diff options
| author | Azat Bahawi <azat@bahawi.net> | 2023-02-15 22:44:13 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2023-02-15 22:44:13 +0300 |
| commit | 32cc6847c481c8ffc88240d0149fe495f3b22de5 (patch) | |
| tree | 103f5abd20b59250b90746ce7d7cd0b24c321848 /modules/nixos/git/default.nix | |
| parent | 7ed022bc9a3c89834016c866e387b60ba4523eb6 (diff) | |
2023-02-15
Diffstat (limited to 'modules/nixos/git/default.nix')
| -rw-r--r-- | modules/nixos/git/default.nix | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix new file mode 100644 index 0000000..587f3b3 --- /dev/null +++ b/modules/nixos/git/default.nix @@ -0,0 +1,197 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.git; +in { + options.nixfiles.modules.git.server = { + enable = mkEnableOption "Git server"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "git.${config.networking.domain}"; + }; + + package = mkOption { + description = "Package."; + type = types.package; + default = pkgs.cgit-pink; + }; + }; + + config = mkMerge [ + (mkIf cfg.client.enable { + secrets = { + glab-cli-config = { + file = "${inputs.self}/secrets/glab-cli-config"; + path = "${config.dirs.config}/glab-cli/config.yml"; + owner = my.username; + inherit (config.my) group; + }; + gh-hosts = { + file = "${inputs.self}/secrets/gh-hosts"; + path = "${config.dirs.config}/gh/hosts.yml"; + owner = my.username; + inherit (config.my) group; + }; + hut = { + file = "${inputs.self}/secrets/hut"; + path = "${config.dirs.config}/hut/config"; + owner = my.username; + inherit (config.my) group; + }; + }; + }) + (mkIf cfg.server.enable { + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.server.domain} = { + locations = { + "/".extraConfig = let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=github sux >:^( + root-desc=Homo sum, humani a me nihil alienum puto. + footer= + + logo=/cgit-custom-logo.gif + favicon=/cgit-custom-favicon.gif + css=/cgit-custom-style.css + + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + + enable-git-config=1 + enable-gitweb-owner=1 + enable-index-owner=0 + remove-suffix=1 + + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt + + scan-path=${config.services.gitolite.dataDir}/repositories + ''; + in '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + "~* ^.+(cgit.css|robots.txt)$".extraConfig = '' + root ${cfg.server.package}/cgit; + ''; + "~* ^.+cgit-custom-logo.gif$".extraConfig = '' + alias ${./logo.gif}; + ''; + "~* ^.+cgit-custom-favicon.gif$".extraConfig = '' + alias ${./favicon.ico}; + ''; + "~* ^.+cgit-custom-style.css$".extraConfig = let + css = with config.colourScheme; + pkgs.writeText "custom.css" '' + @import url("cgit.css"); + + form { + display: none; + } + + div#cgit { + max-width: 200ch; + margin: auto; + font-family: "${config.fontScheme.monospaceFont.family}", monospace; + -moz-tab-size: 4; + tab-size: 4; + } + + div#cgit table#header td.sub { + border-top: none; + } + + div#cgit table#header td.sub.right { + padding-right: 1em; + } + + div#cgit table.tabs { + border-bottom: none; + } + + div#cgit div.content { + border-bottom: none; + } + + div#cgit table.list th a { + color: inherit; + } + + div#cgit table.list tr:nth-child(even) { + background: inherit; + } + + div#cgit table.list tr:hover { + background: inherit; + } + + div#cgit table.list tr.nohover-highlight:hover:nth-child(even) { + background: inherit; + } + + div#cgit table.blob td.linenumbers a:target { + color: goldenrod; + text-decoration: underline; + outline: none; + } + + div#cgit div#summary { + max-width: 80ch; + } + + div#cgit a.permalink { + color: inherit; + } + ''; + in '' + alias ${css}; + ''; + }; + }; + }; + + services = let + user = "git"; + group = "git"; + in { + gitolite = { + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + extraGitoliteRc = '' + # This allows hiding repositories via "cgit.ignore"[1]. + # + # [1]: https://www.omarpolo.com/post/cgit-gitolite.html + $RC{GIT_CONFIG_KEYS} = '.*'; + ''; + }; + + fcgiwrap = { + enable = true; + inherit user group; + }; + }; + }) + ]; +} |