Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'ni/master'

Browse Source
This commit is contained in:
lassulus 2021-11-08 09:06:57 +01:00
commit 4452b26816
16 changed files with 100 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krebs/3modules/airdcpp.nix
View File

@ -45,7 +45,7 @@ let
Nick Name for hub Nick Name for hub
''; '';
type = str; type = str;
default = cfg.Nick; default = cfg.dcpp.Nick;
}; };
Password = mkOption { Password = mkOption {
description = '' description = ''

3
krebs/3modules/backup.nix
View File

@ -14,7 +14,7 @@ let
default = {}; default = {};
type = types.attrsOf (types.submodule ({ config, ... }: { type = types.attrsOf (types.submodule ({ config, ... }: {
options = { options = {
enable = mkEnableOption "krebs.backup.${config.name}" // { enable = mkEnableOption "krebs.backup.${config._module.args.name}" // {
default = true; default = true;
}; };
method = mkOption { method = mkOption {
@ -23,6 +23,7 @@ let
name = mkOption { name = mkOption {
type = types.str; type = types.str;
default = config._module.args.name; default = config._module.args.name;
defaultText = "name";
}; };
src = mkOption { src = mkOption {
type = types.krebs.file-location; type = types.krebs.file-location;

2
krebs/3modules/bepasty-server.nix
View File

@ -58,6 +58,7 @@ let
permissions will be set to 755 permissions will be set to 755
''; '';
default = config.users.extraUsers.bepasty.home; default = config.users.extraUsers.bepasty.home;
defaultText = "<literal>\${config.users.extraUsers.bepasty.home}</literal>";
}; };
dataDir = mkOption { dataDir = mkOption {
@ -67,6 +68,7 @@ let
/var/lib/bepasty-server/data /var/lib/bepasty-server/data
''; '';
default = "${config.users.extraUsers.bepasty.home}/data"; default = "${config.users.extraUsers.bepasty.home}/data";
defaultText = "<literal>\${config.users.extraUsers.bepasty.home}/data</literal>";
}; };
extraConfig = mkOption { extraConfig = mkOption {

2
krebs/3modules/build.nix
View File

@ -10,7 +10,7 @@ with import <stockholm/lib>;
}; };
profile = mkOption { profile = mkOption {
type = types.absolute-path; type = types.absolute-pathname;
default = "/nix/var/nix/profiles/system"; default = "/nix/var/nix/profiles/system";
}; };

2
krebs/3modules/buildbot/master.nix
View File

@ -137,7 +137,7 @@ let
type = types.listOf types.str; type = types.listOf types.str;
example = [ "cac.json" ]; example = [ "cac.json" ];
description = '' description = ''
List of all the secrets in <secrets> which should be copied into the List of all the secrets in secrets which should be copied into the
buildbot master directory. buildbot master directory.
''; '';
}; };

1
krebs/3modules/exim-smarthost.nix
View File

@ -31,6 +31,7 @@ let
owner.name = "exim"; owner.name = "exim";
source-path = toString <secrets> + "/${config.domain}.dkim.priv"; source-path = toString <secrets> + "/${config.domain}.dkim.priv";
}; };
defaultText = "secrets/domain.dkim.priv";
}; };
selector = mkOption { selector = mkOption {
type = types.str; type = types.str;

