diff options
author | tv <tv@krebsco.de> | 2023-09-11 14:55:04 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2023-09-11 14:55:04 +0200 |
commit | 8fc162ee3d9525a2b45346a1ca8f34ccb5ef971b (patch) | |
tree | aa37724dd0452860d4b9b033332587c8832629e3 /lass/2configs/git.nix | |
parent | 90b1515dcd5b67a85cd92901fb211764b1fa5f83 (diff) | |
parent | 083229d0211096daec08673f743ccc45b1d8a0ac (diff) |
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'lass/2configs/git.nix')
-rw-r--r-- | lass/2configs/git.nix | 206 |
1 files changed, 0 insertions, 206 deletions
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix deleted file mode 100644 index 16260b77b..000000000 --- a/lass/2configs/git.nix +++ /dev/null @@ -1,206 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - - out = { - services.nginx.enable = true; - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - }; - }; - repos = repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - - system.activationScripts.spool-chmod = '' - ${pkgs.coreutils}/bin/chmod +x /var/spool - ''; - }; - - cgit-clear-cache = pkgs.cgit-clear-cache.override { - inherit (config.krebs.git.cgit.settings) cache-root; - }; - - repos = - public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - Reaktor = { - cgit.desc = "Reaktor IRC bot"; - cgit.section = "software"; - }; - buildbot-classic = { - cgit.desc = "fork of buildbot"; - cgit.section = "software"; - }; - cholerab = { - cgit.desc = "krebs thesauron & enterprise-patterns"; - cgit.section = "documentation"; - }; - disko = { - cgit.desc = "take a description of your disk layout and produce a format script"; - cgit.section = "software"; - }; - go = { - cgit.desc = "url shortener"; - cgit.section = "software"; - }; - grib2json-bin = { - cgit.desc = "build jar of grib2json"; - cgit.section = "deployment"; - }; - krebspage = { - cgit.desc = "homepage of krebs"; - cgit.section = "configuration"; - }; - krops = { - cgit.desc = "krebs deployment"; - cgit.section = "software"; - }; - news = { - cgit.desc = "take a rss feed and a timeout and print it to stdout"; - cgit.section = "software"; - }; - newsbot-js = { - cgit.desc = "print rss feeds to irc channels"; - cgit.section = "software"; - }; - nix-user-chroot = { - cgit.desc = "Fork of nix-user-chroot by lethalman"; - cgit.section = "software"; - }; - nix-writers = { - cgit.desc = "high level writers for nix"; - cgit.section = "software"; - }; - nixos-generators = { - cgit.desc = "custom image builders"; - cgit.section = "software"; - }; - nixpkgs = { - cgit.desc = "nixpkgs fork"; - cgit.section = "configuration"; - }; - populate = { - cgit.section = "software"; - }; - reaktor2 = { - cgit.desc = "irc bot"; - cgit.section = "software"; - }; - stockholm = { - cgit.desc = "take all the computers hostage, they'll love you!"; - cgit.section = "configuration"; - }; - stockholm-issues = { - cgit.desc = "stockholm issues"; - cgit.section = "issues"; - }; - the_playlist = { - cgit.desc = "Good Music collection + tools"; - cgit.section = "art"; - }; - workadventure-nix = { - cgit.desc = "Nix packaging for workadventure"; - cgit.section = "deployment"; - }; - xmonad-stockholm = { - cgit.desc = "krebs xmonad modules"; - cgit.section = "configuration"; - }; - } // mapAttrs make-public-repo-silent { - }; - - restricted-repos = mapAttrs make-restricted-repo ( - { - brain = { - collaborators = with config.krebs.users; [ tv makefu ]; - announce = true; - }; - } // - import <secrets/repos.nix> { inherit config lib pkgs; } - ); - - make-public-repo = name: { cgit ? {}, collaborators ? [], ... }: { - inherit cgit collaborators name; - public = true; - hooks = { - post-receive = '' - ${pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#xxx"; - # TODO define refs in some kind of option per repo - server = "irc.r"; - verbose = config.krebs.build.host.name == "orange"; - }} - ${cgit-clear-cache}/bin/cgit-clear-cache - ''; - }; - }; - - make-public-repo-silent = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - }; - - make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? true, hooks ? {}, ... }: { - inherit admins collaborators name; - public = false; - hooks = { - post-receive = '' - ${optionalString announce (pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#xxx"; - # TODO define refs in some kind of option per repo - refs = [ - "refs/heads/master" - "refs/heads/staging*" - ]; - server = "irc.r"; - verbose = false; - })} - ${cgit-clear-cache}/bin/cgit-clear-cache - ''; - } // hooks; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ lass lass-green ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional (length (repo.admins or []) > 0) { - user = repo.admins; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - }; - -in out |