Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
d2776a87a5
@ -54,6 +54,9 @@ with import <stockholm/lib>;
|
|||||||
config.krebs.users.tv.pubkey
|
config.krebs.users.tv.pubkey
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# enable documentation for our modules
|
||||||
|
documentation.nixos.includeAllModules = true;
|
||||||
|
|
||||||
# The NixOS release to be compatible with for stateful data such as databases.
|
# The NixOS release to be compatible with for stateful data such as databases.
|
||||||
system.stateVersion = "17.03";
|
system.stateVersion = "17.03";
|
||||||
}
|
}
|
||||||
|
@ -45,7 +45,7 @@ let
|
|||||||
Nick Name for hub
|
Nick Name for hub
|
||||||
'';
|
'';
|
||||||
type = str;
|
type = str;
|
||||||
default = cfg.Nick;
|
default = cfg.dcpp.Nick;
|
||||||
};
|
};
|
||||||
Password = mkOption {
|
Password = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -14,7 +14,7 @@ let
|
|||||||
default = {};
|
default = {};
|
||||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||||
options = {
|
options = {
|
||||||
enable = mkEnableOption "krebs.backup.${config.name}" // {
|
enable = mkEnableOption "krebs.backup.${config._module.args.name}" // {
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
method = mkOption {
|
method = mkOption {
|
||||||
@ -23,6 +23,7 @@ let
|
|||||||
name = mkOption {
|
name = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = config._module.args.name;
|
default = config._module.args.name;
|
||||||
|
defaultText = "‹name›";
|
||||||
};
|
};
|
||||||
src = mkOption {
|
src = mkOption {
|
||||||
type = types.krebs.file-location;
|
type = types.krebs.file-location;
|
||||||
|
@ -58,6 +58,7 @@ let
|
|||||||
permissions will be set to 755
|
permissions will be set to 755
|
||||||
'';
|
'';
|
||||||
default = config.users.extraUsers.bepasty.home;
|
default = config.users.extraUsers.bepasty.home;
|
||||||
|
defaultText = "<literal>\${config.users.extraUsers.bepasty.home}</literal>";
|
||||||
};
|
};
|
||||||
|
|
||||||
dataDir = mkOption {
|
dataDir = mkOption {
|
||||||
@ -67,6 +68,7 @@ let
|
|||||||
/var/lib/bepasty-server/data
|
/var/lib/bepasty-server/data
|
||||||
'';
|
'';
|
||||||
default = "${config.users.extraUsers.bepasty.home}/data";
|
default = "${config.users.extraUsers.bepasty.home}/data";
|
||||||
|
defaultText = "<literal>\${config.users.extraUsers.bepasty.home}/data</literal>";
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
|
@ -10,7 +10,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
|
|
||||||
profile = mkOption {
|
profile = mkOption {
|
||||||
type = types.absolute-path;
|
type = types.absolute-pathname;
|
||||||
default = "/nix/var/nix/profiles/system";
|
default = "/nix/var/nix/profiles/system";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -137,7 +137,7 @@ let
|
|||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
example = [ "cac.json" ];
|
example = [ "cac.json" ];
|
||||||
description = ''
|
description = ''
|
||||||
List of all the secrets in <secrets> which should be copied into the
|
List of all the secrets in ‹secrets› which should be copied into the
|
||||||
buildbot master directory.
|
buildbot master directory.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -31,6 +31,7 @@ let
|
|||||||
owner.name = "exim";
|
owner.name = "exim";
|
||||||
source-path = toString <secrets> + "/${config.domain}.dkim.priv";
|
source-path = toString <secrets> + "/${config.domain}.dkim.priv";
|
||||||
};
|
};
|
||||||
|
defaultText = "‹secrets/‹domain›.dkim.priv›";
|
||||||
};
|
};
|
||||||
selector = mkOption {
|
selector = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
@ -53,7 +53,7 @@ let
|
|||||||
control system, using a built in cache to decrease pressure on the
|
control system, using a built in cache to decrease pressure on the
|
||||||
git server.