9
krebs/3modules/git.nix
View File

@ -53,7 +53,7 @@ let
control system, using a built in cache to decrease pressure on the control system, using a built in cache to decrease pressure on the
git server. git server.
cgit in this module is being served via fastcgi nginx.This module cgit in this module is being served via fastcgi nginx.This module
deploys a http://cgit.<hostname> nginx configuration and enables nginx deploys a http://cgit.hostname nginx configuration and enables nginx
if not yet enabled. if not yet enabled.
''; '';
}; };
@ -207,7 +207,7 @@ let
List of users that should be able to do everything with this repo. List of users that should be able to do everything with this repo.
This option is currently not used by krebs.git but instead can be This option is currently not used by krebs.git but instead can be
used to create rules. See e.g. <stockholm/lass/2configs/git.nix> for used to create rules. See e.g. stockholm/lass/2configs/git.nix for
an example. an example.
''; '';
}; };
@ -222,6 +222,7 @@ let
path = mkOption { path = mkOption {
type = types.str; type = types.str;
default = "${cfg.dataDir}/${config.name}"; default = "${cfg.dataDir}/${config.name}";
defaultText = "${cfg.dataDir}/reponame";
description = '' description = ''
An absolute path to the repository directory. For non-bare An absolute path to the repository directory. For non-bare
repositories this is the .git-directory. repositories this is the .git-directory.
@ -237,6 +238,7 @@ let
url = mkOption { url = mkOption {
type = types.str; type = types.str;
default = config.name; default = config.name;
defaultText = "reponame";
description = '' description = ''
The relative url used to access the repository. The relative url used to access the repository.
''; '';
@ -249,7 +251,7 @@ let
List of users that should be able to fetch from this repo. List of users that should be able to fetch from this repo.
This option is currently not used by krebs.git but instead can be This option is currently not used by krebs.git but instead can be
used to create rules. See e.g. <stockholm/tv/2configs/git.nix> for used to create rules. See e.g. stockholm/tv/2configs/git.nix for
an example. an example.
''; '';
}; };
@ -258,6 +260,7 @@ let
description = '' description = ''
Repository name. Repository name.
''; '';
defaultText = "reponame";
}; };
hooks = mkOption { hooks = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;

2
krebs/3modules/github-hosts-sync.nix
View File

@ -18,10 +18,12 @@ let
srcDir = mkOption { srcDir = mkOption {
type = types.str; type = types.str;
default = "${config.krebs.tinc.retiolum.confDir}/hosts"; default = "${config.krebs.tinc.retiolum.confDir}/hosts";
defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts";
}; };
ssh-identity-file = mkOption { ssh-identity-file = mkOption {
type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
default = toString <secrets/github-hosts-sync.ssh.id_ed25519>; default = toString <secrets/github-hosts-sync.ssh.id_ed25519>;
defaultText = "secrets/github-hosts-sync.ssh.id_ed25519";
}; };
url = mkOption { url = mkOption {
type = types.str; type = types.str;

26
krebs/3modules/github-known-hosts.nix
View File

@ -2,8 +2,8 @@
services.openssh.knownHosts.github = { services.openssh.knownHosts.github = {
hostNames = [ hostNames = [
"github.com" "github.com"
# List generated with # List generated with (IPv6 addresses are currently ignored):
# curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R . # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R .
"192.30.252.*" "192.30.252.*"
"192.30.253.*" "192.30.253.*"
"192.30.254.*" "192.30.254.*"
@ -28,6 +28,22 @@
"140.82.125.*" "140.82.125.*"
"140.82.126.*" "140.82.126.*"
"140.82.127.*" "140.82.127.*"
"143.55.64.*"
"143.55.65.*"
"143.55.66.*"
"143.55.67.*"
"143.55.68.*"
"143.55.69.*"
"143.55.70.*"
"143.55.71.*"
"143.55.72.*"
"143.55.73.*"
"143.55.74.*"
"143.55.75.*"
"143.55.76.*"
"143.55.77.*"
"143.55.78.*"
"143.55.79.*"
"13.114.40.48" "13.114.40.48"
"52.192.72.89" "52.192.72.89"
"52.69.186.44" "52.69.186.44"
@ -44,6 +60,9 @@
"18.228.52.138" "18.228.52.138"
"18.228.67.229" "18.228.67.229"
"18.231.5.6" "18.231.5.6"
"20.201.28.151"
"20.205.243.166"
"102.133.202.242"
"18.181.13.223" "18.181.13.223"
"54.238.117.237" "54.238.117.237"
"54.168.17.15" "54.168.17.15"
@ -60,6 +79,9 @@
"54.233.131.104" "54.233.131.104"
"18.231.104.233" "18.231.104.233"
"18.228.167.86" "18.228.167.86"
"20.201.28.152"
"20.205.243.160"
"102.133.202.246"
]; ];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
}; };

