Setup git-server on antares

diff --git a/hosts/antares/configuration.nix b/hosts/antares/configuration.nix
index 494af512766d5ee9e3e130443d6bda22e4c51a8b..51511258108483d92676d28ce46a803511d9a879 100644 (file)
--- a/hosts/antares/configuration.nix
+++ b/hosts/antares/configuration.nix
@@ -22,6 +22,14 @@
       PasswordAuthentication = false;
       PermitRootLogin = "no";
     };
+    extraConfig = ''
+      Match user git
+        AllowTcpForwarding no
+       AllowAgentForwarding no
+       PasswordAuthentication no
+       PermitTTY no
+       X11Forwarding no
+    '';
   };
 
   networking.hostName = "antares";
@@ -43,7 +51,13 @@
   };
 
   services.gitweb = {
-    projectroot = "/home/git";
+    projectroot = "/srv/git";
+    gitwebTheme = true;
+    extraConfig = ''
+      our $site_name = 'git.dkaiser.de';
+      $omit_owner = true;
+      $projects_list_description_width = 25;
+    '';
   };
 
   services.nginx = {
@@ -51,17 +65,13 @@
 
     gitweb = {
       enable = true;
-      virtualHost = "dkaiser.de";
+      location = "";
+      virtualHost = "git.dkaiser.de";
     };
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-
-    virtualHosts = "dkaiser.de" = {
-      forceSSL = true;
-      enableACME = true;
-    };
   };
 
   environment.systemPackages = map lib.lowPrio [
@@ -79,13 +89,18 @@
     ];
   };
   users.users.git = {
-    isNormalUser = true;
+    isSystemUser = true;
     description = "git";
-    extraGroups = [ ];
+    group = "git";
+    home = "/srv/git";
+    createHome = true;
+    shell = "${pkgs.git}/bin/git-shell";
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtL2eG098LhkFPR4N5e44XMq60uvCUCOuKMYs5zjg6f"
     ];
   };
 
+  users.groups.git = {};
+
   system.stateVersion = "24.05";
 }