blob: ea9f295142c09c458174c05c766fc225eb1b604b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
{ config, lib, pkgs, ... }:
with pkgs.stockholm.lib;
let
konsens-user = {
name = "konsens";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7";
};
mirror = "git@${config.networking.hostName}:";
defineRepo = {
name, desc, section
}:
let
repo = {
public = true;
name = mkDefault "${name}";
cgit.desc = desc;
cgit.section = section;
hooks = mkDefault {
post-receive = pkgs.git-hooks.irc-announce {
channel = "#xxx";
refs = [
"refs/heads/newest"
"refs/tags/*"
];
nick = config.networking.hostName;
server = "irc.r";
verbose = false;
};
};
};
in {
rules = with git; [
{
user = with config.krebs.users; [
config.krebs.users."${config.networking.hostName}-repo-sync"
lass
makefu
tv
];
repo = [ repo ];
perm = push ''refs/*'' [ non-fast-forward create delete merge ];
}
{
user = [
konsens-user
];
repo = [ repo ];
perm = push "refs/heads/common" [ create merge ];
}
{
user = attrValues config.krebs.users;
repo = [ repo ];
perm = fetch;
}
];
repos."${name}" = repo;
};
sync-repo = {
name,
remotes,
desc ? "mirror for ${name}",
section ? "mirror"
}:
{
krebs.repo-sync.repos.${name} = {
branches = (lib.mapAttrs' (user: url: lib.nameValuePair user {
origin.url = url;
mirror.url = "${mirror}${name}";
}) remotes);
latest = {
url = "${mirror}${name}";
ref = "heads/newest";
};
};
krebs.git = defineRepo { inherit name desc section; };
};
in {
krebs.git = {
enable = true;
cgit.settings = {
root-title = "krebs repos";
root-desc = "keep calm and engage";
};
};
krebs.repo-sync = {
enable = true;
};
krebs.konsens = {
enable = true;
repos = {
stockholm = {};
};
};
krebs.secret.files.konsens = {
path = "/var/lib/konsens/.ssh/id_ed25519";
owner = konsens-user;
source-path = "${<secrets/konsens.id_ed25519>}";
};
imports = [
(sync-repo {
name = "stockholm";
desc = "take all computers hostage, they love it";
section = "configuration";
remotes = {
makefu = "http://cgit.gum.r/stockholm";
tv = "http://cgit.ni.r/stockholm";
lassulus = "http://cgit.orange.r/stockholm";
};
})
({ krebs.git = defineRepo {
name = "krops";
desc = "deployment tools";
section = "deployment";
};})
];
}
|