From: self <self@awful.systems>
Date: Sat, 22 Jul 2023 22:51:02 +0000 (-0700)
Subject: enable git daemon for read-only repo access
X-Git-Url: http://these/git/%22https:/www.exeterceilidhs.net/%22%7B%7D/README.zh.hans.md?a=commitdiff_plain;h=b88136226802ad6ab02f2690754be925baa021ab;p=awful.systems.git

enable git daemon for read-only repo access
---

diff --git a/git/default.nix b/git/default.nix
index a9eac6c..b92b2e3 100644
--- a/git/default.nix
+++ b/git/default.nix
@@ -10,7 +10,7 @@ in {
   imports = [ ../secrets/keys/git.nix ];
 
   users.extraUsers.git = {
-    uid = 402;
+    uid = config.ids.uids.git;
     isSystemUser = true;
     home = "/home/git";
     createHome = true;
@@ -19,7 +19,7 @@ in {
     shell = "${pkgs.git}/bin/git-shell";
   };
 
-  users.extraGroups.git = { gid = 402; };
+  users.extraGroups.git = { gid = config.ids.gids.git; };
 
   services.nginx.gitweb = {
     enable = true;
@@ -33,5 +33,16 @@ in {
     projectroot = "/home/git/repos";
   };
 
+  services.gitDaemon = {
+    enable = true;
+    user = "git";
+    group = "git";
+    basePath = "/home/git/repos";
+    exportAll = true;
+    repositories = [ "/home/git/repos" ];
+  };
+
   environment.systemPackages = [ new-repo ];
+
+  networking.firewall.allowedTCPPorts = [ 9418 ];
 }