1 files changed, 57 insertions, 0 deletions

diff --git a/modules/nixosModules/server/cgit.nix b/modules/nixosModules/server/cgit.nix
new file mode 100644
index 0000000..09a5829
--- /dev/null
+++ b/modules/nixosModules/server/cgit.nix
@@ -0,0 +1,57 @@
+{
+  self,
+  lib,
+  ...
+}: {
+  flake.nixosModules.cgit = {
+    config,
+    pkgs,
+    ...
+  }: let
+    cfg = config.hostOptions.server;
+  in {
+    imports = [
+      self.nixosModules.hostOptions
+      self.nixosModules.nginx
+    ];
+
+    users.users.git = {
+      isSystemUser = true;
+      group = "git";
+      home = "${cfg.dataPath}/git";
+      createHome = true;
+      shell = "${pkgs.git}/bin/git-shell";
+      openssh.authorizedKeys.keys = cfg.sshKeys;
+    };
+    users.groups.git = {};
+
+    services.cgit."git.${cfg.domain}" = {
+      enable = true;
+
+      user = "git";
+      group = "git";
+
+      scanPath = "${cfg.dataPath}/git";
+
+      settings = {
+        enable-index-owner = false;
+        enable-commit-graph = 1;
+        enable-log-filecount = 1;
+        enable-log-linecount = 1;
+        clone-url = "https://git.${cfg.domain}/$CGIT_REPO_URL ssh://git@git.${cfg.domain}:${cfg.dataPath}/git/$CGIT_REPO_URL";
+        source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
+        about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
+      };
+
+      gitHttpBackend = {
+        enable = true;
+        checkExportOkFiles = false;
+      };
+    };
+
+    services.nginx.virtualHosts."git.${cfg.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+}