2 files changed, 28 insertions, 0 deletions

diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix
index 73e3002..8e47108 100644
--- a/machines/nixos/x86_64-linux/rivendell.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -10,6 +10,7 @@
     ../../../profiles/defaults.nix
     ../../../profiles/disk/btrfs-on-luks.nix
     ../../../profiles/forgejo.nix
+    ../../../profiles/git-server.nix
     ../../../profiles/hardware/framework-desktop.nix
     ../../../profiles/home-manager.nix
     ../../../profiles/keycloak.nix
diff --git a/profiles/git-server.nix b/profiles/git-server.nix
new file mode 100644
index 0000000..3d34fad
--- /dev/null
+++ b/profiles/git-server.nix
@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+{
+  services.gitolite = {
+    enable = true;
+    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+    user = "git";
+    group = "git";
+    extraGitoliteRc = ''
+      # Make dirs/files group readable, needed for webserver/cgit. (Default
+      # setting is 0077.)
+      $RC{UMASK} = 0027;
+      $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner';
+      $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local";
+      push( @{$RC{ENABLE}}, 'symbolic-ref' );
+    '';
+  };
+
+  # let's make sure the default branch is `main'.
+  # NOTE: gitolite-admin.git default branch needs to be named master
+  systemd.tmpfiles.rules = [
+    "C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" ''
+      [init]
+      	defaultBranch = main
+    ''}"
+  ];
+
+}