5 files changed,
49 insertions(+),
19 deletions(-)
Author:
Oleksandr Smirnov
olexsmir@gmail.com
Committed at:
2026-02-18 00:03:19 +0200
Parent:
4871b57
M
nix/flake.lock
@@ -261,11 +261,11 @@ "nixpkgs"
] }, "locked": { - "lastModified": 1770404159, - "narHash": "sha256-jeHLWDhT8GAgmdTLyveDwgwQM8W5VDRSQo78eCp5N/Q=", + "lastModified": 1770934049, + "narHash": "sha256-K/FIuS/yj+ZHWnjia2g3hQV8BzBBu+MsoMmFiqBA478=", "owner": "olexsmir", "repo": "mugit", - "rev": "e6fe8220d1822f3b98bb22da5ef766ed759309d0", + "rev": "cce3826a6adee0abf65f5a7878cfa484972a84ae", "type": "github" }, "original": {
M
nix/modules/mugit.nix
@@ -1,15 +1,27 @@
-{ ... }: +{ config, ... }: { services.caddy.virtualHosts."git.olexsmir.xyz".extraConfig = '' reverse_proxy localhost:8008 ''; - networking.firewall.allowedTCPPorts = [ 22 ]; + age.secrets.github_token = { + file = ../secrets/github_token.age; + owner = "mugit"; + group = "mugit"; + }; + + age.secrets.mugit_host = { + file = ../secrets/mugit_host.age; + owner = "mugit"; + group = "mugit"; + }; + services.mugit = { enable = true; openFirewall = true; config = { server.port = 8008; + repo.dir = "/var/lib/mugit/"; meta = { description = "hey kid, come get your free software"; title = "git.olexsmir.xyz";@@ -18,27 +30,16 @@ };
ssh = { enable = true; port = 22; - host_key = "/var/lib/mugit/mugit-key"; + host_key = config.age.secrets.mugit_host.path; keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLLJdkVYKZgsayw+sHanKPKZbI0RMS2CakqBCEi5Trz" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPQ0Qz0DFB+rGrD8ScUqbUTZ1/O8FHrOBF5bIAGQgMj" ]; }; - repo = { - dir = "/var/lib/mugit/"; - readmes = [ - "README.md" - "readme" - "readme.txt" - ]; - masters = [ - "master" - "main" - ]; - }; mirror = { enable = true; - interval = "8h"; + interval = "6h"; + github_token = "$file:" + config.age.secrets.github_token.path; }; }; };
A
nix/secrets/github_token.age
@@ -0,0 +1,10 @@
+-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6a3czUlpIWHc0MjY3SFdY +S0hOZTJMc0hjTDl6UUxpc2QzOExmZlVWYUdRCm1rSTV4MmxNeEN6WnVwU1h3d3pk +d2dsenhtTzNtQy9BdG5idDQzajk3blkKLT4gc3NoLWVkMjU1MTkgamdqdlV3IHQz +L2syKzNVamhmZTZESEdLSXFCQ1Z1WGZmdlIxd2dRSmdSZUZiWHg3MFEKaEJiYUxu +dEFCVktCcVhPbFk1aFNsUXVtK3djMTZ0QWZWbVlpUGFXQzhwQQotLS0gazlESEkz +Rk9yM0gxNmwzRlR5M2xhNE40MjhycmlLWkZRMnBaTm1aTUJGSQr1sD6C6Hji6bWM +ghNJzoPoZoJP72Zc6ESPnjPpa8AShx9BZyXJ0PaotWXY6hETM9oa+G45KXaMQnpM +E64f06EwUam+F3fLsnz/ +-----END AGE ENCRYPTED FILE-----
A
nix/secrets/mugit_host.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCS0dUUU0rU0NJQWlRK1Zu +RXRjSXZ6cktTcUpPOWthZHpVVy9FNkEwTDBFCjN0SnNqZUN5Y21JbG14ZGM1dEcz +M3hCSjRhWXozVmZ1b1RMeGRpVGpqcFEKLT4gc3NoLWVkMjU1MTkgamdqdlV3IGVS +WE04WkpQTGZjRlNpcERDSG9PY2RlVnpDbTBkcGFuYUl2VXNFdytlbjQKQm9zOXpu +dlp4cUQzelkxYW1ydFNhSitrOGRXbjJTejR6cTNjd0dzaG90UQotLS0gdGxudFhm +dzlWOTNRdWczMERzOTg5cE9TdmZleHlOcDRIZTdTT1U3WHdMbwo4KG4BZ56tdonj +E+gaQusXsctkbU4E275qhqNb6N8hlvSUCyR1Ri2taICfrXIgo6fXBvG4ErzAgJjM +8C3+pbTm6pa4Y1r9zcQVU9CUH5WRhwYyft7IJg8LfGTcxPrFpcJqNR9X04EGNHnk +F2et1+sKdifC/CZL5V/Ggj7niDYks8AghzVWJgB+a7XeoZrfQyS8+q6AXq7jG/pp +qpzf5uDotCPmBOqkE8u3hDJfv5abAP6mnhIHs9Jt5/uB5v3VKrgODv92wP7kd67l +ORS8EBBleVev5Kaw2yrYrY+eO64uXZAtCykO+KIt7rs9+yakQjQ0s3CL3jFAADQI ++j63e5zvXDMugJFbB6bSNx2ycoayFboqu2jE3KDarkzx8Pnwtl2QKkLPM6rEkRBx +Sa+E7MRGS63MRPjjCYrhbaCQNTIv24iZ5HFdTKFZHJYrQHd+avGhLY7ayQkhvVQi +lCph00RZLXp5T5Ei/k5mgsMdzTDCPpqwRNqt1OJpXu+38gl6G70ywtEiTOhPEOwp +9dnIiFhED3Y+y+GG3LmsOz1IpwRLyCq1CE84miUFHyjVcvHqQA== +-----END AGE ENCRYPTED FILE-----
M
nix/secrets/secrets.nix
@@ -10,4 +10,6 @@ {
"q-password.age".publicKeys = allKeys; "freshrss-olex.age".publicKeys = allKeys; "wg-private-key.age".publicKeys = allKeys; + "github_token.age".publicKeys = allKeys; + "mugit_host.age".publicKeys = allKeys; }