diff options
author | makefu <github@syntax-fehler.de> | 2017-02-04 14:31:47 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2017-02-04 14:31:47 +0100 |
commit | d6c9edd9dc860d560d4ea7a727962aaf93d09322 (patch) | |
tree | aefb49a9372b959cd722bdfcf51001783cda8bb1 /nin/2configs | |
parent | d2df5375e705e55764b4cacd4ea32dffcb4c6041 (diff) | |
parent | 8daef993dcb6149a02c72a4895d6e808a6c6a8d4 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'nin/2configs')
-rw-r--r-- | nin/2configs/default.nix | 17 | ||||
-rw-r--r-- | nin/2configs/git.nix | 70 |
2 files changed, 85 insertions, 2 deletions
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index e181a6041..a1ed76d98 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -46,6 +46,12 @@ with import <stockholm/lib>; SSL_CERT_FILE = ca-bundle; }; }) + { + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; + } ]; networking.hostName = config.krebs.build.host.name; @@ -58,7 +64,10 @@ with import <stockholm/lib>; user = config.krebs.users.nin; source = let inherit (config.krebs.build) host; in { nixos-config.symlink = "stockholm/nin/1systems/${host.name}.nix"; - secrets.file = "/home/nin/secrets/${host.name}"; + secrets.file = + if getEnv "dummy_secrets" == "true" + then toString <stockholm/nin/6tests/dummysecrets> + else "/home/nin/secrets/${host.name}"; stockholm.file = getEnv "PWD"; }; }; @@ -82,11 +91,14 @@ with import <stockholm/lib>; # multiple-definition-problem when defining environment.variables.EDITOR environment.extraInit = '' EDITOR=vim - MANPAGER=most ''; nixpkgs.config.allowUnfree = true; + environment.shellAliases = { + gs = "git status"; + }; + environment.systemPackages = with pkgs; [ #stockholm git @@ -95,6 +107,7 @@ with import <stockholm/lib>; proot populate p7zip + termite unzip unrar hashPassword diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix new file mode 100644 index 000000000..39f919e79 --- /dev/null +++ b/nin/2configs/git.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + + out = { + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "take all the computers hostage, they'll love you!"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "ni.r"; + verbose = config.krebs.build.host.name == "onondaga"; + # TODO define branches in some kind of option per repo + branches = [ "master" ]; + }; + }; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ nin ]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out |