summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPreston Pan <ret2pop@nullring.xyz>2026-02-17 19:17:13 -0800
committerPreston Pan <ret2pop@nullring.xyz>2026-02-17 19:17:13 -0800
commit9a930ea12bd743e9ca57b70911f8c35d97af3320 (patch)
tree732933ce123105dda191fb4eef3f6a21d40109b2
parent06198567765055febc8829f9f2ca398dd6817d93 (diff)
cgit interface public-inbox integration
Diffstat
-rw-r--r--config/nix.org139
-rw-r--r--nix/modules/cgit.nix23
-rw-r--r--nix/modules/configuration.nix61
-rw-r--r--nix/modules/home/git.nix13
-rw-r--r--nix/modules/home/user.nix2
-rw-r--r--nix/modules/maddy.nix9
-rw-r--r--nix/modules/nginx.nix4
-rw-r--r--nix/modules/public_inbox.nix19
-rw-r--r--nix/modules/secrets.nix1
-rw-r--r--nix/systems/installer/default.nix2
10 files changed, 193 insertions, 80 deletions
diff --git a/config/nix.org b/config/nix.org
index cf0e8c5..2b7bdb8 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -479,6 +479,7 @@ the yaml file specified. Yes, this is safe to include in the repo.
content = ''
machine mail.${config.monorepo.vars.orgHost} login monorepo@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
+ machine mail.${config.monorepo.vars.orgHost} login nullerbot@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
'';
};
"matterbridge" = {
@@ -1416,6 +1417,10 @@ to the outside world under a domain.
enableACME = true;
};
+ "git.${config.monorepo.vars.orgHost}" = {
+ forceSSL = true;
+ enableACME = true;
+ };
"list.${config.monorepo.vars.orgHost}" = {
forceSSL = true;
enableACME = true;
@@ -1483,6 +1488,34 @@ world. This was the easiest frontend to set up on NixOS.
};
}
#+end_src
+** CGit Interface
+#+begin_src nix :tangle ../nix/modules/cgit.nix
+ { lib, config, ... }:
+ {
+ services.cgit."my-projects" = {
+ enable = true;
+ scanPath = "/srv/git";
+ settings = {
+ root-title = "Nullring Git Server";
+ root-desc = "Projects and cool things";
+ enable-commit-graph = 1;
+ enable-log-filecount = 1;
+ enable-log-linecount = 1;
+ enable-index-owner = 0;
+ clone-prefix = "https://git.${config.monorepo.vars.orgHost}";
+ enable-tree-linenumbers = 1;
+ strict-export = "git-daemon-export-ok";
+ };
+ gitHttpBackend = {
+ enable = true;
+ checkExportOkFiles = true;
+ };
+ nginx = {
+ virtualHost = "git.${config.monorepo.vars.orgHost}";
+ };
+ };
+ }
+#+end_src
** Nvidia
I have an Nvidia GPU on my computer.
#+begin_src nix :tangle ../nix/modules/nvidia.nix
@@ -1552,6 +1585,12 @@ There is a non declarative part of setting dkims and spf.
"imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
"submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
] options.services.maddy.config.default;
+ ensureAccounts = [
+ "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}"
+ "monorepo@${config.monorepo.vars.orgHost}"
+ "nullerbot@${config.monorepo.vars.orgHost}"
+ "discussion@${config.monorepo.vars.orgHost}"
+ ];
ensureCredentials = {
"${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = {
passwordFile = "/run/secrets/mail_password";
@@ -1559,6 +1598,9 @@ There is a non declarative part of setting dkims and spf.
"monorepo@${config.monorepo.vars.orgHost}" = {
passwordFile = "/run/secrets/mail_monorepo_password";
};
+ "nullerbot@${config.monorepo.vars.orgHost}" = {
+ passwordFile = "/run/secrets/mail_monorepo_password";
+ };
"discussion@${config.monorepo.vars.orgHost}" = {
passwordFile = "/run/secrets/mail_monorepo_password";
};
@@ -1586,6 +1628,7 @@ This is my mailing list software that I will use to develop software.
