diff options
author | tv <tv@shackspace.de> | 2015-07-24 19:33:20 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-07-24 19:33:20 +0200 |
commit | 54becaa19fcbc11ac709ddaf86e56ee3b736931d (patch) | |
tree | 28357f0dd122e02a96424c0707c35cdc2177ca3a /2configs | |
parent | f4309272e2531a136a40d2332d1bfecec16d9a91 (diff) |
tv git: add restricted repos
Diffstat (limited to '2configs')
-rw-r--r-- | 2configs/tv/git.nix (renamed from 2configs/tv/git-public.nix) | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/2configs/tv/git-public.nix b/2configs/tv/git.nix index 1bf44e0fc..ac1c413c4 100644 --- a/2configs/tv/git-public.nix +++ b/2configs/tv/git.nix @@ -11,7 +11,11 @@ let }; }; - repos = public-repos; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( + public-repos // + optionalAttrs config.tv.identity.self.secure restricted-repos + ); + rules = concatMap make-rules (attrValues repos); public-repos = mapAttrs make-public-repo { @@ -36,6 +40,15 @@ let xintmap = {}; }; + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with users; [ lass makefu ]; + }; + } // + import /root/src/secrets/repos.nix { inherit config lib pkgs users; } + ); + # TODO move users to separate module users = mapAttrs make-user { tv = ../../Zpubkeys/tv_wu.ssh.pub; @@ -57,6 +70,12 @@ let }; }; + make-restricted-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + hooks = {}; # TODO default + }; + make-rules = with git // users; repo: @@ -69,6 +88,11 @@ let user = [ lass makefu uriel ]; repo = [ repo ]; perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; }; make-user = name: pubkey-file: { |