From 7a82c96567988fe4b2fa786ebde2631f7e1bd61e Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sun, 5 Oct 2025 12:04:57 +0200
Subject: add git server

---
 config/services/default.nix     |  5 +++++
 config/services/git/default.nix | 28 ++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 config/services/default.nix
 create mode 100644 config/services/git/default.nix

(limited to 'config/services')

diff --git a/config/services/default.nix b/config/services/default.nix
new file mode 100644
index 0000000..b0df600
--- /dev/null
+++ b/config/services/default.nix
@@ -0,0 +1,5 @@
+{ ... }:
+
+{
+  imports = [ ./git ];
+}
diff --git a/config/services/git/default.nix b/config/services/git/default.nix
new file mode 100644
index 0000000..fef2233
--- /dev/null
+++ b/config/services/git/default.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.git = {
+    isSystemUser = true;
+    group = "git";
+    createHome = true;
+    home = "/srv/git";
+    shell = "${pkgs.git}/bin/git-shell";
+    openssh.authorizedKeys.keys = config.users.users.qaristote.openssh.authorizedKeys.keys ++ [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT+jPcQhtBu4jxNAn54PV2TJ5krCfFnbXsR3OHk72l8 qaristote@dragonfly-g4"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDh2W0Nv76Nnw8TNysOkxVDZpnW0VEptq4u4Rask6zoO qaristote@optiplex-9030"
+    ];
+  };
+
+  users.groups.git = { };
+
+  services.openssh = {
+    extraConfig = ''
+      Match user git
+        AllowTcpForwarding no
+        AllowAgentForwarding no
+        PasswordAuthentication no
+        PermitTTY no
+        X11Forwarding no
+    '';
+  };
+}
-- 
cgit v1.2.3