jolheiser
/
ugit
mirror of https://git.jolheiser.com/ugit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jolheiser:15c0850babc7e714ac9681944d4a0a96b48b728d
Branches Tags
jolheiser:main
jolheiser:tui
jolheiser:form
jolheiser:ffdhall
..
compare: jolheiser:fb9e963b0e1746438f29b6afbcb5aeeb058e3b77
Branches Tags
jolheiser:main
jolheiser:tui
jolheiser:form
jolheiser:ffdhall

2 Commits
15c0850bab ... fb9e963b0e

Author SHA1 Message Date
jolheiser fb9e963b0e
fix nix module for multiple instances 2025-02-13 20:52:18 -06:00
jolheiser 4d8423b4b3
multiple nix module instances 2025-02-13 20:49:41 -06:00
1 changed files with 131 additions and 99 deletions
Show Stats Expand all files Collapse all files

230
nix/module.nix
View File

@ -8,18 +8,13 @@ let
cfg = config.services.ugit; cfg = config.services.ugit;
pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; }; pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; };
yamlFormat = pkgs.formats.yaml { }; yamlFormat = pkgs.formats.yaml { };
configFile = pkgs.writeText "ugit.yaml" ( instanceOptions =
builtins.readFile (yamlFormat.generate "ugit-yaml" cfg.config) { name, config, ... }:
);
authorizedKeysFile = pkgs.writeText "ugit_keys" (builtins.concatStringsSep "\n" cfg.authorizedKeys);
in
{
options =
let let
inherit (lib) mkEnableOption mkOption types; inherit (lib) mkEnableOption mkOption types;
in in
{ {
services.ugit = { options = {
enable = mkEnableOption "Enable ugit"; enable = mkEnableOption "Enable ugit";
package = mkOption { package = mkOption {
@ -28,10 +23,16 @@ in
default = pkg; default = pkg;
}; };
homeDir = mkOption {
type = types.str;
description = "ugit home directory";
default = "/var/lib/ugit/${name}";
};
repoDir = mkOption { repoDir = mkOption {
type = types.str; type = types.str;
description = "where ugit stores repositories"; description = "where ugit stores repositories";
default = "/var/lib/ugit/repos"; default = "/var/lib/ugit/${name}/repos";
}; };
authorizedKeys = mkOption { authorizedKeys = mkOption {
@ -43,13 +44,13 @@ in
authorizedKeysFile = mkOption { authorizedKeysFile = mkOption {
type = types.str; type = types.str;
description = "path to authorized_keys file ugit uses for auth"; description = "path to authorized_keys file ugit uses for auth";
default = "/var/lib/ugit/authorized_keys"; default = "/var/lib/ugit/${name}/authorized_keys";
}; };
hostKeyFile = mkOption { hostKeyFile = mkOption {
type = types.str; type = types.str;
description = "path to host key file (will be created if it doesn't exist)"; description = "path to host key file (will be created if it doesn't exist)";
default = "/var/lib/ugit/ugit_ed25519"; default = "/var/lib/ugit/${name}/ugit_ed25519";
}; };
config = mkOption { config = mkOption {
@ -60,21 +61,16 @@ in
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "ugit"; default = "ugit-${name}";
description = "User account under which ugit runs"; description = "User account under which ugit runs";
}; };
group = mkOption { group = mkOption {
type = types.str; type = types.str;
default = "ugit"; default = "ugit-${name}";
description = "Group account under which ugit runs"; description = "Group account under which ugit runs";
}; };
openFirewall = mkOption {
type = types.bool;
default = false;
};
hooks = mkOption { hooks = mkOption {
type = types.listOf ( type = types.listOf (
types.submodule { types.submodule {
@ -95,95 +91,131 @@ in
}; };
}; };
}; };
config = lib.mkIf cfg.enable { in
users.users."${cfg.user}" = { {
home = "/var/lib/ugit"; options = {
createHome = true; services.ugit = lib.mkOption {
group = "${cfg.group}"; type = lib.types.attrsOf (lib.types.submodule instanceOptions);
isSystemUser = true; default = { };
isNormalUser = false; description = "Attribute set of ugit instances";
description = "user for ugit service";
};
users.groups."${cfg.group}" = { };
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [
8448
8449
];
}; };
};
config = lib.mkIf (cfg != { }) {
users.users = lib.mapAttrs' (
