diff options
author | Vincent Ambo <tazjin@google.com> | 2020-02-12T01·04+0000 |
---|---|---|
committer | Vincent Ambo <tazjin@google.com> | 2020-02-12T01·04+0000 |
commit | 8e52e74bd3d38e519c951aca8a5c4a4c89c609e5 (patch) | |
tree | 42e3e7f9a9353de0916c8f6261b8d0c306d2f3ce /ops/nixos/camden/default.nix | |
parent | f60eb6c3c76347cc5ff304d018763b10d0116e55 (diff) |
feat(ops/nixos/camden): Set up cgit service r/545
Adds a user & group which are configured to own the local depot copy, and a cgit service to serve it. The depot checkout was configured as: mkdir -p /var/git && chown git: /var/git # now, as the git user, in /var/git git clone --bare ... depot chmod -R g+rw /var/git chmod g+s (find /var/git -type d) git init --bare --shared=all depot My personal user is a member of the git group, which means that after the above configuration I can push to the bare repo as my user and things work. Also, crucially, the `post-update` hook must be enabled as cgit uses the dumb HTTP transport.
Diffstat (limited to 'ops/nixos/camden/default.nix')
-rw-r--r-- | ops/nixos/camden/default.nix | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix index 64f1e8d54dd5..9cecbcdccf0e 100644 --- a/ops/nixos/camden/default.nix +++ b/ops/nixos/camden/default.nix @@ -93,11 +93,21 @@ in pkgs.lib.fix(self: { curl emacs26-nox gnupg pass pciutils direnv ]); - users.users.tazjin = { - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" ]; - shell = nixpkgs.fish; + users = { + # Set up my own user for logging in and doing things ... + users.tazjin = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "git" "wheel" ]; + shell = nixpkgs.fish; + }; + + # Set up a user & group for general git shenanigans + groups.git = {}; + users.git = { + group = "git"; + isNormalUser = false; + }; }; # Services setup @@ -121,6 +131,18 @@ in pkgs.lib.fix(self: { } ; }; + # Run cgit for the depot. The onion here is nginx(thttpd(cgit)). + systemd.services.cgit = { + wantedBy = [ "multi-user.target" ]; + script = "${pkgs.web.cgit-taz}/bin/cgit-launch"; + + serviceConfig = { + Restart = "on-failure"; + User = "git"; + Group = "git"; + }; + }; + # serve my website services.nginx = { enable = true; |