diff options
| -rw-r--r-- | 2configs/makefu/cgit-retiolum.nix | 44 | ||||
| -rw-r--r-- | 3modules/krebs/default.nix | 3 |
2 files changed, 33 insertions, 14 deletions
diff --git a/2configs/makefu/cgit-retiolum.nix b/2configs/makefu/cgit-retiolum.nix index d5ad35f..7b8e3bc 100644 --- a/2configs/makefu/cgit-retiolum.nix +++ b/2configs/makefu/cgit-retiolum.nix @@ -1,4 +1,5 @@ { config, lib, pkgs, ... }: +# TODO: remove tv lib :) with import ../../4lib/tv { inherit lib pkgs; }; let @@ -7,23 +8,31 @@ let krebs.git = { enable = true; root-title = "public repositories "; - root-desc = "keep calm and enrage"; - inherit repos rules ; + root-desc = "keep on krebsing"; + inherit repos rules; }; }; + repos = priv-repos // krebs-repos ; + rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); - repos = public-repos; - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { + krebs-repos = mapAttrs make-krebs-repo { stockholm = { desc = "take all the computers hostage, they'll love you!"; }; }; + priv-repos = mapAttrs make-priv-repo { + autosync = { }; + }; + + # TODO move users to separate module + make-priv-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + }; - make-public-repo = name: { desc ? null, ... }: { + make-krebs-repo = with git; name: { desc ? null, ... }: { inherit name desc; public = true; hooks = { @@ -35,18 +44,27 @@ let }; }; - make-rules = - with git // config.krebs.users; - repo: + set-owners = with git; repo: user: singleton { - user = makefu; + inherit user; repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ + }; + + set-ro-access = with git; repo: user: optional repo.public { - user = [ lass tv uriel ]; + inherit user; repo = [ repo ]; perm = fetch; }; + # TODO: get the list of all krebsministers + krebsminister = with config.krebs.users; [ lass tv uriel ]; + + priv-rules = with config.krebs.users; repo: + set-owners repo [ makefu ]; + + krebs-rules = with config.krebs.users; repo: + set-owners repo [ makefu ] ++ set-ro-access repo krebsminister ; + in out diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index d32143b..b9b6bcf 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -197,7 +197,7 @@ let }; }; - makefu-imp = { + makefu-imp = { hosts = addNames { pnp = { cores = 1; @@ -226,6 +226,7 @@ let }; users = addNames { makefu = { + mail = "root@euer.krebsco.de"; pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub; }; }; |