diff options
| -rw-r--r-- | modules/lass/base.nix | 118 | ||||
| -rw-r--r-- | modules/uriel/default.nix | 212 | 
2 files changed, 211 insertions, 119 deletions
| diff --git a/modules/lass/base.nix b/modules/lass/base.nix index d16c4d341..29010dd91 100644 --- a/modules/lass/base.nix +++ b/modules/lass/base.nix @@ -68,124 +68,6 @@      enable = true;      dataDir = "/home/gitolite";      adminPubkey = config.sshKeys.lass.pub; -    #commonHooks = [ -    #  (pkgs.writeText "irc-announce" '' -    #    #! /bin/sh -    #    set -euf - -    #    config_file="$GL_ADMIN_BASE/conf/irc-announce.conf" -    #    if test -f "$config_file"; then -    #      . "$config_file" -    #    fi - -    #    # XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update -    #    #     any relevant gitolite LOCAL_CODE! -    #    # CAVEAT we hope that IRC_NICK is unique -    #    IRC_NICK="''${IRC_NICK-gl$GL_TID}" -    #    IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}" -    #    IRC_SERVER="''${IRC_SERVER-ire.retiolum}" -    #    IRC_PORT="''${IRC_PORT-6667}" - -    #    # for privmsg_cat below -    #    export IRC_CHANNEL - -    #    # collect users that are mentioned in the gitolite configuration -    #    interested_users="$(perl -e ' -    #      do "gl-conf"; -    #      print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} }); -    #    ')" - -    #    # CAVEAT beware of real TABs in grep pattern! -    #    # CAVEAT there will never be more than 42 relevant log entries! -    #    log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^ ]*  $GL_TID ")" -    #    update_log="$(echo "$log" | grep "^[^ ]*  $GL_TID update")" - -    #    # (debug output) -    #    env | sed 's/^/env: /' -    #    echo "$log" | sed 's/^/log: /' - -    #    # see http://gitolite.com/gitolite/dev-notes.html#lff -    #    reponame=$(echo "$update_log" | cut -f 4) -    #    username=$(echo "$update_log" | cut -f 5) -    #    ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||') -    #    old_sha=$(echo "$update_log" | cut -f 8) -    #    new_sha=$(echo "$update_log" | cut -f 9) - -    #    # check if new branch is created -    #    if test $old_sha = 0000000000000000000000000000000000000000; then -    #      # TODO what should we really show? -    #      old_sha=$new_sha^ -    #    fi - -    #    # -    #    git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)" -    #    commit_count=$(echo "$git_log" | wc -l) - -    #    # echo2 and cat2 are used output to both, stdout and stderr -    #    # This is used to see what we send to the irc server. (debug output) -    #    echo2() { echo "$*"; echo "$*" >&2; } -    #    cat2() { tee /dev/stderr; } - -    #    # privmsg_cat transforms stdin to a privmsg -    #    privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } - -    #    # ircin is used to feed the output of netcat back to the "irc client" -    #    # so we can implement expect-like behavior with sed^_^ -    #    # XXX mkselfdestructingtmpfifo would be nice instead of this cruft -    #    tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" -    #    cd "$tmpdir" -    #    mkfifo ircin -    #    trap " -    #      rm ircin -    #      cd '$OLDPWD' -    #      rmdir '$tmpdir' -    #      trap - EXIT INT QUIT -    #    " EXIT INT QUIT - -    #    # -    #    # -    #    # -    #    { -    #      echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" -    #      echo2 "NICK $IRC_NICK" - -    #      # wait for MODE message -    #      sed -n '/^:[^ ]* MODE /q' - -    #      echo2 "JOIN $IRC_CHANNEL" - -    #      echo "$interested_users" \ -    #        | tr ' ' '\n' \ -    #        | grep -v "^$GL_USER" \ -    #        | sed 's/$/: poke/' \ -    #        | privmsg_cat \ -    #        | cat2 - -    #      printf '[13%s] %s pushed %s new commit%s to 6%s %s\n' \ -    #          "$reponame" \ -    #          "$username" \ -    #          "$commit_count" \ -    #          "$(test $commit_count = 1 || echo s)" \ -    #          "$(hostname)" \ -    #          "$ref_name" \ -    #        | privmsg_cat \ -    #        | cat2 - -    #      echo "$git_log" \ -    #        | sed 's/^/14/;s/ / /' \ -    #        | privmsg_cat \ -    #        | cat2 - -    #      echo2 "PART $IRC_CHANNEL" - -    #      # wait for PART confirmation -    #      sed -n '/:'"$IRC_NICK"'![^ ]* PART /q' - -    #      echo2 'QUIT :Gone to have lunch' -    #    } < ircin \ -    #      | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin -    #  '') -    #];    };    services.openssh = { diff --git a/modules/uriel/default.nix b/modules/uriel/default.nix index bfdc02256..9cab8915f 100644 --- a/modules/uriel/default.nix +++ b/modules/uriel/default.nix @@ -19,7 +19,216 @@    ];    nixpkgs = {      url = "https://github.com/Lassulus/nixpkgs"; -    rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb"; +    rev = "b3531eebf625e388d2fa33d56646180236263e74"; +  }; + +  services.gitolite = { +    keys = { +      uriel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1v/N0G7k48thX1vIALTdqrdYUvYM+SvHRq/rCcKLC2 lass@mors"; +      lass = config.sshKeys.lass.pub; +    }; +    config = '' +      repo emse-hsdb +          RW+     =   lass +          R       =   tv +          option hook.post-receive = irc-announce + +      repo pong +          RW+     =   lass +          R       =   tv +          option hook.post-receive = irc-announce + +      repo load-env +          RW+     =   lass +          RW+     =   uriel +          R       =   tv +          option hook.post-receive = irc-announce + +      repo pass +          RW+     =   lass +          RW+     =   uriel + +      repo testing +          RW+     =   @all + +      repo