|
git server.
|
||||||
cgit in this module is being served via fastcgi nginx.This module
|
cgit in this module is being served via fastcgi nginx.This module
|
||||||
deploys a http://cgit.<hostname> nginx configuration and enables nginx
|
deploys a http://cgit.‹hostname› nginx configuration and enables nginx
|
||||||
if not yet enabled.
|
if not yet enabled.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -207,7 +207,7 @@ let
|
|||||||
List of users that should be able to do everything with this repo.
|
List of users that should be able to do everything with this repo.
|
||||||
|
|
||||||
This option is currently not used by krebs.git but instead can be
|
This option is currently not used by krebs.git but instead can be
|
||||||
used to create rules. See e.g. <stockholm/lass/2configs/git.nix> for
|
used to create rules. See e.g. ‹stockholm/lass/2configs/git.nix› for
|
||||||
an example.
|
an example.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -222,6 +222,7 @@ let
|
|||||||
path = mkOption {
|
path = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "${cfg.dataDir}/${config.name}";
|
default = "${cfg.dataDir}/${config.name}";
|
||||||
|
defaultText = "${cfg.dataDir}/‹reponame›";
|
||||||
description = ''
|
description = ''
|
||||||
An absolute path to the repository directory. For non-bare
|
An absolute path to the repository directory. For non-bare
|
||||||
repositories this is the .git-directory.
|
repositories this is the .git-directory.
|
||||||
@ -237,6 +238,7 @@ let
|
|||||||
url = mkOption {
|
url = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = config.name;
|
default = config.name;
|
||||||
|
defaultText = "‹reponame›";
|
||||||
description = ''
|
description = ''
|
||||||
The relative url used to access the repository.
|
The relative url used to access the repository.
|
||||||
'';
|
'';
|
||||||
@ -249,7 +251,7 @@ let
|
|||||||
List of users that should be able to fetch from this repo.
|
List of users that should be able to fetch from this repo.
|
||||||
|
|
||||||
This option is currently not used by krebs.git but instead can be
|
This option is currently not used by krebs.git but instead can be
|
||||||
used to create rules. See e.g. <stockholm/tv/2configs/git.nix> for
|
used to create rules. See e.g. ‹stockholm/tv/2configs/git.nix› for
|
||||||
an example.
|
an example.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -258,6 +260,7 @@ let
|
|||||||
description = ''
|
description = ''
|
||||||
Repository name.
|
Repository name.
|
||||||
'';
|
'';
|
||||||
|
defaultText = "‹reponame›";
|
||||||
};
|
};
|
||||||
hooks = mkOption {
|
hooks = mkOption {
|
||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
|
@ -18,10 +18,12 @@ let
|
|||||||
srcDir = mkOption {
|
srcDir = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "${config.krebs.tinc.retiolum.confDir}/hosts";
|
default = "${config.krebs.tinc.retiolum.confDir}/hosts";
|
||||||
|
defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts";
|
||||||
};
|
};
|
||||||
ssh-identity-file = mkOption {
|
ssh-identity-file = mkOption {
|
||||||
type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
|
type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
|
||||||
default = toString <secrets/github-hosts-sync.ssh.id_ed25519>;
|
default = toString <secrets/github-hosts-sync.ssh.id_ed25519>;
|
||||||
|
defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›";
|
||||||
};
|
};
|
||||||
url = mkOption {
|
url = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
services.openssh.knownHosts.github = {
|
services.openssh.knownHosts.github = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"github.com"
|
"github.com"
