Rename virtual folder to nixops

Fixes https://git.immae.eu/mantisbt/view.php?id=82

2 files changed, 90 insertions, 0 deletions

diff --git a/nixops/modules/gitolite/default.nix b/nixops/modules/gitolite/default.nix
new file mode 100644
index 0000000..21eabc4
--- /dev/null
+++ b/nixops/modules/gitolite/default.nix
@@ -0,0 +1,75 @@
+{ lib, pkgs, config, myconfig, mylibs, ... }:
+let
+    cfg = config.services.myGitolite;
+in {
+  options.services.myGitolite = {
+    enable = lib.mkEnableOption "my gitolite service";
+    gitoliteDir = lib.mkOption {
+      type = lib.types.string;
+      default = "/var/lib/gitolite";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    nixpkgs.config.packageOverrides = oldpkgs: rec {
+      gitolite = oldpkgs.gitolite.overrideAttrs(old: rec {
+        name = "gitolite-${version}";
+        version = "3.6.10";
+        src = pkgs.fetchFromGitHub {
+          owner = "sitaramc";
+          repo = "gitolite";
+          rev = "v${version}";
+          sha256 = "0p2697mn6rwm03ndlv7q137zczai82n41aplq1g006ii7f12xy8h";
+        };
+      });
+    };
+
+    networking.firewall.allowedTCPPorts = [ 9418 ];
+
+    services.gitDaemon = {
+      enable = true;
+      user = "gitolite";
+      group = "gitolite";
+      basePath = "${cfg.gitoliteDir}/repositories";
+    };
+
+    system.activationScripts.gitolite = let
+      gitolite_ldap_groups = mylibs.wrap {
+        name = "gitolite_ldap_groups.sh";
+        file = ./gitolite_ldap_groups.sh;
+        vars = {
+          LDAP_PASS = myconfig.env.tools.gitolite.ldap.password;
+        };
+        paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
+      };
+    in {
+      deps = [ "users" ];
+      text = ''
+        if [ -d ${cfg.gitoliteDir} ]; then
+          ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
+          chmod g+rx ${cfg.gitoliteDir}
+        fi
+        if [ -f ${cfg.gitoliteDir}/projects.list ]; then
+          chmod g+r ${cfg.gitoliteDir}/projects.list
+        fi
+      '';
+    };
+
+    users.users.wwwrun.extraGroups = [ "gitolite" ];
+
+    users.users.gitolite.packages = let
+      python-packages = python-packages: with python-packages; [
+        simplejson
+        urllib3
+      ];
+    in
+      [
+        (pkgs.python3.withPackages python-packages)
+      ];
+    # Installation: https://git.immae.eu/mantisbt/view.php?id=93
+    services.gitolite = {
+      enable = true;
+      adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXqRbiHw7QoHADNIEuo4nUT9fSOIEBMdJZH0bkQAxXyJFyCM1IMz0pxsHV0wu9tdkkr36bPEUj2aV5bkYLBN6nxcV2Y49X8bjOSCPfx3n6Own1h+NeZVBj4ZByrFmqCbTxUJIZ2bZKcWOFncML39VmWdsVhNjg0X4NBBehqXRIKr2gt3E/ESAxTYJFm0BnU0baciw9cN0bsRGqvFgf5h2P48CIAfwhVcGmPQnnAwabnosYQzRWxR0OygH5Kd8mePh6FheIRIigfXsDO8f/jdxwut8buvNIf3m5EBr3tUbTsvM+eV3M5vKGt7sk8T64DVtepTSdOOWtp+47ktsnHOMh immae@immae.eu";
+    };
+  };
+}
diff --git a/nixops/modules/gitolite/gitolite_ldap_groups.sh b/nixops/modules/gitolite/gitolite_ldap_groups.sh
new file mode 100755
index 0000000..5f7ef6d
--- /dev/null
+++ b/nixops/modules/gitolite/gitolite_ldap_groups.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+uid_param="$1"
+ldap_host="ldap.immae.eu"
+ldap_binddn="cn=gitolite,ou=services,dc=immae,dc=eu"
+ldap_bindpw="$LDAP_PASS"
+ldap_searchbase="dc=immae,dc=eu"
+ldap_scope="subtree"
+
+ldap_options="-h ${ldap_host} -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
+
+ldap_filter="(&(memberOf=cn=groups,cn=gitolite,ou=services,dc=immae,dc=eu)(|(member=uid=${uid_param},ou=users,dc=immae,dc=eu)(member=uid=${uid_param},ou=group_users,dc=immae,dc=eu)))"
+ldap_result=$(ldapsearch ${ldap_options} -LLL "${ldap_filter}" cn | grep 'cn:' | cut -d' ' -f2)
+
+echo "$ldap_result"