diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-10-21 22:08:49 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-02-08 13:45:47 +0000 |
| commit | 489b6e6ddf088b64aaf3cec2d76068210444f1c7 (patch) | |
| tree | d60e62694e5ee49aa5ae3bfbfb9c717a877acb9a /modules | |
| parent | b0189ffa7f7313ba7962df1798b1a40d046937ae (diff) | |
| download | nixlib-489b6e6ddf088b64aaf3cec2d76068210444f1c7.tar nixlib-489b6e6ddf088b64aaf3cec2d76068210444f1c7.tar.gz nixlib-489b6e6ddf088b64aaf3cec2d76068210444f1c7.tar.bz2 nixlib-489b6e6ddf088b64aaf3cec2d76068210444f1c7.tar.lz nixlib-489b6e6ddf088b64aaf3cec2d76068210444f1c7.tar.xz nixlib-489b6e6ddf088b64aaf3cec2d76068210444f1c7.tar.zst nixlib-489b6e6ddf088b64aaf3cec2d76068210444f1c7.zip | |
modules/spectrum: make git repositories declarative
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/server/git/default.nix | 73 | ||||
| -rw-r--r-- | modules/server/spectrum/default.nix | 4 | ||||
| -rw-r--r-- | modules/server/spectrum/git/default.nix | 109 | ||||
| -rw-r--r-- | modules/server/spectrum/patch-refs/default.nix | 46 | ||||
| -rw-r--r-- | modules/server/spectrum/patch-refs/mda.elb | 36 |
5 files changed, 266 insertions, 2 deletions
diff --git a/modules/server/git/default.nix b/modules/server/git/default.nix new file mode 100644 index 000000000000..bce947bfd430 --- /dev/null +++ b/modules/server/git/default.nix @@ -0,0 +1,73 @@ +# SPDX-FileCopyrightText: V <v@unfathomable.blue> +# SPDX-FileCopyrightText: 2022 Alyssa Ross <hi@alyssa.is> +# SPDX-License-Identifier: OSL-3.0 + +# Adapted from https://src.unfathomable.blue/nixos-config/tree/modules/declarative-git.nix + +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.declarative-git; + + repoOpts = { config, ... }: { + options = { + branch = mkOption { + default = "main"; + description = "Branch to be the repository's HEAD"; + type = types.str; + }; + + description = mkOption { + description = "Description of the repository."; + type = types.str; + }; + + config = mkOption { + description = "Git configuration for the repository."; + type = types.attrs; + default = {}; + }; + + hooks = mkOption { + description = "Git hooks for the repository."; + type = with types; attrsOf (listOf path); + default = {}; + }; + + owner = mkOption { + description = "Name of the user to own the git repository."; + type = types.str; + default = "-"; + }; + + group = mkOption { + description = "Name of the group for the git repository."; + type = types.str; + default = "-"; + }; + }; + }; +in { + options.declarative-git = { + repositories = mkOption { + description = "Repositories to manage declaratively."; + type = types.attrsOf (types.submodule repoOpts); + default = {}; + }; + + hooks = mkOption { + description = "Git hooks to apply to all declarative repositories."; + type = with types; attrsOf (listOf path); + default = {}; + }; + }; + + config.systemd.tmpfiles.packages = mapAttrsToList (path: config: + pkgs.declarative-git-repository { + inherit path; + inherit (config) branch config description owner group; + hooks = zipAttrsWith (_: concatLists) [ cfg.hooks config.hooks ]; + }) cfg.repositories; +} diff --git a/modules/server/spectrum/default.nix b/modules/server/spectrum/default.nix index b819d653f5f1..d6c2eaa57d0e 100644 --- a/modules/server/spectrum/default.nix +++ b/modules/server/spectrum/default.nix @@ -2,8 +2,8 @@ { imports = [ - ./acme ./cgit ./git-http-backend ./nginx ./postfix ./public-inbox - ./spectrumbot ./vultr-mon + ./acme ./cgit ./git ./git-http-backend ./nginx ./patch-refs ./postfix + ./public-inbox ./spectrumbot ./vultr-mon ]; nix.settings.substituters = [ "https://cache.dataaturservice.se/spectrum/" ]; diff --git a/modules/server/spectrum/git/default.nix b/modules/server/spectrum/git/default.nix new file mode 100644 index 000000000000..e0d26c820511 --- /dev/null +++ b/modules/server/spectrum/git/default.nix @@ -0,0 +1,109 @@ +{ pkgs, ... }: + +{ + imports = [ ../../git ]; + + declarative-git.repositories."/home/spectrum/git/crosvm.git" = { + branch = "master"; + description = "Downstream crosvm tree for Spectrum"; + group = "spectrum"; + }; + + declarative-git.repositories."/home/spectrum/git/doc.git" = { + branch = "master"; + description = "Old manuals for Spectrum"; + hooks.post-update = [ + (pkgs.writeShellScript "post-update.sh" '' + nix-build --tarball-ttl 0 --out-link built --cores 1 -j1 -E " + let src = builtins.fetchGit ./.; + in (import src).overrideAttrs ({ ... }: { inherit src; }) + " + '') + ]; + group = "spectrum"; + }; + + declarative-git.repositories."/home/spectrum/git/nixpkgs.git" = { + branch = "master"; + description = "Downstream nixpkgs tree for Spectrum"; + group = "spectrum"; + config.core.sharedrepository = "0644"; + }; + + declarative-git.repositories."