# Allow the service to see the file it just created
BindPaths = [
"/var/lib/public-inbox"
+ "/srv/git/"
];
ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ];
# Ensure it can actually write to the directory during preStart
@@ -1625,6 +1668,10 @@ This is my mailing list software that I will use to develop software.
services.public-inbox = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
settings = {
+ coderepo."nullerbot".dir = "/srv/git/nullerbot.git";
+ coderepo."nullerbot".cgitUrl = "https://git.nullring.xyz/nullerbot.git";
+ coderepo."monorepo".dir = "/srv/git/monorepo.git";
+ coderepo."monorepo".cgitUrl = "https://git.nullring.xyz/monorepo.git";
publicinbox.css = ["/var/lib/public-inbox/style.css"];
publicinbox.wwwlisting = "all";
};
@@ -1639,6 +1686,9 @@ This is my mailing list software that I will use to develop software.
inboxdir = "/var/lib/public-inbox/monorepo";
url = "https://list.${config.monorepo.vars.orgHost}/monorepo";
watch = [ "imaps://monorepo%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
+ coderepo = [
+ "monorepo"
+ ];
};
"discussion" = {
@@ -1648,6 +1698,17 @@ This is my mailing list software that I will use to develop software.
url = "https://list.${config.monorepo.vars.orgHost}/discussion";
watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
};
+
+ "nullerbot" = {
+ description = "Discussion of Nullerbot Matrix Bot";
+ address = [ "nullerbot@${config.monorepo.vars.orgHost}" ];
+ inboxdir = "/var/lib/public-inbox/nullerbot";
+ url = "https://list.${config.monorepo.vars.orgHost}/nullerbot";
+ watch = [ "imaps://nullerbot%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
+ coderepo = [
+ "nullerbot"
+ ];
+ };
};
};
}
@@ -1923,8 +1984,23 @@ This is the backbone of the all the NixOS configurations, with all these options
because they enhance security.
#+begin_src nix :tangle ../nix/modules/configuration.nix
{ config, pkgs, lib, ... }:
+ let
+ userGroups = [
+ "nginx"
+ "git"
+ "ircd"
+ "ngircd"
+ "conduit"
+ "livekit"
+ "matterbridge"
+ "maddy"
+ "ntfy-sh"
+ "public-inbox"
+ ];
+ in
{
imports = [
+ ./cgit.nix
./public_inbox.nix
./matterbridge.nix
./mautrix.nix
@@ -2302,7 +2378,7 @@ because they enhance security.
environment.systemPackages = with pkgs; [
restic
sbctl
- git
+ gitFull
git-lfs
git-lfs-transfer
vim
@@ -2320,55 +2396,29 @@ because they enhance security.
)
];
- users.groups.nginx = lib.mkDefault {};
- users.groups.git = lib.mkDefault {};
- users.groups.ircd = lib.mkDefault {};
- users.groups.ngircd = lib.mkDefault {};
- users.groups.conduit = lib.mkDefault {};
- users.groups.livekit = lib.mkDefault {};
- users.groups.matterbridge = lib.mkDefault {};
- users.groups.maddy = lib.mkDefault {};
- users.groups.ntfy-sh = lib.mkDefault {};
- users.groups.public-inbox = lib.mkDefault {};
+ users.groups = lib.genAttrs userGroups (name: lib.mkDefault {});
- users.users = {
+ users.users = lib.genAttrs userGroups (name: {
+ isSystemUser = lib.mkDefault true;
+ group = "${name}";
+ extraGroups = [ "acme" "nginx" ];
+ }) // {
conduit = {
isSystemUser = lib.mkDefault true;
group = "conduit";
+ extraGroups = [];
};
matterbridge = {
isSystemUser = lib.mkDefault true;
group = "matterbridge";
- };
-
- maddy = {
- isSystemUser = lib.mkDefault true;
- group = "maddy";
- extraGroups = [ "acme" "nginx" ];
- };
-
- ntfy-sh = {
- isSystemUser = lib.mkDefault true;
- group = "ntfy-sh";
- extraGroups = [ "acme" "nginx" ];
+ extraGroups = [];
};
public-inbox = {
isSystemUser = lib.mkDefault true;
group = "public-inbox";
- extraGroups = [ "acme" "nginx" ];
- };
- ngircd = {
- isSystemUser = lib.mkDefault true;
- group = "ngircd";
- extraGroups = [ "acme" "nginx" ];
- };
-
- livekit = {
- isSystemUser = lib.mkDefault true;
- group = "livekit";
- extraGroups = [ "acme" "nginx" ];
+ extraGroups = [ "acme" "nginx" "git" ];
};
ircd = {
@@ -3304,10 +3354,11 @@ the timezone.
