b/modules/by-name/gi/git-server/module.nix new file mode 100644 index 0000000..a374f4c --- /dev/null +++ b/modules/by-name/gi/git-server/module.nix @@ -0,0 +1,178 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.vhack.git-server; + + cgitCss = import ./css.nix { + inherit pkgs; + cgitPkg = + config.services.cgit."${cfg.domain}".package; + }; +in { + options.vhack.git-server = { + enable = lib.mkEnableOption '' + a lightweight git-server, realised with cgit and gitolite. + ''; + + domain = lib.mkOption { + type = lib.types.str; + default = "git.vhack.eu"; + description = '' + The domain this git instance will run under. + ''; + }; + + gitolite = { + adminPubkey = lib.mkOption { + description = '' + The initial key to use for gitolite. This will only be used for the initial + clone of the `gitolite-admin` repository. + ''; + type = lib.types.str; + default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAe4o1PM6VasT3KZNl5NYvgkkBrPOg36dqsywd10FztS openpgp:0x21D20D6A"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + programs.git = { + enable = true; + config = { + init = { + defaultBranch = "main"; + }; + }; + }; + + # Needed for the nginx proxy and the virtual host + vhack.nginx.enable = true; + + services = { + gitolite = { + inherit (cfg.gitolite) adminPubkey; + enable = true; + dataDir = "/srv/gitolite"; + user = "git"; + group = "git"; + extraGitoliteRc = '' + $RC{UMASK} = 0027; # Enable group access, important for cgit. + + # Enable modifing git variables (for cgit.owner and such things) + # These must be enable in the gitolite-admin repo (option user-configs = ...) + push( @{$RC{ENABLE}}, 'config' ); + push( @{$RC{ENABLE}}, 'git-config' ); + + push( @{$RC{ENABLE}}, 'expand-deny-messages' ); + push( @{$RC{ENABLE}}, 'Motd' ); + + push( @{$RC{ENABLE}}, 'cgit' ); + ''; + }; + + cgit."${cfg.domain}" = { + enable = true; + package = pkgs.cgit-pink; + scanPath = "${config.services.gitolite.dataDir}/repositories"; + user = "git"; + group = "git"; + settings = { + branch-sort = "age"; + + # Allow users to download a repo checkout with these compression formats + snapshots = ["tar.gz" "zip"]; + # The template used to generate the clone url for https clone. + clone-url = [ + "https://${cfg.domain}/$CGIT_REPO_URL" + "ssh://git@${cfg.domain}/$CGIT_REPO_URL" + ]; + enable-http-clone = true; + + # TODO: We might want to add an logo and readme here <2024-07-31> + # logo = "<url>"; + # root-readme = "/some/readme/file" + root-desc = "The cgit instance of ${cfg.domain}!"; + root-title = "${ + lib.strings.toUpper (builtins.substring 0 1 cfg.domain) + builtins.substring 1 (builtins.stringLength cfg.domain) cfg.domain + } cgit instace"; + + # Set the default maximum statistics period. Valid values are "week", + # "month", "quarter" and "year". + max-stats = "week"; + + readme = [ + ":README.md" + ":readme.md" + ":README.mkd" + ":readme.mkd" + ":README.rst" + ":readme.rst" + ":README.html" + ":readme.html" + ":README.htm" + ":readme.htm" + ":README.txt" + ":readme.txt" + ":README" + ":readme" + ":INSTALL.md" + ":install.md" + ":INSTALL.mkd" + ":install.mkd" + ":INSTALL.rst" + ":install.rst" + ":INSTALL.html" + ":install.html" + ":INSTALL.htm" + ":install.htm" + ":INSTALL.txt" + ":install.txt" + ":INSTALL" + ":install" + ]; + + enable-blame = true; + enable-commit-graph = true; + enable-subject-links = true; + enable-follow-links = true; + enable-index-links = true; + enable-index-owner = true; + + # NOTE: This allows cgit to take configuration from the bare git repositories: + # All `repo.<key>` can be set by setting `cgit.<key>` in the git config. E.g.: + # setting the owner (i.e. `repo.owner`) would be done by setting the + # `cgit.owner` config. All repo options are outline in the cgitrc (5) man page. + enable-git-config = true; + + # Remove the `.git` suffix from scanned repositories (this must be set _before_ `scan-path`) + remove-suffix = true; + + css = "/custom_cgit.css"; + + # This is a number of path elements to treat as section. + # `-1` means that we treat the last element as name, all others as sections + section-from-path = -1; + + project-list = "${config.services.gitolite.dataDir}/projects.list"; + + # TODO: We might want to use the kernel.org `libravatar.lua` email-filter <2024-07-31> + source-filter = "${config.services.cgit."${cfg.domain}".package}/lib/cgit/filters/syntax-highlighting.py"; + about-filter = "${config.services.cgit."${cfg.domain}".package}/lib/cgit/filters/about-formatting.sh"; + }; + }; + + nginx.virtualHosts."${cfg.domain}" = { + enableACME = true; + forceSSL = true; + + locations = { + "= /custom_cgit.css" = { + alias = cgitCss.outPath; + }; + }; + }; + }; + }; +} |