From ce68c0a9e4c4ce78c48868219e4e5bcda849e228 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 30 Jun 2025 10:36:00 -0700
Subject: add configuration for vm-synology

This is a VM running on the Synology NAS. For now it only run
`gitolite`, but we may host additional services in the future.
---
 nix/machines/vm-synology/git.nix | 61 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 nix/machines/vm-synology/git.nix

(limited to 'nix/machines/vm-synology/git.nix')

diff --git a/nix/machines/vm-synology/git.nix b/nix/machines/vm-synology/git.nix
new file mode 100644
index 0000000..6ca6ec7
--- /dev/null
+++ b/nix/machines/vm-synology/git.nix
@@ -0,0 +1,61 @@
+{ pkgs, ... }:
+{
+
+  services.gitolite = {
+    enable = true;
+    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+    user = "git";
+    group = "git";
+    extraGitoliteRc = ''
+      # Make dirs/files group readable, needed for webserver/cgit. (Default
+      # setting is 0077.)
+      $RC{UMASK} = 0027;
+      $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner';
+      $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local";
+      push( @{$RC{ENABLE}}, 'symbolic-ref' );
+    '';
+  };
+
+  # let's make sure the default branch is `main'.
+  systemd.tmpfiles.rules = [
+    "C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" ''
+      [init]
+      	defaultBranch = main
+    ''}"
+  ];
+
+  # # TODO also rsync the backups to the nas
+  # # TODO need the ssh key for the nas for rsync ?
+  # age.secrets.restic = {
+  #   file = ../../../secrets/restic-backups.age;
+  #   owner = "root";
+  #   group = "root";
+  #   path = "/etc/restic/secret";
+  #   mode = "600";
+  # };
+
+  # # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix
+  # services.restic.backups.git = {
+  #   passwordFile = "/etc/restic/secret";
+  #   repository = "/srv/backups/git";
+  #   initialize = true;
+  #   paths = [ "/var/lib/gitolite" ];
+  #   exclude = [
+  #     "/var/lib/gitolite/.bash_history"
+  #     "/var/lib/gitolite/.ssh"
+  #     "/var/lib/gitolite/.viminfo"
+  #   ];
+  #   extraBackupArgs = [
+  #     "--exclude-caches"
+  #     "--compression=max"
+  #   ];
+  #   timerConfig = {
+  #     OnCalendar = "daily";
+  #   };
+  #   pruneOpts = [
+  #     "--keep-daily 7"
+  #     "--keep-weekly 4"
+  #     "--keep-monthly 3"
+  #   ];
+  # };
+}
-- 
cgit v1.2.3