summaryrefslogtreecommitdiffstats
path: root/lass/2configs/new-repos.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs/new-repos.nix')
-rw-r--r--lass/2configs/new-repos.nix83
1 files changed, 0 insertions, 83 deletions
diff --git a/lass/2configs/new-repos.nix b/lass/2configs/new-repos.nix
deleted file mode 100644
index 78e6f0baa..000000000
--- a/lass/2configs/new-repos.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import ../../tv/4lib { inherit lib pkgs; };
-
-let
-
- out = {
- krebs.git = {
- enable = true;
- root-title = "public repositories at ${config.krebs.build.host.name}";
- root-desc = "keep calm and engage";
- repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
- rules = rules;
- };
-
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
- ];
- };
-
- repos =
- public-repos //
- optionalAttrs config.krebs.build.host.secure restricted-repos;
-
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
- painload = {};
- stockholm = {
- desc = "take all the computers hostage, they'll love you!";
- };
- wai-middleware-time = {};
- web-routes-wai-custom = {};
- };
-
- restricted-repos = mapAttrs make-restricted-repo (
- {
- brain = {
- collaborators = with config.krebs.users; [ tv makefu ];
- };
- } //
- import /root/src/secrets/repos.nix { inherit config lib pkgs; }
- );
-
- make-public-repo = name: { desc ? null, ... }: {
- inherit name desc;
- public = true;
- hooks = {
- post-receive = git.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#retiolum";
- server = "cd.retiolum";
- verbose = config.krebs.build.host.name == "cloudkrebs";
- };
- };
- };
-
- make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: {
- inherit name collaborators desc;
- public = false;
- };
-
- make-rules =
- with git // config.krebs.users;
- repo:
- singleton {
- user = lass;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
- optional repo.public {
- user = [ tv makefu uriel ];
- repo = [ repo ];
- perm = fetch;
- } ++
- optional (length (repo.collaborators or []) > 0) {
- user = repo.collaborators;
- repo = [ repo ];
- perm = fetch;
- };
-
-in out