Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'tv' into master

Browse Source
This commit is contained in:
lassulus 2015-07-23 02:26:42 +02:00
commit 0db3f4ee69
17 changed files with 360 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
1systems/tv/cd.nix
View File

@ -35,11 +35,8 @@ in
singleton config.tv.github-hosts-sync.port; singleton config.tv.github-hosts-sync.port;
} }
{ {
imports = [ ../../3modules/tv/identity.nix ]; imports = [ ../../2configs/tv/identity.nix ];
tv.identity = { tv.identity.self = config.tv.identity.hosts.cd;
enable = true;
self = config.tv.identity.hosts.cd;
};
} }
{ {
imports = [ ../../3modules/tv/iptables.nix ]; imports = [ ../../3modules/tv/iptables.nix ];

9
1systems/tv/mkdir.nix
View File

@ -11,11 +11,8 @@ with lib;
../../2configs/tv/exim-smarthost.nix ../../2configs/tv/exim-smarthost.nix
../../2configs/tv/git-public.nix ../../2configs/tv/git-public.nix
{ {
imports = [ ../../3modules/tv/identity.nix ]; imports = [ ../../2configs/tv/identity.nix ];
tv.identity = { tv.identity.self = config.tv.identity.hosts.mkdir;
enable = true;
self = config.tv.identity.hosts.mkdir;
};
} }
{ {
imports = [ ../../3modules/tv/iptables.nix ]; imports = [ ../../3modules/tv/iptables.nix ];
@ -49,7 +46,7 @@ with lib;
networking.hostName = "mkdir"; networking.hostName = "mkdir";
networking.interfaces.enp2s1.ip4 = [ networking.interfaces.enp2s1.ip4 = [
{ {
address = "162.248.167.241"; address = "162.248.167.241"; # TODO
prefixLength = 24; prefixLength = 24;
} }
]; ];

7
1systems/tv/nomic.nix
View File

@ -10,11 +10,8 @@ with lib;
../../2configs/tv/exim-retiolum.nix ../../2configs/tv/exim-retiolum.nix
../../2configs/tv/git-public.nix ../../2configs/tv/git-public.nix
{ {
imports = [ ../../3modules/tv/identity.nix ]; imports = [ ../../2configs/tv/identity.nix ];
tv.identity = { tv.identity.self = config.tv.identity.hosts.nomic;
enable = true;
self = config.tv.identity.hosts.nomic;
};
} }
{ {
imports = [ ../../3modules/tv/iptables.nix ]; imports = [ ../../3modules/tv/iptables.nix ];

7
1systems/tv/rmdir.nix
View File

@ -11,11 +11,8 @@ with lib;
../../2configs/tv/exim-smarthost.nix ../../2configs/tv/exim-smarthost.nix
../../2configs/tv/git-public.nix ../../2configs/tv/git-public.nix
{ {
imports = [ ../../3modules/tv/identity.nix ]; imports = [ ../../2configs/tv/identity.nix ];
tv.identity = { tv.identity.self = config.tv.identity.hosts.rmdir;
enable = true;
self = config.tv.identity.hosts.rmdir;
};
} }
{ {
imports = [ ../../3modules/tv/iptables.nix ]; imports = [ ../../3modules/tv/iptables.nix ];

7
1systems/tv/wu.nix
View File

@ -18,11 +18,8 @@ in
../../2configs/tv/xserver.nix ../../2configs/tv/xserver.nix
../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled ../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled
{ {
imports = [ ../../3modules/tv/identity.nix ]; imports = [ ../../2configs/tv/identity.nix ];
tv.identity = { tv.identity.self = config.tv.identity.hosts.wu;
enable = true;
self = config.tv.identity.hosts.wu;
};
} }
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

