From 8e52e74bd3d38e519c951aca8a5c4a4c89c609e5 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Wed, 12 Feb 2020 01:04:12 +0000 Subject: [PATCH] feat(ops/nixos/camden): Set up cgit service Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport. --- ops/nixos/camden/default.nix | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix index 64f1e8d54..9cecbcdcc 100644 --- a/ops/nixos/camden/default.nix +++ b/ops/nixos/camden/default.nix @@ -93,11 +93,21 @@ in pkgs.lib.fix(self: { curl emacs26-nox gnupg pass pciutils direnv ]); - users.users.tazjin = { - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" ]; - shell = nixpkgs.fish; + users = { + # Set up my own user for logging in and doing things ... + users.tazjin = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "git" "wheel" ]; + shell = nixpkgs.fish; + }; + + # Set up a user & group for general git shenanigans + groups.git = {}; + users.git = { + group = "git"; + isNormalUser = false; + }; }; # Services setup @@ -121,6 +131,18 @@ in pkgs.lib.fix(self: { } ; }; + # Run cgit for the depot. The onion here is nginx(thttpd(cgit)). + systemd.services.cgit = { + wantedBy = [ "multi-user.target" ]; + script = "${pkgs.web.cgit-taz}/bin/cgit-launch"; + + serviceConfig = { + Restart = "on-failure"; + User = "git"; + Group = "git"; + }; + }; + # serve my website services.nginx = { enable = true;