stockholm/krebs/2configs/wiki.nix

106 lines
2.6 KiB
Nix
Raw Normal View History

{ config, pkgs, ... }:
with import <stockholm/lib>;
2020-08-12 22:52:37 +02:00
let
2020-08-12 22:52:37 +02:00
setupGit = ''
export PATH=${makeBinPath [ pkgs.git ]}
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.services.gollum.stateDir}/.ssh/id_ed25519'
2020-08-12 22:52:37 +02:00
repo='git@localhost:wiki'
cd ${config.services.gollum.stateDir}
2020-08-12 22:52:37 +02:00
if ! url=$(git config remote.origin.url); then
git remote add origin "$repo"
elif test "$url" != "$repo"; then
git remote set-url origin "$repo"
fi
'';
pushGollum = pkgs.writeDash "push_gollum" ''
${setupGit}
git fetch origin
git merge --ff-only origin/master
'';
pushCgit = pkgs.writeDash "push_cgit" ''
${setupGit}
git push origin master
'';
in
{
2021-06-09 11:37:27 +02:00
services.gollum = {
enable = true;
2021-12-10 18:09:44 +01:00
address = "::1";
extraConfig = ''
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
2020-08-12 22:52:37 +02:00
system('${pushCgit}')
end
'';
};
2021-06-09 11:37:56 +02:00
systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8";
2021-12-09 14:30:25 +01:00
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme.certs."wiki.r".server = config.krebs.ssl.acmeURL;
services.nginx = {
enable = true;
2021-12-09 14:30:25 +01:00
virtualHosts."wiki.r" = {
enableACME = true;
addSSL = true;
locations."/" = {
2021-12-10 18:09:44 +01:00
proxyPass = "http://[::1]:${toString config.services.gollum.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
};
krebs.git = {
enable = true;
cgit.settings = {
root-title = "krebs repos";
};
rules = with git; [
{
user = [
{
name = "gollum";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6";
}
2020-08-12 22:52:37 +02:00
] ++ (attrValues config.krebs.users);
2020-08-12 20:49:54 +02:00
repo = [ config.krebs.git.repos.wiki ];
2020-08-12 22:52:37 +02:00
perm = push ''refs/heads/master'' [ create merge ];
}
];
2020-08-12 20:49:54 +02:00
repos.wiki = {
public = true;
2020-08-12 20:49:54 +02:00
name = "wiki";
hooks = {
2020-08-12 22:52:37 +02:00
post-receive = ''
${pkgs.git-hooks.irc-announce {
channel = "#xxx";
refs = [
"refs/heads/master"
];
nick = config.networking.hostName;
server = "irc.r";
verbose = true;
}}
/run/wrappers/bin/sudo -S -u gollum ${pushGollum}
'';
};
};
};
krebs.secret.files.gollum = {
path = "${config.services.gollum.stateDir}/.ssh/id_ed25519";
owner = { name = "gollum"; };
source-path = "${<secrets/gollum.id_ed25519>}";
};
2020-08-12 22:52:37 +02:00
security.sudo.extraConfig = ''
git ALL=(gollum) NOPASSWD: ${pushGollum}
'';
}