sourcehut: fix logging of git/hg ssh commands

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2024-11-22 15:03:28 +00:00 · 2023-04-21 01:13:42 +02:00 · 2023-04-21 01:13:42 +02:00 · 6648488333
commit 6648488333
parent 6e51802196
3 changed files with 41 additions and 4 deletions
--- a/nixos/modules/services/misc/sourcehut/default.nix
+++ b/nixos/modules/services/misc/sourcehut/default.nix
@ -801,11 +801,20 @@ in
        '';
      };
      systemd.services.sshd = {
-        #path = optional cfg.git.enable [ cfg.git.package ];
+        preStart = concatStringsSep "\n" (
+          optionals cfg.git.enable (map (n: ''
+            touch /var/log/sourcehut/gitsrht-${n} # create if it does not exist yet
+            chown --silent ${cfg.git.user}:${cfg.git.group} /var/log/sourcehut/gitsrht-${n} || true
+          '') [
+            "keys"
+            "shell"
+            "update-hook"
+          ]) ++
+          optional cfg.hg.enable [
+            "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys"
+          ]);
        serviceConfig = {
-          BindPaths = optionals cfg.git.enable [
-            "/var/log:/var/log"
-          ];
+          LogsDirectory = mkIf (cfg.git.enable || cfg.hg.enable) "sourcehut";
          BindReadOnlyPaths =
            # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht,
            # for instance to get the user from the [git.sr.ht::dispatch] settings.
--- a/pkgs/applications/version-management/sourcehut/git.nix
+++ b/pkgs/applications/version-management/sourcehut/git.nix
@ -31,6 +31,11 @@ let
    pname = "gitsrht-dispatch";
    modRoot = "gitsrht-dispatch";
    vendorHash = "sha256-EDvSZ3/g0xDSohrsAIpNhk+F0yy8tbnTW/3tURTonMc=";
+
+    postPatch = ''
+      substituteInPlace gitsrht-dispatch/main.go \
+        --replace /var/log/gitsrht-dispatch /var/log/sourcehut/gitsrht-dispatch
+    '';
  };

  gitKeys = buildGoModule {
@ -38,6 +43,11 @@ let
    pname = "gitsrht-keys";
    modRoot = "gitsrht-keys";
    vendorHash = "sha256-9pojS69HCKVHUceyOpGtv9ewcxFD4WsOVsEzkmWJkF4=";
+
+    postPatch = ''
+      substituteInPlace gitsrht-keys/main.go \
+        --replace /var/log/gitsrht-keys /var/log/sourcehut/gitsrht-keys
+    '';
  };

  gitShell = buildGoModule {
@ -45,6 +55,11 @@ let
    pname = "gitsrht-shell";
    modRoot = "gitsrht-shell";
    vendorHash = "sha256-WqfvSPuVsOHA//86u33atMfeA11+DJhjLmWy8Ivq0NI=";
+
+    postPatch = ''
+      substituteInPlace gitsrht-shell/main.go \
+        --replace /var/log/gitsrht-shell /var/log/sourcehut/gitsrht-shell
+    '';
  };

  gitUpdateHook = buildGoModule {
@ -52,6 +67,11 @@ let
    pname = "gitsrht-update-hook";
    modRoot = "gitsrht-update-hook";
    vendorHash = "sha256-Bc3yPabS2S+qiroHFKrtkII/CfzBDYQ6xWxKHAME+Tc=";
+
+    postPatch = ''
+      substituteInPlace gitsrht-update-hook/main.go \
+        --replace /var/log/gitsrht-update-hook /var/log/sourcehut/gitsrht-update-hook
+    '';
  };

 in
--- a/pkgs/applications/version-management/sourcehut/hg.nix
+++ b/pkgs/applications/version-management/sourcehut/hg.nix
@ -25,6 +25,9 @@ buildPythonPackage rec {
  postPatch = ''
    substituteInPlace Makefile \
      --replace "all: api hgsrht-keys" ""
+
+    substituteInPlace hgsrht-shell \
+      --replace /var/log/hgsrht-shell /var/log/sourcehut/hgsrht-shell
  '';

  hgsrht-api = buildGoModule ({
@ -39,6 +42,11 @@ buildPythonPackage rec {
    pname = "hgsrht-keys";
    modRoot = "hgsrht-keys";
    vendorHash = "sha256-7ti8xCjSrxsslF7/1X/GY4FDl+69hPL4UwCDfjxmJLU=";
+
+    postPatch = ''
+      substituteInPlace hgsrht-keys/main.go \
+        --replace /var/log/hgsrht-keys /var/log/sourcehut/hgsrht-keys
+    '';
  };

  propagatedBuildInputs = [