feat: split out nix package/module

Signed-off-by: jolheiser <git@jolheiser.com>
main
jolheiser 2024-08-12 23:53:49 -05:00
parent 3faedb8236
commit 0ae76c9d74
No known key found for this signature in database
8 changed files with 304 additions and 622 deletions

View File

@ -1,44 +1,5 @@
{ {
"nodes": { "nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gomod2nix": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1717050755,
"narHash": "sha256-C9IEHABulv2zEDFA+Bf0E1nmfN4y6MIUe5eM2RCrDC0=",
"owner": "nix-community",
"repo": "gomod2nix",
"rev": "31b6d2e40b36456e792cd6cf50d5a8ddd2fa59a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "gomod2nix",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719379843, "lastModified": 1719379843,
@ -57,27 +18,11 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"gomod2nix": "gomod2nix",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"tailwind-ctp": "tailwind-ctp", "tailwind-ctp": "tailwind-ctp",
"tailwind-ctp-lsp": "tailwind-ctp-lsp" "tailwind-ctp-lsp": "tailwind-ctp-lsp"
} }
}, },
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tailwind-ctp": { "tailwind-ctp": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

188
flake.nix
View File

@ -3,10 +3,6 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
gomod2nix = {
url = "github:nix-community/gomod2nix";
inputs.nixpkgs.follows = "nixpkgs";
};
tailwind-ctp = { tailwind-ctp = {
url = "git+https://git.jolheiser.com/tailwind-ctp"; url = "git+https://git.jolheiser.com/tailwind-ctp";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -17,172 +13,46 @@
}; };
}; };
outputs = { outputs =
{
self, self,
nixpkgs, nixpkgs,
gomod2nix,
tailwind-ctp, tailwind-ctp,
tailwind-ctp-lsp, tailwind-ctp-lsp,
} @ inputs: let }:
system = "x86_64-linux"; let
pkgs = nixpkgs.legacyPackages.${system}; systems = [
tailwind-ctp = inputs.tailwind-ctp.packages.${system}.default; "x86_64-linux"
tailwind-ctp-lsp = inputs.tailwind-ctp-lsp.packages.${system}.default; "i686-linux"
ugit = gomod2nix.legacyPackages.${system}.buildGoApplication rec { "x86_64-darwin"
name = "ugitd"; "aarch64-linux"
src = pkgs.nix-gitignore.gitignoreSource [] (builtins.path { "armv6l-linux"
inherit name; "armv7l-linux"
path = ./.;
});
pwd = ./.;
subPackages = ["cmd/ugitd" "cmd/ugit-uci"];
CGO_ENABLED = 0;
flags = [
"-trimpath"
]; ];
ldflags = [ forAllSystems = f: nixpkgs.lib.genAttrs systems f;
"-s" tctp = forAllSystems (system: tailwind-ctp.packages.${system}.default);
"-w" tctpl = forAllSystems (system: tailwind-ctp-lsp.packages.${system}.default);
"-extldflags -static" in
]; {
meta = with pkgs.lib; { packages = forAllSystems (system: import ./nix { pkgs = import nixpkgs { inherit system; }; });
description = "Minimal git server"; devShells = forAllSystems (
homepage = "https://git.jolheiser.com/ugit"; system:
maintainers = with maintainers; [jolheiser]; let
mainProgram = "ugitd"; pkgs = import nixpkgs { inherit system; };
}; in
}; {
in { default = pkgs.mkShell {
packages.${system}.default = ugit;
devShells.${system}.default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
go go
gopls gopls
gomod2nix.legacyPackages.${system}.gomod2nix
templ templ
tailwind-ctp tctp.${system}
tailwind-ctp-lsp tctpl.${system}
vscode-langservers-extracted vscode-langservers-extracted
]; ];
}; };
nixosModules.default = { }
pkgs, );
lib, nixosModules.default = import ./nix/module.nix;
config,
...
}: let
cfg = config.services.ugit;
yamlFormat = pkgs.formats.yaml {};
configFile = pkgs.writeText "ugit.yaml" (builtins.readFile (yamlFormat.generate "ugit-yaml" cfg.config));
authorizedKeysFile = pkgs.writeText "ugit_keys" (builtins.concatStringsSep "\n" cfg.authorizedKeys);
in {
options = let
inherit (lib) mkEnableOption mkOption types;
in {
services.ugit = {
enable = mkEnableOption "Enable ugit";
package = mkOption {
type = types.package;
description = "ugit package to use";
default = ugit;
};
tsAuthKey = mkOption {
type = types.str;
description = "Tailscale one-time auth-key";
default = "";
};
repoDir = mkOption {
type = types.str;
description = "where ugit stores repositories";
default = "/var/lib/ugit/repos";
};
authorizedKeys = mkOption {
type = types.listOf types.str;
description = "list of keys to use for authorized_keys";
default = [];
};
authorizedKeysFile = mkOption {
type = types.str;
description = "path to authorized_keys file ugit uses for auth";
default = "/var/lib/ugit/authorized_keys";
};
hostKeyFile = mkOption {
type = types.str;
description = "path to host key file (will be created if it doesn't exist)";
default = "/var/lib/ugit/ugit_ed25519";
};
config = mkOption {
type = types.attrs;
default = {};
description = "config.yaml contents";
};
user = mkOption {
type = types.str;
default = "ugit";
description = "User account under which ugit runs";
};
group = mkOption {
type = types.str;
default = "ugit";
description = "Group account under which ugit runs";
};
openFirewall = mkOption {
type = types.bool;
default = false;
};
};
};
config = lib.mkIf cfg.enable {
users.users."${cfg.user}" = {
home = "/var/lib/ugit";
createHome = true;
group = "${cfg.group}";
isSystemUser = true;
isNormalUser = false;
description = "user for ugit service";
};
users.groups."${cfg.group}" = {};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [8448 8449];
};
systemd.services.ugit = {
enable = true;
script = let
authorizedKeysPath =
if (builtins.length cfg.authorizedKeys) > 0
then authorizedKeysFile
else cfg.authorizedKeysFile;
args = [
"--config=${configFile}"
"--repo-dir=${cfg.repoDir}"
"--ssh.authorized-keys=${authorizedKeysPath}"
"--ssh.host-key=${cfg.hostKeyFile}"
];
in "${cfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
wantedBy = ["multi-user.target"];
after = ["network.target"];
path = [cfg.package pkgs.git pkgs.bash];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Restart = "always";
RestartSec = "15";
WorkingDirectory = "/var/lib/ugit";
Environment = ["TS_AUTHKEY=${cfg.tsAuthKey}"];
};
};
};
};
}; };
} }

