tv git: call service "git" consistently

This commit is contained in:
tv 2015-06-19 01:13:09 +02:00
parent c6f229df62
commit 03a9bb71c3

View File

@ -18,12 +18,12 @@ let
isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
makeAuthorizedKey = command-script: user@{ name, pubkey }: makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }:
# TODO assert name # TODO assert name
# TODO assert pubkey # TODO assert pubkey
let let
options = concatStringsSep "," [ options = concatStringsSep "," [
''command="exec ${command-script} ${name}"'' ''command="exec ${git-ssh-command} ${name}"''
"no-agent-forwarding" "no-agent-forwarding"
"no-port-forwarding" "no-port-forwarding"
"no-pty" "no-pty"
@ -102,7 +102,7 @@ in
}; };
etcDir = mkOption { etcDir = mkOption {
type = types.str; type = types.str;
default = "/etc/git-ssh"; default = "/etc/git";
}; };
rules = mkOption { rules = mkOption {
type = types.unspecified; type = types.unspecified;
@ -167,7 +167,7 @@ in
config = config =
let let
command-script = writeScript "git-ssh-command" '' git-ssh-command = writeScript "git-ssh-command" ''
#! /bin/sh #! /bin/sh
set -euf set -euf
@ -181,13 +181,13 @@ in
abort() { abort() {
echo "error: $1" >&2 echo "error: $1" >&2
systemd-cat -p err -t git-ssh echo "error: $1" systemd-cat -p err -t git echo "error: $1"
exit -1 exit -1
} }
GIT_SSH_USER=$1 GIT_SSH_USER=$1
systemd-cat -p info -t git-ssh echo \ systemd-cat -p info -t git echo \
"authorizing $GIT_SSH_USER $SSH_CONNECTION $SSH_ORIGINAL_COMMAND" "authorizing $GIT_SSH_USER $SSH_CONNECTION $SSH_ORIGINAL_COMMAND"
# References: The Base Definitions volume of # References: The Base Definitions volume of
@ -210,7 +210,7 @@ in
repodir=${escapeShellArg cfg.dataDir}/$GIT_SSH_REPO repodir=${escapeShellArg cfg.dataDir}/$GIT_SSH_REPO
systemd-cat -p info -t git-ssh \ systemd-cat -p info -t git \
echo "authorized exec $command $repodir" echo "authorized exec $command $repodir"
export GIT_SSH_USER export GIT_SSH_USER
@ -218,7 +218,7 @@ in
exec "$command" "$repodir" exec "$command" "$repodir"
''; '';
init-script = writeScript "git-ssh-init" '' init-script = writeScript "git-init" ''
#! /bin/sh #! /bin/sh
set -euf set -euf
@ -251,7 +251,7 @@ in
# Initialize repositories. # Initialize repositories.
${concatMapStringsSep "\n" (repo: ${concatMapStringsSep "\n" (repo:
let let
hooks = scriptFarm "git-ssh-hooks" (makeHooks repo); hooks = scriptFarm "git-hooks" (makeHooks repo);
in in
'' ''
reponame=${escapeShellArg repo.name} reponame=${escapeShellArg repo.name}
@ -289,12 +289,12 @@ in
])} ])}
accept() { accept() {
#systemd-cat -p info -t git-ssh echo "authorized $1" #systemd-cat -p info -t git echo "authorized $1"
accept_string="''${accept_string+$accept_string accept_string="''${accept_string+$accept_string
}authorized $1" }authorized $1"
} }
reject() { reject() {
#systemd-cat -p err -t git-ssh echo "denied $1" #systemd-cat -p err -t git echo "denied $1"
#echo 'access denied' >&2 #echo 'access denied' >&2
#exit_code=-1 #exit_code=-1
reject_string="''${reject_string+$reject_string reject_string="''${reject_string+$reject_string
@ -326,11 +326,11 @@ in
done done
if [ -n "$reject_string" ]; then if [ -n "$reject_string" ]; then
systemd-cat -p err -t git-ssh echo "$reject_string" systemd-cat -p err -t git echo "$reject_string"
exit -1 exit -1
fi fi
systemd-cat -p info -t git-ssh echo "$accept_string" systemd-cat -p info -t git echo "$accept_string"
${optionalString (hasAttr "post-receive" repo.hooks) '' ${optionalString (hasAttr "post-receive" repo.hooks) ''
# custom post-receive hook # custom post-receive hook
@ -343,7 +343,7 @@ in
removePrefix "/etc/" cfg.etcDir; removePrefix "/etc/" cfg.etcDir;
in in
mkIf cfg.enable { mkIf cfg.enable {
system.activationScripts.git-ssh-init = "${init-script}"; system.activationScripts.git-init = "${init-script}";
# TODO maybe put all scripts here and then use PATH? # TODO maybe put all scripts here and then use PATH?
environment.etc."${etc-base}".source = environment.etc."${etc-base}".source =
@ -367,7 +367,7 @@ in
name = "git"; name = "git";
shell = "/bin/sh"; shell = "/bin/sh";
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
mapAttrsToList (_: makeAuthorizedKey command-script) cfg.users; mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
uid = 112606723; # genid git uid = 112606723; # genid git
}; };
}; };