dynamic nodes

1 files changed, 128 insertions, 0 deletions

diff --git a/nodes/snorlax/git.nix b/nodes/snorlax/git.nix
new file mode 100644
index 0000000..e91afcb
--- /dev/null
+++ b/nodes/snorlax/git.nix
@@ -0,0 +1,128 @@
+{ config, lib, pkgs, ... }:
+let
+  home = "/persist/var/lib/git";
+  repos = {
+    nixos = {
+      path = "${home}/nixos.git";
+      desc = "My NixOS Configurations";
+      owner = "jras";
+    };
+
+    zettelkasten = {
+      path = "${home}/zettelkasten.git";
+      desc = "Knowledge management system";
+      owner = "jras";
+    };
+
+    para = {
+      path = "${home}/para.git";
+      desc = "PARA note taking system";
+      owner = "jras";
+    };
+
+    obsidian-wavez-theme = {
+      path = "${home}/obsidian-wavez-theme.git";
+      desc = "The bordeaux theme for Obsidian";
+      owner = "jras";
+    };
+
+    astal-bar = {
+      path = "${home}/astal-bar.git";
+      desc = "A wayland bar in jsx";
+      owner = "jras";
+    };
+
+    rustbook = {
+      path = "${home}/rustbook.git";
+      desc = "Follow along exercises of the rust book";
+      owner = "jras";
+    };
+
+    genai = {
+      path = "${home}/genai.git";
+      desc = "Generative AI fooling around";
+      owner = "jras";
+    };
+  };
+
+  startScript = pkgs.writeShellScript "init-git-repos" ''
+  ${lib.concatMapStrings ({ path, ... }: "${pkgs.git}/bin/git init --bare --shared ${path} && cd ${path} && ${pkgs.git}/bin/git branch -m main \n") (builtins.attrValues repos)} 
+  '';
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 8080 ];
+
+  services.cgit.snorlax = {
+    enable = true;
+    group = "git";
+    repos = repos;
+  };
+
+  systemd.services.init-repos = {
+    description = "Initialize git repositories";
+    wantedBy = [ "multi-user.target" ];
+    restartTriggers = [ startScript ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      User = "git";
+      Group = "git";
+      ExecStart = startScript;
+    };
+  };
+
+  users.groups.git = {};
+  users.users.git = {
+    isNormalUser = true;
+    home = "${home}";
+    homeMode = "0750";
+    createHome = true;
+    shell = pkgs.zsh;
+    group = "git";
+    openssh.authorizedKeys.keyFiles = [
+      ../../keys/id_tarrel.pub
+      ../../keys/id_work.pub
+    ];
+    packages = with pkgs; [ git ];
+  };
+  services.openssh.settings.AllowUsers = [ "git" ];
+
+  age.secrets= {
+    gitlab-init-root = {
+      file = ../../secrets/gitlab-init-root.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+    gitlab-db = {
+      file = ../../secrets/gitlab-db.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+    gitlab-jws = {
+      file = ../../secrets/gitlab-jws.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+    gitlab-otp = {
+      file = ../../secrets/gitlab-otp.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+    gitlab-secret = {
+      file = ../../secrets/gitlab-secret.age;
+      owner = "gitlab";
+      group = "gitlab";
+    };
+  };
+
+
+  services.gitlab = {
+    enable = true;
+    initialRootEmail = "jaspert.ras@gmail.com";
+    initialRootPasswordFile = config.age.secrets.gitlab-init-root.path;
+    secrets.dbFile = config.age.secrets.gitlab-db.path;
+    secrets.jwsFile = config.age.secrets.gitlab-jws.path;
+    secrets.otpFile = config.age.secrets.gitlab-otp.path;
+    secrets.secretFile = config.age.secrets.gitlab-secret.path;
+  };
+}