1
go.mod.sri 100644
View File

@ -0,0 +1 @@
sha256-F0NrjQA92ckDdEzlvXsycXLMOF/995CyzsSrR3j08Gs=

View File

@ -1,399 +0,0 @@
schema = 3
[mod]
[mod."dario.cat/mergo"]
version = "v1.0.0"
hash = "sha256-jlpc8dDj+DmiOU4gEawBu8poJJj9My0s9Mvuk9oS8ww="
[mod."filippo.io/edwards25519"]
version = "v1.1.0"
hash = "sha256-9ACANrgWZSd5HYPfDZHY8DVbPSC9LOMgy8deq3rDOoc="
[mod."github.com/Microsoft/go-winio"]
version = "v0.6.1"
hash = "sha256-BL0BVaHtmPKQts/711W59AbHXjGKqFS4ZTal0RYnR9I="
[mod."github.com/ProtonMail/go-crypto"]
version = "v1.0.0"
hash = "sha256-Gflazvyv+457FpUTtPafJ+SdolYSalpsU0tragTxNi8="
[mod."github.com/a-h/templ"]
version = "v0.2.543"
hash = "sha256-1BvIj9UPZJp8SOXMPIGdHyZLIvjORHg2UY3pRZJM01s="
[mod."github.com/akutz/memconn"]
version = "v0.1.0"
hash = "sha256-WOs/RQYjQbn41ui8ztHgWSd4jxydE+fvIrl/0dmHD9Y="
[mod."github.com/alecthomas/chroma/v2"]
version = "v2.12.0"
hash = "sha256-w3gKGPwsoayknuU4ifPaF0JOMNqnKjIEutbIkR9c2Ag="
[mod."github.com/alexbrainman/sspi"]
version = "v0.0.0-20231016080023-1a75b4708caa"
hash = "sha256-Joa/NfBofK7lRlknQ5LVYD4M/dpd9xaCqsvYUBhKW0I="
[mod."github.com/anmitsu/go-shlex"]
version = "v0.0.0-20200514113438-38f4b401e2be"
hash = "sha256-L3Ak4X2z7WXq7vMKuiHCOJ29nlpajUQ08Sfb9T0yP54="
[mod."github.com/aws/aws-sdk-go-v2"]
version = "v1.24.1"
hash = "sha256-qZDUrodVDWWtdQ6zYuNHxpXt2quK56pPoZsKdRGmYzk="
[mod."github.com/aws/aws-sdk-go-v2/config"]
version = "v1.26.5"
hash = "sha256-RAXQlnUAsxgi2BndS+Uh2Cw+TCbtUx9BB0Tqqz50rLE="
[mod."github.com/aws/aws-sdk-go-v2/credentials"]
version = "v1.16.16"
hash = "sha256-qjtE3/VxNAEtS68nLXULgjO+LO3EkayGkr2iU300xdA="
[mod."github.com/aws/aws-sdk-go-v2/feature/ec2/imds"]
version = "v1.14.11"
hash = "sha256-j8LHZYM+rBmWHV1PT/H6lDL/3vgBqvQxoY2bVuOi7zo="
[mod."github.com/aws/aws-sdk-go-v2/internal/configsources"]
version = "v1.2.10"
hash = "sha256-fhrws72g+ecgXnkiip0GQ206XfVdxDA7/Rz9X3nvgd8="
[mod."github.com/aws/aws-sdk-go-v2/internal/endpoints/v2"]
version = "v2.5.10"
hash = "sha256-Rbj+matn96a/3Nj8EpLgrTycSV+331+WWJd5Lpk1LlQ="
[mod."github.com/aws/aws-sdk-go-v2/internal/ini"]
version = "v1.7.2"
hash = "sha256-6ev22rRSz4TuoX1AoCDr67qA15kg+cHMuQeTXwp8AFg="
[mod."github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding"]
version = "v1.10.4"
hash = "sha256-Wvbil3pNKlCyn0SWNXCobxzJGeE+2Eb7GNP2OZATTfY="
[mod."github.com/aws/aws-sdk-go-v2/service/internal/presigned-url"]
version = "v1.10.10"
hash = "sha256-vUSnrZzo3mzfZsthjjZRmGNrXkQ4D2B7Glzu66N5MrQ="
[mod."github.com/aws/aws-sdk-go-v2/service/ssm"]
version = "v1.44.7"
hash = "sha256-U7XGN5O0Ksp6O3a2Nkb0WinTwuIHjCw5UNSwPjrMo8k="
[mod."github.com/aws/aws-sdk-go-v2/service/sso"]
version = "v1.18.7"
hash = "sha256-+1q43+9Cx/K3/T+LJJLV1h2PLHsG/YKHUSgwC5r3uNQ="
[mod."github.com/aws/aws-sdk-go-v2/service/ssooidc"]
version = "v1.21.7"
