diff options
| author | tv <tv@krebsco.de> | 2023-06-14 18:36:13 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2023-06-14 18:36:13 +0200 |
| commit | f9e82b4ffc5db0c53556bf068ffc8859828163ef (patch) | |
| tree | 6ea55d0492ebb9458fec210c1ec59030e15c3187 /krebs/2configs/cal.nix | |
| parent | e1ec606542ba602f8ebd95fe961a68aa70c012e4 (diff) | |
| parent | ccf29b838bb6865f940597a1bd6e6cb4f3522b0c (diff) | |
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'krebs/2configs/cal.nix')
| -rw-r--r-- | krebs/2configs/cal.nix | 127 |
1 files changed, 105 insertions, 22 deletions
diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix index 90093e8eb..15f0027b3 100644 --- a/krebs/2configs/cal.nix +++ b/krebs/2configs/cal.nix @@ -1,33 +1,116 @@ -{ config, lib, pkgs, ... }: -{ - users.users.testing = { - uid = pkgs.stockholm.lib.genid_uint31 "testing"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.xkey.pubkey - config.krebs.users.lass.pubkey - ]; - packages = [ - pkgs.calendar-cli - pkgs.tmux - ]; - }; +{ config, lib, pkgs, ... }: let + + setupGit = '' + export PATH=${lib.makeBinPath [ + pkgs.coreutils + pkgs.git + ]} + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i /var/lib/radicale/.ssh/id_ed25519' + repo='git@localhost:cal' + cd /var/lib/radicale/collections + if ! test -d .git; then + git init + git config user.name "radicale" + git config user.email "radicale@${config.networking.hostName}" + elif ! url=$(git config remote.origin.url); then + git remote add origin "$repo" + elif test "$url" != "$repo"; then + git remote set-url origin "$repo" + fi + cp ${pkgs.writeText "gitignore" '' + .Radicale.cache + ''} .gitignore + git add .gitignore + ''; - services.xandikos = { + pushCal = pkgs.writeDash "push_cal" '' + ${setupGit} + git fetch origin + git merge --ff-only origin/master || : + ''; + + pushCgit = pkgs.writeDash "push_cgit" '' + ${setupGit} + git push origin master + ''; + +in { + services.radicale = { enable = true; - extraOptions = [ - "--autocreate" - "--defaults" - "--current-user-principal /krebs" - "--dump-dav-xml" - ]; + rights = { + krebs = { + user = ".*"; + collection = ".*"; + permissions = "rRwW"; + }; + }; + settings = { + auth.type = "none"; + server.hosts = [ + "0.0.0.0:5232" + "[::]:5232" + ]; + storage.filesystem_folder = "/var/lib/radicale/collections"; + storage.hook = "${pkgs.writers.writeDash "radicale-hook" '' + set -efu + ${setupGit} + ${pkgs.git}/bin/git add -A + (${pkgs.git}/bin/git diff --cached --quiet || ${pkgs.git}/bin/git commit -m "Changes by \"$1\"") + ${pushCgit} + ''} %(user)s"; + }; }; services.nginx = { enable = true; virtualHosts = { - "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/"; + "calendar.r".locations."/".proxyPass = "http://localhost:5232/"; + }; + }; + krebs.git = { + enable = true; + cgit.settings = { + root-title = "krebs repos"; + }; + rules = with pkgs.stockholm.lib.git; [ + { + user = [ + { + name = "cal"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe1jtHaNFZKmWemWQVEGVYj+s4QGJaL9WYH+wokOZie"; + } + ] ++ (lib.attrValues config.krebs.users); + repo = [ config.krebs.git.repos.cal ]; + perm = push ''refs/heads/master'' [ create merge ]; + } + ]; + repos.cal = { + public = true; + name = "cal"; + hooks = { + post-receive = '' + ${pkgs.git-hooks.irc-announce { + channel = "#xxx"; + refs = [ + "refs/heads/master" + ]; + nick = config.networking.hostName; + server = "irc.r"; + verbose = true; + }} + /run/wrappers/bin/sudo -S -u radicale ${pushCal} + ''; + }; }; }; + krebs.secret.files.calendar = { + path = "/var/lib/radicale/.ssh/id_ed25519"; + owner = { name = "radicale"; }; + source-path = "${<secrets/radicale.id_ed25519>}"; + }; + + security.sudo.extraConfig = '' + git ALL=(radicale) NOPASSWD: ${pushCal} + ''; } |