feat(ops/nixos/camden): Set up cgit service

Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
This commit is contained in:
Vincent Ambo 2020-02-12 01:04:12 +00:00
parent f60eb6c3c7
commit 8e52e74bd3

View file

@ -93,13 +93,23 @@ in pkgs.lib.fix(self: {
curl emacs26-nox gnupg pass pciutils direnv
]);
users.users.tazjin = {
users = {
# Set up my own user for logging in and doing things ...
users.tazjin = {
isNormalUser = true;
uid = 1000;
extraGroups = [ "wheel" ];
extraGroups = [ "git" "wheel" ];
shell = nixpkgs.fish;
};
# Set up a user & group for general git shenanigans
groups.git = {};
users.git = {
group = "git";
isNormalUser = false;
};
};
# Services setup
services.openssh.enable = true;
services.haveged.enable = true;
@ -121,6 +131,18 @@ in pkgs.lib.fix(self: {
} ;
};
# Run cgit for the depot. The onion here is nginx(thttpd(cgit)).
systemd.services.cgit = {
wantedBy = [ "multi-user.target" ];
script = "${pkgs.web.cgit-taz}/bin/cgit-launch";
serviceConfig = {
Restart = "on-failure";
User = "git";
Group = "git";
};
};
# serve my website
services.nginx = {
enable = true;