hash = "sha256-aoolSWOU3Sb3weV2yf2wACuh3fYaUmyGXCZ2dTvcg4A="
[mod."github.com/aws/aws-sdk-go-v2/service/sts"]
version = "v1.26.7"
hash = "sha256-0LGfjSa65wNKuV/TH66XfN/uF4lZF9bSszbfTFWcLjY="
[mod."github.com/aws/smithy-go"]
version = "v1.19.0"
hash = "sha256-KsQMOHJFIXRF+8c4WxiXA/u1Ok6hEF6eylvnfdRGivg="
[mod."github.com/aymanbagabas/go-osc52/v2"]
version = "v2.0.1"
hash = "sha256-6Bp0jBZ6npvsYcKZGHHIUSVSTAMEyieweAX2YAKDjjg="
[mod."github.com/bits-and-blooms/bitset"]
version = "v1.13.0"
hash = "sha256-1jccFEH9In72Jt3wSn4vi4/MJd/UDfDrC9DlmsGVc9o="
[mod."github.com/charmbracelet/bubbletea"]
version = "v0.25.0"
hash = "sha256-A0WjFRFAUhwO3m7uvCOeefPPIM8ReU+xTtIRxG0aH+Y="
[mod."github.com/charmbracelet/keygen"]
version = "v0.5.0"
hash = "sha256-JFD2SdFL7tq3oVhnBEgiBTrJvjqdUtIuodAJuSFcJoA="
[mod."github.com/charmbracelet/lipgloss"]
version = "v0.9.1"
hash = "sha256-AHbabOymgDRIXsMBgJHS25/GgBWT54oGbd15EBWKeZc="
[mod."github.com/charmbracelet/log"]
version = "v0.3.1"
hash = "sha256-Er60POPID2eNrRZnBHxoI4yHn0mIKnXYftGKSslbXx0="
[mod."github.com/charmbracelet/ssh"]
version = "v0.0.0-20240201134204-3f297de25560"
hash = "sha256-r4h4bym47rs3C2us+sCgVfwAl4TCbm3bDCTsXKYREz8="
[mod."github.com/charmbracelet/wish"]
version = "v1.3.0"
hash = "sha256-3Uq1PDu5DMoWgJykFx/roGk20x8jdb7o5JFPpmEtX/c="
[mod."github.com/charmbracelet/x/errors"]
version = "v0.0.0-20240130180102-bafe6fbaee60"
hash = "sha256-GO8hf0lhVtl00C+xoTzvBtPU2cO0PymSLc2szBRUNtE="
[mod."github.com/charmbracelet/x/exp/term"]
version = "v0.0.0-20240130180102-bafe6fbaee60"
hash = "sha256-hEj/Gj1U1ahk5EFVZVAL52yrdBNO47yXykpiehJICbc="
[mod."github.com/cloudflare/circl"]
version = "v1.3.7"
hash = "sha256-AkOpcZ+evLxLJStvvr01+TLeWDqcLxY3e/AhGggzh40="
[mod."github.com/containerd/console"]
version = "v1.0.4-0.20230706203907-8f6c4e4faef5"
hash = "sha256-mxRERsgS6TmI5I0UYblhzl2FZlbtkJhUkfF1x6mZINw="
[mod."github.com/coreos/go-iptables"]
version = "v0.7.1-0.20240112124308-65c67c9f46e6"
hash = "sha256-kjnry8ld5Keew5q+tX7GSdGVZaXlehs2Lt+z8Rokhns="
[mod."github.com/creack/pty"]
version = "v1.1.21"
hash = "sha256-pjGw6wQlrVhN65XaIxZueNJqnXThGu00u24rKOLzxS0="
[mod."github.com/cyphar/filepath-securejoin"]
version = "v0.2.4"
hash = "sha256-heCD0xMxlwnHCHcRBgTjVexHOLyWI2zRW3E8NFKoLzk="
[mod."github.com/dblohm7/wingoes"]
version = "v0.0.0-20240119213807-a09d6be7affa"
hash = "sha256-zUj7jSZQiX53+4OyRq7LaQXp8nx8+JRpyT6IFdktyw0="
[mod."github.com/digitalocean/go-smbios"]
version = "v0.0.0-20180907143718-390a4f403a8e"
hash = "sha256-Hgx1ML3rigdYXx5ntnEYD5JEk6kJv1cL0+/GDbnPkbo="
[mod."github.com/dlclark/regexp2"]
version = "v1.10.0"
hash = "sha256-Jxzj/O/Q9tIWBOOgCkCibhrgJBzzfVIxYDsabt7O8ow="
[mod."github.com/dustin/go-humanize"]
version = "v1.0.1"
hash = "sha256-yuvxYYngpfVkUg9yAmG99IUVmADTQA0tMbBXe0Fq0Mc="
