diff options
| author | patrick-scho | 2025-12-03 18:24:26 +0100 |
|---|---|---|
| committer | patrick-scho | 2025-12-03 18:24:26 +0100 |
| commit | 50fae6ee55042b91841717133a42944c106fad5c (patch) | |
| tree | 3e6705b8f942fbbe17b1c4a4381c4f519044b446 | |
| parent | 091bab2e3e6fbbb5e8ff5b158fdef64fd4d5fae4 (diff) | |
| download | ps-cgit-50fae6ee55042b91841717133a42944c106fad5c.tar.gz ps-cgit-50fae6ee55042b91841717133a42944c106fad5c.zip | |
add container to flake
| -rw-r--r-- | flake.nix | 90 |
1 files changed, 90 insertions, 0 deletions
@@ -45,6 +45,96 @@ }) { } ) { }; }); + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + [ ({ pkgs, ... }: { + boot.isContainer = true; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + system.stateVersion = "26.05"; + + networking.useDHCP = false; + networking.firewall.allowedTCPPorts = [ 22 80 ]; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ "${builtins.readFile "/home/ps/.ssh/id_ed25519.pub"}" ]; + + users.users.git = { + isSystemUser = true; + group = "git"; + home = "/srv/git"; + createHome = true; + # homeMode = "750"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = [ "${builtins.readFile "/home/ps/.ssh/id_ed25519.pub"}" ]; + packages = [ pkgs.git ]; + }; + users.groups.git = {}; + + services.fcgiwrap.instances.cgit = { + process.user = "git"; + process.group = "root"; + socket.user = "caddy"; + socket.group = "caddy"; + }; + + services.caddy.enable = true; + services.caddy.extraConfig = '' + http://10.233.2.2 { + handle_path /git/* { + handle_path /static/* { + file_server { + root ${self.packages.${pkgs.stdenv.hostPlatform.system}.default}/cgit + } + } + handle { + reverse_proxy unix//run/fcgiwrap-cgit.sock { + transport fastcgi { + env CGIT_CONFIG ${pkgs.writeText "cgitrc" '' + snapshots=tar tar.gz zip + enable-git-config=1 + enable-index-owner=0 + enable-log-filecount=1 + enable-log-linecount=1 + section-from-path=1 + virtual-root=/git + css=/git/static/cgit.css + logo=/git/static/cgit.png + favicon=/git/static/favicon.ico + module-link=/git/%s/commit/?id=%s + clone-url=https://$HTTP_HOST/git/$CGIT_REPO_URL git://$HTTP_HOST/$CGIT_REPO_URL git@$HTTP_HOST:$CGIT_REPO_URL + noplainemail=1 + repository-sort=age + about-filter=${pkgs.writeShellScript "markdown-filter" '' + echo '<div class="markdown-body">' + ${pkgs.md4c}/bin/md2html --github --ftables + echo '</div>' + ''} + # source-filter=${self.packages.${pkgs.stdenv.hostPlatform.system}.default}/lib/cgit/filters/syntax-highlighting.py + head-include=${self.packages.${pkgs.stdenv.hostPlatform.system}.default}/cgit/cgithub/head-include.html + footer=${self.packages.${pkgs.stdenv.hostPlatform.system}.default}/cgit/cgithub/footer.html + readme=:readme.md + readme=:Readme.md + readme=:ReadMe.md + readme=:README.md + root-readme=:${pkgs.writeText "readme.md" '' + # my git repos + ''} + scan-path=/srv/git + ''} + env SCRIPT_FILENAME ${self.packages.${pkgs.stdenv.hostPlatform.system}.default}/cgit/cgit.cgi + } + } + } + } + } + ''; + }) + ]; + }; + }; } |