7 files changed, 150 insertions, 12 deletions
diff --git a/flake.lock b/flake.lock
index 4b77d08..c1ca2ea 100644
--- a/flake.lock
+++ b/flake.lock
@@ -45,11 +45,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758810399,
-        "narHash": "sha256-bpWoE1tiFX5T1tr5EudkpW9Kk02XR+6olkoSkf3nHZU=",
+        "lastModified": 1759261317,
+        "narHash": "sha256-ygqmNF5w5rY62QJi26xDMd17m5ZWmcc85Wyg/Whhv9A=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "39d26c16866260eee6d0487fe9c102ba1c1bf7b2",
+        "rev": "48e7d821876baee76553435104f91f1543881587",
         "type": "github"
       },
       "original": {
@@ -75,11 +75,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1758842305,
-        "narHash": "sha256-/KC1zSQJD4HOxZvdpk1yAVGazN7tfDqOoOMzwpB5m8M=",
+        "lastModified": 1759260691,
+        "narHash": "sha256-Nu3coEr5uDK/seto+96rYnMG7ciTMzUV4b7U7gPE+I4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1925c58e9e40c184b499bf6d902e152710d1581e",
+        "rev": "94ec9028189996315684cf098208a1dcc79e89f9",
         "type": "github"
       },
       "original": {
@@ -91,11 +91,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1758690382,
-        "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
+        "lastModified": 1759036355,
+        "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
+        "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127",
         "type": "github"
       },
       "original": {
@@ -115,11 +115,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1758185783,
-        "narHash": "sha256-6fX2CG8PzdBNwJGBISnf/nVHUVMZdCsekT1mP672Uh8=",
+        "lastModified": 1759157415,
+        "narHash": "sha256-Fg8cOnVoIe0uQ38UpR6XZzRCwDsjjozVwfevW9yCLI0=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "6a7d78cebd9a0f84a508bec9bc47ac504c5f51f4",
+        "rev": "df5b3e6da631f732c26c6044c7cccb8706b4f479",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 6dc888d..b982f4e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -49,6 +49,19 @@
         ];
       };
 
+      git = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          inputs.disko.nixosModules.default
+
+          ./machines/git/configuration.nix
+
+          inputs.home-manager.nixosModules.default
+          inputs.impermanence.nixosModules.impermanence
+        ];
+      };
+
     };
   };
 }
diff --git a/machines/git/configuration.nix b/machines/git/configuration.nix
new file mode 100644
index 0000000..7024d7e
--- /dev/null
+++ b/machines/git/configuration.nix
@@ -0,0 +1,29 @@
+{ lib, inputs, pkgs, ... }:
+
+let
+  drive = "/dev/nvme0n1";
+in {
+  imports = [
+    ./hardware-configuration.nix
+    inputs.home-manager.nixosModules.default
+
+    (import ../../disko.nix { device = drive; })
+
+  ] ++ (map (path: ../../modules/${path}) [
+    "core/global.nix"
+    "core/impermanence.nix"
+    "git/compromyse.nix"
+  ]);
+
+  networking.hostName = "git";
+
+  programs.fuse.userAllowOther = true;
+  home-manager = {
+    extraSpecialArgs = { inherit inputs; };
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    users = {
+      "compromyse" = import ./home.nix;
+    };
+  };
+}
diff --git a/machines/git/hardware-configuration.nix b/machines/git/hardware-configuration.nix
new file mode 100644
index 0000000..8c8749c
--- /dev/null
+++ b/machines/git/hardware-configuration.nix
@@ -0,0 +1,26 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/machines/git/home.nix b/machines/git/home.nix
new file mode 100644
index 0000000..82852c0
--- /dev/null
+++ b/machines/git/home.nix
@@ -0,0 +1,19 @@
+{ inputs, pkgs, ... }:
+
+{
+  home = {
+    username = "compromyse";
+    homeDirectory = "/home/compromyse";
+  };
+
+  home.packages = with pkgs; [
+    git-lfs
+  ];
+
+  imports = (map (path: ../../config/${path}) [
+    "bash.nix"
+    "git"
+  ]);
+
+  home.stateVersion = "23.11";
+}
diff --git a/modules/git/cgit.nix b/modules/git/cgit.nix
new file mode 100644
index 0000000..d7d172b
--- /dev/null
+++ b/modules/git/cgit.nix
@@ -0,0 +1,41 @@
+{ config, ... }:
+
+let
+  repositoryPath = "/home/compromyse";
+in {
+  services.cgit = {
+    enable = true;
+    scanPath = repositoryPath;
+    settings = {
+      root-title = "compromyse: CGIT";
+      root-desc = "Compromyse's Git Repositories";
+      clone-url = "https://git.compromyse.xyz/$CGIT_REPO_URL";
+      enable-commit-graph = 1;
+      enable-log-filecount = 1;
+      enable-log-linecount = 1;
+    };
+  };
+
+  services.fcgiwrap.enable = true;
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."git.compromyse.com" = {
+      forceSSL = true;
+      enableACME = true;
+      root = "${pkgs.cgit}/cgit";
+      locations."/" = {
+        extraConfig = ''
+          include ${pkgs.cgit}/cgit/cgit.conf;
+          fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+          fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+          fastcgi_param PATH_INFO $uri;
+          include ${pkgs.nginx}/conf/fastcgi_params;
+        '';
+      };
+    };
+  };
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "raghus2247@gmail.com";
+}
diff --git a/modules/git/compromyse.nix b/modules/git/compromyse.nix
new file mode 100644
index 0000000..509d57f
--- /dev/null
+++ b/modules/git/compromyse.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+
+{
+  users.users.compromyse = {
+    initialPassword = "testing";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDljZ44cNtYqvpeGuUsMRekkjiyaCLraX7GHp2BJGyhvUnCpVz7I5K6SGQ92vnEdkbQpUEs29Cw5RTYTKDXcn1zyl7fi/jLWVLgV3Apc7dbJvhQOTfxB24D5EuOR+3nZFtR1C89VNiB55ahqoBAxGMxr9GkOaKplruT1u+UOAW7wRwCGWoC7ySuVRnEoquWsv3ZHZhxTgmM6b8wnOk9K/to0JY51fbZ56OXcUKRUNkq4QzVMWEhWEpOuSFeufOewCjUIcMQkWzjG3XiqF7gBGnNqbvPlWOB3iLbAdOGBfkAxFlzTBGzwNEGWV39AMWHA1dRBKeETo5sHACsorpIQ3IHR3uHz3YccqhzOBqERqU419ioLdHSQt7uXS54AvZ7ZAMm/RZBeFdupT2dhfOdmvY/2ZHHEuP55A3GExlthaFR+SPKc1q/MhtX/+hBhtkPH+RMP/WPgPbXBCLVdL/ul/vGk8CGCFeKAVrexmz5q+5xax/gDIKfS3ynoMCrWxoto2U= raghus2247@gmail.com" ];
+  };
+  security.sudo.wheelNeedsPassword = false;
+}