{ config, lib, pkgs, ... }: with lib; let hostname = config.instance.hostname; domain-name = config.instance.local-domain; secrets = config.fudo.secrets.host-secrets.${hostname}; cfg = config.fudo.france.git; sshOpts = { ... }: { options = with types; { listen-ip = mkOption { type = str; description = "IP address on which to listen for SSH connections."; }; listen-port = mkOption { type = port; description = "Port on which to listen for SSH connections."; default = 22; }; }; }; in { options.fudo.france.git = with types; { repository-directory = mkOption { type = str; description = "Path to store git repositories."; }; state-directory = mkOption { type = str; description = "Path to store git server state."; }; database-host = mkOption { type = str; description = "PostGreSQL database host."; }; ssh = mkOption { type = submodule sshOpts; description = "Git SSH listen options."; }; }; config.fudo = { secrets.host-secrets.${hostname}.git-database-password = { source-file = pkgs.lib.fudo.passwd.stablerandom-passwd-file "gitea-database-passwd" "${hostname}-gitea-database-passwd-${config.instance.build-seed}"; target-file = "/var/gitea/database.passwd"; user = config.services.gitea.user; }; postgresql = { databases.fudo_git.users = config.instance.local-admins; users.fudo_git = { password-file = secrets.git-database-password.target-file; databases = { fudo_git = { access = "CONNECT"; entity-access = { "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; "ALL SEQUENCES IN SCHEMA public" = "SELECT, UPDATE"; }; }; }; }; }; git = { enable = true; hostname = "git.${domain-name}"; site-name = "Fudo Git"; user = "git-fudo"; repository-dir = cfg.repository-directory; state-dir = cfg.state-directory; database = { user = "fudo_git"; password-file = secrets.git-database-password.target-file; hostname = cfg.database-host; name = "fudo_git"; }; ssh = { listen-ip = cfg.ssh.listen-ip; listen-port = cfg.ssh.listen-port; }; }; }; }