stockholm/krebs/2configs/cal.nix

118 lines
3 KiB
Nix
Raw Normal View History

2023-06-05 19:52:52 +02:00
{ config, lib, pkgs, ... }: let
2023-06-10 12:50:53 +02:00
slib = import ../../lib/pure.nix { inherit lib; };
2023-06-05 19:52:52 +02:00
setupGit = ''
export PATH=${lib.makeBinPath [
pkgs.coreutils
pkgs.git
]}
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i /var/lib/radicale/.ssh/id_ed25519'
repo='git@localhost:cal'
cd /var/lib/radicale/collections
if ! test -d .git; then
git init
git config user.name "radicale"
git config user.email "radicale@${config.networking.hostName}"
elif ! url=$(git config remote.origin.url); then
git remote add origin "$repo"
elif test "$url" != "$repo"; then
git remote set-url origin "$repo"
fi
cp ${pkgs.writeText "gitignore" ''
.Radicale.cache
''} .gitignore
git add .gitignore
'';
2022-11-28 17:40:13 +01:00
2023-06-10 12:50:53 +02:00
pushCal = pkgs.writers.writeDash "push_cal" ''
2023-06-05 19:52:52 +02:00
${setupGit}
git fetch origin
git merge --ff-only origin/master || :
'';
2023-06-10 12:50:53 +02:00
pushCgit = pkgs.writers.writeDash "push_cgit" ''
2023-06-05 19:52:52 +02:00
${setupGit}
git push origin master
'';
in {
services.radicale = {
2022-11-28 17:40:13 +01:00
enable = true;
2023-06-05 19:52:52 +02:00
rights = {
krebs = {
user = ".*";
collection = ".*";
permissions = "rRwW";
};
};
settings = {
auth.type = "none";
server.hosts = [
"0.0.0.0:5232"
"[::]:5232"
];
storage.filesystem_folder = "/var/lib/radicale/collections";
storage.hook = "${pkgs.writers.writeDash "radicale-hook" ''
set -efu
${setupGit}
${pkgs.git}/bin/git add -A
(${pkgs.git}/bin/git diff --cached --quiet || ${pkgs.git}/bin/git commit -m "Changes by \"$1\"")
${pushCgit}
''} %(user)s";
};
2022-11-28 17:40:13 +01:00
};
services.nginx = {
enable = true;
virtualHosts = {
2023-06-05 19:52:52 +02:00
"calendar.r".locations."/".proxyPass = "http://localhost:5232/";
};
};
krebs.git = {
enable = true;
cgit.settings = {
root-title = "krebs repos";
};
2023-06-10 12:50:53 +02:00
rules = with slib.git; [
2023-06-05 19:52:52 +02:00
{
user = [
{
name = "cal";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe1jtHaNFZKmWemWQVEGVYj+s4QGJaL9WYH+wokOZie";
}
] ++ (lib.attrValues config.krebs.users);
repo = [ config.krebs.git.repos.cal ];
perm = push ''refs/heads/master'' [ create merge ];
}
];
repos.cal = {
public = true;
name = "cal";
hooks = {
post-receive = ''
${pkgs.git-hooks.irc-announce {
channel = "#xxx";
refs = [
"refs/heads/master"
];
nick = config.networking.hostName;
server = "irc.r";
verbose = true;
}}
/run/wrappers/bin/sudo -S -u radicale ${pushCal}
'';
};
2022-11-28 17:40:13 +01:00
};
};
2023-06-05 19:52:52 +02:00
krebs.secret.files.calendar = {
path = "/var/lib/radicale/.ssh/id_ed25519";
owner = { name = "radicale"; };
source-path = "${config.krebs.secret.directory}/radicale.id_ed25519";
2023-06-05 19:52:52 +02:00
};
security.sudo.extraConfig = ''
git ALL=(radicale) NOPASSWD: ${pushCal}
'';
2022-11-28 17:40:13 +01:00
}