summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-06-18 21:22:21 +0200
committertv <tv@krebsco.de>2015-06-18 21:22:21 +0200
commitc868cff63b120e034e5bd418959039ccb210ca52 (patch)
tree5287e42c1a51131a6e052101c932de699f88c7c1 /modules
parent09e2e897b5de39eed3d3c58dffeee421c388e36d (diff)
host cd: use irc-announce and cgit
Diffstat (limited to 'modules')
-rw-r--r--modules/cd/default.nix33
-rw-r--r--modules/cd/iptables.nix1
2 files changed, 21 insertions, 13 deletions
diff --git a/modules/cd/default.nix b/modules/cd/default.nix
index ac32795..7223203 100644
--- a/modules/cd/default.nix
+++ b/modules/cd/default.nix
@@ -59,31 +59,38 @@
makefu = { pubkey = "xxx"; };
};
- # TODO warn about stale repodirs
repos = addNames {
+ shitment = {
+ desc = "shitment repository";
+ hooks = {
+ post-receive = git.irc-announce {
+ nick = config.networking.hostName; # TODO make this the default
+ channel = "#retiolum";
+ server = "ire.retiolum";
+ };
+ };
+ public = true;
+ };
testing = {
+ desc = "testing repository";
hooks = {
- update = ''
- #! /bin/sh
- set -euf
- echo update hook: $* >&2
- '';
- post-update = ''
- #! /bin/sh
- set -euf
- echo post-update hook: $* >&2
- '';
+ post-receive = git.irc-announce {
+ nick = config.networking.hostName; # TODO make this the default
+ channel = "#repository";
+ server = "ire.retiolum";
+ };
};
+ public = true;
};
};
rules = with git; with users; with repos; [
{ user = tv;
- repo = testing;
+ repo = [ testing shitment ];
perm = push master [ non-fast-forward create delete merge ];
}
{ user = [ lass makefu ];
- repo = testing;
+ repo = [ testing shitment ];
perm = fetch;
}
];
diff --git a/modules/cd/iptables.nix b/modules/cd/iptables.nix
index 48425e8..950aa84 100644
--- a/modules/cd/iptables.nix
+++ b/modules/cd/iptables.nix
@@ -63,6 +63,7 @@
ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request
ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request
+ ipXtables -A Retiolum -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW
${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"}
ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset