X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fgitolite%2Fdefault.nix;h=0fb1a999bf6af0c0e0d1be9b6a8f3c5411d8f664;hb=878d1583017483976ac64f26b4f806a05d445cf1;hp=9f5c179a260f00a9f41d7b2ce87b287c26e0c59f;hpb=5400b9b6f65451d41a9106fae6fc00f97d83f4ef;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/gitolite/default.nix b/modules/private/gitolite/default.nix
index 9f5c179..0fb1a99 100644
--- a/modules/private/gitolite/default.nix
+++ b/modules/private/gitolite/default.nix
@@ -17,9 +17,18 @@ in {
     }];
     services.duplyBackup.profiles.gitolite = {
       rootDir = cfg.gitoliteDir;
+      remotes = [ "eriomem" "ovh" ];
     };
     networking.firewall.allowedTCPPorts = [ 9418 ];
 
+    secrets.keys = [{
+      dest = "gitolite/ldap_password";
+      user = "gitolite";
+      group = "gitolite";
+      permissions = "0400";
+      text = config.myEnv.tools.gitolite.ldap.password;
+    }];
+
     services.gitDaemon = {
       enable = true;
       user = "gitolite";
@@ -28,14 +37,14 @@ in {
     };
 
     system.activationScripts.gitolite = let
-      gitolite_ldap_groups = pkgs.mylibs.wrap {
-        name = "gitolite_ldap_groups.sh";
-        file = ./gitolite_ldap_groups.sh;
-        vars = {
-          LDAP_PASS = config.myEnv.tools.gitolite.ldap.password;
-        };
-        paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
-      };
+      deps = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
+      gitolite_ldap_groups = pkgs.runCommand "gitolite_ldap_groups.sh" {
+        buildInputs = [ pkgs.makeWrapper ];
+      } ''
+        makeWrapper "${./gitolite_ldap_groups.sh}" "$out" \
+          --prefix PATH : ${lib.makeBinPath deps} \
+          --set LDAP_PASS_PATH ${config.secrets.fullPaths."gitolite/ldap_password"}
+        '';
     in {
       deps = [ "users" ];
       text = ''
@@ -50,6 +59,7 @@ in {
     };
 
     users.users.wwwrun.extraGroups = [ "gitolite" ];
+    users.users.gitolite.extraGroups = [ "keys" ];
 
     users.users.gitolite.packages = let
       python-packages = python-packages: with python-packages; [
@@ -60,11 +70,13 @@ in {
     in
       [
         (pkgs.python3.withPackages python-packages)
+        pkgs.nettools
+        pkgs.findutils
       ];
     # Installation: https://git.immae.eu/mantisbt/view.php?id=93
     services.gitolite = {
       enable = true;
-      adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu";
+      adminPubkey = config.myEnv.sshd.rootKeys.immae_dilion;
     };
   };
 }