[mod."github.com/emirpasic/gods"]
version = "v1.18.1"
hash = "sha256-hGDKddjLj+5dn2woHtXKUdd49/3xdsqnhx7VEdCu1m4="
[mod."github.com/fxamacker/cbor/v2"]
version = "v2.5.0"
hash = "sha256-2rhvuNZjeidDP+Og6Q0u4ROiaPrEOjoI5wCb17XRnOQ="
[mod."github.com/gaissmai/bart"]
version = "v0.4.1"
hash = "sha256-Zz+8yx+y6QtF2raJo01ldzKIlqfxLX3eqLr6ub+Byzw="
[mod."github.com/go-chi/chi/v5"]
version = "v5.0.11"
hash = "sha256-95LKg/OVzhik2HUz6cirHH3eAT4qbHSg52bSvkc+XOY="
[mod."github.com/go-chi/httplog/v2"]
version = "v2.1.1"
hash = "sha256-bMpoHUSNk3Uds9NfrStwhDsdCONR4pJso9sVUhqfidk="
[mod."github.com/go-git/gcfg"]
version = "v1.5.1-0.20230307220236-3a3c6141e376"
hash = "sha256-f4k0gSYuo0/q3WOoTxl2eFaj7WZpdz29ih6CKc8Ude8="
[mod."github.com/go-git/go-billy/v5"]
version = "v5.5.0"
hash = "sha256-4XUoD2bOCMCdu83egb/y8kY/Fm0s1rWgPMtiahh38OQ="
[mod."github.com/go-git/go-git/v5"]
version = "v5.11.0"
hash = "sha256-2yUM/FlV+nYxacVynJCnDZeMub4Iu8JL2WBHmlnwOkE="
[mod."github.com/go-json-experiment/json"]
version = "v0.0.0-20231102232822-2e55bd4e08b0"
hash = "sha256-ltOLec3r0dGA/k1TTrQjuMuHxdxBlALkfLbdKuUNvmg="
[mod."github.com/go-logfmt/logfmt"]
version = "v0.6.0"
hash = "sha256-RtIG2qARd5sT10WQ7F3LR8YJhS8exs+KiuUiVf75bWg="
[mod."github.com/go-ole/go-ole"]
version = "v1.3.0"
hash = "sha256-tF8t3VcV71jQ4jbPL91BwR59AKDpUAFV1waIKzkXJu8="
[mod."github.com/godbus/dbus/v5"]
version = "v5.1.1-0.20230522191255-76236955d466"
hash = "sha256-OdcyeoGQ4xWUpl21WKXkbAm8yZHMDp8giY02arupjb4="
[mod."github.com/golang/groupcache"]
version = "v0.0.0-20210331224755-41bb18bfe9da"
hash = "sha256-7Gs7CS9gEYZkbu5P4hqPGBpeGZWC64VDwraSKFF+VR0="
[mod."github.com/google/btree"]
version = "v1.1.2"
hash = "sha256-K7V2obq3pLM71Mg0vhhHtZ+gtaubwXPQx3xcIyZDCjM="
[mod."github.com/google/go-cmp"]
version = "v0.6.0"
hash = "sha256-qgra5jze4iPGP0JSTVeY5qV5AvEnEu39LYAuUCIkMtg="
[mod."github.com/google/nftables"]
version = "v0.2.1-0.20240414091927-5e242ec57806"
hash = "sha256-OXMzx4Exf++E4UzCUE1gw3TOrfyI187cFu3cDZ9ifKU="
[mod."github.com/google/uuid"]
version = "v1.6.0"
hash = "sha256-VWl9sqUzdOuhW0KzQlv0gwwUQClYkmZwSydHG2sALYw="
[mod."github.com/gorilla/csrf"]
version = "v1.7.2"
hash = "sha256-pzOWbw8AOjhdRJYKlPBfh1j9a8TGNxgrlS4AmZpE1s8="
[mod."github.com/gorilla/securecookie"]
version = "v1.1.2"
hash = "sha256-KeMHNM9emxX+N0WYiZsTii7n8sNsmjWwbnQ9SaJfTKE="
[mod."github.com/hdevalence/ed25519consensus"]
version = "v0.2.0"
hash = "sha256-KTbeKMOT/HCJjDHqyciQjJPPgpNk6H0VyQCCbeGgs7Y="
[mod."github.com/illarion/gonotify"]
version = "v1.0.1"
hash = "sha256-73KDUfk5iNo12u+nNN2H4UTfJ1FlLifahnFNPzV1P/k="
[mod."github.com/insomniacslk/dhcp"]
version = "v0.0.0-20231206064809-8c70d406f6d2"
hash = "sha256-PHiso7HGNjCGbGdZ7TMGnSGzPDUTpvWpqAccoKPAaWM="
[mod."github.com/jbenet/go-context"]
