From b88136226802ad6ab02f2690754be925baa021ab Mon Sep 17 00:00:00 2001
From: self <self@awful.systems>
Date: Sat, 22 Jul 2023 15:51:02 -0700
Subject: [PATCH] enable git daemon for read-only repo access

---
 git/default.nix | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/git/default.nix b/git/default.nix
index a9eac6c..b92b2e3 100644
--- a/git/default.nix
+++ b/git/default.nix
@@ -10,7 +10,7 @@ in {
   imports = [ ../secrets/keys/git.nix ];
 
   users.extraUsers.git = {
-    uid = 402;
+    uid = config.ids.uids.git;
     isSystemUser = true;
     home = "/home/git";
     createHome = true;
@@ -19,7 +19,7 @@ in {
     shell = "${pkgs.git}/bin/git-shell";
   };
 
-  users.extraGroups.git = { gid = 402; };
+  users.extraGroups.git = { gid = config.ids.gids.git; };
 
   services.nginx.gitweb = {
     enable = true;
@@ -33,5 +33,16 @@ in {
     projectroot = "/home/git/repos";
   };
 
+  services.gitDaemon = {
+    enable = true;
+    user = "git";
+    group = "git";
+    basePath = "/home/git/repos";
+    exportAll = true;
+    repositories = [ "/home/git/repos" ];
+  };
+
   environment.systemPackages = [ new-repo ];
+
+  networking.firewall.allowedTCPPorts = [ 9418 ];
 }
-- 
2.44.1