diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-08-12 10:24:51 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-08-12 10:24:51 -0700 |
| commit | 30830adaf051caf20761194a75f1fc2760030387 (patch) | |
| tree | 6df8e6382a223bda63aafc5f4bfbf0899206a98e /machines | |
| parent | move hardware config closer to the host config (diff) | |
| download | infra-30830adaf051caf20761194a75f1fc2760030387.tar.gz | |
move git server profile closer to host config
Diffstat (limited to 'machines')
| -rw-r--r-- | machines/nixos/x86_64-linux/synology-vm/default.nix | 2 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/synology-vm/profiles/git-server.nix | 40 |
2 files changed, 41 insertions, 1 deletions
diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix index 9976c54..4019bb0 100644 --- a/machines/nixos/x86_64-linux/synology-vm/default.nix +++ b/machines/nixos/x86_64-linux/synology-vm/default.nix @@ -36,7 +36,6 @@ "${self}/profiles/admin-user/user.nix" "${self}/profiles/admin-user/home-manager.nix" "${self}/profiles/server.nix" - "${self}/profiles/git-server.nix" "${self}/profiles/core/boot.nix" "${self}/profiles/core/locale.nix" "${self}/profiles/core/ssh.nix" @@ -48,6 +47,7 @@ "${self}/profiles/network/networkd.nix" "${self}/profiles/network/firewall.nix" "${self}/profiles/services/podman.nix" + ./profiles/git-server.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/git-server.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/git-server.nix new file mode 100644 index 0000000..6f523a8 --- /dev/null +++ b/machines/nixos/x86_64-linux/synology-vm/profiles/git-server.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +{ + services.gitolite = { + enable = true; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; + user = "git"; + group = "git"; + extraGitoliteRc = '' + # Make dirs/files group readable, needed for webserver/cgit. (Default + # setting is 0077.) + $RC{UMASK} = 0027; + $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner'; + $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"; + push( @{$RC{ENABLE}}, 'symbolic-ref' ); + ''; + }; + + # let's make sure the default branch is `main'. + systemd.tmpfiles.rules = [ + "C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" '' + [init] + defaultBranch = main + ''}" + ]; + + my.modules.backups = { + local.paths = [ "/var/lib/gitolite" ]; + local.exclude = [ + "/var/lib/gitolite/.bash_history" + "/var/lib/gitolite/.ssh" + "/var/lib/gitolite/.viminfo" + ]; + remote.paths = [ "/var/lib/gitolite" ]; + remote.exclude = [ + "/var/lib/gitolite/.bash_history" + "/var/lib/gitolite/.ssh" + "/var/lib/gitolite/.viminfo" + ]; + }; +} |