version = "v0.0.0-20150711004518-d14ea06fba99"
hash = "sha256-VANNCWNNpARH/ILQV9sCQsBWgyL2iFT+4AHZREpxIWE="
[mod."github.com/jmespath/go-jmespath"]
version = "v0.4.0"
hash = "sha256-xpT9g2qIXmPq7eeHUXHiDqJeQoHCudh44G/KCSFbcuo="
[mod."github.com/josharian/native"]
version = "v1.1.1-0.20230202152459-5c7d0dd6ab86"
hash = "sha256-dgyrLXuM55z8FAoUjyt5TDlzim6HfphWo5wx1/DHLwE="
[mod."github.com/jsimonetti/rtnetlink"]
version = "v1.4.0"
hash = "sha256-GnrF2yxgm/h1JSTN1PwI4ysTl+oY0AyWzf3Ni7LZqRM="
[mod."github.com/kevinburke/ssh_config"]
version = "v1.2.0"
hash = "sha256-Ta7ZOmyX8gG5tzWbY2oES70EJPfI90U7CIJS9EAce0s="
[mod."github.com/klauspost/compress"]
version = "v1.17.4"
hash = "sha256-5E7dDtDKfL3jy7zJxHBMV57WlHZrP/OoEX5e6cOPba0="
[mod."github.com/kortschak/wol"]
version = "v0.0.0-20200729010619-da482cc4850a"
hash = "sha256-lnr9r/KNv4EeeNohFImC3Vd5E9nJ0N+4ZZ0VHFjwHps="
[mod."github.com/lucasb-eyer/go-colorful"]
version = "v1.2.0"
hash = "sha256-Gg9dDJFCTaHrKHRR1SrJgZ8fWieJkybljybkI9x0gyE="
[mod."github.com/mattn/go-isatty"]
version = "v0.0.20"
hash = "sha256-qhw9hWtU5wnyFyuMbKx+7RB8ckQaFQ8D+8GKPkN3HHQ="
[mod."github.com/mattn/go-localereader"]
version = "v0.0.1"
hash = "sha256-JlWckeGaWG+bXK8l8WEdZqmSiTwCA8b1qbmBKa/Fj3E="
[mod."github.com/mattn/go-runewidth"]
version = "v0.0.15"
hash = "sha256-WP39EU2UrQbByYfnwrkBDoKN7xzXsBssDq3pNryBGm0="
[mod."github.com/mdlayher/genetlink"]
version = "v1.3.2"
hash = "sha256-pgwXkyDY1dlB8tmV1lQ0Bz/2g0zmJOyXvQjacACy924="
[mod."github.com/mdlayher/netlink"]
version = "v1.7.2"
hash = "sha256-08qlkKvG1+XFY3MDx7M1jdvaDMsmF9qv5/xMNaw3snc="
[mod."github.com/mdlayher/sdnotify"]
version = "v1.0.0"
hash = "sha256-O7MJt6Bam2bUoede07Z1T6EtW+kCJ+/4dJtYopZct1s="
[mod."github.com/mdlayher/socket"]
version = "v0.5.0"
hash = "sha256-3zEbix66G+LQ2xAQW9XmkyubK9R+Vwnm09H5fqqLC7w="
[mod."github.com/miekg/dns"]
version = "v1.1.58"
hash = "sha256-UGvyC1Abh2S5VaAUCV9AUuDMrCvpiWQy/UnYM9DfIB8="
[mod."github.com/mitchellh/go-ps"]
version = "v1.0.0"
hash = "sha256-HzxVHNLHZpnsBuPcub0G+9jjDcDOsxM/6wifbsxf7EY="
[mod."github.com/muesli/ansi"]
version = "v0.0.0-20230316100256-276c6243b2f6"
hash = "sha256-qRKn0Bh2yvP0QxeEMeZe11Vz0BPFIkVcleKsPeybKMs="
[mod."github.com/muesli/cancelreader"]
version = "v0.2.2"
hash = "sha256-uEPpzwRJBJsQWBw6M71FDfgJuR7n55d/7IV8MO+rpwQ="
[mod."github.com/muesli/reflow"]
version = "v0.3.0"
hash = "sha256-Pou2ybE9SFSZG6YfZLVV1Eyfm+X4FuVpDPLxhpn47Cc="
[mod."github.com/muesli/termenv"]
version = "v0.15.2"
hash = "sha256-Eum/SpyytcNIchANPkG4bYGBgcezLgej7j/+6IhqoMU="
[mod."github.com/peterbourgon/ff/v3"]
version = "v3.4.0"
hash = "sha256-rmRl4GSmc2atnMbw6hTs6jwxW5lO4ivYuF2VN3jacZM="
[mod."github.com/pierrec/lz4/v4"]
version = "v4.1.21"
hash = "sha256-u47Lm4tN2ChGDLGyR+Jpi/Mi0bOFBVT6PTpPFdu2rMU="
[mod."github.com/pjbgf/sha1cd"]
