diff options
-rw-r--r-- | Biz/Cloud/Git.nix | 32 | ||||
-rw-r--r-- | Biz/Cloud/Networking.nix | 2 | ||||
-rw-r--r-- | Biz/Cloud/Web.nix | 22 | ||||
-rwxr-xr-x | Biz/Cloud/post-receive | 36 |
4 files changed, 84 insertions, 8 deletions
diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix index b35b126..4dde27f 100644 --- a/Biz/Cloud/Git.nix +++ b/Biz/Cloud/Git.nix @@ -1,11 +1,13 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: -{ +let + root = "/srv/git"; +in { services = { gitolite = { enable = true; enableGitAnnex = true; - dataDir = "/srv/git"; + dataDir = root; user = "git"; group = "git"; extraGitoliteRc = '' @@ -16,6 +18,30 @@ (lib.strings.splitString "\n") lib.lists.head ]; + # TODO: this is broken + # commonHooks = [ ./git-hooks ]; }; + gitDaemon = { + enable = true; + basePath = "${root}/repositories"; + repositories = map (p: "${root}/repositories/${p}") [ + "nixpkgs.git" + "ben/bin.git" + "ben/cfg.git" + ]; + listenAddress = "simatime.com"; + user = "gitDaemon"; + group = "gitDaemon"; + }; + }; + users.users = { + gitDaemon = { + #uid = config.ids.uids.gitDaemon; + description = "Git daemon user"; + extraGroups = [ "git" ]; + }; + }; + users.groups = { + gitDaemon = {}; }; } diff --git a/Biz/Cloud/Networking.nix b/Biz/Cloud/Networking.nix index e14ae37..5165280 100644 --- a/Biz/Cloud/Networking.nix +++ b/Biz/Cloud/Networking.nix @@ -3,6 +3,7 @@ let ports = { ssh = 22; + git = 9418; http = 80; https = 443; sabten = 8080; @@ -13,6 +14,7 @@ in { firewall = { allowedTCPPorts = [ ports.ssh + ports.git ports.http ports.https ports.sabten diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix index bc0d921..cba8b2f 100644 --- a/Biz/Cloud/Web.nix +++ b/Biz/Cloud/Web.nix @@ -12,10 +12,10 @@ in listen = "0.0.0.0:1965 [::]:1965"; ":tls" = { store = "/var/lib/gmnisrv"; }; "bsima.me" = { - "root" = "/www/ben/public"; + "root" = "/srv/www/ben"; }; "simatime.com" = { - "root" = "/www/simatime.com/public"; + "root" = "/srv/www/simatime.com"; "cgi" = "on"; }; }; @@ -34,11 +34,23 @@ in virtualHosts = { ${rootDomain} = { - locations."/".root = "/srv/www/"; + locations."/archive.*" = { + root = "/srv/www/simatime.com/archive"; + extraConfig = '' + autoindex on; + ''; + }; + + locations."/" = { + root = "/srv/www/simatime.com"; + extraConfig = '' + autoindex on; + ''; + }; # serve /~$USER paths locations."~ ^/~(.+?)(/.*)?$" = { - alias = "/www/$1/public$2"; + alias = "/srv/www/$1$2"; index = "index.html index.htm"; extraConfig = '' autoindex on; @@ -50,7 +62,7 @@ in "bsima.me" = { locations."/" = { - root = "/www/ben/public"; + root = "/srv/www/ben"; index = "index.html index.htm"; extraConfig = '' autoindex on; diff --git a/Biz/Cloud/post-receive b/Biz/Cloud/post-receive new file mode 100755 index 0000000..ede443f --- /dev/null +++ b/Biz/Cloud/post-receive @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# +# creates an archive of a git repo on push +# +# unfortunately the nixos gitolite module does not copy the 'commonHooks' +# properly, so we have to manually deploy this like so: +# +# scp Biz/Cloud/post-receive \ +# root@simatime.com:/srv/git/.gitolite/hooks/common/post-receive +# +# One time only: +# +# ssh root@simatime.com "sudo -u git gitolite setup -ho" +# +# Also on first-time setup, might need to manually check the permissions are +# correct on $webroot/archive or wherever else. +# +set -euo pipefail +while read oldrev newrev refname +do + repo=$(basename $PWD | sed 's/.git//g') + branch=$(git rev-parse --symbolic --abbrev-ref $refname) + webroot="/srv/www/simatime.com/" + outdir="$webroot/archive/$repo/$branch" + mkdir -p $outdir + echo " making: https://simatime.com/archive/$repo/$branch/$newrev.tar.gz" + git archive "$branch" --prefix "$repo-$branch/" --format tar \ + | gzip > "$outdir/$newrev.tar.gz" + echo " making: https://simatime.com/archive/$repo/$branch/$newrev.sha256" + hash=$(nix-prefetch-url --unpack file://$outdir/$newrev.tar.gz 2>/dev/null) + echo "$hash" > "$outdir/$newrev.sha256" + echo " commit: $newrev" + echo " sha256: $hash" + echo " in biz: deps update $repo --brach $branch --rev $newrev --attribute sha256=$hash" + chmod -R 755 "$webroot/archive" +done |