init code.nomath.org

author: Alexander Foremny <aforemny@posteo.de> 2024-02-15 06:27:47 +0100
committer: Alexander Foremny <aforemny@posteo.de> 2024-02-19 05:19:37 +0100
commit: db8cb61d4a13fa861440379f4788a6524d880467 (patch)
tree: 043f798a9ecb149285e06aaa3e46f2850d5c6a00 /apps/cgit/integration.nix
parent: 59b9bf48851f85de8844d888de6c82dcfb4df5fa (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/apps/cgit/integration.nix b/apps/cgit/integration.nix
new file mode 100644
index 0000000..4107311
--- /dev/null
+++ b/apps/cgit/integration.nix
@@ -0,0 +1,21 @@
+{ appConfig, lib, pkgs, ... }:
+{
+  # TODO references ../../public
+  users.users.git.home = "/var/lib/git";
+  users.users.git.createHome = true;
+  users.users.git.shell = "${pkgs.git}/bin/git-shell";
+  users.users.git.openssh.authorizedKeys.keyFiles = [ ../../public/aforemny.id_rsa.pub ];
+
+  bindMounts."/var/lib/git".isReadOnly = false;
+
+  systemd.services."ensure-git-repositories".wantedBy = [ "multi-user.target" ];
+  systemd.services."ensure-git-repositories".script = "${pkgs.writers.writeDashBin "ensure-git-repositories" ''
+    set -efu
+    ${lib.concatLines (lib.mapAttrsToList (name: _: ''
+      test -e /var/lib/git/${lib.escapeShellArg name} || \
+        ${pkgs.git}/bin/git init --bare /var/lib/git/${lib.escapeShellArg name}
+    '') appConfig.repositories)}
+  ''}/bin/ensure-git-repositories";
+  systemd.services."ensure-git-repositories".serviceConfig.User = "git";
+  systemd.services."ensure-git-repositories".serviceConfig.Group = "nogroup";
+}
author	Alexander Foremny <aforemny@posteo.de>	2024-02-15 06:27:47 +0100
committer	Alexander Foremny <aforemny@posteo.de>	2024-02-19 05:19:37 +0100
commit	db8cb61d4a13fa861440379f4788a6524d880467 (patch)
tree	043f798a9ecb149285e06aaa3e46f2850d5c6a00 /apps/cgit/integration.nix
parent	59b9bf48851f85de8844d888de6c82dcfb4df5fa (diff)