1 files changed, 73 insertions, 0 deletions

diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix
new file mode 100644
index 0000000..77602e0
--- /dev/null
+++ b/jeschli/2configs/git.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+
+  out = {
+    services.nginx.enable = true;
+    krebs.git = {
+      enable = true;
+      cgit = {
+        settings = {
+          root-title = "public repositories at ${config.krebs.build.host.name}";
+          root-desc = "keep calm and engage";
+        };
+        enable = true;
+      };
+      repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+      rules = rules;
+    };
+
+    krebs.iptables.tables.filter.INPUT.rules = [
+      { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+    ];
+  };
+
+  repos = public-repos;
+
+  rules = concatMap make-rules (attrValues repos);
+
+  public-repos = mapAttrs make-public-repo {
+    stockholm = {
+      cgit.desc = "Bonbon aus Git - die ganze Nacht";
+    };
+    krebs-page = {
+      cgit.desc = "Die Krebs Page";
+    };
+  };
+
+  make-public-repo = name: { cgit ? {}, ... }: {
+    inherit cgit name;
+    public = true;
+    hooks = {
+      post-receive = pkgs.git-hooks.irc-announce {
+        nick = config.krebs.build.host.name;
+        channel = "#xxx";
+        server = "irc.r";
+        verbose = true; 
+        branches = [ "master" ];
+      };
+    };
+  };
+
+  make-rules =
+    with git // config.krebs.users;
+    repo:
+      singleton {
+        user = [ jeschli jeschli-brauerei];
+        repo = [ repo ];
+        perm = push "refs/*" [ non-fast-forward create delete merge ];
+      } ++
+      optional repo.public {
+        user = attrValues config.krebs.users;
+        repo = [ repo ];
+        perm = fetch;
+      } ++
+      optional (length (repo.collaborators or []) > 0) {
+        user = repo.collaborators;
+        repo = [ repo ];
+        perm = fetch;
+      };
+
+in out