stockholm/krebs/2configs/repo-sync.nix

{ config, lib, pkgs, ... }:

with import <stockholm/lib>;

let
  konsens-user = {
    name = "konsens";
    pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7";
  };
  mirror = "git@${config.networking.hostName}:";

  defineRepo = {
    name, desc, section
  }:
  let
    repo = {
      public = true;
      name = mkDefault "${name}";
      cgit.desc = desc;
      cgit.section = section;
      hooks = mkDefault {
        post-receive = pkgs.git-hooks.irc-announce {
          channel = "#xxx";
          refs = [
            "refs/heads/newest"
            "refs/tags/*"
          ];
          nick = config.networking.hostName;
          server = "irc.r";
          verbose = false;
        };
      };
    };
  in {
    rules = with git; [
      {
        user = with config.krebs.users; [
          config.krebs.users."${config.networking.hostName}-repo-sync"
          lass
          makefu
          tv
        ];
        repo = [ repo ];
        perm = push ''refs/*'' [ non-fast-forward create delete merge ];
      }
      {
        user = [
          konsens-user
        ];
        repo = [ repo ];
        perm = push "refs/heads/common" [ create merge ];
      }
      {
        user = attrValues config.krebs.users;
        repo = [ repo ];
        perm = fetch;
      }
    ];
    repos."${name}" = repo;
  };

  sync-repo = {
    name,
    remotes,
    desc ? "mirror for ${name}",
    section ? "mirror"
  }:
    {
      krebs.repo-sync.repos.${name} = {
        branches = (lib.mapAttrs' (user: url: lib.nameValuePair user {
          origin.url = url;
          mirror.url = "${mirror}${name}";
        }) remotes);
        latest = {
          url = "${mirror}${name}";
          ref = "heads/newest";
        };
      };
      krebs.git = defineRepo { inherit name desc section; };
    };

in {
  krebs.git = {
    enable = true;
    cgit.settings = {
      root-title = "krebs repos";
      root-desc = "keep calm and engage";
    };
  };
  krebs.repo-sync = {
    enable = true;
  };
  krebs.konsens = {
    enable = true;
    repos = {
      stockholm = {};
    };
  };
  krebs.secret.files.konsens = {
    path = "/var/lib/konsens/.ssh/id_ed25519";
    owner = konsens-user;
    source-path = "${<secrets/konsens.id_ed25519>}";
  };

  imports = [
    (sync-repo {
      name = "stockholm";
      desc = "take all computers hostage, they love it";
      section = "configuration";
      remotes = {
        makefu = "http://cgit.gum.r/stockholm";
        tv = "http://cgit.ni.r/stockholm";
        lassulus = "http://cgit.orange.r/stockholm";
      };
    })
    ({ krebs.git = defineRepo {
      name = "krops";
      desc = "deployment tools";
      section = "deployment";
    };})
  ];
}
s 2 repo-sync: init 2016-02-15 13:03:47 +00:00			`{ config, lib, pkgs, ... }:`

krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`with import <stockholm/lib>;`

			`let`
repo-sync: add konsens for krops & stockholm 2018-08-29 15:42:00 +00:00			`konsens-user = {`
			`name = "konsens";`
			`pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7";`
			`};`
krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`mirror = "git@${config.networking.hostName}:";`

hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`defineRepo = {`
			`name, desc, section`
			`}:`
			`let`
krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`repo = {`
			`public = true;`
			`name = mkDefault "${name}";`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`cgit.desc = desc;`
			`cgit.section = section;`
			`hooks = mkDefault {`
krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`post-receive = pkgs.git-hooks.irc-announce {`
#krebs@irc.r -> #xxx@irc.r 2017-10-01 12:26:12 +00:00			`channel = "#xxx";`
irc-announce: whitelist refs instead of branches 2018-09-06 21:02:56 +00:00			`refs = [`
			`"refs/heads/newest"`
repo-sync: announce tags 2018-09-06 21:04:24 +00:00			`"refs/tags/*"`
repo-sync: announcemnaster 2018-09-06 20:34:33 +00:00			`];`
irc-announce: whitelist refs instead of branches 2018-09-06 21:02:56 +00:00			`nick = config.networking.hostName;`
			`server = "irc.r";`
			`verbose = false;`
s 2 repo-sync: use new api 2017-03-07 23:52:31 +00:00			`};`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`};`
krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`};`
			`in {`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`rules = with git; [`
			`{`
			`user = with config.krebs.users; [`
			`config.krebs.users."${config.networking.hostName}-repo-sync"`
			`lass`
			`makefu`
repo-sync: remove staging branches, style 2018-08-25 10:04:22 +00:00			`tv`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`];`
			`repo = [ repo ];`
			`perm = push ''refs/*'' [ non-fast-forward create delete merge ];`
			`}`
repo-sync: add konsens for krops & stockholm 2018-08-29 15:42:00 +00:00			`{`
			`user = [`
			`konsens-user`
			`];`
			`repo = [ repo ];`
hotdog.r: repo-sync stockholm, define krops 2023-04-11 20:35:48 +00:00			`perm = push "refs/heads/common" [ create merge ];`
repo-sync: add konsens for krops & stockholm 2018-08-29 15:42:00 +00:00			`}`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`{`
			`user = attrValues config.krebs.users;`
			`repo = [ repo ];`
			`perm = fetch;`
			`}`
			`];`
krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`repos."${name}" = repo;`
			`};`

hotdog.r: repo-sync stockholm, define krops 2023-04-11 20:35:48 +00:00			`sync-repo = {`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`name,`
hotdog.r: repo-sync stockholm, define krops 2023-04-11 20:35:48 +00:00			`remotes,`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`desc ? "mirror for ${name}",`
			`section ? "mirror"`
			`}:`
krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`{`
			`krebs.repo-sync.repos.${name} = {`
hotdog.r: repo-sync stockholm, define krops 2023-04-11 20:35:48 +00:00			`branches = (lib.mapAttrs' (user: url: lib.nameValuePair user {`
			`origin.url = url;`
			`mirror.url = "${mirror}${name}";`
			`}) remotes);`
krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`latest = {`
			`url = "${mirror}${name}";`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`ref = "heads/newest";`
			`};`
			`};`
			`krebs.git = defineRepo { inherit name desc section; };`
			`};`

krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`in {`
krebs repo-sync: activate also git 2017-07-22 18:37:20 +00:00			`krebs.git = {`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`enable = true;`
			`cgit.settings = {`
			`root-title = "krebs repos";`
			`root-desc = "keep calm and engage";`
krebs repo-sync: activate also git 2017-07-22 18:37:20 +00:00			`};`
			`};`
hotdog.r: repo-sync all the repos 2018-08-24 17:34:29 +00:00			`krebs.repo-sync = {`
			`enable = true;`
			`};`
repo-sync: add konsens for krops & stockholm 2018-08-29 15:42:00 +00:00			`krebs.konsens = {`
			`enable = true;`
			`repos = {`
			`stockholm = {};`
			`};`
			`};`
			`krebs.secret.files.konsens = {`
			`path = "/var/lib/konsens/.ssh/id_ed25519";`
			`owner = konsens-user;`
			`source-path = "${<secrets/konsens.id_ed25519>}";`
			`};`

krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`imports = [`
hotdog.r: repo-sync stockholm, define krops 2023-04-11 20:35:48 +00:00			`(sync-repo {`
			`name = "stockholm";`
			`desc = "take all computers hostage, they love it";`
			`section = "configuration";`
			`remotes = {`
			`makefu = "http://cgit.gum.r/stockholm";`
			`tv = "http://cgit.ni.r/stockholm";`
			`lassulus = "http://cgit.orange.r/stockholm";`
			`};`
			`})`
			`({ krebs.git = defineRepo {`
			`name = "krops";`
			`desc = "deployment tools";`
			`section = "deployment";`
			`};})`
krebs: merge cgit-mirror into repo-sync 2017-07-22 13:12:06 +00:00			`];`
s 2 repo-sync: init 2016-02-15 13:03:47 +00:00			`}`