This commit is contained in:
unman 2022-11-16 12:09:03 +00:00
parent 8a077f3131
commit 9217adf047
No known key found for this signature in database
GPG Key ID: FDD1B8244731B36C
10 changed files with 206 additions and 0 deletions

56
git/README.md Normal file
View File

@ -0,0 +1,56 @@
This package provides a central git qube, named sys-git.
By default the qube has no netvm, but you can set one if you wish.
Some configuration is needed.
# Setting up a new repository
## sys-git
In sys-git, repositories are stored bare under /home/user/repos
First, prepare a repository:
```
mkdir repos/X
cd repos/X
git init --bare
```
## prepare client
Then prepare a qube by running:
`qubesctl --skip0-dom0 --targets=QUBE state.apply git.install_client`
## Work in the client
You can then use that repository as usual.
To push to sys-git you must first-
`git push --set-upstream sg master`
After making more commits,
`git push `
# Working with an existing repository
## prepare client, if necessary
Prepare a qube by running:
`qubesctl --skip0-dom0 --targets=QUBE state.apply git.install_client`
## Clone the repository in the client
Configure git, as necessary.
Open a terminal in the qube:
```
mkdir X
cd X
git init
add-remote sg
git pull sg master
```
## Work in the client
You can then use that repository as usual.
To push to sys-git you must first-
`git push --set-upstream sg master`
After making more commits,
`git push `

9
git/add-remote Normal file
View File

@ -0,0 +1,9 @@
#!/bin/sh
[ -n "$1" ] || exit 1
if [ "$1" = "sg" ]; then
git remote add $1 "ext::git-qrexec sys-git 3 `basename $PWD`"
exit $?
fi

28
git/create.sls Normal file
View File

@ -0,0 +1,28 @@
git-present-id:
qvm.present:
- name: sys-git
- template: debian-11
- label: gray
git-prefs-id:
qvm.prefs:
- name: sys-git
- netvm: none
- memory: 400
- maxmem: 800
- vcpus: 2
git-features-id:
qvm.features:
- name: sys-git
- disable:
- service.cups
- service.cups-browsed
'qvm-volume extend sys-git:private 40G' :
cmd.run
update_policy_file_git:
file.prepend:
- name: '/etc/qubes/policy.d/30-user.policy'
- text: 'qubes.Git * @anyvm @anyvm ask default_target=sys-git'

4
git/create.top Normal file
View File

@ -0,0 +1,4 @@
base:
dom0:
- match: nodegroup
- git.create

5
git/git-qrexec Normal file
View File

@ -0,0 +1,5 @@
#!/bin/sh
VMNAME=$1
(echo $GIT_EXT_SERVICE $2 $3; exec cat) | qrexec-client-vm $VMNAME qubes.Git

33
git/install.sls Normal file
View File

@ -0,0 +1,33 @@
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
{% if grains['nodename'] != 'dom0' %}
/etc/qubes-rpc/qubes.Git:
file.managed:
- source:
- salt://git/qubes.Git
- user: root
- group: root
- mode: 755
/rw/bind-dirs/etc/qubes-rpc/qubes.Git:
file.managed:
- source:
- salt://git/qubes.Git
- user: root
- group: root
- mode: 755
- makedirs: True
/rw/config/qubes-bind-dirs.d/50_user.conf:
file.append:
- text: binds+=( '/etc/qubes-rpc/qubes.Git' )
- makedirs: True
/home/user/repos:
file.directory:
- user: user
- group: user
- mode: 755
{% endif %}

5
git/install.top Normal file
View File

@ -0,0 +1,5 @@
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
sys-git:
- git.install

42
git/install_client.sls Normal file
View File

@ -0,0 +1,42 @@
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
{% if grains['nodename'] != 'dom0' %}
/home/user/bin:
file.directory:
- user: user
- group: user
- mode: 755
/home/user/bin/add-remote:
file.managed:
- source:
- salt://git/add-remote
- user: user
- group: user
- mode: 755
/home/user/bin/git-qrexec:
file.managed:
- source:
- salt://git/git-qrexec
- user: user
- group: user
- mode: 755
update_PATH:
file.append:
- name: '/home/user/.bashrc'
- text: "[[ \":$PATH:\" != *\":/home/user/bin:\"* ]] && export PATH=/home/user/bin:${PATH}"
update_git_config:
file.append:
- name: '/home/user/.gitconfig'
- text: |
[protocol "ext"]
allow = always
{% endif %}

5
git/install_client.top Normal file
View File

@ -0,0 +1,5 @@
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
'*':
- git.install_client

19
git/qubes.Git Normal file
View File

@ -0,0 +1,19 @@
#!/bin/sh
exec 2>/tmp/log2
read service rel repo
echo "Params: $service $rel $repo" >&2
# Adjust regexps if needed
echo "$repo" | grep -q '^[A-Za-z0-9-]\+$' || exit 1
echo "$rel" | grep -q '^[0-9.]\+$' || exit 1
path="/home/user/repos/$repo"
case $service in
git-receive-pack|git-upload-pack)
echo "starting $service $path" >&2
exec $service $path
;;
*)
echo "Unsupported service: $service" >&2
;;
esac