From c7349e466fef7ecff5a46b1d0c819975a6bdcb8c Mon Sep 17 00:00:00 2001 From: toufic ar Date: Wed, 22 Apr 2026 14:08:19 +0300 Subject: initial commit --- aphrodite/devops/default.nix | 6 +++ aphrodite/devops/docker.nix | 13 ++++++ aphrodite/devops/git.nix | 95 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+) create mode 100644 aphrodite/devops/default.nix create mode 100644 aphrodite/devops/docker.nix create mode 100644 aphrodite/devops/git.nix (limited to 'aphrodite/devops') diff --git a/aphrodite/devops/default.nix b/aphrodite/devops/default.nix new file mode 100644 index 0000000..74fb9aa --- /dev/null +++ b/aphrodite/devops/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./docker.nix + ./git.nix + ]; +} diff --git a/aphrodite/devops/docker.nix b/aphrodite/devops/docker.nix new file mode 100644 index 0000000..cb53fcb --- /dev/null +++ b/aphrodite/devops/docker.nix @@ -0,0 +1,13 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + docker-compose + ]; + virtualisation = { + docker = { + enable = true; + storageDriver = "btrfs"; + autoPrune.enable = true; + }; + oci-containers.backend = "docker"; + }; +} diff --git a/aphrodite/devops/git.nix b/aphrodite/devops/git.nix new file mode 100644 index 0000000..7b2800b --- /dev/null +++ b/aphrodite/devops/git.nix @@ -0,0 +1,95 @@ +{ + config, + pkgs, + ... +}: let + domain = "git.${config.customOps.domain.fqdn}"; + cgitPatched = pkgs.fetchpatch2 { + url = "https://git.zx2c4.com/cgit/patch/?id=601ba0f25d6d9df488a5a37c7877818ac47966b0"; + sha256 = "sha256-yW54g40Bj2QxUwj4KZUjHMT1JGvVKW7o16NM83XDqsQ="; + }; +in { + programs.git = { + enable = true; + lfs.enable = true; + config = { + init = { + defaultBranch = "main"; + }; + }; + }; + + services.gitolite = { + enable = true; + user = "git"; + group = "git"; + adminPubkey = config.customOps.owner.pubkey; + extraGitoliteRc = '' + %RC = ( + UMASK => 0027, + GIT_CONFIG_KEYS => '.*', + LOG_EXTRA => 1, + ROLES => { + READERS => 1, + WRITERS => 1, + }, + ENABLE => [ + 'help', + 'desc', + 'info', + 'perms', + 'writable', + 'ssh-authkeys', + 'git-config', + 'daemon', + 'gitweb', + ], + ); + ''; + }; + + services.cgit.${domain} = { + enable = true; + package = pkgs.cgit.overrideAttrs (old: { + patches = (old.patches or []) ++ [cgitPatched]; + }); + user = "git"; + group = "git"; + gitHttpBackend = { + enable = true; + checkExportOkFiles = true; + }; + scanPath = "${config.services.gitolite.dataDir}/repositories"; + settings = { + root-title = domain; + root-desc = "toufy's project repositories"; + snapshots = "tar.gz zip"; + clone-url = "https://${domain}/$CGIT_REPO_URL"; + enable-index-owner = true; + enable-index-links = true; + remove-suffix = true; + enable-blame = true; + enable-commit-graph = true; + enable-log-filecount = true; + enable-log-linecount = true; + strict-export = "git-daemon-export-ok"; + branch-sort = "age"; + virtual-root = "/"; + enable-git-config = true; + "mimetype.gif" = "image/gif"; + "mimetype.html" = "text/html"; + "mimetype.jpg" = "image/jpeg"; + "mimetype.jpeg" = "image/jpeg"; + "mimetype.pdf" = "application/pdf"; + "mimetype.png" = "image/png"; + "mimetype.svg" = "image/svg+xml"; + readme = ":README.md"; + project-list = "${config.services.gitolite.dataDir}/projects.list"; + }; + }; + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + }; +} -- cgit v1.2.3