Merge remote-tracking branch 'ni/master'
This commit is contained in:
lassulus
commit
68bae0b221
@ -138,41 +138,54 @@ let
|
||||
let inherit (config.krebs.build.host.ssh) privkey; in
|
||||
mkIf (privkey != null) [privkey];
|
||||
|
||||
# TODO use imports for merging
|
||||
services.openssh.knownHosts =
|
||||
(let inherit (config.krebs.build.host.ssh) pubkey; in
|
||||
optionalAttrs (pubkey != null) {
|
||||
localhost = {
|
||||
hostNames = ["localhost" "127.0.0.1" "::1"];
|
||||
publicKey = pubkey;
|
||||
};
|
||||
})
|
||||
//
|
||||
mapAttrs
|
||||
(name: host: {
|
||||
filterAttrs
|
||||
(knownHostName: knownHost:
|
||||
knownHost.publicKey != null &&
|
||||
knownHost.hostNames != []
|
||||
)
|
||||
(mapAttrs
|
||||
(hostName: host: {
|
||||
hostNames =
|
||||
concatLists
|
||||
(mapAttrsToList
|
||||
(net-name: net:
|
||||
(netName: net:
|
||||
let
|
||||
longs = net.aliases;
|
||||
shorts =
|
||||
aliases =
|
||||
concatLists [
|
||||
shortAliases
|
||||
net.aliases
|
||||
net.addrs
|
||||
];
|
||||
shortAliases =
|
||||
optionals
|
||||
(cfg.dns.search-domain != null)
|
||||
(map (removeSuffix ".${cfg.dns.search-domain}")
|
||||
(filter (hasSuffix ".${cfg.dns.search-domain}")
|
||||
longs));
|
||||
add-port = a:
|
||||
net.aliases));
|
||||
addPort = alias:
|
||||
if net.ssh.port != 22
|
||||
then "[${a}]:${toString net.ssh.port}"
|
||||
else a;
|
||||
then "[${alias}]:${toString net.ssh.port}"
|
||||
else alias;
|
||||
in
|
||||
map add-port (shorts ++ longs ++ net.addrs))
|
||||
map addPort aliases
|
||||
)
|
||||
host.nets);
|
||||
|
||||
publicKey = host.ssh.pubkey;
|
||||
})
|
||||
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
|
||||
(foldl' mergeAttrs {} [
|
||||
cfg.hosts
|
||||
{
|
||||
localhost = {
|
||||
nets.local = {
|
||||
addrs = [ "127.0.0.1" "::1" ];
|
||||
aliases = [ "localhost" ];
|
||||
ssh.port = 22;
|
||||
};
|
||||
ssh.pubkey = config.krebs.build.host.ssh.pubkey;
|
||||
};
|
||||
}
|
||||
]));
|
||||
|
||||
programs.ssh.extraConfig = concatMapStrings
|
||||
(net: ''
|
||||
|
||||
30
krebs/5pkgs/haskell/nix-serve-ng.nix
Normal file
30
krebs/5pkgs/haskell/nix-serve-ng.nix
Normal file
@ -0,0 +1,30 @@
|
||||
{ mkDerivation, async, base, base16, base32, bytestring, charset
|
||||
, fetchgit, http-client, http-types, lib, managed, megaparsec, mtl
|
||||
, network, nix, optparse-applicative, tasty-bench, temporary, text
|
||||
, turtle, vector, wai, wai-extra, warp, warp-tls
|
||||
, boost
|
||||
}:
|
||||
mkDerivation {
|
||||
pname = "nix-serve-ng";
|
||||
version = "1.0.0";
|
||||
src = fetchgit {
|
||||
url = "https://github.com/aristanetworks/nix-serve-ng";
|
||||
sha256 = "0mqp67z5mi8rsjahdh395n7ppf0b65k8rd3pvnl281g02rbr69y2";
|
||||
rev = "433f70f4daae156b84853f5aaa11987aa5ce7277";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
isLibrary = false;
|
||||
isExecutable = true;
|
||||
executableHaskellDepends = [
|
||||
base base16 base32 bytestring charset http-types managed megaparsec
|
||||
mtl network optparse-applicative vector wai wai-extra warp warp-tls
|
||||
];
|
||||
executablePkgconfigDepends = [ nix ];
|
||||
executableSystemDepends = [ boost.dev ];
|
||||
benchmarkHaskellDepends = [
|
||||
async base bytestring http-client tasty-bench temporary text turtle
|
||||
vector
|
||||
];
|
||||
description = "A drop-in replacement for nix-serve that's faster and more stable";
|
||||
license = lib.licenses.bsd3;
|
||||
}
|
||||
@ -6,7 +6,7 @@ with import <stockholm/lib>;
|
||||
programs.bash = {
|
||||
interactiveShellInit = /* sh */ ''
|
||||
HISTCONTROL='erasedups:ignorespace'
|
||||
HISTSIZE=65536
|
||||
HISTSIZE=900001
|
||||
HISTFILESIZE=$HISTSIZE
|
||||
HISTTIMEFORMAT=
|
||||
|
||||
|
||||
@ -3,24 +3,15 @@
|
||||
environment.etc."binary-cache.pubkey".text =
|
||||
config.krebs.build.host.binary-cache.pubkey;
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(self: super: {
|
||||
nix-serve = self.haskellPackages.nix-serve-ng;
|
||||
})
|
||||
];
|
||||
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path;
|
||||
};
|
||||
|
||||
systemd.services.nix-serve = {
|
||||
after = [
|
||||
config.krebs.secret.files.binary-cache-seckey.service
|
||||
];
|
||||
partOf = [
|
||||
config.krebs.secret.files.binary-cache-seckey.service
|
||||
];
|
||||
};
|
||||
|
||||
krebs.secret.files.binary-cache-seckey = {
|
||||
path = "/run/secret/nix-serve.key";
|
||||
owner.name = "nix-serve";
|
||||
source-path = toString <secrets> + "/nix-serve.key";
|
||||
secretKeyFile = toString <secrets> + "/nix-serve.key";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
@ -28,6 +19,7 @@
|
||||
virtualHosts.nix-serve = {
|
||||
serverAliases = [
|
||||
"cache.${config.krebs.build.host.name}.hkw"
|
||||
"cache.${config.krebs.build.host.name}.r"
|
||||
];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
|
||||
@ -71,7 +71,7 @@ in {
|
||||
export PATH=${lib.makeSearchPath "bin" [
|
||||
pkgs.tmux
|
||||
pkgs.gnugrep
|
||||
pkgs.weechat
|
||||
pkgs.weechat-tv
|
||||
]}
|
||||
if tmux list-sessions -F\#S | grep -q '^im''$'; then
|
||||
exec tmux attach -t im
|
||||
|
||||
9
tv/5pkgs/simple/weechat-tv.nix
Normal file
9
tv/5pkgs/simple/weechat-tv.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ lib, pkgs }:
|
||||
|
||||
pkgs.wrapWeechat pkgs.weechat-unwrapped {
|
||||
configure = { availablePlugins, ... }: {
|
||||
scripts = [
|
||||
pkgs.weechatScripts.weechat-matrix
|
||||
];
|
||||
};
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user