diff options
| author | Kj Tsanaktsidis <kjtsanaktsidis@groq.com> | 2026-01-09 11:58:31 +1100 |
|---|---|---|
| committer | Kj Tsanaktsidis <kjtsanaktsidis@groq.com> | 2026-01-09 11:58:31 +1100 |
| commit | 98e94297af73c583c9636c99772b2c1c34f98743 (patch) | |
| tree | 1ac244e55b6d544d556b2327308d07708350e824 /labsrv01/cgit.nix | |
| parent | f5686b8e377ce3ecbf617783b4f2398423cb19fd (diff) | |
some refactor
Diffstat (limited to 'labsrv01/cgit.nix')
| -rw-r--r-- | labsrv01/cgit.nix | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/labsrv01/cgit.nix b/labsrv01/cgit.nix deleted file mode 100644 index 34fa377..0000000 --- a/labsrv01/cgit.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - pkgs, - ... -}: -{ - nixpkgs.overlays = [ - (import ../overlays/git-fix) - ]; - - users.users.git = { - isSystemUser = true; - group = "git"; - home = "/var/lib/git"; - createHome = false; # tmpfiles creates it - shell = "${pkgs.git}/bin/git-shell"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAC/BtvW1c1RbBI8eeGo7oOH2y9byBaxWVDHsErgaE+s kjtsanaktsidis@KJMacbookGroq.local" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsyhMLrlNiffDrqz0s46hZF8IdR9/qX63TUyllK0LCA kj@KJ-PC" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS77sno1zVa6uO+2wCbBK489snNIp3uvymca2cHX/33 kjtsanaktsidis@labsrv01" - ]; - }; - users.groups.git = { }; - systemd.tmpfiles.rules = [ - "d /var/lib/git 0755 git git -" - ]; - - services.openssh.extraConfig = '' - Match User git - PasswordAuthentication no - PubkeyAuthentication yes - X11Forwarding no - AllowTcpForwarding no - PermitTTY no - ''; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.fcgiwrap.instances."git-http" = { - socket.user = "nginx"; - socket.group = "nginx"; - process.user = "nginx"; - process.group = "nginx"; - socket.type = "unix"; - socket.address = "/run/fcgiwrap-git-http.sock"; - }; - services.nginx = { - enable = true; - virtualHosts."git.kjtsanaktsidis.id.au" = { - forceSSL = false; - enableACME = false; - locations = { - # Block HTTP pushes explicitly (receive-pack) - "~ ^/git/.+\\.git/git-receive-pack$" = { - return = "403"; - }; - - # Smart HTTP for clone/fetch - "~ ^/git(/.+\\.git)(/.*)?$" = { - extraConfig = '' - client_max_body_size 0; - - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME ${pkgs.git}/libexec/git-core/git-http-backend; - fastcgi_param GIT_PROJECT_ROOT /var/lib/git; - fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param PATH_INFO $1$2; - fastcgi_param REMOTE_USER $remote_user; - - fastcgi_pass unix:/run/fcgiwrap-git-http.sock; - ''; - }; - }; - }; - }; -} |