Configure Git server

diff --git a/flake.lock b/flake.lock
index e73b6c789afc6c2503cc50b618f94d42f9d927bc..0978eeffc4095f192534c54ffb74b9c1c19bb975 100644 (file)
--- a/flake.lock
+++ b/flake.lock
@@ -19,6 +19,25 @@
         "type": "indirect"
       }
     },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1770491427,
+        "narHash": "sha256-8b+0vixdqGnIIcgsPhjdX7EGPdzcVQqYxF+ujjex654=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "cbd8a72e5fe6af19d40e2741dc440d9227836860",
+        "type": "github"
+      },
+      "original": {
+        "id": "home-manager",
+        "type": "indirect"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1770380644,
@@ -36,6 +55,7 @@
     "root": {
       "inputs": {
         "disko": "disko",
+        "home-manager": "home-manager",
         "nixpkgs": "nixpkgs"
       }
     }

diff --git a/flake.nix b/flake.nix
index 99ff495b5f80f6c4f762c43aa6accee15578e989..efd047d703e60f144596118f26a46d9dcd339724 100644 (file)
--- a/flake.nix
+++ b/flake.nix
@@ -6,17 +6,26 @@
                        url = "disko";
                        inputs.nixpkgs.follows = "nixpkgs";
                };
+
+               home-manager = {
+                       url = "home-manager";
+                       inputs.nixpkgs.follows = "nixpkgs";
+               };
        };
 
-       outputs = { nixpkgs, disko, ... }: let
+       outputs = { nixpkgs, disko, home-manager, ... }: let
                hostname = "levanter";
-               device = "/dev/sda";
        in {
                nixosConfigurations.${hostname} = nixpkgs.lib.nixosSystem {
-                       specialArgs = { inherit device hostname; };
+                       specialArgs = {
+                               device = "/dev/sda";
+                               inherit hostname;
+                               ayo_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeBrQONJC4u4M0/gYhsMMcVxs+mVlk5bmT7vtReEyK7 ayo@monsoon";
+                       };
 
                        modules = [
                                disko.nixosModules.disko
+                               home-manager.nixosModules.home-manager
                                ./levanter/configuration.nix
                        ];
                };

diff --git a/levanter/configuration.nix b/levanter/configuration.nix
index 79ff33082f7956a915681aae4577f62fa35a7448..ef0c420063b1e3c2452bdc0e0ef28e1dafbbbcd9 100644 (file)
--- a/levanter/configuration.nix
+++ b/levanter/configuration.nix
@@ -1,8 +1,9 @@
-{ device, hostname, ... }: {
+{ device, hostname, ayo_public_key, ... }: {
        imports = [
                ./hardware-configuration.nix
                ./disko.nix
                ./komuhn-website.nix
+               ./git-server.nix
        ];
 
        boot.loader.grub = {
@@ -25,10 +26,7 @@
                users."ayo" = {
                        isNormalUser = true;
                        extraGroups = [ "wheel" ];
-
-                       openssh.authorizedKeys.keys = [
-                               "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeBrQONJC4u4M0/gYhsMMcVxs+mVlk5bmT7vtReEyK7 ayo@monsoon"
-                       ];
+                       openssh.authorizedKeys.keys = [ ayo_public_key ];
                };
        };
 

diff --git a/levanter/git-server.nix b/levanter/git-server.nix
new file mode 100644 (file)
index 0000000..5f806ef
--- /dev/null
+++ b/levanter/git-server.nix
@@ -0,0 +1,31 @@
+{ ayo_public_key, ... }: let
+       group = "git";
+       user = "git";
+in {
+       users = {
+               groups.${group} = {};
+
+               users.${user} = {
+                       isSystemUser = true;
+                       inherit group;
+                       home = "/srv/${user}";
+                       createHome = true;
+                       useDefaultShell = true;
+                       openssh.authorizedKeys.keys = [ ayo_public_key ];
+               };
+       };
+
+       home-manager = {
+               useUserPackages = true;
+               useGlobalPkgs = true;
+
+               users.${user} = {
+                       home.stateVersion = "26.05";
+
+                       programs.git = {
+                               enable = true;
+                               extraConfig.init.defaultBranch = "main";
+                       };
+               };
+       };
+}