From: Preston Pan Date: Wed, 18 Feb 2026 03:17:13 +0000 (-0800) Subject: cgit interface public-inbox integration X-Git-Url: https://nullring.xyz/gitweb/%22../index.html/static/gitweb.js?a=commitdiff_plain;h=refs%2Fheads%2Fmain;p=monorepo.git cgit interface public-inbox integration --- diff --git a/config/nix.org b/config/nix.org index cf0e8c5..2b7bdb8 100644 --- a/config/nix.org +++ b/config/nix.org @@ -479,6 +479,7 @@ the yaml file specified. Yes, this is safe to include in the repo. content = '' machine mail.${config.monorepo.vars.orgHost} login monorepo@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} + machine mail.${config.monorepo.vars.orgHost} login nullerbot@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} ''; }; "matterbridge" = { @@ -1416,6 +1417,10 @@ to the outside world under a domain. enableACME = true; }; + "git.${config.monorepo.vars.orgHost}" = { + forceSSL = true; + enableACME = true; + }; "list.${config.monorepo.vars.orgHost}" = { forceSSL = true; enableACME = true; @@ -1483,6 +1488,34 @@ world. This was the easiest frontend to set up on NixOS. }; } #+end_src +** CGit Interface +#+begin_src nix :tangle ../nix/modules/cgit.nix + { lib, config, ... }: + { + services.cgit."my-projects" = { + enable = true; + scanPath = "/srv/git"; + settings = { + root-title = "Nullring Git Server"; + root-desc = "Projects and cool things"; + enable-commit-graph = 1; + enable-log-filecount = 1; + enable-log-linecount = 1; + enable-index-owner = 0; + clone-prefix = "https://git.${config.monorepo.vars.orgHost}"; + enable-tree-linenumbers = 1; + strict-export = "git-daemon-export-ok"; + }; + gitHttpBackend = { + enable = true; + checkExportOkFiles = true; + }; + nginx = { + virtualHost = "git.${config.monorepo.vars.orgHost}"; + }; + }; + } +#+end_src ** Nvidia I have an Nvidia GPU on my computer. #+begin_src nix :tangle ../nix/modules/nvidia.nix @@ -1552,6 +1585,12 @@ There is a non declarative part of setting dkims and spf. "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" ] options.services.maddy.config.default; + ensureAccounts = [ + "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" + "monorepo@${config.monorepo.vars.orgHost}" + "nullerbot@${config.monorepo.vars.orgHost}" + "discussion@${config.monorepo.vars.orgHost}" + ]; ensureCredentials = { "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = { passwordFile = "/run/secrets/mail_password"; @@ -1559,6 +1598,9 @@ There is a non declarative part of setting dkims and spf. "monorepo@${config.monorepo.vars.orgHost}" = { passwordFile = "/run/secrets/mail_monorepo_password"; }; + "nullerbot@${config.monorepo.vars.orgHost}" = { + passwordFile = "/run/secrets/mail_monorepo_password"; + }; "discussion@${config.monorepo.vars.orgHost}" = { passwordFile = "/run/secrets/mail_monorepo_password"; }; @@ -1586,6 +1628,7 @@ This is my mailing list software that I will use to develop software. # Allow the service to see the file it just created BindPaths = [ "/var/lib/public-inbox" + "/srv/git/" ]; ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ]; # Ensure it can actually write to the directory during preStart @@ -1625,6 +1668,10 @@ This is my mailing list software that I will use to develop software. services.public-inbox = { enable = lib.mkDefault config.monorepo.profiles.server.enable; settings = { + coderepo."nullerbot".dir = "/srv/git/nullerbot.git"; + coderepo."nullerbot".cgitUrl = "https://git.nullring.xyz/nullerbot.git"; + coderepo."monorepo".dir = "/srv/git/monorepo.git"; + coderepo."monorepo".cgitUrl = "https://git.nullring.xyz/monorepo.git"; publicinbox.css = ["/var/lib/public-inbox/style.css"]; publicinbox.wwwlisting = "all"; }; @@ -1639,6 +1686,9 @@ This is my mailing list software that I will use to develop software. inboxdir = "/var/lib/public-inbox/monorepo"; url = "https://list.${config.monorepo.vars.orgHost}/monorepo"; watch = [ "imaps://monorepo%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; + coderepo = [ + "monorepo" + ]; }; "discussion" = { @@ -1648,6 +1698,17 @@ This is my mailing list software that I will use to develop software. url = "https://list.