cgit interface public-inbox integration

author: Preston Pan <ret2pop@nullring.xyz> 2026-02-17 19:17:13 -0800
committer: Preston Pan <ret2pop@nullring.xyz> 2026-02-17 19:17:13 -0800
commit: 9a930ea12bd743e9ca57b70911f8c35d97af3320 (patch)
tree: 732933ce123105dda191fb4eef3f6a21d40109b2 /nix/modules
parent: 06198567765055febc8829f9f2ca398dd6817d93 (diff)
8 files changed, 92 insertions, 40 deletions
diff --git a/nix/modules/cgit.nix b/nix/modules/cgit.nix
index cfb9158..54eb90c 100644
--- a/nix/modules/cgit.nix
+++ b/nix/modules/cgit.nix
@@ -1,6 +1,25 @@
-{ config, lib, ... }:
+{ lib, config, ... }:
 {
-  services.cgit = {
+  services.cgit."my-projects" = {
     enable = true;
+    scanPath = "/srv/git"; 
+    settings = {
+      root-title = "Nullring Git Server";
+      root-desc = "Projects and cool things";
+      enable-commit-graph = 1;
+      enable-log-filecount = 1;
+      enable-log-linecount = 1;
+      enable-index-owner = 0;
+      clone-prefix = "https://git.${config.monorepo.vars.orgHost}";
+      enable-tree-linenumbers = 1;
+      strict-export = "git-daemon-export-ok";
+    };
+    gitHttpBackend = {
+      enable = true;
+      checkExportOkFiles = true;
+    };
+    nginx = {
+      virtualHost = "git.${config.monorepo.vars.orgHost}";
+    };
   };
 }
diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix
index 02d4a94..decc121 100644
--- a/nix/modules/configuration.nix
+++ b/nix/modules/configuration.nix
@@ -1,6 +1,21 @@
 { config, pkgs, lib, ... }:
+let
+  userGroups = [
+    "nginx"
+    "git"
+    "ircd"
+    "ngircd"
+    "conduit"
+    "livekit"
+    "matterbridge"
+    "maddy"
+    "ntfy-sh"
+    "public-inbox"
+  ];
+in
 {
   imports = [
+    ./cgit.nix
     ./public_inbox.nix
     ./matterbridge.nix
     ./mautrix.nix
@@ -378,7 +393,7 @@ country=CA
   environment.systemPackages = with pkgs; [
     restic
     sbctl
-    git
+    gitFull
     git-lfs
     git-lfs-transfer
     vim
@@ -396,55 +411,29 @@ country=CA
     )
   ];
 
-  users.groups.nginx = lib.mkDefault {};
-  users.groups.git = lib.mkDefault {};
-  users.groups.ircd = lib.mkDefault {};
-  users.groups.ngircd = lib.mkDefault {};
-  users.groups.conduit = lib.mkDefault {};
-  users.groups.livekit = lib.mkDefault {};
-  users.groups.matterbridge = lib.mkDefault {};
-  users.groups.maddy = lib.mkDefault {};
-  users.groups.ntfy-sh = lib.mkDefault {};
-  users.groups.public-inbox = lib.mkDefault {};
+  users.groups = lib.genAttrs userGroups (name: lib.mkDefault {});
 
-  users.users = {
+  users.users = lib.genAttrs userGroups (name: {
+    isSystemUser = lib.mkDefault true;
+    group = "${name}";
+    extraGroups = [ "acme" "nginx" ];
+  }) // {
     conduit = {
       isSystemUser = lib.mkDefault true;
       group = "conduit";
+      extraGroups = [];
     };
     matterbridge = {
       isSystemUser = lib.mkDefault true;
       group = "matterbridge";
-    };
-
-    maddy = {
-      isSystemUser = lib.mkDefault true;
-      group = "maddy";
-      extraGroups = [ "acme" "nginx" ];
-    };
-
-    ntfy-sh = {
-      isSystemUser = lib.mkDefault true;
-      group = "ntfy-sh";
-      extraGroups = [ "acme" "nginx" ];
+      extraGroups = [];
     };
 
     public-inbox = {
       isSystemUser = lib.mkDefault true;
       group = "public-inbox";
 
-      extraGroups = [ "acme" "nginx" ];
-    };
-    ngircd = {
-      isSystemUser = lib.mkDefault true;
-      group = "ngircd";
-      extraGroups = [ "acme" "nginx" ];
-    };
-
-    livekit = {
-      isSystemUser = lib.mkDefault true;
-      group = "livekit";
-      extraGroups = [ "acme" "nginx" ];
+      extraGroups = [ "acme" "nginx" "git" ];
     };
 
     ircd = {
diff --git a/nix/modules/home/git.nix b/nix/modules/home/git.nix
index c80b6f9..24e84b4 100644
--- a/nix/modules/home/git.nix
+++ b/nix/modules/home/git.nix
@@ -1,7 +1,8 @@
-{ lib, config, ... }:
+{ pkgs, lib, config, ... }:
 {
   programs.git = {
     enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
+    package = pkgs.gitFull;
     lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
     userName = config.monorepo.vars.fullName;
     userEmail = config.monorepo.profiles.email.email;
@@ -12,6 +13,16 @@
 
     extraConfig = {
       init.defaultBranch = "main";
+      credential."${config.monorepo.profiles.email.smtpsServer}" = {
+        username = "${config.monorepo.profiles.email.email}";
+        helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f";
+      };
+      sendemail = {
+        smtpserver = "${config.monorepo.profiles.email.smtpsServer}";
+        smtpuser = "${config.monorepo.profiles.email.email}";
+        smtpserverport = 465;
+        smtpencryption = "ssl";
+      };
     };
 
     aliases = {
diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix
index cb29b4c..28bbd22 100644
--- a/nix/modules/home/user.nix
+++ b/nix/modules/home/user.nix
@@ -53,7 +53,7 @@
       pavucontrol alsa-utils imagemagick ffmpeg helvum
 
