blob: d7ab3509f774d4324027f9c9ffce65ca99da1598 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
{ lib, pkgs, ... }: {
networking = {
firewall.allowedTCPPorts = [
# nginx
80
443
];
};
security.acme = {
defaults.email = "acme@fcuny.net";
acceptTerms = true;
};
# FIXME: I also ran the following as the git user:
# git config --global init.defaultBranch main
# to ensure that new repositories are created with the default
# branch set to `main'.
# TODO(fcuny): I could create the configuration file to set the default branch
services.gitolite = {
enable = true;
adminPubkey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
user = "git";
group = "git";
extraGitoliteRc = ''
# Make dirs/files group readable, needed for webserver/cgit. (Default
# setting is 0077.)
$RC{UMASK} = 0027;
$RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner';
$RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local";
push( @{$RC{ENABLE}}, 'symbolic-ref' );
'';
};
services.cgit.main = {
enable = true;
package = pkgs.cgit-pink;
user = "git";
group = "git";
nginx.virtualHost = "git.fcuny.net";
scanPath = "/var/lib/gitolite/repositories";
settings = {
css = "/cgit.css";
logo = "/cgit.png";
favicon = "/favicon.ico";
robots = "noindex, nofollow";
readme = ":README.md";
project-list = "/var/lib/gitolite/projects.list";
about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh";
source-filter =
"${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
clone-url =
(lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]);
enable-log-filecount = 1;
enable-log-linecount = 1;
enable-git-config = 1;
enable-blame = 1;
enable-commit-graph = 1;
enable-follow-links = 1;
enable-index-links = 1;
enable-remote-branches = 1;
enable-subject-links = 1;
enable-tree-linenumbers = 1;
max-atom-items = 108;
max-commit-count = 250;
max-repo-count = 500;
repository-sort = "age";
snapshots = "tar.gz";
root-title = "¯\\_(ツ)_/¯";
root-desc = "source code of my various projects";
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts = {
"fcuny.net" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = { root = "/srv/www/fcuny.net"; };
"/.well-known/acme-challenge" = {
root = "/var/lib/acme/acme-challenges";
};
};
};
"git.fcuny.net" = {
# make cgit the default site: if a request goes through nginx
# without a host header, this will be the default site we serve
# for that request.
default = true;
forceSSL = true;
enableACME = true;
locations = {
"/.well-known/acme-challenge" = {
root = "/var/lib/acme/acme-challenges";
};
};
};
};
};
services.restic.backups.git = {
user = "fcuny";
passwordFile = "/etc/restic.pw";
repository = "/srv/backups/git";
initialize = true;
paths = [ "/var/lib/gitolite" ];
exclude = [ "/var/lib/gitolite/.bash_history" "/var/lib/gitolite/.ssh" ];
extraBackupArgs = [ "--exclude-caches" "--compression=max" ];
timerConfig = { OnCalendar = "*:0/30"; };
pruneOpts = [
"--keep-hourly 36"
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 3"
];
};
}
|