nixos-config/config/host-config/france/git.nix

{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  domain-name = config.instance.local-domain;

  secrets = config.fudo.secrets.host-secrets.${hostname};

  cfg = config.fudo.france.git;

  sshOpts = { ... }: {
    options = with types; {
      listen-ip = mkOption {
        type = str;
        description = "IP address on which to listen for SSH connections.";
      };
      listen-port = mkOption {
        type = port;
        description = "Port on which to listen for SSH connections.";
        default = 22;
      };
    };
  };


in {
  options.fudo.france.git = with types; {
    repository-directory = mkOption {
      type = str;
      description = "Path to store git repositories.";
    };
    state-directory = mkOption {
      type = str;
      description = "Path to store git server state.";
    };
    database-host = mkOption {
      type = str;
      description = "PostGreSQL database host.";
    };
    ssh = mkOption {
      type = submodule sshOpts;
      description = "Git SSH listen options.";
    };
  };

  config.fudo = {
    secrets.host-secrets.${hostname}.git-database-password = {
      source-file = pkgs.lib.fudo.passwd.stablerandom-passwd-file
        "gitea-database-passwd"
        "${hostname}-gitea-database-passwd-${config.instance.build-seed}";
      target-file = "/var/gitea/database.passwd";
      user = config.services.gitea.user;
    };

    postgresql = {
      databases.fudo_git.users =
        config.instance.local-admins;

      users.fudo_git = {
        password-file =
          secrets.git-database-password.target-file;
        databases = {
          fudo_git = {
            access = "CONNECT";
            entity-access = {
              "ALL TABLES IN SCHEMA public" =
                "SELECT,INSERT,UPDATE,DELETE";
              "ALL SEQUENCES IN SCHEMA public" =
                "SELECT, UPDATE";
            };
          };
        };
      };
    };

    git = {
      enable = true;
      hostname = "git.${domain-name}";
      site-name = "Fudo Git";
      user = "git-fudo";
      repository-dir = cfg.repository-directory;
      state-dir = cfg.state-directory;
      database = {
        user = "fudo_git";
        password-file =
          secrets.git-database-password.target-file;
        hostname = cfg.database-host;
        name = "fudo_git";
      };
      ssh = {
        listen-ip = cfg.ssh.listen-ip;
        listen-port = cfg.ssh.listen-port;
      };
    };
  };
}