${config.monorepo.vars.orgHost}/discussion"; watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; }; + + "nullerbot" = { + description = "Discussion of Nullerbot Matrix Bot"; + address = [ "nullerbot@${config.monorepo.vars.orgHost}" ]; + inboxdir = "/var/lib/public-inbox/nullerbot"; + url = "https://list.${config.monorepo.vars.orgHost}/nullerbot"; + watch = [ "imaps://nullerbot%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; + coderepo = [ + "nullerbot" + ]; + }; }; }; } @@ -1923,8 +1984,23 @@ This is the backbone of the all the NixOS configurations, with all these options because they enhance security. #+begin_src nix :tangle ../nix/modules/configuration.nix { config, pkgs, lib, ... }: + let + userGroups = [ + "nginx" + "git" + "ircd" + "ngircd" + "conduit" + "livekit" + "matterbridge" + "maddy" + "ntfy-sh" + "public-inbox" + ]; + in { imports = [ + ./cgit.nix ./public_inbox.nix ./matterbridge.nix ./mautrix.nix @@ -2302,7 +2378,7 @@ because they enhance security. environment.systemPackages = with pkgs; [ restic sbctl - git + gitFull git-lfs git-lfs-transfer vim @@ -2320,55 +2396,29 @@ because they enhance security. ) ]; - users.groups.nginx = lib.mkDefault {}; - users.groups.git = lib.mkDefault {}; - users.groups.ircd = lib.mkDefault {}; - users.groups.ngircd = lib.mkDefault {}; - users.groups.conduit = lib.mkDefault {}; - users.groups.livekit = lib.mkDefault {}; - users.groups.matterbridge = lib.mkDefault {}; - users.groups.maddy = lib.mkDefault {}; - users.groups.ntfy-sh = lib.mkDefault {}; - users.groups.public-inbox = lib.mkDefault {}; + users.groups = lib.genAttrs userGroups (name: lib.mkDefault {}); - users.users = { + users.users = lib.genAttrs userGroups (name: { + isSystemUser = lib.mkDefault true; + group = "${name}"; + extraGroups = [ "acme" "nginx" ]; + }) // { conduit = { isSystemUser = lib.mkDefault true; group = "conduit"; + extraGroups = []; }; matterbridge = { isSystemUser = lib.mkDefault true; group = "matterbridge"; - }; - - maddy = { - isSystemUser = lib.mkDefault true; - group = "maddy"; - extraGroups = [ "acme" "nginx" ]; - }; - - ntfy-sh = { - isSystemUser = lib.mkDefault true; - group = "ntfy-sh"; - extraGroups = [ "acme" "nginx" ]; + extraGroups = []; }; public-inbox = { isSystemUser = lib.mkDefault true; group = "public-inbox"; - extraGroups = [ "acme" "nginx" ]; - }; - ngircd = { - isSystemUser = lib.mkDefault true; - group = "ngircd"; - extraGroups = [ "acme" "nginx" ]; - }; - - livekit = { - isSystemUser = lib.mkDefault true; - group = "livekit"; - extraGroups = [ "acme" "nginx" ]; + extraGroups = [ "acme" "nginx" "git" ]; }; ircd = { @@ -3304,10 +3354,11 @@ the timezone. My git configuration uses information set in the ~vars.nix~ in order to set configuration options. Make sure those are set correctly. I've set it to sign by default. #+begin_src nix :tangle ../nix/modules/home/git.nix - { lib, config, ... }: + { pkgs, lib, config, ... }: { programs.git = { enable = lib.mkDefault config.monorepo.profiles.graphics.enable; + package = pkgs.gitFull; lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; userName = config.monorepo.vars.fullName; userEmail = config.monorepo.profiles.email.email; @@ -3318,6 +3369,16 @@ Make sure those are set correctly. I've set it to sign by default. extraConfig = { init.defaultBranch = "main"; + credential."${config.monorepo.profiles.email.smtpsServer}" = { + username = "${config.monorepo.profiles.email.email}"; + helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f"; + }; + sendemail = { + smtpserver = "${config.monorepo.profiles.email.smtpsServer}"; + smtpuser = "${config.monorepo.profiles.email.email}"; + smtpserverport = 465; + smtpencryption = "ssl"; + }; }; aliases = { @@ -4361,7 +4422,7 @@ for these configurations. pavucontrol alsa-utils imagemagick ffmpeg helvum # Net - curl rsync git iamb ungoogled-chromium + curl rsync gitFull iamb ungoogled-chromium # Tor torsocks tor-browser @@ -4808,7 +4869,7 @@ This contains the