Home

ugit @main - refs - log -
- 
https://git.jolheiser.com/ugit.git
The code powering this h*ckin' site
tree log patch
testing vm
Signature
-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQAuwNgEYXazZCd0ajb4AnBAJlssVr9Wz82sWUVJZ9KoaHv0ktrAoEPRh4QzMvAosgl 4JlpSOGjCshyh+gYkxZAo= -----END SSH SIGNATURE-----
jolheiser <git@jolheiser.com>
1 month ago
5 changed files, 104 additions(+), 49 deletions(-)
.gitignoreflake.nixnix/module.nixnix/test.nixnix/vm.nix
M .gitignore.gitignore
1
2
3
4
5
6
7
8
9

diff --git a/.gitignore b/.gitignore
index 890579608f6bc3a0326f5200e6177a01f59125d4..83d33ebd80d95bd00e60595710255031a3025bd2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ /ugit*
 .ssh/
 .ugit/
 .tsnet/
+*.qcow2
M flake.nixflake.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

diff --git a/flake.nix b/flake.nix
index a9b837d3071dd73beec4745d84ac5aa26fada7a4..cc9a21a53244abf991efdb804a4c6219fb457bba 100644
--- a/flake.nix
+++ b/flake.nix
@@ -54,5 +54,19 @@           };
         }
       );
       nixosModules.default = import ./nix/module.nix;
+      nixosConfigurations.ugitVM = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./nix/vm.nix
+          {
+            virtualisation.vmVariant.virtualisation = {
+              cores = 2;
+              memorySize = 2048;
+              graphics = false;
+            };
+            system.stateVersion = "23.11";
+          }
+        ];
+      };
     };
 }
M nix/module.nixnix/module.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

diff --git a/nix/module.nix b/nix/module.nix
index 7c39455d8b76224e234616434f83a1d2a5bb1f49..1dc7638ad0fd83cbc1139d1fac443dcc6e3d23bf 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -12,6 +12,7 @@   instanceOptions =
     { name, config, ... }:
     let
       inherit (lib) mkEnableOption mkOption types;
+      baseDir = "/var/lib/ugit-${name}";
     in
     {
       options = {
@@ -26,13 +27,13 @@
         homeDir = mkOption {
           type = types.str;
           description = "ugit home directory";
-          default = "/var/lib/${name}";
+          default = baseDir;
         };
 
         repoDir = mkOption {
           type = types.str;
           description = "where ugit stores repositories";
-          default = "/var/lib/${name}/repos";
+          default = "${baseDir}/repos";
         };
 
         authorizedKeys = mkOption {
@@ -44,13 +45,13 @@
         authorizedKeysFile = mkOption {
           type = types.str;
           description = "path to authorized_keys file ugit uses for auth";
-          default = "/var/lib/${name}/authorized_keys";
+          default = "${baseDir}/authorized_keys";
         };
 
         hostKeyFile = mkOption {
           type = types.str;
           description = "path to host key file (will be created if it doesn't exist)";
-          default = "/var/lib/${name}/ugit_ed25519";
+          default = "${baseDir}/ugit_ed25519";
         };
 
         config = mkOption {
@@ -223,28 +224,5 @@           };
         }
       )
     ) { } (builtins.attrNames cfg);
-
-    systemd.tmpfiles.settings = lib.mapAttrs' (
-      name: instanceCfg:
-      lib.nameValuePair "ugit-${name}" (
-        builtins.listToAttrs (
-          map (
-            hook:
-            let
-              script = pkgs.writeShellScript hook.name hook.content;
-              path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}";
-            in
-            {
-              name = path;
-              value = {
-                "L" = {
-                  argument = "${script}";
-                };
-              };
-            }
-          ) instanceCfg.hooks
-        )
-      )
-    ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
   };
 }
D nix/test.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

diff --git a/nix/test.nix b/nix/test.nix
deleted file mode 100644
index 095c9065b8e064ed7ceee1624bd5a244c108032d..0000000000000000000000000000000000000000
--- a/nix/test.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-{
-  imports = [ ./module.nix ];
-
-  users.users.jolheiser = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    initialPassword = "test";
-  };
-
-  services.ugit = {
-    enable = true;
-    hooks = [
-      {
-        name = "pre-receive";
-        content = ''
-          echo "Pre-receive hook executed"
-        '';
-      }
-    ];
-  };
-}
I nix/vm.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

diff --git a/nix/vm.nix b/nix/vm.nix
new file mode 100644
index 0000000000000000000000000000000000000000..087fa6b88148c81845ec1a779f0b9498727e6e05
--- /dev/null
+++ b/nix/vm.nix
@@ -0,0 +1,84 @@
+{ pkgs, ... }:
+let
+  privKey = ''
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQAAAIgAYtkzAGLZ
+    MwAAAAtzc2gtZWQyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQ
+    AAAEDFY3M69VfnFbyE67r3l4lDcf5eht5qgNemE9xtMhRkBkimYu1weEQJ6LWWzqzSQpR6
+    GOlEI/3J6X9zlgIhvkOlAAAAAAECAwQF
+    -----END OPENSSH PRIVATE KEY-----
+  '';
+  pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEimYu1weEQJ6LWWzqzSQpR6GOlEI/3J6X9zlgIhvkOl";
+  sshConfig = ''
+    Host ugit
+        HostName localhost
+        Port 8448
+        User ugit
+        IdentityFile ~/.ssh/vm
+        IdentitiesOnly yes
+  '';
+in
+{
+  imports = [ ./module.nix ];
+  environment.systemPackages = with pkgs; [ git ];
+  services.getty.autologinUser = "root";
+  services.openssh.enable = true;
+  services.ugit.vm = {
+    enable = true;
+    authorizedKeys = [ pubKey ];
+    hooks = [
+      {
+        name = "pre-receive";
+        content = ''
+          echo "Pre-receive hook executed"
+        '';
+      }
+    ];
+  };
+  systemd.services."setup-vm" = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "ugit-vm.service" ];
+    path = with pkgs; [
+      git
+    ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      User = "root";
+      Group = "root";
+      ExecStart =
+        let
+          privSSH = pkgs.writeText "vm-privkey" privKey;
+          sshConfigFile = pkgs.writeText "vm-sshconfig" sshConfig;
+        in
+        pkgs.writeShellScript "setup-vm-script" ''
+          # Hack to let ugit start up and generate its SSH keypair
+          sleep 3
+
+          # Set up git
+          git config --global user.name "NixUser"
+          git config --global user.email "nixuser@example.com"
+          git config --global init.defaultBranch main
+          git config --global push.autoSetupRemote true
+
+          # Set up SSH files
+          mkdir ~/.ssh
+          ln -sf ${sshConfigFile} ~/.ssh/config
+          cp ${privSSH} ~/.ssh/vm
+          chmod 600 ~/.ssh/vm
+          echo "[localhost]:8448 $(cat /var/lib/ugit-vm/ugit_ed25519.pub)" > ~/.ssh/known_hosts
+
+          # Stage some git activity
+          mkdir ~/repo
+          cd ~/repo
+          git init
+          git remote add origin ugit:repo.git
+          touch README.md
+          git add README.md
+          git commit -m "Test"
+        '';
+    };
+  };
+
+}