options.myServices.gitolite = {
enable = lib.mkEnableOption "my gitolite service";
gitoliteDir = lib.mkOption {
- type = lib.types.string;
+ type = lib.types.str;
default = "/var/lib/gitolite";
};
};
};
networking.firewall.allowedTCPPorts = [ 9418 ];
+ secrets.keys = [{
+ dest = "gitolite/ldap_password";
+ user = "gitolite";
+ group = "gitolite";
+ permissions = "0400";
+ text = config.myEnv.tools.gitolite.ldap.password;
+ }];
+
services.gitDaemon = {
enable = true;
user = "gitolite";
};
system.activationScripts.gitolite = let
- gitolite_ldap_groups = pkgs.mylibs.wrap {
- name = "gitolite_ldap_groups.sh";
- file = ./gitolite_ldap_groups.sh;
- vars = {
- LDAP_PASS = config.myEnv.tools.gitolite.ldap.password;
- };
- paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
- };
+ deps = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
+ gitolite_ldap_groups = pkgs.runCommand "gitolite_ldap_groups.sh" {
+ buildInputs = [ pkgs.makeWrapper ];
+ } ''
+ makeWrapper "${./gitolite_ldap_groups.sh}" "$out" \
+ --prefix PATH : ${lib.makeBinPath deps} \
+ --set LDAP_PASS_PATH ${config.secrets.fullPaths."gitolite/ldap_password"}
+ '';
in {
deps = [ "users" ];
text = ''
};
users.users.wwwrun.extraGroups = [ "gitolite" ];
+ users.users.gitolite.extraGroups = [ "keys" ];
users.users.gitolite.packages = let
python-packages = python-packages: with python-packages; [
projects / perso / Immae / Config / Nix.git / blobdiff