diff options
| author | Timo Wilken | 2023-11-29 23:41:28 +0100 |
|---|---|---|
| committer | Timo Wilken | 2023-11-29 23:41:28 +0100 |
| commit | 5657968c20bc00b5f09cc54259771c0372c2a14c (patch) | |
| tree | 8784373411b3238d7d8dbca3c42e98901befffd9 | |
| parent | 75d7a839d7af8d2870ba376a673bea8e4e97d091 (diff) | |
Give cgit automatic access to git repos
| -rw-r--r-- | tw/system/lud.scm | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/tw/system/lud.scm b/tw/system/lud.scm index 3c0d814b..1a2c5d83 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -14,7 +14,7 @@ #:use-module (tw services web) #:use-module (tw system)) -(use-package-modules admin bash certs databases linux man php python rsync +(use-package-modules acl admin bash certs databases linux man php python rsync shells tls tor video) (use-service-modules certbot cgit databases file-sharing mcron monitoring networking pm ssh syncthing version-control vpn web) @@ -91,7 +91,6 @@ (user-path "src"))) ;; Serve public-access git repos over HTTPS and private ones over SSH only. - ;; TODO: in order to see repos, cgit needs "setfacl -m u:fcgiwrap:rx /srv/git" (service cgit-service-type (cgit-configuration (branch-sort "age") @@ -114,6 +113,9 @@ that I just want to host somewhere.") (ssl-certificate "/etc/letsencrypt/live/git.twilken.net/fullchain.pem") (ssl-certificate-key "/etc/letsencrypt/live/git.twilken.net/privkey.pem")))))) + (simple-service 'cgit-repo-access activation-service-type + #~(system* #$(file-append acl "/bin/setfacl") "-m" "u:fcgiwrap:rx" "/srv/git")) + (simple-service 'cgit-certificate certbot-service-type (list (certificate-configuration (domains '("git.twilken.net")) |