summaryrefslogtreecommitdiffstats
path: root/jeschli/2configs/git.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-09-06 23:10:09 +0200
committertv <tv@krebsco.de>2018-09-06 23:10:09 +0200
commit03764d6765f8d2734d0960bc75cc6856bf0893d8 (patch)
treeb8cbbdc3a0381b5d1b1d08149c38a6bd5be5e9c5 /jeschli/2configs/git.nix
parent86466154f11748365cdab50b6ac113bdfd5542be (diff)
parent96c4ab61202f515c7a361ef76c398e542771d6b4 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'jeschli/2configs/git.nix')
-rw-r--r--jeschli/2configs/git.nix73
1 files changed, 73 insertions, 0 deletions
diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix
new file mode 100644
index 000000000..77602e0f1
--- /dev/null
+++ b/jeschli/2configs/git.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+
+ out = {
+ services.nginx.enable = true;
+ krebs.git = {
+ enable = true;
+ cgit = {
+ settings = {
+ root-title = "public repositories at ${config.krebs.build.host.name}";
+ root-desc = "keep calm and engage";
+ };
+ enable = true;
+ };
+ repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+ rules = rules;
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+ };
+
+ repos = public-repos;
+
+ rules = concatMap make-rules (attrValues repos);
+
+ public-repos = mapAttrs make-public-repo {
+ stockholm = {
+ cgit.desc = "Bonbon aus Git - die ganze Nacht";
+ };
+ krebs-page = {
+ cgit.desc = "Die Krebs Page";
+ };
+ };
+
+ make-public-repo = name: { cgit ? {}, ... }: {
+ inherit cgit name;
+ public = true;
+ hooks = {
+ post-receive = pkgs.git-hooks.irc-announce {
+ nick = config.krebs.build.host.name;
+ channel = "#xxx";
+ server = "irc.r";
+ verbose = true;
+ branches = [ "master" ];
+ };
+ };
+ };
+
+ make-rules =
+ with git // config.krebs.users;
+ repo:
+ singleton {
+ user = [ jeschli jeschli-brauerei];
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ } ++
+ optional repo.public {
+ user = attrValues config.krebs.users;
+ repo = [ repo ];
+ perm = fetch;
+ } ++
+ optional (length (repo.collaborators or []) > 0) {
+ user = repo.collaborators;
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+in out