|
||||||
# List generated with
|
# List generated with (IPv6 addresses are currently ignored):
|
||||||
# curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
|
# curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R .
|
||||||
"192.30.252.*"
|
"192.30.252.*"
|
||||||
"192.30.253.*"
|
"192.30.253.*"
|
||||||
"192.30.254.*"
|
"192.30.254.*"
|
||||||
@ -28,6 +28,22 @@
|
|||||||
"140.82.125.*"
|
"140.82.125.*"
|
||||||
"140.82.126.*"
|
"140.82.126.*"
|
||||||
"140.82.127.*"
|
"140.82.127.*"
|
||||||
|
"143.55.64.*"
|
||||||
|
"143.55.65.*"
|
||||||
|
"143.55.66.*"
|
||||||
|
"143.55.67.*"
|
||||||
|
"143.55.68.*"
|
||||||
|
"143.55.69.*"
|
||||||
|
"143.55.70.*"
|
||||||
|
"143.55.71.*"
|
||||||
|
"143.55.72.*"
|
||||||
|
"143.55.73.*"
|
||||||
|
"143.55.74.*"
|
||||||
|
"143.55.75.*"
|
||||||
|
"143.55.76.*"
|
||||||
|
"143.55.77.*"
|
||||||
|
"143.55.78.*"
|
||||||
|
"143.55.79.*"
|
||||||
"13.114.40.48"
|
"13.114.40.48"
|
||||||
"52.192.72.89"
|
"52.192.72.89"
|
||||||
"52.69.186.44"
|
"52.69.186.44"
|
||||||
@ -44,6 +60,9 @@
|
|||||||
"18.228.52.138"
|
"18.228.52.138"
|
||||||
"18.228.67.229"
|
"18.228.67.229"
|
||||||
"18.231.5.6"
|
"18.231.5.6"
|
||||||
|
"20.201.28.151"
|
||||||
|
"20.205.243.166"
|
||||||
|
"102.133.202.242"
|
||||||
"18.181.13.223"
|
"18.181.13.223"
|
||||||
"54.238.117.237"
|
"54.238.117.237"
|
||||||
"54.168.17.15"
|
"54.168.17.15"
|
||||||
@ -60,6 +79,9 @@
|
|||||||
"54.233.131.104"
|
"54.233.131.104"
|
||||||
"18.231.104.233"
|
"18.231.104.233"
|
||||||
"18.228.167.86"
|
"18.228.167.86"
|
||||||
|
"20.201.28.152"
|
||||||
|
"20.205.243.160"
|
||||||
|
"102.133.202.246"
|
||||||
];
|
];
|
||||||
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
||||||
};
|
};
|
||||||
|
@ -13,7 +13,7 @@ let
|
|||||||
default = {};
|
default = {};
|
||||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
type = types.attrsOf (types.submodule ({ config, ... }: {
|
||||||
options = {
|
options = {
|
||||||
enable = mkEnableOption "krebs.htgen-${config.name}";
|
enable = mkEnableOption "krebs.htgen-${config._module.args.name}";
|
||||||
|
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
type = types.username;
|
type = types.username;
|
||||||
@ -38,6 +38,10 @@ let
|
|||||||
name = "htgen-${config.name}";
|
name = "htgen-${config.name}";
|
||||||
home = "/var/lib/htgen-${config.name}";
|
home = "/var/lib/htgen-${config.name}";
|
||||||
};
|
};
|
||||||
|
defaultText = {
|
||||||
|
name = "htgen-‹name›";
|
||||||
|
home = "/var/lib/htgen-‹name›";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
|
@ -39,7 +39,10 @@ in {
|
|||||||
cores = 4;
|
cores = 4;
|
||||||
nets = {
|
nets = {
|
||||||
shack = {
|
shack = {
|
||||||
ip4.addr = "10.42.0.50" ;
|
ip4 = {
|
||||||
|
addr = "10.42.0.50" ;
|
||||||
|
prefix = "10.42.0.0/16";
|
||||||
|
};
|
||||||
aliases = [
|
aliases = [
|
||||||
"filebitch.shack"
|
"filebitch.shack"
|
||||||
];
|
];
|
||||||
@ -158,6 +161,7 @@ in {
|
|||||||
};
|
};
|
||||||
puyak = {
|
puyak = {
|
||||||
ci = true;
|
ci = true;
|
||||||
|
cores = 4;
|
||||||
nets = {
|
nets = {
|
||||||
retiolum = {
|
retiolum = {
|
||||||
ip4.addr = "10.243.77.2";
|
ip4.addr = "10.243.77.2";
|
||||||
|
@ -14,7 +14,47 @@ in {
|
|||||||
dns.providers = {
