jolheiser
/
ugit
mirror of https://git.jolheiser.com/ugit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

multiple nix module instances

jolheiser 2025-02-13 18:23:25 -06:00
parent 15c0850bab
commit 4d8423b4b3
No known key found for this signature in database
1 changed files with 99 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
nix/module.nix
View File

@ -8,18 +8,12 @@ let
cfg = config.services.ugit; cfg = config.services.ugit;
pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; }; pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; };
yamlFormat = pkgs.formats.yaml { }; yamlFormat = pkgs.formats.yaml { };
configFile = pkgs.writeText "ugit.yaml" ( instanceOptions =
builtins.readFile (yamlFormat.generate "ugit-yaml" cfg.config)
);
authorizedKeysFile = pkgs.writeText "ugit_keys" (builtins.concatStringsSep "\n" cfg.authorizedKeys);
in
{
options =
let let
inherit (lib) mkEnableOption mkOption types; inherit (lib) mkEnableOption mkOption types;
in in
{ {
services.ugit = { options = {
enable = mkEnableOption "Enable ugit"; enable = mkEnableOption "Enable ugit";
package = mkOption { package = mkOption {
@ -28,6 +22,12 @@ in
default = pkg; default = pkg;
}; };
homeDir = mkOption {
type = types.str;
description = "ugit home directory";
default = "/var/lib/ugit";
};
repoDir = mkOption { repoDir = mkOption {
type = types.str; type = types.str;
description = "where ugit stores repositories"; description = "where ugit stores repositories";
@ -70,11 +70,6 @@ in
description = "Group account under which ugit runs"; description = "Group account under which ugit runs";
}; };
openFirewall = mkOption {
type = types.bool;
default = false;
};
hooks = mkOption { hooks = mkOption {
type = types.listOf ( type = types.listOf (
types.submodule { types.submodule {
@ -95,51 +90,74 @@ in
}; };
}; };
}; };
config = lib.mkIf cfg.enable { in
users.users."${cfg.user}" = { {
home = "/var/lib/ugit"; options = {
services.ugit = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule instanceOptions);
default = { };
description = "Attribute set of ugit instances";
};
};
config = lib.mkIf (cfg != { }) {
users.users = lib.mapAttrs' (
name: instanceCfg:
lib.nameValuePair instanceCfg.user {
home = instanceCfg.homeDir;
createHome = true; createHome = true;
group = "${cfg.group}"; group = instanceCfg.group;
isSystemUser = true; isSystemUser = true;
isNormalUser = false; isNormalUser = false;
description = "user for ugit service"; description = "user for ugit ${name} service";
}; }
users.groups."${cfg.group}" = { }; ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [
8448
8449
];
};
systemd.services = { users.groups = lib.mapAttrs' (name: instanceCfg: lib.nameValuePair instanceCfg.group { }) (
ugit = { lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg
);
systemd.services = lib.mapAttrs' (
name: instanceCfg:
lib.nameValuePair "ugit-${name}" {
ugit =
let
configFile = pkgs.writeText "ugit.yaml" (
builtins.readFile (yamlFormat.generate "ugit-yaml" instanceCfg.config)
);
authorizedKeysFile = pkgs.writeText "ugit_keys" (
builtins.concatStringsSep "\n" instanceCfg.authorizedKeys
);
in
{
enable = true; enable = true;
script = script =
let let
authorizedKeysPath = authorizedKeysPath =
if (builtins.length cfg.authorizedKeys) > 0 then authorizedKeysFile else cfg.authorizedKeysFile; if (builtins.length instanceCfg.authorizedKeys) > 0 then
authorizedKeysFile
else
instanceCfg.authorizedKeysFile;
args = [ args = [
"--config=${configFile}" "--config=${configFile}"
"--repo-dir=${cfg.repoDir}" "--repo-dir=${instanceCfg.repoDir}"
"--ssh.authorized-keys=${authorizedKeysPath}" "--ssh.authorized-keys=${authorizedKeysPath}"
"--ssh.host-key=${cfg.hostKeyFile}" "--ssh.host-key=${instanceCfg.hostKeyFile}"
]; ];
in in
"${cfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}"; "${instanceCfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
path = [ path = [
cfg.package instanceCfg.package
pkgs.git pkgs.git
pkgs.bash pkgs.bash
]; ];
serviceConfig = { serviceConfig = {
User = cfg.user; User = instanceCfg.user;
Group = cfg.group; Group = instanceCfg.group;
Restart = "always"; Restart = "always";
RestartSec = "15"; RestartSec = "15";
WorkingDirectory = "/var/lib/ugit"; WorkingDirectory = instanceCfg.homeDir;
}; };
}; };
ugit-hooks = { ugit-hooks = {
@ -156,17 +174,18 @@ in
hook: hook:
let let
script = pkgs.writeShellScript hook.name hook.content; script = pkgs.writeShellScript hook.name hook.content;
path = "${cfg.repoDir}/hooks/pre-receive.d/${hook.name}"; path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}";
in in
"ln -s ${script} ${path}" "ln -s ${script} ${path}"
) cfg.hooks ) instanceCfg.hooks
) )
); );
in in
"${script}"; "${script}";
}; };
}; };
}; }
) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
systemd.tmpfiles.settings.ugit = builtins.listToAttrs ( systemd.tmpfiles.settings.ugit = builtins.listToAttrs (
map ( map (