blob: 3e3ef09a81c95cdece3257e32f79e0db53f8f45c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
{ config, lib, pkgs, ... }:
# TODO: remove tv lib :)
with import <stockholm/lib>;
let
repos = pub-repos // priv-repos // krebs-repos // connector-repos // krebsroot-repos;
rules = concatMap krebs-rules (attrValues krebs-repos)
++ concatMap priv-rules (attrValues pub-repos)
++ concatMap priv-rules (attrValues priv-repos)
++ concatMap connector-rules (attrValues connector-repos)
++ concatMap krebsroot-rules (attrValues krebsroot-repos);
krebsroot-repos = mapAttrs make-krebs-repo {
hydra-stockholm = { };
};
pub-repos = mapAttrs make-pub-repo {
yacos-backend = {
cgit.desc = "Yet Another Check-Out System";
};
ebk-notify.cgit.desc = "Ebay Kleinanzeigen Notify";
kalauerbot.cgit.desc = "Kalauer König";
};
krebs-repos = mapAttrs make-krebs-repo {
stockholm = {
cgit.desc = "Make all the systems into 1systems!";
};
stockholm-issues = {
cgit.desc = "Issue tracker";
};
tinc_graphs = {
cgit.desc = "Tinc Advanced Graph Generation";
};
stockholm-init = {
cgit.desc = "Build new Stockholm hosts";
};
cac-api = { };
euer_blog = { };
ampel = { };
europastats = { };
arafetch = { };
disko = { };
init-stockholm = {
cgit.desc = "Init stuff for stockholm";
};
};
priv-repos = mapAttrs make-priv-repo {
autosync = { };
fenkins = { };
pass = { };
secrets = { };
};
connector-repos = mapAttrs make-priv-repo {
connector = { };
minikrebs = { };
mattermost = {
cgit.desc = "Mattermost Docker files";
};
};
# TODO move users to separate module
make-priv-repo = name: { ... }: {
inherit name;
public = false;
};
make-pub-repo = name: { ... }: {
inherit name;
public = true;
};
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = config.krebs.build.host.name == "gum";
channel = "#xxx";
# TODO remove the hardcoded hostname
server = "irc.r";
};
};
};
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv ];
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob makefu-tempx makefu-android ];
all-exco = with config.krebs.users; [ exco ];
priv-rules = repo: set-owners repo all-makefu;
connector-rules = repo: set-owners repo all-makefu ++ set-owners repo all-exco;
krebs-rules = repo:
set-owners repo all-makefu ++ set-ro-access repo krebsminister;
krebsroot-rules = repo:
set-owners repo (all-makefu ++ krebsminister);
set-ro-access = with git; repo: user:
optional repo.public {
inherit user;
repo = [ repo ];
perm = fetch;
};
set-owners = with git;repo: user:
singleton {
inherit user;
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
};
in {
krebs.git = {
enable = true;
cgit = {
settings = {
root-title = "public repositories";
root-desc = "keep on krebsing";
};
};
inherit repos rules;
};
}
|