Move rest of the modules outside of nixops

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:55:28 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-22 20:55:28 +0200
commit: 8d213e2b1c934f6861f76aad5eb7c11097fa97de (patch)
tree: 23f8a2d5692deaeffffa1ab5f098b2d24b9e2217 /modules/private/gitolite
parent: a1a8649a2be768685eb04c246c114fce36b8096f (diff)
download: Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.tar.gz
Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.tar.zst
Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.zip
2 files changed, 78 insertions, 0 deletions
diff --git a/modules/private/gitolite/default.nix b/modules/private/gitolite/default.nix
new file mode 100644
index 0000000..b9914a1
--- /dev/null
+++ b/modules/private/gitolite/default.nix
@@ -0,0 +1,63 @@
+{ lib, pkgs, config, myconfig, ... }:
+let
+    cfg = config.myServices.gitolite;
+in {
+  options.myServices.gitolite = {
+    enable = lib.mkEnableOption "my gitolite service";
+    gitoliteDir = lib.mkOption {
+      type = lib.types.string;
+      default = "/var/lib/gitolite";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 9418 ];
+    services.gitDaemon = {
+      enable = true;
+      user = "gitolite";
+      group = "gitolite";
+      basePath = "${cfg.gitoliteDir}/repositories";
+    };
+    system.activationScripts.gitolite = let
+      gitolite_ldap_groups = pkgs.mylibs.wrap {
+        name = "gitolite_ldap_groups.sh";
+        file = ./gitolite_ldap_groups.sh;
+        vars = {
+          LDAP_PASS = myconfig.env.tools.gitolite.ldap.password;
+        };
+        paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
+      };
+    in {
+      deps = [ "users" ];
+      text = ''
+        if [ -d ${cfg.gitoliteDir} ]; then
+          ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
+          chmod g+rx ${cfg.gitoliteDir}
+        fi
+        if [ -f ${cfg.gitoliteDir}/projects.list ]; then
+          chmod g+r ${cfg.gitoliteDir}/projects.list
+        fi
+      '';
+    };
+    users.users.wwwrun.extraGroups = [ "gitolite" ];
+    users.users.gitolite.packages = let
+      python-packages = python-packages: with python-packages; [
+        simplejson
+        urllib3
+        sleekxmpp
+      ];
+    in
+      [
+        (pkgs.python3.withPackages python-packages)
+      ];
+    # Installation: https://git.immae.eu/mantisbt/view.php?id=93
+    services.gitolite = {
+      enable = true;
+      adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu";
+    };
+  };
+}
diff --git a/modules/private/gitolite/gitolite_ldap_groups.sh b/modules/private/gitolite/gitolite_ldap_groups.sh
new file mode 100755
index 0000000..7db0da4
--- /dev/null
+++ b/modules/private/gitolite/gitolite_ldap_groups.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+uid_param="$1"
+ldap_host="ldap.immae.eu"
+ldap_binddn="cn=gitolite,ou=services,dc=immae,dc=eu"
+ldap_bindpw="$LDAP_PASS"
+ldap_searchbase="dc=immae,dc=eu"
+ldap_scope="subtree"
+ldap_options="-h ${ldap_host} -ZZ -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
+ldap_filter="(&(memberOf=cn=groups,cn=gitolite,ou=services,dc=immae,dc=eu)(|(member=uid=${uid_param},ou=users,dc=immae,dc=eu)(member=uid=${uid_param},ou=group_users,dc=immae,dc=eu)))"
+ldap_result=$(ldapsearch ${ldap_options} -LLL "${ldap_filter}" cn | grep 'cn:' | cut -d' ' -f2)
+echo "$ldap_result"
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:55:28 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-22 20:55:28 +0200
commit	8d213e2b1c934f6861f76aad5eb7c11097fa97de (patch)
tree	23f8a2d5692deaeffffa1ab5f098b2d24b9e2217 /modules/private/gitolite
parent	a1a8649a2be768685eb04c246c114fce36b8096f (diff)
download	Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.tar.gz Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.tar.zst Nix-8d213e2b1c934f6861f76aad5eb7c11097fa97de.zip

diff --git a/modules/private/gitolite/default.nix b/modules/private/gitolite/default.nix new file mode 100644 index 0000000..b9914a1 --- /dev/null +++ b/modules/private/gitolite/default.nix
@@ -0,0 +1,63 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	let
	3	cfg = config.myServices.gitolite;
	4	in {
	5	options.myServices.gitolite = {
	6	enable = lib.mkEnableOption "my gitolite service";
	7	gitoliteDir = lib.mkOption {
	8	type = lib.types.string;
	9	default = "/var/lib/gitolite";
	10	};
	11	};
	12
	13	config = lib.mkIf cfg.enable {
	14	networking.firewall.allowedTCPPorts = [ 9418 ];
	15
	16	services.gitDaemon = {
	17	enable = true;
	18	user = "gitolite";
	19	group = "gitolite";
	20	basePath = "${cfg.gitoliteDir}/repositories";
	21	};
	22
	23	system.activationScripts.gitolite = let
	24	gitolite_ldap_groups = pkgs.mylibs.wrap {
	25	name = "gitolite_ldap_groups.sh";
	26	file = ./gitolite_ldap_groups.sh;
	27	vars = {
	28	LDAP_PASS = myconfig.env.tools.gitolite.ldap.password;
	29	};
	30	paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
	31	};
	32	in {
	33	deps = [ "users" ];
	34	text = ''
	35	if [ -d ${cfg.gitoliteDir} ]; then
	36	ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
	37	chmod g+rx ${cfg.gitoliteDir}
	38	fi
	39	if [ -f ${cfg.gitoliteDir}/projects.list ]; then
	40	chmod g+r ${cfg.gitoliteDir}/projects.list
	41	fi
	42	'';
	43	};
	44
	45	users.users.wwwrun.extraGroups = [ "gitolite" ];
	46
	47	users.users.gitolite.packages = let
	48	python-packages = python-packages: with python-packages; [
	49	simplejson
	50	urllib3
	51	sleekxmpp
	52	];
	53	in
	54	[
	55	(pkgs.python3.withPackages python-packages)
	56	];
	57	# Installation: https://git.immae.eu/mantisbt/view.php?id=93
	58	services.gitolite = {
	59	enable = true;
	60	adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu";
	61	};
	62	};
	63	}


diff --git a/modules/private/gitolite/gitolite_ldap_groups.sh b/modules/private/gitolite/gitolite_ldap_groups.sh new file mode 100755 index 0000000..7db0da4 --- /dev/null +++ b/modules/private/gitolite/gitolite_ldap_groups.sh
@@ -0,0 +1,15 @@
	1	#!/usr/bin/env bash
	2
	3	uid_param="$1"
	4	ldap_host="ldap.immae.eu"
	5	ldap_binddn="cn=gitolite,ou=services,dc=immae,dc=eu"
	6	ldap_bindpw="$LDAP_PASS"
	7	ldap_searchbase="dc=immae,dc=eu"
	8	ldap_scope="subtree"
	9
	10	ldap_options="-h ${ldap_host} -ZZ -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
	11
	12	ldap_filter="(&(memberOf=cn=groups,cn=gitolite,ou=services,dc=immae,dc=eu)(\|(member=uid=${uid_param},ou=users,dc=immae,dc=eu)(member=uid=${uid_param},ou=group_users,dc=immae,dc=eu)))"
	13	ldap_result=$(ldapsearch ${ldap_options} -LLL "${ldap_filter}" cn \| grep 'cn:' \| cut -d' ' -f2)
	14
	15	echo "$ldap_result"