Merge remote-tracking branch 'ni/master'

This commit is contained in:
lassulus 2018-09-04 20:40:20 +02:00
commit e183bb1c80
5 changed files with 40 additions and 12 deletions

View file

@ -348,6 +348,10 @@ let
users.users.${cfg.user.name} = { users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid; inherit (cfg.user) home name uid;
description = "Git repository hosting user"; description = "Git repository hosting user";
extraGroups = [
# To allow running cgit-clear-cache via hooks.
cfg.cgit.fcgiwrap.group.name
];
shell = "/bin/sh"; shell = "/bin/sh";
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
unique unique
@ -403,13 +407,12 @@ let
)); ));
environment.systemPackages = [ environment.systemPackages = [
(pkgs.writeDashBin "cgit-clear-cache" '' (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; })
${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/*
'')
]; ];
system.activationScripts.cgit = '' system.activationScripts.cgit = ''
mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
chmod 0770 ${cfg.cgit.settings.cache-root}
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
''; '';

View file

@ -0,0 +1,8 @@
with import <stockholm/lib>;
{ cache-root ? "/tmp/cgit", findutils, writeDashBin }:
writeDashBin "cgit-clear-cache" ''
set -efu
${findutils}/bin/find ${shell.escape cache-root} -type f -delete
''

View file

@ -2,6 +2,6 @@
fetchgit { fetchgit {
url = https://cgit.krebsco.de/krops; url = https://cgit.krebsco.de/krops;
rev = "refs/tags/v1.1.0"; rev = "refs/tags/v1.3.1";
sha256 = "19z5385rdci2bj0l7ksjbgyj84vsb29kz87j9x6vj5vv16y7y4ll"; sha256 = "0bv984bjc6r1ys1q0wnszv1v1g1wdvjb6i0ibj7namwz0mhg67a7";
} }

@ -1 +1 @@
Subproject commit 4d0829328e885a6d7163b513998a975e60dd0a72 Subproject commit 5d79992262e8f16a3efa985375be74abea3bb392

View file

@ -18,6 +18,10 @@ let {
}; };
}; };
cgit-clear-cache = pkgs.cgit-clear-cache.override {
inherit (config.krebs.git.cgit.settings) cache-root;
};
repos = repos =
public-repos // public-repos //
optionalAttrs config.krebs.build.host.secure restricted-repos; optionalAttrs config.krebs.build.host.secure restricted-repos;
@ -97,8 +101,11 @@ let {
{ {
brain = { brain = {
collaborators = with config.krebs.users; [ lass makefu ]; collaborators = with config.krebs.users; [ lass makefu ];
hooks.post-receive = irc-announce { hooks = {
cgit_endpoint = null; post-receive = /* sh */ ''
(${irc-announce { cgit_endpoint = null; }})
${cgit-clear-cache}/bin/cgit-clear-cache
'';
}; };
}; };
} // } //
@ -117,14 +124,24 @@ let {
make-public-repo = name: { cgit ? {}, ... }: { make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name; inherit cgit name;
public = true; public = true;
hooks = optionalAttrs (config.krebs.build.host.name == "ni") { hooks = {
post-receive = irc-announce {}; post-receive = /* sh */ ''
(${optionalString (config.krebs.build.host.name == "ni")
(irc-announce {})})
${cgit-clear-cache}/bin/cgit-clear-cache
'';
}; };
}; };
make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: {
inherit collaborators hooks name; inherit collaborators name;
public = false; public = false;
hooks = hooks // {
post-receive = /* sh */ ''
(${hooks.post-receive or ""})
${cgit-clear-cache}/bin/cgit-clear-cache
'';
};
}; };
make-rules = make-rules =