3 files changed, 63 insertions, 1 deletions

diff --git a/machines/renard/default.nix b/machines/renard/default.nix
index c55b6b6..c882d15 100644
--- a/machines/renard/default.nix
+++ b/machines/renard/default.nix
@@ -9,6 +9,8 @@
 
     ../../modules/www.nix
     ../../modules/git.nix
+  
+    ../../services/cgit.nix
   ];
 
   services.nginx.virtualHosts = {
diff --git a/modules/common.nix b/modules/common.nix
index aca3cfa..23d8270 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -31,7 +31,10 @@
 
   services.envfs.enable = true;
 
-  virtualisation.docker.enable = true;
+  virtualisation = {
+    docker.enable = true;
+    oci-containers.backend = "docker";
+  };
 
   services = {
     openssh = {
diff --git a/services/cgit.nix b/services/cgit.nix
new file mode 100644
index 0000000..d8493f4
--- /dev/null
+++ b/services/cgit.nix
@@ -0,0 +1,57 @@
+{ pkgs, ... }:
+
+# TODO: bring in cgit text configuration in `/srv` into nixos repository.
+let
+  inherit (pkgs) dockerTools;
+  cgit = pkgs.cgit-pink;
+
+  cgitLocalPort = "3792";
+  cgitDir = "/srv/cgit";
+  gitDir = "/srv/git";
+
+  baseImage = dockerTools.pullImage {
+    imageName = "alpine";
+    imageDigest = "sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d";
+    sha256 = "0fzqhqvvb0pzkwvjwyqjfv3rw2w8006xz4mhk0dk5clmyb08hqwc";
+    finalImageName = "alpine";
+    finalImageTag = "3.20.3";
+  };
+
+  # TODO: replace `buildLayeredImage` with `streamLayeredImage`
+  # in the upcoming 24.11 release.
+  cgitImage = dockerTools.buildLayeredImage {
+    name = "cgit";
+    tag = cgit.version;
+    fromImage = baseImage;
+
+    contents = with pkgs; [
+      lighttpd zstd
+      python311 python311Packages.pygments
+    ] ++ [ cgit ];
+  };
+
+in
+{
+  virtualisation.oci-containers.containers = {
+    cgit = {
+      # TODO: see above. replace with `imageStream`.
+      imageFile = cgitImage;
+      image = "cgit:${cgit.version}"; # has to match `imageFile`.
+      ports = [ "127.0.0.1:${cgitLocalPort}:80"];
+
+      volumes = [
+        "${cgitDir}/config/cgitrc:/etc/cgitrc"
+        "${cgitDir}/config/lighttpd.conf:/etc/lighttpd/cgit.conf"
+        "${cgitDir}/data:/data"
+        
+        "${gitDir}:/var/www/cgit"
+      ];
+
+      entrypoint = "${pkgs.lighttpd}/bin/lighttpd";
+      cmd = [
+        "-D" # run in foreground
+        "-f" "/etc/lighttpd/cgit.conf"
+      ];
+    };
+  };
+}