git shell setup

2026-01-31 12:56:47 +01:00 · 2026-01-31 12:56:47 +01:00 · 7573798348
commit 7573798348
parent 85254cfba1
1 changed files with 51 additions and 2 deletions
--- a/host/roam/git.nix
+++ b/host/roam/git.nix
@ -1,6 +1,48 @@
-{ pkgs, var, ... }:
+{
+  pkgs,
+  var,
+  lib,
+  ...
+}:
 let
  gitpath = "/git";
+  git-config = pkgs.writeText "git-git-config" ''
+    [init]
+      defaultBranch = main
+  '';
+  git-shell-commands = {
+    "create" = ''
+      #!/bin/sh
+      REPO_NAME="$1"
+      if [ -z "$REPO_NAME" ]; then
+        echo "Usage: $0 <repo-name>"
+        exit 1
+      fi
+      REPO_PATH="${gitpath}/$REPO_NAME.git"
+      if [ -d "$REPO_PATH" ]; then
+        echo "Repository '$REPO_NAME' already exists."
+        exit 1
+      fi
+      git init --bare "$REPO_PATH"
+      echo "Created bare repository: $REPO_PATH"
+    '';
+  };
+  git-shell-commands-dir = pkgs.stdenv.mkDerivation {
+    name = "git-shell-commands-dir";
+    version = "0.0.1";
+    src = null;
+    dontUnpack = true;
+    buildPhase = "";
+    installPhase = lib.concatStringsSep "\n" (
+      lib.mapAttrsToList (name: script: ''
+        mkdir -p $out
+        cat <<'EOF' > $out/${name}
+        ${script}
+        EOF
+        chmod +x $out/${name}
+      '') git-shell-commands
+    );
+  };
 in
 {
  programs.git.enable = true;
@ -14,8 +56,14 @@ in
    shell = "${pkgs.git}/bin/git-shell";
    openssh.authorizedKeys.keys = var.ssh-keys.hd;
    hashedPassword = "!";
+    packages = [ pkgs.git ];
  };

+  systemd.tmpfiles.rules = [
+    "L+ ${gitpath}/git-shell-commands - - - - ${git-shell-commands-dir}"
+    "L+ ${gitpath}/.gitconfig - - - - ${git-config}"
+  ];
+
  services =
    let
      cgit-host = "git.lan";
@ -26,9 +74,10 @@ in
      };
      cgit."git" = {
        group = "git";
-        enable = false; # FIXME: find out what breaks here
+        enable = true;
        scanPath = gitpath;
        nginx.virtualHost = cgit-host;
+        gitHttpBackend.checkExportOkFiles = false;
      };
    };
 }