installation script I use to install my systems. ]; nixos = { packages = with pkgs; [ - git + gitFull curl gum (writeShellScriptBin "nix_installer" diff --git a/nix/modules/cgit.nix b/nix/modules/cgit.nix index cfb9158..54eb90c 100644 --- a/nix/modules/cgit.nix +++ b/nix/modules/cgit.nix @@ -1,6 +1,25 @@ -{ config, lib, ... }: +{ lib, config, ... }: { - services.cgit = { + services.cgit."my-projects" = { enable = true; + scanPath = "/srv/git"; + settings = { + root-title = "Nullring Git Server"; + root-desc = "Projects and cool things"; + enable-commit-graph = 1; + enable-log-filecount = 1; + enable-log-linecount = 1; + enable-index-owner = 0; + clone-prefix = "https://git.${config.monorepo.vars.orgHost}"; + enable-tree-linenumbers = 1; + strict-export = "git-daemon-export-ok"; + }; + gitHttpBackend = { + enable = true; + checkExportOkFiles = true; + }; + nginx = { + virtualHost = "git.${config.monorepo.vars.orgHost}"; + }; }; } diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index 02d4a94..decc121 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -1,6 +1,21 @@ { config, pkgs, lib, ... }: +let + userGroups = [ + "nginx" + "git" + "ircd" + "ngircd" + "conduit" + "livekit" + "matterbridge" + "maddy" + "ntfy-sh" + "public-inbox" + ]; +in { imports = [ + ./cgit.nix ./public_inbox.nix ./matterbridge.nix ./mautrix.nix @@ -378,7 +393,7 @@ country=CA environment.systemPackages = with pkgs; [ restic sbctl - git + gitFull git-lfs git-lfs-transfer vim @@ -396,55 +411,29 @@ country=CA ) ]; - users.groups.nginx = lib.mkDefault {}; - users.groups.git = lib.mkDefault {}; - users.groups.ircd = lib.mkDefault {}; - users.groups.ngircd = lib.mkDefault {}; - users.groups.conduit = lib.mkDefault {}; - users.groups.livekit = lib.mkDefault {}; - users.groups.matterbridge = lib.mkDefault {}; - users.groups.maddy = lib.mkDefault {}; - users.groups.ntfy-sh = lib.mkDefault {}; - users.groups.public-inbox = lib.mkDefault {}; - - users.users = { + users.groups = lib.genAttrs userGroups (name: lib.mkDefault {}); + + users.users = lib.genAttrs userGroups (name: { + isSystemUser = lib.mkDefault true; + group = "${name}"; + extraGroups = [ "acme" "nginx" ]; + }) // { conduit = { isSystemUser = lib.mkDefault true; group = "conduit"; + extraGroups = []; }; matterbridge = { isSystemUser = lib.mkDefault true; group = "matterbridge"; - }; - - maddy = { - isSystemUser = lib.mkDefault true; - group = "maddy"; - extraGroups = [ "acme" "nginx" ]; - }; - - ntfy-sh = { - isSystemUser = lib.mkDefault true; - group = "ntfy-sh"; - extraGroups = [ "acme" "nginx" ]; + extraGroups = []; }; public-inbox = { isSystemUser = lib.mkDefault true; group = "public-inbox"; - extraGroups = [ "acme" "nginx" ]; - }; - ngircd = { - isSystemUser = lib.mkDefault true; - group = "ngircd"; - extraGroups = [ "acme" "nginx" ]; - }; - - livekit = { - isSystemUser = lib.mkDefault true; - group = "livekit"; - extraGroups = [ "acme" "nginx" ]; + extraGroups = [ "acme" "nginx" "git" ]; }; ircd = { diff --git a/nix/modules/home/git.nix b/nix/modules/home/git.nix index c80b6f9..24e84b4 100644 --- a/nix/modules/home/git.nix +++ b/nix/modules/home/git.nix @@ -1,7 +1,8 @@ -{ lib, config, ... }: +{ pkgs, lib, config, ... }: { programs.git = { enable = lib.mkDefault config.monorepo.profiles.graphics.enable; + package = pkgs.gitFull; lfs.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; userName = config.monorepo.vars.fullName; userEmail = config.monorepo.profiles.email.email; @@ -12,6 +13,16 @@ extraConfig = { init.defaultBranch = "main"; + credential."