summaryrefslogtreecommitdiffstats
path: root/2configs
diff options
context:
space:
mode:
authortv <tv@shackspace.de>2015-07-24 19:33:20 +0200
committertv <tv@shackspace.de>2015-07-24 19:33:20 +0200
commit54becaa19fcbc11ac709ddaf86e56ee3b736931d (patch)
tree28357f0dd122e02a96424c0707c35cdc2177ca3a /2configs
parentf4309272e2531a136a40d2332d1bfecec16d9a91 (diff)
tv git: add restricted repos
Diffstat (limited to '2configs')
-rw-r--r--2configs/tv/git.nix (renamed from 2configs/tv/git-public.nix)26
1 files changed, 25 insertions, 1 deletions
diff --git a/2configs/tv/git-public.nix b/2configs/tv/git.nix
index 1bf44e0fc..ac1c413c4 100644
--- a/2configs/tv/git-public.nix
+++ b/2configs/tv/git.nix
@@ -11,7 +11,11 @@ let
};
};
- repos = public-repos;
+ repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) (
+ public-repos //
+ optionalAttrs config.tv.identity.self.secure restricted-repos
+ );
+
rules = concatMap make-rules (attrValues repos);
public-repos = mapAttrs make-public-repo {
@@ -36,6 +40,15 @@ let
xintmap = {};
};
+ restricted-repos = mapAttrs make-restricted-repo (
+ {
+ brain = {
+ collaborators = with users; [ lass makefu ];
+ };
+ } //
+ import /root/src/secrets/repos.nix { inherit config lib pkgs users; }
+ );
+
# TODO move users to separate module
users = mapAttrs make-user {
tv = ../../Zpubkeys/tv_wu.ssh.pub;
@@ -57,6 +70,12 @@ let
};
};
+ make-restricted-repo = name: { desc ? null, ... }: {
+ inherit name desc;
+ public = false;
+ hooks = {}; # TODO default
+ };
+
make-rules =
with git // users;
repo:
@@ -69,6 +88,11 @@ let
user = [ lass makefu uriel ];
repo = [ repo ];
perm = fetch;
+ } ++
+ optional (length (repo.collaborators or []) > 0) {
+ user = repo.collaborators;
+ repo = [ repo ];
+ perm = fetch;
};
make-user = name: pubkey-file: {