Merge remote-tracking branch 'ni/master'

2018-09-04 20:40:20 +02:00 · 2018-09-04 20:40:20 +02:00 · e183bb1c80
parent 8760874b7a 000f2a7c91
commit e183bb1c80
5 changed files with 40 additions and 12 deletions
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@ -348,6 +348,10 @@ let
    users.users.${cfg.user.name} = {
      inherit (cfg.user) home name uid;
      description = "Git repository hosting user";
+      extraGroups = [
+        # To allow running cgit-clear-cache via hooks.
+        cfg.cgit.fcgiwrap.group.name
+      ];
      shell = "/bin/sh";
      openssh.authorizedKeys.keys =
        unique
@ -403,13 +407,12 @@ let
        ));

    environment.systemPackages = [
-      (pkgs.writeDashBin "cgit-clear-cache" ''
-        ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/*
-      '')
+      (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; })
    ];

    system.activationScripts.cgit = ''
-      mkdir -m 0700 -p ${cfg.cgit.settings.cache-root}
+      mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
+      chmod 0770 ${cfg.cgit.settings.cache-root}
      chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
    '';

--- a/krebs/5pkgs/simple/cgit-clear-cache.nix
+++ b/krebs/5pkgs/simple/cgit-clear-cache.nix
@ -0,0 +1,8 @@
+with import <stockholm/lib>;
+
+{ cache-root ? "/tmp/cgit", findutils, writeDashBin }:
+
+writeDashBin "cgit-clear-cache" ''
+  set -efu
+  ${findutils}/bin/find ${shell.escape cache-root} -type f -delete
+''
--- a/krebs/5pkgs/simple/krops.nix
+++ b/krebs/5pkgs/simple/krops.nix
@ -2,6 +2,6 @@

 fetchgit {
  url = https://cgit.krebsco.de/krops;
-  rev = "refs/tags/v1.1.0";
-  sha256 = "19z5385rdci2bj0l7ksjbgyj84vsb29kz87j9x6vj5vv16y7y4ll";
+  rev = "refs/tags/v1.3.1";
+  sha256 = "0bv984bjc6r1ys1q0wnszv1v1g1wdvjb6i0ibj7namwz0mhg67a7";
 }
--- a/submodules/nix-writers
+++ b/submodules/nix-writers
@ -1 +1 @@
-Subproject commit 4d0829328e885a6d7163b513998a975e60dd0a72
+Subproject commit 5d79992262e8f16a3efa985375be74abea3bb392
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@ -18,6 +18,10 @@ let {
    };
  };

+  cgit-clear-cache = pkgs.cgit-clear-cache.override {
+    inherit (config.krebs.git.cgit.settings) cache-root;
+  };
+
  repos =
    public-repos //
    optionalAttrs config.krebs.build.host.secure restricted-repos;
@ -97,8 +101,11 @@ let {
    {
      brain = {
        collaborators = with config.krebs.users; [ lass makefu ];
-        hooks.post-receive = irc-announce {
-          cgit_endpoint = null;
+        hooks = {
+          post-receive = /* sh */ ''
+            (${irc-announce { cgit_endpoint = null; }})
+            ${cgit-clear-cache}/bin/cgit-clear-cache
+          '';
        };
      };
    } //
@ -117,14 +124,24 @@ let {
  make-public-repo = name: { cgit ? {}, ... }: {
    inherit cgit name;
    public = true;
-    hooks = optionalAttrs (config.krebs.build.host.name == "ni") {
-      post-receive = irc-announce {};
+    hooks = {
+      post-receive = /* sh */ ''
+        (${optionalString (config.krebs.build.host.name == "ni")
+                          (irc-announce {})})
+        ${cgit-clear-cache}/bin/cgit-clear-cache
+      '';
    };
  };

  make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: {
-    inherit collaborators hooks name;
+    inherit collaborators name;
    public = false;
+    hooks = hooks // {
+      post-receive = /* sh */ ''
+        (${hooks.post-receive or ""})
+        ${cgit-clear-cache}/bin/cgit-clear-cache
+      '';
+    };
  };

  make-rules =