initial commit

3 files changed, 114 insertions, 0 deletions

diff --git a/aphrodite/devops/default.nix b/aphrodite/devops/default.nix
new file mode 100644
index 0000000..74fb9aa
--- /dev/null
+++ b/aphrodite/devops/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./docker.nix
+    ./git.nix
+  ];
+}
diff --git a/aphrodite/devops/docker.nix b/aphrodite/devops/docker.nix
new file mode 100644
index 0000000..cb53fcb
--- /dev/null
+++ b/aphrodite/devops/docker.nix
@@ -0,0 +1,13 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    docker-compose
+  ];
+  virtualisation = {
+    docker = {
+      enable = true;
+      storageDriver = "btrfs";
+      autoPrune.enable = true;
+    };
+    oci-containers.backend = "docker";
+  };
+}
diff --git a/aphrodite/devops/git.nix b/aphrodite/devops/git.nix
new file mode 100644
index 0000000..7b2800b
--- /dev/null
+++ b/aphrodite/devops/git.nix
@@ -0,0 +1,95 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  domain = "git.${config.customOps.domain.fqdn}";
+  cgitPatched = pkgs.fetchpatch2 {
+    url = "https://git.zx2c4.com/cgit/patch/?id=601ba0f25d6d9df488a5a37c7877818ac47966b0";
+    sha256 = "sha256-yW54g40Bj2QxUwj4KZUjHMT1JGvVKW7o16NM83XDqsQ=";
+  };
+in {
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+    config = {
+      init = {
+        defaultBranch = "main";
+      };
+    };
+  };
+
+  services.gitolite = {
+    enable = true;
+    user = "git";
+    group = "git";
+    adminPubkey = config.customOps.owner.pubkey;
+    extraGitoliteRc = ''
+      %RC = (
+        UMASK            =>  0027,
+        GIT_CONFIG_KEYS  =>  '.*',
+        LOG_EXTRA        =>  1,
+        ROLES => {
+          READERS        =>  1,
+          WRITERS        =>  1,
+        },
+        ENABLE => [
+          'help',
+          'desc',
+          'info',
+          'perms',
+          'writable',
+          'ssh-authkeys',
+          'git-config',
+          'daemon',
+          'gitweb',
+        ],
+      );
+    '';
+  };
+
+  services.cgit.${domain} = {
+    enable = true;
+    package = pkgs.cgit.overrideAttrs (old: {
+      patches = (old.patches or []) ++ [cgitPatched];
+    });
+    user = "git";
+    group = "git";
+    gitHttpBackend = {
+      enable = true;
+      checkExportOkFiles = true;
+    };
+    scanPath = "${config.services.gitolite.dataDir}/repositories";
+    settings = {
+      root-title = domain;
+      root-desc = "toufy's project repositories";
+      snapshots = "tar.gz zip";
+      clone-url = "https://${domain}/$CGIT_REPO_URL";
+      enable-index-owner = true;
+      enable-index-links = true;
+      remove-suffix = true;
+      enable-blame = true;
+      enable-commit-graph = true;
+      enable-log-filecount = true;
+      enable-log-linecount = true;
+      strict-export = "git-daemon-export-ok";
+      branch-sort = "age";
+      virtual-root = "/";
+      enable-git-config = true;
+      "mimetype.gif" = "image/gif";
+      "mimetype.html" = "text/html";
+      "mimetype.jpg" = "image/jpeg";
+      "mimetype.jpeg" = "image/jpeg";
+      "mimetype.pdf" = "application/pdf";
+      "mimetype.png" = "image/png";
+      "mimetype.svg" = "image/svg+xml";
+      readme = ":README.md";
+      project-list = "${config.services.gitolite.dataDir}/projects.list";
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
+  };
+}