painload +          RW+     =   lass +          R       =   tv +          R       =   makefu + +      repo brain +          RW+     =   lass +          R       =   tv +          R       =   makefu +          option hook.post-receive = irc-announce + +      repo services +          RW+     =   lass +          R       =   tv +          R       =   makefu +          option hook.post-receive = irc-announce + +      repo emse-drywall +          RW+     =   lass +          R       =   tv +          R       =   uriel +          option hook.post-receive = irc-announce + +      repo emse-db +          RW+     =   lass +          R       =   tv +          option hook.post-receive = irc-announce + +      repo config +          RW+     =   lass +          RW+     =   uriel +          R       =   fastpoke +    ''; + +    rc = '' +      %RC = ( +          UMASK                           =>  0077, +          GIT_CONFIG_KEYS                 =>  "", +          LOG_EXTRA                       =>  1, +          ROLES => { +              READERS                     =>  1, +              WRITERS                     =>  1, +          }, +          LOCAL_CODE                =>  "$ENV{HOME}/.gitolite", +          ENABLE => [ +                  'help', +                  'desc', +                  'info', +                  'perms', +                  'writable', +                  'ssh-authkeys', +                  'git-config', +                  'daemon', +                  'gitweb', +                  'repo-specific-hooks', +          ], +      ); +      1; +    ''; + +    hooks.repoSpecific = { +      irc-announce = '' +        #! /bin/sh +        set -euf + +        config_file="$GL_ADMIN_BASE/conf/irc-announce.conf" +        if test -f "$config_file"; then +          . "$config_file" +        fi + +        # XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update +        #     any relevant gitolite LOCAL_CODE! +        # CAVEAT we hope that IRC_NICK is unique +        IRC_NICK="''${IRC_NICK-gl$GL_TID}" +        IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}" +        IRC_SERVER="''${IRC_SERVER-ire.retiolum}" +        IRC_PORT="''${IRC_PORT-6667}" + +        # for privmsg_cat below +        export IRC_CHANNEL + +        # collect users that are mentioned in the gitolite configuration +        interested_users="$(perl -e ' +          do "gl-conf"; +          print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} }); +        ')" + +        # CAVEAT beware of real TABs in grep pattern! +        # CAVEAT there will never be more than 42 relevant log entries! +        log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^ ]*  $GL_TID ")" +        update_log="$(echo "$log" | grep "^[^ ]*  $GL_TID update")" + +        # (debug output) +        env | sed 's/^/env: /' +        echo "$log" | sed 's/^/log: /' + +        # see http://gitolite.com/gitolite/dev-notes.html#lff +        reponame=$(echo "$update_log" | cut -f 4) +        username=$(echo "$update_log" | cut -f 5) +        ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||') +        old_sha=$(echo "$update_log" | cut -f 8) +        new_sha=$(echo "$update_log" | cut -f 9) + +        # check if new branch is created +        if test $old_sha = 0000000000000000000000000000000000000000; then +          # TODO what should we really show? +          old_sha=$new_sha^ +        fi + +        # +        git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)" +        commit_count=$(echo "$git_log" | wc -l) + +        # echo2 and cat2 are used output to both, stdout and stderr +        # This is used to see what we send to the irc server. (debug output) +        echo2() { echo "$*"; echo "$*" >&2; } +        cat2() { tee /dev/stderr; } + +        # privmsg_cat transforms stdin to a privmsg +        privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + +        # ircin is used to feed the output of netcat back to the "irc client" +        # so we can implement expect-like behavior with sed^_^ +        # XXX mkselfdestructingtmpfifo would be nice instead of this cruft +        tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" +        cd "$tmpdir" +        mkfifo ircin +        trap " +          rm ircin +          cd '$OLDPWD' +          rmdir '$tmpdir' +          trap - EXIT INT QUIT +        " EXIT INT QUIT + +        # +        # +        # +        { +          echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" +          echo2 "NICK $IRC_NICK" + +          # wait for MODE message +          sed -n '/^:[^ ]* MODE /q' + +          echo2 "JOIN $IRC_CHANNEL" + +          echo "$interested_users" \ +            | tr ' ' '\n' \ +            | grep -v "^$GL_USER" \ +            | sed 's/$/: poke/' \ +            | privmsg_cat \ +            | cat2 + +          printf '[13%s] %s pushed %s new commit%s to 6%s %s\n' \ +              "$reponame" \ +              "$username" \ +              "$commit_count" \ +              "$(test $commit_count = 1 || echo s)" \ +              "$(hostname)" \ +              "$ref_name" \ +            | privmsg_cat \ +            | cat2 + +          echo "$git_log" \ +            | sed 's/^/14/;s/ / /' \ +            | privmsg_cat \ +            | cat2 + +          echo2 "PART $IRC_CHANNEL" + +          # wait for PART confirmation +          sed -n '/:'"$IRC_NICK"'![^ ]* PART /q' + +          echo2 'QUIT :Gone to have lunch' +        } < ircin \ +          | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin +      ''; +    };    }; @@ -104,6 +313,7 @@    environment.systemPackages = with pkgs; [    ]; +    #users.extraGroups = {    #  loot = {    #    members = [ | 
