1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

{ lib, ... }:
let
  opts =
    let
      homeDir = "/var/lib/ugit";
    in
    {
      inherit homeDir;
      enable = true;
      authorizedKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXoiWcPkL5kUAqJfMxnPM/ND4qJ4kKShDhXdqnYv2ZB"
      ];
      repoDir = "${homeDir}/repos";
      hostKeyFile = "${homeDir}/ugit_ed25519";
      user = "ugit";
      group = "ugit";
      config = {
        ssh.clone-url = "ugit@git.jolheiser.com";
        http.clone-url = "https://git.jolheiser.com";
        log.json = true;
        profile = {
          username = "jolheiser";
          email = "ugit@jolheiser.com";
          links = [
            "Github,https://github.com/jolheiser"
            "Gitea,https://gitea.com/jolheiser"
            "JoJoDev,https://git.jojodev.com/jolheiser"
            "Fediverse,https://social.jolheiser.com/@jolheiser"
          ];
        };
      };
    };
in
{
  services = {
    ugit = {
      public = opts;
      private = lib.recursiveUpdate opts {
        config = {
          ssh.port = 8446;
          http.port = 8447;
          show-private = true;
        };
      };
    };
    tailproxy.ugit = {
      enable = true;
      hostname = "git";
      port = 8447;
      authKey = "tskey-auth-kyuvaLt8pb11CNTRL-admMYrs6UWb5XaCcdWJAWbriZ6JMo7ksK"; # One-time key
    };
  };
}