jolheiser
/
ugit
mirror of https://git.jolheiser.com/ugit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix nix module for multiple instances

jolheiser 2025-02-13 20:49:08 -06:00
parent 4d8423b4b3
commit fb9e963b0e
No known key found for this signature in database
1 changed files with 87 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
nix/module.nix
View File

@ -9,6 +9,7 @@ let
pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; }; pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; };
yamlFormat = pkgs.formats.yaml { }; yamlFormat = pkgs.formats.yaml { };
instanceOptions = instanceOptions =
{ name, config, ... }:
let let
inherit (lib) mkEnableOption mkOption types; inherit (lib) mkEnableOption mkOption types;
in in
@ -25,13 +26,13 @@ let
homeDir = mkOption { homeDir = mkOption {
type = types.str; type = types.str;
description = "ugit home directory"; description = "ugit home directory";
default = "/var/lib/ugit"; default = "/var/lib/ugit/${name}";
}; };
repoDir = mkOption { repoDir = mkOption {
type = types.str; type = types.str;
description = "where ugit stores repositories"; description = "where ugit stores repositories";
default = "/var/lib/ugit/repos"; default = "/var/lib/ugit/${name}/repos";
}; };
authorizedKeys = mkOption { authorizedKeys = mkOption {
@ -43,13 +44,13 @@ let
authorizedKeysFile = mkOption { authorizedKeysFile = mkOption {
type = types.str; type = types.str;
description = "path to authorized_keys file ugit uses for auth"; description = "path to authorized_keys file ugit uses for auth";
default = "/var/lib/ugit/authorized_keys"; default = "/var/lib/ugit/${name}/authorized_keys";
}; };
hostKeyFile = mkOption { hostKeyFile = mkOption {
type = types.str; type = types.str;
description = "path to host key file (will be created if it doesn't exist)"; description = "path to host key file (will be created if it doesn't exist)";
default = "/var/lib/ugit/ugit_ed25519"; default = "/var/lib/ugit/${name}/ugit_ed25519";
}; };
config = mkOption { config = mkOption {
@ -60,13 +61,13 @@ let
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "ugit"; default = "ugit-${name}";
description = "User account under which ugit runs"; description = "User account under which ugit runs";
}; };
group = mkOption { group = mkOption {
type = types.str; type = types.str;
default = "ugit"; default = "ugit-${name}";
description = "Group account under which ugit runs"; description = "Group account under which ugit runs";
}; };
@ -116,35 +117,16 @@ in
lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg
); );
systemd.services = lib.mapAttrs' ( systemd.services = lib.foldl' (
name: instanceCfg: acc: name:
lib.nameValuePair "ugit-${name}" {
ugit =
let let
configFile = pkgs.writeText "ugit.yaml" ( instanceCfg = cfg.${name};
builtins.readFile (yamlFormat.generate "ugit-yaml" instanceCfg.config)
);
authorizedKeysFile = pkgs.writeText "ugit_keys" (
builtins.concatStringsSep "\n" instanceCfg.authorizedKeys
);
in in
{ lib.recursiveUpdate acc (
lib.optionalAttrs instanceCfg.enable {
"ugit-${name}" = {
enable = true; enable = true;
script = description = "ugit instance ${name}";
let
authorizedKeysPath =
if (builtins.length instanceCfg.authorizedKeys) > 0 then
authorizedKeysFile
else
instanceCfg.authorizedKeysFile;
args = [
"--config=${configFile}"
"--repo-dir=${instanceCfg.repoDir}"
"--ssh.authorized-keys=${authorizedKeysPath}"
"--ssh.host-key=${instanceCfg.hostKeyFile}"
];
in
"${instanceCfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
path = [ path = [
@ -158,42 +140,72 @@ in
Restart = "always"; Restart = "always";
RestartSec = "15"; RestartSec = "15";
WorkingDirectory = instanceCfg.homeDir; WorkingDirectory = instanceCfg.homeDir;
};
};
ugit-hooks = {
wantedBy = [ "multi-user.target" ];
after = [ "ugit.service" ];
requires = [ "ugit.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = ExecStart =
let let
script = pkgs.writeShellScript "ugit-hooks-link" ( configFile = pkgs.writeText "ugit-${name}.yaml" (
builtins.concatStringsSep "\n" ( builtins.readFile (yamlFormat.generate "ugit-${name}-yaml" instanceCfg.config)
);
authorizedKeysFile = pkgs.writeText "ugit_${name}_keys" (
builtins.concatStringsSep "\n" instanceCfg.authorizedKeys
);
authorizedKeysPath =
if (builtins.length instanceCfg.authorizedKeys) > 0 then
authorizedKeysFile
else
instanceCfg.authorizedKeysFile;
args = [
"--config=${configFile}"
"--repo-dir=${instanceCfg.repoDir}"
"--ssh.authorized-keys=${authorizedKeysPath}"
"--ssh.host-key=${instanceCfg.hostKeyFile}"
];
in
"${instanceCfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
};
};
"ugit-${name}-hooks" = {
description = "Setup hooks for ugit instance ${name}";
wantedBy = [ "multi-user.target" ];
after = [ "ugit-${name}.service" ];
requires = [ "ugit-${name}.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = instanceCfg.user;
Group = instanceCfg.group;
ExecStart =
let
hookDir = "${instanceCfg.repoDir}/hooks/pre-receive.d";
mkHookScript =
hook:
let
script = pkgs.writeShellScript "ugit-${name}-${hook.name}" hook.content;
in
''
mkdir -p ${hookDir}
ln -sf ${script} ${hookDir}/${hook.name}
'';
in
pkgs.writeShellScript "ugit-${name}-hooks-setup" ''
${builtins.concatStringsSep "\n" (map mkHookScript instanceCfg.hooks)}
'';
};
};
}
)
) { } (builtins.attrNames cfg);
systemd.tmpfiles.settings = lib.mapAttrs' (
name: instanceCfg:
builtins.listToAttrs (
map ( map (
hook: hook:
let let
script = pkgs.writeShellScript hook.name hook.content; script = pkgs.writeShellScript hook.name hook.content;
path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}"; path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}";
in in
"ln -s ${script} ${path}"
) instanceCfg.hooks
)
);
in
"${script}";
};
};
}
) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
systemd.tmpfiles.settings.ugit = builtins.listToAttrs (
map (
hook:
let
script = pkgs.writeShellScript hook.name hook.content;
path = "${cfg.repoDir}/hooks/pre-receive.d/${hook.name}";
in
{ {
name = path; name = path;
value = { value = {
@ -202,7 +214,8 @@ in
}; };
}; };
} }
) cfg.hooks ) instanceCfg.hooks
); )
) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
}; };
} }