summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2020-08-12 22:52:37 +0200
committerlassulus <lassulus@lassul.us>2020-08-12 22:52:37 +0200
commit03939b14e1d5820bee8c43d63b34c6e3e0e5eac4 (patch)
tree0f0c581ff0c6291590b052d4069fbc82312b219b
parentb42fe392f34554315d8aff7c808f73a5eb25badc (diff)
wiki: allow push to git
-rw-r--r--krebs/2configs/wiki.nix70
1 files changed, 44 insertions, 26 deletions
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix
index ad88d666b..e4f05a6e6 100644
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@@ -1,23 +1,37 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
+let
+ setupGit = ''
+ export PATH=${makeBinPath [ pkgs.git ]}
+ export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
+ repo='git@localhost:wiki'
+ cd ${config.krebs.gollum.stateDir}
+ if ! url=$(git config remote.origin.url); then
+ git remote add origin "$repo"
+ elif test "$url" != "$repo"; then
+ git remote set-url origin "$repo"
+ fi
+ '';
+
+ pushGollum = pkgs.writeDash "push_gollum" ''
+ ${setupGit}
+ git fetch origin
+ git merge --ff-only origin/master
+ '';
+
+ pushCgit = pkgs.writeDash "push_cgit" ''
+ ${setupGit}
+ git push origin master
+ '';
+
+in
{
krebs.gollum = {
enable = true;
extraConfig = ''
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
- system('${toString (pkgs.writers.writeDash "push_cgit" ''
- export PATH=${makeBinPath [ pkgs.git ]}
- export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
- repo='git@localhost:wiki'
- cd ${config.krebs.gollum.stateDir}
- if ! url=$(git config remote.origin.url); then
- git remote add origin "$repo"
- elif test "$url" != "$repo"; then
- git remote set-url origin "$repo"
- fi
- git push origin master
- '')}')
+ system('${pushCgit}')
end
'';
};
@@ -47,27 +61,27 @@ with import <stockholm/lib>;
name = "gollum";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6";
}
- config.krebs.users.lass-mors
- ];
+ ] ++ (attrValues config.krebs.users);
repo = [ config.krebs.git.repos.wiki ];
- perm = push ''refs/*'' [ create merge ];
+ perm = push ''refs/heads/master'' [ create merge ];
}
];
repos.wiki = {
public = true;
name = "wiki";
hooks = {
- post-receive = pkgs.git-hooks.irc-announce {
- channel = "#xxx";
- refs = [
- "refs/heads/master"
- "refs/heads/newest"
- "refs/tags/*"
- ];
- nick = config.networking.hostName;
- server = "irc.r";
- verbose = true;
- };
+ post-receive = ''
+ ${pkgs.git-hooks.irc-announce {
+ channel = "#xxx";
+ refs = [
+ "refs/heads/master"
+ ];
+ nick = config.networking.hostName;
+ server = "irc.r";
+ verbose = true;
+ }}
+ /run/wrappers/bin/sudo -S -u gollum ${pushGollum}
+ '';
};
};
};
@@ -77,4 +91,8 @@ with import <stockholm/lib>;
owner = { name = "gollum"; };
source-path = "${<secrets/gollum.id_ed25519>}";
};
+
+ security.sudo.extraConfig = ''
+ git ALL=(gollum) NOPASSWD: ${pushGollum}
+ '';
}