all repos

dotfiles @ 6c88a61

i use rach linux btw
3 files changed, 44 insertions(+), 0 deletions(-) 
nix: mugit
Author: Oleksandr Smirnov olexsmir@gmail.com
Committed at: 2026-01-23 01:21:08 +0200
Change ID: tsrustxonrnqmqszqotzopzossnxltuw
Parent: 2f5d3fc
jump to
M nix/hosts/thought/configuration.nix
M nix/hosts/thought/default.nix
A nix/modules/mugit.nix
M nix/hosts/thought/configuration.nix 
···
                57
                57
                     };

              
                58
                58
                     openssh = {

              
                59
                59
                       enable = true;

              
                
                60
                +      ports = [ 2222 ];

              
                60
                61
                       settings = {

              
                61
                62
                         PasswordAuthentication = false;

              
                62
                63
                         PermitRootLogin = "no";
M nix/hosts/thought/default.nix 
···
                10
                10
                     ../../modules/freshrss.nix

              
                11
                11
                     ../../modules/tangled.nix

              
                12
                12
                     ../../modules/moviefeed.nix

              
                
                13
                +    ../../modules/mugit.nix

              
                13
                14
                     ../../modules/wireguard.nix

              
                14
                15
                     ../../modules/soju.nix

              
                15
                16
                   ];
A nix/modules/mugit.nix 
···
                
                1
                +{ pkgs, ... }:

              
                
                2
                +let

              
                
                3
                +  configFile = "/var/lib/mugit/config.yaml";

              
                
                4
                +  version = "a49f890";

              
                
                5
                +  mugit = pkgs.buildGoModule {

              
                
                6
                +    pname = "mugit";

              
                
                7
                +    inherit version;

              
                
                8
                +    vendorHash = "sha256-FJuWIYvuidIJOSrihYbaimclrd+dfmWx10Fs6HqtYsI=";

              
                
                9
                +    src = pkgs.fetchFromGitHub {

              
                
                10
                +      owner = "olexsmir";

              
                
                11
                +      repo = "mugit";

              
                
                12
                +      rev = version;

              
                
                13
                +      hash = "sha256-aaCTH6LN/LdYe2QWQeKWO+AKiU5uJEOHQGm0Utpa+uc=";

              
                
                14
                +    };

              
                
                15
                +  };

              
                
                16
                +in

              
                
                17
                +{

              
                
                18
                +  services.caddy.virtualHosts."git.olexsmir.xyz".extraConfig = ''

              
                
                19
                +    reverse_proxy localhost:8008

              
                
                20
                +  '';

              
                
                21
                +

              
                
                22
                +  systemd.services.mugit = {

              
                
                23
                +    wantedBy = [ "multi-user.target" ];

              
                
                24
                +    after = [ "network-online.target" ];

              
                
                25
                +    wants = [ "network-online.target" ];

              
                
                26
                +

              
                
                27
                +    serviceConfig = {

              
                
                28
                +      Type = "simple";

              
                
                29
                +      User = "git";

              
                
                30
                +      Restart = "on-failure";

              
                
                31
                +      RestartSec = 2;

              
                
                32
                +      ExecStart = "${mugit}/bin/mugit --config ${configFile} serve";

              
                
                33
                +      path = [ pkgs.git ];

              
                
                34
                +      NoNewPrivileges = true;

              
                
                35
                +      ProtectSystem = "strict";

              
                
                36
                +      ReadOnlyPaths = [ configFile ];

              
                
                37
                +      ReadWritePaths = [ "/var/lib/mugit" ];

              
                
                38
                +      AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; # Allow binding to port 22

              
                
                39
                +      ProtectHome = true;

              
                
                40
                +    };

              
                
                41
                +  };

              
                
                42
                +}