From d906407a60e24b355489cbea13bb8d5dd0094a3b Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Jun 2015 19:24:11 +0200 Subject: modules/tv/git{.nix -> /default.nix} --- modules/cd/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/cd') diff --git a/modules/cd/default.nix b/modules/cd/default.nix index 1d621e03d..468d20448 100644 --- a/modules/cd/default.nix +++ b/modules/cd/default.nix @@ -11,7 +11,7 @@ ../tv/base-cac-CentOS-7-64bit.nix ../tv/ejabberd.nix # XXX echtes modul ../tv/exim-smarthost.nix - ../tv/git.nix + ../tv/git ../tv/retiolum.nix ../tv/sanitize.nix ]; -- cgit v1.2.3 From 94488da95f3161bc791efa7a5c4d74ce2ebfab21 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Jun 2015 21:21:54 +0200 Subject: lib/git: add irc-announce --- modules/cd/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/cd') diff --git a/modules/cd/default.nix b/modules/cd/default.nix index 468d20448..ac32795ef 100644 --- a/modules/cd/default.nix +++ b/modules/cd/default.nix @@ -48,7 +48,7 @@ let inherit (builtins) readFile; # TODO lib should already include our stuff - inherit (import ../../lib { inherit lib; }) addNames git; + inherit (import ../../lib { inherit lib pkgs; }) addNames git; in rec { enable = true; -- cgit v1.2.3 From 1325e5a6757c5825704e74b641e829c25c810124 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Jun 2015 21:22:21 +0200 Subject: host cd: use irc-announce and cgit --- modules/cd/default.nix | 33 ++++++++++++++++++++------------- modules/cd/iptables.nix | 1 + 2 files changed, 21 insertions(+), 13 deletions(-) (limited to 'modules/cd') diff --git a/modules/cd/default.nix b/modules/cd/default.nix index ac32795ef..7223203a0 100644 --- a/modules/cd/default.nix +++ b/modules/cd/default.nix @@ -59,31 +59,38 @@ makefu = { pubkey = "xxx"; }; }; - # TODO warn about stale repodirs repos = addNames { + shitment = { + desc = "shitment repository"; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; # TODO make this the default + channel = "#retiolum"; + server = "ire.retiolum"; + }; + }; + public = true; + }; testing = { + desc = "testing repository"; hooks = { - update = '' - #! /bin/sh - set -euf - echo update hook: $* >&2 - ''; - post-update = '' - #! /bin/sh - set -euf - echo post-update hook: $* >&2 - ''; + post-receive = git.irc-announce { + nick = config.networking.hostName; # TODO make this the default + channel = "#repository"; + server = "ire.retiolum"; + }; }; + public = true; }; }; rules = with git; with users; with repos; [ { user = tv; - repo = testing; + repo = [ testing shitment ]; perm = push master [ non-fast-forward create delete merge ]; } { user = [ lass makefu ]; - repo = testing; + repo = [ testing shitment ]; perm = fetch; } ]; diff --git a/modules/cd/iptables.nix b/modules/cd/iptables.nix index 48425e8dc..950aa8472 100644 --- a/modules/cd/iptables.nix +++ b/modules/cd/iptables.nix @@ -63,6 +63,7 @@ ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request + ipXtables -A Retiolum -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"} ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset -- cgit v1.2.3