name: instanceCfg:
lib.nameValuePair instanceCfg.user {
home = instanceCfg.homeDir;
createHome = true;
group = instanceCfg.group;
isSystemUser = true;
isNormalUser = false;
description = "user for ugit ${name} service";
}
) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
systemd.services = { users.groups = lib.mapAttrs' (name: instanceCfg: lib.nameValuePair instanceCfg.group { }) (
ugit = { lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg
enable = true; );
script =
let systemd.services = lib.foldl' (
authorizedKeysPath = acc: name:
if (builtins.length cfg.authorizedKeys) > 0 then authorizedKeysFile else cfg.authorizedKeysFile; let
args = [ instanceCfg = cfg.${name};
"--config=${configFile}" in
"--repo-dir=${cfg.repoDir}" lib.recursiveUpdate acc (
"--ssh.authorized-keys=${authorizedKeysPath}" lib.optionalAttrs instanceCfg.enable {
"--ssh.host-key=${cfg.hostKeyFile}" "ugit-${name}" = {
enable = true;
description = "ugit instance ${name}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
path = [
instanceCfg.package
pkgs.git
pkgs.bash
]; ];
in serviceConfig = {
"${cfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}"; User = instanceCfg.user;
wantedBy = [ "multi-user.target" ]; Group = instanceCfg.group;
after = [ "network.target" ]; Restart = "always";
path = [ RestartSec = "15";
cfg.package WorkingDirectory = instanceCfg.homeDir;
pkgs.git ExecStart =
pkgs.bash let
]; configFile = pkgs.writeText "ugit-${name}.yaml" (
serviceConfig = { builtins.readFile (yamlFormat.generate "ugit-${name}-yaml" instanceCfg.config)
User = cfg.user; );
Group = cfg.group; authorizedKeysFile = pkgs.writeText "ugit_${name}_keys" (
Restart = "always"; builtins.concatStringsSep "\n" instanceCfg.authorizedKeys
RestartSec = "15"; );
WorkingDirectory = "/var/lib/ugit";
}; authorizedKeysPath =
}; if (builtins.length instanceCfg.authorizedKeys) > 0 then
ugit-hooks = { authorizedKeysFile
wantedBy = [ "multi-user.target" ]; else
after = [ "ugit.service" ]; instanceCfg.authorizedKeysFile;
requires = [ "ugit.service" ]; args = [
serviceConfig = { "--config=${configFile}"
Type = "oneshot"; "--repo-dir=${instanceCfg.repoDir}"
ExecStart = "--ssh.authorized-keys=${authorizedKeysPath}"
let "--ssh.host-key=${instanceCfg.hostKeyFile}"
script = pkgs.writeShellScript "ugit-hooks-link" ( ];
builtins.concatStringsSep "\n" ( in
map ( "${instanceCfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
};
};
"ugit-${name}-hooks" = {
description = "Setup hooks for ugit instance ${name}";
wantedBy = [ "multi-user.target" ];
after = [ "ugit-${name}.service" ];
requires = [ "ugit-${name}.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = instanceCfg.user;
Group = instanceCfg.group;
ExecStart =
let
hookDir = "${instanceCfg.repoDir}/hooks/pre-receive.d";
mkHookScript =
hook: hook:
let let
script = pkgs.writeShellScript hook.name hook.content; script = pkgs.writeShellScript "ugit-${name}-${hook.name}" hook.content;
path = "${cfg.repoDir}/hooks/pre-receive.d/${hook.name}";
in in
"ln -s ${script} ${path}" ''
) cfg.hooks mkdir -p ${hookDir}
) ln -sf ${script} ${hookDir}/${hook.name}
); '';
in in
"${script}"; pkgs.writeShellScript "ugit-${name}-hooks-setup" ''
}; ${builtins.concatStringsSep "\n" (map mkHookScript instanceCfg.hooks)}
}; '';
};
systemd.tmpfiles.settings.ugit = builtins.listToAttrs (
map (
hook:
let
script = pkgs.writeShellScript hook.name hook.content;
path = "${cfg.repoDir}/hooks/pre-receive.d/${hook.name}";
in
{
name = path;
value = {
"L" = {
argument = "${script}";
}; };
}; };
} }
) cfg.hooks )
); ) { } (builtins.attrNames cfg);
systemd.tmpfiles.settings = lib.mapAttrs' (
name: instanceCfg:
builtins.listToAttrs (
map (
hook:
let
script = pkgs.writeShellScript hook.name hook.content;
path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}";
in
{
name = path;
value = {
"L" = {
argument = "${script}";
};
};
}
) instanceCfg.hooks
)
) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
}; };
} }