1 files changed, 50 insertions, 0 deletions

diff --git a/fleet/hosts/trieste/naut.nix b/fleet/hosts/trieste/naut.nix
new file mode 100644
index 0000000..85a9a5e
--- /dev/null
+++ b/fleet/hosts/trieste/naut.nix
@@ -0,0 +1,50 @@
+# SPDX-FileCopyrightText: V <v@unfathomable.blue>
+# SPDX-License-Identifier: OSL-3.0
+
+{ pkgs, ... }:
+
+let
+  socket = "/run/naut/naut.sock";
+  proxySocket = "/run/naut/naut-proxy.sock";
+
+  config = {
+      "#unfathomable" = [ "nixos-config" ];
+      "#ripple" = [ "ripple" "ripple-website" ];
+    };
+in {
+  systemd.sockets.naut-proxy = {
+    wantedBy = [ "sockets.target" ];
+    listenStreams = [ proxySocket ];
+    socketConfig.SocketUser = "git";
+  };
+
+  systemd.services.naut-proxy = {
+    serviceConfig.ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd ${socket}";
+  };
+
+  systemd.services.naut = {
+    wantedBy = [ "multi-user.target" ];
+
+    environment.NAUT_SOCK = socket;
+    environment.NAUT_CONFIG = (pkgs.formats.toml {}).generate "naut.toml" config;
+
+    serviceConfig = {
+      ExecStart = "${pkgs.naut}/bin/naut";
+      EnvironmentFile = "/etc/naut/env";
+      Restart = "on-failure";
+
+      DynamicUser = true;
+      SupplementaryGroups = [ "git" ];
+      RuntimeDirectory = "naut";
+    };
+  };
+
+  declarative.git.hooks.post-receive = [
+    (pkgs.writeShellScript "nautify" ''
+      {
+        pwd
+        cat
+      } | nc -UN ${proxySocket}
+    '')
+  ];
+}