| blob | 215d7f79a52cf339e1e9c9b6fa662da2f7b7ec7e |
1 { config, lib, pkgs, ... }:
2 let
4 cfg = config.services.gitDaemon;
6 in
7 {
9 ###### interface
11 options = {
12 services.gitDaemon = {
14 enable = lib.mkOption {
15 type = lib.types.bool;
16 default = false;
17 description = ''
18 Enable Git daemon, which allows public hosting of git repositories
19 without any access controls. This is mostly intended for read-only access.
21 You can allow write access by setting daemon.receivepack configuration
22 item of the repository to true. This is solely meant for a closed LAN setting
23 where everybody is friendly.
25 If you need any access controls, use something else.
26 '';
27 };
29 package = lib.mkPackageOption pkgs "git" { };
31 basePath = lib.mkOption {
32 type = lib.types.str;
33 default = "";
34 example = "/srv/git/";
35 description = ''
36 Remap all the path requests as relative to the given path. For example,
37 if you set base-path to /srv/git, then if you later try to pull
38 git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.
39 '';
40 };
42 exportAll = lib.mkOption {
43 type = lib.types.bool;
44 default = false;
45 description = ''
46 Publish all directories that look like Git repositories (have the objects
47 and refs subdirectories), even if they do not have the git-daemon-export-ok file.
49 If disabled, you need to touch .git/git-daemon-export-ok in each repository
50 you want the daemon to publish.
52 Warning: enabling this without a repository whitelist or basePath
53 publishes every git repository you have.
54 '';
55 };
57 repositories = lib.mkOption {
58 type = lib.types.listOf lib.types.str;
59 default = [];
60 example = [ "/srv/git" "/home/user/git/repo2" ];
61 description = ''
62 A whitelist of paths of git repositories, or directories containing repositories
63 all of which would be published. Paths must not end in "/".
65 Warning: leaving this empty and enabling exportAll publishes all
66 repositories in your filesystem or basePath if specified.
67 '';
68 };
70 listenAddress = lib.mkOption {
71 type = lib.types.str;
72 default = "";
73 example = "example.com";
74 description = "Listen on a specific IP address or hostname.";
75 };
77 port = lib.mkOption {
78 type = lib.types.port;
79 default = 9418;
80 description = "Port to listen on.";
81 };
83 options = lib.mkOption {
84 type = lib.types.str;
85 default = "";
86 description = "Extra configuration options to be passed to Git daemon.";
87 };
89 user = lib.mkOption {
90 type = lib.types.str;
91 default = "git";
92 description = "User under which Git daemon would be running.";
93 };
95 group = lib.mkOption {
96 type = lib.types.str;
97 default = "git";
98 description = "Group under which Git daemon would be running.";
99 };
101 };
102 };
104 ###### implementation
106 config = lib.mkIf cfg.enable {
108 users.users = lib.optionalAttrs (cfg.user == "git") {
109 git = {
110 uid = config.ids.uids.git;
111 group = "git";
112 description = "Git daemon user";
113 };
114 };
116 users.groups = lib.optionalAttrs (cfg.group == "git") {
117 git.gid = config.ids.gids.git;
118 };
120 systemd.services.git-daemon = {
121 after = [ "network.target" ];
122 wantedBy = [ "multi-user.target" ];
123 script = "${lib.getExe cfg.package} daemon --reuseaddr "
124 + (lib.optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ")
125 + (lib.optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ")
126 + "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} "
127 + "--verbose " + (lib.optionalString cfg.exportAll "--export-all ") + lib.concatStringsSep " " cfg.repositories;
128 };
130 };
132 }