Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'ni/master'

Browse Source
This commit is contained in:
lassulus 2022-09-19 11:24:47 +02:00
commit 68bae0b221
6 changed files with 96 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
krebs/3modules/default.nix
View File

@ -138,41 +138,54 @@ let
let inherit (config.krebs.build.host.ssh) privkey; in let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) [privkey]; mkIf (privkey != null) [privkey];
# TODO use imports for merging
services.openssh.knownHosts = services.openssh.knownHosts =
(let inherit (config.krebs.build.host.ssh) pubkey; in filterAttrs
optionalAttrs (pubkey != null) { (knownHostName: knownHost:
localhost = { knownHost.publicKey != null &&
hostNames = ["localhost" "127.0.0.1" "::1"]; knownHost.hostNames != []
publicKey = pubkey; )
}; (mapAttrs
}) (hostName: host: {
// hostNames =
mapAttrs concatLists
(name: host: { (mapAttrsToList
hostNames = (netName: net:
concatLists let
(mapAttrsToList aliases =
(net-name: net: concatLists [
let shortAliases
longs = net.aliases; net.aliases
shorts = net.addrs
optionals ];
(cfg.dns.search-domain != null) shortAliases =
(map (removeSuffix ".${cfg.dns.search-domain}") optionals
(filter (hasSuffix ".${cfg.dns.search-domain}") (cfg.dns.search-domain != null)
longs)); (map (removeSuffix ".${cfg.dns.search-domain}")
add-port = a: (filter (hasSuffix ".${cfg.dns.search-domain}")
if net.ssh.port != 22 net.aliases));
then "[${a}]:${toString net.ssh.port}" addPort = alias:
else a; if net.ssh.port != 22
in then "[${alias}]:${toString net.ssh.port}"
map add-port (shorts ++ longs ++ net.addrs)) else alias;
host.nets); in
map addPort aliases
publicKey = host.ssh.pubkey; )
}) host.nets);
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts); publicKey = host.ssh.pubkey;
})
(foldl' mergeAttrs {} [
cfg.hosts
{
localhost = {
nets.local = {
addrs = [ "127.0.0.1" "::1" ];
aliases = [ "localhost" ];
ssh.port = 22;
};
ssh.pubkey = config.krebs.build.host.ssh.pubkey;
};
}
]));
programs.ssh.extraConfig = concatMapStrings programs.ssh.extraConfig = concatMapStrings
(net: '' (net: ''

30
krebs/5pkgs/haskell/nix-serve-ng.nix Normal file
View File

@ -0,0 +1,30 @@
{ mkDerivation, async, base, base16, base32, bytestring, charset
, fetchgit, http-client, http-types, lib, managed, megaparsec, mtl
, network, nix, optparse-applicative, tasty-bench, temporary, text
, turtle, vector, wai, wai-extra, warp, warp-tls
, boost
}:
mkDerivation {
pname = "nix-serve-ng";
version = "1.0.0";
src = fetchgit {
url = "https://github.com/aristanetworks/nix-serve-ng";
sha256 = "0mqp67z5mi8rsjahdh395n7ppf0b65k8rd3pvnl281g02rbr69y2";
rev = "433f70f4daae156b84853f5aaa11987aa5ce7277";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
base base16 base32 bytestring charset http-types managed megaparsec
mtl network optparse-applicative vector wai wai-extra warp warp-tls
];
executablePkgconfigDepends = [ nix ];
executableSystemDepends = [ boost.dev ];
benchmarkHaskellDepends = [
async base bytestring http-client tasty-bench temporary text turtle
vector
];
description = "A drop-in replacement for nix-serve that's faster and more stable";
license = lib.licenses.bsd3;
}

2
tv/2configs/bash/default.nix
View File

@ -6,7 +6,7 @@ with import <stockholm/lib>;
programs.bash = { programs.bash = {
interactiveShellInit = /* sh */ '' interactiveShellInit = /* sh */ ''
HISTCONTROL='erasedups:ignorespace' HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536 HISTSIZE=900001
HISTFILESIZE=$HISTSIZE HISTFILESIZE=$HISTSIZE
HISTTIMEFORMAT= HISTTIMEFORMAT=

24
tv/2configs/binary-cache/default.nix
View File

@ -3,24 +3,15 @@
environment.etc."binary-cache.pubkey".text = environment.etc."binary-cache.pubkey".text =
config.krebs.build.host.binary-cache.pubkey; config.krebs.build.host.binary-cache.pubkey;
nixpkgs.overlays = [
(self: super: {
nix-serve = self.haskellPackages.nix-serve-ng;
})
];
services.nix-serve = { services.nix-serve = {
enable = true; enable = true;
secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path; secretKeyFile = toString <secrets> + "/nix-serve.key";
};
systemd.services.nix-serve = {
after = [
config.krebs.secret.files.binary-cache-seckey.service
];
partOf = [
config.krebs.secret.files.binary-cache-seckey.service
];
};
krebs.secret.files.binary-cache-seckey = {
path = "/run/secret/nix-serve.key";
owner.name = "nix-serve";
source-path = toString <secrets> + "/nix-serve.key";
}; };
services.nginx = { services.nginx = {
@ -28,6 +19,7 @@
virtualHosts.nix-serve = { virtualHosts.nix-serve = {
serverAliases = [ serverAliases = [
"cache.${config.krebs.build.host.name}.hkw" "cache.${config.krebs.build.host.name}.hkw"
"cache.${config.krebs.build.host.name}.r"
]; ];
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port}; proxy_pass http://localhost:${toString config.services.nix-serve.port};

2
tv/3modules/im.nix
View File

@ -71,7 +71,7 @@ in {
export PATH=${lib.makeSearchPath "bin" [ export PATH=${lib.makeSearchPath "bin" [
pkgs.tmux pkgs.tmux
pkgs.gnugrep pkgs.gnugrep
pkgs.weechat pkgs.weechat-tv
]} ]}
if tmux list-sessions -F\#S | grep -q '^im''$'; then if tmux list-sessions -F\#S | grep -q '^im''$'; then
exec tmux attach -t im exec tmux attach -t im

9
tv/5pkgs/simple/weechat-tv.nix Normal file
View File

@ -0,0 +1,9 @@
{ lib, pkgs }:
pkgs.wrapWeechat pkgs.weechat-unwrapped {
configure = { availablePlugins, ... }: {
scripts = [
pkgs.weechatScripts.weechat-matrix
];
};
}