Merge remote-tracking branch 'ni/flakify'
This commit is contained in:
commit
a0c4427c0b
44
flake.lock
generated
Normal file
44
flake.lock
generated
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nix-writers": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1677612737,
|
||||||
|
"narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=",
|
||||||
|
"ref": "refs/heads/master",
|
||||||
|
"rev": "66a1f6833464bbb121b6d94247ad769f277351f8",
|
||||||
|
"revCount": 39,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://cgit.krebsco.de/nix-writers"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://cgit.krebsco.de/nix-writers"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1686135559,
|
||||||
|
"narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nix-writers": "nix-writers",
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
41
flake.nix
Normal file
41
flake.nix
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
{
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
|
nix-writers = {
|
||||||
|
url = "git+https://cgit.krebsco.de/nix-writers";
|
||||||
|
flake = false;
|
||||||
|
};
|
||||||
|
# disko.url = "github:nix-community/disko";
|
||||||
|
# disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
|
description = "stockholm";
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs, nix-writers }: {
|
||||||
|
nixosConfigurations.hotdog = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs.stockholm = self;
|
||||||
|
specialArgs.nix-writers = nix-writers;
|
||||||
|
specialArgs.secrets = toString ./krebs/0tests/data/secrets;
|
||||||
|
modules = [
|
||||||
|
./krebs/1systems/hotdog/config.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
nixosModules =
|
||||||
|
let
|
||||||
|
inherit (nixpkgs) lib;
|
||||||
|
in builtins.listToAttrs
|
||||||
|
(map
|
||||||
|
(name: {name = lib.removeSuffix ".nix" name; value = import (./krebs/3modules + "/${name}");})
|
||||||
|
(lib.filter
|
||||||
|
(name: name != "default.nix" && !lib.hasPrefix "." name)
|
||||||
|
(lib.attrNames (builtins.readDir ./krebs/3modules))));
|
||||||
|
|
||||||
|
kartei = {
|
||||||
|
hosts = self.nixosConfigurations.hotdog.config.krebs.hosts;
|
||||||
|
users = self.nixosConfigurations.hotdog.config.krebs.users;
|
||||||
|
};
|
||||||
|
lib = import (self.outPath + "/lib/pure.nix") { lib = nixpkgs.lib; };
|
||||||
|
};
|
||||||
|
}
|
@ -1,12 +1,13 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }: let
|
||||||
{ config, ... }: let
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
monitoring = false;
|
monitoring = false;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum.ip6.addr =
|
nets.retiolum.ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
users = {
|
users = {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, ... }: let
|
{ config, lib, ... }: let
|
||||||
lib = import ../../lib;
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
in {
|
in {
|
||||||
users.dave = {
|
users.dave = {
|
||||||
mail = "hsngrmpf@gmail.com";
|
mail = "hsngrmpf@gmail.com";
|
||||||
@ -8,7 +8,7 @@ in {
|
|||||||
owner = config.krebs.users.dave;
|
owner = config.krebs.users.dave;
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
aliases = [ "dave.r" ];
|
aliases = [ "dave.r" ];
|
||||||
ip6.addr = (lib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address;
|
||||||
ip4.addr = "10.243.0.6";
|
ip4.addr = "10.243.0.6";
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }:
|
||||||
{ config, ... }:
|
|
||||||
let
|
let
|
||||||
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
@ -8,11 +9,11 @@ let
|
|||||||
owner = config.krebs.users.dbalan;
|
owner = config.krebs.users.dbalan;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
} // optionalAttrs (host.nets?wiregrill) {
|
} // optionalAttrs (host.nets?wiregrill) {
|
||||||
nets.wiregrill = {
|
nets.wiregrill = {
|
||||||
ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
in
|
in
|
||||||
|
@ -9,7 +9,7 @@ in {
|
|||||||
(name: _type: let
|
(name: _type: let
|
||||||
path = ./. + "/${name}";
|
path = ./. + "/${name}";
|
||||||
in {
|
in {
|
||||||
krebs = import path { inherit config; };
|
krebs = import path { inherit config lib; };
|
||||||
})
|
})
|
||||||
(removeTemplate
|
(removeTemplate
|
||||||
(lib.filterAttrs
|
(lib.filterAttrs
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }: let
|
||||||
{ config, ... }: let
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
owner = config.krebs.users.feliks;
|
owner = config.krebs.users.feliks;
|
||||||
ci = false;
|
ci = false;
|
||||||
@ -7,10 +8,10 @@ with import ../../lib;
|
|||||||
monitoring = false;
|
monitoring = false;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum.ip6.addr =
|
nets.retiolum.ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
} // optionalAttrs (host.nets?wiregrill) {
|
} // optionalAttrs (host.nets?wiregrill) {
|
||||||
nets.wiregrill.ip6.addr =
|
nets.wiregrill.ip6.addr =
|
||||||
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
users.feliks = {
|
users.feliks = {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, ... }: let
|
{ config, lib, ... }: let
|
||||||
lib = import ../../lib;
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
in {
|
in {
|
||||||
|
|
||||||
users.jan = {
|
users.jan = {
|
||||||
@ -68,7 +68,7 @@ in {
|
|||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
aliases = [ "grill.r" ];
|
aliases = [ "grill.r" ];
|
||||||
ip4.addr = "10.243.217.217";
|
ip4.addr = "10.243.217.217";
|
||||||
ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII
|
MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }: let
|
||||||
{ config, ... }: let
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = true;
|
ci = true;
|
||||||
owner = config.krebs.users.jeschli;
|
owner = config.krebs.users.jeschli;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum.ip6.addr =
|
nets.retiolum.ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "jeschli" { inherit hostName; }).address;
|
||||||
});
|
});
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }:
|
||||||
{ config, ... }:
|
|
||||||
let
|
let
|
||||||
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
|
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
@ -9,11 +10,11 @@ let
|
|||||||
owner = config.krebs.users.kmein;
|
owner = config.krebs.users.kmein;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
} // optionalAttrs (host.nets?wiregrill) {
|
} // optionalAttrs (host.nets?wiregrill) {
|
||||||
nets.wiregrill = {
|
nets.wiregrill = {
|
||||||
ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||||
|
@ -1,11 +1,12 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }: let
|
||||||
{ config, ... }: let
|
inherit (lib) flip genAttrs mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
owner = config.krebs.users.krebs;
|
owner = config.krebs.users.krebs;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum.ip6.addr =
|
nets.retiolum.ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "krebs" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "krebs" { inherit hostName; }).address;
|
||||||
});
|
});
|
||||||
|
|
||||||
testHosts = genAttrs [
|
testHosts = genAttrs [
|
||||||
@ -66,7 +67,6 @@ in {
|
|||||||
tinc.pubkey_ed25519 = "D5TYSZW9OAkdnvQ/NL98UgheRC2Zg4SMNZ8M4/KwdeL";
|
tinc.pubkey_ed25519 = "D5TYSZW9OAkdnvQ/NL98UgheRC2Zg4SMNZ8M4/KwdeL";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64";
|
||||||
};
|
};
|
||||||
hotdog = {
|
hotdog = {
|
||||||
@ -100,7 +100,6 @@ in {
|
|||||||
tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL";
|
tinc.pubkey_ed25519 = "ugy/sGReVro3YzjDuroV/5hdeBdqD18no9dMhTy9DYL";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp";
|
||||||
};
|
};
|
||||||
news = {
|
news = {
|
||||||
@ -133,7 +132,6 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo ";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHl5cDF9QheXyMlNYIX17ILbgd94K50fZy7w0fDLvZlo ";
|
||||||
};
|
};
|
||||||
onebutton = {
|
onebutton = {
|
||||||
@ -161,7 +159,6 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe ";
|
||||||
};
|
};
|
||||||
ponte = {
|
ponte = {
|
||||||
@ -208,7 +205,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEw9fo8Qtb/DTLacdrJP7Ti7c4UXTm6wUUX+iRFweEo ";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEw9fo8Qtb/DTLacdrJP7Ti7c4UXTm6wUUX+iRFweEo ";
|
||||||
};
|
};
|
||||||
puyak = {
|
puyak = {
|
||||||
@ -234,7 +230,6 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY";
|
||||||
syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
|
syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR";
|
||||||
};
|
};
|
||||||
@ -259,7 +254,6 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc";
|
||||||
};
|
};
|
||||||
wolf = {
|
wolf = {
|
||||||
@ -296,7 +290,6 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
|
||||||
};
|
};
|
||||||
} // testHosts);
|
} // testHosts);
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }: let
|
||||||
{ config, ... }: let
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
r6 = ip: (krebs.genipv6 "retiolum" "lass" ip).address;
|
r6 = ip: (slib.krebs.genipv6 "retiolum" "lass" ip).address;
|
||||||
w6 = ip: (krebs.genipv6 "wiregrill" "lass" ip).address;
|
w6 = ip: (slib.krebs.genipv6 "wiregrill" "lass" ip).address;
|
||||||
hostFiles =