18
2configs/tv/charybdis.nix
View File

@ -74,7 +74,7 @@ let
user = { user = {
name = "charybdis"; name = "charybdis";
uid = 3731512864; # genid charybdis uid = 3748224544; # genid charybdis
}; };
configFile = toFile "charybdis-ircd.conf" '' configFile = toFile "charybdis-ircd.conf" ''
@ -123,7 +123,7 @@ let
#loadmodule "extensions/ip_cloaking.so"; #loadmodule "extensions/ip_cloaking.so";
serverinfo { serverinfo {
name = ${toJSON config.tv.identity.self.fqdn}; name = ${toJSON (head config.tv.identity.self.nets.retiolum.aliases)};
sid = "4z3"; sid = "4z3";
description = "miep!"; description = "miep!";
network_name = "irc.retiolum"; network_name = "irc.retiolum";
@ -133,9 +133,9 @@ let
/* On multi-homed hosts you may need the following. These define /* On multi-homed hosts you may need the following. These define
* the addresses we connect from to other servers. */ * the addresses we connect from to other servers. */
/* for IPv4 */ /* for IPv4 */
vhost = ${toJSON config.tv.identity.self.addr}; vhost = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs4};
/* for IPv6 */ /* for IPv6 */
vhost6 = ${toJSON config.tv.identity.self.addr6}; vhost6 = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs6};
/* ssl_private_key: our ssl private key */ /* ssl_private_key: our ssl private key */
ssl_private_key = "/tmp/ssl.key"; ssl_private_key = "/tmp/ssl.key";
@ -238,12 +238,10 @@ let
/* If you want to listen on a specific IP only, specify host. /* If you want to listen on a specific IP only, specify host.
* host definitions apply only to the following port line. * host definitions apply only to the following port line.
*/ */
host = ${toJSON config.tv.identity.self.addr}; # XXX This is stupid because only one host is allowed[?]
port = 6667; #host = ''${concatMapStringsSep ", " toJSON (
sslport = 6697; # config.tv.identity.self.nets.retiolum.addrs
#)};
/* Listen on IPv6 (if you used host= above). */
host = ${toJSON config.tv.identity.self.addr6};
port = 6667; port = 6667;
sslport = 6697; sslport = 6697;
}; };

154
2configs/tv/identity.nix Normal file
View File

@ -0,0 +1,154 @@
{ config, ... }:
{
imports = [ ../../3modules/tv/identity.nix ];
tv.identity = {
enable = true;
search = "retiolum";
hosts = {
cd = {
cores = 2;
dc = "tv"; #dc = "cac";
nets = rec {
internet = {
addrs4 = ["162.219.7.216"];
aliases = [
"cd.internet"
"cd.viljetic.de"
"cgit.cd.viljetic.de"
"cd.krebsco.de"
];
};
retiolum = {
via = internet;
addrs4 = ["10.243.113.222"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
aliases = [
"cd.retiolum"
"cgit.cd.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
};
};
};
mkdir = {
cores = 1;
dc = "tv"; #dc = "cac";
nets = rec {
internet = {
addrs4 = ["162.248.167.241"];
};
retiolum = {
via = internet;
addrs4 = ["10.243.113.223"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
aliases = [
"mkdir.retiolum"
"cgit.mkdir.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
nomic = {
cores = 2;
dc = "tv"; #dc = "gg23";
nets = rec {
retiolum = {
addrs4 = ["10.243.0.110"];
addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
aliases = [
"nomic.retiolum"
"cgit.nomic.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
rmdir = {
cores = 1;
dc = "tv"; #dc = "cac";
nets = rec {
internet = {
addrs4 = ["167.88.44.94"];
};
retiolum = {
via = internet;
addrs4 = ["10.243.113.224"];
addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
aliases = [
"rmdir.retiolum"
"cgit.rmdir.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
wu = {
cores = 4;
# TODO wu is mobile, so dc means "home data center"
dc = "tv"; #dc = "gg23";
nets = {
retiolum = {
addrs4 = ["10.243.13.37"];
addrs6 = ["42:0:0:0:0:0:0:1337"];
aliases = [
"wu.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
};
};
}

