mirror of https://git.jolheiser.com/ugit.git
Compare commits
No commits in common. "fb9e963b0e1746438f29b6afbcb5aeeb058e3b77" and "15c0850babc7e714ac9681944d4a0a96b48b728d" have entirely different histories.
fb9e963b0e
...
15c0850bab
230
nix/module.nix
230
nix/module.nix
|
|
@ -8,13 +8,18 @@ let
|
|||
cfg = config.services.ugit;
|
||||
pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; };
|
||||
yamlFormat = pkgs.formats.yaml { };
|
||||
instanceOptions =
|
||||
{ name, config, ... }:
|
||||
configFile = pkgs.writeText "ugit.yaml" (
|
||||
builtins.readFile (yamlFormat.generate "ugit-yaml" cfg.config)
|
||||
);
|
||||
authorizedKeysFile = pkgs.writeText "ugit_keys" (builtins.concatStringsSep "\n" cfg.authorizedKeys);
|
||||
in
|
||||
{
|
||||
options =
|
||||
let
|
||||
inherit (lib) mkEnableOption mkOption types;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.ugit = {
|
||||
enable = mkEnableOption "Enable ugit";
|
||||
|
||||
package = mkOption {
|
||||
|
|
@ -23,16 +28,10 @@ let
|
|||
default = pkg;
|
||||
};
|
||||
|
||||
homeDir = mkOption {
|
||||
type = types.str;
|
||||
description = "ugit home directory";
|
||||
default = "/var/lib/ugit/${name}";
|
||||
};
|
||||
|
||||
repoDir = mkOption {
|
||||
type = types.str;
|
||||
description = "where ugit stores repositories";
|
||||
default = "/var/lib/ugit/${name}/repos";
|
||||
default = "/var/lib/ugit/repos";
|
||||
};
|
||||
|
||||
authorizedKeys = mkOption {
|
||||
|
|
@ -44,13 +43,13 @@ let
|
|||
authorizedKeysFile = mkOption {
|
||||
type = types.str;
|
||||
description = "path to authorized_keys file ugit uses for auth";
|
||||
default = "/var/lib/ugit/${name}/authorized_keys";
|
||||
default = "/var/lib/ugit/authorized_keys";
|
||||
};
|
||||
|
||||
hostKeyFile = mkOption {
|
||||
type = types.str;
|
||||
description = "path to host key file (will be created if it doesn't exist)";
|
||||
default = "/var/lib/ugit/${name}/ugit_ed25519";
|
||||
default = "/var/lib/ugit/ugit_ed25519";
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
|
|
@ -61,16 +60,21 @@ let
|
|||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "ugit-${name}";
|
||||
default = "ugit";
|
||||
description = "User account under which ugit runs";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "ugit-${name}";
|
||||
default = "ugit";
|
||||
description = "Group account under which ugit runs";
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
hooks = mkOption {
|
||||
type = types.listOf (
|
||||
types.submodule {
|
||||
|
|
@ -91,131 +95,95 @@ let
|
|||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.ugit = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.submodule instanceOptions);
|
||||
default = { };
|
||||
description = "Attribute set of ugit instances";
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users."${cfg.user}" = {
|
||||
home = "/var/lib/ugit";
|
||||
createHome = true;
|
||||
group = "${cfg.group}";
|
||||
isSystemUser = true;
|
||||
isNormalUser = false;
|
||||
description = "user for ugit service";
|
||||
};
|
||||
users.groups."${cfg.group}" = { };
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [
|
||||
8448
|
||||
8449
|
||||
];
|
||||
};
|
||||
};
|
||||
config = lib.mkIf (cfg != { }) {
|
||||
users.users = lib.mapAttrs' (
|
||||
name: instanceCfg:
|
||||
lib.nameValuePair instanceCfg.user {
|
||||
home = instanceCfg.homeDir;
|
||||
createHome = true;
|
||||
group = instanceCfg.group;
|
||||
isSystemUser = true;
|
||||
isNormalUser = false;
|
||||
description = "user for ugit ${name} service";
|
||||
}
|
||||
) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
|
||||
|
||||
users.groups = lib.mapAttrs' (name: instanceCfg: lib.nameValuePair instanceCfg.group { }) (
|
||||
lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg
|
||||
);
|
||||
|
||||
systemd.services = lib.foldl' (
|
||||
acc: name:
|
||||
let
|
||||
instanceCfg = cfg.${name};
|
||||
in
|
||||
lib.recursiveUpdate acc (
|
||||
lib.optionalAttrs instanceCfg.enable {
|
||||
"ugit-${name}" = {
|
||||
enable = true;
|
||||
description = "ugit instance ${name}";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
path = [
|
||||
instanceCfg.package