6
krebs/3modules/htgen.nix
View File

@ -13,7 +13,7 @@ let
default = {}; default = {};
type = types.attrsOf (types.submodule ({ config, ... }: { type = types.attrsOf (types.submodule ({ config, ... }: {
options = { options = {
enable = mkEnableOption "krebs.htgen-${config.name}"; enable = mkEnableOption "krebs.htgen-${config._module.args.name}";
name = mkOption { name = mkOption {
type = types.username; type = types.username;
@ -38,6 +38,10 @@ let
name = "htgen-${config.name}"; name = "htgen-${config.name}";
home = "/var/lib/htgen-${config.name}"; home = "/var/lib/htgen-${config.name}";
}; };
defaultText = {
name = "htgen-name";
home = "/var/lib/htgen-name";
};
}; };
}; };
})); }));

3
krebs/3modules/reaktor2.nix
View File

@ -26,11 +26,13 @@ with import <stockholm/lib>;
}; };
stateDir = mkOption { stateDir = mkOption {
default = "/var/lib/${self.config.username}"; default = "/var/lib/${self.config.username}";
defaultText = "/var/lib/username";
readOnly = true; readOnly = true;
type = types.absolute-pathname; type = types.absolute-pathname;
}; };
systemd-service-name = mkOption { systemd-service-name = mkOption {
default = "reaktor2${optionalString (name != "default") "-${name}"}"; default = "reaktor2${optionalString (name != "default") "-${name}"}";
defaultText = "reaktor2-name or just reaktor2 if name is \"default\"";
type = types.filename; type = types.filename;
}; };
sendDelaySec = mkOption { sendDelaySec = mkOption {
@ -39,6 +41,7 @@ with import <stockholm/lib>;
}; };
username = mkOption { username = mkOption {
default = self.config.systemd-service-name; default = self.config.systemd-service-name;
defaultText = "systemd-service-name";
type = types.username; type = types.username;
}; };
useTLS = mkOption { useTLS = mkOption {

2
krebs/3modules/rtorrent.nix
View File

@ -96,7 +96,7 @@ let
basic authentication to be used. If unset, no authentication will be basic authentication to be used. If unset, no authentication will be
enabled. enabled.
Refer to `services.nginx.virtualHosts.<name>.basicAuth` Refer to `services.nginx.virtualHosts.name.basicAuth`
''; '';
default = {}; default = {};
}; };

4
krebs/3modules/shadow.nix
View File

@ -55,11 +55,11 @@ in {
The overrides file may contain either regular shadow(5) entries like: The overrides file may contain either regular shadow(5) entries like:
<code>&lt;login-name&gt;:&lt;hashed-password&gt;:1::::::</code> <code>login-name:hashed-password:1::::::</code>
Or shortened entries only containing login name and password like: Or shortened entries only containing login name and password like:
<code>&lt;login-name&gt;:&lt;hashed-password&gt</code> <code>login-name:hashed-password</code>
''; '';
type = types.nullOr (types.either types.path types.absolute-pathname); type = types.nullOr (types.either types.path types.absolute-pathname);
}; };