19
3modules/tv/consul.nix
View File

@ -5,8 +5,7 @@
# TODO consul-bootstrap HOST that actually does is # TODO consul-bootstrap HOST that actually does is
# TODO tools to inspect state of a cluster in outage state # TODO tools to inspect state of a cluster in outage state
with builtins; with import ../../4lib/tv { inherit lib pkgs; };
with lib;
let let
cfg = config.tv.consul; cfg = config.tv.consul;
@ -24,10 +23,10 @@ let
enable = mkEnableOption "tv.consul"; enable = mkEnableOption "tv.consul";
dc = mkOption { dc = mkOption {
type = types.unspecified; type = types.label;
}; };
hosts = mkOption { hosts = mkOption {
type = with types; listOf unspecified; type = with types; listOf host;
}; };
encrypt-file = mkOption { encrypt-file = mkOption {
type = types.str; # TODO path (but not just into store) type = types.str; # TODO path (but not just into store)
@ -38,7 +37,7 @@ let
default = "/var/lib/consul"; default = "/var/lib/consul";
}; };
self = mkOption { self = mkOption {
type = types.unspecified; type = types.host;
}; };
server = mkOption { server = mkOption {
type = types.bool; type = types.bool;
@ -56,9 +55,11 @@ let
log_level = "INFO"; log_level = "INFO";
#node_name = #node_name =
server = cfg.server; server = cfg.server;
bind_addr = cfg.self.addr; # TODO cfg.addr
enable_syslog = true; enable_syslog = true;
retry_join = map (getAttr "addr") (filter (host: host.fqdn != cfg.self.fqdn) cfg.hosts); retry_join =
# TODO allow consul in other nets than retiolum [maybe]
concatMap (host: host.nets.retiolum.addrs)
(filter (host: host.name != cfg.self.name) cfg.hosts);
leave_on_terminate = true; leave_on_terminate = true;
} // optionalAttrs cfg.server { } // optionalAttrs cfg.server {
bootstrap_expect = length cfg.hosts; bootstrap_expect = length cfg.hosts;
@ -88,7 +89,7 @@ let
ExecStartPre = pkgs.writeScript "consul-init" '' ExecStartPre = pkgs.writeScript "consul-init" ''
#! /bin/sh #! /bin/sh
mkdir -p ${cfg.data-dir} mkdir -p ${cfg.data-dir}
chown consul: ${cfg.data-dir} chown ${user.name}: ${cfg.data-dir}
install -o ${user.name} -m 0400 ${cfg.encrypt-file} /tmp/encrypt.json install -o ${user.name} -m 0400 ${cfg.encrypt-file} /tmp/encrypt.json
''; '';
ExecStart = pkgs.writeScript "consul-service" '' ExecStart = pkgs.writeScript "consul-service" ''
@ -111,7 +112,7 @@ let
user = { user = {
name = "consul"; name = "consul";
uid = 2983239726; # genid consul uid = 2999951406; # genid consul
}; };
in in

3
3modules/tv/ejabberd.nix
View File

@ -55,8 +55,7 @@ let
user = { user = {
name = "ejabberd"; name = "ejabberd";
uid = 405222; uid = 3499746127; # genid ejabberd
# TODO uid = 3483034447; # genid ejabberd
}; };
my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" '' my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" ''

8
3modules/tv/git.nix
View File

@ -149,7 +149,7 @@ let
shell = "/bin/sh"; shell = "/bin/sh";
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users; mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
uid = 112606723; # genid git uid = 129318403; # genid git
}; };
}; };
@ -237,13 +237,13 @@ let
fcgitwrap-user = { fcgitwrap-user = {
name = "fcgiwrap"; name = "fcgiwrap";
uid = 2851179180; # genid fcgiwrap uid = 2867890860; # genid fcgiwrap
group = "fcgiwrap"; group = "fcgiwrap";
}; };
fcgitwrap-group = { fcgitwrap-group = {
name = "fcgiwrap"; name = fcgitwrap-user.name;
gid = 2851179180; # genid fcgiwrap gid = fcgitwrap-user.uid;
}; };

