diff options
| -rw-r--r-- | modules/cd/default.nix | 33 | ||||
| -rw-r--r-- | modules/cd/iptables.nix | 1 |
2 files changed, 21 insertions, 13 deletions
diff --git a/modules/cd/default.nix b/modules/cd/default.nix index ac32795e..7223203a 100644 --- a/modules/cd/default.nix +++ b/modules/cd/default.nix @@ -59,31 +59,38 @@ makefu = { pubkey = "xxx"; }; }; - # TODO warn about stale repodirs repos = addNames { + shitment = { + desc = "shitment repository"; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; # TODO make this the default + channel = "#retiolum"; + server = "ire.retiolum"; + }; + }; + public = true; + }; testing = { + desc = "testing repository"; hooks = { - update = '' - #! /bin/sh - set -euf - echo update hook: $* >&2 - ''; - post-update = '' - #! /bin/sh - set -euf - echo post-update hook: $* >&2 - ''; + post-receive = git.irc-announce { + nick = config.networking.hostName; # TODO make this the default + channel = "#repository"; + server = "ire.retiolum"; + }; }; + public = true; }; }; rules = with git; with users; with repos; [ { user = tv; - repo = testing; + repo = [ testing shitment ]; perm = push master [ non-fast-forward create delete merge ]; } { user = [ lass makefu ]; - repo = testing; + repo = [ testing shitment ]; perm = fetch; } ]; diff --git a/modules/cd/iptables.nix b/modules/cd/iptables.nix index 48425e8d..950aa847 100644 --- a/modules/cd/iptables.nix +++ b/modules/cd/iptables.nix @@ -63,6 +63,7 @@ ip4tables -A Retiolum -j ACCEPT -p icmp --icmp-type echo-request ip6tables -A Retiolum -j ACCEPT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request + ipXtables -A Retiolum -j ACCEPT -p tcp --dport http -m conntrack --ctstate NEW ${when log "ipXtables -A Retiolum -j LOG --log-level info --log-prefix 'REJECT '"} ipXtables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset |