diff options
author | lassulus <lass@aidsballs.de> | 2015-06-14 19:32:37 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-06-14 19:32:37 +0200 |
commit | 84d5eb4174a5bc64d47736b691d09ded5d167575 (patch) | |
tree | efcd15bfaf9ba1f4a45da57b104c88078769111b /modules/cd/default.nix | |
parent | 35d0fd6164eb5e18f69c353d11ab1e48c066abd3 (diff) | |
parent | bff3b50dddb1bb37831d9f17ca25ccab7f7476fe (diff) |
Merge branch 'master' of nomic:config
Diffstat (limited to 'modules/cd/default.nix')
-rw-r--r-- | modules/cd/default.nix | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/modules/cd/default.nix b/modules/cd/default.nix index 7ceaf71f3..9bb4d0f2a 100644 --- a/modules/cd/default.nix +++ b/modules/cd/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = @@ -11,6 +11,7 @@ ../tv/base-cac-CentOS-7-64bit.nix ../tv/ejabberd.nix # XXX echtes modul ../tv/exim-smarthost.nix + ../tv/git.nix ../tv/retiolum.nix ../tv/sanitize.nix ]; @@ -43,6 +44,40 @@ enable = true; }; + services.git = + let + inherit (builtins) readFile; + # TODO lib should already include our stuff + inherit (import ../../lib { inherit lib; }) addNames git; + in + rec { + enable = true; + + users = addNames { + tv = { pubkey = readFile <pubkeys/tv.ssh.pub>; }; + lass = { pubkey = "xxx"; }; + makefu = { pubkey = "xxx"; }; + }; + + # TODO warn about stale repodirs + repos = addNames { + testing = { + # TODO hooks = { post-receive = ... + }; + }; + + rules = with git; with users; with repos; [ + { user = tv; + repo = testing; + perm = push master [ non-fast-forward create delete merge ]; + } + { user = [ lass makefu ]; + repo = testing; + perm = fetch; + } + ]; + }; + services.journald.extraConfig = '' SystemMaxUse=1G RuntimeMaxUse=128M @@ -61,7 +96,7 @@ services.retiolum = { enable = true; - hosts = /etc/nixos/hosts; + hosts = <retiolum-hosts>; privateKeyFile = "/etc/nixos/secrets/cd.retiolum.rsa_key.priv"; connectTo = [ "fastpoke" |