krebs/4lib/git.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

{ lib, ... }:

let
  inherit (lib) addNames escapeShellArg makeSearchPath optionalString;

  commands = addNames {
    git-receive-pack = {};
    git-upload-pack = {};
  };

  receive-modes = addNames {
    fast-forward = {};
    non-fast-forward = {};
    create = {};
    delete = {};
    merge = {}; # TODO implement in git.nix
  };

  permissions = {
    fetch = {
      allow-commands = [
        commands.git-upload-pack
      ];
    };

    push = ref: extra-modes: {
      allow-commands = [
        commands.git-receive-pack
        commands.git-upload-pack
      ];
      allow-receive-ref = ref;
      allow-receive-modes = [ receive-modes.fast-forward ] ++ extra-modes;
    };
  };

  refs = {
    master = "refs/heads/master";
    all-heads = "refs/heads/*";
  };

in
commands // receive-modes // permissions // refs