mirror of https://git.jolheiser.com/ugit.git
testing vm
jolheiser
parent
070544ef18
commit
62d71897b8
|
|
@ -2,3 +2,4 @@
|
||||||
.ssh/
|
.ssh/
|
||||||
.ugit/
|
.ugit/
|
||||||
.tsnet/
|
.tsnet/
|
||||||
|
*.qcow2
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@ let
|
||||||
{ name, config, ... }:
|
{ name, config, ... }:
|
||||||
let
|
let
|
||||||
inherit (lib) mkEnableOption mkOption types;
|
inherit (lib) mkEnableOption mkOption types;
|
||||||
|
baseDir = "/var/lib/ugit-${name}";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
|
|
@ -26,13 +27,13 @@ let
|
||||||
homeDir = mkOption {
|
homeDir = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = "ugit home directory";
|
description = "ugit home directory";
|
||||||
default = "/var/lib/${name}";
|
default = baseDir;
|
||||||
};
|
};
|
||||||
|
|
||||||
repoDir = mkOption {
|
repoDir = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = "where ugit stores repositories";
|
description = "where ugit stores repositories";
|
||||||
default = "/var/lib/${name}/repos";
|
default = "${baseDir}/repos";
|
||||||
};
|
};
|
||||||
|
|
||||||
authorizedKeys = mkOption {
|
authorizedKeys = mkOption {
|
||||||
|
|
@ -44,13 +45,13 @@ let
|
||||||
authorizedKeysFile = mkOption {
|
authorizedKeysFile = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = "path to authorized_keys file ugit uses for auth";
|
description = "path to authorized_keys file ugit uses for auth";
|
||||||
default = "/var/lib/${name}/authorized_keys";
|
default = "${baseDir}/authorized_keys";
|
||||||
};
|
};
|
||||||
|
|
||||||
hostKeyFile = mkOption {
|
hostKeyFile = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = "path to host key file (will be created if it doesn't exist)";
|
description = "path to host key file (will be created if it doesn't exist)";
|
||||||
default = "/var/lib/${name}/ugit_ed25519";
|
default = "${baseDir}/ugit_ed25519";
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkOption {
|
config = mkOption {
|
||||||
|
|
@ -223,28 +224,5 @@ in
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
) { } (builtins.attrNames cfg);
|
) { } (builtins.attrNames cfg);
|
||||||
|
|
||||||
systemd.tmpfiles.settings = lib.mapAttrs' (
|
|
||||||
name: instanceCfg:
|
|
||||||
lib.nameValuePair "ugit-${name}" (
|
|
||||||
builtins.listToAttrs (
|
|
||||||
map (
|
|
||||||
hook:
|
|
||||||
let
|
|
||||||
script = pkgs.writeShellScript hook.name hook.content;
|
|
||||||
path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
name = path;
|
|
||||||
value = {
|
|
||||||
"L" = {
|
|
||||||
argument = "${script}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
) instanceCfg.hooks
|
|
||||||
)
|
|
||||||
)
|
|
||||||
) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
64
nix/test.nix
64
nix/test.nix
|
|
@ -1,15 +1,31 @@
|
||||||
{ config, pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
let
|
||||||
|
privKey = ''
|
||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||||
|
QyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQAAAIgAYtkzAGLZ
|
||||||
|
MwAAAAtzc2gtZWQyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQ
|
||||||
|
AAAEDFY3M69VfnFbyE67r3l4lDcf5eht5qgNemE9xtMhRkBkimYu1weEQJ6LWWzqzSQpR6
|
||||||
|
GOlEI/3J6X9zlgIhvkOlAAAAAAECAwQF
|
||||||
|
-----END OPENSSH PRIVATE KEY-----'';
|
||||||
|
pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEimYu1weEQJ6LWWzqzSQpR6GOlEI/3J6X9zlgIhvkOl";
|
||||||
|
sshConfig = ''
|
||||||
|
Host ugit
|
||||||
|
HostName localhost
|
||||||
|
Port 8448
|
||||||
|
User ugit
|
||||||
|
IdentityFile ~/.ssh/vm
|
||||||
|
IdentitiesOnly yes
|
||||||
|
'';
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports = [ ./module.nix ];
|
imports = [ ./module.nix ];
|
||||||
|
environment.systemPackages = with pkgs; [ git ];
|
||||||
users.users.jolheiser = {
|
services.getty.autologinUser = "root";
|
||||||
isNormalUser = true;
|
services.openssh.enable = true;
|
||||||
extraGroups = [ "wheel" ];
|
services.ugit.vm = {
|
||||||
initialPassword = "test";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.ugit = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
|
authorizedKeys = [ pubKey ];
|
||||||
hooks = [
|
hooks = [
|
||||||
{
|
{
|
||||||
name = "pre-receive";
|
name = "pre-receive";
|
||||||
|
|
@ -19,4 +35,34 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
systemd.services."setup-vm" = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
path = with pkgs; [
|
||||||
|
git
|
||||||
|
];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
User = "root";
|
||||||
|
Group = "root";
|
||||||
|
ExecStart =
|
||||||
|
let
|
||||||
|
privSSH = pkgs.writeText "vm-privkey" privKey;
|
||||||
|
sshConfigFile = pkgs.writeText "vm-sshconfig" sshConfig;
|
||||||
|
in
|
||||||
|
pkgs.writeShellScript "setup-vm-script" ''
|
||||||
|
git config --global user.name "NixUser"
|
||||||
|
git config --global user.email "nixuser@example.com"
|
||||||
|
|
||||||
|
mkdir ~/.ssh
|
||||||
|
ln -sf ${sshConfigFile} ~/.ssh/config
|
||||||
|
cp ${privSSH} ~/.ssh/vm
|
||||||
|
chmod 600 ~/.ssh/vm
|
||||||
|
|
||||||
|
mkdir ~/repo
|
||||||
|
cd ~/repo
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue