wiki: allow push to git

This commit is contained in:
lassulus 2020-08-12 22:52:37 +02:00
parent b42fe392f3
commit 03939b14e1

View File

@ -1,23 +1,37 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with import <stockholm/lib>; with import <stockholm/lib>;
let
setupGit = ''
export PATH=${makeBinPath [ pkgs.git ]}
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
repo='git@localhost:wiki'
cd ${config.krebs.gollum.stateDir}
if ! url=$(git config remote.origin.url); then
git remote add origin "$repo"
elif test "$url" != "$repo"; then
git remote set-url origin "$repo"
fi
'';
pushGollum = pkgs.writeDash "push_gollum" ''
${setupGit}
git fetch origin
git merge --ff-only origin/master
'';
pushCgit = pkgs.writeDash "push_cgit" ''
${setupGit}
git push origin master
'';
in
{ {
krebs.gollum = { krebs.gollum = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
system('${toString (pkgs.writers.writeDash "push_cgit" '' system('${pushCgit}')
export PATH=${makeBinPath [ pkgs.git ]}
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
repo='git@localhost:wiki'
cd ${config.krebs.gollum.stateDir}
if ! url=$(git config remote.origin.url); then
git remote add origin "$repo"
elif test "$url" != "$repo"; then
git remote set-url origin "$repo"
fi
git push origin master
'')}')
end end
''; '';
}; };
@ -47,27 +61,27 @@ with import <stockholm/lib>;
name = "gollum"; name = "gollum";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6";
} }
config.krebs.users.lass-mors ] ++ (attrValues config.krebs.users);
];
repo = [ config.krebs.git.repos.wiki ]; repo = [ config.krebs.git.repos.wiki ];
perm = push ''refs/*'' [ create merge ]; perm = push ''refs/heads/master'' [ create merge ];
} }
]; ];
repos.wiki = { repos.wiki = {
public = true; public = true;
name = "wiki"; name = "wiki";
hooks = { hooks = {
post-receive = pkgs.git-hooks.irc-announce { post-receive = ''
channel = "#xxx"; ${pkgs.git-hooks.irc-announce {
refs = [ channel = "#xxx";
"refs/heads/master" refs = [
"refs/heads/newest" "refs/heads/master"
"refs/tags/*" ];
]; nick = config.networking.hostName;
nick = config.networking.hostName; server = "irc.r";
server = "irc.r"; verbose = true;
verbose = true; }}
}; /run/wrappers/bin/sudo -S -u gollum ${pushGollum}
'';
}; };
}; };
}; };
@ -77,4 +91,8 @@ with import <stockholm/lib>;
owner = { name = "gollum"; }; owner = { name = "gollum"; };
source-path = "${<secrets/gollum.id_ed25519>}"; source-path = "${<secrets/gollum.id_ed25519>}";
}; };
security.sudo.extraConfig = ''
git ALL=(gollum) NOPASSWD: ${pushGollum}
'';
} }