From 605a52758c9a03ee8510ac075c5ae35ee3693492 Mon Sep 17 00:00:00 2001 From: David Wagner Date: Sun, 27 Oct 2024 20:59:45 +0100 Subject: [PATCH] nuc: Fix git server ownership and permissions Define the `git` as system user and delete its home directory. Make it part of the group `git`. Make the git repositories owned by git user and group and adjust the permissions: chown -R git:git /srv/git find /srv/git -type d -exec chmod 750 {} \; find /srv/git -type f -exec chmod 640 {} \; Finally, run `cgit` as the group `git` so it can read the repositories. --- modules/git.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/git.nix b/modules/git.nix index 7d13670..5b64434 100644 --- a/modules/git.nix +++ b/modules/git.nix @@ -7,16 +7,18 @@ in imports = [ ./consul-catalog.nix ]; users.users.git = { - isNormalUser = true; + isSystemUser = true; + group = "git"; shell = "${pkgs.git}/bin/git-shell"; openssh.authorizedKeys.keys = (import ./keys.nix).dwagner; }; + users.groups.git = { }; services = { cgit.git = { enable = true; user = "cgit"; - group = "cgit"; + group = "git"; scanPath = "/srv/git"; settings = { enable-git-config = true;