From c33823a0a45cb6207e9b82ac475051ef769a1bb5 Mon Sep 17 00:00:00 2001 From: John Bargman Date: Wed, 15 Apr 2026 07:44:13 +0000 Subject: services/cgit: add declarative public repo markers via Nix Use strict-export=git-daemon-export-ok for visibility control. Public repos: testing, nixtaml, nixtaml-website Private repos: crash-web, gitolite-admin (SSH auth only) Never make imperative changes - Nix is the source of truth.--- services/cgit.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/services/cgit.nix b/services/cgit.nix index e8e557e..a636ec2 100644 --- a/services/cgit.nix +++ b/services/cgit.nix @@ -82,6 +82,28 @@ ''; }; + # Declarative public repository markers + systemd.services.cgit-public-repos = { + description = "Mark public repositories for cgit visibility"; + wantedBy = [ "gitolite-init.service" ]; + after = [ "gitolite-init.service" ]; + serviceConfig = { + Type = "oneshot"; + User = "git"; + Group = "git"; + }; + script = '' + # Public repos - visible on cgit web interface + touch /var/lib/gitolite/repositories/testing.git/git-daemon-export-ok + touch /var/lib/gitolite/repositories/nixtaml.git/git-daemon-export-ok + touch /var/lib/gitolite/repositories/nixtaml-website.git/git-daemon-export-ok + + # Private repos - only accessible via SSH auth + rm -f /var/lib/gitolite/repositories/crash-web.git/git-daemon-export-ok + rm -f /var/lib/gitolite/repositories/gitolite-admin.git/git-daemon-export-ok + ''; + }; + environment.etc."cgitrc".text = '' virtual-root=/ @@ -135,6 +157,10 @@ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + # Public/private visibility control + # Only repos with git-daemon-export-ok file are visible on web + strict-export=git-daemon-export-ok + project-list=/var/lib/gitolite/projects.list scan-path=/var/lib/gitolite/repositories ''; -- cgit v1.2.3