Merge remote-tracking branch 'ni/master'
This commit is contained in:
commit
e183bb1c80
|
@ -348,6 +348,10 @@ let
|
||||||
users.users.${cfg.user.name} = {
|
users.users.${cfg.user.name} = {
|
||||||
inherit (cfg.user) home name uid;
|
inherit (cfg.user) home name uid;
|
||||||
description = "Git repository hosting user";
|
description = "Git repository hosting user";
|
||||||
|
extraGroups = [
|
||||||
|
# To allow running cgit-clear-cache via hooks.
|
||||||
|
cfg.cgit.fcgiwrap.group.name
|
||||||
|
];
|
||||||
shell = "/bin/sh";
|
shell = "/bin/sh";
|
||||||
openssh.authorizedKeys.keys =
|
openssh.authorizedKeys.keys =
|
||||||
unique
|
unique
|
||||||
|
@ -403,13 +407,12 @@ let
|
||||||
));
|
));
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
(pkgs.writeDashBin "cgit-clear-cache" ''
|
(pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; })
|
||||||
${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/*
|
|
||||||
'')
|
|
||||||
];
|
];
|
||||||
|
|
||||||
system.activationScripts.cgit = ''
|
system.activationScripts.cgit = ''
|
||||||
mkdir -m 0700 -p ${cfg.cgit.settings.cache-root}
|
mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
|
||||||
|
chmod 0770 ${cfg.cgit.settings.cache-root}
|
||||||
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
|
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
8
krebs/5pkgs/simple/cgit-clear-cache.nix
Normal file
8
krebs/5pkgs/simple/cgit-clear-cache.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
|
{ cache-root ? "/tmp/cgit", findutils, writeDashBin }:
|
||||||
|
|
||||||
|
writeDashBin "cgit-clear-cache" ''
|
||||||
|
set -efu
|
||||||
|
${findutils}/bin/find ${shell.escape cache-root} -type f -delete
|
||||||
|
''
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
fetchgit {
|
fetchgit {
|
||||||
url = https://cgit.krebsco.de/krops;
|
url = https://cgit.krebsco.de/krops;
|
||||||
rev = "refs/tags/v1.1.0";
|
rev = "refs/tags/v1.3.1";
|
||||||
sha256 = "19z5385rdci2bj0l7ksjbgyj84vsb29kz87j9x6vj5vv16y7y4ll";
|
sha256 = "0bv984bjc6r1ys1q0wnszv1v1g1wdvjb6i0ibj7namwz0mhg67a7";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 4d0829328e885a6d7163b513998a975e60dd0a72
|
Subproject commit 5d79992262e8f16a3efa985375be74abea3bb392
|
|
@ -18,6 +18,10 @@ let {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
cgit-clear-cache = pkgs.cgit-clear-cache.override {
|
||||||
|
inherit (config.krebs.git.cgit.settings) cache-root;
|
||||||
|
};
|
||||||
|
|
||||||
repos =
|
repos =
|
||||||
public-repos //
|
public-repos //
|
||||||
optionalAttrs config.krebs.build.host.secure restricted-repos;
|
optionalAttrs config.krebs.build.host.secure restricted-repos;
|
||||||
|
@ -97,8 +101,11 @@ let {
|
||||||
{
|
{
|
||||||
brain = {
|
brain = {
|
||||||
collaborators = with config.krebs.users; [ lass makefu ];
|
collaborators = with config.krebs.users; [ lass makefu ];
|
||||||
hooks.post-receive = irc-announce {
|
hooks = {
|
||||||
cgit_endpoint = null;
|
post-receive = /* sh */ ''
|
||||||
|
(${irc-announce { cgit_endpoint = null; }})
|
||||||
|
${cgit-clear-cache}/bin/cgit-clear-cache
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
} //
|
} //
|
||||||
|
@ -117,14 +124,24 @@ let {
|
||||||
make-public-repo = name: { cgit ? {}, ... }: {
|
make-public-repo = name: { cgit ? {}, ... }: {
|
||||||
inherit cgit name;
|
inherit cgit name;
|
||||||
public = true;
|
public = true;
|
||||||
hooks = optionalAttrs (config.krebs.build.host.name == "ni") {
|
hooks = {
|
||||||
post-receive = irc-announce {};
|
post-receive = /* sh */ ''
|
||||||
|
(${optionalString (config.krebs.build.host.name == "ni")
|
||||||
|
(irc-announce {})})
|
||||||
|
${cgit-clear-cache}/bin/cgit-clear-cache
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: {
|
make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: {
|
||||||
inherit collaborators hooks name;
|
inherit collaborators name;
|
||||||
public = false;
|
public = false;
|
||||||
|
hooks = hooks // {
|
||||||
|
post-receive = /* sh */ ''
|
||||||
|
(${hooks.post-receive or ""})
|
||||||
|
${cgit-clear-cache}/bin/cgit-clear-cache
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
make-rules =
|
make-rules =
|
||||||
|
|
Loading…
Reference in a new issue