/home/spectrum/git/mktuntap.git" = { + branch = "master"; + description = "Utility program for creating TUN and TAP devices on file descriptors"; + group = "spectrum"; + config.cgit.readme = ":README"; + config.core.sharedrepository = "0644"; + config.receive.denyNonFastforwards = true; + }; + + declarative-git.repositories."/home/spectrum/git/spectrum.git" = { + description = "A compartmentalized operating system"; + group = "spectrum"; + config.cgit.defBranch = "main"; + hooks.post-receive = with pkgs; [ + (writeShellScript "send-email.sh" '' + set -ueo pipefail + export PATH=${lib.makeBinPath [ coreutils curl gitMinimal gnused mailutils ]} + + repo_url=https://spectrum-os.org/git/spectrum + inbox_url=https://spectrum-os.org/lists/archives/spectrum-devel + + while read oldrev newrev refname; do + [ "$refname" = "refs/heads/main" ] || continue + + git log --reverse --format=%H "$oldrev..$newrev" | while read commit; do + message_id="$(git log -1 --format=%B "$commit" | + git interpret-trailers --parse | + sed -n 's/^Message-Id: <\(.*\)>$/\1/Ip' | head -n 1)" + + [ -n "$message_id" ] || continue + + url="$inbox_url/$message_id/raw" + path="$(mktemp)" + curl -LSfso "$path" "$url" + mail -E "file $path" -E "reply" -E "quit" <<EOF + This patch has been committed as $commit, + which can be viewed online at + $repo_url/commit/?id=$commit. + + This is an automated message. Send comments/questions/requests to: + Alyssa Ross <hi@alyssa.is> + EOF + rm "$path" + done + done + '') + (writeShellScript "build-documentation.sh" '' + nix-build --tarball-ttl 0 --out-link /home/spectrum/Documentation -E ' + let + pkgs = import (builtins.fetchGit { url = ../nixpkgs.git; ref = "rootfs"; }) {}; + src = builtins.fetchGit { url = ./.; ref = "main"; }; + in + import "''${src}/Documentation" { config = { inherit pkgs; }; } + ' + '') + ]; + }; + + declarative-git.repositories."/home/spectrum/git/ucspi-vsock.git" = { + branch = "master"; + description = "UCSPI-1996 implementation for Linux AF_VSOCK sockets"; + group = "spectrum"; + }; + + declarative-git.repositories."/home/spectrum/git/www.git" = { + branch = "master"; + description = "Static source files for the Spectrum website"; + group = "spectrum"; + config.cgit.readme = ":README"; + config.core.bare = false; + config.core.logallrefupdates = true; + config.core.sharedrepository = 1; + config.core.worktree = "../../www"; + config.receive.denyCurrentBranch = "updateInstead"; + config.receive.denyNonFastforwards = true; + }; +} diff --git a/modules/server/spectrum/patch-refs/default.nix b/modules/server/spectrum/patch-refs/default.nix new file mode 100644 index 000000000000..8e608c5201d2 --- /dev/null +++ b/modules/server/spectrum/patch-refs/default.nix @@ -0,0 +1,46 @@ +{ lib, pkgs, ... }: + +{ + users.users.patch-refs = { + description = "spectrum-devel patch monitor"; + group = "spectrum"; + isSystemUser = true; + }; + + services.postfix.virtual = '' + patch-refs@spectrum-os.org patch-refs@spectrum-os.org + ''; + + services.postfix.transport = '' + patch-refs@spectrum-os.org patch-refs: + ''; + + services.postfix.masterConfig.patch-refs = { + type = "unix"; + command = "pipe"; + privileged = true; + args = [ + "flags=X" + "user=patch-refs" + "argv=${with pkgs; toString [ + "${execline}/bin/export" "PATH" + (lib.makeBinPath [ + b4 coreutils findutils gitMinimal strace + + (mblaze.overrideAttrs ({ patches ? [], ... }: { + patches = patches ++ [ + (fetchpatch { + url = "https://inbox.vuxu.org/mblaze/20220523170921.2623516-1-hi@alyssa.is/raw"; + sha256 = "1fwnr6277fjdrv0lvjrzyxjd1p94c6jg2nl6cd4lh9aizmfbjiq0"; + }) + ]; + })) + ]) + "${execline}/bin/execlineb" + "-S1" + (copyPathToStore ./mda.elb) + "$client_address" + ]}" + ]; + }; +} diff --git a/modules/server/spectrum/patch-refs/mda.elb b/modules/server/spectrum/patch-refs/mda.elb new file mode 100644 index 000000000000..c613d0529f88 --- /dev/null +++ b/modules/server/spectrum/patch-refs/mda.elb @@ -0,0 +1,36 @@ +foreground { echo "Mail from " $1 } +if -x 77 { test $1 = IPv6:::1 } + +backtick message_id { mhdr -h Message-Id - } +backtick dir { mktemp -d } + +multisubstitute { + importas -i message_id message_id + importas -i dir dir + define origin /home/spectrum/git/spectrum.git +} + +foreground { + if { mkdir ${dir}/git } + cd ${dir}/git + export GIT_CONFIG_COUNT 2 + export GIT_CONFIG_KEY_0 am.messageid + export GIT_CONFIG_VALUE_0 true + export GIT_CONFIG_KEY_1 b4.midmask + export GIT_CONFIG_VALUE_1 https://spectrum-os.org/lists/archives/spectrum-test/%s + export XDG_CACHE_HOME ${dir}/cache + export XDG_DATA_HOME ${dir}/data + if { git clone -n --single-branch --reference $origin $origin . } + if -x 75 { b4 shazam -CH $message_id } + pipeline { + git log -z --format=%H:refs/patches/%(trailers:key=Message-Id,valueonly) + HEAD..FETCH_HEAD + } + pipeline { tr -d <> } + redirfd -w 2 /tmp/err + xargs -tr0 + git push origin --dry-run +} +importas -iu exit ? +if { rm -rf $dir } +exit $exit |