]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/gitolite.nix
nix: comment .envrc
[sourcephile-nix.git] / servers / mermet / gitolite.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (builtins) readFile;
4 inherit (builtins.extraBuiltins) pass;
5 inherit (lib) types;
6 inherit (config) networking;
7 inherit (config.services) gitolite;
8 inherit (config.users) users groups;
9 gitolite-admin = "julm";
10 in
11 {
12 # Make confortable to call gitolite from a shell
13 # (but mind to prefix it by sudo -u git)
14 environment.systemPackages = [ pkgs.gitolite ];
15
16 services = {
17 gitolite = {
18 enable = true;
19 user = "git";
20 group = users."git-daemon".name;
21 adminPubkey = (readFile ../../../sec/ssh/julm.pub);
22 extraGitoliteRc = ''
23 $RC{UMASK} = 0027; # NOTE: no quote around in Perl, so it's octal
24 $RC{LOG_DEST} = 'repo-log,syslog';
25 $RC{LOG_FACILITY} = 'local0';
26 #$RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
27 $RC{GIT_CONFIG_KEYS} = '.*';
28 #$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
29 # if -d "$rc{GL_ADMIN_BASE}/local";
30 $RC{LOCAL_CODE} = "$ENV{HOME}/local";
31 push(@{$RC{ENABLE}}, ( 'Alias'
32 , 'cgit'
33 # NOTE: without this "cgit" option,
34 # the repositories' "description" files are not modified
35 , 'D'
36 , 'Shell ${gitolite-admin}'
37 , 'create'
38 , 'expand-deny-messages'
39 , 'fork'
40 , 'keysubdirs-as-groups'
41 , 'readme'
42 , (-d "$ENV{HOME}/local" ? 'repo-specific-hooks' : ())
43 , 'ssh-authkeys-split'
44 ));
45 '';
46 };
47 };
48 systemd.services.gitolite-init = {
49 preStart = ''
50 # Allow git-daemon to enter ~git
51 chmod g+x "${gitolite.dataDir}"
52 install -D -d -o ${gitolite.user} -g ${gitolite.group} -m 750 \
53 ${gitolite.dataDir}/local \
54 ${gitolite.dataDir}/local/hooks \
55 ${gitolite.dataDir}/local/hooks/common \
56 ${gitolite.dataDir}/local/hooks/repo-specific
57 '';
58 };
59 systemd.services.git-daemon = {
60 # NOTE: not using nixpkgs' gitDaemon, to avoid running it as root.
61 after = [ "network.target" ];
62 wantedBy = [ "multi-user.target" ];
63 serviceConfig = {
64 User = users."git-daemon".name;
65 Group = groups."git-daemon".name;
66 Restart = "always";
67 RestartSec = 5;
68 };
69 script = "${pkgs.git}/bin/git daemon --verbose --reuseaddr"
70 + " --base-path=${gitolite.dataDir}/repositories"
71 #+ (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ")
72 #+ "--port=${toString cfg.port} "
73 ;
74 };
75 users.users."git-daemon" = {
76 uid = config.ids.uids.git;
77 description = "Git daemon user";
78 };
79 }