From f4a46f3027e038143f70b3b8a43f515e2c64d7ed Mon Sep 17 00:00:00 2001 From: Martin Fischer Date: Mon, 29 Dec 2025 09:46:10 +0100 Subject: fix(tente): revoke repo write access for cgit --- nixos/hosts/tente/default.nix | 12 +++++++----- nixos/hosts/tente/git-web.nix | 8 ++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) (limited to 'nixos') diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix index ddfa89b..2ecfbcb 100644 --- a/nixos/hosts/tente/default.nix +++ b/nixos/hosts/tente/default.nix @@ -69,6 +69,11 @@ in ]; }; + cgit = { + isSystemUser = true; + extraGroups = ["git"]; + }; + nginx = { isSystemUser = true; extraGroups = [ @@ -151,11 +156,8 @@ in gitWeb = { domain = "git.${baseDomain}"; reposDir = reposDir; - # TODO: cgit shouldn't have write access to repositories - # running as the gitolite user because otherwise cloning a repo via cgit fails with: - # fatal: detected dubious ownership in repository - user = config.services.gitolite.user; - group = config.services.gitolite.group; + user = "cgit"; + group = "cgit"; }; services.geopos-share = diff --git a/nixos/hosts/tente/git-web.nix b/nixos/hosts/tente/git-web.nix index 343a5fc..1288a45 100644 --- a/nixos/hosts/tente/git-web.nix +++ b/nixos/hosts/tente/git-web.nix @@ -64,5 +64,13 @@ in clone-prefix = "https://${cfg.domain}"; }; }; + + # cgit uses git for http clones and git aborts by default if the repo isn't owned by the current user. + # We're intentionally using different users so that cgit doesn't have write access. + # We just have to tell git that the directories are "safe". + environment.etc."gitconfig".text = '' + [safe] + directory = ${cfg.reposDir}/* + ''; }; } -- cgit v1.3.1