|
hostFiles =
|
||||||
builtins.map (lib.removeSuffix ".nix") (
|
builtins.map (lib.removeSuffix ".nix") (
|
||||||
builtins.filter
|
builtins.filter
|
||||||
@ -14,14 +14,17 @@ in {
|
|||||||
dns.providers = {
|
dns.providers = {
|
||||||
"lassul.us" = "zones";
|
"lassul.us" = "zones";
|
||||||
};
|
};
|
||||||
hosts = mapAttrs (_: recursiveUpdate {
|
hosts = lib.mapAttrs (_: lib.recursiveUpdate {
|
||||||
owner = config.krebs.users.lass;
|
owner = config.krebs.users.lass;
|
||||||
consul = true;
|
consul = true;
|
||||||
ci = true;
|
ci = true;
|
||||||
monitoring = true;
|
monitoring = true;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
}) (
|
}) (
|
||||||
lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") { inherit config krebs lib r6 w6; })
|
lib.genAttrs hostFiles (host: import (./. + "/${host}.nix") {
|
||||||
|
inherit config lib r6 w6;
|
||||||
|
inherit (slib) krebs;
|
||||||
|
})
|
||||||
);
|
);
|
||||||
users = rec {
|
users = rec {
|
||||||
lass = lass-yubikey;
|
lass = lass-yubikey;
|
||||||
|
@ -2,8 +2,10 @@
|
|||||||
# tinc generate-keys
|
# tinc generate-keys
|
||||||
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
|
# ssh-keygen -f ssh.id_ed25519 -t ed25519 -C host
|
||||||
|
|
||||||
with import ../../lib;
|
{ config, lib, ... }: let
|
||||||
{ config, ... }: let
|
inherit (builtins) foldl' mapAttrs pathExists readFile;
|
||||||
|
inherit (lib) optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
|
hostDefaults = hostName: host: foldl' recursiveUpdate {} [
|
||||||
{
|
{
|
||||||
@ -19,7 +21,7 @@ with import ../../lib;
|
|||||||
"${hostName}.r"
|
"${hostName}.r"
|
||||||
];
|
];
|
||||||
ip6.addr =
|
ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
# Retiolum ed25519 keys
|
# Retiolum ed25519 keys
|
||||||
@ -37,7 +39,7 @@ with import ../../lib;
|
|||||||
"${hostName}.w"
|
"${hostName}.w"
|
||||||
];
|
];
|
||||||
ip6.addr =
|
ip6.addr =
|
||||||
(krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
|
||||||
wireguard.pubkey = readFile pubkey-path;
|
wireguard.pubkey = readFile pubkey-path;
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
@ -54,7 +56,7 @@ with import ../../lib;
|
|||||||
];
|
];
|
||||||
|
|
||||||
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||||
w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
|
w6 = ip: (slib.krebs.genipv6 "wiregrill" "makefu" ip).address;
|
||||||
in {
|
in {
|
||||||
hosts = mapAttrs hostDefaults {
|
hosts = mapAttrs hostDefaults {
|
||||||
cake = rec {
|
cake = rec {
|
||||||
@ -156,7 +158,7 @@ in {
|
|||||||
# pixel3a
|
# pixel3a
|
||||||
telex.nets.wiregrill = {
|
telex.nets.wiregrill = {
|
||||||
aliases = ["telex.w"];
|
aliases = ["telex.w"];
|
||||||
ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address;
|
ip6.addr = (slib.krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address;
|
||||||
ip4.addr = "10.244.245.4";
|
ip4.addr = "10.244.245.4";
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -263,7 +265,7 @@ in {
|
|||||||
ip6.addr = w6 "1";
|
ip6.addr = w6 "1";
|
||||||
wireguard.port = 51821;
|
wireguard.port = 51821;
|
||||||
wireguard.subnets = [
|
wireguard.subnets = [
|
||||||
(krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
|
(slib.krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
|
||||||
"10.244.245.0/24" # required for routing directly to gum via rockit
|
"10.244.245.0/24" # required for routing directly to gum via rockit
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -1,12 +1,13 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }: let
|
||||||
{ config, ... }: let
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
monitoring = false;
|
monitoring = false;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum.ip6.addr =
|
nets.retiolum.ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
});
|
});
|
||||||
in {
|
in {
|
||||||
hosts = mapAttrs hostDefaults {
|
hosts = mapAttrs hostDefaults {
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }: let
|
||||||
{ config, ... }: let
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
@ -7,10 +8,10 @@ with import ../../lib;
|
|||||||
monitoring = false;
|
monitoring = false;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum.ip6.addr =
|
nets.retiolum.ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
} // optionalAttrs (host.nets?wiregrill) {
|
} // optionalAttrs (host.nets?wiregrill) {
|
||||||
nets.wiregrill.ip6.addr =
|
nets.wiregrill.ip6.addr =
|
||||||
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||||
});
|
});
|
||||||
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||||
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
|
tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, ... }: let
|
{ config, lib, ... }: let
|
||||||
lib = import ../../lib;
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
in {
|
in {
|
||||||
users.oxzi = {
|
users.oxzi = {
|
||||||
mail = "post@0x21.biz";
|
mail = "post@0x21.biz";
|
||||||
@ -13,7 +13,7 @@ in {
|
|||||||
"gosh.r"
|
"gosh.r"
|
||||||
];
|
];
|
||||||
ip4.addr = "10.243.32.1";
|
ip4.addr = "10.243.32.1";
|
||||||
ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "oxzi" { hostName = "ancha"; }).address;
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIICCgKCAgEA5RSP7nWZ1c04kvQBxoHqcdRKpJuRDzD3f0Nl2KhS7QsAqHJGdK7T
|
MIICCgKCAgEA5RSP7nWZ1c04kvQBxoHqcdRKpJuRDzD3f0Nl2KhS7QsAqHJGdK7T
|
||||||
@ -39,7 +39,7 @@ in {
|
|||||||
"marohu.oxzi.r"
|
"marohu.oxzi.r"
|
||||||
];
|
];
|
||||||
ip4.addr = "10.243.32.2";
|
ip4.addr = "10.243.32.2";
|
||||||
ip6.addr = (lib.krebs.genipv6 "retiolum" "oxzi" { hostName = "marohu"; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "oxzi" { hostName = "marohu"; }).address;
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIICCgKCAgEAxHLkvuH9JMXay/fEmoWTEqLHg9A50EzkxPVBn4nyezgp5vxsUqJz
|
MIICCgKCAgEAxHLkvuH9JMXay/fEmoWTEqLHg9A50EzkxPVBn4nyezgp5vxsUqJz
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }:
|
||||||
{ config, ... }:
|
|
||||||
let
|
let
|
||||||
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
@ -8,10 +9,10 @@ let
|
|||||||
monitoring = false;
|
monitoring = false;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum.ip6.addr =
|
nets.retiolum.ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
} // optionalAttrs (host.nets?wiregrill) {
|
} // optionalAttrs (host.nets?wiregrill) {
|
||||||
nets.wiregrill.ip6.addr =
|
nets.wiregrill.ip6.addr =
|
||||||
(krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||||
});
|
});
|
||||||
|
|
||||||
in
|
in
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }:
|
||||||
{ config, ... }:
|
|
||||||
let
|
let
|
||||||
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
@ -8,11 +10,11 @@ let
|
|||||||
owner = config.krebs.users.rtunreal;
|
owner = config.krebs.users.rtunreal;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
} // optionalAttrs (host.nets?wiregrill) {
|
} // optionalAttrs (host.nets?wiregrill) {
|
||||||
nets.wiregrill = {
|
nets.wiregrill = {
|
||||||
ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||||
|
@ -1,13 +1,12 @@
|
|||||||
{ config, ... }: let
|
{ config, lib, ... }: let
|
||||||
lib = import ../../lib;
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
hostDefaults = hostName: host: lib.flip lib.recursiveUpdate host ({
|
hostDefaults = hostName: host: lib.flip lib.recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
external = true;
|
external = true;
|
||||||
monitoring = false;
|
monitoring = false;
|
||||||
} // lib.optionalAttrs (host.nets?retiolum) {
|
} // lib.optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum.ip6.addr =
|
nets.retiolum.ip6.addr =
|
||||||
(lib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
});
|
});
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, ... }: let
|
{ config, lib, ... }: let
|
||||||
lib = import ../../lib;
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
in {
|
in {
|
||||||
users.DUMMYUSER = {
|
users.DUMMYUSER = {
|
||||||
mail = "DUMMYUSER@example.ork";
|
mail = "DUMMYUSER@example.ork";
|
||||||
@ -8,7 +8,7 @@ in {
|
|||||||
owner = config.krebs.users.DUMMYUSER;
|
owner = config.krebs.users.DUMMYUSER;
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
aliases = [ "DUMMYHOST.DUMMYUSER.r" ];
|
aliases = [ "DUMMYHOST.DUMMYUSER.r" ];
|
||||||
ip6.addr = (lib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "DUMMYUSER" { hostName = "DUMMYHOST"; }).address;
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
DUMMYTINCPUBKEYRSA
|
DUMMYTINCPUBKEYRSA
|
||||||
|
@ -1,5 +1,11 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }@attrs: let
|
||||||
{ config, ... }: {
|
inherit (builtins)
|
||||||
|
getAttr head mapAttrs match pathExists readDir readFile typeOf;
|
||||||
|
inherit (lib)
|
||||||
|
const hasAttrByPath mapAttrs' mkDefault mkIf optionalAttrs removeSuffix
|
||||||
|
toList;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
in {
|
||||||
dns.providers = {
|
dns.providers = {
|
||||||
"viljetic.de" = "regfish";
|
"viljetic.de" = "regfish";
|
||||||
};
|
};
|
||||||
@ -8,10 +14,10 @@ with import ../../lib;
|
|||||||
(hostName: hostFile: let
|
(hostName: hostFile: let
|
||||||
hostSource = import hostFile;
|
hostSource = import hostFile;
|
||||||
hostConfig = getAttr (typeOf hostSource) {
