blob: a937e27f276804840e8b780cae25f49bf7b3510e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
{
flake.modules.nixos.git =
{
config,
lib,
pkgs,
...
}:
{
users.users.git = {
isSystemUser = true;
group = "git";
home = "/var/lib/git-server";
createHome = true;
shell = "${pkgs.git}/bin/git-shell";
};
users.groups.git = { };
systemd.services.github-mirror = {
description = "Mirror GitHub repositories for schererleander";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
script = ''
set -euo pipefail
echo "Fetching repository list for schererleander..."
cd /var/lib/git-server
DEFAULT_DESC="Unnamed repository; edit this file 'description' to name the repository."
${pkgs.curl}/bin/curl -s "https://api.github.com/users/schererleander/repos?per_page=100" \
| ${pkgs.jq}/bin/jq -r --arg def "$DEFAULT_DESC" \
'.[] | "\(.clone_url)\t\(.description | if . == null or . == "" then $def else . end | gsub("[\n\t]"; " "))"' \
| while IFS=$'\t' read -r REPO_URL REPO_DESC; do
REPO_NAME=$(basename -s .git "$REPO_URL")
TARGET_DIR="$REPO_NAME.git"
if [ ! -d "$TARGET_DIR" ]; then
echo "Cloning $REPO_NAME..."
${pkgs.git}/bin/git clone --mirror "$REPO_URL" "$TARGET_DIR"
else
echo "Updating $REPO_NAME..."
${pkgs.git}/bin/git -C "$TARGET_DIR" fetch --prune origin
fi
echo "$REPO_DESC" > "$TARGET_DIR/description"
done
'';
serviceConfig = {
Type = "oneshot";
User = "git";
Group = "git";
# Security hardening
CapabilityBoundingSet = "";
ProtectSystem = "strict";
ProtectHome = true;
ReadWritePaths = "/var/lib/git-server";
};
};
systemd.timers.github-mirror = {
description = "Timer to mirror GitHub repositories for schererleander";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
};
};
}
|
