hosts/vps/git.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

{
  pkgs,
  config,
  ...
}: {
  config = {
    users.groups.git = {};
    users.users.git = {
      isSystemUser = true;
      description = "tzlil";
      group = "git";
      home = "/home/git";
      packages = [pkgs.git];
      shell = "${pkgs.git}/bin/git-shell";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhN4Iq070J9rFJhOwP9RUyUJG9MC1W5KnDGqBqWZnlu"
      ];
    };

    # for syntax highlighting
    users.groups.fcgiwrap = {};
    users.users.fcgiwrap = {
      isSystemUser = true;
      group = "fcgiwrap";
      packages = [pkgs.highlight pkgs.fcgiwrap];
    };

    services = {
      fcgiwrap = {
        enable = true;
        user = "fcgiwrap";
        group = "fcgiwrap";
      };
      caddy = {
        virtualHosts."tzlil.net".extraConfig = ''
          bind 0.0.0.0
          ${config.website.defaultHeaders}
          handle_path /cgit/* {
            handle /cgit.png {
              root * ${pkgs.cgit}/cgit
              file_server
            }
            handle /cgit.css {
              try_files ${pkgs.fetchurl {
            url = "https://jeremias.stotter.eu/cgi-bin/cgit.cgi/cgit-dark/plain/cgit.css";
            sha256 = "sha256-wqszujnWV5PRh3L23L1BFj/PKUElpyu1KhjqrHS8lCw=";
          }} /
              file_server
            }
            handle /favicon.ico {
              root * ${pkgs.cgit}/cgit
              file_server
            }
            handle {
              reverse_proxy unix//run/fcgiwrap.sock {
                transport fastcgi {
                  env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
                  env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue {} {
            css = "/cgit/cgit.css";
            logo = "/cgit/cgit.png";
            favicon = "/favicon.ico";
            clone-url = pkgs.lib.concatStringsSep " " [
              "http://$HTTP_HOST$SCRIPT_NAME/$CGIT_REPO_URL"
              "ssh://git@tzlil.net:$CGIT_REPO_URL"
            ];
            enable-log-filecount = 1;
            enable-log-linecount = 1;
            enable-git-config = 1;
            root-title = "tzlil.net";
            root-desc = "Tzlil's Git Repositories";
            scan-path = "/home/git";
            about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.py";
            source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
            logo-link = "/";
            virtual-root = "/cgit";
            readme = ":README.md";
          })}
                }
              }
          }
          }
        '';
      };
    };
    environment.persistence."/nix/persist".directories = [
      {
        directory = "/home/git";
        user = "git";
        group = "git";
      }
    ];
  };
}