3 files changed,
44 insertions(+),
0 deletions(-)
Author:
Oleksandr Smirnov
olexsmir@gmail.com
Committed at:
2026-01-23 01:21:08 +0200
Authored at:
2026-01-23 00:29:26 +0200
Change ID:
tsrustxonrnqmqszqotzopzossnxltuw
Parent:
2f5d3fc
A
nix/modules/mugit.nix
··· 1 +{ pkgs, ... }: 2 +let 3 + configFile = "/var/lib/mugit/config.yaml"; 4 + version = "a49f890"; 5 + mugit = pkgs.buildGoModule { 6 + pname = "mugit"; 7 + inherit version; 8 + vendorHash = "sha256-FJuWIYvuidIJOSrihYbaimclrd+dfmWx10Fs6HqtYsI="; 9 + src = pkgs.fetchFromGitHub { 10 + owner = "olexsmir"; 11 + repo = "mugit"; 12 + rev = version; 13 + hash = "sha256-aaCTH6LN/LdYe2QWQeKWO+AKiU5uJEOHQGm0Utpa+uc="; 14 + }; 15 + }; 16 +in 17 +{ 18 + services.caddy.virtualHosts."git.olexsmir.xyz".extraConfig = '' 19 + reverse_proxy localhost:8008 20 + ''; 21 + 22 + systemd.services.mugit = { 23 + wantedBy = [ "multi-user.target" ]; 24 + after = [ "network-online.target" ]; 25 + wants = [ "network-online.target" ]; 26 + 27 + serviceConfig = { 28 + Type = "simple"; 29 + User = "git"; 30 + Restart = "on-failure"; 31 + RestartSec = 2; 32 + ExecStart = "${mugit}/bin/mugit --config ${configFile} serve"; 33 + path = [ pkgs.git ]; 34 + NoNewPrivileges = true; 35 + ProtectSystem = "strict"; 36 + ReadOnlyPaths = [ configFile ]; 37 + ReadWritePaths = [ "/var/lib/mugit" ]; 38 + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; # Allow binding to port 22 39 + ProtectHome = true; 40 + }; 41 + }; 42 +}