+ gitolite =
+ assert checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
+ let
+ gitolite_ldap_groups = wrap {
+ name = "gitolite_ldap_groups.sh";
+ file = ./packages/gitolite_ldap_groups.sh;
+ vars = {
+ LDAP_PASS = builtins.getEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
+ };
+ paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
+ };
+ in {
+ deps = [ "users" ];
+ text = ''
+ if [ -d /var/lib/gitolite ]; then
+ ln -sf ${gitolite_ldap_groups} /var/lib/gitolite/gitolite_ldap_groups.sh
+ chmod g+rx /var/lib/gitolite
+ fi
+ if [ -f /var/lib/gitolite/projects.list ]; then
+ chmod g+r /var/lib/gitolite/projects.list
+ fi
+ '';
+ };
+ };
+
+ environment.etc."ssh/ldap_authorized_keys" = let
+ ldap_authorized_keys =
+ assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD";
+ wrap {
+ name = "ldap_authorized_keys";
+ file = ./ldap_authorized_keys.sh;
+ vars = {
+ LDAP_PASS = builtins.getEnv "NIXOPS_SSHD_LDAP_PASSWORD";
+ GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
+ ECHO = "${pkgs.coreutils}/bin/echo";
+ };
+ paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.gnused pkgs.coreutils ];
+ };
+ in {
+ enable = true;
+ mode = "0755";
+ user = "root";
+ source = ldap_authorized_keys;
+ };
+
+ services.gitDaemon = {
+ enable = true;
+ user = "gitolite";
+ group = "gitolite";
+ basePath = "${mypkgs.git.web.varDir}/repositories";