{ flake.modules.nixos.gitserver = { config, pkgs, lib, ... }: let cfg = config.infra.gitserver; workingDirectory = "/var/lib/git"; in { options.infra.gitserver = { user = lib.mkOption { type = lib.types.str; description = "The name of the user and group for managing the gitserver."; default = "git"; }; enablePrivate = lib.mkOption { type = lib.types.bool; description = "Whether to enable storing the private monorepo."; default = false; }; enablePublic = lib.mkOption { type = lib.types.bool; description = "Whether to enable storing the public monorepo."; default = false; }; }; config = { infra.persist.directories = [ "${workingDirectory}" ]; users = { groups."${cfg.user}" = { }; users."${cfg.user}" = { group = cfg.user; description = "git user"; isSystemUser = true; home = workingDirectory; shell = "${pkgs.git}/bin/git-shell"; }; }; systemd.services.infra-gitserver-monorepo = { description = "Initialize the monorepo if it has not already been done so."; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; User = cfg.user; Group = cfg.user; StateDirectory = "git"; WorkingDirectory = "~"; }; path = [ pkgs.git ]; enableStrictShellChecks = true; script = '' ${lib.optionalString cfg.enablePrivate '' if [ ! -d "${workingDirectory}/monorepo" ]; then git init --bare monorepo fi ''} ${lib.optionalString cfg.enablePublic '' if [ ! -d "${workingDirectory}/monorepo-public" ]; then git init --bare monorepo-public fi ''} ''; }; assertions = [ { assertion = config.infra.tailscale.ssh; message = "Tailscale SSH must be enabled when using gitserver."; } { assertion = config.infra.gitserver.enablePrivate || config.infra.gitserver.enablePublic; message = "either the private or public monorepo must be enabled in gitserver"; } ]; }; }; }