julien.rbrt.fr
oppi.li
+23
-5
flake.nix
+23
-5
flake.nix
···
92
92
pname = "knotserver";
93
93
version = "0.1.0";
94
94
src = gitignoreSource ./.;
95
+
nativeBuildInputs = [ final.makeWrapper ];
95
96
subPackages = ["cmd/knotserver"];
96
97
vendorHash = goModHash;
98
+
installPhase = ''
99
+
runHook preInstall
100
+
101
+
mkdir -p $out/bin
102
+
cp $GOPATH/bin/knotserver $out/bin/knotserver
103
+
104
+
wrapProgram $out/bin/knotserver \
105
+
--prefix PATH : ${pkgs.git}/bin
106
+
107
+
runHook postInstall
108
+
'';
97
109
env.CGO_ENABLED = 1;
98
110
};
99
111
repoguard = buildCmdPackage "repoguard";
···
282
294
config = mkIf config.services.tangled-knotserver.enable {
283
295
nixpkgs.overlays = [self.overlays.default];
284
296
285
-
environment.systemPackages = with pkgs; [
286
-
git
287
-
];
297
+
environment.systemPackages = with pkgs; [ git ];
288
298
289
299
users.users.git = {
290
300
isSystemUser = true;
···
302
312
enable = true;
303
313
extraConfig = ''
304
314
Match User git
305
-
AuthorizedKeysCommand ${pkgs.keyfetch}/bin/keyfetch -repoguard-path ${pkgs.repoguard}/bin/repoguard -log-path /home/git/repoguard.log
306
-
AuthorizedKeysCommandUser nobody
315
+
AuthorizedKeysCommand /etc/ssh/keyfetch_wrapper
316
+
AuthorizedKeysCommandUser nobody
307
317
'';
318
+
};
319
+
320
+
environment.etc."ssh/keyfetch_wrapper" = {
321
+
mode = "0555";
322
+
text = ''
323
+
#!${pkgs.stdenv.shell}
324
+
${pkgs.keyfetch}/bin/keyfetch -repoguard-path ${pkgs.repoguard}/bin/repoguard -log-path /home/git/repoguard.log
325
+
'';
308
326
};
309
327
310
328
systemd.services.knotserver = {