diff options
| -rw-r--r-- | infra/modules/gitserver.nix | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/infra/modules/gitserver.nix b/infra/modules/gitserver.nix new file mode 100644 index 0000000..f22d248 --- /dev/null +++ b/infra/modules/gitserver.nix @@ -0,0 +1,75 @@ +{ + flake.modules.nixos.gitserver = + { + config, + pkgs, + lib, + ... + }: + let + cfg = config.infra.gitserver; + workingDirectory = "/var/lib/git"; + in + { + options.infra.gitserver = { + user = lib.mkOption { + type = lib.types.str; + description = "The name of the user and group for managing the gitserver."; + default = "git"; + }; + + monorepoDir = lib.mkOption { + type = lib.types.str; + description = "The directory that contains the monorepo."; + }; + }; + + config = { + infra.persist.directories = [ + "${workingDirectory}" + ]; + + infra.gitserver.monorepoDir = "${workingDirectory}/monorepo"; + + users = { + groups."${cfg.user}" = { }; + users."${cfg.user}" = { + group = cfg.user; + description = "git user"; + isSystemUser = true; + home = workingDirectory; + shell = "${pkgs.git}/bin/git-shell"; + }; + }; + + systemd.services.infra-gitserver-monorepo = { + description = "Initialize the monorepo if it has not already been done so."; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = cfg.user; + Group = cfg.user; + StateDirectory = "git"; + WorkingDirectory = "~"; + }; + + path = [ pkgs.git ]; + enableStrictShellChecks = true; + script = '' + if [ ! -d "${cfg.monorepoDir}" ]; then + git init --bare monorepo + fi + ''; + }; + + assertions = [ + { + assertion = config.infra.tailscale.ssh; + message = "Tailscale SSH must be enabled when using gitserver."; + } + ]; + + }; + }; +} |