diff options
-rw-r--r-- | lass/1systems/green/config.nix | 9 | ||||
-rw-r--r-- | lass/2configs/git-brain.nix | 57 |
2 files changed, 66 insertions, 0 deletions
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index d7bf62b40..b41e396c9 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -17,6 +17,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/IM.nix> <stockholm/lass/2configs/muchsync.nix> <stockholm/lass/2configs/pass.nix> + + <stockholm/lass/2configs/git-brain.nix> ]; krebs.build.host = config.krebs.hosts.green; @@ -68,6 +70,13 @@ with import <stockholm/lib>; ]; clearTarget = true; }; + "/var/lib/git" = { + source = "/var/state/git"; + options = [ + "-M ${toString config.users.users.git.uid}" + ]; + clearTarget = true; + }; }; systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' diff --git a/lass/2configs/git-brain.nix b/lass/2configs/git-brain.nix new file mode 100644 index 000000000..1c6f92fcd --- /dev/null +++ b/lass/2configs/git-brain.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; +let + + repos = krebs-repos; + rules = concatMap krebs-rules (attrValues krebs-repos); + + krebs-repos = mapAttrs make-krebs-repo { + brain = { }; + krebs-secrets = { }; + }; + + + make-krebs-repo = with git; name: { cgit ? {}, ... }: { + inherit cgit name; + public = false; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = true; + channel = "#xxx"; + # TODO remove the hardcoded hostname + server = "irc.r"; + }; + }; + }; + + + + # TODO: get the list of all krebsministers + krebsminister = with config.krebs.users; [ makefu tv ]; + krebs-rules = repo: + set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister; + + set-ro-access = with git; repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = fetch; + }; + + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; + +in { + krebs.git = { + enable = true; + cgit = { + enable = false; + }; + inherit repos rules; + }; +} |