blob: 366c1f8cf43033a97fc6e47cf7b3a24480977e26 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
{ lib, pkgs, config, userDetails, ... }:
let
cfg = config.cgit;
in {
options = {
cgit = {
enable = lib.mkEnableOption "enables cgit service";
hostAddress = lib.mkOption {
type = lib.types.str;
description = "hostAddress for the container";
default = "10.0.1.1";
};
localAddress = lib.mkOption {
type = lib.types.str;
description = "localAddress for the container";
default = "10.0.1.2";
};
rootTitle = lib.mkOption {
type = lib.types.str;
description = "cgit site title";
default = "";
};
rootDesc = lib.mkOption {
type = lib.types.str;
description = "cgit site description";
default = "";
};
extraConfig = lib.mkOption {
type = lib.types.str;
description = "cgitrc lines inserted verbatim at the end";
default = "";
};
};
};
config = lib.mkIf cfg.enable {
# Configure cgit container
containers.cgit = {
autoStart = true;
privateNetwork = true;
hostAddress = cfg.hostAddress;
localAddress = cfg.localAddress;
specialArgs = {
authorizedKeys = userDetails.sshPublicKeys;
cgitrc = with cfg; {
inherit rootTitle;
inherit rootDesc;
inherit extraConfig;
};
};
config = { lib, config, authorizedKeys, cgitrc, ... }: {
# Create git user for ssh access
users.users.git = {
isNormalUser = true;
home = "/srv/git"; # Serve from git user's home to allow cloning git@cgit:repo
group = "git";
createHome = true;
homeMode = "750"; # Allow read permissions for group members
shell = pkgs.bash;
openssh.authorizedKeys.keys = authorizedKeys;
};
users.groups.git.members = [ "lighttpd" ]; # Create the git group and add lighttpd user as a member so /srv/git can be served by cgit
# Enable git
programs.git.enable = true;
# Enable ssh service
services.openssh.enable = true;
# Enable cgit service
services.lighttpd.enable = true;
services.lighttpd.cgit = {
enable = true;
#subdir = ""; # FIXME this does not work for some reason
configText = ''
# Based on joseluisq/alpine-cgit
root-title=${cgitrc.rootTitle}
root-desc=${cgitrc.rootDesc}
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
readme=:README.md
readme=:README.html
readme=:README.txt
readme=:README
readme=:INSTALL.md
readme=:INSTALL.html
readme=:INSTALL.txt
readme=:INSTALL
# Cache
#cache-root=/var/cache/cgit
#cache-size=2000
enable-index-links=1
enable-index-owner=0
enable-remote-branches=1
enable-log-filecount=1
enable-log-linecount=1
enable-git-config=1
snapshots=tar.xz zip
robots=noindex, nofollow
virtual-root=/cgit
section-from-path=0
max-repo-count=100
scan-path=/srv/git
# extra config
${cgitrc.extraConfig}
'';
};
# Networking, etc.
networking.firewall.allowedTCPPorts = [ 80 22 ];
networking.hostName = "cgit";
system.stateVersion = "25.05";
};
};
};
}
|
