diff options
author | V <v@unfathomable.blue> | 2021-06-09 15:43:16 +0200 |
---|---|---|
committer | V <v@unfathomable.blue> | 2021-08-17 03:09:34 +0200 |
commit | ec0965e2672899d25a5a3a8c072de3ea734076a2 (patch) | |
tree | ddf53e6cc5ae47fa1a925f7a7d6414ba03718a84 /fleet/hosts/vityaz/git.nix | |
parent | db7c54f92f386a94db8af7a12626d2657b4dd640 (diff) | |
download | unf-legacy-ec0965e2672899d25a5a3a8c072de3ea734076a2.tar.zst |
fleet: init
Co-authored-by: edef <edef@unfathomable.blue> Change-Id: I36d2c4cca542ed91630b1b832f3c7a7b97b33c65
Diffstat (limited to 'fleet/hosts/vityaz/git.nix')
-rw-r--r-- | fleet/hosts/vityaz/git.nix | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/fleet/hosts/vityaz/git.nix b/fleet/hosts/vityaz/git.nix new file mode 100644 index 0000000..66f26db --- /dev/null +++ b/fleet/hosts/vityaz/git.nix @@ -0,0 +1,67 @@ +# SPDX-FileCopyrightText: V <v@unfathomable.blue> +# SPDX-FileCopyrightText: edef <edef@unfathomable.blue> +# SPDX-License-Identifier: OSL-3.0 + +{ lib, pkgs, ... }: + +with lib; + +{ + # TODO(edef): could we somehow make this use DynamicUser? + users.users.git = { + isSystemUser = true; + + group = "git"; + + home = "/var/lib/git"; + createHome = true; + + useDefaultShell = true; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFovWcdS0vQAJiEvwjEIUOv7eip52oX7rVOEMQDJkSL6 v@january" + "cert-authority ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvb/7ojfcbKvHIyjnrNUOOgzy44tCkgXY9HLuyFta1jQOE9pFIK19B4dR9bOglPKf145CCL0mSFJNNqmNwwavU2uRn+TQrW+U1dQAk8Gt+gh3O49YE854hwwyMU+xD6bIuUdfxPr+r5al/Ov5Km28ZMlHOs3FoAP0hInK+eAibioxL5rVJOtgicrOVCkGoXEgnuG+LRbOYTwzdClhRUxiPjK8alCbcJQ53AeZHO4G6w9wTr+W5ILCfvW4OmUXCX01sKzaBiQuuFCF6M/H4LlnsPWLMra2twXxkOIhZblwC+lncps9lQaUgiD4koZeOCORvHW00G0L39ilFbbnVcL6Itp/m8RRWm/xRxS4RMnsdV/AhvpRLrhL3lfQ7E2oCeSM36v1S9rdg6a47zcnpL+ahG76Gz39Y7KmVRQciNx7ezbwxj3Q5lZtFykgdfGIAN+bT8ijXMO6m68g60i9Bz4IoMZGkiJGqMYLTxMQ+oRgR3Ro5lbj7E11YBHyeimoBYXYGHMkiuxopQZ7lIj3plxIzhmUlXJBA4jMw9KGHdYaLhaicIYhvQmCTAjrkt2HvxEe6lU8iws2Qv+pB6tAGundN36RVVWAckeQPZ4ZsgDP8V2FfibZ1nsrQ+zBKqaslYMAHs01Cf0Hm0PnCqagf230xaobu0iooNuXx44QKoDnB+w== openpgp:0x803010E7" + ]; + + packages = with pkgs; [ + git + ]; + }; + + users.groups.git = {}; + + # TODO(V): Enable the reflog? + declarative.git.repositories = flip genAttrs (repo: { + hooks.post-receive = [ + # FIXME(V): There are more than a number of issues with this! + # - non-generic (we could use $GIT_DIR or such) + # - requires an explicit remote (we could add this to the config) + # - only updates trunk (even if other branches were pushed) + # - has no way to filter specific branches from being published + # - does not synchronize tags + (pkgs.writeShellScript "sync-repository" '' + git push trieste:${repo} trunk + '') + ]; + }) [ + # TODO(V): Take the list of public repositories from hosts/trieste/git.nix + # (or do the inverse) + # (or put this information in a shared location) + "ripple" + "ripple-website" + "nixos-config" + + # Note: private repositories are currently not configured here. + # If we find it acceptable to leak their names, they could take advantage of this module as well. + ]; + + # TODO(V): Linting hooks (honestly, these should just go in CI) + # - reuse lint + # - check there's a (owner) for every TODO, FIXME, XXX, etc + # - make sure everything has been run through rustfmt + + # TODO(V): An equivalent of Bors ("Tolby"?) for our workflow + # (or, at least, a queue of commits that must individually pass CI to get merged) + + # TODO(V): Set up CI +} |