diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-06-30 10:36:00 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-06-30 10:36:00 -0700 |
| commit | ce68c0a9e4c4ce78c48868219e4e5bcda849e228 (patch) | |
| tree | 208bd056e4dfdd37bc1bd1c2134145c0d04b7da7 /nix/machines/vm-synology/git.nix | |
| parent | only include some home-manager configurations on Darwin (diff) | |
| download | infra-ce68c0a9e4c4ce78c48868219e4e5bcda849e228.tar.gz | |
add configuration for vm-synology
This is a VM running on the Synology NAS. For now it only run
`gitolite`, but we may host additional services in the future.
Diffstat (limited to '')
| -rw-r--r-- | nix/machines/vm-synology/git.nix | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/nix/machines/vm-synology/git.nix b/nix/machines/vm-synology/git.nix new file mode 100644 index 0000000..6ca6ec7 --- /dev/null +++ b/nix/machines/vm-synology/git.nix @@ -0,0 +1,61 @@ +{ pkgs, ... }: +{ + + services.gitolite = { + enable = true; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; + user = "git"; + group = "git"; + extraGitoliteRc = '' + # Make dirs/files group readable, needed for webserver/cgit. (Default + # setting is 0077.) + $RC{UMASK} = 0027; + $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner'; + $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"; + push( @{$RC{ENABLE}}, 'symbolic-ref' ); + ''; + }; + + # let's make sure the default branch is `main'. + systemd.tmpfiles.rules = [ + "C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" '' + [init] + defaultBranch = main + ''}" + ]; + + # # TODO also rsync the backups to the nas + # # TODO need the ssh key for the nas for rsync ? + # age.secrets.restic = { + # file = ../../../secrets/restic-backups.age; + # owner = "root"; + # group = "root"; + # path = "/etc/restic/secret"; + # mode = "600"; + # }; + + # # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix + # services.restic.backups.git = { + # passwordFile = "/etc/restic/secret"; + # repository = "/srv/backups/git"; + # initialize = true; + # paths = [ "/var/lib/gitolite" ]; + # exclude = [ + # "/var/lib/gitolite/.bash_history" + # "/var/lib/gitolite/.ssh" + # "/var/lib/gitolite/.viminfo" + # ]; + # extraBackupArgs = [ + # "--exclude-caches" + # "--compression=max" + # ]; + # timerConfig = { + # OnCalendar = "daily"; + # }; + # pruneOpts = [ + # "--keep-daily 7" + # "--keep-weekly 4" + # "--keep-monthly 3" + # ]; + # }; +} |