From 4d092e9a574e869503670a9dd927dd4c376a6f9d Mon Sep 17 00:00:00 2001 From: Patrick Date: Sun, 22 Feb 2026 23:44:49 +0100 Subject: update flake.nix --- flake.nix | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 108 insertions(+), 18 deletions(-) diff --git a/flake.nix b/flake.nix index 620145e..2c90ae2 100644 --- a/flake.nix +++ b/flake.nix @@ -3,24 +3,16 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + extra-container.url = "github:erikarvstedt/extra-container"; }; - outputs = { self, nixpkgs }: - let - forAllSystems = nixpkgs.lib.genAttrs [ - "x86_64-linux" - "aarch64-linux" - "x86_64-darwin" - "aarch64-darwin" - ]; - in - { - packages = forAllSystems (system: + outputs = { self, nixpkgs, extra-container }: + extra-container.lib.eachSupportedSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; in { - default = pkgs.callPackage ({ lib, fetchurl, callPackage, luajit, nixosTests }: + packages.default = pkgs.callPackage ({ lib, fetchurl, callPackage, luajit, nixosTests }: # This logic was previously in package.nix callPackage (import ./common.nix rec { pname = "ps-cgit"; @@ -44,13 +36,111 @@ maintainers = with lib.maintainers; [ ]; }) { } ) { }; - }); - nixosConfigurations.container = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = - [ (import ./module.nix { ps-cgit = self.packages.${nixpkgs.stdenv.hostPlatform.system}.default; }) ]; - }; + + packages.container = + let + ps-cgit = self.packages.${system}.default; + in + extra-container.lib.buildContainers { + inherit system; + inherit nixpkgs; + + config = { + containers.ps-cgit-rr = { + + extra = { + addressPrefix = "10.250.0"; + enableWAN = true; + firewallAllowHost = true; + exposeLocalhost = true; + }; + config = { pkgs, ... }: { + boot.isContainer = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + system.stateVersion = "26.05"; + environment.systemPackages = with pkgs; [ gdb rr file ]; + + networking.useDHCP = false; + networking.firewall.allowedTCPPorts = [ 22 80 1234 ]; + + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ "${builtins.readFile "/home/ps/.ssh/id_ed25519.pub"}" ]; + + users.users.git = { + isSystemUser = true; + group = "git"; + home = "/srv/git"; + createHome = true; + # homeMode = "750"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = [ "${builtins.readFile "/home/ps/.ssh/id_ed25519.pub"}" ]; + packages = [ pkgs.git ]; + }; + users.groups.git = {}; + + services.fcgiwrap.instances.cgit = { + process.user = "git"; + process.group = "root"; + socket.user = "caddy"; + socket.group = "caddy"; + }; + + services.caddy.enable = true; + services.caddy.extraConfig = '' + http://ps-cgit-rr { + rewrite /git /git/ + handle_path /git/* { + handle_path /static/* { + file_server { + root ${ps-cgit}/cgit + } + } + handle { + reverse_proxy unix//run/fcgiwrap-cgit.sock { + transport fastcgi { + read_timeout 1h + env CGIT_CONFIG ${pkgs.writeText "cgitrc" '' + snapshots=tar tar.gz zip + enable-git-config=1 + enable-index-owner=0 + enable-log-filecount=1 + enable-log-linecount=1 + section-from-path=1 + virtual-root=/git + css=/git/static/cgit.css + logo=/git/static/cgit.png + favicon=/git/static/favicon.ico + module-link=/git/%s/commit/?id=%s + clone-url=https://$HTTP_HOST/git/$CGIT_REPO_URL git://$HTTP_HOST/$CGIT_REPO_URL git@$HTTP_HOST:$CGIT_REPO_URL + noplainemail=1 + repository-sort=age + about-filter=${pkgs.writeShellScript "markdown-filter" '' + echo '
' + ${pkgs.md4c}/bin/md2html --github --ftables + echo '
' + ''} + # source-filter=${ps-cgit}/lib/cgit/filters/syntax-highlighting.py + head-include=${ps-cgit}/cgit/cgithub/head-include.html + footer=${ps-cgit}/cgit/cgithub/footer.html + readme=:readme.md + readme=:readme + root-readme=${pkgs.writeText "readme.md" '' + # my git repos + ''} + scan-path=/srv/git + ''} + env SCRIPT_FILENAME ${ps-cgit}/cgit/cgit.cgi + } + } + } + } + } + ''; + }; + }; + }; }; + }); } -- cgit v1.2.3