about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@google.com>2020-02-12T01·04+0000
committerVincent Ambo <tazjin@google.com>2020-02-12T01·04+0000
commit8e52e74bd3d38e519c951aca8a5c4a4c89c609e5 (patch)
tree42e3e7f9a9353de0916c8f6261b8d0c306d2f3ce /ops
parentf60eb6c3c76347cc5ff304d018763b10d0116e55 (diff)
feat(ops/nixos/camden): Set up cgit service r/545
Adds a user & group which are configured to own the local depot copy,
and a cgit service to serve it.

The depot checkout was configured as:

  mkdir -p /var/git && chown git: /var/git

  # now, as the git user, in /var/git
  git clone --bare ... depot
  chmod -R g+rw /var/git
  chmod g+s (find /var/git -type d)
  git init --bare --shared=all depot

My personal user is a member of the git group, which means that after
the above configuration I can push to the bare repo as my user and
things work.

Also, crucially, the `post-update` hook must be enabled as cgit uses
the dumb HTTP transport.
Diffstat (limited to 'ops')
-rw-r--r--ops/nixos/camden/default.nix32
1 files changed, 27 insertions, 5 deletions
diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index 64f1e8d54dd5..9cecbcdccf0e 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -93,11 +93,21 @@ in pkgs.lib.fix(self: {
       curl emacs26-nox gnupg pass pciutils direnv
     ]);
 
-  users.users.tazjin = {
-    isNormalUser = true;
-    uid = 1000;
-    extraGroups = [ "wheel" ];
-    shell = nixpkgs.fish;
+  users = {
+    # Set up my own user for logging in and doing things ...
+    users.tazjin = {
+      isNormalUser = true;
+      uid = 1000;
+      extraGroups = [ "git" "wheel" ];
+      shell = nixpkgs.fish;
+    };
+
+    # Set up a user & group for general git shenanigans
+    groups.git = {};
+    users.git = {
+      group = "git";
+      isNormalUser = false;
+    };
   };
 
   # Services setup
@@ -121,6 +131,18 @@ in pkgs.lib.fix(self: {
     } ;
   };
 
+  # Run cgit for the depot. The onion here is nginx(thttpd(cgit)).
+  systemd.services.cgit = {
+    wantedBy = [ "multi-user.target" ];
+    script = "${pkgs.web.cgit-taz}/bin/cgit-launch";
+
+    serviceConfig = {
+      Restart = "on-failure";
+      User = "git";
+      Group = "git";
+    };
+  };
+
   # serve my website
   services.nginx = {
     enable = true;