|
hostConfig = getAttr (typeOf hostSource) {
|
||||||
lambda = hostSource { inherit config lib; };
|
lambda = hostSource attrs;
|
||||||
set = hostSource;
|
set = hostSource;
|
||||||
};
|
};
|
||||||
in evalSubmodule types.host [
|
in slib.evalSubmodule slib.types.host [
|
||||||
hostConfig
|
hostConfig
|
||||||
{
|
{
|
||||||
name = hostName;
|
name = hostName;
|
||||||
@ -20,7 +26,7 @@ with import ../../lib;
|
|||||||
(optionalAttrs (hasAttrByPath ["nets" "retiolum"] hostConfig) {
|
(optionalAttrs (hasAttrByPath ["nets" "retiolum"] hostConfig) {
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
ip6.addr =
|
ip6.addr =
|
||||||
(krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
(let
|
(let
|
||||||
@ -31,14 +37,14 @@ with import ../../lib;
|
|||||||
"${hostName}.w"
|
"${hostName}.w"
|
||||||
];
|
];
|
||||||
ip6.addr =
|
ip6.addr =
|
||||||
(krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address;
|
(slib.krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address;
|
||||||
wireguard.pubkey = readFile pubkey-path;
|
wireguard.pubkey = readFile pubkey-path;
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
(host: mkIf (host.config.ssh.pubkey != null) {
|
(host: mkIf (host.config.ssh.pubkey != null) {
|
||||||
ssh.privkey = mapAttrs (const mkDefault) {
|
ssh.privkey = mapAttrs (const mkDefault) {
|
||||||
path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}";
|
path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}";
|
||||||
type = head (toList (match "ssh-([^ ]+) .*" host.config.ssh.pubkey));
|
type = head (toList (builtins.match "ssh-([^ ]+) .*" host.config.ssh.pubkey));
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
])
|
])
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
{ config, lib, ... }: {
|
{ config, lib, ... }: let
|
||||||
|
slib = import ../../../lib/pure.nix { inherit lib; };
|
||||||
|
in {
|
||||||
extraZones = {
|
extraZones = {
|
||||||
"krebsco.de" = ''
|
"krebsco.de" = ''
|
||||||
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
|
||||||
@ -60,7 +62,7 @@
|
|||||||
via = config.krebs.hosts.ni.nets.internet;
|
via = config.krebs.hosts.ni.nets.internet;
|
||||||
ip4.addr = "10.244.3.1";
|
ip4.addr = "10.244.3.1";
|
||||||
wireguard.subnets = [
|
wireguard.subnets = [
|
||||||
(lib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
|
(slib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
with import ../../lib;
|
{ config, lib, ... }:
|
||||||
{ config, ... }:
|
|
||||||
let
|
let
|
||||||
|
inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
|
maybeEmpty = attrset: key: if (attrset?key) then attrset.${key} else [];
|
||||||
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
hostDefaults = hostName: host: flip recursiveUpdate host ({
|
||||||
ci = false;
|
ci = false;
|
||||||
@ -9,11 +10,11 @@ let
|
|||||||
owner = config.krebs.users.xkey;
|
owner = config.krebs.users.xkey;
|
||||||
} // optionalAttrs (host.nets?retiolum) {
|
} // optionalAttrs (host.nets?retiolum) {
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
} // optionalAttrs (host.nets?wiregrill) {
|
} // optionalAttrs (host.nets?wiregrill) {
|
||||||
nets.wiregrill = {
|
nets.wiregrill = {
|
||||||
ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, ... }:
|
{ config, lib, ... }:
|
||||||
let
|
let
|
||||||
lib = import ../../lib;
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users.ynnel = {
|
users.ynnel = {
|
||||||
@ -10,7 +10,7 @@ in
|
|||||||
owner = config.krebs.users.ynnel;
|
owner = config.krebs.users.ynnel;
|
||||||
nets.retiolum = {
|
nets.retiolum = {
|
||||||
aliases = [ "mokemoke.ynnel.r" ];
|
aliases = [ "mokemoke.ynnel.r" ];
|
||||||
ip6.addr = (lib.krebs.genipv6 "retiolum" "ynnel" { hostName = "mokemoke"; }).address;
|
ip6.addr = (slib.krebs.genipv6 "retiolum" "ynnel" { hostName = "mokemoke"; }).address;
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIICCgKCAgEA7rS560SZEPcSekW30dRF6ZTHOnb8WvuVgt3BFLRWhTgV5DqLqFa8
|
MIICCgKCAgEA7rS560SZEPcSekW30dRF6ZTHOnb8WvuVgt3BFLRWhTgV5DqLqFa8
|
||||||
|
@ -9,15 +9,15 @@ in
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hw.nix
|
./hw.nix
|
||||||
<stockholm/krebs>
|
../../../krebs
|
||||||
<stockholm/krebs/2configs>
|
../../../krebs/2configs
|
||||||
|
|
||||||
#<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
#../../../krebs/2configs/binary-cache/nixos.nix
|
||||||
#<stockholm/krebs/2configs/binary-cache/prism.nix>
|
#../../../krebs/2configs/binary-cache/prism.nix
|
||||||
|
|
||||||
<stockholm/krebs/2configs/shack/ssh-keys.nix>
|
../../../krebs/2configs/shack/ssh-keys.nix
|
||||||
<stockholm/krebs/2configs/save-diskspace.nix>
|
../../../krebs/2configs/save-diskspace.nix
|
||||||
<stockholm/krebs/2configs/shack/prometheus/node.nix>
|
../../../krebs/2configs/shack/prometheus/node.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
# use your own binary cache, fallback use cache.nixos.org (which is used by
|
||||||
|
@ -5,16 +5,16 @@ in
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
<stockholm/krebs>
|
../../../krebs
|
||||||
<stockholm/krebs/2configs>
|
../../../krebs/2configs
|
||||||
# <stockholm/krebs/2configs/secret-passwords.nix>
|
# ../../../krebs/2configs/secret-passwords.nix
|
||||||
|
|
||||||
# <stockholm/krebs/2configs/binary-cache/nixos.nix>
|
# ../../../krebs/2configs/binary-cache/nixos.nix
|
||||||
# <stockholm/krebs/2configs/binary-cache/prism.nix>
|
# ../../../krebs/2configs/binary-cache/prism.nix
|
||||||
<stockholm/krebs/2configs/shack/ssh-keys.nix>
|
../../../krebs/2configs/shack/ssh-keys.nix
|
||||||
<stockholm/krebs/2configs/shack/prometheus/node.nix>
|
../../../krebs/2configs/shack/prometheus/node.nix
|
||||||
# provides access to /home/share for smbuser via smb
|
# provides access to /home/share for smbuser via smb
|
||||||
<stockholm/krebs/2configs/shack/share.nix>
|
../../../krebs/2configs/shack/share.nix
|
||||||
{
|
{
|
||||||
fileSystems."/home/share" =
|
fileSystems."/home/share" =
|
||||||
{ device = "/serve";
|
{ device = "/serve";
|
||||||
@ -23,8 +23,8 @@ in
|
|||||||
}
|
}
|
||||||
|
|
||||||
## Collect local statistics via collectd and send to collectd
|
## Collect local statistics via collectd and send to collectd
|
||||||
# <stockholm/krebs/2configs/stats/shack-client.nix>
|
# ../../../krebs/2configs/stats/shack-client.nix
|
||||||
# <stockholm/krebs/2configs/stats/shack-debugging.nix>
|
# ../../../krebs/2configs/stats/shack-debugging.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.filebitch;
|
krebs.build.host = config.krebs.hosts.filebitch;
|
||||||
|
@ -2,23 +2,23 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/krebs>
|
../../../krebs
|
||||||
<stockholm/krebs/2configs>
|
../../../krebs/2configs
|
||||||
|
|
||||||
<stockholm/krebs/2configs/buildbot-stockholm.nix>
|
../../../krebs/2configs/buildbot-stockholm.nix
|
||||||
<stockholm/krebs/2configs/binary-cache/nixos.nix>
|
../../../krebs/2configs/binary-cache/nixos.nix
|
||||||
<stockholm/krebs/2configs/ircd.nix>
|
../../../krebs/2configs/ircd.nix
|
||||||
<stockholm/krebs/2configs/reaktor2.nix>
|
../../../krebs/2configs/reaktor2.nix
|
||||||
<stockholm/krebs/2configs/wiki.nix>
|
../../../krebs/2configs/wiki.nix
|
||||||
<stockholm/krebs/2configs/acme.nix>
|
../../../krebs/2configs/acme.nix
|
||||||
<stockholm/krebs/2configs/mud.nix>
|
../../../krebs/2configs/mud.nix
|
||||||
<stockholm/krebs/2configs/repo-sync.nix>
|
../../../krebs/2configs/repo-sync.nix
|
||||||
|
|
||||||
<stockholm/krebs/2configs/cal.nix>
|
../../../krebs/2configs/cal.nix
|
||||||
<stockholm/krebs/2configs/mastodon.nix>
|
../../../krebs/2configs/mastodon.nix
|
||||||
|
|
||||||
## shackie irc bot
|
## (shackie irc bot
|
||||||
<stockholm/krebs/2configs/shack/reaktor.nix>
|
../../../krebs/2configs/shack/reaktor.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.hotdog;
|
krebs.build.host = config.krebs.hosts.hotdog;
|
||||||
|
@ -2,15 +2,15 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
<stockholm/krebs>
|
../../../krebs
|
||||||
<stockholm/krebs/2configs>
|
../../../krebs/2configs
|
||||||
|
|
||||||
<stockholm/krebs/2configs/ircd.nix>
|
../../../krebs/2configs/ircd.nix
|
||||||
<stockholm/krebs/2configs/go.nix>
|
../../../krebs/2configs/go.nix
|
||||||
|
|
||||||
#### NEWS ####
|
#### NEWS ####
|
||||||
<stockholm/krebs/2configs/ircd.nix>
|
../../../krebs/2configs/ircd.nix
|
||||||
<stockholm/krebs/2configs/news.nix>
|
../../../krebs/2configs/news.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.news;
|
krebs.build.host = config.krebs.hosts.news;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
{
|
{
|
||||||
krebs.backup.plans = {
|
krebs.backup.plans = {
|
||||||
} // mapAttrs (_: recursiveUpdate {
|
} // mapAttrs (_: recursiveUpdate {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, ... }: with import <stockholm/lib>;
|
{ config, lib, ... }:
|
||||||
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }: let
|
{ config, lib, pkgs, ... }: let
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
setupGit = ''
|
setupGit = ''
|
||||||
export PATH=${lib.makeBinPath [
|
export PATH=${lib.makeBinPath [
|
||||||
@ -23,13 +24,13 @@
|
|||||||
git add .gitignore
|
git add .gitignore
|
||||||
'';
|
'';
|
||||||
|
|
||||||
pushCal = pkgs.writeDash "push_cal" ''
