feat(nixos): add plain git server service

rubenhoenle · Oct 15, 2024 · cad9115 · cad9115
1 parent a44a65a
commit cad9115
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -51,6 +51,16 @@ sudo rm -rf /var/lib/soft-serve
 update-switch
 ```
 
+### Git server
+
+```bash
+# create a repo on the server
+sudo -u git bash -c "git init --bare ~/myproject.git"
+
+# then you can use it via the following url
+[email protected]:myproject.git
+```
+
 ### Fileserver
 
 ```bash

diff --git a/hosts.nix b/hosts.nix
@@ -15,6 +15,7 @@
         ruben.nginx.enable = true;
         ruben.paperless.enable = true;
         ruben.minecraft.enable = true;
+        ruben.gitserver.enable = true;
         ruben.soft-serve = {
           enable = true;
           restoreBackup = true;

diff --git a/services/gitserver.nix b/services/gitserver.nix
@@ -0,0 +1,35 @@
+{ config, lib, pkgs, ... }: {
+  options.ruben.gitserver = {
+    enable = lib.mkEnableOption "git server";
+  };
+
+  config = lib.mkIf (config.ruben.gitserver.enable)
+    {
+      users.users.git = {
+        isSystemUser = true;
+        group = "git";
+        home = "/var/lib/git-server";
+        createHome = true;
+        shell = "${pkgs.git}/bin/git-shell";
+        openssh.authorizedKeys.keys = [
+          "[email protected] AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGz2voOKRU2i2BECmdXRw+1okyV+Kwm6PSN0ghaD8zuqAAAABHNzaDo="
+          "[email protected] AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPsnp3qCYwCpb49UptuZ8csHzIZzZr0Buyl7uVW9udFdAAAABHNzaDo="
+        ];
+        uid = 976;
+      };
+      users.groups.git.gid = 974;
+
+      services.openssh = {
+        enable = true;
+        extraConfig = ''
+          Match user git
+            AllowTcpForwarding no
+            AllowAgentForwarding no
+            PasswordAuthentication no
+            PermitTTY no
+            X11Forwarding no
+        '';
+      };
+    };
+}
+
diff --git a/services/services.nix b/services/services.nix
@@ -3,6 +3,7 @@
     ./filebrowser.nix
     ./fileserver.nix
     ./gatus.nix
+    ./gitserver.nix
     ./homer.nix
     ./ssh.nix
     ./soft-serve.nix

diff --git a/services/ssh.nix b/services/ssh.nix
@@ -14,7 +14,10 @@
     openFirewall = true;
 
     /* allow root login for remote deploy aka. rebuild-switch  */
-    settings.AllowUsers = [ "ruben" "root" ] ++ lib.ifEnable config.ruben.phone-backup.enable [ "phone-backup" ] ++ lib.ifEnable config.ruben.fileserver.enable [ "fileserver" ];
+    settings.AllowUsers = [ "ruben" "root" ]
+      ++ lib.ifEnable config.ruben.phone-backup.enable [ "phone-backup" ]
+      ++ lib.ifEnable config.ruben.fileserver.enable [ "fileserver" ]
+      ++ lib.ifEnable config.ruben.gitserver.enable [ "git" ];
     settings.PermitRootLogin = "yes";
 
     /* require public key authentication for better security */