msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Git-annex module

Browse Source
This commit is contained in:
Madeleine Sydney
2025-01-23 14:08:56 -07:00
parent f4924eeb59
commit fbd7553bc6
8 changed files with 262 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

149
modules/nixos/git-annex.nix Normal file
View File

@@ -0,0 +1,149 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.git-annex;
in {
options = {
sydnix.git-annex = {
enable = lib.mkEnableOption "git-annex";
user = {
name = lib.mkOption {
type = lib.types.str;
};
email = lib.mkOption {
type = lib.types.str;
};
};
keyFiles = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
};
repos = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
enable = lib.mkOption {
description = ''
Git-annex repo ${name};
'';
type = lib.types.bool;
default = true;
};
path = lib.mkOption {
description = ''
Path to the repo.
'';
type = lib.types.str;
default = name;
};
remotes = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = {};
};
user = lib.mkOption {
type = lib.types.str;
default = "annex";
};
group = lib.mkOption {
type = lib.types.str;
default = "annex";
};
managed = lib.mkOption {
description = ''
If true, the repo will be automatically managed by Nix.
'Management' includes creating and initialising the repo and
setting permissions.
'';
type = lib.types.bool;
default = false;
};
};
}));
};
};
};
config = lib.mkIf cfg.enable {
# Git-annex assistant requires remotes to have git-annex on the PATH.
environment.systemPackages = [
pkgs.git-annex
];
# The user that users log in as to access managed repos.
users.groups.annex = {};
users.users.annex = {
isSystemUser = true;
group = "annex";
home = "/var/sydnix/annex";
createHome = true;
openssh.authorizedKeys.keyFiles = cfg.keyFiles;
};
system.activationScripts.initialiseUserAnnex =
let gitconfig-file = pkgs.writeText "gitconfig" ''
[user]
email = ${cfg.user.email}
name = ${cfg.user.name}
[init]
defaultBranch = main
'';
in ''
ln -sf "${gitconfig-file}" ~/.gitconfig
'';
systemd.services =
let
init-if-necessary = repo:
pkgs.writeScript "git-annex-init-if-necessary" ''
#!/usr/bin/env bash
set -e
[ -e .git ] || git init
[ -e .git/annex ] || git annex init
${lib.strings.toShellVar "remotes" repo.remotes}
for remoteName in ''${!remotes[@]}; do
git remote get-url "$remoteName"
if [ $? -eq 0 ]; then
git remote set-url "$remoteName" "''${remotes["$remoteName"]}"
else
git remote add "$remoteName" "''${remotes["$remoteName"]}"
fi
done
'';
mkAssistantService = repo: {
description = "git-annex assistant (${repo.path})";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.User = repo.user;
serviceConfig.WorkingDirectory = repo.path;
path = [ pkgs.git pkgs.git-annex pkgs.openssh ];
# Set the default file mode for new files created by this process to
# 775. Oddly, `UMask = x` will set the mode to `0777 & x`, so 002
# gets us the desired figure of 775. We want 775 because Nginx,
# running under user `nginx` needs to be able to read/write these
# files to server them over WebDAV.
serviceConfig.UMask = "002";
serviceConfig.ExecStartPre =
lib.optionalString
repo.managed
"${pkgs.bash}/bin/bash ${init-if-necessary repo}";
serviceConfig.ExecStart = ''
${pkgs.git-annex}/bin/git-annex assistant --foreground
'';
};
in builtins.listToAttrs
(builtins.map
(repo: {
name = "annex-${lib.strings.sanitizeDerivationName repo.path}";
value = mkAssistantService repo;
})
(builtins.attrValues cfg.repos));
};
}