pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / git-daemon.nix
at 17.09-beta 3.9 kB view raw
1{ config, lib, pkgs, ... }: 2with lib; 3let 4 5 cfg = config.services.gitDaemon; 6 7in 8{ 9 10 ###### interface 11 12 options = { 13 services.gitDaemon = { 14 15 enable = mkOption { 16 type = types.bool; 17 default = false; 18 description = '' 19 Enable Git daemon, which allows public hosting of git repositories 20 without any access controls. This is mostly intended for read-only access. 21 22 You can allow write access by setting daemon.receivepack configuration 23 item of the repository to true. This is solely meant for a closed LAN setting 24 where everybody is friendly. 25 26 If you need any access controls, use something else. 27 ''; 28 }; 29 30 basePath = mkOption { 31 type = types.str; 32 default = ""; 33 example = "/srv/git/"; 34 description = '' 35 Remap all the path requests as relative to the given path. For example, 36 if you set base-path to /srv/git, then if you later try to pull 37 git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git. 38 ''; 39 }; 40 41 exportAll = mkOption { 42 type = types.bool; 43 default = false; 44 description = '' 45 Publish all directories that look like Git repositories (have the objects 46 and refs subdirectories), even if they do not have the git-daemon-export-ok file. 47 48 If disabled, you need to touch .git/git-daemon-export-ok in each repository 49 you want the daemon to publish. 50 51 Warning: enabling this without a repository whitelist or basePath 52 publishes every git repository you have. 53 ''; 54 }; 55 56 repositories = mkOption { 57 type = types.listOf types.str; 58 default = []; 59 example = [ "/srv/git" "/home/user/git/repo2" ]; 60 description = '' 61 A whitelist of paths of git repositories, or directories containing repositories 62 all of which would be published. Paths must not end in "/". 63 64 Warning: leaving this empty and enabling exportAll publishes all 65 repositories in your filesystem or basePath if specified. 66 ''; 67 }; 68 69 listenAddress = mkOption { 70 type = types.str; 71 default = ""; 72 example = "example.com"; 73 description = "Listen on a specific IP address or hostname."; 74 }; 75 76 port = mkOption { 77 type = types.int; 78 default = 9418; 79 description = "Port to listen on."; 80 }; 81 82 options = mkOption { 83 type = types.str; 84 default = ""; 85 description = "Extra configuration options to be passed to Git daemon."; 86 }; 87 88 user = mkOption { 89 type = types.str; 90 default = "git"; 91 description = "User under which Git daemon would be running."; 92 }; 93 94 group = mkOption { 95 type = types.str; 96 default = "git"; 97 description = "Group under which Git daemon would be running."; 98 }; 99 100 }; 101 }; 102 103 ###### implementation 104 105 config = mkIf cfg.enable { 106 107 users.extraUsers = if cfg.user != "git" then {} else singleton 108 { name = "git"; 109 uid = config.ids.uids.git; 110 description = "Git daemon user"; 111 }; 112 113 users.extraGroups = if cfg.group != "git" then {} else singleton 114 { name = "git"; 115 gid = config.ids.gids.git; 116 }; 117 118 systemd.services."git-daemon" = { 119 after = [ "network.target" ]; 120 wantedBy = [ "multi-user.target" ]; 121 script = "${pkgs.git}/bin/git daemon --reuseaddr " 122 + (optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ") 123 + (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ") 124 + "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} " 125 + "--verbose " + (optionalString cfg.exportAll "--export-all ") + concatStringsSep " " cfg.repositories; 126 }; 127 128 }; 129 130}