blob: 6ca6ec7434c9ea3ead4e8fd596cdaa8e452326b9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
{ pkgs, ... }:
{
services.gitolite = {
enable = true;
adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
user = "git";
group = "git";
extraGitoliteRc = ''
# Make dirs/files group readable, needed for webserver/cgit. (Default
# setting is 0077.)
$RC{UMASK} = 0027;
$RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner';
$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local";
push( @{$RC{ENABLE}}, 'symbolic-ref' );
'';
};
# let's make sure the default branch is `main'.
systemd.tmpfiles.rules = [
"C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" ''
[init]
defaultBranch = main
''}"
];
# # TODO also rsync the backups to the nas
# # TODO need the ssh key for the nas for rsync ?
# age.secrets.restic = {
# file = ../../../secrets/restic-backups.age;
# owner = "root";
# group = "root";
# path = "/etc/restic/secret";
# mode = "600";
# };
# # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix
# services.restic.backups.git = {
# passwordFile = "/etc/restic/secret";
# repository = "/srv/backups/git";
# initialize = true;
# paths = [ "/var/lib/gitolite" ];
# exclude = [
# "/var/lib/gitolite/.bash_history"
# "/var/lib/gitolite/.ssh"
# "/var/lib/gitolite/.viminfo"
# ];
# extraBackupArgs = [
# "--exclude-caches"
# "--compression=max"
# ];
# timerConfig = {
# OnCalendar = "daily";
# };
# pruneOpts = [
# "--keep-daily 7"
# "--keep-weekly 4"
# "--keep-monthly 3"
# ];
# };
}
|
