ugit/nix/vm.nix

{ pkgs, ... }:
let
  privKey = ''
    -----BEGIN OPENSSH PRIVATE KEY-----
    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
    QyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQAAAIgAYtkzAGLZ
    MwAAAAtzc2gtZWQyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQ
    AAAEDFY3M69VfnFbyE67r3l4lDcf5eht5qgNemE9xtMhRkBkimYu1weEQJ6LWWzqzSQpR6
    GOlEI/3J6X9zlgIhvkOlAAAAAAECAwQF
    -----END OPENSSH PRIVATE KEY-----
  '';
  pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEimYu1weEQJ6LWWzqzSQpR6GOlEI/3J6X9zlgIhvkOl";
  sshConfig = ''
    Host ugit
        HostName localhost
        Port 8448
        User ugit
        IdentityFile ~/.ssh/vm
        IdentitiesOnly yes
  '';
in
{
  imports = [ ./module.nix ];
  environment.systemPackages = with pkgs; [ git ];
  services.getty.autologinUser = "root";
  services.openssh.enable = true;
  services.ugit.vm = {
    enable = true;
    authorizedKeys = [ pubKey ];
    hooks = [
      {
        name = "pre-receive";
        content = ''
          echo "Pre-receive hook executed"
        '';
      }
    ];
  };
  systemd.services."setup-vm" = {
    wantedBy = [ "multi-user.target" ];
    after = [ "ugit-vm.service" ];
    path = with pkgs; [
      git
    ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      User = "root";
      Group = "root";
      ExecStart =
        let
          privSSH = pkgs.writeText "vm-privkey" privKey;
          sshConfigFile = pkgs.writeText "vm-sshconfig" sshConfig;
        in
        pkgs.writeShellScript "setup-vm-script" ''
          # Hack to let ugit start up and generate its SSH keypair
          sleep 3

          # Set up git
          git config --global user.name "NixUser"
          git config --global user.email "nixuser@example.com"
          git config --global init.defaultBranch main
          git config --global push.autoSetupRemote true

          # Set up SSH files
          mkdir ~/.ssh
          ln -sf ${sshConfigFile} ~/.ssh/config
          cp ${privSSH} ~/.ssh/vm
          chmod 600 ~/.ssh/vm
          echo "[localhost]:8448 $(cat /var/lib/ugit-vm/ugit_ed25519.pub)" > ~/.ssh/known_hosts

          # Stage some git activity
          mkdir ~/repo
          cd ~/repo
          git init
          git remote add origin ugit:repo.git
          touch README.md
          git add README.md
          git commit -m "Test"
        '';
    };
  };

}