diff options
author | tv <tv@krebsco.de> | 2018-09-06 23:10:09 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-09-06 23:10:09 +0200 |
commit | 03764d6765f8d2734d0960bc75cc6856bf0893d8 (patch) | |
tree | b8cbbdc3a0381b5d1b1d08149c38a6bd5be5e9c5 /jeschli/2configs/git.nix | |
parent | 86466154f11748365cdab50b6ac113bdfd5542be (diff) | |
parent | 96c4ab61202f515c7a361ef76c398e542771d6b4 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'jeschli/2configs/git.nix')
-rw-r--r-- | jeschli/2configs/git.nix | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix new file mode 100644 index 000000000..77602e0f1 --- /dev/null +++ b/jeschli/2configs/git.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + + out = { + services.nginx.enable = true; + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + enable = true; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "Bonbon aus Git - die ganze Nacht"; + }; + krebs-page = { + cgit.desc = "Die Krebs Page"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.krebs.build.host.name; + channel = "#xxx"; + server = "irc.r"; + verbose = true; + branches = [ "master" ]; + }; + }; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ jeschli jeschli-brauerei]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out |