My git configuration uses information set in the ~vars.nix~ in order to set configuration options.
Make sure those are set correctly. I've set it to sign by default.
#+begin_src nix :tangle ../nix/modules/home/git.nix
- { lib, config, ... }:
+ { pkgs, lib, config, ... }:
{
programs.git = {
enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
+ package = pkgs.gitFull;
lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
userName = config.monorepo.vars.fullName;
userEmail = config.monorepo.profiles.email.email;
@@ -3318,6 +3369,16 @@ Make sure those are set correctly. I've set it to sign by default.
extraConfig = {
init.defaultBranch = "main";
+ credential."${config.monorepo.profiles.email.smtpsServer}" = {
+ username = "${config.monorepo.profiles.email.email}";
+ helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f";
+ };
+ sendemail = {
+ smtpserver = "${config.monorepo.profiles.email.smtpsServer}";
+ smtpuser = "${config.monorepo.profiles.email.email}";
+ smtpserverport = 465;
+ smtpencryption = "ssl";
+ };
};
aliases = {
@@ -4361,7 +4422,7 @@ for these configurations.
pavucontrol alsa-utils imagemagick ffmpeg helvum
# Net
- curl rsync git iamb ungoogled-chromium
+ curl rsync gitFull iamb ungoogled-chromium
# Tor
torsocks tor-browser
@@ -4808,7 +4869,7 @@ This contains the installation script I use to install my systems.
];
nixos = {
packages = with pkgs; [
- git
+ gitFull
curl
gum
(writeShellScriptBin "nix_installer"
diff --git a/nix/modules/cgit.nix b/nix/modules/cgit.nix
index cfb9158..54eb90c 100644
--- a/nix/modules/cgit.nix
+++ b/nix/modules/cgit.nix
@@ -1,6 +1,25 @@
-{ config, lib, ... }:
+{ lib, config, ... }:
{
- services.cgit = {
+ services.cgit."my-projects" = {
enable = true;
+ scanPath = "/srv/git";
+ settings = {
+ root-title = "Nullring Git Server";
+ root-desc = "Projects and cool things";
+ enable-commit-graph = 1;
+ enable-log-filecount = 1;
+ enable-log-linecount = 1;
+ enable-index-owner = 0;
+ clone-prefix = "https://git.${config.monorepo.vars.orgHost}";
+ enable-tree-linenumbers = 1;
+ strict-export = "git-daemon-export-ok";
+ };
+ gitHttpBackend = {
+ enable = true;
+ checkExportOkFiles = true;
+ };
+ nginx = {
+ virtualHost = "git.${config.monorepo.vars.orgHost}";
+ };
};
}
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix
index 02d4a94..decc121 100644
--- a/nix/modules/configuration.nix
+++ b/nix/modules/configuration.nix
@@ -1,6 +1,21 @@
{ config, pkgs, lib, ... }:
+let
+ userGroups = [
+ "nginx"
+ "git"
+ "ircd"
+ "ngircd"
+ "conduit"
+ "livekit"
+ "matterbridge"
+ "maddy"
+ "ntfy-sh"
+ "public-inbox"
+ ];
+in
{
imports = [
+ ./cgit.nix
./public_inbox.nix
./matterbridge.nix
./mautrix.nix
@@ -378,7 +393,7 @@ country=CA
environment.systemPackages = with pkgs; [
restic
sbctl
- git
+ gitFull
git-lfs
git-lfs-transfer
vim
@@ -396,55 +411,29 @@ country=CA
)
];
- users.groups.nginx = lib.mkDefault {};
- users.groups.git = lib.mkDefault {};
- users.groups.ircd = lib.mkDefault {};
- users.groups.ngircd = lib.mkDefault {};
- users.groups.conduit = lib.mkDefault {};
- users.groups.livekit = lib.mkDefault {};
- users.groups.matterbridge = lib.mkDefault {};