       # Net
-      curl rsync git iamb ungoogled-chromium
+      curl rsync gitFull iamb ungoogled-chromium
 
       # Tor
       torsocks tor-browser
diff --git a/nix/modules/maddy.nix b/nix/modules/maddy.nix
index 1d4710d..706e187 100644
--- a/nix/modules/maddy.nix
+++ b/nix/modules/maddy.nix
@@ -25,6 +25,12 @@
       "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
       "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
     ] options.services.maddy.config.default;
+    ensureAccounts = [
+      "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}"
+      "monorepo@${config.monorepo.vars.orgHost}"
+      "nullerbot@${config.monorepo.vars.orgHost}"
+      "discussion@${config.monorepo.vars.orgHost}"
+    ];
     ensureCredentials = {
       "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = {
         passwordFile = "/run/secrets/mail_password";
@@ -32,6 +38,9 @@
       "monorepo@${config.monorepo.vars.orgHost}" = {
         passwordFile = "/run/secrets/mail_monorepo_password";
       };
+      "nullerbot@${config.monorepo.vars.orgHost}" = {
+        passwordFile = "/run/secrets/mail_monorepo_password";
+      };
       "discussion@${config.monorepo.vars.orgHost}" = {
         passwordFile = "/run/secrets/mail_monorepo_password";
       };
diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix
index 621c9ef..791e3a4 100644
--- a/nix/modules/nginx.nix
+++ b/nix/modules/nginx.nix
@@ -162,6 +162,10 @@
 	      enableACME = true;
 	    };
 
+      "git.${config.monorepo.vars.orgHost}" = {
+        forceSSL = true;
+        enableACME = true;
+      };
       "list.${config.monorepo.vars.orgHost}" = {
         forceSSL = true;
         enableACME = true;
diff --git a/nix/modules/public_inbox.nix b/nix/modules/public_inbox.nix
index 9f1532c..cba1e39 100644
--- a/nix/modules/public_inbox.nix
+++ b/nix/modules/public_inbox.nix
@@ -15,6 +15,7 @@
       # Allow the service to see the file it just created
       BindPaths = [ 
         "/var/lib/public-inbox" 
+        "/srv/git/"
       ];
       ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ];
       # Ensure it can actually write to the directory during preStart
@@ -54,6 +55,10 @@
   services.public-inbox = {
     enable = lib.mkDefault config.monorepo.profiles.server.enable;
     settings = {
+      coderepo."nullerbot".dir = "/srv/git/nullerbot.git";
+      coderepo."nullerbot".cgitUrl = "https://git.nullring.xyz/nullerbot.git";
+      coderepo."monorepo".dir = "/srv/git/monorepo.git";
+      coderepo."monorepo".cgitUrl = "https://git.nullring.xyz/monorepo.git";
       publicinbox.css = ["/var/lib/public-inbox/style.css"];
       publicinbox.wwwlisting = "all";
     };
@@ -68,6 +73,9 @@
         inboxdir = "/var/lib/public-inbox/monorepo";
         url = "https://list.${config.monorepo.vars.orgHost}/monorepo";
         watch = [ "imaps://monorepo%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
+        coderepo = [
+          "monorepo"
+        ];
       };
 
       "discussion" = {
@@ -77,6 +85,17 @@
         url = "https://list.${config.monorepo.vars.orgHost}/discussion";
         watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
       };
+
+      "nullerbot" = {
+        description = "Discussion of Nullerbot Matrix Bot";
+        address = [ "nullerbot@${config.monorepo.vars.orgHost}" ];
+        inboxdir = "/var/lib/public-inbox/nullerbot";
+        url = "https://list.${config.monorepo.vars.orgHost}/nullerbot";
+        watch = [ "imaps://nullerbot%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ];
+        coderepo = [
+          "nullerbot"
+        ];
+      };
     };
   };
 }
diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix
index 1a09652..9c1dbed 100644
--- a/nix/modules/secrets.nix
+++ b/nix/modules/secrets.nix
@@ -14,6 +14,7 @@
         content = ''
 machine mail.${config.monorepo.vars.orgHost} login monorepo@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
 machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
+machine mail.${config.monorepo.vars.orgHost} login nullerbot@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}
     '';
       };
       "matterbridge" = {
author	Preston Pan <ret2pop@nullring.xyz>	2026-02-17 19:17:13 -0800
committer	Preston Pan <ret2pop@nullring.xyz>	2026-02-17 19:17:13 -0800
commit	9a930ea12bd743e9ca57b70911f8c35d97af3320 (patch)
tree	732933ce123105dda191fb4eef3f6a21d40109b2 /nix/modules
parent	06198567765055febc8829f9f2ca398dd6817d93 (diff)