1 files changed, 47 insertions, 0 deletions

diff --git a/fleet/hosts/trieste/git.nix b/fleet/hosts/trieste/git.nix
new file mode 100644
index 0000000..f4d4e0b
--- /dev/null
+++ b/fleet/hosts/trieste/git.nix
@@ -0,0 +1,47 @@
+# SPDX-FileCopyrightText: V <v@unfathomable.blue>
+# SPDX-FileCopyrightText: edef <edef@unfathomable.blue>
+# SPDX-License-Identifier: OSL-3.0
+
+{ pkgs, ... }:
+
+let
+  root = "/var/lib/git";
+in {
+  users.users.git = {
+    isSystemUser = true;
+    group = "git";
+
+    # This lets us address remote repositories like `trieste:foo`.
+    home = root;
+
+    # TODO(V): Remove the override once https://github.com/NixOS/nixpkgs/pull/128062 has made its way into stable.
+    shell = pkgs.git // { shellPath = "/bin/git-shell"; };
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXELHAMjO/BzoBFgTW9ln3td2WnXw9VGF3zpMBiswsx git@vityaz"
+    ];
+  };
+
+  users.groups.git = {};
+
+  systemd.tmpfiles.rules = [
+    "d ${root} 0750 git git"
+  ];
+
+  declarative.git.repositories = {
+    ripple = {
+      description = "A build system for the next decade";
+      config.cgit = {
+        # This is added to the webroot in cgit.nix. It would be nice if we could do that modularly.
+        # Another option is to simply hotlink https://ripple.unfathomable.blue/icon.svg
+        # Yet another option is to keep the SVG in Git, and link to the raw file from trunk.
+        logo = "/ripple.svg";
+
+        homepage = "https://ripple.unfathomable.blue/";
+      };
+    };
+
+    ripple-website.description = "Source code for https://ripple.unfathomable.blue/";
+    nixos-config.description = "NixOS configuration for Unfathomable infrastructure";
+  };
+}