1 files changed, 71 insertions, 0 deletions

diff --git a/modules/snorlax/git.nix b/modules/snorlax/git.nix
new file mode 100644
index 0000000..a24c26a
--- /dev/null
+++ b/modules/snorlax/git.nix
@@ -0,0 +1,71 @@
+{ lib, pkgs, ... }:
+let
+  home = "/var/lib/git";
+  repos = {
+    nixos = {
+      path = "${home}/nixos.git";
+      desc = "My NixOS Configurations";
+      owner = "jras";
+    };
+
+    notes = {
+      path = "${home}/notes.git";
+      desc = "My notes";
+      owner = "jras";
+    };
+
+    obsidian-wavez-theme = {
+      path = "${home}/obsidian-wavez-theme.git";
+      desc = "The bordeaux theme for Obsidian";
+      owner = "jras";
+    };
+
+    astal-bar = {
+      path = "${home}/astal-bar.git";
+      desc = "A wayland bar in jsx";
+      owner = "jras";
+    };
+  };
+
+  startScript = pkgs.writeShellScript "init-git-repos" ''
+  ${lib.concatMapStrings ({ path, ... }: "${pkgs.git}/bin/git init --bare --shared ${path} && cd ${path} && ${pkgs.git}/bin/git branch -m main \n") (builtins.attrValues repos)} 
+  '';
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  services.cgit.snorlax = {
+    enable = true;
+    group = "git";
+    repos = repos;
+  };
+
+  systemd.services.init-repos = {
+    description = "Initialize git repositories";
+    wantedBy = [ "multi-user.target" ];
+    restartTriggers = [ startScript ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      User = "git";
+      Group = "git";
+      ExecStart = startScript;
+    };
+  };
+
+  users.groups.git = {};
+  users.users.git = {
+    isNormalUser = true;
+    home = "${home}";
+    homeMode = "0750";
+    createHome = true;
+    shell = pkgs.zsh;
+    group = "git";
+    openssh.authorizedKeys.keyFiles = [
+      ../../keys/id_tarrel.pub
+      ../../keys/id_work.pub
+    ];
+    packages = with pkgs; [ git ];
+  };
+  services.openssh.settings.AllowUsers = [ "git" ];
+}