{ pkgs, lib, ... }: { services.gitolite = { enable = true; adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; user = "git"; group = "git"; extraGitoliteRc = '' # Make dirs/files group readable, needed for webserver/cgit. (Default # setting is 0077.) $RC{UMASK} = 0027; $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner'; $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"; push( @{$RC{ENABLE}}, 'symbolic-ref' ); ''; }; # let's make sure the default branch is `main'. systemd.tmpfiles.rules = [ "C /var/lib/gitolite/.gitconfig - git git 0644 ${ pkgs.writeText "gitolite-gitconfig" '' [init] defaultBranch = main '' }" ]; services.cgit.main = { enable = true; package = pkgs.cgit-pink; user = "git"; group = "git"; nginx.virtualHost = "git.fcuny.net"; scanPath = "/var/lib/gitolite/repositories"; settings = { css = "/cgit.css"; logo = "/cgit.png"; favicon = "/favicon.ico"; robots = "noindex, nofollow"; # TODO readme.org readme = ":README.md"; project-list = "/var/lib/gitolite/projects.list"; about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; clone-url = (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]); enable-log-filecount = 1; enable-log-linecount = 1; enable-git-config = 1; enable-blame = 1; enable-commit-graph = 1; enable-follow-links = 1; enable-index-links = 1; enable-remote-branches = 1; enable-subject-links = 1; enable-tree-linenumbers = 1; max-atom-items = 108; max-commit-count = 250; max-repo-count = 500; repository-sort = "age"; snapshots = "tar.gz"; root-title = "¯\\_(ツ)_/¯"; root-desc = "source code of my various projects"; }; }; # TODO also rsync the backups to the nas # TODO need the ssh key for the nas for rsync ? age.secrets.restic = { file = ../../../secrets/restic-backups.age; owner = "root"; group = "root"; path = "/etc/restic/secret"; mode = "600"; }; # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix services.restic.backups.git = { passwordFile = "/etc/restic/secret"; repository = "/srv/backups/git"; initialize = true; paths = [ "/var/lib/gitolite" ]; exclude = [ "/var/lib/gitolite/.bash_history" "/var/lib/gitolite/.ssh" "/var/lib/gitolite/.viminfo" ]; extraBackupArgs = [ "--exclude-caches" "--compression=max" ]; timerConfig = { OnCalendar = "daily"; }; pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 3" ]; }; }