]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/gitolite.nix
sftp: tweak permissions
[sourcephile-nix.git] / hosts / losurdo / gitolite.nix
1 { pkgs, lib, config, inputs, hostName, ... }:
2 let
3 inherit (config.users) users;
4 gitolite-admin = "julm";
5 in
6 {
7 environment.systemPackages = [ pkgs.gitolite ];
8 services.gitolite = {
9 enable = true;
10 user = "git";
11 group = users."git".name;
12 adminPubkey = lib.concatStringsSep "\n" users.${gitolite-admin}.openssh.authorizedKeys.keys;
13 extraGitoliteRc = ''
14 $RC{UMASK} = 0027; # NOTE: no quote around in Perl, so it's octal
15 $RC{LOG_DEST} = 'repo-log,syslog';
16 $RC{LOG_FACILITY} = 'local0';
17 #$RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
18 $RC{GIT_CONFIG_KEYS} = '.*';
19 #$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
20 # if -d "$rc{GL_ADMIN_BASE}/local";
21 $RC{LOCAL_CODE} = "$ENV{HOME}/local";
22 push(@{$RC{ENABLE}}, ( 'Alias'
23 , 'cgit'
24 # NOTE: without this "cgit" option,
25 # the repositories' "description" files are not modified
26 , 'D'
27 , 'Shell ${gitolite-admin}'
28 , 'create'
29 , 'expand-deny-messages'
30 , 'fork'
31 , 'keysubdirs-as-groups'
32 , 'readme'
33 , (-d "$ENV{HOME}/local" ? 'repo-specific-hooks' : ())
34 , 'ssh-authkeys-split'
35 ));
36 '';
37 };
38 fileSystems."/var/lib/gitolite" = {
39 device = "${hostName}/var/git";
40 fsType = "zfs";
41 };
42 services.sanoid.datasets."${hostName}/var/git" = {
43 use_template = [ "snap" ];
44 daily = 7;
45 };
46 programs.git = {
47 enable = true;
48 package = pkgs.gitMinimal;
49 config = {
50 init.defaultBranch = "main";
51 };
52 };
53 }