summaryrefslogtreecommitdiff
path: root/services
diff options
context:
space:
mode:
Diffstat (limited to 'services')
-rw-r--r--services/cgit.nix26
1 files changed, 26 insertions, 0 deletions
diff --git a/services/cgit.nix b/services/cgit.nix
index e8e557e..a636ec2 100644
--- a/services/cgit.nix
+++ b/services/cgit.nix
@@ -82,6 +82,28 @@
'';
};
+ # Declarative public repository markers
+ systemd.services.cgit-public-repos = {
+ description = "Mark public repositories for cgit visibility";
+ wantedBy = [ "gitolite-init.service" ];
+ after = [ "gitolite-init.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ User = "git";
+ Group = "git";
+ };
+ script = ''
+ # Public repos - visible on cgit web interface
+ touch /var/lib/gitolite/repositories/testing.git/git-daemon-export-ok
+ touch /var/lib/gitolite/repositories/nixtaml.git/git-daemon-export-ok
+ touch /var/lib/gitolite/repositories/nixtaml-website.git/git-daemon-export-ok
+
+ # Private repos - only accessible via SSH auth
+ rm -f /var/lib/gitolite/repositories/crash-web.git/git-daemon-export-ok
+ rm -f /var/lib/gitolite/repositories/gitolite-admin.git/git-daemon-export-ok
+ '';
+ };
+
environment.etc."cgitrc".text = ''
virtual-root=/
@@ -135,6 +157,10 @@
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+ # Public/private visibility control
+ # Only repos with git-daemon-export-ok file are visible on web
+ strict-export=git-daemon-export-ok
+
project-list=/var/lib/gitolite/projects.list
scan-path=/var/lib/gitolite/repositories
'';