+++ /dev/null
-{ lib, pkgs, config, ... }:
-let
- cfg = config.myServices.gitolite;
-in {
- options.myServices.gitolite = {
- enable = lib.mkEnableOption "my gitolite service";
- gitoliteDir = lib.mkOption {
- type = lib.types.str;
- default = "/var/lib/gitolite";
- };
- };
-
- config = lib.mkIf cfg.enable {
- myServices.ssh.modules = [{
- snippet = builtins.readFile ./ldap_gitolite.sh;
- dependencies = [ pkgs.gitolite ];
- }];
- networking.firewall.allowedTCPPorts = [ 9418 ];
-
- secrets.keys."gitolite/ldap_password" = {
- user = "gitolite";
- group = "gitolite";
- permissions = "0400";
- text = config.myEnv.tools.gitolite.ldap.password;
- };
-
- services.gitDaemon = {
- enable = true;
- user = "gitolite";
- group = "gitolite";
- basePath = "${cfg.gitoliteDir}/repositories";
- };
-
- system.activationScripts.gitolite = let
- deps = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
- gitolite_ldap_groups = pkgs.runCommand "gitolite_ldap_groups.sh" {
- buildInputs = [ pkgs.makeWrapper ];
- } ''
- makeWrapper "${./gitolite_ldap_groups.sh}" "$out" \
- --prefix PATH : ${lib.makeBinPath deps} \
- --set LDAP_PASS_PATH ${config.secrets.fullPaths."gitolite/ldap_password"}
- '';
- in {
- deps = [ "users" ];
- text = ''
- if [ -d ${cfg.gitoliteDir} ]; then
- ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
- chmod g+rx ${cfg.gitoliteDir}
- fi
- if [ -f ${cfg.gitoliteDir}/projects.list ]; then
- chmod g+r ${cfg.gitoliteDir}/projects.list
- fi
- '';
- };
-
- users.users.wwwrun.extraGroups = [ "gitolite" ];
- users.users.gitolite.extraGroups = [ "keys" ];
-
- users.users.gitolite.packages = let
- python-packages = python-packages: with python-packages; [
- simplejson
- urllib3
- sleekxmpp
- ];
- in
- [
- (pkgs.python3.withPackages python-packages)
- pkgs.nettools
- pkgs.findutils
- ];
- # Installation: https://git.immae.eu/mantisbt/view.php?id=93
- services.gitolite = {
- enable = true;
- adminPubkey = config.myEnv.sshd.rootKeys.immae_dilion;
- };
- };
-}