enable git daemon for read-only repo access
authorself <self@awful.systems>
Sat, 22 Jul 2023 22:51:02 +0000 (15:51 -0700)
committerself <self@awful.systems>
Sat, 22 Jul 2023 22:51:02 +0000 (15:51 -0700)
git/default.nix

index a9eac6cfb19a3699fa1c3247fa4f0ad085205d1e..b92b2e30bd0778c15aef939b6f4d6c0c49fb0638 100644 (file)
@@ -10,7 +10,7 @@ in {
   imports = [ ../secrets/keys/git.nix ];
 
   users.extraUsers.git = {
-    uid = 402;
+    uid = config.ids.uids.git;
     isSystemUser = true;
     home = "/home/git";
     createHome = true;
@@ -19,7 +19,7 @@ in {
     shell = "${pkgs.git}/bin/git-shell";
   };
 
-  users.extraGroups.git = { gid = 402; };
+  users.extraGroups.git = { gid = config.ids.gids.git; };
 
   services.nginx.gitweb = {
     enable = true;
@@ -33,5 +33,16 @@ in {
     projectroot = "/home/git/repos";
   };
 
+  services.gitDaemon = {
+    enable = true;
+    user = "git";
+    group = "git";
+    basePath = "/home/git/repos";
+    exportAll = true;
+    repositories = [ "/home/git/repos" ];
+  };
+
   environment.systemPackages = [ new-repo ];
+
+  networking.firewall.allowedTCPPorts = [ 9418 ];
 }