+1

.gitignore

··· 2 2 .ssh/ 3 3 .ugit/ 4 4 .tsnet/ 5 5 + *.qcow2

+14

flake.nix

··· 54 54 } 55 55 ); 56 56 nixosModules.default = import ./nix/module.nix; 57 57 + nixosConfigurations.ugitVM = nixpkgs.lib.nixosSystem { 58 58 + system = "x86_64-linux"; 59 59 + modules = [ 60 60 + ./nix/vm.nix 61 61 + { 62 62 + virtualisation.vmVariant.virtualisation = { 63 63 + cores = 2; 64 64 + memorySize = 2048; 65 65 + graphics = false; 66 66 + }; 67 67 + system.stateVersion = "23.11"; 68 68 + } 69 69 + ]; 70 70 + }; 57 71 }; 58 72 }

+5 -27

nix/module.nix

··· 12 12 { name, config, ... }: 13 13 let 14 14 inherit (lib) mkEnableOption mkOption types; 15 15 + baseDir = "/var/lib/ugit-${name}"; 15 16 in 16 17 { 17 18 options = { ··· 26 27 homeDir = mkOption { 27 28 type = types.str; 28 29 description = "ugit home directory"; 29 29 - default = "/var/lib/${name}"; 30 30 + default = baseDir; 30 31 }; 31 32 32 33 repoDir = mkOption { 33 34 type = types.str; 34 35 description = "where ugit stores repositories"; 35 35 - default = "/var/lib/${name}/repos"; 36 36 + default = "${baseDir}/repos"; 36 37 }; 37 38 38 39 authorizedKeys = mkOption { ··· 44 45 authorizedKeysFile = mkOption { 45 46 type = types.str; 46 47 description = "path to authorized_keys file ugit uses for auth"; 47 47 - default = "/var/lib/${name}/authorized_keys"; 48 48 + default = "${baseDir}/authorized_keys"; 48 49 }; 49 50 50 51 hostKeyFile = mkOption { 51 52 type = types.str; 52 53 description = "path to host key file (will be created if it doesn't exist)"; 53 53 - default = "/var/lib/${name}/ugit_ed25519"; 54 54 + default = "${baseDir}/ugit_ed25519"; 54 55 }; 55 56 56 57 config = mkOption { ··· 223 224 } 224 225 ) 225 226 ) { } (builtins.attrNames cfg); 226 226 - 227 227 - systemd.tmpfiles.settings = lib.mapAttrs' ( 228 228 - name: instanceCfg: 229 229 - lib.nameValuePair "ugit-${name}" ( 230 230 - builtins.listToAttrs ( 231 231 - map ( 232 232 - hook: 233 233 - let 234 234 - script = pkgs.writeShellScript hook.name hook.content; 235 235 - path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}"; 236 236 - in 237 237 - { 238 238 - name = path; 239 239 - value = { 240 240 - "L" = { 241 241 - argument = "${script}"; 242 242 - }; 243 243 - }; 244 244 - } 245 245 - ) instanceCfg.hooks 246 246 - ) 247 247 - ) 248 248 - ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg); 249 227 }; 250 228 }

-22

nix/test.nix

··· 1 1 - { config, pkgs, ... }: 2 2 - { 3 3 - imports = [ ./module.nix ]; 4 4 - 5 5 - users.users.jolheiser = { 6 6 - isNormalUser = true; 7 7 - extraGroups = [ "wheel" ]; 8 8 - initialPassword = "test"; 9 9 - }; 10 10 - 11 11 - services.ugit = { 12 12 - enable = true; 13 13 - hooks = [ 14 14 - { 15 15 - name = "pre-receive"; 16 16 - content = '' 17 17 - echo "Pre-receive hook executed" 18 18 - ''; 19 19 - } 20 20 - ]; 21 21 - }; 22 22 - }

+84

nix/vm.nix

··· 1 1 + { pkgs, ... }: 2 2 + let 3 3 + privKey = '' 4 4 + -----BEGIN OPENSSH PRIVATE KEY----- 5 5 + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 6 6 + QyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQAAAIgAYtkzAGLZ 7 7 + MwAAAAtzc2gtZWQyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQ 8 8 + AAAEDFY3M69VfnFbyE67r3l4lDcf5eht5qgNemE9xtMhRkBkimYu1weEQJ6LWWzqzSQpR6 9 9 + GOlEI/3J6X9zlgIhvkOlAAAAAAECAwQF 10 10 + -----END OPENSSH PRIVATE KEY----- 11 11 + ''; 12 12 + pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEimYu1weEQJ6LWWzqzSQpR6GOlEI/3J6X9zlgIhvkOl"; 13 13 + sshConfig = '' 14 14 + Host ugit 15 15 + HostName localhost 16 16 + Port 8448 17 17 + User ugit 18 18 + IdentityFile ~/.ssh/vm 19 19 + IdentitiesOnly yes 20 20 + ''; 21 21 + in 22 22 + { 23 23 + imports = [ ./module.nix ]; 24 24 + environment.systemPackages = with pkgs; [ git ]; 25 25 + services.getty.autologinUser = "root"; 26 26 + services.openssh.enable = true; 27 27 + services.ugit.vm = { 28 28 + enable = true; 29 29 + authorizedKeys = [ pubKey ]; 30 30 + hooks = [ 31 31 + { 32 32 + name = "pre-receive"; 33 33 + content = '' 34 34 + echo "Pre-receive hook executed" 35 35 + ''; 36 36 + } 37 37 + ]; 38 38 + }; 39 39 + systemd.services."setup-vm" = { 40 40 + wantedBy = [ "multi-user.target" ]; 41 41 + after = [ "ugit-vm.service" ]; 42 42 + path = with pkgs; [ 43 43 + git 44 44 + ]; 45 45 + serviceConfig = { 46 46 + Type = "oneshot"; 47 47 + RemainAfterExit = true; 48 48 + User = "root"; 49 49 + Group = "root"; 50 50 + ExecStart = 51 51 + let 52 52 + privSSH = pkgs.writeText "vm-privkey" privKey; 53 53 + sshConfigFile = pkgs.writeText "vm-sshconfig" sshConfig; 54 54 + in 55 55 + pkgs.writeShellScript "setup-vm-script" '' 56 56 + # Hack to let ugit start up and generate its SSH keypair 57 57 + sleep 3 58 58 + 59 59 + # Set up git 60 60 + git config --global user.name "NixUser" 61 61 + git config --global user.email "nixuser@example.com" 62 62 + git config --global init.defaultBranch main 63 63 + git config --global push.autoSetupRemote true 64 64 + 65 65 + # Set up SSH files 66 66 + mkdir ~/.ssh 67 67 + ln -sf ${sshConfigFile} ~/.ssh/config 68 68 + cp ${privSSH} ~/.ssh/vm 69 69 + chmod 600 ~/.ssh/vm 70 70 + echo "[localhost]:8448 $(cat /var/lib/ugit-vm/ugit_ed25519.pub)" > ~/.ssh/known_hosts 71 71 + 72 72 + # Stage some git activity 73 73 + mkdir ~/repo 74 74 + cd ~/repo 75 75 + git init 76 76 + git remote add origin ugit:repo.git 77 77 + touch README.md 78 78 + git add README.md 79 79 + git commit -m "Test" 80 80 + ''; 81 81 + }; 82 82 + }; 83 83 + 84 84 + }