hosts/losurdo/gitolite.nix

   1 { inputs, pkgs, lib, config, ... }:
   2 let
   3   inherit (lib) types;
   4   inherit (config) networking;
   5   inherit (config.services) gitolite;
   6   inherit (config.users) users groups;
   7   gitolite-admin = "julm";
   8 in
   9 {
  10 environment.systemPackages = [ pkgs.gitolite ];
  11 services.gitolite = {
  12   enable = true;
  13   user   = "git";
  14   group  = users."git-daemon".name;
  15   adminPubkey = builtins.readFile (inputs.secrets + "/members/ssh/julm.pub");
  16   extraGitoliteRc = ''
  17     $RC{UMASK}           = 0027; # NOTE: no quote around in Perl, so it's octal
  18     $RC{LOG_DEST}        = 'repo-log,syslog';
  19     $RC{LOG_FACILITY}    = 'local0';
  20     #$RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
  21     $RC{GIT_CONFIG_KEYS} = '.*';
  22     #$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
  23     #  if -d "$rc{GL_ADMIN_BASE}/local";
  24     $RC{LOCAL_CODE} = "$ENV{HOME}/local";
  25     push(@{$RC{ENABLE}}, ( 'Alias'
  26                          , 'cgit'
  27                            # NOTE: without this "cgit" option,
  28                            # the repositories' "description" files are not modified
  29                          , 'D'
  30                          , 'Shell ${gitolite-admin}'
  31                          , 'create'
  32                          , 'expand-deny-messages'
  33                          , 'fork'
  34                          , 'keysubdirs-as-groups'
  35                          , 'readme'
  36                          , (-d "$ENV{HOME}/local" ? 'repo-specific-hooks' : ())
  37                          , 'ssh-authkeys-split'
  38                          ));
  39   '';
  40 };
  41 fileSystems."/var/lib/gitolite" =
  42   { device = "rpool/var/git";
  43     fsType = "zfs";
  44   };
  45 }