hosts/ivy/services/git.nix (view raw)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
{ config, pkgs, ... }:
let
gitshell = pkgs.writeShellScriptBin "gitshell" ''
if [ "$1" = "-c" ]; then
CMD="$2"
if [[ $CMD =~ ^git-receive-pack\ (.*)$ ]]; then
REPO="''${BASH_REMATCH[1]}"
REPO="''${REPO#\'}"
REPO="''${REPO%\'}"
REPO_PATH="/var/lib/git-server/$REPO"
# init as bare repo if it doesnt exist
if [ ! -d "$REPO_PATH" ]; then
echo "Initializing new bare repository: $REPO" >&2
${pkgs.git}/bin/git init --bare -b main "$REPO_PATH" >&2
fi
fi
fi
exec ${pkgs.git}/bin/git-shell "$@"
'';
in
{
users.groups.git = { };
users.users.git = {
isSystemUser = true;
group = "git";
home = "/var/lib/git-server";
createHome = true;
shell = "${gitshell}/bin/git-auto-init-shell";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDXt8vkpi9jOp9dCjoS8u0dC4fDdgb73w8z7VNI42FB did:web:vt3e.cat"
];
};
services.openssh.extraConfig = ''
Match user git
AllowTcpForwarding no
AllowAgentForwarding no
PasswordAuthentication no
PermitTTY no
X11Forwarding no
'';
services.legit = {
enable = true;
user = "git";
group = "git";
settings = {
server = {
name = "192.168.1.107";
host = "0.0.0.0";
port = config.svports.legit;
};
meta = {
title = "git";
description = "bweh";
};
repo = {
scanPath = "/var/lib/git-server";
ignore = [
".vscode-server"
];
mainBranch = [
"main"
"master"
];
readme = [
"README.md"
"README"
];
};
};
};
}
|