|
pushCal = pkgs.writers.writeDash "push_cal" ''
|
||||||
${setupGit}
|
${setupGit}
|
||||||
git fetch origin
|
git fetch origin
|
||||||
git merge --ff-only origin/master || :
|
git merge --ff-only origin/master || :
|
||||||
'';
|
'';
|
||||||
|
|
||||||
pushCgit = pkgs.writeDash "push_cgit" ''
|
pushCgit = pkgs.writers.writeDash "push_cgit" ''
|
||||||
${setupGit}
|
${setupGit}
|
||||||
git push origin master
|
git push origin master
|
||||||
'';
|
'';
|
||||||
@ -73,7 +74,7 @@ in {
|
|||||||
cgit.settings = {
|
cgit.settings = {
|
||||||
root-title = "krebs repos";
|
root-title = "krebs repos";
|
||||||
};
|
};
|
||||||
rules = with pkgs.stockholm.lib.git; [
|
rules = with slib.git; [
|
||||||
{
|
{
|
||||||
user = [
|
user = [
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./backup.nix
|
./backup.nix
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, lib, ... }:
|
||||||
{ config, ... }: let
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
|
let
|
||||||
|
|
||||||
format = from: to: {
|
format = from: to: {
|
||||||
inherit from;
|
inherit from;
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
{
|
||||||
krebs.go = {
|
krebs.go = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
{
|
||||||
networking.wireless.enable = lib.mkDefault true;
|
networking.wireless.enable = lib.mkDefault true;
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, lib, pkgs, ... }:
|
||||||
{ config, pkgs, ... }:
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
let
|
let
|
||||||
#for shared state directory
|
#for shared state directory
|
||||||
@ -22,7 +22,7 @@ let
|
|||||||
# TODO; get state as argument
|
# TODO; get state as argument
|
||||||
state_file = "${stateDir}/ledger";
|
state_file = "${stateDir}/ledger";
|
||||||
};
|
};
|
||||||
filename = pkgs.writeDash "bedger-add" ''
|
filename = pkgs.writers.writeDash "bedger-add" ''
|
||||||
set -x
|
set -x
|
||||||
tonick=$1
|
tonick=$1
|
||||||
amt=$2
|
amt=$2
|
||||||
@ -42,7 +42,7 @@ let
|
|||||||
env = {
|
env = {
|
||||||
state_file = "${stateDir}/ledger";
|
state_file = "${stateDir}/ledger";
|
||||||
};
|
};
|
||||||
filename = pkgs.writeDash "bedger-balance" ''
|
filename = pkgs.writers.writeDash "bedger-balance" ''
|
||||||
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
|
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
|
||||||
| ${pkgs.coreutils}/bin/tail +2 \
|
| ${pkgs.coreutils}/bin/tail +2 \
|
||||||
| ${pkgs.miller}/bin/mlr --icsv --opprint cat \
|
| ${pkgs.miller}/bin/mlr --icsv --opprint cat \
|
||||||
@ -57,7 +57,7 @@ let
|
|||||||
arguments = [1];
|
arguments = [1];
|
||||||
timeoutSec = 1337;
|
timeoutSec = 1337;
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "bing" ''
|
filename = pkgs.writers.writeDash "bing" ''
|
||||||
set -efu
|
set -efu
|
||||||
report_error() {
|
report_error() {
|
||||||
printf '%s' "$*" |
|
printf '%s' "$*" |
|
||||||
@ -97,7 +97,7 @@ let
|
|||||||
arguments = [1];
|
arguments = [1];
|
||||||
timeoutSec = 1337;
|
timeoutSec = 1337;
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "bing-img" ''
|
filename = pkgs.writers.writeDash "bing-img" ''
|
||||||
set -efu
|
set -efu
|
||||||
report_error() {
|
report_error() {
|
||||||
printf '%s' "$*" |
|
printf '%s' "$*" |
|
||||||
@ -142,7 +142,7 @@ let
|
|||||||
activate = "match";
|
activate = "match";
|
||||||
arguments = [1];
|
arguments = [1];
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "confuse" ''
|
filename = pkgs.writers.writeDash "confuse" ''
|
||||||
set -efux
|
set -efux
|
||||||
|
|
||||||
export PATH=${makeBinPath [
|
export PATH=${makeBinPath [
|
||||||
@ -164,7 +164,7 @@ let
|
|||||||
activate = "match";
|
activate = "match";
|
||||||
arguments = [1];
|
arguments = [1];
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "interrogate" ''
|
filename = pkgs.writers.writeDash "interrogate" ''
|
||||||
set -efux
|
set -efux
|
||||||
|
|
||||||
export PATH=${makeBinPath [
|
export PATH=${makeBinPath [
|
||||||
@ -181,7 +181,7 @@ let
|
|||||||
activate = "match";
|
activate = "match";
|
||||||
arguments = [1];
|
arguments = [1];
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "confuse" ''
|
filename = pkgs.writers.writeDash "confuse" ''
|
||||||
set -efu
|
set -efu
|
||||||
export PATH=${makeBinPath [
|
export PATH=${makeBinPath [
|
||||||
pkgs.coreutils
|
pkgs.coreutils
|
||||||
@ -204,7 +204,7 @@ let
|
|||||||
activate = "match";
|
activate = "match";
|
||||||
arguments = [1];
|
arguments = [1];
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "say" ''
|
filename = pkgs.writers.writeDash "say" ''
|
||||||
set -efu
|
set -efu
|
||||||
|
|
||||||
export PATH=${makeBinPath [
|
export PATH=${makeBinPath [
|
||||||
@ -234,20 +234,20 @@ let
|
|||||||
arguments = [2];
|
arguments = [2];
|
||||||
env.TASKDATA = "${stateDir}/${name}";
|
env.TASKDATA = "${stateDir}/${name}";
|
||||||
commands = rec {
|
commands = rec {
|
||||||
add.filename = pkgs.writeDash "${name}-task-add" ''
|
add.filename = pkgs.writers.writeDash "${name}-task-add" ''
|
||||||
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1"
|
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1"
|
||||||
'';
|
'';
|
||||||
list.filename = pkgs.writeDash "${name}-task-list" ''
|
list.filename = pkgs.writers.writeDash "${name}-task-list" ''
|
||||||
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export \
|
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export \
|
||||||
| ${pkgs.jq}/bin/jq -r '
|
| ${pkgs.jq}/bin/jq -r '
|
||||||
.[] | select(.id != 0) | "\(.id) \(.description)"
|
.[] | select(.id != 0) | "\(.id) \(.description)"
|
||||||
'
|
'
|
||||||
'';
|
'';
|
||||||
delete.filename = pkgs.writeDash "${name}-task-delete" ''
|
delete.filename = pkgs.writers.writeDash "${name}-task-delete" ''
|
||||||
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1"
|
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1"
|
||||||
'';
|
'';
|
||||||
del = delete;
|
del = delete;
|
||||||
done.filename = pkgs.writeDash "${name}-task-done" ''
|
done.filename = pkgs.writers.writeDash "${name}-task-done" ''
|
||||||
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1"
|
${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -293,8 +293,7 @@ let
|
|||||||
{
|
{
|
||||||
activate = "always";
|
activate = "always";
|
||||||
command = {
|
command = {
|
||||||
filename =
|
filename = ../5pkgs/simple/Reaktor/scripts/tell-on_join.sh;
|
||||||
<stockholm/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh>;
|
|
||||||
env = {
|
env = {
|
||||||
PATH = makeBinPath [
|
PATH = makeBinPath [
|
||||||
pkgs.coreutils # XXX env, touch
|
pkgs.coreutils # XXX env, touch
|
||||||
@ -311,7 +310,7 @@ let
|
|||||||
pattern = "^list-locations";
|
pattern = "^list-locations";
|
||||||
activate = "match";
|
activate = "match";
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "list-locations" ''
|
filename = pkgs.writers.writeDash "list-locations" ''
|
||||||
export PATH=${makeBinPath [
|
export PATH=${makeBinPath [
|
||||||
pkgs.curl
|
pkgs.curl
|
||||||
pkgs.jq
|
pkgs.jq
|
||||||
@ -328,7 +327,7 @@ let
|
|||||||
activate = "match";
|
activate = "match";
|
||||||
arguments = [1 2 3];
|
arguments = [1 2 3];
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "add-location" ''
|
filename = pkgs.writers.writeDash "add-location" ''
|
||||||
export PATH=${makeBinPath [
|
export PATH=${makeBinPath [
|
||||||
pkgs.curl
|
pkgs.curl
|
||||||
pkgs.jq
|
pkgs.jq
|
||||||
@ -345,7 +344,7 @@ let
|
|||||||
activate = "match";
|
activate = "match";
|
||||||
arguments = [1];
|
arguments = [1];
|
||||||
command = {
|
command = {
|
||||||
filename = pkgs.writeDash "add-location" ''
|
filename = pkgs.writers.writeDash "add-location" ''
|
||||||
export PATH=${makeBinPath [
|
export PATH=${makeBinPath [
|
||||||
pkgs.curl
|
pkgs.curl
|
||||||
pkgs.jq
|
pkgs.jq
|
||||||
@ -374,7 +373,7 @@ let
|
|||||||
sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE=";
|
sha256 = "sha256-J7jGWZeAULDA1EkO50qx+hjl+5IsUj389pUUMreKeNE=";
|
||||||
};
|
};
|
||||||
osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {};
|
osm-restaurants = pkgs.callPackage "${osm-restaurants-src}/osm-restaurants" {};
|
||||||
in pkgs.writeDash "krebsfood" ''
|
in pkgs.writers.writeDash "krebsfood" ''
|
||||||
set -efu
|
set -efu
|
||||||
export PATH=${makeBinPath [
|
export PATH=${makeBinPath [
|
||||||
osm-restaurants
|
osm-restaurants
|
||||||
@ -417,8 +416,7 @@ let
|
|||||||
(generators.command_hook {
|
(generators.command_hook {
|
||||||
inherit (commands) dance random-emoji nixos-version;
|
inherit (commands) dance random-emoji nixos-version;
|
||||||
tell = {
|
tell = {
|
||||||
filename =
|
filename = ../5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh;
|
||||||
<stockholm/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh>;
|
|
||||||
env = {
|
env = {
|
||||||
PATH = makeBinPath [
|
PATH = makeBinPath [
|
||||||
pkgs.coreutils # XXX date, env
|
pkgs.coreutils # XXX date, env
|
||||||
@ -452,7 +450,7 @@ in {
|
|||||||
name = "reaktor2";
|
name = "reaktor2";
|
||||||
home = stateDir;
|
home = stateDir;
|
||||||
};
|
};
|
||||||
script = ''. ${pkgs.writeDash "agenda" ''
|
script = ''. ${pkgs.writers.writeDash "agenda" ''
|
||||||
echo "$Method $Request_URI" >&2