|
||||
pkgs.git
|
||||
pkgs.bash
|
||||
systemd.services = {
|
||||
ugit = {
|
||||
enable = true;
|
||||
script =
|
||||
let
|
||||
authorizedKeysPath =
|
||||
if (builtins.length cfg.authorizedKeys) > 0 then authorizedKeysFile else cfg.authorizedKeysFile;
|
||||
args = [
|
||||
"--config=${configFile}"
|
||||
"--repo-dir=${cfg.repoDir}"
|
||||
"--ssh.authorized-keys=${authorizedKeysPath}"
|
||||
"--ssh.host-key=${cfg.hostKeyFile}"
|
||||
];
|
||||
serviceConfig = {
|
||||
User = instanceCfg.user;
|
||||
Group = instanceCfg.group;
|
||||
Restart = "always";
|
||||
RestartSec = "15";
|
||||
WorkingDirectory = instanceCfg.homeDir;
|
||||
ExecStart =
|
||||
let
|
||||
configFile = pkgs.writeText "ugit-${name}.yaml" (
|
||||
builtins.readFile (yamlFormat.generate "ugit-${name}-yaml" instanceCfg.config)
|
||||
);
|
||||
authorizedKeysFile = pkgs.writeText "ugit_${name}_keys" (
|
||||
builtins.concatStringsSep "\n" instanceCfg.authorizedKeys
|
||||
);
|
||||
|
||||
authorizedKeysPath =
|
||||
if (builtins.length instanceCfg.authorizedKeys) > 0 then
|
||||
authorizedKeysFile
|
||||
else
|
||||
instanceCfg.authorizedKeysFile;
|
||||
args = [
|
||||
"--config=${configFile}"
|
||||
"--repo-dir=${instanceCfg.repoDir}"
|
||||
"--ssh.authorized-keys=${authorizedKeysPath}"
|
||||
"--ssh.host-key=${instanceCfg.hostKeyFile}"
|
||||
];
|
||||
in
|
||||
"${instanceCfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
|
||||
};
|
||||
};
|
||||
|
||||
"ugit-${name}-hooks" = {
|
||||
description = "Setup hooks for ugit instance ${name}";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "ugit-${name}.service" ];
|
||||
requires = [ "ugit-${name}.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
User = instanceCfg.user;
|
||||
Group = instanceCfg.group;
|
||||
ExecStart =
|
||||
let
|
||||
hookDir = "${instanceCfg.repoDir}/hooks/pre-receive.d";
|
||||
mkHookScript =
|
||||
in
|
||||
"${cfg.package}/bin/ugitd ${builtins.concatStringsSep " " args}";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
path = [
|
||||
cfg.package
|
||||
pkgs.git
|
||||
pkgs.bash
|
||||
];
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Restart = "always";
|
||||
RestartSec = "15";
|
||||
WorkingDirectory = "/var/lib/ugit";
|
||||
};
|
||||
};
|
||||
ugit-hooks = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "ugit.service" ];
|
||||
requires = [ "ugit.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart =
|
||||
let
|
||||
script = pkgs.writeShellScript "ugit-hooks-link" (
|
||||
builtins.concatStringsSep "\n" (
|
||||
map (
|
||||
hook:
|
||||
let
|
||||
script = pkgs.writeShellScript "ugit-${name}-${hook.name}" hook.content;
|
||||
script = pkgs.writeShellScript hook.name hook.content;
|
||||
path = "${cfg.repoDir}/hooks/pre-receive.d/${hook.name}";
|
||||
in
|
||||
''
|
||||
mkdir -p ${hookDir}
|
||||
ln -sf ${script} ${hookDir}/${hook.name}
|
||||
'';
|
||||
in
|
||||
pkgs.writeShellScript "ugit-${name}-hooks-setup" ''
|
||||
${builtins.concatStringsSep "\n" (map mkHookScript instanceCfg.hooks)}
|
||||
'';
|
||||
"ln -s ${script} ${path}"
|
||||
) cfg.hooks
|
||||
)
|
||||
);
|
||||
in
|
||||
"${script}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings.ugit = builtins.listToAttrs (
|
||||
map (
|
||||
hook:
|
||||
let
|
||||
script = pkgs.writeShellScript hook.name hook.content;
|
||||
path = "${cfg.repoDir}/hooks/pre-receive.d/${hook.name}";
|
||||
in
|
||||
{
|
||||
name = path;
|
||||
value = {
|
||||
"L" = {
|
||||
argument = "${script}";
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
) { } (builtins.attrNames cfg);
|
||||
|
||||
systemd.tmpfiles.settings = lib.mapAttrs' (
|
||||
name: instanceCfg:
|
||||
builtins.listToAttrs (
|
||||
map (
|
||||
hook:
|
||||
let
|
||||
script = pkgs.writeShellScript hook.name hook.content;
|
||||
path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}";
|
||||
in
|
||||
{
|
||||
name = path;
|
||||
value = {
|
||||
"L" = {
|
||||
argument = "${script}";
|
||||
};
|
||||
};
|
||||
}
|
||||
) instanceCfg.hooks
|
||||
)
|
||||
) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
|
||||
) cfg.hooks
|
||||
);
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue