{2 tv git -> 3 krebs}.users

This commit is contained in:
tv 2015-07-24 20:48:00 +02:00
parent 54becaa19f
commit a62be1cef8
6 changed files with 71 additions and 42 deletions

View File

@ -1,4 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import ../../4lib/tv { inherit lib pkgs; }; with import ../../4lib/tv { inherit lib pkgs; };
let let
@ -7,7 +8,7 @@ let
enable = true; enable = true;
root-title = "public repositories at ${config.tv.identity.self.name}"; root-title = "public repositories at ${config.tv.identity.self.name}";
root-desc = "keep calm and engage"; root-desc = "keep calm and engage";
inherit repos rules users; inherit repos rules;
}; };
}; };
@ -43,20 +44,12 @@ let
restricted-repos = mapAttrs make-restricted-repo ( restricted-repos = mapAttrs make-restricted-repo (
{ {
brain = { brain = {
collaborators = with users; [ lass makefu ]; collaborators = with config.krebs.users; [ lass makefu ];
}; };
} // } //
import /root/src/secrets/repos.nix { inherit config lib pkgs users; } import /root/src/secrets/repos.nix { inherit config lib pkgs; }
); );
# TODO move users to separate module
users = mapAttrs make-user {
tv = ../../Zpubkeys/tv_wu.ssh.pub;
lass = ../../Zpubkeys/lass.ssh.pub;
uriel = ../../Zpubkeys/uriel.ssh.pub;
makefu = ../../Zpubkeys/makefu.ssh.pub;
};
make-public-repo = name: { desc ? null, ... }: { make-public-repo = name: { desc ? null, ... }: {
inherit name desc; inherit name desc;
public = true; public = true;
@ -77,7 +70,7 @@ let
}; };
make-rules = make-rules =
with git // users; with git // config.krebs.users;
repo: repo:
singleton { singleton {
user = tv; user = tv;
@ -95,9 +88,4 @@ let
perm = fetch; perm = fetch;
}; };
make-user = name: pubkey-file: {
inherit name;
pubkey = readFile pubkey-file;
};
in out in out

View File

@ -1,6 +1,10 @@
_: { config, lib, ... }:
{ with import ../../4lib/krebs { inherit lib; };
let
cfg = config.krebs;
out = {
imports = [ imports = [
./github-hosts-sync.nix ./github-hosts-sync.nix
./git.nix ./git.nix
@ -8,4 +12,32 @@ _:
./retiolum.nix ./retiolum.nix
./urlwatch.nix ./urlwatch.nix
]; ];
} options.krebs = api;
config = mkIf cfg.enable imp;
};
api = {
users = mkOption {
type = with types; attrsOf user;
default = addNames {
lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
};
makefu = {
pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
};
tv = {
pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
};
uriel = {
pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
};
};
};
};
imp = {
};
in
out

View File

@ -6,8 +6,7 @@
# TODO when authorized_keys changes, then restart ssh # TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow) # (or kill already connected users somehow)
with builtins; with import ../../4lib/krebs { inherit lib; };
with lib;
let let
cfg = config.krebs.git; cfg = config.krebs.git;
@ -119,9 +118,6 @@ let
rules = mkOption { rules = mkOption {
type = types.unspecified; type = types.unspecified;
}; };
users = mkOption {
type = types.unspecified;
};
}; };
git-imp = { git-imp = {
@ -149,7 +145,8 @@ let
name = "git"; name = "git";
shell = "/bin/sh"; shell = "/bin/sh";
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users; mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
config.krebs.users;
uid = 129318403; # genid git uid = 129318403; # genid git
}; };
}; };
@ -255,7 +252,7 @@ let
isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }: makeAuthorizedKey = git-ssh-command: user@{ name, pubkey, ... }:
# TODO assert name # TODO assert name
# TODO assert pubkey # TODO assert pubkey
let let

View File

@ -1,6 +1,14 @@
{ lib, ... }: { lib, ... }:
builtins // lib // { with builtins;
with lib;
builtins // lib // rec {
addName = name: set:
set // { inherit name; };
addNames = mapAttrs addName;
types = import ./types.nix { inherit lib; }; types = import ./types.nix { inherit lib; };

View File

@ -81,6 +81,17 @@ types // rec {
merge = mergeOneOption; merge = mergeOneOption;
}; };
user = submodule {
options = {
name = mkOption {
type = str; # TODO
};
pubkey = mkOption {
type = str;
};
};
};
# TODO # TODO
addr = str; addr = str;
addr4 = str; addr4 = str;

View File

@ -15,16 +15,9 @@ krebs // rec {
inherit pkgs; inherit pkgs;
}; };
addName = name: set:
set // { inherit name; };
addNames = mapAttrs addName;
# "7.4.335" -> "74" # "7.4.335" -> "74"
majmin = with lib; x : concatStrings (take 2 (splitString "." x)); majmin = with lib; x : concatStrings (take 2 (splitString "." x));
concat = xs : concat = xs :
if xs == [] if xs == []
then "" then ""