|
echo "$Method $Request_URI" >&2
|
||||||
case "$Method" in
|
case "$Method" in
|
||||||
"GET")
|
"GET")
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
konsens-user = {
|
konsens-user = {
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
{ ... }: with import <stockholm/lib>;
|
{ lib, ... }:
|
||||||
|
with lib;
|
||||||
{
|
{
|
||||||
users.extraUsers =
|
users.extraUsers =
|
||||||
mapAttrs (_: h: { hashedPassword = h; })
|
mapAttrs (_: h: { hashedPassword = h; })
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>;
|
with import ../../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
root = "/var/srv/drivedroid";
|
root = "/var/srv/drivedroid";
|
||||||
in
|
in
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
pkg = pkgs.stdenv.mkDerivation {
|
pkg = pkgs.stdenv.mkDerivation {
|
||||||
name = "mqtt2graphite-2017-05-29";
|
name = "mqtt2graphite-2017-05-29";
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
pkg = pkgs.stdenv.mkDerivation {
|
pkg = pkgs.stdenv.mkDerivation {
|
||||||
name = "muell_caller-2017-06-01";
|
name = "muell_caller-2017-06-01";
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
with import <stockholm/lib>;
|
with import ../../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
cfg = config.krebs.apt-cacher-ng;
|
cfg = config.krebs.apt-cacher-ng;
|
||||||
in
|
in
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
pkg = pkgs.stdenv.mkDerivation {
|
pkg = pkgs.stdenv.mkDerivation {
|
||||||
name = "radioactive-2017-06-01";
|
name = "radioactive-2017-06-01";
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
pkg = pkgs.stdenv.mkDerivation {
|
pkg = pkgs.stdenv.mkDerivation {
|
||||||
name = "worlddomination-2020-12-01";
|
name = "worlddomination-2020-12-01";
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
# TODO: krebs.collectd.plugins
|
# TODO: krebs.collectd.plugins
|
||||||
with import <stockholm/lib>;
|
with import ../../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" ''
|
connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" ''
|
||||||
LoadPlugin python
|
LoadPlugin python
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
{ options, config, pkgs, ... }: with import <stockholm/lib>; let
|
{ config, lib, options, pkgs, ... }:
|
||||||
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
|
let
|
||||||
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
|
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
|
||||||
|
|
||||||
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
|
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
|
|
||||||
setupGit = ''
|
setupGit = ''
|
||||||
@ -14,13 +14,13 @@ let
|
|||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
pushGollum = pkgs.writeDash "push_gollum" ''
|
pushGollum = pkgs.writers.writeDash "push_gollum" ''
|
||||||
${setupGit}
|
${setupGit}
|
||||||
git fetch origin
|
git fetch origin
|
||||||
git merge --ff-only origin/master
|
git merge --ff-only origin/master
|
||||||
'';
|
'';
|
||||||
|
|
||||||
pushCgit = pkgs.writeDash "push_cgit" ''
|
pushCgit = pkgs.writers.writeDash "push_cgit" ''
|
||||||
${setupGit}
|
${setupGit}
|
||||||
git push origin master
|
git push origin master
|
||||||
'';
|
'';
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>; #genid
|
with lib;
|
||||||
let
|
let
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
cfg = config.krebs.airdcpp;
|
cfg = config.krebs.airdcpp;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
@ -265,14 +266,14 @@ let
|
|||||||
};
|
};
|
||||||
users = lib.mkIf (cfg.user == "airdcpp") {
|
users = lib.mkIf (cfg.user == "airdcpp") {
|
||||||
users.airdcpp = {
|
users.airdcpp = {
|
||||||
uid = genid "airdcpp";
|
uid = slib.genid "airdcpp";
|
||||||
home = cfg.stateDir;
|
home = cfg.stateDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "airdcpp";
|
group = "airdcpp";
|
||||||
inherit (cfg) extraGroups;
|
inherit (cfg) extraGroups;
|
||||||
};
|
};
|
||||||
groups.airdcpp.gid = genid "airdcpp";
|
groups.airdcpp.gid = slib.genid "airdcpp";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
|
@ -1,20 +1,21 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: let
|
let
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
cfg = config.krebs.announce-activation;
|
cfg = config.krebs.announce-activation;
|
||||||
announce-activation = pkgs.writeDash "announce-activation" ''
|
announce-activation = pkgs.writeDash "announce-activation" ''
|
||||||
set -efu
|
set -efu
|
||||||
message=$(${cfg.get-message})
|
message=$(${cfg.get-message})
|
||||||
exec ${pkgs.irc-announce}/bin/irc-announce \
|
exec ${pkgs.irc-announce}/bin/irc-announce \
|
||||||
${shell.escape cfg.irc.server} \
|
${slib.shell.escape cfg.irc.server} \
|
||||||
${shell.escape (toString cfg.irc.port)} \
|
${slib.shell.escape (toString cfg.irc.port)} \
|
||||||
${shell.escape cfg.irc.nick} \
|
${slib.shell.escape cfg.irc.nick} \
|
||||||
${shell.escape cfg.irc.channel} \
|
${slib.shell.escape cfg.irc.channel} \
|
||||||
${escapeShellArg cfg.irc.tls} \
|
${lib.escapeShellArg cfg.irc.tls} \
|
||||||
"$message"
|
"$message"
|
||||||
'';
|
'';
|
||||||
default-get-message = pkgs.writeDash "announce-activation-get-message" ''
|
default-get-message = pkgs.writeDash "announce-activation-get-message" ''
|
||||||
set -efu
|
set -efu
|
||||||
PATH=${makeBinPath [
|
PATH=${lib.makeBinPath [
|
||||||
pkgs.coreutils
|
pkgs.coreutils
|
||||||
pkgs.gawk
|
pkgs.gawk
|
||||||
pkgs.gnused
|
pkgs.gnused
|
||||||
@ -28,37 +29,37 @@ with import <stockholm/lib>;
|
|||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
options.krebs.announce-activation = {
|
options.krebs.announce-activation = {
|
||||||
enable = mkEnableOption "announce-activation";
|
enable = lib.mkEnableOption "announce-activation";
|
||||||
get-message = mkOption {
|
get-message = lib.mkOption {
|
||||||
default = default-get-message;
|
default = default-get-message;
|
||||||
type = types.package;
|
type = lib.types.package;
|
||||||
};
|
};
|
||||||
irc = {
|
irc = {
|
||||||
# TODO rename channel to target?
|
# TODO rename channel to target?
|
||||||
channel = mkOption {
|
channel = lib.mkOption {
|
||||||
default = "#xxx";
|
default = "#xxx";
|
||||||
type = types.str; # TODO types.irc-channel
|
type = lib.types.str; # TODO types.irc-channel
|
||||||
};
|
};
|
||||||
nick = mkOption {
|
nick = lib.mkOption {
|
||||||
default = config.krebs.build.host.name;
|
default = config.krebs.build.host.name;
|
||||||
type = types.label;
|
type = slib.types.label;
|
||||||
};
|
};
|
||||||
port = mkOption {
|
port = lib.mkOption {
|
||||||
default = 6667;
|
default = 6667;
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
};
|
};
|
||||||
server = mkOption {
|
server = lib.mkOption {
|
||||||
default = "irc.r";
|
default = "irc.r";
|
||||||
type = types.hostname;
|
type = slib.types.hostname;
|
||||||
};
|
};
|
||||||
tls = mkOption {
|
tls = lib.mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
type = types.bool;
|
type = lib.types.bool;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
system.activationScripts.announce-activation = stringAfter [ "etc" ] ''
|
system.activationScripts.announce-activation = lib.stringAfter [ "etc" ] ''
|
||||||
${announce-activation}
|
${announce-activation}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
let
|
let
|
||||||
acng-config = pkgs.writeTextFile {
|
acng-config = pkgs.writeTextFile {
|
||||||
name = "acng-configuration";
|
name = "acng-configuration";
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
out = {
|
out = {
|
||||||
options.krebs.backup = api;
|
options.krebs.backup = api;
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
let
|
let
|
||||||
gunicorn = pkgs.python3Packages.gunicorn;
|
gunicorn = pkgs.python3Packages.gunicorn;
|
||||||
bepasty = pkgs.bepasty;
|
bepasty = pkgs.bepasty;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }:
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.bindfs;
|
cfg = config.krebs.bindfs;
|
||||||
in {
|
in {
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
{ pkgs, config, ... }:
|
{ pkgs, config, lib, ... }:
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
let
|
let
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
cfg = config.krebs.brockman;
|
cfg = config.krebs.brockman;
|
||||||
in {
|
in {
|
||||||
options.krebs.brockman = {
|
options.krebs.brockman = {
|
||||||
@ -14,7 +15,7 @@ in {
|
|||||||
group = "brockman";
|
group = "brockman";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
uid = genid_uint31 "brockman";
|
uid = slib.genid_uint31 "brockman";
|
||||||
};
|
};
|
||||||
users.groups.brockman = {};
|
users.groups.brockman = {};
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
{
|
{
|
||||||
options.krebs.build = {
|
options.krebs.build = {
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
with import ../../../lib/pure.nix { inherit lib; };
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.krebs.ci;
|
cfg = config.krebs.ci;
|
||||||
@ -25,7 +24,7 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
hostname = config.networking.hostName;
|
hostname = config.networking.hostName;
|
||||||
getJobs = pkgs.writeDash "get_jobs" ''
|
getJobs = pkgs.writers.writeDash "get_jobs" ''
|
||||||
set -efu
|
set -efu
|
||||||
