From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 4 Oct 2023 01:35:06 +0200
Subject: Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
---
 modules/private/gitolite/default.nix             | 77 ------------------------
 modules/private/gitolite/gitolite_ldap_groups.sh | 15 -----
 modules/private/gitolite/ldap_gitolite.sh        | 33 ----------
 3 files changed, 125 deletions(-)
 delete mode 100644 modules/private/gitolite/default.nix
 delete mode 100755 modules/private/gitolite/gitolite_ldap_groups.sh
 delete mode 100644 modules/private/gitolite/ldap_gitolite.sh

(limited to 'modules/private/gitolite')

diff --git a/modules/private/gitolite/default.nix b/modules/private/gitolite/default.nix
deleted file mode 100644
index 6a74734..0000000
--- a/modules/private/gitolite/default.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ lib, pkgs, config, ... }:
-let
-    cfg = config.myServices.gitolite;
-in {
-  options.myServices.gitolite = {
-    enable = lib.mkEnableOption "my gitolite service";
-    gitoliteDir = lib.mkOption {
-      type = lib.types.str;
-      default = "/var/lib/gitolite";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    myServices.ssh.modules = [{
-      snippet = builtins.readFile ./ldap_gitolite.sh;
-      dependencies = [ pkgs.gitolite ];
-    }];
-    networking.firewall.allowedTCPPorts = [ 9418 ];
-
-    secrets.keys."gitolite/ldap_password" = {
-      user = "gitolite";
-      group = "gitolite";
-      permissions = "0400";
-      text = config.myEnv.tools.gitolite.ldap.password;
-    };
-
-    services.gitDaemon = {
-      enable = true;
-      user = "gitolite";
-      group = "gitolite";
-      basePath = "${cfg.gitoliteDir}/repositories";
-    };
-
-    system.activationScripts.gitolite = let
-      deps = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
-      gitolite_ldap_groups = pkgs.runCommand "gitolite_ldap_groups.sh" {
-        buildInputs = [ pkgs.makeWrapper ];
-      } ''
-        makeWrapper "${./gitolite_ldap_groups.sh}" "$out" \
-          --prefix PATH : ${lib.makeBinPath deps} \
-          --set LDAP_PASS_PATH ${config.secrets.fullPaths."gitolite/ldap_password"}
-        '';
-    in {
-      deps = [ "users" ];
-      text = ''
-        if [ -d ${cfg.gitoliteDir} ]; then
-          ln -sf ${gitolite_ldap_groups} ${cfg.gitoliteDir}/gitolite_ldap_groups.sh
-          chmod g+rx ${cfg.gitoliteDir}
-        fi
-        if [ -f ${cfg.gitoliteDir}/projects.list ]; then
-          chmod g+r ${cfg.gitoliteDir}/projects.list
-        fi
-      '';
-    };
-
-    users.users.wwwrun.extraGroups = [ "gitolite" ];
-    users.users.gitolite.extraGroups = [ "keys" ];
-
-    users.users.gitolite.packages = let
-      python-packages = python-packages: with python-packages; [
-        simplejson
-        urllib3
-        sleekxmpp
-      ];
-    in
-      [
-        (pkgs.python3.withPackages python-packages)
-        pkgs.nettools
-        pkgs.findutils
-      ];
-    # Installation: https://git.immae.eu/mantisbt/view.php?id=93
-    services.gitolite = {
-      enable = true;
-      adminPubkey = config.myEnv.sshd.rootKeys.immae_dilion;
-    };
-  };
-}
diff --git a/modules/private/gitolite/gitolite_ldap_groups.sh b/modules/private/gitolite/gitolite_ldap_groups.sh
deleted file mode 100755
index 3d7117e..0000000
--- a/modules/private/gitolite/gitolite_ldap_groups.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-uid_param="$1"
-ldap_host="ldap.immae.eu"
-ldap_binddn="cn=gitolite,ou=services,dc=immae,dc=eu"
-ldap_bindpw="$(cat $LDAP_PASS_PATH)"
-ldap_searchbase="dc=immae,dc=eu"
-ldap_scope="subtree"
-
-ldap_options="-h ${ldap_host} -ZZ -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
-
-ldap_filter="(&(memberOf=cn=groups,cn=gitolite,ou=services,dc=immae,dc=eu)(|(member=uid=${uid_param},ou=users,dc=immae,dc=eu)(member=uid=${uid_param},ou=group_users,dc=immae,dc=eu)))"
-ldap_result=$(ldapsearch ${ldap_options} -LLL "${ldap_filter}" cn | grep 'cn:' | cut -d' ' -f2)
-
-echo "$ldap_result"
diff --git a/modules/private/gitolite/ldap_gitolite.sh b/modules/private/gitolite/ldap_gitolite.sh
deleted file mode 100644
index 23cb2bf..0000000
--- a/modules/private/gitolite/ldap_gitolite.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh
-LDAP_GITOLITE_MEMBER="cn=users,cn=gitolite,ou=services,dc=immae,dc=eu"
-GITOLITE_SHELL=$(which gitolite-shell)
-
-if [[ $user == gitolite ]]; then
-  ldap_search '(&(memberOf='$LDAP_GITOLITE_MEMBER')('$KEY'=*))' $KEY | \
-    while read line ;
-    do
-      if [ ! -z "$line" ]; then
-        if [[ $line == dn* ]]; then
-          user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line")
-          if [ -n "$user" ]; then
-            if [[ $user == "immae" ]] || [[ $user == "denise" ]]; then
-              # Capitalize first letter (backward compatibility)
-              user=$(sed -r 's/^([a-z])/\U\1/' <<< "$user")
-            fi
-          else
-            # Service fake user
-            user=$(sed -n 's/.*cn=\([^,]*\).*/\1/p' <<< "$line")
-          fi
-        elif [[ $line == $KEY* ]]; then
-          key=$(clean_key_line git "$line")
-          if [ ! -z "$key" ]; then
-            if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
-              echo -n 'command="'$GITOLITE_SHELL' '$user'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty '
-              echo $key
-            fi
-          fi
-        fi
-      fi
-    done
-  exit 0
-fi
-- 
cgit v1.2.3