summary refs log tree commit diff
diff options
context:
space:
mode:
authortzlil <tzlils@protonmail.com>2023-02-17 16:50:09 +0200
committertzlil <tzlils@protonmail.com>2023-02-17 16:50:09 +0200
commit3c3e4531dac7f4ab591bf391be72a11121b45673 (patch)
treec87f7faa39dd4cf22a47cac661d1e4a50dda9888
parentd4896b353eed0ab37cf8a2591fe1f5369c37883f (diff)
cgit works, added git user to ssh AllowUser, added uid/gid maps to persist
-rw-r--r--hosts/vps/git.nix64
-rw-r--r--profiles/core.nix3
-rw-r--r--profiles/ssh.nix2
3 files changed, 48 insertions, 21 deletions
diff --git a/hosts/vps/git.nix b/hosts/vps/git.nix
index 3ad26c0..fcf8cfb 100644
--- a/hosts/vps/git.nix
+++ b/hosts/vps/git.nix
@@ -2,10 +2,13 @@
 
 {
   config = {
+    users.groups.git = {};
     users.users.git = {
       isSystemUser = true;
-      description = "git";
+      description = "tzlil";
+      group = "git";
       home = "/home/git";
+      packages = [pkgs.git];
       shell = "${pkgs.git}/bin/git-shell";
       openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA"
@@ -14,27 +17,48 @@
     services = {
       fcgiwrap.enable = true;
       caddy = {
-        virtualHosts."http://localhost".extraConfig = ''
-          reverse_proxy localhost:5678 { 
-            transport fastcgi {
-              env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
-              env CGIT_CONFIG ${pkgs.writeText "cgitrc" (lib.generators.toKeyValue { } {
-                clone-url = (lib.concatStringsSep " " [
-                  "http://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL"
-                  "ssh://git@git.example.com:$CGIT_REPO_URL"
-                ]);
-                enable-log-filecount = 1;
-                enable-log-linecount = 1;
-                enable-git-config = 1;
-                root-title = "git.example.com";
-                root-desc = "Tzlil's Git Repositories";
-                scan-path = "/home/git";
-              })}
-            } 
+        virtualHosts."http://100.67.217.90".extraConfig = ''
+          bind 100.67.217.90
+          handle /cgit.png { 
+            root * ${pkgs.cgit}/cgit
+            file_server
+          }
+          handle /cgit.css { 
+            root * ${pkgs.cgit}/cgit
+            file_server
+          }
+          handle /favicon.ico { 
+            root * ${pkgs.cgit}/cgit
+            file_server
+          }
+          handle {
+            reverse_proxy unix//run/fcgiwrap.sock { 
+              transport fastcgi {
+                env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
+                env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue { } {
+                  css = "/cgit.css";
+                  logo = "/cgit.png";
+                  favicon = "/favicon.ico";
+                  clone-url = (pkgs.lib.concatStringsSep " " [
+                    "http://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL"
+                    "ssh://git@git.example.com:$CGIT_REPO_URL"
+                  ]);
+                  enable-log-filecount = 1;
+                  enable-log-linecount = 1;
+                  enable-git-config = 1;
+                  root-title = "git.example.com";
+                  root-desc = "Tzlil's Git Repositories";
+                  scan-path = "/home/git";
+                  about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
+                  source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
+                  logo-link = "/";
+                })}
+              } 
+            }
           }
         '';
-      }
+      };
     };
-    environment.persistence."/nix/persist".directories = [ "/home/git" ];
+    environment.persistence."/nix/persist".directories = [ { directory = "/home/git"; user = "git"; group = "git"; } ];
   };
 }
\ No newline at end of file
diff --git a/profiles/core.nix b/profiles/core.nix
index 17d64e2..5f48baa 100644
--- a/profiles/core.nix
+++ b/profiles/core.nix
@@ -25,5 +25,8 @@
 
     age.identityPaths = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
     programs.command-not-found.dbPath = inputs.programsdb.packages.${pkgs.system}.programs-sqlite;
+
+    # save uid/guid
+    environment.persistence."/nix/persist".directories = [ "/var/lib/nixos" ];
   };
 }
\ No newline at end of file
diff --git a/profiles/ssh.nix b/profiles/ssh.nix
index 4c12cc7..49917f9 100644
--- a/profiles/ssh.nix
+++ b/profiles/ssh.nix
@@ -15,7 +15,7 @@
         AuthenticationMethods publickey
         StreamLocalBindUnlink yes
 
-        AllowUsers tzlil
+        AllowUsers tzlil git
       '';
       settings = {
         permitRootLogin = "no";