diff options
Diffstat (limited to 'nodes/snorlax/git.nix')
| -rw-r--r-- | nodes/snorlax/git.nix | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/nodes/snorlax/git.nix b/nodes/snorlax/git.nix new file mode 100644 index 0000000..e91afcb --- /dev/null +++ b/nodes/snorlax/git.nix @@ -0,0 +1,128 @@ +{ config, lib, pkgs, ... }: +let + home = "/persist/var/lib/git"; + repos = { + nixos = { + path = "${home}/nixos.git"; + desc = "My NixOS Configurations"; + owner = "jras"; + }; + + zettelkasten = { + path = "${home}/zettelkasten.git"; + desc = "Knowledge management system"; + owner = "jras"; + }; + + para = { + path = "${home}/para.git"; + desc = "PARA note taking system"; + owner = "jras"; + }; + + obsidian-wavez-theme = { + path = "${home}/obsidian-wavez-theme.git"; + desc = "The bordeaux theme for Obsidian"; + owner = "jras"; + }; + + astal-bar = { + path = "${home}/astal-bar.git"; + desc = "A wayland bar in jsx"; + owner = "jras"; + }; + + rustbook = { + path = "${home}/rustbook.git"; + desc = "Follow along exercises of the rust book"; + owner = "jras"; + }; + + genai = { + path = "${home}/genai.git"; + desc = "Generative AI fooling around"; + owner = "jras"; + }; + }; + + startScript = pkgs.writeShellScript "init-git-repos" '' + ${lib.concatMapStrings ({ path, ... }: "${pkgs.git}/bin/git init --bare --shared ${path} && cd ${path} && ${pkgs.git}/bin/git branch -m main \n") (builtins.attrValues repos)} + ''; +in +{ + networking.firewall.allowedTCPPorts = [ 80 8080 ]; + + services.cgit.snorlax = { + enable = true; + group = "git"; + repos = repos; + }; + + systemd.services.init-repos = { + description = "Initialize git repositories"; + wantedBy = [ "multi-user.target" ]; + restartTriggers = [ startScript ]; + + serviceConfig = { + Type = "oneshot"; + User = "git"; + Group = "git"; + ExecStart = startScript; + }; + }; + + users.groups.git = {}; + users.users.git = { + isNormalUser = true; + home = "${home}"; + homeMode = "0750"; + createHome = true; + shell = pkgs.zsh; + group = "git"; + openssh.authorizedKeys.keyFiles = [ + ../../keys/id_tarrel.pub + ../../keys/id_work.pub + ]; + packages = with pkgs; [ git ]; + }; + services.openssh.settings.AllowUsers = [ "git" ]; + + age.secrets= { + gitlab-init-root = { + file = ../../secrets/gitlab-init-root.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-db = { + file = ../../secrets/gitlab-db.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-jws = { + file = ../../secrets/gitlab-jws.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-otp = { + file = ../../secrets/gitlab-otp.age; + owner = "gitlab"; + group = "gitlab"; + }; + gitlab-secret = { + file = ../../secrets/gitlab-secret.age; + owner = "gitlab"; + group = "gitlab"; + }; + }; + + + services.gitlab = { + enable = true; + initialRootEmail = "jaspert.ras@gmail.com"; + initialRootPasswordFile = config.age.secrets.gitlab-init-root.path; + secrets.dbFile = config.age.secrets.gitlab-db.path; + secrets.jwsFile = config.age.secrets.gitlab-jws.path; + secrets.otpFile = config.age.secrets.gitlab-otp.path; + secrets.secretFile = config.age.secrets.gitlab-secret.path; + }; +} |