* tv: regen ids
This commit is contained in:
parent
cf53d56a92
commit
14ac6d3bba
@ -74,7 +74,7 @@ let
|
|||||||
|
|
||||||
user = {
|
user = {
|
||||||
name = "charybdis";
|
name = "charybdis";
|
||||||
uid = 3731512864; # genid charybdis
|
uid = 3748224544; # genid charybdis
|
||||||
};
|
};
|
||||||
|
|
||||||
configFile = toFile "charybdis-ircd.conf" ''
|
configFile = toFile "charybdis-ircd.conf" ''
|
||||||
|
@ -88,7 +88,7 @@ let
|
|||||||
ExecStartPre = pkgs.writeScript "consul-init" ''
|
ExecStartPre = pkgs.writeScript "consul-init" ''
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
mkdir -p ${cfg.data-dir}
|
mkdir -p ${cfg.data-dir}
|
||||||
chown consul: ${cfg.data-dir}
|
chown ${user.name}: ${cfg.data-dir}
|
||||||
install -o ${user.name} -m 0400 ${cfg.encrypt-file} /tmp/encrypt.json
|
install -o ${user.name} -m 0400 ${cfg.encrypt-file} /tmp/encrypt.json
|
||||||
'';
|
'';
|
||||||
ExecStart = pkgs.writeScript "consul-service" ''
|
ExecStart = pkgs.writeScript "consul-service" ''
|
||||||
@ -111,7 +111,7 @@ let
|
|||||||
|
|
||||||
user = {
|
user = {
|
||||||
name = "consul";
|
name = "consul";
|
||||||
uid = 2983239726; # genid consul
|
uid = 2999951406; # genid consul
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
|
@ -55,8 +55,7 @@ let
|
|||||||
|
|
||||||
user = {
|
user = {
|
||||||
name = "ejabberd";
|
name = "ejabberd";
|
||||||
uid = 405222;
|
uid = 3499746127; # genid ejabberd
|
||||||
# TODO uid = 3483034447; # genid ejabberd
|
|
||||||
};
|
};
|
||||||
|
|
||||||
my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" ''
|
my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" ''
|
||||||
|
@ -149,7 +149,7 @@ let
|
|||||||
shell = "/bin/sh";
|
shell = "/bin/sh";
|
||||||
openssh.authorizedKeys.keys =
|
openssh.authorizedKeys.keys =
|
||||||
mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
|
mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
|
||||||
uid = 112606723; # genid git
|
uid = 129318403; # genid git
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -237,13 +237,13 @@ let
|
|||||||
|
|
||||||
fcgitwrap-user = {
|
fcgitwrap-user = {
|
||||||
name = "fcgiwrap";
|
name = "fcgiwrap";
|
||||||
uid = 2851179180; # genid fcgiwrap
|
uid = 2867890860; # genid fcgiwrap
|
||||||
group = "fcgiwrap";
|
group = "fcgiwrap";
|
||||||
};
|
};
|
||||||
|
|
||||||
fcgitwrap-group = {
|
fcgitwrap-group = {
|
||||||
name = "fcgiwrap";
|
name = fcgitwrap-user.name;
|
||||||
gid = 2851179180; # genid fcgiwrap
|
gid = fcgitwrap-user.uid;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -75,7 +75,7 @@ let
|
|||||||
|
|
||||||
user = {
|
user = {
|
||||||
name = "github-hosts-sync";
|
name = "github-hosts-sync";
|
||||||
uid = 3203842966; # genid github-hosts-sync
|
uid = 3220554646; # genid github-hosts-sync
|
||||||
};
|
};
|
||||||
|
|
||||||
Zpkgs = import ../../Zpkgs/tv { inherit pkgs; };
|
Zpkgs = import ../../Zpkgs/tv { inherit pkgs; };
|
||||||
|
@ -46,7 +46,6 @@ let
|
|||||||
description = ''
|
description = ''
|
||||||
The tinc network name.
|
The tinc network name.
|
||||||
It is used to generate long host entries,
|
It is used to generate long host entries,
|
||||||
derive the name of the user account under which tincd runs,
|
|
||||||
and name the TUN device.
