1 files changed, 85 insertions, 0 deletions
diff --git a/module.nix b/module.nix
new file mode 100644
index 0000000..d1c519a
--- /dev/null
+++ b/module.nix
@@ -0,0 +1,85 @@
+{ pkgs, ps-cgit, ... }: {
+  boot.isContainer = true;
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  system.stateVersion = "26.05";
+  environment.systemPackages = with pkgs; [ gdb rr file ];
+
+  networking.useDHCP = false;
+  networking.firewall.allowedTCPPorts = [ 22 80 1234 ];
+
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [ "${builtins.readFile "/home/ps/.ssh/id_ed25519.pub"}" ];
+
+  users.users.git = {
+    isSystemUser = true;
+    group = "git";
+    home = "/srv/git";
+    createHome = true;
+    # homeMode = "750";
+    shell = "${pkgs.git}/bin/git-shell";
+    openssh.authorizedKeys.keys = [ "${builtins.readFile "/home/ps/.ssh/id_ed25519.pub"}" ];
+    packages = [ pkgs.git ];
+  };
+  users.groups.git = {};
+
+  services.fcgiwrap.instances.cgit = {
+    process.user = "git";
+    process.group = "root";
+    socket.user = "caddy";
+    socket.group = "caddy";
+  };
+
+  services.caddy.enable = true;
+  services.caddy.extraConfig = ''
+  http://ps-cgit {
+    rewrite /git /git/
+    handle_path /git/* {
+      handle_path /static/* {
+        file_server {
+          root ${ps-cgit}/cgit
+        }
+      }
+      handle {
+        reverse_proxy unix//run/fcgiwrap-cgit.sock {
+          transport fastcgi {
+            read_timeout 1h
+            env CGIT_CONFIG ${pkgs.writeText "cgitrc" ''
+              snapshots=tar tar.gz zip
+              enable-git-config=1
+              enable-index-owner=0
+              enable-log-filecount=1
+              enable-log-linecount=1
+              section-from-path=1
+              virtual-root=/git
+              css=/git/static/cgit.css
+              logo=/git/static/cgit.png
+              favicon=/git/static/favicon.ico
+              module-link=/git/%s/commit/?id=%s
+              clone-url=https://$HTTP_HOST/git/$CGIT_REPO_URL git://$HTTP_HOST/$CGIT_REPO_URL git@$HTTP_HOST:$CGIT_REPO_URL
+              noplainemail=1
+              repository-sort=age
+              about-filter=${pkgs.writeShellScript "markdown-filter" ''
+                echo '<div class="markdown-body">'
+                ${pkgs.md4c}/bin/md2html --github --ftables
+                echo '</div>'
+              ''}
+              # source-filter=${ps-cgit}/lib/cgit/filters/syntax-highlighting.py
+              head-include=${ps-cgit}/cgit/cgithub/head-include.html
+              footer=${ps-cgit}/cgit/cgithub/footer.html
+              readme=:readme.md
+              readme=:readme
+              root-readme=${pkgs.writeText "readme.md" ''
+                # my git repos
+              ''}
+              scan-path=/srv/git
+            ''}
+            env SCRIPT_FILENAME ${ps-cgit}/cgit/cgit.cgi
+          }
+        }
+      }
+    }
+  }
+  '';
+}