129 lines
3.7 KiB
Nix
129 lines
3.7 KiB
Nix
topLevel: {
|
|
flake.modules = {
|
|
nixos.base =
|
|
{ pkgs, ... }:
|
|
{
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
];
|
|
|
|
};
|
|
|
|
homeManager.cholli =
|
|
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
username = topLevel.config.flake.meta.users.cholli.username;
|
|
in
|
|
{
|
|
programs.git = {
|
|
enable = true;
|
|
lfs.enable = true;
|
|
signing = {
|
|
key = topLevel.config.flake.meta.users.cholli.key;
|
|
signByDefault = true;
|
|
};
|
|
ignores = [
|
|
".direnv/"
|
|
".devenv/"
|
|
"result"
|
|
];
|
|
|
|
settings = {
|
|
user = {
|
|
name = topLevel.config.flake.meta.users.cholli.name;
|
|
email = topLevel.config.flake.meta.users.cholli.email;
|
|
};
|
|
core = {
|
|
fsmonitor = true;
|
|
};
|
|
init = {
|
|
defaultBranch = "main";
|
|
};
|
|
pull = {
|
|
rebase = true;
|
|
};
|
|
push = {
|
|
autoSetupRemote = true;
|
|
};
|
|
rebase = {
|
|
autoStash = true;
|
|
};
|
|
safe = {
|
|
directory = "/home/${username}/projects/config";
|
|
};
|
|
maintenance = {
|
|
repo = [
|
|
"home/${username}/projects/nixpkgs"
|
|
"home/${username}/projects/config"
|
|
];
|
|
strategy = "incremental";
|
|
};
|
|
lfs."https://git.christophhollizeck.dev/Daholli/nixos-config.git/info/lfs".locksverify = true;
|
|
};
|
|
};
|
|
|
|
systemd.user = {
|
|
services."git-maintenance@" = {
|
|
Unit = {
|
|
Description = "Optimize Git repositories data";
|
|
};
|
|
Service = {
|
|
Type = "oneshot";
|
|
ExecStart = ''"${lib.getExe config.programs.git.package}" --exec-path="${lib.getBin config.programs.git.package}/bin" -c credential.interactive=false -c core.askPass=true for-each-repo --config=maintenance.repo maintenance run --schedule=%i'';
|
|
LockPersonality = "yes";
|
|
MemoryDenyWriteExecute = "yes";
|
|
NoNewPrivileges = "yes";
|
|
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_VSOCK";
|
|
RestrictNamespaces = "yes";
|
|
RestrictRealtime = "yes";
|
|
RestrictSUIDSGID = "yes";
|
|
SystemCallArchitectures = "native";
|
|
SystemCallFilter = "@system-service";
|
|
};
|
|
};
|
|
timers = {
|
|
"git-maintenance@hourly" = {
|
|
Unit = {
|
|
Description = "Optimize Git repositories data";
|
|
};
|
|
Timer = {
|
|
OnCalendar = "*-*-* *:00:00";
|
|
Persistent = true;
|
|
};
|
|
Install = {
|
|
WantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
"git-maintenance@daily" = {
|
|
Unit = {
|
|
Description = "Optimize Git repositories data";
|
|
};
|
|
Timer = {
|
|
OnCalendar = "*-*-* 20:00:00";
|
|
Persistent = true;
|
|
};
|
|
Install = {
|
|
WantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
"git-maintenance@weekly" = {
|
|
Unit = {
|
|
Description = "Optimize Git repositories data";
|
|
};
|
|
Timer = {
|
|
OnCalendar = "Sun *-*-* 20:00:00";
|
|
Persistent = true;
|
|
};
|
|
Install = {
|
|
WantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|