version = "v0.3.0"
hash = "sha256-kX9BdLh2dxtGNaDvc24NORO+C0AZ7JzbrXrtecCdB7w="
[mod."github.com/prometheus-community/pro-bing"]
version = "v0.4.0"
hash = "sha256-3TH0wB85OITw3uzTcEva2EcEF6jNf98sAoSOsnL2G9g="
[mod."github.com/rivo/uniseg"]
version = "v0.4.6"
hash = "sha256-zGfzO8FWj03POzo47SzrK1B4yLMKJ7iic6ium76ZLzI="
[mod."github.com/safchain/ethtool"]
version = "v0.3.0"
hash = "sha256-q5bQGHB7cyEejA9tQkrhpvzpfYRvXcmClbWBgfs3Ymc="
[mod."github.com/sergi/go-diff"]
version = "v1.3.1"
hash = "sha256-XLA/BLIPuUU76yikXqIeRSXr7T7A3Uz6I27+mDxGj7w="
[mod."github.com/skeema/knownhosts"]
version = "v1.2.1"
hash = "sha256-u0jB6ahTdGa+SvcIvPNRLnbSHvgmW9X/ThRq0nWQrJs="
[mod."github.com/tailscale/certstore"]
version = "v0.1.1-0.20231202035212-d3fa0460f47e"
hash = "sha256-Q0HLTQPRsIizRqvdBBaLGoLascQiSpQm+X3NW3ytpDQ="
[mod."github.com/tailscale/go-winio"]
version = "v0.0.0-20231025203758-c4f33415bf55"
hash = "sha256-WFW20c02gIk2MhafeVVNydmSfszPZegshDd2Y5abGgY="
[mod."github.com/tailscale/golang-x-crypto"]
version = "v0.0.0-20240604161659-3fde5e568aa4"
hash = "sha256-vIrSd0emexe1lcjJqLbEtg7/TaZDnpGrDs96mxjANyE="
[mod."github.com/tailscale/goupnp"]
version = "v1.0.1-0.20210804011211-c64d0f06ea05"
hash = "sha256-PRMJcYY+wjpbHkC9dQWTPErh2ID29UnFxehxmYR704I="
[mod."github.com/tailscale/hujson"]
version = "v0.0.0-20221223112325-20486734a56a"
hash = "sha256-q9c2IjwbL0IgYPznVpQP1XT/8lrzH1niI3E+wjNcf5Y="
[mod."github.com/tailscale/netlink"]
version = "v1.1.1-0.20211101221916-cabfb018fe85"
hash = "sha256-bMK5qqObMcxIbPy5XhOZP8TGDaXvDAHsE0FR68VMLi8="
[mod."github.com/tailscale/peercred"]
version = "v0.0.0-20240214030740-b535050b2aa4"
hash = "sha256-82cdwvTUr47qMP2MHiMdY5O8vr/hA2aJ/KW2VTu97KI="
[mod."github.com/tailscale/web-client-prebuilt"]
version = "v0.0.0-20240226180453-5db17b287bf1"
hash = "sha256-iE8PCr0At4P75cG7dDa6fwhARJUIUw9pwvgtQNMOjAA="
[mod."github.com/tailscale/wireguard-go"]
version = "v0.0.0-20240429185444-03c5a0ccf754"
hash = "sha256-XhfEG8esndgZDoI2AeRvs95XRYiIrj/0NiVDBpOcacY="
[mod."github.com/tcnksm/go-httpstat"]
version = "v0.2.0"
hash = "sha256-bCWn8E+DcZY6+yPu07AF3hCcDZx3CFdD74qfpDIgVqI="
[mod."github.com/u-root/u-root"]
version = "v0.12.0"
hash = "sha256-B9Qoq1S0l0W6twET54uxiWjh2ulxN/zMLAeWJX4cXW0="
[mod."github.com/u-root/uio"]
version = "v0.0.0-20240118234441-a3c409a6018e"
hash = "sha256-rUjQMG+HprbgHKzrIPFrQ6S3BCEyYQyUbA/D72mY8iU="
[mod."github.com/vishvananda/netlink"]
version = "v1.2.1-beta.2"
hash = "sha256-ePReedgYT0KuAx/HOUgG76zDZ2XpW/u8bGlsWysxKzE="
[mod."github.com/vishvananda/netns"]
version = "v0.0.4"
hash = "sha256-tEba2cxyk3GdCYvEIttQ8aZCzHcB0ZiUt6fUEARDkWU="
[mod."github.com/x448/float16"]
version = "v0.8.4"
hash = "sha256-VKzMTMS9pIB/cwe17xPftCSK9Mf4Y6EuBEJlB4by5mE="
[mod."github.com/xanzy/ssh-agent"]
version = "v0.3.3"