- users.groups.maddy = lib.mkDefault {};
- users.groups.ntfy-sh = lib.mkDefault {};
- users.groups.public-inbox = lib.mkDefault {};
+ users.groups = lib.genAttrs userGroups (name: lib.mkDefault {});
- users.users = {
+ users.users = lib.genAttrs userGroups (name: {
+ isSystemUser = lib.mkDefault true;
+ group = "${name}";
+ extraGroups = [ "acme" "nginx" ];
+ }) // {
conduit = {
isSystemUser = lib.mkDefault true;
group = "conduit";
+ extraGroups = [];
};
matterbridge = {
isSystemUser = lib.mkDefault true;
group = "matterbridge";
- };
-
- maddy = {
- isSystemUser = lib.mkDefault true;
- group = "maddy";
- extraGroups = [ "acme" "nginx" ];
- };
-
- ntfy-sh = {
- isSystemUser = lib.mkDefault true;
- group = "ntfy-sh";
- extraGroups = [ "acme" "nginx" ];
+ extraGroups = [];
};
public-inbox = {
isSystemUser = lib.mkDefault true;
group = "public-inbox";
- extraGroups = [ "acme" "nginx" ];
- };
- ngircd = {
- isSystemUser = lib.mkDefault true;
- group = "ngircd";
- extraGroups = [ "acme" "nginx" ];
- };
-
- livekit = {
- isSystemUser = lib.mkDefault true;
- group = "livekit";
- extraGroups = [ "acme" "nginx" ];
+ extraGroups = [ "acme" "nginx" "git" ];
};
ircd = {
diff --git a/nix/modules/home/git.nix b/nix/modules/home/git.nix
index c80b6f9..24e84b4 100644
--- a/nix/modules/home/git.nix
+++ b/nix/modules/home/git.nix
@@ -1,7 +1,8 @@
-{ lib, config, ... }:
+{ pkgs, lib, config, ... }:
{
programs.git = {
enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
+ package = pkgs.gitFull;
lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
userName = config.monorepo.vars.fullName;
userEmail = config.monorepo.profiles.email.email;
@@ -12,6 +13,16 @@
extraConfig = {
init.defaultBranch = "main";
+ credential."${config.monorepo.profiles.email.smtpsServer}" = {
+ username = "${config.monorepo.profiles.email.email}";
+ helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f";
+ };
+ sendemail = {
+ smtpserver = "${config.monorepo.profiles.email.smtpsServer}";
+ smtpuser = "${config.monorepo.profiles.email.email}";
+ smtpserverport = 465;
+ smtpencryption = "ssl";
+ };
};
aliases = {
diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix
index cb29b4c..28bbd22 100644
--- a/nix/modules/home/user.nix
+++ b/nix/modules/home/user.nix
@@ -53,7 +53,7 @@
pavucontrol alsa-utils imagemagick ffmpeg helvum
# Net
- curl rsync git iamb ungoogled-chromium
+ curl rsync gitFull iamb ungoogled-chromium
# Tor
torsocks tor-browser
diff --git a/nix/modules/maddy.nix b/nix/modules/maddy.nix
index 1d4710d..706e187 100644
--- a/nix/modules/maddy.nix
+++ b/nix/modules/maddy.nix
@@ -25,6 +25,12 @@
"imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
"submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
] options.services.maddy.config.default;
+ ensureAccounts = [
+ "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}"
+ "monorepo@${config.monorepo.vars.orgHost}"
+ "nullerbot@${config.monorepo.vars.orgHost}"
+ "discussion@${config.monorepo.vars.orgHost}"
+ ];
ensureCredentials = {
"${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = {
passwordFile = "/run/secrets/mail_password";
@@ -32,6 +38,9 @@
