remove legit (making own fork)
4 files changed, 0 insertions(+), 236 deletions(-)
M default.nix → default.nix
@@ -14,7 +14,6 @@ lib = import ./lib { inherit pkgs; }; # functions modules = import ./modules/nixos; # NixOS modules overlays = import ./overlays; # nixpkgs overlays - legit-web = pkgs.callPackage ./pkgs/legit-web { }; dirstat-rs = pkgs.callPackage ./pkgs/dirstat-rs { }; go-instrument = pkgs.callPackage ./pkgs/go-instrument { }; htmlformat = pkgs.callPackage ./pkgs/htmlformat { };
M modules/nixos/default.nix → modules/nixos/default.nix
@@ -3,5 +3,4 @@ # Add your NixOS modules here # # my-module = ./my-module; laminar = ./laminar.nix; - legit = ./legit.nix; }
D modules/nixos/legit.nix
@@ -1,197 +0,0 @@ -{ config -, lib -, pkgs -, ... -}: - -let - inherit (lib) - literalExpression - mkEnableOption - mkIf - mkOption - mkPackageOption - optionalAttrs - optional - types - ; - - cfg = config.services.legit; - - yaml = pkgs.formats.yaml { }; - configFile = yaml.generate "legit.yaml" cfg.settings; - - defaultStateDir = "/var/lib/legit"; - defaultStaticDir = "${cfg.settings.repo.scanPath}/static"; - defaultTemplatesDir = "${cfg.settings.repo.scanPath}/templates"; -in -{ - options.services.legit = { - enable = mkEnableOption "legit git web frontend"; - - package = mkPackageOption pkgs "legit-web" { }; - - user = mkOption { - type = types.str; - default = "legit"; - description = "User account under which legit runs."; - }; - - group = mkOption { - type = types.str; - default = "legit"; - description = "Group account under which legit runs."; - }; - - settings = mkOption { - default = { }; - description = '' - The primary legit configuration. See the - [sample configuration](https://github.com/icyphox/legit/blob/master/config.yaml) - for possible values. - ''; - type = types.submodule { - freeformType = yaml.type; - options.repo = { - scanPath = mkOption { - type = types.path; - default = defaultStateDir; - description = "Directory where legit will scan for repositories."; - }; - readme = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "Readme files to look for."; - }; - mainBranch = mkOption { - type = types.listOf types.str; - default = [ - "main" - "master" - ]; - description = "Main branch to look for."; - }; - ignore = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "Repositories to ignore."; - }; - }; - options.dirs = { - templates = mkOption { - type = types.path; - default = "${pkgs.legit-web}/lib/legit/templates"; - defaultText = literalExpression ''"''${pkgs.legit-web}/lib/legit/templates"''; - description = "Directories where template files are located."; - }; - static = mkOption { - type = types.path; - default = "${pkgs.legit-web}/lib/legit/static"; - defaultText = literalExpression ''"''${pkgs.legit-web}/lib/legit/static"''; - description = "Directories where static files are located."; - }; - }; - options.meta = { - title = mkOption { - type = types.str; - default = "legit"; - description = "Website title."; - }; - description = mkOption { - type = types.str; - default = "git frontend"; - description = "Website description."; - }; - }; - options.server = { - name = mkOption { - type = types.str; - default = "localhost"; - description = "Server name."; - }; - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host address."; - }; - port = mkOption { - type = types.port; - default = 5555; - description = "Legit port."; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - users.groups = optionalAttrs (cfg.group == "legit") { - "${cfg.group}" = { }; - }; - - users.users = optionalAttrs (cfg.user == "legit") { - "${cfg.user}" = { - group = cfg.group; - isSystemUser = true; - }; - }; - - systemd.services.legit = { - description = "legit git frontend"; - - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - restartTriggers = [ configFile ]; - - serviceConfig = { - Type = "simple"; - User = cfg.user; - Group = cfg.group; - ExecStart = "${cfg.package}/bin/legit -config ${configFile}"; - Restart = "always"; - - WorkingDirectory = cfg.settings.repo.scanPath; - StateDirectory = - [ ] - ++ optional (cfg.settings.repo.scanPath == defaultStateDir) "legit" - ++ optional (cfg.settings.dirs.static == defaultStaticDir) "legit/static" - ++ optional (cfg.settings.dirs.templates == defaultTemplatesDir) "legit/templates"; - - # Hardening - CapabilityBoundingSet = [ "" ]; - DeviceAllow = [ "" ]; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProcSubset = "pid"; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - ProtectSystem = "strict"; - ReadWritePaths = cfg.settings.repo.scanPath; - RemoveIPC = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - ]; - UMask = "0077"; - }; - }; - }; -}
D pkgs/legit-web/default.nix
@@ -1,37 +0,0 @@ -{ lib -, buildGoModule -, fetchgit -, nixosTests -, -}: - -buildGoModule { - pname = "legit"; - version = "unstable-2025-03-29"; - - src = fetchgit { - url = "https://git.alanpearce.eu/legit.git"; - rev = "ba5bcefcd3249fbaf77a487a7480a395016e3318"; - hash = "sha256-x1/g/u0i9RCQjy8Iz0CG1oJTktOHhgg9jymPDQUVeIw="; - }; - - vendorHash = "sha256-QxkMxO8uzBCC3oMSWjdVsbR2cluYMx5OOKTgaNOLHxc="; - - postInstall = '' - mkdir -p $out/lib/legit/templates - mkdir -p $out/lib/legit/static - - cp -r $src/templates/* $out/lib/legit/templates - cp -r $src/static/* $out/lib/legit/static - ''; - - passthru.tests = { inherit (nixosTests) legit; }; - - meta = { - description = "Web frontend for git"; - homepage = "https://github.com/icyphox/legit"; - license = lib.licenses.mit; - maintainers = [ lib.maintainers.alanpearce ]; - mainProgram = "legit"; - }; -}