From 6648488333f66dd8fee678f27fb33016b046090f Mon Sep 17 00:00:00 2001
From: Christoph Heiss <christoph@c8h4.io>
Date: Fri, 21 Apr 2023 01:13:42 +0200
Subject: sourcehut: fix logging of git/hg ssh commands

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
---
 nixos/modules/services/misc/sourcehut/default.nix | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix
index 9774917407e4..6e1347a52d6f 100644
--- a/nixos/modules/services/misc/sourcehut/default.nix
+++ b/nixos/modules/services/misc/sourcehut/default.nix
@@ -801,11 +801,20 @@ in
         '';
       };
       systemd.services.sshd = {
-        #path = optional cfg.git.enable [ cfg.git.package ];
+        preStart = concatStringsSep "\n" (
+          optionals cfg.git.enable (map (n: ''
+            touch /var/log/sourcehut/gitsrht-${n} # create if it does not exist yet
+            chown --silent ${cfg.git.user}:${cfg.git.group} /var/log/sourcehut/gitsrht-${n} || true
+          '') [
+            "keys"
+            "shell"
+            "update-hook"
+          ]) ++
+          optional cfg.hg.enable [
+            "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys"
+          ]);
         serviceConfig = {
-          BindPaths = optionals cfg.git.enable [
-            "/var/log:/var/log"
-          ];
+          LogsDirectory = mkIf (cfg.git.enable || cfg.hg.enable) "sourcehut";
           BindReadOnlyPaths =
             # Note that those /usr/bin/* paths are hardcoded in multiple places in *.sr.ht,
             # for instance to get the user from the [git.sr.ht::dispatch] settings.
-- 
cgit v1.2.3