all repos — nixfiles @ 649b55d301073c6e7dd48c15a0d04ee86e02370d

System and user configuration, managed by nix and home-manager

linde: set up async git mirroring

Alan Pearce
commit

649b55d301073c6e7dd48c15a0d04ee86e02370d

parent

1061520f5d87ea945f43a6d5ffc4dc7bd64fabf5

1 file changed, 67 insertions(+), 0 deletions(-)

jump to
M system/settings/services/git-server.nixsystem/settings/services/git-server.nix
@@ -4,8 +4,60 @@ , pkgs
 , ...
 }:
 let
+  inherit (builtins) mapAttrs attrValues;
+  inherit (lib) pipe flatten mergeAttrsList mapAttrsToList;
   inherit (import ../../../lib/caddy.nix { inherit lib; }) security-headers;
   repos = "${config.services.gitolite.dataDir}/repositories";
+
+  mirrors = {
+    sourcehut = {
+      hostname = "git.sr.ht";
+      username = "~alanpearce";
+    };
+    codeberg = {
+      hostname = "codeberg.org";
+      username = "alanpearce";
+    };
+    github = {
+      hostname = "github.com";
+      username = "alanpearce";
+    };
+  };
+
+  repoMirrors = {
+    nixfiles = [ "sourcehut" ];
+    searchix = [ "sourcehut" ];
+    website = [ "sourcehut" ];
+    nix-packages = [ "sourcehut" "github" ];
+    zola-bearblog = [ "sourcehut" "codeberg" ];
+  };
+
+  createMirrorService =
+    name: { hostname, username }:
+    {
+      services."mirror-to-${name}@" = {
+        path = with pkgs; [ gitMinimal openssh ];
+        serviceConfig = {
+          Type = "oneshot";
+          User = "gitolite";
+          WorkingDirectory = "${repos}/%i.git";
+          ExecStart = "${pkgs.gitMinimal}/bin/git push --mirror git@${hostname}:${username}/%i";
+        };
+        unitConfig = {
+          # only mirror public repositories
+          ConditionPathExists = "${repos}/%i.git/git-daemon-export-ok";
+        };
+      };
+      paths."mirror-to-${name}@" = {
+        pathConfig = {
+          PathChanged = "${repos}/%i.git/refs/heads";
+          StartLimitIntervalSec = "1h";
+          StartLimitBurst = 5;
+        };
+      };
+    };
+
+  mkMirrorWants = repo: map (target: "mirror-to-${target}@${repo}.path");
 in
 {
   services.fcgiwrap = {

@@ -208,5 +260,20 @@ git.sr.ht ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCj6y+cJlqK3BHZRLZuM+KP2zGPrh4H66DacfliU1E2DHAd1GGwF4g1jwu3L8gOZUTIvUptqWTkmglpYhFp4Iy4=
         git.sr.ht ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60
       '')
     ];
+  };
+
+  systemd = (pipe
+    mirrors [
+    (mapAttrsToList createMirrorService)
+    mergeAttrsList
+  ]) // {
+    targets.git-mirroring = {
+      wantedBy = [ "multi-user.target" ];
+      wants = pipe
+        repoMirrors [
+        (mapAttrsToList mkMirrorWants)
+        flatten
+      ];
+    };
   };
 }