27
krebs/3modules/tinc.nix
View File

@ -81,9 +81,16 @@ let
''} ''}
${tinc.config.tincUpExtra} ${tinc.config.tincUpExtra}
''; '';
defaultText = ''
ip -4 addr add net.ip4.addr dev ${netname}
ip -4 route add net.ip4.prefix dev ${netname}
ip -6 addr add net.ip6.addr dev ${netname}
ip -6 route add net.ip6.prefix dev ${netname}
${tinc.config.tincUpExtra}
'';
description = '' description = ''
tinc-up script to be used. Defaults to setting the tinc-up script to be used. Defaults to setting the
krebs.host.nets.<netname>.ip4 and ip6 for the new ips and krebs.host.nets.netname.ip4 and ip6 for the new ips and
configures forwarding of the respecitive netmask as subnet. configures forwarding of the respecitive netmask as subnet.
''; '';
}; };
@ -103,6 +110,7 @@ let
type = with types; attrsOf host; type = with types; attrsOf host;
default = default =
filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
defaultText = "all-hosts-of-netname";
description = '' description = ''
Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>. Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>.
Note that these hosts must have a network named Note that these hosts must have a network named
@ -138,9 +146,10 @@ let
'') tinc.config.hosts)} '') tinc.config.hosts)}
''; '';
}; };
defaultText = "netname-tinc-hosts";
description = '' description = ''
Package of tinc host configuration files. By default, a package will Package of tinc host configuration files. By default, a package will
be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This be generated from <literal>config.krebs.netname.hosts</literal>. This
option's main purpose is to expose the generated hosts package to other option's main purpose is to expose the generated hosts package to other
modules, like <literal>config.krebs.tinc_graphs</literal>. But it can modules, like <literal>config.krebs.tinc_graphs</literal>. But it can
also be used to provide a custom hosts directory. also be used to provide a custom hosts directory.
@ -168,6 +177,7 @@ let
owner = tinc.config.user; owner = tinc.config.user;
source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv"; source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv";
}; };
defaultText = "secrets/netname.rsa_key.priv";
}; };
privkey_ed25519 = mkOption { privkey_ed25519 = mkOption {
@ -179,11 +189,12 @@ let
owner = tinc.config.user; owner = tinc.config.user;
source-path = toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv"; source-path = toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv";
}; };
defaultText = "secrets/netname.ed25519_key.priv";
}; };
connectTo = mkOption { connectTo = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
${if tinc.config.netname == "retiolum" then "default" else null} = [ ${if netname == "retiolum" then "default" else null} = [
"gum" "gum"
"ni" "ni"
"prism" "prism"
@ -194,8 +205,10 @@ let
routeable IPv4 or IPv6 address. routeable IPv4 or IPv6 address.
In stockholm this can be done by configuring: In stockholm this can be done by configuring:
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip {
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; krebs.hosts.host.nets.netname.via.ip4.addr = external-ip;
krebs.hosts.host.nets.netname.tinc.port = 1655;
}
''; '';
}; };
@ -205,6 +218,10 @@ let
name = tinc.config.netname; name = tinc.config.netname;
home = "/var/lib/${tinc.config.user.name}"; home = "/var/lib/${tinc.config.user.name}";
}; };
defaultText = {
name = "netname";
home = "/var/lib/netname";
};
}; };
}; };
})); }));

2
krebs/3modules/tinc_graphs.nix
View File

@ -24,6 +24,7 @@ let
type = types.str; type = types.str;
description = "Path to Hosts directory"; description = "Path to Hosts directory";
default = "${config.krebs.tinc.retiolum.hostsPackage}"; default = "${config.krebs.tinc.retiolum.hostsPackage}";
defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}";
}; };
network = mkOption { network = mkOption {
@ -68,6 +69,7 @@ let
Defaults to the new users home dir which defaults to Defaults to the new users home dir which defaults to
/var/cache/tinc_graphs''; /var/cache/tinc_graphs'';
default = config.users.extraUsers.tinc_graphs.home; default = config.users.extraUsers.tinc_graphs.home;
defaultText = "<literal>\${config.users.extraUsers.tinc_graphs.home}</literal>";
}; };
timerConfig = mkOption { timerConfig = mkOption {

