modules/nixosModules/server/cgit.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

{
  self,
  lib,
  ...
}: {
  flake.nixosModules.cgit = {
    config,
    pkgs,
    ...
  }: let
    cfg = config.hostOptions.server;
  in {
    imports = [
      self.nixosModules.hostOptions
      self.nixosModules.nginx
    ];

    users.users.git = {
      isSystemUser = true;
      group = "git";
      home = "${cfg.dataPath}/git";
      createHome = true;
      shell = "${pkgs.git}/bin/git-shell";
      openssh.authorizedKeys.keys = cfg.sshKeys;
    };
    users.groups.git = {};

    services.cgit."git.${cfg.domain}" = {
      enable = true;

      user = "git";
      group = "git";

      scanPath = "${cfg.dataPath}/git";

      settings = {
        enable-index-owner = false;
        enable-commit-graph = 1;
        enable-log-filecount = 1;
        enable-log-linecount = 1;
        clone-url = "https://git.${cfg.domain}/$CGIT_REPO_URL ssh://git@git.${cfg.domain}:${cfg.dataPath}/git/$CGIT_REPO_URL";
        source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
        about-filter = "${pkgs.cgit}/lib/cgit/filters/about-formatting.sh";
      };

      gitHttpBackend = {
        enable = true;
        checkExportOkFiles = false;
      };
    };

    services.nginx.virtualHosts."git.${cfg.domain}" = {
      enableACME = true;
      forceSSL = true;
    };
  };
}