diff options
Diffstat (limited to 'modules/nixos/git.nix')
| -rw-r--r-- | modules/nixos/git.nix | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/modules/nixos/git.nix b/modules/nixos/git.nix new file mode 100644 index 0000000..f754588 --- /dev/null +++ b/modules/nixos/git.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.git; +in { + options.nixfiles.modules.git.server = { + enable = mkEnableOption "Git server"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "git.${config.networking.domain}"; + }; + + package = mkOption { + description = "Package."; + type = types.package; + default = pkgs.cgit-pink; + }; + }; + + config = mkMerge [ + (mkIf cfg.client.enable { + secrets = { + glab-cli-config = { + file = "${inputs.self}/secrets/glab-cli-config"; + path = "${config.dirs.config}/glab-cli/config.yml"; + owner = my.username; + inherit (config.my) group; + }; + gh-hosts = { + file = "${inputs.self}/secrets/gh-hosts"; + path = "${config.dirs.config}/gh/hosts.yml"; + owner = my.username; + inherit (config.my) group; + }; + hut = { + file = "${inputs.self}/secrets/hut"; + path = "${config.dirs.config}/hut/config"; + owner = my.username; + inherit (config.my) group; + }; + }; + }) + (mkIf cfg.server.enable { + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.server.domain} = { + locations = { + "/".extraConfig = let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=azahi’s git stuff + root-desc=鯛も一人はうまからず + + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 + + snapshots=tar.gz tar.bz2 zip + + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt + + scan-path=${config.services.gitolite.dataDir}/repositories + ''; + in '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + # FIXME This breaks sources previewing for these files. + "~* ^/(.+.(ico|css|png))$".extraConfig = '' + alias ${cfg.server.package}/cgit/$1; + ''; + }; + }; + }; + + services = let + user = "git"; + group = "git"; + in { + gitolite = { + # TODO Make the configuration purely declarative. + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + }; + + fcgiwrap = { + enable = true; + inherit user group; + }; + }; + }) + ]; +} |