2
3modules/tv/github-hosts-sync.nix
View File

@ -75,7 +75,7 @@ let
user = { user = {
name = "github-hosts-sync"; name = "github-hosts-sync";
uid = 3203842966; # genid github-hosts-sync uid = 3220554646; # genid github-hosts-sync
}; };
Zpkgs = import ../../Zpkgs/tv { inherit pkgs; }; Zpkgs = import ../../Zpkgs/tv { inherit pkgs; };

123
3modules/tv/identity.nix
View File

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
with lib; with import ../../4lib/tv { inherit lib pkgs; };
let let
cfg = config.tv.identity; cfg = config.tv.identity;
@ -13,77 +13,70 @@ let
enable = mkEnableOption "tv.identity"; enable = mkEnableOption "tv.identity";
self = mkOption { self = mkOption {
type = types.unspecified; type = types.host;
}; };
#others = mkOption {
# type = types.host;
# default = filterAttrs (name: _host: name != cfg.self.name) cfg.hosts;
#};
hosts = mkOption { hosts = mkOption {
type = with types; attrsOf unspecified; type = with types; attrsOf host;
default = { apply = mapAttrs (name: value: value // { inherit name; });
cd = { };
#dc = "cac";
dc = "tv"; search = mkOption {
fqdn = "cd.retiolum"; type = types.hostname;
subdomains = [
"cgit"
];
addr = "10.243.113.222";
addr6 = "42:4522:25f8:36bb:8ccb:0150:231a:2af3";
#internet-addr = "162.219.5.183";
cores = 2;
};
mkdir = {
#dc = "cac";
dc = "tv";
fqdn = "mkdir.retiolum";
subdomains = [
"cgit"
];
addr = "10.243.113.223";
cores = 1;
};
nomic = {
#dc = "gg";
dc = "tv";
fqdn = "nomic.retiolum";
subdomains = [
"cgit"
];
addr = "10.243.0.110";
cores = 2;
};
rmdir = {
#dc = "cac";
dc = "tv";
fqdn = "rmdir.retiolum";
subdomains = [
"cgit"
];
addr = "10.243.113.224";
#addr = "42:4522:25f8:36bb:8ccb:0150:231a:2af5";
cores = 1;
};
wu = {
#dc = "gg";
dc = "tv";
fqdn = "wu.retiolum";
subdomains = [
"cgit"
];
addr = "10.243.13.37";
cores = 8;
};
};
}; };
}; };
imp = { imp = {
networking.extraHosts = networking.extraHosts =
let concatStringsSep "\n" (flatten (
f = name: { addr, fqdn, subdomains, ... }: '' # TODO deepMap ["hosts" "nets"] (hostname: host: netname: net:
${addr} ${toString (map (s: "${s}.${name} ${s}.${fqdn}") subdomains)} mapAttrsToList (hostname: host:
''; mapAttrsToList (netname: net:
in let
concatStringsSep "\n" (mapAttrsToList f cfg.hosts); aliases = toString (unique (longs ++ shorts));
longs = (splitByProvider net.aliases).hosts;
shorts = map (removeSuffix ".${cfg.search}") longs;
in
map (addr: "${addr} ${aliases}") net.addrs
) host.nets
) cfg.hosts
));
}; };
# TODO move domain name providers to a dedicated module
# providers : tree label providername
providers = {
internet = "hosts";
retiolum = "hosts";
de.viljetic = "regfish";
de.krebsco = "ovh";
};
# splitByProvider : [alias] -> set providername [alias]
splitByProvider = foldl (acc: alias: insert (providerOf alias) alias acc) {};
# providerOf : alias -> providername
providerOf = alias:
tree-get (splitString "." alias) providers;
# insert : k -> v -> set k [v] -> set k [v]
insert = name: value: set:
set // { ${name} = set.${name} or [] ++ [value]; };
# tree k v = set k (either v (tree k v))
# tree-get : [k] -> tree k v -> v
tree-get = path: x:
let
y = x.${last path};
in
if typeOf y != "set"
then y
else tree-get (init path) y;
in in
out out

