summaryrefslogtreecommitdiffstats
path: root/krebs/2configs/repo-sync.nix
blob: 1b72924a6b3ba002ae534126625e6073855d0ef4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
{ config, lib, pkgs, ... }:
with import ../../lib/pure.nix { inherit lib; };

let
  konsens-user = {
    name = "konsens";
    pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7";
  };
  mirror = "git@${config.networking.hostName}:";

  defineRepo = {
    name, desc, section
  }:
  let
    repo = {
      public = true;
      name = mkDefault "${name}";
      cgit.desc = desc;
      cgit.section = section;
      hooks = mkDefault {
        post-receive = pkgs.git-hooks.irc-announce {
          channel = "#xxx";
          refs = [
            "refs/heads/newest"
            "refs/tags/*"
          ];
          nick = config.networking.hostName;
          server = "irc.r";
          verbose = false;
        };
      };
    };
  in {
    rules = with git; [
      {
        user = with config.krebs.users; [
          config.krebs.users."${config.networking.hostName}-repo-sync"
          lass
          makefu
          tv
        ];
        repo = [ repo ];
        perm = push ''refs/*'' [ non-fast-forward create delete merge ];
      }
      {
        user = [
          konsens-user
        ];
        repo = [ repo ];
        perm = push "refs/heads/common" [ create merge ];
      }
      {
        user = attrValues config.krebs.users;
        repo = [ repo ];
        perm = fetch;
      }
    ];
    repos."${name}" = repo;
  };

  sync-repo = {
    name,
    remotes,
    desc ? "mirror for ${name}",
    section ? "mirror"
  }:
    {
      krebs.repo-sync.repos.${name} = {
        branches = (lib.mapAttrs' (user: url: lib.nameValuePair user {
          origin.url = url;
          mirror.url = "${mirror}${name}";
        }) remotes);
        latest = {
          url = "${mirror}${name}";
          ref = "heads/newest";
        };
      };
      krebs.git = defineRepo { inherit name desc section; };
    };

in {
  krebs.git = {
    enable = true;
    cgit.settings = {
      root-title = "krebs repos";
      root-desc = "keep calm and engage";
    };
  };
  krebs.repo-sync = {
    enable = true;
  };
  krebs.konsens = {
    enable = true;
    repos = {
      stockholm = {};
    };
  };
  krebs.secret.files.konsens = {
    path = "/var/lib/konsens/.ssh/id_ed25519";
    owner = konsens-user;
    source-path = "${<secrets/konsens.id_ed25519>}";
  };

  imports = [
    (sync-repo {
      name = "stockholm";
      desc = "take all computers hostage, they love it";
      section = "configuration";
      remotes = {
        makefu = "http://cgit.gum.r/stockholm";
        tv = "http://cgit.ni.r/stockholm";
        lassulus = "http://cgit.orange.r/stockholm";
      };
    })
    ({ krebs.git = defineRepo {
      name = "krops";
      desc = "deployment tools";
      section = "deployment";
    };})
  ];
}