${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2
|
${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2
|
||||||
json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)"
|
json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)"
|
||||||
@ -116,7 +115,7 @@ let
|
|||||||
build_script = stages[stage],
|
build_script = stages[stage],
|
||||||
),
|
),
|
||||||
timeout = 3600,
|
timeout = 3600,
|
||||||
command="${pkgs.writeDash "build.sh" ''
|
command="${pkgs.writers.writeDash "build.sh" ''
|
||||||
set -xefu
|
set -xefu
|
||||||
profile=${shell.escape profileRoot}/$build_name
|
profile=${shell.escape profileRoot}/$build_name
|
||||||
result=$("$build_script")
|
result=$("$build_script")
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.krebs.current;
|
cfg = config.krebs.current;
|
||||||
|
@ -1,170 +1,62 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
with import <stockholm/lib>;
|
imports = [
|
||||||
let
|
../../kartei
|
||||||
cfg = config.krebs;
|
./acl.nix
|
||||||
|
./airdcpp.nix
|
||||||
out = {
|
./announce-activation.nix
|
||||||
imports = [
|
./apt-cacher-ng.nix
|
||||||
../../kartei
|
./backup.nix
|
||||||
../../submodules/disko/module.nix
|
./bepasty-server.nix
|
||||||
./acl.nix
|
./bindfs.nix
|
||||||
./airdcpp.nix
|
./brockman.nix
|
||||||
./announce-activation.nix
|
./build.nix
|
||||||
./apt-cacher-ng.nix
|
./cachecache.nix
|
||||||
./backup.nix
|
./ci
|
||||||
./bepasty-server.nix
|
./current.nix
|
||||||
./bindfs.nix
|
./dns.nix
|
||||||
./brockman.nix
|
./exim-retiolum.nix
|
||||||
./build.nix
|
./exim-smarthost.nix
|
||||||
./cachecache.nix
|
./exim.nix
|
||||||
./ci
|
./fetchWallpaper.nix
|
||||||
./current.nix
|
./git.nix
|
||||||
./dns.nix
|
./github
|
||||||
./exim-retiolum.nix
|
./go.nix
|
||||||
./exim-smarthost.nix
|
./hidden-ssh.nix
|
||||||
./exim.nix
|
./hosts.nix
|
||||||
./fetchWallpaper.nix
|
./htgen.nix
|
||||||
./git.nix
|
./iana-etc.nix
|
||||||
./github
|
./iptables.nix
|
||||||
./go.nix
|
./kapacitor.nix
|
||||||
./hidden-ssh.nix
|
./konsens.nix
|
||||||
./hosts.nix
|
./krebs.nix
|
||||||
./htgen.nix
|
./krebs-pages.nix
|
||||||
./iana-etc.nix
|
./monit.nix
|
||||||
./iptables.nix
|
./nixpkgs.nix
|
||||||
./kapacitor.nix
|
./on-failure.nix
|
||||||
./konsens.nix
|
./os-release.nix
|
||||||
./krebs-pages.nix
|
./per-user.nix
|
||||||
./monit.nix
|
./permown.nix
|
||||||
./nixpkgs.nix
|
./power-action.nix
|
||||||
./on-failure.nix
|
./reaktor2.nix
|
||||||
./os-release.nix
|
./realwallpaper.nix
|
||||||
./per-user.nix
|
./repo-sync.nix
|
||||||
./permown.nix
|
./retiolum-bootstrap.nix
|
||||||
./power-action.nix
|
./secret.nix
|
||||||
./reaktor2.nix
|
./setuid.nix
|
||||||
./realwallpaper.nix
|
./shadow.nix
|
||||||
./repo-sync.nix
|
./ssh.nix
|
||||||
./retiolum-bootstrap.nix
|
./sitemap.nix
|
||||||
./secret.nix
|
./ssl.nix
|
||||||
./setuid.nix
|
./sync-containers.nix
|
||||||
./shadow.nix
|
./sync-containers3.nix
|
||||||
./sitemap.nix
|
./systemd.nix
|
||||||
./ssl.nix
|
./tinc.nix
|
||||||
./sync-containers.nix
|
./tinc_graphs.nix
|
||||||
./sync-containers3.nix
|
./upstream
|
||||||
./systemd.nix
|
./urlwatch.nix
|
||||||
./tinc.nix
|
./users.nix
|
||||||
./tinc_graphs.nix
|
./xresources.nix
|
||||||
./upstream
|
./zones.nix
|
||||||
./urlwatch.nix
|
|
||||||
./users.nix
|
|
||||||
./xresources.nix
|
|
||||||
./zones.nix
|
|
||||||
];
|
|
||||||
options.krebs = api;
|
|
||||||
config = lib.mkIf cfg.enable imp;
|
|
||||||
};
|
|
||||||
|
|
||||||
api = {
|
|
||||||
enable = mkEnableOption "krebs";
|
|
||||||
|
|
||||||
zone-head-config = mkOption {
|
|
||||||
type = with types; attrsOf str;
|
|
||||||
description = ''
|
|
||||||
The zone configuration head which is being used to create the
|
|
||||||
zone files. The string for each key is pre-pended to the zone file.
|
|
||||||
'';
|
|
||||||
# TODO: configure the default somewhere else,
|
|
||||||
# maybe use krebs.dns.providers
|
|
||||||
default = {
|
|
||||||
|
|
||||||
# github.io -> 192.30.252.154
|
|
||||||
"krebsco.de" = ''
|
|
||||||
$TTL 86400
|
|
||||||
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
|
|
||||||
IN NS ns19.ovh.net.
|
|
||||||
IN NS dns19.ovh.net.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
imp = lib.mkMerge [
|
|
||||||
{
|
|
||||||
services.openssh.hostKeys =
|
|
||||||
let inherit (config.krebs.build.host.ssh) privkey; in
|
|
||||||
mkIf (privkey != null) [privkey];
|
|
||||||
|
|
||||||
services.openssh.knownHosts =
|
|
||||||
filterAttrs
|
|
||||||
(knownHostName: knownHost:
|
|
||||||
knownHost.publicKey != null &&
|
|
||||||
knownHost.hostNames != []
|
|
||||||
)
|
|
||||||
(mapAttrs
|
|
||||||
(hostName: host: {
|
|
||||||
hostNames =
|
|
||||||
concatLists
|
|
||||||
(mapAttrsToList
|
|
||||||
(netName: net:
|
|
||||||
let
|
|
||||||
aliases =
|
|
||||||
concatLists [
|
|
||||||
shortAliases
|
|
||||||
net.aliases
|
|
||||||
net.addrs
|
|
||||||
];
|
|
||||||
shortAliases =
|
|
||||||
optionals
|
|
||||||
(cfg.dns.search-domain != null)
|
|
||||||
(map (removeSuffix ".${cfg.dns.search-domain}")
|
|
||||||
(filter (hasSuffix ".${cfg.dns.search-domain}")
|
|
||||||
net.aliases));
|
|
||||||
addPort = alias:
|
|
||||||
if net.ssh.port != 22
|
|
||||||
then "[${alias}]:${toString net.ssh.port}"
|
|
||||||
else alias;
|
|
||||||
in
|
|
||||||
map addPort aliases
|
|
||||||
)
|
|
||||||
host.nets);
|
|
||||||
publicKey = host.ssh.pubkey;
|
|
||||||
})
|
|
||||||
(foldl' mergeAttrs {} [
|
|
||||||
cfg.hosts
|
|
||||||
{
|
|
||||||
localhost = {
|
|
||||||
nets.local = {
|
|
||||||
addrs = [ "127.0.0.1" "::1" ];
|
|
||||||
aliases = [ "localhost" ];
|
|
||||||
ssh.port = 22;
|
|
||||||
};
|
|
||||||
ssh.pubkey = config.krebs.build.host.ssh.pubkey;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
]));
|
|
||||||
|
|
||||||
programs.ssh.extraConfig = concatMapStrings
|
|
||||||
(net: ''
|
|
||||||
Host ${toString (net.aliases ++ net.addrs)}
|
|
||||||
Port ${toString net.ssh.port}
|
|
||||||
'')
|
|
||||||
(filter
|
|
||||||
(net: net.ssh.port != 22)
|
|
||||||
(concatMap (host: attrValues host.nets)
|
|
||||||
(mapAttrsToList
|
|
||||||
(_: host: recursiveUpdate host
|
|
||||||
(optionalAttrs (cfg.dns.search-domain != null &&
|
|
||||||
hasAttr cfg.dns.search-domain host.nets) {
|
|
||||||
nets."" = host.nets.${cfg.dns.search-domain} // {
|
|
||||||
aliases = [host.name];
|
|
||||||
addrs = [];
|
|
||||||
};
|
|
||||||
}))
|
|
||||||
config.krebs.hosts)));
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
|
}
|
||||||
in out
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, lib, pkgs, ... }:
|
||||||
{ config, ... }: {
|
with import ../../lib/pure.nix { inherit lib; }; {
|
||||||
options = {
|
options = {
|
||||||
krebs.dns.providers = mkOption {
|
krebs.dns.providers = mkOption {
|
||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
@ -8,7 +8,7 @@ with import <stockholm/lib>;
|
|||||||
type = types.nullOr types.hostname;
|
type = types.nullOr types.hostname;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf config.krebs.enable {
|
config = lib.mkIf config.krebs.enable {
|
||||||
krebs.dns.providers = {
|
krebs.dns.providers = {
|
||||||
"krebsco.de" = "zones";
|
"krebsco.de" = "zones";
|
||||||
shack = "hosts";
|
shack = "hosts";
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, lib, ... }: let
|
with import ../../lib/pure.nix { inherit lib; }; let
|
||||||
cfg = config.krebs.exim-retiolum;
|
cfg = config.krebs.exim-retiolum;
|
||||||
|
|
||||||
# Due to improvements to the JSON notation, braces around top-level objects
|
# Due to improvements to the JSON notation, braces around top-level objects
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
cfg = config.krebs.exim-smarthost;
|
cfg = config.krebs.exim-smarthost;
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
|
{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let
|
||||||
cfg = config.krebs.exim;
|
cfg = config.krebs.exim;
|
||||||
in {
|
in {
|
||||||
options.krebs.exim = {
|
options.krebs.exim = {
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.krebs.fetchWallpaper;
|
cfg = config.krebs.fetchWallpaper;
|
||||||
|
@ -6,14 +6,14 @@
|
|||||||
# TODO when authorized_keys changes, then restart ssh
|
# TODO when authorized_keys changes, then restart ssh
|
||||||
# (or kill already connected users somehow)
|
# (or kill already connected users somehow)
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
cfg = config.krebs.git;
|
cfg = config.krebs.git;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.krebs.git = api;
|
options.krebs.git = api;
|
||||||
config = with lib; mkIf cfg.enable (mkMerge [
|
config = with lib; lib.mkIf cfg.enable (mkMerge [
|
||||||
(mkIf cfg.cgit.enable cgit-imp)
|
(lib.mkIf cfg.cgit.enable cgit-imp)
|
||||||
git-imp
|
git-imp
|
||||||
]);
|
]);
|
||||||
};
|
};
|
||||||
@ -446,7 +446,7 @@ let
|
|||||||
];
|
];
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
fastcgi_param SCRIPT_FILENAME ${pkgs.writeDash "cgit-wrapper" ''
|
fastcgi_param SCRIPT_FILENAME ${pkgs.writers.writeDash "cgit-wrapper" ''
|
||||||
set -efu
|
set -efu
|
||||||
exec 3>&1
|
exec 3>&1
|
||||||
${pkgs.cgit}/cgit/cgit.cgi "$@" 2>&1 >&3 3>&- \
|
${pkgs.cgit}/cgit/cgit.cgi "$@" 2>&1 >&3 3>&- \
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.github-hosts-sync;