|
and name the TUN device.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -106,20 +105,22 @@ let
|
|||||||
# and the private key.
|
# and the private key.
|
||||||
ExecStartPre = pkgs.writeScript "retiolum-init" ''
|
ExecStartPre = pkgs.writeScript "retiolum-init" ''
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
install -o ${user} -m 0400 ${cfg.privateKeyFile} /tmp/retiolum-rsa_key.priv
|
install -o ${user.name} -m 0400 ${cfg.privateKeyFile} /tmp/retiolum-rsa_key.priv
|
||||||
'';
|
'';
|
||||||
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user} -D";
|
ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user.name} -D";
|
||||||
SyslogIdentifier = "retiolum";
|
SyslogIdentifier = "retiolum";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO user.name = "retiolum"
|
|
||||||
users.extraUsers = singleton {
|
users.extraUsers = singleton {
|
||||||
name = user;
|
inherit (user) name uid;
|
||||||
uid = 2961822815; # bin/genid retiolum-tinc
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
user = {
|
||||||
|
name = "retiolum";
|
||||||
|
uid = 301281149; # genid retiolum
|
||||||
|
};
|
||||||
|
|
||||||
tinc = cfg.tincPackage;
|
tinc = cfg.tincPackage;
|
||||||
hostsType = builtins.typeOf cfg.hosts;
|
hostsType = builtins.typeOf cfg.hosts;
|
||||||
@ -217,21 +218,5 @@ let
|
|||||||
|
|
||||||
chmod +x $out/tinc-up
|
chmod +x $out/tinc-up
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
user = cfg.network + "-tinc";
|
|
||||||
|
|
||||||
in
|
in
|
||||||
out
|
out
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#let
|
|
||||||
# cfg = config.tv.retiolum;
|
|
||||||
# arg' = arg // { inherit cfg; };
|
|
||||||
#in
|
|
||||||
#
|
|
||||||
#{
|
|
||||||
# options.tv.retiolum = import ./options.nix arg';
|
|
||||||
# config = lib.mkIf cfg.enable (import ./config.nix arg');
|
|
||||||
#}
|
|
||||||
|
@ -28,7 +28,7 @@ let
|
|||||||
};
|
};
|
||||||
from = mkOption {
|
from = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "${cfg.user}@${config.networking.hostName}.retiolum";
|
default = "${user.name}@${config.networking.hostName}.retiolum";
|
||||||
description = ''
|
description = ''
|
||||||
Content of the From: header of the generated mails.
|
Content of the From: header of the generated mails.
|
||||||
'';
|
'';
|
||||||
@ -54,11 +54,6 @@ let
|
|||||||
https://nixos.org/channels/nixos-unstable/git-revision
|
https://nixos.org/channels/nixos-unstable/git-revision
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
user = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "urlwatch";
|
|
||||||
description = "User under which urlwatch runs.";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
|
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
|
||||||
@ -84,7 +79,7 @@ let
|
|||||||
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = user.name;
|
||||||
PermissionsStartOnly = "true";
|
PermissionsStartOnly = "true";
|
||||||
PrivateTmp = "true";
|
PrivateTmp = "true";
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
@ -94,11 +89,10 @@ let
|
|||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
dataDir=$HOME
|
dataDir=$HOME
|
||||||
user=${escapeShellArg cfg.user}
|
|
||||||
|
|
||||||
if ! test -e "$dataDir"; then
|
if ! test -e "$dataDir"; then
|
||||||
mkdir -m 0700 -p "$dataDir"
|
mkdir -m 0700 -p "$dataDir"
|
||||||
chown "$user": "$dataDir"
|
chown ${user.name}: "$dataDir"
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
ExecStart = pkgs.writeScript "urlwatch" ''
|
ExecStart = pkgs.writeScript "urlwatch" ''
|
||||||
@ -108,7 +102,6 @@ let
|
|||||||
from=${escapeShellArg cfg.from}
|
from=${escapeShellArg cfg.from}
|
||||||
mailto=${escapeShellArg cfg.mailto}
|
mailto=${escapeShellArg cfg.mailto}
|
||||||
urlsFile=${escapeShellArg urlsFile}
|
urlsFile=${escapeShellArg urlsFile}
|
||||||
user=${escapeShellArg cfg.user}
|
|
||||||
|
|
||||||
cd /tmp
|
cd /tmp
|
||||||
|
|
||||||
@ -130,11 +123,14 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users.extraUsers = optionals (cfg.user == "urlwatch") (singleton {
|
users.extraUsers = singleton {
|
||||||
name = "urlwatch";
|
inherit (user) name uid;
|
||||||
uid = 3450919516; # bin/genid urlwatch
|
};
|
||||||
});
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
user = {
|
||||||
|
name = "urlwatch";
|
||||||
|
uid = 3467631196; # genid urlwatch
|
||||||
|
};
|
||||||
in
|
in
|
||||||
out
|
out
|
||||||
|
Loading…
Reference in New Issue
Block a user