{ config, ... }: let cfg = config.services.gickup; in { sops.secrets."gickup/github-token" = { owner = "gickup"; }; services.gickup = { enable = true; dataDir = "/data/gickup"; destinationSettings = { structured = true; zip = false; keep = 10; bare = true; lfs = true; }; instances = let defaultGithubConfig = { settings.token_file = config.sops.secrets."gickup/github-token".path; }; defaultGitlabConfig = { # settings.token_file = ... }; in { "github:go-gitea/gitea" = defaultGithubConfig; "github:unmojang/FjordLauncher" = defaultGithubConfig; "github:unmojang/drasl" = defaultGithubConfig; "github:NixOS/nixpkgs" = defaultGithubConfig; "github:saltstack/salt" = defaultGithubConfig; "github:heimdal/heimdal" = defaultGithubConfig; "github:yushijinhun/authlib-injector" = defaultGithubConfig; "github:Git-Mediawiki/Git-Mediawiki" = defaultGithubConfig; "gitlab:mx-puppet/discord/better-discord.js" = defaultGitlabConfig; "gitlab:mx-puppet/discord/matrix-discord-parser" = defaultGitlabConfig; "gitlab:mx-puppet/discord/discord-markdown" = defaultGitlabConfig; "gitlab:mx-puppet/discord/mx-puppet-discord" = defaultGitlabConfig; "gitlab:mx-puppet/mx-puppet-bridge" = defaultGitlabConfig; "any:glibc" = { settings.url = "https://sourceware.org/git/glibc.git"; }; }; }; services.cgit = let domain = "bicep.pvv.ntnu.no"; in { ${domain} = { enable = true; group = "gickup"; scanPath = "${cfg.dataDir}/linktree"; settings = { enable-commit-graph = true; enable-follow-links = true; enable-http-clone = true; enable-remote-branches = true; clone-url = "https://${domain}/$CGIT_REPO_URL"; remove-suffix = true; root-title = "https://${domain}"; root-desc = "PVV's repository mirroring service"; snapshots = "all"; }; }; }; systemd.services."fcgiwrap-cgit" = { serviceConfig.BindReadOnlyPaths = [ cfg.dataDir ]; }; }