|
cfg = config.krebs.github-hosts-sync;
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.krebs.go;
|
cfg = config.krebs.go;
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.hidden-ssh;
|
cfg = config.krebs.hidden-ssh;
|
||||||
|
|
||||||
|
@ -1,17 +1,19 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, lib, pkgs, ... }:
|
||||||
{ config, ... }: let
|
with lib; let
|
||||||
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
|
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
|
||||||
domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers);
|
domains = attrNames (filterAttrs (_: slib.eq "hosts") config.krebs.dns.providers);
|
||||||
|
# we need this import because we have infinite recursion otherwise
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
in {
|
in {
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
krebs.hosts = mkOption {
|
krebs.hosts = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
type = types.attrsOf types.host;
|
type = types.attrsOf slib.types.host;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.krebs.enable {
|
config = lib.mkIf config.krebs.enable {
|
||||||
networking.hosts =
|
networking.hosts =
|
||||||
filterAttrs
|
filterAttrs
|
||||||
(_name: value: value != [])
|
(_name: value: value != [])
|
||||||
@ -91,7 +93,7 @@ in {
|
|||||||
(concatLists (attrValues netAliases));
|
(concatLists (attrValues netAliases));
|
||||||
}
|
}
|
||||||
//
|
//
|
||||||
genAttrs' (attrNames netAliases) (netname: rec {
|
slib.genAttrs' (attrNames netAliases) (netname: rec {
|
||||||
name = "krebs-hosts-${netname}";
|
name = "krebs-hosts-${netname}";
|
||||||
value = writeHosts name netAliases.${netname};
|
value = writeHosts name netAliases.${netname};
|
||||||
});
|
});
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
optionalAttr = name: value:
|
optionalAttr = name: value:
|
||||||
if name != null then
|
if name != null then
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: {
|
with lib; {
|
||||||
|
|
||||||
options.krebs.iana-etc.services = mkOption {
|
options.krebs.iana-etc.services = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs) writeText;
|
inherit (pkgs) writeText;
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with builtins;
|
with builtins;
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.krebs.kapacitor;
|
cfg = config.krebs.kapacitor;
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.krebs.konsens;
|
cfg = config.krebs.konsens;
|
||||||
@ -68,7 +67,7 @@ let
|
|||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStart = pkgs.writeDash "konsens-${name}" ''
|
ExecStart = pkgs.writers.writeDash "konsens-${name}" ''
|
||||||
set -efu
|
set -efu
|
||||||
git config --global --replace-all safe.directory *
|
git config --global --replace-all safe.directory *
|
||||||
if ! test -e ${name}; then
|
if ! test -e ${name}; then
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
{ config, modulesPath, pkgs, ... }: let
|
{ config, modulesPath, pkgs, lib, ... }: let
|
||||||
cfg = config.krebs.pages;
|
cfg = config.krebs.pages;
|
||||||
lib = import ../../lib;
|
|
||||||
extraTypes.nginx-vhost = lib.types.submodule (
|
extraTypes.nginx-vhost = lib.types.submodule (
|
||||||
lib.recursiveUpdate
|
lib.recursiveUpdate
|
||||||
(import (modulesPath + "/services/web-servers/nginx/vhost-options.nix")
|
(import (modulesPath + "/services/web-servers/nginx/vhost-options.nix")
|
||||||
@ -11,7 +10,7 @@ in {
|
|||||||
options.krebs.pages = {
|
options.krebs.pages = {
|
||||||
enable = lib.mkEnableOption "krebs-pages";
|
enable = lib.mkEnableOption "krebs-pages";
|
||||||
domain = lib.mkOption {
|
domain = lib.mkOption {
|
||||||
type = lib.types.hostname;
|
type = pkgs.stockholm.lib.types.hostname;
|
||||||
default = "krebsco.de";
|
default = "krebsco.de";
|
||||||
};
|
};
|
||||||
nginx = lib.mkOption {
|
nginx = lib.mkOption {
|
||||||
|
8
krebs/3modules/krebs.nix
Normal file
8
krebs/3modules/krebs.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.krebs;
|
||||||
|
in {
|
||||||
|
options.krebs.enable = mkEnableOption "krebs";
|
||||||
|
config = lib.mkIf config.krebs.enable {};
|
||||||
|
}
|
@ -1,7 +1,7 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with builtins;
|
with builtins;
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.krebs.monit;
|
cfg = config.krebs.monit;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.nixpkgs;
|
cfg = config.krebs.nixpkgs;
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
|
{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let
|
||||||
out = {
|
out = {
|
||||||
options.krebs.on-failure = api;
|
options.krebs.on-failure = api;
|
||||||
config = lib.mkIf cfg.enable imp;
|
config = lib.mkIf cfg.enable imp;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, ... }:
|
{ config, lib, ... }:
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
let
|
let
|
||||||
nixos-version-id = if (hasAttr "nixos" config.system) then
|
nixos-version-id = if (hasAttr "nixos" config.system) then
|
||||||
"${config.system.nixos.version}" else "${config.system.nixosVersion}";
|
"${config.system.nixos.version}" else "${config.system.nixosVersion}";
|
||||||
@ -9,7 +9,7 @@ let
|
|||||||
nixos-pretty-name = "NixOS ${nixos-version}";
|
nixos-pretty-name = "NixOS ${nixos-version}";
|
||||||
|
|
||||||
stockholm-version-id = let
|
stockholm-version-id = let
|
||||||
eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>));
|
eval = builtins.tryEval (removeSuffix "\n" (readFile <stockholm-version>));
|
||||||
in
|
in
|
||||||
if eval.success then eval.value else "unknown";
|
if eval.success then eval.value else "unknown";
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: let
|
with lib; let
|
||||||
cfg = config.krebs.per-user;
|
cfg = config.krebs.per-user;
|
||||||
in {
|
in {
|
||||||
options.krebs.per-user = mkOption {
|
options.krebs.per-user = mkOption {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: {
|
with lib; {
|
||||||
|
|
||||||
options.krebs.permown = mkOption {
|
options.krebs.permown = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: {
|
with import ../../lib/pure.nix { inherit lib; }; {
|
||||||
|
|
||||||
options.krebs.reaktor2 = mkOption {
|
options.krebs.reaktor2 = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
cfg = config.krebs.realwallpaper;
|
cfg = config.krebs.realwallpaper;
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
cfg = config.krebs.repo-sync;
|
cfg = config.krebs.repo-sync;
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
with import <stockholm/lib>;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.retiolum-bootstrap;
|
cfg = config.krebs.retiolum-bootstrap;
|
||||||
in
|
in
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, lib, pkgs, ... }:
|
||||||
{ config, lib, pkgs, ... }: let
|
with import ../../lib/pure.nix { inherit lib; }; let
|
||||||
cfg = config.krebs.secret;
|
cfg = config.krebs.secret;
|
||||||
in {
|
in {
|
||||||
options.krebs.secret = {
|
options.krebs.secret = {
|
||||||
@ -12,7 +12,7 @@ in {
|
|||||||
readOnly = true;
|
readOnly = true;
|
||||||
};
|
};
|
||||||
files = mkOption {
|
files = mkOption {
|
||||||
type = with types; attrsOf secret-file;
|
type = with pkgs.stockholm.lib.types; attrsOf secret-file;
|
||||||
default = {};
|
default = {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: let
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
|
let
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.krebs.setuid = api;
|
options.krebs.setuid = api;
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: let
|
with lib;
|
||||||
|
let
|
||||||
|
|
||||||
cfg = config.krebs.shadow;
|
cfg = config.krebs.shadow;
|
||||||
|
|
||||||
@ -47,7 +48,7 @@ in {
|
|||||||
default = cfg.overridesFile != null;
|
default = cfg.overridesFile != null;
|
||||||
};
|
};
|
||||||
overridesFile = mkOption {
|
overridesFile = mkOption {
|
||||||
apply = x: if typeOf x == "path" then toString x else x;
|
apply = x: if builtins.typeOf x == "path" then toString x else x;
|
||||||
default = null;
|
default = null;
|
||||||
description = ''
|
description = ''
|
||||||
Path to a file containing additional shadow entries, used for adding
|
Path to a file containing additional shadow entries, used for adding
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
let
|
{ lib, ... }:
|
||||||
lib = import ../../lib;
|
{
|
||||||
in {
|
|
||||||
options.krebs.sitemap = lib.mkOption {
|
options.krebs.sitemap = lib.mkOption {
|
||||||
type = with lib.types; attrsOf sitemap.entry;
|
type = with lib.types; attrsOf sitemap.entry;
|
||||||
default = {};
|
default = {};
|
||||||
|
109
krebs/3modules/ssh.nix
Normal file
109
krebs/3modules/ssh.nix
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
{ config, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.krebs;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.krebs = api;
|
||||||
|
config = lib.mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
api = {
|
||||||
|
zone-head-config = mkOption {
|
||||||
|
type = with types; attrsOf str;
|
||||||
|
description = ''
|
||||||
|
The zone configuration head which is being used to create the
|
||||||
|
zone files. The string for each key is pre-pended to the zone file.
