]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/gitolite.nix
carotte: avoid compiling zfs-kernel, and enable gpg-agent
[sourcephile-nix.git] / hosts / losurdo / gitolite.nix
1 { pkgs, lib, config, inputs, hostName, ... }:
2 let
3 inherit (lib) types;
4 inherit (config) networking;
5 inherit (config.services) gitolite;
6 inherit (config.users) users groups;
7 gitolite-admin = "julm";
8 in
9 {
10 environment.systemPackages = [ pkgs.gitolite ];
11 services.gitolite = {
12 enable = true;
13 user = "git";
14 group = users."git".name;
15 adminPubkey =
16 builtins.readFile (inputs.secrets + "/members/ssh/julm.pub") +
17 builtins.readFile (inputs.secrets + "/members/ssh/julm-losurdo.pub");
18 extraGitoliteRc = ''
19 $RC{UMASK} = 0027; # NOTE: no quote around in Perl, so it's octal
20 $RC{LOG_DEST} = 'repo-log,syslog';
21 $RC{LOG_FACILITY} = 'local0';
22 #$RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
23 $RC{GIT_CONFIG_KEYS} = '.*';
24 #$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
25 # if -d "$rc{GL_ADMIN_BASE}/local";
26 $RC{LOCAL_CODE} = "$ENV{HOME}/local";
27 push(@{$RC{ENABLE}}, ( 'Alias'
28 , 'cgit'
29 # NOTE: without this "cgit" option,
30 # the repositories' "description" files are not modified
31 , 'D'
32 , 'Shell ${gitolite-admin}'
33 , 'create'
34 , 'expand-deny-messages'
35 , 'fork'
36 , 'keysubdirs-as-groups'
37 , 'readme'
38 , (-d "$ENV{HOME}/local" ? 'repo-specific-hooks' : ())
39 , 'ssh-authkeys-split'
40 ));
41 '';
42 };
43 fileSystems."/var/lib/gitolite" = {
44 device = "${hostName}/var/git";
45 fsType = "zfs";
46 };
47 services.sanoid.datasets."${hostName}/var/git" = {
48 use_template = [ "snap" ];
49 daily = 7;
50 };
51 }