3 krebs: put imps into user namespaces

2015-07-24 21:38:41 +02:00 · 2015-07-24 21:38:41 +02:00 · 85077a0cde
commit 85077a0cde
parent 7e43b2cc3e
1 changed files with 171 additions and 166 deletions
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@ -13,14 +13,7 @@ let
      ./urlwatch.nix
    ];
    options.krebs = api;
-    config = mkIf cfg.enable (mkMerge [
+    config = mkIf cfg.enable imp;
      { krebs.hosts = lass-hosts; }
      { krebs.hosts = makefu-hosts; }
      { krebs.hosts = tv-hosts; }
      { krebs.users = lass-users; }
      { krebs.users = makefu-users; }
      { krebs.users = tv-users; }
    ]);
  };
  api = {
@ -35,9 +28,16 @@ let
    };
  };
-  lass-hosts = addNames {
+  imp = mkMerge [
    { krebs = lass-imp; }
    { krebs = makefu-imp; }
    { krebs = tv-imp; }
  ];
  lass-imp = {
    hosts = addNames {
    };
-  lass-users = addNames {
+    users = addNames {
      lass = {
        pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
      };
@ -45,16 +45,20 @@ let
        pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
      };
    };
  makefu-hosts = addNames {
  };
-  makefu-users = addNames {
+
  makefu-imp = { 
    hosts = addNames {
    };
    users = addNames {
      makefu = {
        pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
      };
    };
  };
-  tv-hosts = addNames {
+  tv-imp = {
    hosts = addNames {
      cd = {
        cores = 2;
        dc = "tv"; #dc = "cac";
@ -207,11 +211,12 @@ let
        secure = true;
      };
    };
-  tv-users = addNames {
+    users = addNames {
      tv = {
        pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
      };
    };
  };
 in
 out