|
||||||
|
'';
|
||||||
|
# TODO: configure the default somewhere else,
|
||||||
|
# maybe use krebs.dns.providers
|
||||||
|
default = {
|
||||||
|
|
||||||
|
# github.io -> 192.30.252.154
|
||||||
|
"krebsco.de" = ''
|
||||||
|
$TTL 86400
|
||||||
|
@ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
|
||||||
|
IN NS ns19.ovh.net.
|
||||||
|
IN NS dns19.ovh.net.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
imp = lib.mkMerge [
|
||||||
|
{
|
||||||
|
services.openssh.hostKeys =
|
||||||
|
let inherit (config.krebs.build.host.ssh) privkey; in
|
||||||
|
mkIf (privkey != null) [privkey];
|
||||||
|
|
||||||
|
services.openssh.knownHosts =
|
||||||
|
filterAttrs
|
||||||
|
(knownHostName: knownHost:
|
||||||
|
knownHost.publicKey != null &&
|
||||||
|
knownHost.hostNames != []
|
||||||
|
)
|
||||||
|
(mapAttrs
|
||||||
|
(hostName: host: {
|
||||||
|
hostNames =
|
||||||
|
concatLists
|
||||||
|
(mapAttrsToList
|
||||||
|
(netName: net:
|
||||||
|
let
|
||||||
|
aliases =
|
||||||
|
concatLists [
|
||||||
|
shortAliases
|
||||||
|
net.aliases
|
||||||
|
net.addrs
|
||||||
|
];
|
||||||
|
shortAliases =
|
||||||
|
optionals
|
||||||
|
(cfg.dns.search-domain != null)
|
||||||
|
(map (removeSuffix ".${cfg.dns.search-domain}")
|
||||||
|
(filter (hasSuffix ".${cfg.dns.search-domain}")
|
||||||
|
net.aliases));
|
||||||
|
addPort = alias:
|
||||||
|
if net.ssh.port != 22
|
||||||
|
then "[${alias}]:${toString net.ssh.port}"
|
||||||
|
else alias;
|
||||||
|
in
|
||||||
|
map addPort aliases
|
||||||
|
)
|
||||||
|
host.nets);
|
||||||
|
publicKey = host.ssh.pubkey;
|
||||||
|
})
|
||||||
|
(foldl' mergeAttrs {} [
|
||||||
|
cfg.hosts
|
||||||
|
{
|
||||||
|
localhost = {
|
||||||
|
nets.local = {
|
||||||
|
addrs = [ "127.0.0.1" "::1" ];
|
||||||
|
aliases = [ "localhost" ];
|
||||||
|
ssh.port = 22;
|
||||||
|
};
|
||||||
|
ssh.pubkey = config.krebs.build.host.ssh.pubkey;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
]));
|
||||||
|
|
||||||
|
programs.ssh.extraConfig = concatMapStrings
|
||||||
|
(net: ''
|
||||||
|
Host ${toString (net.aliases ++ net.addrs)}
|
||||||
|
Port ${toString net.ssh.port}
|
||||||
|
'')
|
||||||
|
(filter
|
||||||
|
(net: net.ssh.port != 22)
|
||||||
|
(concatMap (host: attrValues host.nets)
|
||||||
|
(mapAttrsToList
|
||||||
|
(_: host: recursiveUpdate host
|
||||||
|
(optionalAttrs (cfg.dns.search-domain != null &&
|
||||||
|
hasAttr cfg.dns.search-domain host.nets) {
|
||||||
|
nets."" = host.nets.${cfg.dns.search-domain} // {
|
||||||
|
aliases = [host.name];
|
||||||
|
addrs = [];
|
||||||
|
};
|
||||||
|
}))
|
||||||
|
config.krebs.hosts)));
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
in out
|
@ -1,5 +1,6 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: let
|
with lib;
|
||||||
|
let
|
||||||
cfg = config.krebs.sync-containers;
|
cfg = config.krebs.sync-containers;
|
||||||
paths = cname: {
|
paths = cname: {
|
||||||
plain = "/var/lib/containers/${cname}/var/state";
|
plain = "/var/lib/containers/${cname}/var/state";
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }: let
|
{ config, lib, pkgs, ... }: let
|
||||||
cfg = config.krebs.sync-containers3;
|
cfg = config.krebs.sync-containers3;
|
||||||
slib = pkgs.stockholm.lib;
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
in {
|
in {
|
||||||
options.krebs.sync-containers3 = {
|
options.krebs.sync-containers3 = {
|
||||||
inContainer = {
|
inContainer = {
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
{ config, pkgs, ... }: let {
|
{ config, pkgs, lib, ... }: let {
|
||||||
lib = import ../../lib;
|
|
||||||
|
slib = import ../../lib/pure.nix { inherit lib; };
|
||||||
|
|
||||||
body.options.krebs.systemd.services = lib.mkOption {
|
body.options.krebs.systemd.services = lib.mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
@ -13,14 +14,14 @@
|
|||||||
lib.sort
|
lib.sort
|
||||||
lib.lessThan
|
lib.lessThan
|
||||||
(lib.filter
|
(lib.filter
|
||||||
lib.types.absolute-pathname.check
|
slib.types.absolute-pathname.check
|
||||||
(map
|
(map
|
||||||
(lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
|
(slib.compose [ slib.maybeHead (builtins.match "[^:]*:(.*)") ])
|
||||||
(lib.toList cfg.serviceConfig.LoadCredential)));
|
(lib.toList cfg.serviceConfig.LoadCredential)));
|
||||||
readOnly = true;
|
readOnly = true;
|
||||||
};
|
};
|
||||||
credentialUnitName = lib.mkOption {
|
credentialUnitName = lib.mkOption {
|
||||||
default = "trigger-${lib.systemd.encodeName serviceName}";
|
default = "trigger-${slib.systemd.encodeName serviceName}";
|
||||||
readOnly = true;
|
readOnly = true;
|
||||||
};
|
};
|
||||||
restartIfCredentialsChange = lib.mkOption {
|
restartIfCredentialsChange = lib.mkOption {
|
||||||
@ -54,7 +55,7 @@
|
|||||||
pkgs.systemd
|
pkgs.systemd
|
||||||
]}
|
]}
|
||||||
|
|
||||||
cache=/var/lib/credentials/${lib.shell.escape serviceName}.sha1sum
|
cache=/var/lib/credentials/${slib.shell.escape serviceName}.sha1sum
|
||||||
tmpfile=$(mktemp -t "$(basename "$cache")".XXXXXXXX)
|
tmpfile=$(mktemp -t "$(basename "$cache")".XXXXXXXX)
|
||||||
trap 'rm -f "$tmpfile"' EXIT
|
trap 'rm -f "$tmpfile"' EXIT
|
||||||
|
|
||||||
@ -64,7 +65,7 @@
|
|||||||
fi
|
fi
|
||||||
mv "$tmpfile" "$cache"
|
mv "$tmpfile" "$cache"
|
||||||
|
|
||||||
systemctl restart ${lib.shell.escape serviceName}
|
systemctl restart ${slib.shell.escape serviceName}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: {
|
with import ../../lib/pure.nix { inherit lib; }; {
|
||||||
options.krebs.tinc = mkOption {
|
options.krebs.tinc = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
cfg = config.krebs.tinc_graphs;
|
cfg = config.krebs.tinc_graphs;
|
||||||
internal_dir = "${cfg.workingDir}/internal";
|
internal_dir = "${cfg.workingDir}/internal";
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
with import <stockholm/lib>;
|
{ pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
@ -6,5 +7,5 @@ with import <stockholm/lib>;
|
|||||||
(name: ./. + "/${name}")
|
(name: ./. + "/${name}")
|
||||||
(filter
|
(filter
|
||||||
(name: name != "default.nix" && !hasPrefix "." name)
|
(name: name != "default.nix" && !hasPrefix "." name)
|
||||||
(attrNames (readDir ./.)));
|
(attrNames (builtins.readDir ./.)));
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
with import <stockholm/lib>;
|
{ config, pkgs, lib, ... }:
|
||||||
{ config, pkgs, ... }: {
|
with lib;
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
services.xserver.desktopManager.coma = {
|
services.xserver.desktopManager.coma = {
|
||||||
enable = mkEnableOption "sleep as a desktop manager";
|
enable = mkEnableOption "sleep as a desktop manager";
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
|
{ lib, ... }:
|
||||||
# Replace upstream none desktop-manager by a real none, that doesn't pull in
|
# Replace upstream none desktop-manager by a real none, that doesn't pull in
|
||||||
# any dependencies.
|
# any dependencies.
|
||||||
with import <stockholm/lib>;
|
|
||||||
{
|
{
|
||||||
disabledModules = singleton "services/x11/desktop-managers/none.nix";
|
disabledModules = lib.singleton "services/x11/desktop-managers/none.nix";
|
||||||
config.services.xserver.desktopManager.session = singleton {
|
config.services.xserver.desktopManager.session = lib.singleton {
|
||||||
name = "none";
|
name = "none";
|
||||||
bgSupport = true;
|
bgSupport = true;
|
||||||
start = "";
|
start = "";
|
||||||
|
@ -13,8 +13,8 @@
|
|||||||
imports = [ ./xmonad.nix ];
|
imports = [ ./xmonad.nix ];
|
||||||
nixpkgs.overlays = [(self: super: {
|
nixpkgs.overlays = [(self: super: {
|
||||||
writers = super.writers // {
|
writers = super.writers // {
|
||||||
writeHaskellBin = name: spec: with import <stockholm/lib>;
|
writeHaskellBin = name: spec:
|
||||||
super.writers.writeHaskellBin name (removeAttrs spec ["ghcArgs"]);
|
super.writers.writeHaskellBin name (builtins.removeAttrs spec ["ghcArgs"]);
|
||||||
};
|
};
|
||||||
})];
|
})];
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
# TODO inform about unused caches
|
# TODO inform about unused caches
|
||||||
# cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
|
# cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
with import ../../lib/pure.nix { inherit lib; };
|
||||||
let
|
let
|
||||||
cfg = config.krebs.urlwatch;
|
cfg = config.krebs.urlwatch;
|
||||||
|
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user