Merge remote-tracking branch 'pnp/master' into newmaster
This commit is contained in:
commit
40bef33900
@ -1,4 +0,0 @@
|
|||||||
deploy_host := root@pnp
|
|
||||||
nixpkgs_url := https://github.com/nixos/nixpkgs
|
|
||||||
nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870
|
|
||||||
secrets_dir := /home/makefu/secrets/pnp
|
|
1
Zpubkeys/makefu_omo.ssh.pub
Normal file
1
Zpubkeys/makefu_omo.ssh.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch
|
@ -8,10 +8,25 @@
|
|||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
|
||||||
../../2configs/makefu/base.nix
|
../2configs/base.nix
|
||||||
../../2configs/makefu/cgit-retiolum.nix
|
../2configs/cgit-retiolum.nix
|
||||||
];
|
];
|
||||||
krebs.build.host = config.krebs.hosts.pnp;
|
krebs.build.host = config.krebs.hosts.pnp;
|
||||||
|
krebs.build.user = config.krebs.users.makefu;
|
||||||
|
krebs.build.target = "root@pnp";
|
||||||
|
|
||||||
|
krebs.build.deps = {
|
||||||
|
nixpkgs = {
|
||||||
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
|
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
|
||||||
|
};
|
||||||
|
secrets = {
|
||||||
|
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
|
||||||
|
};
|
||||||
|
stockholm = {
|
||||||
|
url = toString ../..;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
@ -39,6 +39,7 @@ with lib;
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
jq
|
||||||
git
|
git
|
||||||
vim
|
vim
|
||||||
gnumake
|
gnumake
|
@ -1,17 +1,8 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
# TODO: remove tv lib :)
|
# TODO: remove tv lib :)
|
||||||
with import ../../4lib/tv { inherit lib pkgs; };
|
with import ../../tv/4lib { inherit lib pkgs; };
|
||||||
let
|
let
|
||||||
|
|
||||||
out = {
|
|
||||||
imports = [ ../../3modules/krebs/git.nix ];
|
|
||||||
krebs.git = {
|
|
||||||
enable = true;
|
|
||||||
root-title = "public repositories ";
|
|
||||||
root-desc = "keep on krebsing";
|
|
||||||
inherit repos rules;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
repos = priv-repos // krebs-repos ;
|
repos = priv-repos // krebs-repos ;
|
||||||
rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
|
rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
|
||||||
|
|
||||||
@ -39,12 +30,13 @@ let
|
|||||||
post-receive = git.irc-announce {
|
post-receive = git.irc-announce {
|
||||||
nick = config.networking.hostName;
|
nick = config.networking.hostName;
|
||||||
channel = "#retiolum";
|
channel = "#retiolum";
|
||||||
|
# TODO remove the hardcoded hostname
|
||||||
server = "cd.retiolum";
|
server = "cd.retiolum";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
set-owners = with git; repo: user:
|
set-owners = with git;repo: user:
|
||||||
singleton {
|
singleton {
|
||||||
inherit user;
|
inherit user;
|
||||||
repo = [ repo ];
|
repo = [ repo ];
|
||||||
@ -61,10 +53,27 @@ let
|
|||||||
# TODO: get the list of all krebsministers
|
# TODO: get the list of all krebsministers
|
||||||
krebsminister = with config.krebs.users; [ lass tv uriel ];
|
krebsminister = with config.krebs.users; [ lass tv uriel ];
|
||||||
|
|
||||||
priv-rules = with config.krebs.users; repo:
|
#all-makefu = with config.krebs.users; [ makefu ];
|
||||||
set-owners repo [ makefu ];
|
|
||||||
|
|
||||||
krebs-rules = with config.krebs.users; repo:
|
|
||||||
set-owners repo [ makefu ] ++ set-ro-access repo krebsminister ;
|
|
||||||
|
|
||||||
in out
|
all-makefu = with config.krebs.users; [ makefu makefu-omo ];
|
||||||
|
|
||||||
|
priv-rules = repo: set-owners repo all-makefu;
|
||||||
|
|
||||||
|
krebs-rules = repo:
|
||||||
|
set-owners repo all-makefu ++ set-ro-access repo krebsminister;
|
||||||
|
|
||||||
|
in {
|
||||||
|
imports = [{
|
||||||
|
krebs.users.makefu-omo = {
|
||||||
|
name = "makefu-omo" ;
|
||||||
|
pubkey= with builtins; readFile ../../Zpubkeys/makefu_omo.ssh.pub;
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
krebs.git = {
|
||||||
|
enable = true;
|
||||||
|
root-title = "public repositories";
|
||||||
|
root-desc = "keep on krebsing";
|
||||||
|
inherit repos rules;
|
||||||
|
};
|
||||||
|
}
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
|
|
||||||
with import ../../4lib/krebs { inherit lib; };
|
with import ../../krebs/4lib { inherit lib; };
|
||||||
let
|
let
|
||||||
cfg = config.krebs;
|
cfg = config.krebs;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user