tangled.org
oppi.li
+23
-5
flake.nix
+23
-5
flake.nix
···
92
pname = "knotserver";
93
version = "0.1.0";
94
src = gitignoreSource ./.;
95
subPackages = ["cmd/knotserver"];
96
vendorHash = goModHash;
97
env.CGO_ENABLED = 1;
98
};
99
repoguard = buildCmdPackage "repoguard";
···
282
config = mkIf config.services.tangled-knotserver.enable {
283
nixpkgs.overlays = [self.overlays.default];
284
285
-
environment.systemPackages = with pkgs; [
286
-
git
287
-
];
288
289
users.users.git = {
290
isSystemUser = true;
···
302
enable = true;
303
extraConfig = ''
304
Match User git
305
-
AuthorizedKeysCommand ${pkgs.keyfetch}/bin/keyfetch -repoguard-path ${pkgs.repoguard}/bin/repoguard -log-path /home/git/repoguard.log
306
-
AuthorizedKeysCommandUser nobody
307
'';
308
};
309
310
systemd.services.knotserver = {
···
92
pname = "knotserver";
93
version = "0.1.0";
94
src = gitignoreSource ./.;
95
+
nativeBuildInputs = [ final.makeWrapper ];
96
subPackages = ["cmd/knotserver"];
97
vendorHash = goModHash;
98
+
installPhase = ''
99
+
runHook preInstall
100
+
101
+
mkdir -p $out/bin
102
+
cp $GOPATH/bin/knotserver $out/bin/knotserver
103
+
104
+
wrapProgram $out/bin/knotserver \
105
+
--prefix PATH : ${pkgs.git}/bin
106
+
107
+
runHook postInstall
108
+
'';
109
env.CGO_ENABLED = 1;
110
};
111
repoguard = buildCmdPackage "repoguard";
···
294
config = mkIf config.services.tangled-knotserver.enable {
295
nixpkgs.overlays = [self.overlays.default];
296
297
+
environment.systemPackages = with pkgs; [ git ];
298
299
users.users.git = {
300
isSystemUser = true;
···
312
enable = true;
313
extraConfig = ''
314
Match User git
315
+
AuthorizedKeysCommand /etc/ssh/keyfetch_wrapper
316
+
AuthorizedKeysCommandUser nobody
317
'';
318
+
};
319
+
320
+
environment.etc."ssh/keyfetch_wrapper" = {
321
+
mode = "0555";
322
+
text = ''
323
+
#!${pkgs.stdenv.shell}
324
+
${pkgs.keyfetch}/bin/keyfetch -repoguard-path ${pkgs.repoguard}/bin/repoguard -log-path /home/git/repoguard.log
325
+
'';
326
};
327
328
systemd.services.knotserver = {