wiki: announce changes in #xxx, serve with cgit

2020-08-12 19:14:52 +02:00 · 2020-08-12 19:14:52 +02:00 · 19cc72be38
commit 19cc72be38
parent b63d24d58e
4 changed files with 175 additions and 2 deletions
--- a/krebs/0tests/data/secrets/gollum.id_ed25519
+++ b/krebs/0tests/data/secrets/gollum.id_ed25519
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@ -1,9 +1,26 @@
-{ config, ... }:
+{ config, pkgs, ... }:
+with import <stockholm/lib>;

 {
-  services.gollum = {
+  krebs.gollum = {
    enable = true;
+    extraConfig = ''
+      Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
+        system('${toString (pkgs.writers.writeDash "debuglol" ''
+          export PATH=${makeBinPath [ pkgs.git ]}
+          export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
+          cd ${config.krebs.gollum.stateDir}
+          if ! url=$(git config remote.origin.url); then
+            git remote add origin git@localhost:gollum
+          elif test "$url" != 'git@localhost:gollum'; then
+            git remote set-url origin git@localhost:gollum
+          fi
+          git push origin master
+        '')}')
+      end
+    '';
  };
+
  networking.firewall.allowedTCPPorts = [ 80 ];
  services.nginx = {
    enable = true;
@ -16,4 +33,47 @@
      '';
    };
  };
+
+  krebs.git = {
+    enable = true;
+    cgit.settings = {
+      root-title = "krebs repos";
+    };
+    rules = with git; [
+      {
+        user = [
+          {
+            name = "gollum";
+            pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6";
+          }
+          config.krebs.users.lass-mors
+        ];
+        repo = [ config.krebs.git.repos.gollum ];
+        perm = push ''refs/*'' [ create merge ];
+      }
+    ];
+    repos.gollum = {
+      public = true;
+      name = "gollum";
+      hooks = {
+        post-receive = pkgs.git-hooks.irc-announce {
+          channel = "#xxx";
+          refs = [
+            "refs/heads/master"
+            "refs/heads/newest"
+            "refs/tags/*"
+          ];
+          nick = config.networking.hostName;
+          server = "irc.r";
+          verbose = true;
+        };
+      };
+    };
+  };
+
+  krebs.secret.files.gollum = {
+    path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519";
+    owner = { name = "gollum"; };
+    source-path = "${<secrets/gollum.id_ed25519>}";
+  };
 }
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -27,6 +27,7 @@ let
      ./github-known-hosts.nix
      ./git.nix
      ./go.nix
+      ./gollum.nix
      ./hidden-ssh.nix
      ./hosts.nix
      ./htgen.nix
--- a/krebs/3modules/gollum.nix
+++ b/krebs/3modules/gollum.nix
@ -0,0 +1,112 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.krebs.gollum;
+in
+
+{
+  options.krebs.gollum = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable the Gollum service.";
+    };
+
+    address = mkOption {
+      type = types.str;
+      default = "0.0.0.0";
+      description = "IP address on which the web server will listen.";
+    };
+
+    port = mkOption {
+      type = types.int;
+      default = 4567;
+      description = "Port on which the web server will run.";
+    };
+
+    extraConfig = mkOption {
+      type = types.lines;
+      default = "";
+      description = "Content of the configuration file";
+    };
+
+    mathjax = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable support for math rendering using MathJax";
+    };
+
+    allowUploads = mkOption {
+      type = types.nullOr (types.enum [ "dir" "page" ]);
+      default = null;
+      description = "Enable uploads of external files";
+    };
+
+    emoji = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Parse and interpret emoji tags";
+    };
+
+    branch = mkOption {
+      type = types.str;
+      default = "master";
+      example = "develop";
+      description = "Git branch to serve";
+    };
+
+    stateDir = mkOption {
+      type = types.path;
+      default = "/var/lib/gollum";
+      description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup.";
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    users.users.gollum = {
+      group = config.users.users.gollum.name;
+      description = "Gollum user";
+      home = cfg.stateDir;
+      createHome = false;
+      isSystemUser = true;
+    };
+
+    users.groups.gollum = { };
+
+    systemd.tmpfiles.rules = [
+      "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -"
+    ];
+
+    systemd.services.gollum = {
+      description = "Gollum wiki";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.git ];
+
+      preStart = ''
+        # This is safe to be run on an existing repo
+        git init ${cfg.stateDir}
+      '';
+
+      serviceConfig = {
+        User = config.users.users.gollum.name;
+        Group = config.users.groups.gollum.name;
+        ExecStart = ''
+          ${pkgs.gollum}/bin/gollum \
+            --port ${toString cfg.port} \
+            --host ${cfg.address} \
+            --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \
+            --ref ${cfg.branch} \
+            ${optionalString cfg.mathjax "--mathjax"} \
+            ${optionalString cfg.emoji "--emoji"} \
+            ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \
+            ${cfg.stateDir}
+        '';
+      };
+    };
+  };
+}