${config.monorepo.profiles.email.smtpsServer}" = { + username = "${config.monorepo.profiles.email.email}"; + helper = "!f() { test \"$1\" = get && echo \"password=$(cat /run/user/1000/secrets/mail)\"; }; f"; + }; + sendemail = { + smtpserver = "${config.monorepo.profiles.email.smtpsServer}"; + smtpuser = "${config.monorepo.profiles.email.email}"; + smtpserverport = 465; + smtpencryption = "ssl"; + }; }; aliases = { diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix index cb29b4c..28bbd22 100644 --- a/nix/modules/home/user.nix +++ b/nix/modules/home/user.nix @@ -53,7 +53,7 @@ pavucontrol alsa-utils imagemagick ffmpeg helvum # Net - curl rsync git iamb ungoogled-chromium + curl rsync gitFull iamb ungoogled-chromium # Tor torsocks tor-browser diff --git a/nix/modules/maddy.nix b/nix/modules/maddy.nix index 1d4710d..706e187 100644 --- a/nix/modules/maddy.nix +++ b/nix/modules/maddy.nix @@ -25,6 +25,12 @@ "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" ] options.services.maddy.config.default; + ensureAccounts = [ + "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" + "monorepo@${config.monorepo.vars.orgHost}" + "nullerbot@${config.monorepo.vars.orgHost}" + "discussion@${config.monorepo.vars.orgHost}" + ]; ensureCredentials = { "${config.monorepo.vars.internetName}@${config.monorepo.vars.orgHost}" = { passwordFile = "/run/secrets/mail_password"; @@ -32,6 +38,9 @@ "monorepo@${config.monorepo.vars.orgHost}" = { passwordFile = "/run/secrets/mail_monorepo_password"; }; + "nullerbot@${config.monorepo.vars.orgHost}" = { + passwordFile = "/run/secrets/mail_monorepo_password"; + }; "discussion@${config.monorepo.vars.orgHost}" = { passwordFile = "/run/secrets/mail_monorepo_password"; }; diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix index 621c9ef..791e3a4 100644 --- a/nix/modules/nginx.nix +++ b/nix/modules/nginx.nix @@ -162,6 +162,10 @@ enableACME = true; }; + "git.${config.monorepo.vars.orgHost}" = { + forceSSL = true; + enableACME = true; + }; "list.${config.monorepo.vars.orgHost}" = { forceSSL = true; enableACME = true; diff --git a/nix/modules/public_inbox.nix b/nix/modules/public_inbox.nix index 9f1532c..cba1e39 100644 --- a/nix/modules/public_inbox.nix +++ b/nix/modules/public_inbox.nix @@ -15,6 +15,7 @@ # Allow the service to see the file it just created BindPaths = [ "/var/lib/public-inbox" + "/srv/git/" ]; ReadOnlyPaths = [ "/var/lib/public-inbox/style.css" ]; # Ensure it can actually write to the directory during preStart @@ -54,6 +55,10 @@ services.public-inbox = { enable = lib.mkDefault config.monorepo.profiles.server.enable; settings = { + coderepo."nullerbot".dir = "/srv/git/nullerbot.git"; + coderepo."nullerbot".cgitUrl = "https://git.nullring.xyz/nullerbot.git"; + coderepo."monorepo".dir = "/srv/git/monorepo.git"; + coderepo."monorepo".cgitUrl = "https://git.nullring.xyz/monorepo.git"; publicinbox.css = ["/var/lib/public-inbox/style.css"]; publicinbox.wwwlisting = "all"; }; @@ -68,6 +73,9 @@ inboxdir = "/var/lib/public-inbox/monorepo"; url = "https://list.${config.monorepo.vars.orgHost}/monorepo"; watch = [ "imaps://monorepo%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; + coderepo = [ + "monorepo" + ]; }; "discussion" = { @@ -77,6 +85,17 @@ url = "https://list.${config.monorepo.vars.orgHost}/discussion"; watch = [ "imaps://discussion%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; }; + + "nullerbot" = { + description = "Discussion of Nullerbot Matrix Bot"; + address = [ "nullerbot@${config.monorepo.vars.orgHost}" ]; + inboxdir = "/var/lib/public-inbox/nullerbot"; + url = "https://list.${config.monorepo.vars.orgHost}/nullerbot"; + watch = [ "imaps://nullerbot%40${config.monorepo.vars.orgHost}@mail.${config.monorepo.vars.orgHost}/INBOX" ]; + coderepo = [ + "nullerbot" + ]; + }; }; }; } diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix index 1a09652..9c1dbed 100644 --- a/nix/modules/secrets.nix +++ b/nix/modules/secrets.nix @@ -14,6 +14,7 @@ content = '' machine mail.${config.monorepo.vars.orgHost} login monorepo@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} +machine mail.${config.monorepo.vars.orgHost} login nullerbot@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"} ''; }; "matterbridge" = { diff --git a/nix/systems/installer/default.nix b/nix/systems/installer/default.nix index 0341b0d..e9232cb 100644 --- a/nix/systems/installer/default.nix +++ b/nix/systems/installer/default.nix @@ -36,7 +36,7 @@ in ]; nixos = { packages = with pkgs; [ - git + gitFull curl gum (writeShellScriptBin "nix_installer"