From 274e08f50faffe1b8e4a760811b0a12450eae719 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Tue, 20 Feb 2024 19:00:53 +0100
Subject: Merge 'reorg' into 'main'

This patch moves in the reorganizational work done on the reorg branch,
mainly:

* Move host-specific modules into hosts/<host>/<module>
* Break up HM config

See the reorg branch for the individual commits.
---
 hosts/ahmed/git.linus.onl/about.html  |  5 +++
 hosts/ahmed/git.linus.onl/default.nix | 84 +++++++++++++++++++++++++++++++++++
 2 files changed, 89 insertions(+)
 create mode 100644 hosts/ahmed/git.linus.onl/about.html
 create mode 100644 hosts/ahmed/git.linus.onl/default.nix

(limited to 'hosts/ahmed/git.linus.onl')

diff --git a/hosts/ahmed/git.linus.onl/about.html b/hosts/ahmed/git.linus.onl/about.html
new file mode 100644
index 0000000..2d18ca4
--- /dev/null
+++ b/hosts/ahmed/git.linus.onl/about.html
@@ -0,0 +1,5 @@
+<p>Welcome! This is where i keep my public repositories.</p>
+<br>
+<br>
+<p>idk.</p>
+<p>what do i say here?</p>
diff --git a/hosts/ahmed/git.linus.onl/default.nix b/hosts/ahmed/git.linus.onl/default.nix
new file mode 100644
index 0000000..46c74e9
--- /dev/null
+++ b/hosts/ahmed/git.linus.onl/default.nix
@@ -0,0 +1,84 @@
+{
+  config,
+  pkgs,
+  metadata,
+  ...
+}: let
+  git-shell = "${pkgs.gitMinimal}/bin/git-shell";
+
+  # Enables HTTPS stuff.
+  useACME = true;
+
+  # Where repositories will be stored.
+  location = "/srv/git";
+in {
+  config = {
+    # Create a user which
+    # See: https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server
+    users.users.git = {
+      description = "Git server user";
+      isSystemUser = true;
+      group = "git";
+
+      # FIXME: Is serving the home-directory of a user (indirectly through CGit) a bad idea?
+      home = location;
+      createHome = false;
+
+      # Restrict this user to Git-related activities.
+      # See: https://git-scm.com/docs/git-shell
+      shell = git-shell;
+
+      # List of users who can ssh into this server and write to stuff. We add
+      # some restrictions on what users can do on the server. This works in
+      # tandem with the custom shell.
+      openssh.authorizedKeys.keys =
+        map (key: "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ${key}")
+        [
+          metadata.hosts.muhammed.sshPubKey
+        ];
+    };
+    users.groups.git = {};
+
+    environment.shells = [git-shell];
+
+    # Create repo directory. It must be readable to NGINX.
+    # NOTE: If location != "/srv/git" you may want to change this!
+    # See: https://git.zx2c4.com/cgit/about/faq#why-doesnt-cgit-findshow-my-repo
+    system.activationScripts.create-cgit-scan-path = ''
+      mkdir -p ${location}
+      chown ${toString config.users.users.git.name} ${location}
+      chgrp ${toString config.users.groups.git.name} ${location}
+      chmod 755 ${location}
+    '';
+
+    # Public git viewer.
+    services.cgit."git.linus.onl" = {
+      enable = true;
+      scanPath = location;
+      settings = {
+        root-title = "Linus' public projects";
+        root-desc = "hello yes this is the git server";
+        root-readme = toString ./about.html;
+      };
+      extraConfig = ''
+        readme=:README.md
+        readme=:README.rst
+        readme=:README.text
+        readme=:README.txt
+        readme=:readme.md
+        readme=:readme.rst
+        readme=:readme.text
+        readme=:readme.txt
+      '';
+    };
+
+    # Register domain name.
+    services.cloudflare-dyndns.domains = ["git.linus.onl"];
+
+    # The CGit service creates the virtual host, but it does not enable ACME.
+    services.nginx.virtualHosts."git.linus.onl" = {
+      enableACME = useACME;
+      forceSSL = useACME;
+    };
+  };
+}
-- 
cgit v1.2.3