diff options
author | tv <tv@krebsco.de> | 2015-07-24 19:33:20 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-07-24 19:33:20 +0200 |
commit | e1d542e07d5ee9c26a04f273b0eb6ff8adccf756 (patch) | |
tree | 6c056907ec038e0cef7d814c3fc2e271951909e5 /2configs/tv | |
parent | 0c65be34570f9a3863862fd0f8c712f5f57b6144 (diff) |
tv git: add restricted repos
Diffstat (limited to '2configs/tv')
-rw-r--r-- | 2configs/tv/git.nix (renamed from 2configs/tv/git-public.nix) | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/2configs/tv/git-public.nix b/2configs/tv/git.nix index 1bf44e0..ac1c413 100644 --- a/2configs/tv/git-public.nix +++ b/2configs/tv/git.nix @@ -11,7 +11,11 @@ let }; }; - repos = public-repos; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( + public-repos // + optionalAttrs config.tv.identity.self.secure restricted-repos + ); + rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { @@ -36,6 +40,15 @@ let xintmap = {}; }; + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with users; [ lass makefu ]; + }; + } // + import /root/src/secrets/repos.nix { inherit config lib pkgs users; } + ); + # TODO move users to separate module users = mapAttrs make-user { tv = ../../Zpubkeys/tv_wu.ssh.pub; @@ -57,6 +70,12 @@ let }; }; + make-restricted-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + hooks = {}; # TODO default + }; + make-rules = with git // users; repo: @@ -69,6 +88,11 @@ let user = [ lass makefu uriel ]; repo = [ repo ]; perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; }; make-user = name: pubkey-file: { |