hash = "sha256-l3pGB6IdzcPA/HLk93sSN6NM2pKPy+bVOoacR5RC2+c="
[mod."github.com/yuin/goldmark"]
version = "v1.6.0"
hash = "sha256-0PeGjGxxM7lUSx2dn8yPUBpilPQzEN9nkgf3s+5zGTY="
[mod."github.com/yuin/goldmark-emoji"]
version = "v1.0.2"
hash = "sha256-RvzhNXlF98fu9SD/Rve9JMtR4bcRh7rN56Twhh/kmt4="
[mod."github.com/yuin/goldmark-highlighting/v2"]
version = "v2.0.0-20230729083705-37449abec8cc"
hash = "sha256-HpiwU7jIeDUAg2zOpTIiviQir8dpRPuXYh2nqFFccpg="
[mod."go.jolheiser.com/tailroute"]
version = "v0.0.0-20240726150858-67ef456b46b5"
hash = "sha256-NJBg8m3ukwBycuXj3lUtTclX1kmdw3xBW+YCKnPuU8g="
[mod."go4.org/mem"]
version = "v0.0.0-20220726221520-4f986261bf13"
hash = "sha256-H2Fsuvzbqp/6JKzC03XPTQTSQBcGs+B5VGsBjrQDY3c="
[mod."go4.org/netipx"]
version = "v0.0.0-20231129151722-fdeea329fbba"
hash = "sha256-qFrVlacz5R3Lpkzqeg1/1MYew3DJzY9hG0Uh/ua+SOU="
[mod."golang.org/x/crypto"]
version = "v0.21.0"
hash = "sha256-Z4k1LvFh4Jai7HUe6TTuXSG3VnuiRpMwdARIdZZqSYk="
[mod."golang.org/x/exp"]
version = "v0.0.0-20240119083558-1b970713d09a"
hash = "sha256-JQ3JLywTjgboNhs12blhOkS3ty7m8sUa/zaWv1k/X28="
[mod."golang.org/x/mod"]
version = "v0.16.0"
hash = "sha256-aN1Cz5Wqd9YCjK8nFW6JWn+n1HfFoEcgYZmGO/FYtbw="
[mod."golang.org/x/net"]
version = "v0.23.0"
hash = "sha256-ZB4504rtgsHbcRfijjlqt4/2ddb8tyQB5IBn126uVTQ="
[mod."golang.org/x/sync"]
version = "v0.6.0"
hash = "sha256-LLims/wjDZtIqlYCVHREewcUOX4hwRwplEuZKPOJ/HI="
[mod."golang.org/x/sys"]
version = "v0.19.0"
hash = "sha256-cmuL31TYLJmDm/fDnI2Sn0wB88cpdOHV1+urorsJWx4="
[mod."golang.org/x/term"]
version = "v0.18.0"
hash = "sha256-lpze9arFZIhBV8Ht3VZyoiUwqPkeH2IwfXt8M3xljiM="
[mod."golang.org/x/text"]
version = "v0.14.0"
hash = "sha256-yh3B0tom1RfzQBf1RNmfdNWF1PtiqxV41jW1GVS6JAg="
[mod."golang.org/x/time"]
version = "v0.5.0"
hash = "sha256-W6RgwgdYTO3byIPOFxrP2IpAZdgaGowAaVfYby7AULU="
[mod."golang.org/x/tools"]
version = "v0.19.0"
hash = "sha256-Xf05Ao398gBzxn5C8H6x+XsLjFLIm+UUfpDekQYA0cw="
[mod."golang.zx2c4.com/wintun"]
version = "v0.0.0-20230126152724-0fa3db229ce2"
hash = "sha256-cjMLNjKnnupVROWmeASORVieAL9ieYdzX3cFzG8bCpo="
[mod."golang.zx2c4.com/wireguard/windows"]
version = "v0.5.3"
hash = "sha256-wcJWS/4Fqbc+1RHSntex0zBdlHiZfzrea4QabYkNKvU="
[mod."gopkg.in/warnings.v0"]
version = "v0.1.2"
hash = "sha256-ATVL9yEmgYbkJ1DkltDGRn/auGAjqGOfjQyBYyUo8s8="
[mod."gopkg.in/yaml.v2"]
version = "v2.4.0"
hash = "sha256-uVEGglIedjOIGZzHW4YwN1VoRSTK8o0eGZqzd+TNdd0="
[mod."gvisor.dev/gvisor"]
version = "v0.0.0-20240306221502-ee1e1f6070e3"
hash = "sha256-veCyTYMx5N/K7xU86GgQupjAjjiL3hlvIjz+jhBFM/0="
[mod."nhooyr.io/websocket"]
version = "v1.8.10"
hash = "sha256-EsUWUFIA2uJTap1DfsYuSxlPMH3UHDpxEohJMalDOcI="
[mod."tailscale.com"]
version = "v1.68.2"
hash = "sha256-GdYdZ/FA2m0dw5maZ9QFkiMo89UZtnzjUoWK+fLLV/c="

