]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/friot/gitolite.nix
postfix: start openldap before.
[sourcephile-nix.git] / install / logical / friot / gitolite.nix
1 {pkgs, lib, config, system, ...}:
2 let inherit (builtins.extraBuiltins) pass;
3 inherit (lib) types;
4 inherit (config.services) gitolite;
5 inherit (config.users) users groups;
6 userPass = name: pass ("${config.networking.domain}/${config.networking.hostName}/"+name);
7 gitolite-admin = "julm";
8 in
9 {
10 config = {
11 environment.systemPackages = [ pkgs.gitolite ];
12 # NOTE: make confortable to call gitolite from a shell
13 # (but mind the sudo -u git).
14
15 services = {
16 gitolite = {
17 enable = true;
18 user = "git";
19 group = users."git-daemon".name;
20 adminPubkey = pass "${config.networking.domain}/ssh/${gitolite-admin}";
21 extraGitoliteRc = ''
22 $RC{UMASK} = 0027; # NOTE: no quote around in Perl, so it's octal
23 $RC{LOG_DEST} = 'repo-log,syslog';
24 $RC{LOG_FACILITY} = 'local0';
25 $RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
26 $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
27 if -d "$rc{GL_ADMIN_BASE}/local";
28 push(@{$RC{ENABLE}}, ( 'Alias'
29 #, 'cgit'
30 , 'D'
31 , 'Shell ${gitolite-admin}'
32 , 'create'
33 , 'expand-deny-messages'
34 , 'fork'
35 , 'keysubdirs-as-groups'
36 , 'readme'
37 , (-d "$rc{GL_ADMIN_BASE}/local" ? 'repo-specific-hooks' : ())
38 , 'ssh-authkeys-split'
39 ));
40 '';
41 };
42 };
43 systemd.services.gitolite-init = {
44 preStart = ''
45 chmod g+x "${gitolite.dataDir}"
46 # NOTE: allow git-daemon to enter ~git
47 '';
48 };
49 systemd.services.git-daemon = {
50 # NOTE: not using nixpkgs' gitDaemon, to avoid running it as root.
51 after = [ "network.target" ];
52 wantedBy = [ "multi-user.target" ];
53 serviceConfig = {
54 User = users."git-daemon".name;
55 Group = groups."git-daemon".name;
56 Restart = "always";
57 RestartSec = 5;
58 };
59 script = "${pkgs.git}/bin/git daemon --verbose --reuseaddr"
60 + " --base-path=${gitolite.dataDir}/repositories"
61 #+ (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ")
62 #+ "--port=${toString cfg.port} "
63 ;
64 };
65 users.users = lib.singleton
66 { name = "git-daemon";
67 uid = config.ids.uids.git;
68 description = "Git daemon user";
69 };
70 };
71 }