diff options
| -rwxr-xr-x | bin/genid | 11 | ||||
| -rw-r--r-- | lib/git.nix | 25 | ||||
| -rw-r--r-- | modules/cd/default.nix | 56 | ||||
| -rw-r--r-- | modules/cd/git.nix | 72 | 
4 files changed, 100 insertions, 64 deletions
| diff --git a/bin/genid b/bin/genid new file mode 100755 index 000000000..8e2240746 --- /dev/null +++ b/bin/genid @@ -0,0 +1,11 @@ +#! /bin/sh +# usage: genid NAME +set -euf +name=$1 +hash=$(printf %s "$name" | sha1sum | cut -d\  -f1 | tr a-f A-F) +echo " +  min=2^16  # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix> +  max=2^32  # see 2^(8*sizeof(uid_t)) +  ibase=16 +  ($hash + min) % max +" | bc diff --git a/lib/git.nix b/lib/git.nix index b28d89413..978fabba8 100644 --- a/lib/git.nix +++ b/lib/git.nix @@ -47,12 +47,13 @@ let        gawk        gnused        netcat +      nettools      ])} -    IRC_SERVER="$1" -    IRC_PORT="$2" -    IRC_NICK="$3" -    IRC_CHANNEL="$4" +    IRC_SERVER=$1 +    IRC_PORT=$2 +    IRC_NICK=$3$$ +    IRC_CHANNEL=$4      message=$5      export IRC_CHANNEL # for privmsg_cat @@ -138,15 +139,19 @@ let          # empty_tree=$(git hash-object -t tree /dev/null          empty_tree=4b825dc6 -        id=$(echo $oldrev | cut -b-7) -        id2=$(echo $newrev | cut -b-7) -        if [ $oldrev = $empty ]; then id=$empty_tree; fi -        if [ $newrev = $empty ]; then id2=$empty_tree; fi +        id=$(echo $newrev | cut -b-7) +        id2=$(echo $oldrev | cut -b-7) +        if [ $newrev = $empty ]; then id=$empty_tree; fi +        if [ $oldrev = $empty ]; then id2=$empty_tree; fi          case $receive_mode in            create)              #git log --oneline $id2 -            link="http://cd/cgit/$GIT_SSH_REPO/" +            link="http://cd/cgit/$GIT_SSH_REPO/?h=$h" +            ;; +          delete) +            #git log --oneline $id2 +            link="http://cd/cgit/$GIT_SSH_REPO/ ($h)"              ;;            fast-forward|non-fast-forward)              #git diff --stat $id..$id2 @@ -157,7 +162,7 @@ let          #host=$nick          #$host $GIT_SSH_REPO $ref $link          message="''${message+$message -      }$GIT_SSH_USER $receive_mode pushed $link" +      }$GIT_SSH_USER $receive_mode $link"        done        if test -n "''${message-}"; then diff --git a/modules/cd/default.nix b/modules/cd/default.nix index 7223203a0..5d0d30902 100644 --- a/modules/cd/default.nix +++ b/modules/cd/default.nix @@ -1,9 +1,10 @@ -{ config, lib, pkgs, ... }: +{ pkgs, ... }:  {    imports =      [        <secrets/hashedPasswords.nix> +      ./git.nix        ./iptables.nix        ./networking.nix        ../common/nixpkgs.nix @@ -11,7 +12,6 @@        ../tv/base-cac-CentOS-7-64bit.nix        ../tv/ejabberd.nix # XXX echtes modul        ../tv/exim-smarthost.nix -      ../tv/git        ../tv/retiolum.nix        ../tv/sanitize.nix      ]; @@ -44,58 +44,6 @@      enable = true;    }; -  services.git = -    let -      inherit (builtins) readFile; -      # TODO lib should already include our stuff -      inherit (import ../../lib { inherit lib pkgs; }) addNames git; -    in -    rec { -      enable = true; - -      users = addNames { -        tv = { pubkey = readFile <pubkeys/tv.ssh.pub>; }; -        lass = { pubkey = "xxx"; }; -        makefu = { pubkey = "xxx"; }; -      }; - -      repos = addNames { -        shitment = { -          desc = "shitment repository"; -          hooks = { -            post-receive = git.irc-announce { -              nick = config.networking.hostName; # TODO make this the default -              channel = "#retiolum"; -              server = "ire.retiolum"; -            }; -          }; -          public = true; -        }; -        testing = { -          desc = "testing repository"; -          hooks = { -            post-receive = git.irc-announce { -              nick = config.networking.hostName; # TODO make this the default -              channel = "#repository"; -              server = "ire.retiolum"; -            }; -          }; -          public = true; -        }; -      }; - -      rules = with git; with users; with repos; [ -        { user = tv; -          repo = [ testing shitment ]; -          perm = push master [ non-fast-forward create delete merge ]; -        } -        { user = [ lass makefu ]; -          repo = [ testing shitment ]; -          perm = fetch; -        } -      ]; -    }; -    services.journald.extraConfig = ''      SystemMaxUse=1G      RuntimeMaxUse=128M diff --git a/modules/cd/git.nix b/modules/cd/git.nix new file mode 100644 index 000000000..d7a270463 --- /dev/null +++ b/modules/cd/git.nix @@ -0,0 +1,72 @@ +{ config, lib, pkgs, ... }: + +let +  inherit (builtins) map readFile; +  inherit (lib) concatMap listToAttrs; +  # TODO lib should already include our stuff +  inherit (import ../../lib { inherit lib pkgs; }) addNames git; + +  cd-repos = [ +    (public "cgserver") +    (public "crude-mail-setup") +    (public "dot-xmonad") +    (public "hack") +    (public "load-env") +    (public "make-snapshot") +    (public "mime") +    (public "much") +    (public "nixos-infest") +    (public "painload") +    (public "regfish") +    (public "shitment") +    (public "wai-middleware-time") +    (public "web-routes-wai-custom") +  ]; + +  users = addNames { +    tv = { pubkey = readFile <pubkeys/tv.ssh.pub>; }; +    lass = { pubkey = "xxx"; }; +    makefu = { pubkey = "xxx"; }; +  }; + +  repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) cd-repos); + +  rules = concatMap ({ rules, ... }: rules) cd-repos; + +  public = repo-name: +    rec { +      repo = { +        name = repo-name; +        hooks = { +          post-receive = git.irc-announce { +            nick = config.networking.hostName; # TODO make this the default +            channel = "#retiolum"; +            server = "ire.retiolum"; +          }; +        }; +        public = true; +      }; +      rules = with git; with users; [ +        { user = tv; +          repo = [ repo ]; +          perm = push "refs/*" [ non-fast-forward create delete merge ]; +        } +        { user = [ lass makefu ]; +          repo = [ repo ]; +          perm = fetch; +        } +      ]; +    }; + +in + +{ +  imports = [ +    ../tv/git +  ]; + +  services.git = { +    enable = true; +    inherit repos rules users; +  }; +} | 
