5 files changed, 83 insertions, 0 deletions

diff --git a/apps/cgit/appspec.nix b/apps/cgit/appspec.nix
new file mode 100644
index 0000000..8ea967c
--- /dev/null
+++ b/apps/cgit/appspec.nix
@@ -0,0 +1,28 @@
+{ fysilib, lib, ... }: {
+  description = "cgit";
+  endOfLife = null;
+  options = {
+    domain = lib.mkOption {
+      description = "Domain of cgit instance";
+      type = fysilib.types.fqdn;
+    };
+    repositories = lib.mkOption {
+      type = fysilib.types.attrsOf (fysilib.types.submodule {
+        options = {
+          name = lib.mkOption {
+            default = null;
+            type = fysilib.types.pathComponent;
+          };
+          description = lib.mkOption {
+            default = null;
+            type = fysilib.types.nullOr fysilib.types.str;
+          };
+        };
+      });
+    };
+    settings = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.oneOf [ lib.types.bool lib.types.int lib.types.str ]);
+      default = { };
+    };
+  };
+}
diff --git a/apps/cgit/integration.nix b/apps/cgit/integration.nix
new file mode 100644
index 0000000..4107311
--- /dev/null
+++ b/apps/cgit/integration.nix
@@ -0,0 +1,21 @@
+{ appConfig, lib, pkgs, ... }:
+{
+  # TODO references ../../public
+  users.users.git.home = "/var/lib/git";
+  users.users.git.createHome = true;
+  users.users.git.shell = "${pkgs.git}/bin/git-shell";
+  users.users.git.openssh.authorizedKeys.keyFiles = [ ../../public/aforemny.id_rsa.pub ];
+
+  bindMounts."/var/lib/git".isReadOnly = false;
+
+  systemd.services."ensure-git-repositories".wantedBy = [ "multi-user.target" ];
+  systemd.services."ensure-git-repositories".script = "${pkgs.writers.writeDashBin "ensure-git-repositories" ''
+    set -efu
+    ${lib.concatLines (lib.mapAttrsToList (name: _: ''
+      test -e /var/lib/git/${lib.escapeShellArg name} || \
+        ${pkgs.git}/bin/git init --bare /var/lib/git/${lib.escapeShellArg name}
+    '') appConfig.repositories)}
+  ''}/bin/ensure-git-repositories";
+  systemd.services."ensure-git-repositories".serviceConfig.User = "git";
+  systemd.services."ensure-git-repositories".serviceConfig.Group = "nogroup";
+}
diff --git a/apps/cgit/module.nix b/apps/cgit/module.nix
new file mode 100644
index 0000000..106764b
--- /dev/null
+++ b/apps/cgit/module.nix
@@ -0,0 +1,16 @@
+{ appConfig, config, lib, pkgs, ... }:
+{
+  services.cgit.default.enable = true;
+  services.cgit.default.nginx.virtualHost = appConfig.domain;
+  services.cgit.default.repos = lib.mapAttrs
+    (name: attrs: {
+      desc = attrs.description;
+      path = "/var/lib/git/${name}";
+    })
+    appConfig.repositories;
+  services.cgit.default.settings = appConfig.settings;
+
+  users.users.git.isSystemUser = true;
+  users.users.git.home = "/var/lib/git";
+  users.users.git.group = "nogroup";
+}
diff --git a/apps/static-website/appspec.nix b/apps/static-website/appspec.nix
new file mode 100644
index 0000000..c7e919e
--- /dev/null
+++ b/apps/static-website/appspec.nix
@@ -0,0 +1,14 @@
+{ fysilib, lib, ... }: {
+  description = "static website";
+  endOfLife = null;
+  options = {
+    domain = lib.mkOption {
+      description = "Domain of the website";
+      type = fysilib.types.fqdn;
+    };
+    root = lib.mkOption {
+      description = "Domain of the website";
+      type = fysilib.types.str;
+    };
+  };
+}
diff --git a/apps/static-website/module.nix b/apps/static-website/module.nix
new file mode 100644
index 0000000..659dfad
--- /dev/null
+++ b/apps/static-website/module.nix
@@ -0,0 +1,4 @@
+{ appConfig, ... }: {
+  services.nginx.enable = true;
+  services.nginx.virtualHosts.${appConfig.domain}.locations."/".root = appConfig.root;
+}