29
3modules/tv/retiolum.nix
View File

@ -46,7 +46,6 @@ let
description = '' description = ''
The tinc network name. The tinc network name.
It is used to generate long host entries, It is used to generate long host entries,
derive the name of the user account under which tincd runs,
and name the TUN device. and name the TUN device.
''; '';
}; };
@ -106,20 +105,22 @@ let
# and the private key. # and the private key.
ExecStartPre = pkgs.writeScript "retiolum-init" '' ExecStartPre = pkgs.writeScript "retiolum-init" ''
#! /bin/sh #! /bin/sh
install -o ${user} -m 0400 ${cfg.privateKeyFile} /tmp/retiolum-rsa_key.priv install -o ${user.name} -m 0400 ${cfg.privateKeyFile} /tmp/retiolum-rsa_key.priv
''; '';
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user} -D"; ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user.name} -D";
SyslogIdentifier = "retiolum"; SyslogIdentifier = "retiolum";
}; };
}; };
# TODO user.name = "retiolum"
users.extraUsers = singleton { users.extraUsers = singleton {
name = user; inherit (user) name uid;
uid = 2961822815; # bin/genid retiolum-tinc
}; };
}; };
user = {
name = "retiolum";
uid = 301281149; # genid retiolum
};
tinc = cfg.tincPackage; tinc = cfg.tincPackage;
hostsType = builtins.typeOf cfg.hosts; hostsType = builtins.typeOf cfg.hosts;
@ -217,21 +218,5 @@ let
chmod +x $out/tinc-up chmod +x $out/tinc-up
''; '';
user = cfg.network + "-tinc";
in in
out out
#let
# cfg = config.tv.retiolum;
# arg' = arg // { inherit cfg; };
#in
#
#{
# options.tv.retiolum = import ./options.nix arg';
# config = lib.mkIf cfg.enable (import ./config.nix arg');
#}

24
3modules/tv/urlwatch.nix
View File

@ -28,7 +28,7 @@ let
}; };
from = mkOption { from = mkOption {
type = types.str; type = types.str;
default = "${cfg.user}@${config.networking.hostName}.retiolum"; default = "${user.name}@${config.networking.hostName}.retiolum";
description = '' description = ''
Content of the From: header of the generated mails. Content of the From: header of the generated mails.
''; '';
@ -54,11 +54,6 @@ let
https://nixos.org/channels/nixos-unstable/git-revision https://nixos.org/channels/nixos-unstable/git-revision
]; ];
}; };
user = mkOption {
type = types.str;
default = "urlwatch";
description = "User under which urlwatch runs.";
};
}; };
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls); urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
@ -84,7 +79,7 @@ let
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
}; };
serviceConfig = { serviceConfig = {
User = cfg.user; User = user.name;
PermissionsStartOnly = "true"; PermissionsStartOnly = "true";
PrivateTmp = "true"; PrivateTmp = "true";
Type = "oneshot"; Type = "oneshot";
@ -94,11 +89,10 @@ let
set -euf set -euf
dataDir=$HOME dataDir=$HOME
user=${escapeShellArg cfg.user}
if ! test -e "$dataDir"; then if ! test -e "$dataDir"; then
mkdir -m 0700 -p "$dataDir" mkdir -m 0700 -p "$dataDir"
chown "$user": "$dataDir" chown ${user.name}: "$dataDir"
fi fi
''; '';
ExecStart = pkgs.writeScript "urlwatch" '' ExecStart = pkgs.writeScript "urlwatch" ''
@ -108,7 +102,6 @@ let
from=${escapeShellArg cfg.from} from=${escapeShellArg cfg.from}
mailto=${escapeShellArg cfg.mailto} mailto=${escapeShellArg cfg.mailto}
urlsFile=${escapeShellArg urlsFile} urlsFile=${escapeShellArg urlsFile}
user=${escapeShellArg cfg.user}
cd /tmp cd /tmp
@ -130,11 +123,14 @@ let
''; '';
}; };
}; };
users.extraUsers = optionals (cfg.user == "urlwatch") (singleton { users.extraUsers = singleton {
name = "urlwatch"; inherit (user) name uid;
uid = 3450919516; # bin/genid urlwatch };
});
}; };
user = {
name = "urlwatch";
uid = 3467631196; # genid urlwatch
};
in in
out out

