diff --git a/.gitignore b/.gitignore index 83d33ebd80d95bd00e60595710255031a3025bd2..890579608f6bc3a0326f5200e6177a01f59125d4 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,3 @@ /ugit* .ssh/ .ugit/ .tsnet/ -*.qcow2 diff --git a/flake.nix b/flake.nix index cc9a21a53244abf991efdb804a4c6219fb457bba..a9b837d3071dd73beec4745d84ac5aa26fada7a4 100644 --- a/flake.nix +++ b/flake.nix @@ -54,19 +54,5 @@ }; } ); nixosModules.default = import ./nix/module.nix; - nixosConfigurations.ugitVM = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./nix/vm.nix - { - virtualisation.vmVariant.virtualisation = { - cores = 2; - memorySize = 2048; - graphics = false; - }; - system.stateVersion = "23.11"; - } - ]; - }; }; } diff --git a/nix/module.nix b/nix/module.nix index 1dc7638ad0fd83cbc1139d1fac443dcc6e3d23bf..7c39455d8b76224e234616434f83a1d2a5bb1f49 100644 --- a/nix/module.nix +++ b/nix/module.nix @@ -12,7 +12,6 @@ instanceOptions = { name, config, ... }: let inherit (lib) mkEnableOption mkOption types; - baseDir = "/var/lib/ugit-${name}"; in { options = { @@ -27,13 +26,13 @@ homeDir = mkOption { type = types.str; description = "ugit home directory"; - default = baseDir; + default = "/var/lib/${name}"; }; repoDir = mkOption { type = types.str; description = "where ugit stores repositories"; - default = "${baseDir}/repos"; + default = "/var/lib/${name}/repos"; }; authorizedKeys = mkOption { @@ -45,13 +44,13 @@ authorizedKeysFile = mkOption { type = types.str; description = "path to authorized_keys file ugit uses for auth"; - default = "${baseDir}/authorized_keys"; + default = "/var/lib/${name}/authorized_keys"; }; hostKeyFile = mkOption { type = types.str; description = "path to host key file (will be created if it doesn't exist)"; - default = "${baseDir}/ugit_ed25519"; + default = "/var/lib/${name}/ugit_ed25519"; }; config = mkOption { @@ -224,5 +223,28 @@ }; } ) ) { } (builtins.attrNames cfg); + + systemd.tmpfiles.settings = lib.mapAttrs' ( + name: instanceCfg: + lib.nameValuePair "ugit-${name}" ( + builtins.listToAttrs ( + map ( + hook: + let + script = pkgs.writeShellScript hook.name hook.content; + path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}"; + in + { + name = path; + value = { + "L" = { + argument = "${script}"; + }; + }; + } + ) instanceCfg.hooks + ) + ) + ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg); }; } diff --git a/nix/test.nix b/nix/test.nix new file mode 100644 index 0000000000000000000000000000000000000000..095c9065b8e064ed7ceee1624bd5a244c108032d --- /dev/null +++ b/nix/test.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: +{ + imports = [ ./module.nix ]; + + users.users.jolheiser = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + initialPassword = "test"; + }; + + services.ugit = { + enable = true; + hooks = [ + { + name = "pre-receive"; + content = '' + echo "Pre-receive hook executed" + ''; + } + ]; + }; +} diff --git a/nix/vm.nix b/nix/vm.nix deleted file mode 100644 index 087fa6b88148c81845ec1a779f0b9498727e6e05..0000000000000000000000000000000000000000 --- a/nix/vm.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ pkgs, ... }: -let - privKey = '' - -----BEGIN OPENSSH PRIVATE KEY----- - b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW - QyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQAAAIgAYtkzAGLZ - MwAAAAtzc2gtZWQyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQ - AAAEDFY3M69VfnFbyE67r3l4lDcf5eht5qgNemE9xtMhRkBkimYu1weEQJ6LWWzqzSQpR6 - GOlEI/3J6X9zlgIhvkOlAAAAAAECAwQF - -----END OPENSSH PRIVATE KEY----- - ''; - pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEimYu1weEQJ6LWWzqzSQpR6GOlEI/3J6X9zlgIhvkOl"; - sshConfig = '' - Host ugit - HostName localhost - Port 8448 - User ugit - IdentityFile ~/.ssh/vm - IdentitiesOnly yes - ''; -in -{ - imports = [ ./module.nix ]; - environment.systemPackages = with pkgs; [ git ]; - services.getty.autologinUser = "root"; - services.openssh.enable = true; - services.ugit.vm = { - enable = true; - authorizedKeys = [ pubKey ]; - hooks = [ - { - name = "pre-receive"; - content = '' - echo "Pre-receive hook executed" - ''; - } - ]; - }; - systemd.services."setup-vm" = { - wantedBy = [ "multi-user.target" ]; - after = [ "ugit-vm.service" ]; - path = with pkgs; [ - git - ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - User = "root"; - Group = "root"; - ExecStart = - let - privSSH = pkgs.writeText "vm-privkey" privKey; - sshConfigFile = pkgs.writeText "vm-sshconfig" sshConfig; - in - pkgs.writeShellScript "setup-vm-script" '' - # Hack to let ugit start up and generate its SSH keypair - sleep 3 - - # Set up git - git config --global user.name "NixUser" - git config --global user.email "nixuser@example.com" - git config --global init.defaultBranch main - git config --global push.autoSetupRemote true - - # Set up SSH files - mkdir ~/.ssh - ln -sf ${sshConfigFile} ~/.ssh/config - cp ${privSSH} ~/.ssh/vm - chmod 600 ~/.ssh/vm - echo "[localhost]:8448 $(cat /var/lib/ugit-vm/ugit_ed25519.pub)" > ~/.ssh/known_hosts - - # Stage some git activity - mkdir ~/repo - cd ~/repo - git init - git remote add origin ugit:repo.git - touch README.md - git add README.md - git commit -m "Test" - ''; - }; - }; - -}