"monorepo@${config.monorepo.vars.orgHost}" = {
passwordFile = "/run/secrets/mail_monorepo_password";
};
+ "nullerbot@${config.monorepo.vars.orgHost}" = {
+ passwordFile = "/run/secrets/mail_monorepo_password";
+ };
"discussion@${config.monorepo.vars.orgHost}" = {
passwordFile = "/run/secrets/mail_monorepo_password";
};
diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix
index 621c9ef..791e3a4 100644
--- a/nix/modules/nginx.nix
+++ b/nix/modules/nginx.nix
@@ -162,6 +162,10 @@
enableACME = true;
};
+ "git.${config.monorepo.vars.orgHost}" = {
+ forceSSL = true;
+ enableACME = true;
+ };
"list.${config.monorepo.vars.orgHost}" = {
forceSSL = true;
enableACME = true;
diff --git a/nix/modules/public_inbox.nix b/nix/modules/public_inbox.nix
index 9f1532c..cba1e39 100644
--- a/nix/modules/public_inbox.nix
+++ b/nix/modules/public_inbox.nix
@@ -15,6 +15,7 @@
# Allow the service to see the file it just created
BindPaths = [
"/var/lib/public-inbox"
+ "/srv/git/"
];
ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ];
# Ensure it can actually write to the directory during preStart
@@ -54,6 +55,10 @@
services.public-inbox = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
settings = {
+ coderepo."nullerbot".dir = "/srv/git/nullerbot.git";
+ coderepo."nullerbot".cgitUrl = "https://git.nullring.xyz/nullerbot.git";
+ coderepo."monorepo".dir = "/srv/git/monorepo.git";
+ coderepo."monorepo".cgitUrl = "https://git.nullring.xyz/monorepo.git";
publicinbox.css = ["/var/lib/public-inbox/style.css"];
publicinbox.wwwlisting = "all";
};
@@ -68,6 +73,9 @@
inboxdir = "/var/lib/public-inbox/monorepo";
url = "https://list.${config.monorepo.vars.orgHost}/monorepo";
watch = [ "imaps://monorepo%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
+ coderepo = [
+ "monorepo"
+ ];
};
"discussion" = {
@@ -77,6 +85,17 @@
url = "https://list.${config.monorepo.vars.orgHost}/discussion";
watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
};
+
+ "nullerbot" = {
+ description = "Discussion of Nullerbot Matrix Bot";
+ address = [ "nullerbot@${config.monorepo.vars.orgHost}" ];
+ inboxdir = "/var/lib/public-inbox/nullerbot";
+ url = "https://list.${config.monorepo.vars.orgHost}/nullerbot";
+ watch = [ "imaps://nullerbot%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
+ coderepo = [
+ "nullerbot"
+ ];
+ };
};
};
}
diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix
index 1a09652..9c1dbed 100644
--- a/nix/modules/secrets.nix
+++ b/nix/modules/secrets.nix
@@ -14,6 +14,7 @@
content = ''
machine mail.${config.monorepo.vars.orgHost} login monorepo@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
+machine mail.${config.monorepo.vars.orgHost} login nullerbot@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
'';
};
"matterbridge" = {
diff --git a/nix/systems/installer/default.nix b/nix/systems/installer/default.nix
index 0341b0d..e9232cb 100644
--- a/nix/systems/installer/default.nix
+++ b/nix/systems/installer/default.nix
@@ -36,7 +36,7 @@ in
];
nixos = {
packages = with pkgs; [
- git
+ gitFull
curl
gum
(writeShellScriptBin "nix_installer"
generated by cgit v1.3 (git 2.53.0) at 2026-05-31 20:12:33 +0000