diff options
Diffstat (limited to 'nix/machines/vm-synology/git.nix')
| -rw-r--r-- | nix/machines/vm-synology/git.nix | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/nix/machines/vm-synology/git.nix b/nix/machines/vm-synology/git.nix new file mode 100644 index 0000000..a6e7f88 --- /dev/null +++ b/nix/machines/vm-synology/git.nix @@ -0,0 +1,94 @@ +{ pkgs, lib, ... }: { + + services.gitolite = { + enable = true; + adminPubkey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; + user = "git"; + group = "git"; + extraGitoliteRc = '' + # Make dirs/files group readable, needed for webserver/cgit. (Default + # setting is 0077.) + $RC{UMASK} = 0027; + $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner'; + $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"; + push( @{$RC{ENABLE}}, 'symbolic-ref' ); + ''; + }; + + # let's make sure the default branch is `main'. + systemd.tmpfiles.rules = [ + "C /var/lib/gitolite/.gitconfig - git git 0644 ${ + pkgs.writeText "gitolite-gitconfig" '' + [init] + defaultBranch = main + '' + }" + ]; + + services.cgit.main = { + enable = true; + package = pkgs.cgit-pink; + user = "git"; + group = "git"; + nginx.virtualHost = "git.fcuny.net"; + scanPath = "/var/lib/gitolite/repositories"; + settings = { + css = "/cgit.css"; + logo = "/cgit.png"; + favicon = "/favicon.ico"; + robots = "noindex, nofollow"; + # TODO readme.org + readme = ":README.md"; + project-list = "/var/lib/gitolite/projects.list"; + about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; + source-filter = + "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; + clone-url = + (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]); + enable-log-filecount = 1; + enable-log-linecount = 1; + enable-git-config = 1; + enable-blame = 1; + enable-commit-graph = 1; + enable-follow-links = 1; + enable-index-links = 1; + enable-remote-branches = 1; + enable-subject-links = 1; + enable-tree-linenumbers = 1; + max-atom-items = 108; + max-commit-count = 250; + max-repo-count = 500; + repository-sort = "age"; + snapshots = "tar.gz"; + root-title = "¯\\_(ツ)_/¯"; + root-desc = "source code of my various projects"; + }; + }; + + # TODO also rsync the backups to the nas + # TODO need the ssh key for the nas for rsync ? + age.secrets.restic = { + file = ../../../secrets/restic-backups.age; + owner = "root"; + group = "root"; + path = "/etc/restic/secret"; + mode = "600"; + }; + + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix + services.restic.backups.git = { + passwordFile = "/etc/restic/secret"; + repository = "/srv/backups/git"; + initialize = true; + paths = [ "/var/lib/gitolite" ]; + exclude = [ + "/var/lib/gitolite/.bash_history" + "/var/lib/gitolite/.ssh" + "/var/lib/gitolite/.viminfo" + ]; + extraBackupArgs = [ "--exclude-caches" "--compression=max" ]; + timerConfig = { OnCalendar = "daily"; }; + pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 3" ]; + }; +} |