-{ pkgs, lib, config, inputs, hostName, ... }:
+{ pkgs, lib, config, hostName, ... }:
let
- inherit (lib) types;
- inherit (config) networking;
- inherit (config.services) gitolite;
- inherit (config.users) users groups;
+ inherit (config.users) users;
gitolite-admin = "julm";
in
{
-environment.systemPackages = [ pkgs.gitolite ];
-services.gitolite = {
- enable = true;
- user = "git";
- group = users."git".name;
- adminPubkey =
- builtins.readFile (inputs.secrets + "/members/ssh/julm.pub") +
- builtins.readFile (inputs.secrets + "/members/ssh/julm-losurdo.pub");
- extraGitoliteRc = ''
- $RC{UMASK} = 0027; # NOTE: no quote around in Perl, so it's octal
- $RC{LOG_DEST} = 'repo-log,syslog';
- $RC{LOG_FACILITY} = 'local0';
- #$RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
- $RC{GIT_CONFIG_KEYS} = '.*';
- #$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
- # if -d "$rc{GL_ADMIN_BASE}/local";
- $RC{LOCAL_CODE} = "$ENV{HOME}/local";
- push(@{$RC{ENABLE}}, ( 'Alias'
- , 'cgit'
- # NOTE: without this "cgit" option,
- # the repositories' "description" files are not modified
- , 'D'
- , 'Shell ${gitolite-admin}'
- , 'create'
- , 'expand-deny-messages'
- , 'fork'
- , 'keysubdirs-as-groups'
- , 'readme'
- , (-d "$ENV{HOME}/local" ? 'repo-specific-hooks' : ())
- , 'ssh-authkeys-split'
- ));
- '';
-};
-fileSystems."/var/lib/gitolite" = {
- device = "${hostName}/var/git";
- fsType = "zfs";
-};
-services.sanoid.datasets."${hostName}/var/git" = {
- use_template = [ "snap" ];
- daily = 7;
-};
+ environment.systemPackages = [ pkgs.gitolite ];
+ services.gitolite = {
+ enable = true;
+ user = "git";
+ group = users."git".name;
+ adminPubkey = lib.concatStringsSep "\n" users.${gitolite-admin}.openssh.authorizedKeys.keys;
+ extraGitoliteRc = ''
+ $RC{UMASK} = 0027; # NOTE: no quote around in Perl, so it's octal
+ $RC{LOG_DEST} = 'repo-log,syslog';
+ $RC{LOG_FACILITY} = 'local0';
+ #$RC{GIT_CONFIG_KEYS} = 'hooks.* gitweb.*';
+ $RC{GIT_CONFIG_KEYS} = '.*';
+ #$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"
+ # if -d "$rc{GL_ADMIN_BASE}/local";
+ $RC{LOCAL_CODE} = "$ENV{HOME}/local";
+ push(@{$RC{ENABLE}}, ( 'Alias'
+ , 'cgit'
+ # NOTE: without this "cgit" option,
+ # the repositories' "description" files are not modified
+ , 'D'
+ , 'Shell ${gitolite-admin}'
+ , 'create'
+ , 'expand-deny-messages'
+ , 'fork'
+ , 'keysubdirs-as-groups'
+ , 'readme'
+ , (-d "$ENV{HOME}/local" ? 'repo-specific-hooks' : ())
+ , 'ssh-authkeys-split'
+ ));
+ '';
+ };
+ fileSystems."/var/lib/gitolite" = {
+ device = "${hostName}/var/git";
+ fsType = "zfs";
+ };
+ services.sanoid.datasets."${hostName}/var/git" = {
+ use_template = [ "snap" ];
+ daily = 7;
+ };
+ programs.git = {
+ enable = true;
+ package = pkgs.gitMinimal;
+ config = {
+ init.defaultBranch = "main";
+ };
+ };
}