10
nix/default.nix 100644
View File

@ -0,0 +1,10 @@
{
pkgs ? import <nixpkgs>,
}:
let
pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; };
in
{
ugit = pkg;
default = pkg;
}

196
nix/module.nix 100644
View File

@ -0,0 +1,196 @@
{
pkgs,
lib,
config,
...
}:
let
cfg = config.services.ugit;
pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; };
yamlFormat = pkgs.formats.yaml { };
configFile = pkgs.writeText "ugit.yaml" (
builtins.readFile (yamlFormat.generate "ugit-yaml" cfg.config)
);
authorizedKeysFile = pkgs.writeText "ugit_keys" (builtins.concatStringsSep "\n" cfg.authorizedKeys);
in
{
options =
let
inherit (lib) mkEnableOption mkOption types;
in
{
services.ugit = {
enable = mkEnableOption "Enable ugit";
package = mkOption {
type = types.package;
description = "ugit package to use";
default = pkg;
};
tsAuthKey = mkOption {
type = types.str;
description = "Tailscale one-time auth-key";
default = "";
};
repoDir = mkOption {
type = types.str;
description = "where ugit stores repositories";
default = "/var/lib/ugit/repos";
};
authorizedKeys = mkOption {
type = types.listOf types.str;
description = "list of keys to use for authorized_keys";
default = [ ];
};
authorizedKeysFile = mkOption {
type = types.str;
description = "path to authorized_keys file ugit uses for auth";
default = "/var/lib/ugit/authorized_keys";
};
hostKeyFile = mkOption {
type = types.str;
description = "path to host key file (will be created if it doesn't exist)";
default = "/var/lib/ugit/ugit_ed25519";
};
config = mkOption {
type = types.attrs;
default = { };
description = "config.yaml contents";
};
user = mkOption {
type = types.str;
default = "ugit";
description = "User account under which ugit runs";
};
group = mkOption {
type = types.str;
default = "ugit";
description = "Group account under which ugit runs";
};
openFirewall = mkOption {
type = types.bool;
default = false;
};
hooks = mkOption {
type = types.listOf (
types.submodule {
options = {
name = mkOption {
type = types.str;
description = "Hook name";
};
content = mkOption {
type = types.str;
description = "Hook contents";
};
};
}
);
description = "A list of pre-receive hooks to run";
default = [ ];
};
};
};
config = lib.mkIf cfg.enable {
users.users."${cfg.user}" = {
home = "/var/lib/ugit";
createHome = true;
group = "${cfg.group}";
isSystemUser = true;
isNormalUser = false;
description = "user for ugit service";
};
users.groups."${cfg.group}" = { };
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [
8448
8449
];
};
systemd.services = {
ugit = {
enable = true;
script =
let
authorizedKeysPath =
if (builtins.length cfg.authorizedKeys) > 0 then authorizedKeysFile else cfg.authorizedKeysFile;
args = [
"--config=${configFile}"
"--repo-dir=${cfg.repoDir}"
"--ssh.authorized-keys=${authorizedKeysPath}"
"--ssh.host-key=${cfg.hostKeyFile}"
];
in
"${cfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = [
cfg.package
pkgs.git
pkgs.bash
];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Restart = "always";
RestartSec = "15";
WorkingDirectory = "/var/lib/ugit";
Environment = [ "TS_AUTHKEY=${cfg.tsAuthKey}" ];
};
};
ugit-hooks = {
wantedBy = [ "multi-user.target" ];
after = [ "ugit.service" ];
requires = [ "ugit.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart =
let
script = pkgs.writeShellScript "ugit-hooks-link" (
builtins.concatStringsSep "\n" (
map (
hook:
let
script = pkgs.writeShellScript hook.name hook.content;
path = "${cfg.repoDir}/hooks/pre-receive.d/${hook.name}";
in
"ln -s ${script} ${path}"
) cfg.hooks
)
);
in
"${script}";
};
};
};
systemd.tmpfiles.settings.ugit = builtins.listToAttrs (
map (
hook:
let
script = pkgs.writeShellScript hook.name hook.content;
path = "${cfg.repoDir}/hooks/pre-receive.d/${hook.name}";
in
{
name = path;
value = {
"L" = {
argument = "${script}";
};
};
}
) cfg.hooks
);
};
}

33
nix/pkg.nix 100644
View File

@ -0,0 +1,33 @@
{
pkgs ? import <nixpkgs>,
}:
let
name = "ugitd";
in
pkgs.buildGoModule {
pname = name;
version = "main";
src = pkgs.nix-gitignore.gitignoreSource [ ] (
builtins.path {
inherit name;
path = ../.;
}
);
subPackages = [
"cmd/ugitd"
"cmd/ugit-uci"
];
vendorHash = pkgs.lib.fileContents ../go.mod.sri;
CGO_ENABLED = 0;
flags = [ "-trimpath" ];
ldflags = [
"-s"
"-w"
"-extldflags -static"
];
meta = {
description = "Minimal git server";
homepage = "https://git.jolheiser.com/ugit";
mainProgram = "ugitd";
};
}

26
nix/test.nix 100644
View File

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
imports = [ ./module.nix ];
users.users.jolheiser = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialPassword = "test";
};
services.ugit = {
enable = true;
hooks = [
{
name = "pre-receive";
content = ''
echo "Pre-receive hook executed"
'';
}
{
name = "ugit-uci";
content = "${config.services.ugit.package}/bin/ugit-uci";
}
];
};
}