diff options
| author | Martin Fischer <martin@push-f.com> | 2025-12-29 09:46:10 +0100 |
|---|---|---|
| committer | Martin Fischer <martin@push-f.com> | 2025-12-29 19:35:25 +0100 |
| commit | 928cf7b7f979270f270f315e0e2f17702c870d88 (patch) | |
| tree | 045c5848cd8bd0916ac581fcc29260a30b516119 /nixos/hosts | |
| parent | 1ffc0fb9b1d5dfb6658665c13ad13b3378d43fe2 (diff) | |
fix(tente): revoke repo write access for cgit
Diffstat (limited to 'nixos/hosts')
| -rw-r--r-- | nixos/hosts/tente/default.nix | 12 | ||||
| -rw-r--r-- | nixos/hosts/tente/git-web.nix | 8 |
2 files changed, 15 insertions, 5 deletions
diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix index ddfa89b..2ecfbcb 100644 --- a/nixos/hosts/tente/default.nix +++ b/nixos/hosts/tente/default.nix @@ -69,6 +69,11 @@ in ]; }; + cgit = { + isSystemUser = true; + extraGroups = ["git"]; + }; + nginx = { isSystemUser = true; extraGroups = [ @@ -151,11 +156,8 @@ in gitWeb = { domain = "git.${baseDomain}"; reposDir = reposDir; - # TODO: cgit shouldn't have write access to repositories - # running as the gitolite user because otherwise cloning a repo via cgit fails with: - # fatal: detected dubious ownership in repository - user = config.services.gitolite.user; - group = config.services.gitolite.group; + user = "cgit"; + group = "cgit"; }; services.geopos-share = diff --git a/nixos/hosts/tente/git-web.nix b/nixos/hosts/tente/git-web.nix index 343a5fc..122157a 100644 --- a/nixos/hosts/tente/git-web.nix +++ b/nixos/hosts/tente/git-web.nix @@ -64,5 +64,13 @@ in clone-prefix = "https://${cfg.domain}"; }; }; + + # The cgit module uses git-http-backend which aborts by default if the repo isn't owned by the current user. + # We're intentionally using different users so that cgit doesn't have write access. + # We just have to tell git that the directories are "safe". + environment.etc."gitconfig".text = '' + [safe] + directory = ${cfg.reposDir}/* + ''; }; } |
