-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
let
cfg = config.myServices.gitolite;
in {
options.myServices.gitolite = {
enable = lib.mkEnableOption "my gitolite service";
gitoliteDir = lib.mkOption {
- type = lib.types.string;
+ type = lib.types.str;
default = "/var/lib/gitolite";
};
};
snippet = builtins.readFile ./ldap_gitolite.sh;
dependencies = [ pkgs.gitolite ];
}];
- services.backup.profiles.gitolite = {
- rootDir = cfg.gitoliteDir;
- };
networking.firewall.allowedTCPPorts = [ 9418 ];
+ secrets.keys."gitolite/ldap_password" = {
+ user = "gitolite";
+ group = "gitolite";
+ permissions = "0400";
+ text = config.myEnv.tools.gitolite.ldap.password;
+ };
+
services.gitDaemon = {
enable = true;
user = "gitolite";
};
system.activationScripts.gitolite = let
- gitolite_ldap_groups = pkgs.mylibs.wrap {
- name = "gitolite_ldap_groups.sh";
- file = ./gitolite_ldap_groups.sh;
- vars = {
- LDAP_PASS = myconfig.env.tools.gitolite.ldap.password;
- };
- paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
- };
+ deps = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
+ gitolite_ldap_groups = pkgs.runCommand "gitolite_ldap_groups.sh" {
+ buildInputs = [ pkgs.makeWrapper ];
+ } ''
+ makeWrapper "${./gitolite_ldap_groups.sh}" "$out" \
+ --prefix PATH : ${lib.makeBinPath deps} \
+ --set LDAP_PASS_PATH ${config.secrets.fullPaths."gitolite/ldap_password"}
+ '';
in {
deps = [ "users" ];
text = ''
};
users.users.wwwrun.extraGroups = [ "gitolite" ];
+ users.users.gitolite.extraGroups = [ "keys" ];
users.users.gitolite.packages = let
python-packages = python-packages: with python-packages; [
simplejson
+ apprise
urllib3
sleekxmpp
+ pyyaml
];
in
[
- (pkgs.python3.withPackages python-packages)
+ (pkgs.python38.withPackages python-packages)
+ pkgs.nettools
+ pkgs.findutils
];
# Installation: https://git.immae.eu/mantisbt/view.php?id=93
services.gitolite = {
enable = true;
- adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu";
+ adminPubkey = config.myEnv.sshd.rootKeys.immae_dilion;
};
};
}