diff options
-rw-r--r-- | nin/1systems/hiawatha.nix | 1 | ||||
-rw-r--r-- | nin/1systems/onondaga.nix | 1 | ||||
-rw-r--r-- | nin/2configs/git.nix | 70 |
3 files changed, 72 insertions, 0 deletions
diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix index 9d01d7a..af86549 100644 --- a/nin/1systems/hiawatha.nix +++ b/nin/1systems/hiawatha.nix @@ -11,6 +11,7 @@ with lib; ../. <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ../2configs/retiolum.nix + ../2configs/git.nix ]; krebs.build.host = config.krebs.hosts.hiawatha; diff --git a/nin/1systems/onondaga.nix b/nin/1systems/onondaga.nix index 59f26c4..5768470 100644 --- a/nin/1systems/onondaga.nix +++ b/nin/1systems/onondaga.nix @@ -10,6 +10,7 @@ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/retiolum.nix ../2configs/weechat.nix + ../2configs/git.nix ]; krebs.build.host = config.krebs.hosts.onondaga; diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix new file mode 100644 index 0000000..39f919e --- /dev/null +++ b/nin/2configs/git.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + + out = { + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "take all the computers hostage, they'll love you!"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "ni.r"; + verbose = config.krebs.build.host.name == "onondaga"; + # TODO define branches in some kind of option per repo + branches = [ "master" ]; + }; + }; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ nin ]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out |