feat(ops/nixos/camden): Set up cgit service
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport.
This commit is contained in:
parent
f60eb6c3c7
commit
8e52e74bd3
1 changed files with 27 additions and 5 deletions
|
@ -93,13 +93,23 @@ in pkgs.lib.fix(self: {
|
|||
curl emacs26-nox gnupg pass pciutils direnv
|
||||
]);
|
||||
|
||||
users.users.tazjin = {
|
||||
users = {
|
||||
# Set up my own user for logging in and doing things ...
|
||||
users.tazjin = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [ "wheel" ];
|
||||
extraGroups = [ "git" "wheel" ];
|
||||
shell = nixpkgs.fish;
|
||||
};
|
||||
|
||||
# Set up a user & group for general git shenanigans
|
||||
groups.git = {};
|
||||
users.git = {
|
||||
group = "git";
|
||||
isNormalUser = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Services setup
|
||||
services.openssh.enable = true;
|
||||
services.haveged.enable = true;
|
||||
|
@ -121,6 +131,18 @@ in pkgs.lib.fix(self: {
|
|||
} ;
|
||||
};
|
||||
|
||||
# Run cgit for the depot. The onion here is nginx(thttpd(cgit)).
|
||||
systemd.services.cgit = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
script = "${pkgs.web.cgit-taz}/bin/cgit-launch";
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
User = "git";
|
||||
Group = "git";
|
||||
};
|
||||
};
|
||||
|
||||
# serve my website
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in a new issue