From 873f1cdef62292639db6624eddb4bce24f1e2100 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 4 Oct 2015 14:20:12 +0200 Subject: lass 2: rename new-repos.nix to git.nix --- lass/1systems/cloudkrebs.nix | 2 +- lass/1systems/mors.nix | 2 +- lass/1systems/uriel.nix | 2 +- lass/2configs/git.nix | 83 ++++++++++++++++++++++++++++++++++++++++++++ lass/2configs/new-repos.nix | 83 -------------------------------------------- 5 files changed, 86 insertions(+), 86 deletions(-) create mode 100644 lass/2configs/git.nix delete mode 100644 lass/2configs/new-repos.nix (limited to 'lass') diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 2a6a70ff..0aca2146 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -13,7 +13,7 @@ in { ../2configs/base.nix ../2configs/retiolum.nix ../2configs/fastpoke-pages.nix - ../2configs/new-repos.nix + ../2configs/git.nix ../2configs/realwallpaper.nix { networking.interfaces.enp2s1.ip4 = [ diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 414afcbb..5cc03501 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -17,7 +17,7 @@ ../2configs/binary-caches.nix #../2configs/ircd.nix ../2configs/chromium-patched.nix - ../2configs/new-repos.nix + ../2configs/git.nix #../../2configs/tv/synaptics.nix ../2configs/retiolum.nix ../2configs/wordpress.nix diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index bd3770b4..62338d05 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -9,7 +9,7 @@ with builtins; ../2configs/pass.nix ../2configs/urxvt.nix ../2configs/bird.nix - ../2configs/new-repos.nix + ../2configs/git.nix ../2configs/chromium-patched.nix ../2configs/retiolum.nix ../2configs/bitlbee.nix diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix new file mode 100644 index 00000000..78e6f0ba --- /dev/null +++ b/lass/2configs/git.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: + +with import ../../tv/4lib { inherit lib pkgs; }; + +let + + out = { + krebs.git = { + enable = true; + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = + public-repos // + optionalAttrs config.krebs.build.host.secure restricted-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + painload = {}; + stockholm = { + desc = "take all the computers hostage, they'll love you!"; + }; + wai-middleware-time = {}; + web-routes-wai-custom = {}; + }; + + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with config.krebs.users; [ tv makefu ]; + }; + } // + import /root/src/secrets/repos.nix { inherit config lib pkgs; } + ); + + make-public-repo = name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = git.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "cd.retiolum"; + verbose = config.krebs.build.host.name == "cloudkrebs"; + }; + }; + }; + + make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: { + inherit name collaborators desc; + public = false; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = [ tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/lass/2configs/new-repos.nix b/lass/2configs/new-repos.nix deleted file mode 100644 index 78e6f0ba..00000000 --- a/lass/2configs/new-repos.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ../../tv/4lib { inherit lib pkgs; }; - -let - - out = { - krebs.git = { - enable = true; - root-title = "public repositories at ${config.krebs.build.host.name}"; - root-desc = "keep calm and engage"; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; - rules = rules; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } - ]; - }; - - repos = - public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - painload = {}; - stockholm = { - desc = "take all the computers hostage, they'll love you!"; - }; - wai-middleware-time = {}; - web-routes-wai-custom = {}; - }; - - restricted-repos = mapAttrs make-restricted-repo ( - { - brain = { - collaborators = with config.krebs.users; [ tv makefu ]; - }; - } // - import /root/src/secrets/repos.nix { inherit config lib pkgs; } - ); - - make-public-repo = name: { desc ? null, ... }: { - inherit name desc; - public = true; - hooks = { - post-receive = git.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "cd.retiolum"; - verbose = config.krebs.build.host.name == "cloudkrebs"; - }; - }; - }; - - make-restricted-repo = name: { collaborators ? [], desc ? null, ... }: { - inherit name collaborators desc; - public = false; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = lass; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = [ tv makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } ++ - optional (length (repo.collaborators or []) > 0) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -in out -- cgit v1.2.3