diff options
-rw-r--r-- | modules/server/git/nixpkgs/default.nix | 36 | ||||
-rw-r--r-- | modules/server/nixpk.gs/default.nix | 2 | ||||
-rw-r--r-- | modules/server/nixpk.gs/pr-tracker/default.nix | 28 |
3 files changed, 65 insertions, 1 deletions
diff --git a/modules/server/git/nixpkgs/default.nix b/modules/server/git/nixpkgs/default.nix new file mode 100644 index 000000000000..8d550f192f7d --- /dev/null +++ b/modules/server/git/nixpkgs/default.nix @@ -0,0 +1,36 @@ +{ lib, pkgs, ... }: + +let + inherit (pkgs) writeText; + toGitConfig = lib.generators.toINI { listsAsDuplicateKeys = true; }; +in + +{ + users.groups.nixpkgs = {}; + + systemd.tmpfiles.rules = [ + "L+ /var/lib/git/nixpkgs.git/HEAD - - - - refs/heads/master" + "L+ /var/lib/git/nixpkgs.git/config - - - - ${writeText "config" (toGitConfig { + core.repositoryformatversion = 0; + core.filemode = true; + core.bare = true; + core.sharedRepository = "world"; + "remote \"origin\"" = { + url = "https://github.com/NixOS/nixpkgs"; + fetch = [ + "+refs/heads/master:refs/remotes/origin/master" + "+refs/heads/staging:refs/remotes/origin/staging" + "+refs/heads/staging-*:refs/remotes/origin/staging-*" + "+refs/heads/nixos-*:refs/remotes/origin/nixos-*" + "+refs/heads/nixpkgs-unstable:refs/remotes/origin/nixpkgs-unstable" + "+refs/heads/nixpkgs-*-darwin:refs/remotes/origin/nixpkgs-*-darwin" + "+refs/heads/release-*:refs/remotes/origin/release-*" + ]; + }; + })}" + "d /var/lib/git/nixpkgs.git 2775 - nixpkgs" + "d /var/lib/git/nixpkgs.git/refs 2775 - nixpkgs" + "d /var/lib/git/nixpkgs.git/objects 2775 - nixpkgs" + "d /var/lib/git/nixpkgs.git/objects/pack 2775 - nixpkgs" + ]; +} diff --git a/modules/server/nixpk.gs/default.nix b/modules/server/nixpk.gs/default.nix index a0498dd3f73f..7ed0e4b4f7d4 100644 --- a/modules/server/nixpk.gs/default.nix +++ b/modules/server/nixpk.gs/default.nix @@ -1,5 +1,5 @@ { ... }: { - imports = [ ./acme ./nginx ]; + imports = [ ./acme ./nginx ./pr-tracker ]; } diff --git a/modules/server/nixpk.gs/pr-tracker/default.nix b/modules/server/nixpk.gs/pr-tracker/default.nix new file mode 100644 index 000000000000..e3b00c433455 --- /dev/null +++ b/modules/server/nixpk.gs/pr-tracker/default.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: + +{ + imports = [ ../../git/nixpkgs ]; + + services.nginx.virtualHosts."nixpk.gs".locations."/pr-tracker.html" = { + proxyPass = "http://unix:/run/pr-tracker.sock:/pr-tracker.html"; + extraConfig = '' + proxy_http_version 1.1; + ''; + }; + + systemd.services.pr-tracker = { + requires = [ "pr-tracker.socket" ]; + serviceConfig.ExecStart = "${pkgs.pr-tracker}/bin/pr-tracker --path /var/lib/git/nixpkgs.git --remote origin --user-agent 'pr-tracker by alyssais' --source-url https://git.qyliss.net/pr-tracker --mount pr-tracker.html"; + serviceConfig.StandardInput = "file:/etc/pr-tracker/token"; + serviceConfig.DynamicUser = true; + serviceConfig.SupplementaryGroups = "nixpkgs"; + serviceConfig.UMask = "0002"; + serviceConfig.ReadWritePaths = "/var/lib/git/nixpkgs.git"; + }; + + systemd.sockets.pr-tracker = { + wantedBy = [ "sockets.target" ]; + before = [ "nginx.service" ]; + socketConfig.ListenStream = "/run/pr-tracker.sock"; + }; +} |