From 5657968c20bc00b5f09cc54259771c0372c2a14c Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Wed, 29 Nov 2023 23:41:28 +0100
Subject: Give cgit automatic access to git repos

---
 tw/system/lud.scm | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tw/system/lud.scm b/tw/system/lud.scm
index 3c0d814b..1a2c5d83 100644
--- a/tw/system/lud.scm
+++ b/tw/system/lud.scm
@@ -14,7 +14,7 @@
   #:use-module (tw services web)
   #:use-module (tw system))
 
-(use-package-modules admin bash certs databases linux man php python rsync
+(use-package-modules acl admin bash certs databases linux man php python rsync
                      shells tls tor video)
 (use-service-modules certbot cgit databases file-sharing mcron monitoring
                      networking pm ssh syncthing version-control vpn web)
@@ -91,7 +91,6 @@
                (user-path "src")))
 
             ;; Serve public-access git repos over HTTPS and private ones over SSH only.
-            ;; TODO: in order to see repos, cgit needs "setfacl -m u:fcgiwrap:rx /srv/git"
             (service cgit-service-type
               (cgit-configuration
                (branch-sort "age")
@@ -114,6 +113,9 @@ that I just want to host somewhere.")
                        (ssl-certificate "/etc/letsencrypt/live/git.twilken.net/fullchain.pem")
                        (ssl-certificate-key "/etc/letsencrypt/live/git.twilken.net/privkey.pem"))))))
 
+            (simple-service 'cgit-repo-access activation-service-type
+              #~(system* #$(file-append acl "/bin/setfacl") "-m" "u:fcgiwrap:rx" "/srv/git"))
+
             (simple-service 'cgit-certificate certbot-service-type
               (list (certificate-configuration
                      (domains '("git.twilken.net"))
-- 
cgit v1.2.3