fixup! WIP: enable gickup on bicep

2025-05-08 21:16:44 +02:00
parent 60aae20615
commit a5e5ac8380
4 changed files with 55 additions and 1 deletions
--- a/hosts/bicep/services/git-mirrors/default.nix
+++ b/hosts/bicep/services/git-mirrors/default.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, lib, fp, ... }:
 let
  cfg = config.services.gickup;
 in
@@ -54,6 +54,7 @@ in
  in {
    ${domain} = {
      enable = true;
+      package = pkgs.callPackage (fp /packages/cgit.nix) { };
      group = "gickup";
      scanPath = "${cfg.dataDir}/linktree";
      settings = {
@@ -66,10 +67,24 @@ in
        root-title = "https://${domain}";
        root-desc = "PVV's repository mirroring service";
        snapshots = "all";
+        logo = "/PVV-logo.png";
      };
    };
  };

+  services.nginx.virtualHosts."bicep.pvv.ntnu.no" = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."= /PVV-logo.png".alias = let
+      small-pvv-logo = pkgs.runCommandLocal "pvv-logo-96x96" {
+        nativeBuildInputs = [ pkgs.imagemagick ];
+      } ''
+        magick '${fp /assets/logo_blue_regular.svg}' -resize 96x96 PNG:"$out"
+      '';
+    in toString small-pvv-logo;
+  };
+
  systemd.services."fcgiwrap-cgit-bicep.pvv.ntnu.no" = {
    serviceConfig.BindReadOnlyPaths = [ cfg.dataDir ];
  };
--- a/hosts/bicep/services/pghero.nix
+++ b/hosts/bicep/services/pghero.nix
@@ -0,0 +1,13 @@
+{ ... }:
+let
+  port = 19283;
+in
+{
+  services.pghero = {
+    enable = true;
+    listenAddress = "localhost:${toString port}";
+    settings.databases = {
+      primary.url = "postgresql://";
+    };
+  };
+}
--- a/modules/gickup.nix
+++ b/modules/gickup.nix
@@ -230,6 +230,8 @@ in
          cfg.gitLfsPackage
        ];

+        restartIfChanged = false;
+
        serviceConfig = {
          Type = "oneshot";
          ExecStart = "'${pkgs.gickup}/bin/gickup' '${configDir}/%i.yml'";
@@ -249,6 +251,9 @@ in
          # RuntimeDirectory = "gickup";
          # RuntimeDirectoryMode = "0700";

+          # https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
+          RemainAfterExit = true;
+
          # Hardening options
          AmbientCapabilities = [];
          LockPersonality = true;
--- a/packages/cgit.nix
+++ b/packages/cgit.nix
@@ -0,0 +1,21 @@
+{ cgit, fetchurl, ... }:
+let
+  pname = cgit.pname;
+  commit = "09d24d7cd0b7e85633f2f43808b12871bb209d69";
+in
+cgit.overrideAttrs (_: {
+  version = "1.2.3-unstable-2024.07.16";
+
+  src = fetchurl {
+    url = "https://git.zx2c4.com/cgit/snapshot/${pname}-${commit}.tar.xz";
+    hash = "sha256-gfgjAXnWRqVCP+4cmYOVdB/3OFOLJl2WBOc3bFVDsjw=";
+  };
+
+  # cgit is tightly coupled with git and needs a git source tree to build.
+  # IMPORTANT: Remember to check which git version cgit needs on every version
+  # bump (look for "GIT_VER" in the top-level Makefile).
+  gitSrc = fetchurl {
+    url = "mirror://kernel/software/scm/git/git-2.46.0.tar.xz";
+    hash = "sha256-fxI0YqKLfKPr4mB0hfcWhVTCsQ38FVx+xGMAZmrCf5U=";
+  };
+})