diff options
| author | lassulus <lass@blue.r> | 2018-09-04 20:40:20 +0200 |
|---|---|---|
| committer | lassulus <lass@blue.r> | 2018-09-04 20:40:20 +0200 |
| commit | e183bb1c80c42131f9e3d932985e413ef457f77a (patch) | |
| tree | f728e5c1a97550d12de72af3a63740ddca69b975 | |
| parent | 8760874b7a7a746d5dd0bf179bd41e9e2291bb77 (diff) | |
| parent | 000f2a7c9123fcd4b110c6c220570758d556c837 (diff) | |
Merge remote-tracking branch 'ni/master'
| -rw-r--r-- | krebs/3modules/git.nix | 11 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/cgit-clear-cache.nix | 8 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/krops.nix | 4 | ||||
| m--------- | submodules/nix-writers | 0 | ||||
| -rw-r--r-- | tv/2configs/gitrepos.nix | 27 |
5 files changed, 39 insertions, 11 deletions
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 5ae24b40b..8a923efd2 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -348,6 +348,10 @@ let users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; description = "Git repository hosting user"; + extraGroups = [ + # To allow running cgit-clear-cache via hooks. + cfg.cgit.fcgiwrap.group.name + ]; shell = "/bin/sh"; openssh.authorizedKeys.keys = unique @@ -403,13 +407,12 @@ let )); environment.systemPackages = [ - (pkgs.writeDashBin "cgit-clear-cache" '' - ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/* - '') + (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; }) ]; system.activationScripts.cgit = '' - mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} + mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} + chmod 0770 ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} ''; diff --git a/krebs/5pkgs/simple/cgit-clear-cache.nix b/krebs/5pkgs/simple/cgit-clear-cache.nix new file mode 100644 index 000000000..28402c39c --- /dev/null +++ b/krebs/5pkgs/simple/cgit-clear-cache.nix @@ -0,0 +1,8 @@ +with import <stockholm/lib>; + +{ cache-root ? "/tmp/cgit", findutils, writeDashBin }: + +writeDashBin "cgit-clear-cache" '' + set -efu + ${findutils}/bin/find ${shell.escape cache-root} -type f -delete +'' diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix index e4e9928d4..23cc224b8 100644 --- a/krebs/5pkgs/simple/krops.nix +++ b/krebs/5pkgs/simple/krops.nix @@ -2,6 +2,6 @@ fetchgit { url = https://cgit.krebsco.de/krops; - rev = "refs/tags/v1.1.0"; - sha256 = "19z5385rdci2bj0l7ksjbgyj84vsb29kz87j9x6vj5vv16y7y4ll"; + rev = "refs/tags/v1.3.1"; + sha256 = "0bv984bjc6r1ys1q0wnszv1v1g1wdvjb6i0ibj7namwz0mhg67a7"; } diff --git a/submodules/nix-writers b/submodules/nix-writers -Subproject 4d0829328e885a6d7163b513998a975e60dd0a7 +Subproject 5d79992262e8f16a3efa985375be74abea3bb39 diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 06875038d..74fb5215a 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -18,6 +18,10 @@ let { }; }; + cgit-clear-cache = pkgs.cgit-clear-cache.override { + inherit (config.krebs.git.cgit.settings) cache-root; + }; + repos = public-repos // optionalAttrs config.krebs.build.host.secure restricted-repos; @@ -97,8 +101,11 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; - hooks.post-receive = irc-announce { - cgit_endpoint = null; + hooks = { + post-receive = /* sh */ '' + (${irc-announce { cgit_endpoint = null; }}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; }; }; } // @@ -117,14 +124,24 @@ let { make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; - hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = irc-announce {}; + hooks = { + post-receive = /* sh */ '' + (${optionalString (config.krebs.build.host.name == "ni") + (irc-announce {})}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; }; }; make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { - inherit collaborators hooks name; + inherit collaborators name; public = false; + hooks = hooks // { + post-receive = /* sh */ '' + (${hooks.post-receive or ""}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; + }; }; make-rules = |