summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Biz/Cloud/Git.nix32
-rw-r--r--Biz/Cloud/Networking.nix2
-rw-r--r--Biz/Cloud/Web.nix22
-rwxr-xr-xBiz/Cloud/post-receive36
4 files changed, 84 insertions, 8 deletions
diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix
index b35b126..4dde27f 100644
--- a/Biz/Cloud/Git.nix
+++ b/Biz/Cloud/Git.nix
@@ -1,11 +1,13 @@
-{ pkgs, lib, ... }:
+{ pkgs, lib, config, ... }:
-{
+let
+ root = "/srv/git";
+in {
services = {
gitolite = {
enable = true;
enableGitAnnex = true;
- dataDir = "/srv/git";
+ dataDir = root;
user = "git";
group = "git";
extraGitoliteRc = ''
@@ -16,6 +18,30 @@
(lib.strings.splitString "\n")
lib.lists.head
];
+ # TODO: this is broken
+ # commonHooks = [ ./git-hooks ];
};
+ gitDaemon = {
+ enable = true;
+ basePath = "${root}/repositories";
+ repositories = map (p: "${root}/repositories/${p}") [
+ "nixpkgs.git"
+ "ben/bin.git"
+ "ben/cfg.git"
+ ];
+ listenAddress = "simatime.com";
+ user = "gitDaemon";
+ group = "gitDaemon";
+ };
+ };
+ users.users = {
+ gitDaemon = {
+ #uid = config.ids.uids.gitDaemon;
+ description = "Git daemon user";
+ extraGroups = [ "git" ];
+ };
+ };
+ users.groups = {
+ gitDaemon = {};
};
}
diff --git a/Biz/Cloud/Networking.nix b/Biz/Cloud/Networking.nix
index e14ae37..5165280 100644
--- a/Biz/Cloud/Networking.nix
+++ b/Biz/Cloud/Networking.nix
@@ -3,6 +3,7 @@
let
ports = {
ssh = 22;
+ git = 9418;
http = 80;
https = 443;
sabten = 8080;
@@ -13,6 +14,7 @@ in {
firewall = {
allowedTCPPorts = [
ports.ssh
+ ports.git
ports.http
ports.https
ports.sabten
diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix
index bc0d921..cba8b2f 100644
--- a/Biz/Cloud/Web.nix
+++ b/Biz/Cloud/Web.nix
@@ -12,10 +12,10 @@ in
listen = "0.0.0.0:1965 [::]:1965";
":tls" = { store = "/var/lib/gmnisrv"; };
"bsima.me" = {
- "root" = "/www/ben/public";
+ "root" = "/srv/www/ben";
};
"simatime.com" = {
- "root" = "/www/simatime.com/public";
+ "root" = "/srv/www/simatime.com";
"cgi" = "on";
};
};
@@ -34,11 +34,23 @@ in
virtualHosts = {
${rootDomain} = {
- locations."/".root = "/srv/www/";
+ locations."/archive.*" = {
+ root = "/srv/www/simatime.com/archive";
+ extraConfig = ''
+ autoindex on;
+ '';
+ };
+
+ locations."/" = {
+ root = "/srv/www/simatime.com";
+ extraConfig = ''
+ autoindex on;
+ '';
+ };
# serve /~$USER paths
locations."~ ^/~(.+?)(/.*)?$" = {
- alias = "/www/$1/public$2";
+ alias = "/srv/www/$1$2";
index = "index.html index.htm";
extraConfig = ''
autoindex on;
@@ -50,7 +62,7 @@ in
"bsima.me" = {
locations."/" = {
- root = "/www/ben/public";
+ root = "/srv/www/ben";
index = "index.html index.htm";
extraConfig = ''
autoindex on;
diff --git a/Biz/Cloud/post-receive b/Biz/Cloud/post-receive
new file mode 100755
index 0000000..ede443f
--- /dev/null
+++ b/Biz/Cloud/post-receive
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# creates an archive of a git repo on push
+#
+# unfortunately the nixos gitolite module does not copy the 'commonHooks'
+# properly, so we have to manually deploy this like so:
+#
+# scp Biz/Cloud/post-receive \
+# root@simatime.com:/srv/git/.gitolite/hooks/common/post-receive
+#
+# One time only:
+#
+# ssh root@simatime.com "sudo -u git gitolite setup -ho"
+#
+# Also on first-time setup, might need to manually check the permissions are
+# correct on $webroot/archive or wherever else.
+#
+set -euo pipefail
+while read oldrev newrev refname
+do
+ repo=$(basename $PWD | sed 's/.git//g')
+ branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+ webroot="/srv/www/simatime.com/"
+ outdir="$webroot/archive/$repo/$branch"
+ mkdir -p $outdir
+ echo " making: https://simatime.com/archive/$repo/$branch/$newrev.tar.gz"
+ git archive "$branch" --prefix "$repo-$branch/" --format tar \
+ | gzip > "$outdir/$newrev.tar.gz"
+ echo " making: https://simatime.com/archive/$repo/$branch/$newrev.sha256"
+ hash=$(nix-prefetch-url --unpack file://$outdir/$newrev.tar.gz 2>/dev/null)
+ echo "$hash" > "$outdir/$newrev.sha256"
+ echo " commit: $newrev"
+ echo " sha256: $hash"
+ echo " in biz: deps update $repo --brach $branch --rev $newrev --attribute sha256=$hash"
+ chmod -R 755 "$webroot/archive"
+done