diff options
Diffstat (limited to 'modules/services')
| -rw-r--r-- | modules/services/git.nix | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/modules/services/git.nix b/modules/services/git.nix index 5be5d58..a937e27 100644 --- a/modules/services/git.nix +++ b/modules/services/git.nix @@ -15,5 +15,60 @@ shell = "${pkgs.git}/bin/git-shell"; }; users.groups.git = { }; + + systemd.services.github-mirror = { + description = "Mirror GitHub repositories for schererleander"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + script = '' + set -euo pipefail + + echo "Fetching repository list for schererleander..." + + cd /var/lib/git-server + + DEFAULT_DESC="Unnamed repository; edit this file 'description' to name the repository." + + ${pkgs.curl}/bin/curl -s "https://api.github.com/users/schererleander/repos?per_page=100" \ + | ${pkgs.jq}/bin/jq -r --arg def "$DEFAULT_DESC" \ + '.[] | "\(.clone_url)\t\(.description | if . == null or . == "" then $def else . end | gsub("[\n\t]"; " "))"' \ + | while IFS=$'\t' read -r REPO_URL REPO_DESC; do + + REPO_NAME=$(basename -s .git "$REPO_URL") + TARGET_DIR="$REPO_NAME.git" + + if [ ! -d "$TARGET_DIR" ]; then + echo "Cloning $REPO_NAME..." + ${pkgs.git}/bin/git clone --mirror "$REPO_URL" "$TARGET_DIR" + else + echo "Updating $REPO_NAME..." + ${pkgs.git}/bin/git -C "$TARGET_DIR" fetch --prune origin + fi + + echo "$REPO_DESC" > "$TARGET_DIR/description" + done + ''; + + serviceConfig = { + Type = "oneshot"; + User = "git"; + Group = "git"; + + # Security hardening + CapabilityBoundingSet = ""; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = "/var/lib/git-server"; + }; + }; + + systemd.timers.github-mirror = { + description = "Timer to mirror GitHub repositories for schererleander"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + }; + }; }; } |