86
4lib/tv/default.nix
View File

@ -1,12 +1,10 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
with builtins; with builtins;
with lib;
let builtins // lib // rec {
inherit (lib) mapAttrs stringAsChars;
in
rec {
git = import ./git.nix { git = import ./git.nix {
lib = lib // { lib = lib // {
inherit addNames; inherit addNames;
@ -41,9 +39,6 @@ rec {
in in
xsn >= sn && substring (xsn - sn) sn xs == s ; xsn >= sn && substring (xsn - sn) sn xs == s ;
removeSuffix =
s : xs : substring 0 (stringLength xs - stringLength s) xs;
# setMap :: (String -> a -> b) -> Set String a -> [b] # setMap :: (String -> a -> b) -> Set String a -> [b]
#setMap = f: xs: map (k : f k (getAttr k xs)) (attrNames xs); #setMap = f: xs: map (k : f k (getAttr k xs)) (attrNames xs);
@ -59,4 +54,81 @@ rec {
else if c == "\n" then "'\n'" else if c == "\n" then "'\n'"
else "\\${c}"); else "\\${c}");
types = lib.types // (with lib.types; rec {
host = submodule {
options = {
name = mkOption {
type = label;
};
dc = mkOption {
type = label;
};
cores = mkOption {
type = positive;
};
nets = mkOption {
type = attrsOf net;
apply = x: assert hasAttr "retiolum" x; x;
};
};
};
net = submodule ({ config, ... }: {
options = {
via = mkOption {
type = nullOr net;
default = null;
};
addrs = mkOption {
type = listOf addr;
apply = _: config.addrs4 ++ config.addrs6;
};
addrs4 = mkOption {
type = listOf addr4;
default = [];
};
addrs6 = mkOption {
type = listOf addr6;
default = [];
};
aliases = mkOption {
# TODO nonEmptyListOf hostname
type = listOf hostname;
};
tinc = mkOption {
type = let net-config = config; in submodule ({ config, ... }: {
options = {
config = mkOption {
type = str;
apply = _: ''
${optionalString (net-config.via != null)
(concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)}
${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs}
${config.pubkey}
'';
};
pubkey = mkOption {
type = str;
};
};
});
};
};
});
positive = mkOptionType {
name = "positive integer";
check = x: isInt x && x > 0;
merge = mergeOneOption;
};
# TODO
addr = str;
addr4 = str;
addr6 = str;
hostname = str;
label = str;
});
} }

15
Makefile
View File

@ -2,6 +2,7 @@
# usage: # usage:
# make system=foo # make system=foo
# make systems='foo bar' # make systems='foo bar'
# make eval system=foo get=config.networking.extraHosts
# #
.ONESHELL: .ONESHELL:
@ -82,6 +83,20 @@ deploy:;@
result/bin/switch-to-configuration switch result/bin/switch-to-configuration switch
EOF EOF
.PHONY: eval
eval:
@nix-instantiate \
--json \
--eval \
--strict \
-A "$$get" \
-E '
import <nixpkgs/nixos/lib/eval-config.nix> {
system = builtins.currentSystem;
modules = [ ./1systems/$(LOGNAME)/$(system).nix ];
}
' | jq -r .
else else
$(error unbound variable: system[s]) $(error unbound variable: system[s])
endif endif

3
Zpkgs/tv/genid.nix
View File

@ -13,7 +13,8 @@ pkgs.writeScriptBin "genid" ''
name=$1 name=$1
hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F) hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F)
echo " echo "
min=2^16 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix> min=2^24 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix>
# and some spare for stuff like lxd.
max=2^32 # see 2^(8*sizeof(uid_t)) max=2^32 # see 2^(8*sizeof(uid_t))
ibase=16 ibase=16
($hash + min) % max ($hash + min) % max