30
lib/types.nix
View File

@ -34,7 +34,7 @@ rec {
ci = mkOption { ci = mkOption {
description = '' description = ''
If true, then the host wants to be tested by some CI system. If true, then the host wants to be tested by some CI system.
See <stockholm/krebs/2configs/buildbot-all.nix> See stockholm/krebs/2configs/buildbot-all.nix
''; '';
type = bool; type = bool;
default = false; default = false;
@ -43,7 +43,7 @@ rec {
external = mkOption { external = mkOption {
description = '' description = ''
Whether the host is defined externally (in contrast to being defined Whether the host is defined externally (in contrast to being defined
in <stockholm>). This is useful e.g. when legacy and/or adopted in stockholm). This is useful e.g. when legacy and/or adopted
hosts should be part of retiolum or some other component. hosts should be part of retiolum or some other component.
''; '';
type = bool; type = bool;
@ -102,7 +102,14 @@ rec {
default = config._module.args.name; default = config._module.args.name;
}; };
via = mkOption { via = mkOption {
type = nullOr net; type =
# XXX break infinite recursion when generating manuals
if config._module.args.name == "name" then
mkOptionType {
name = "net";
}
else
nullOr net;
default = null; default = null;
}; };
addrs = mkOption { addrs = mkOption {
@ -128,7 +135,7 @@ rec {
}; };
prefix = mkOption ({ prefix = mkOption ({
type = cidr4; type = cidr4;
} // optionalAttrs (config.name == "retiolum") { } // optionalAttrs (config._module.args.name == "retiolum") {
default = "10.243.0.0/16"; default = "10.243.0.0/16";
}); });
}; };
@ -144,7 +151,7 @@ rec {
}; };
prefix = mkOption ({ prefix = mkOption ({
type = cidr6; type = cidr6;
} // optionalAttrs (config.name == "retiolum") { } // optionalAttrs (config._module.args.name == "retiolum") {
default = "42::/16"; default = "42::/16";
}); });
}; };
@ -179,6 +186,12 @@ rec {
++ ++
[config.pubkey] [config.pubkey]
); );
defaultText = ''
Address = addr port # for each net.via.addrs
Subnet = addr # for each net.addrs
extraConfig
pubkey
'';
}; };
pubkey = mkOption { pubkey = mkOption {
type = tinc-pubkey; type = tinc-pubkey;
@ -252,6 +265,7 @@ rec {
path = mkOption { path = mkOption {
type = absolute-pathname; type = absolute-pathname;
default = "/run/keys/${config.name}"; default = "/run/keys/${config.name}";
defaultText = "/run/keys/name";
}; };
mode = mkOption { mode = mkOption {
type = file-mode; type = file-mode;
@ -267,10 +281,12 @@ rec {
service = mkOption { service = mkOption {
type = systemd.unit-name; type = systemd.unit-name;
default = "secret-${lib.systemd.encodeName config.name}.service"; default = "secret-${lib.systemd.encodeName config.name}.service";
defaultText = "secret-name.service";
}; };
source-path = mkOption { source-path = mkOption {
type = str; type = str;
default = toString <secrets> + "/${config.name}"; default = toString <secrets> + "/${config.name}";
defaultText = "secrets/name";
}; };
}; };
}); });
@ -379,6 +395,7 @@ rec {
home = mkOption { home = mkOption {
type = absolute-pathname; type = absolute-pathname;
default = "/home/${config.name}"; default = "/home/${config.name}";
defaultText = "/home/name";
}; };
mail = mkOption { mail = mkOption {
type = nullOr str; type = nullOr str;
@ -406,6 +423,7 @@ rec {
uid = mkOption { uid = mkOption {
type = int; type = int;
default = genid_uint31 config.name; default = genid_uint31 config.name;
defaultText = "genid_uint31 name";
}; };
}; };
}); });
@ -414,10 +432,12 @@ rec {
name = mkOption { name = mkOption {
type = username; type = username;
default = config._module.args.name; default = config._module.args.name;
defaultText = "genid_uint31 name";
}; };
gid = mkOption { gid = mkOption {
type = int; type = int;
default = genid_uint31 config.name; default = genid_uint31 config.name;
defaultText = "genid_uint31 name";
}; };
}; };
}); });