|
dns.providers = {
|
||||||
"lassul.us" = "zones";
|
"lassul.us" = "zones";
|
||||||
};
|
};
|
||||||
hosts = mapAttrs hostDefaults {
|
hosts = mapAttrs (_: recursiveUpdate {
|
||||||
|
owner = config.krebs.users.lass;
|
||||||
|
ci = true;
|
||||||
|
monitoring = true;
|
||||||
|
}) {
|
||||||
|
dishfire = {
|
||||||
|
cores = 4;
|
||||||
|
nets = rec {
|
||||||
|
internet = {
|
||||||
|
ip4 = rec {
|
||||||
|
addr = "157.90.232.92";
|
||||||
|
prefix = "${addr}/32";
|
||||||
|
};
|
||||||
|
aliases = [
|
||||||
|
"dishfire.i"
|
||||||
|
];
|
||||||
|
ssh.port = 45621;
|
||||||
|
};
|
||||||
|
retiolum = {
|
||||||
|
via = internet;
|
||||||
|
ip4.addr = "10.243.133.99";
|
||||||
|
ip6.addr = r6 "d15f:1233";
|
||||||
|
aliases = [
|
||||||
|
"dishfire.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
|
||||||
|
Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
|
||||||
|
uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
|
||||||
|
R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
|
||||||
|
vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
|
||||||
|
HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.port = 655;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
|
||||||
|
};
|
||||||
prism = rec {
|
prism = rec {
|
||||||
cores = 4;
|
cores = 4;
|
||||||
extraZones = {
|
extraZones = {
|
||||||
@ -54,7 +94,10 @@ in {
|
|||||||
};
|
};
|
||||||
nets = rec {
|
nets = rec {
|
||||||
internet = {
|
internet = {
|
||||||
ip4.addr = "95.216.1.150";
|
ip4 = {
|
||||||
|
addr = "95.216.1.150";
|
||||||
|
prefix = "0.0.0.0/0";
|
||||||
|
};
|
||||||
aliases = [
|
aliases = [
|
||||||
"prism.i"
|
"prism.i"
|
||||||
"paste.i"
|
"paste.i"
|
||||||
|
@ -26,11 +26,13 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
stateDir = mkOption {
|
stateDir = mkOption {
|
||||||
default = "/var/lib/${self.config.username}";
|
default = "/var/lib/${self.config.username}";
|
||||||
|
defaultText = "/var/lib/‹username›";
|
||||||
readOnly = true;
|
readOnly = true;
|
||||||
type = types.absolute-pathname;
|
type = types.absolute-pathname;
|
||||||
};
|
};
|
||||||
systemd-service-name = mkOption {
|
systemd-service-name = mkOption {
|
||||||
default = "reaktor2${optionalString (name != "default") "-${name}"}";
|
default = "reaktor2${optionalString (name != "default") "-${name}"}";
|
||||||
|
defaultText = "reaktor2-‹name› or just reaktor2 if ‹name› is \"default\"";
|
||||||
type = types.filename;
|
type = types.filename;
|
||||||
};
|
};
|
||||||
sendDelaySec = mkOption {
|
sendDelaySec = mkOption {
|
||||||
@ -39,6 +41,7 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
username = mkOption {
|
username = mkOption {
|
||||||
default = self.config.systemd-service-name;
|
default = self.config.systemd-service-name;
|
||||||
|
defaultText = "‹systemd-service-name›";
|
||||||
type = types.username;
|
type = types.username;
|
||||||
};
|
};
|
||||||
useTLS = mkOption {
|
useTLS = mkOption {
|
||||||
|
@ -96,7 +96,7 @@ let
|
|||||||
basic authentication to be used. If unset, no authentication will be
|
basic authentication to be used. If unset, no authentication will be
|
||||||
enabled.
|
enabled.
|
||||||
|
|
||||||
Refer to `services.nginx.virtualHosts.<name>.basicAuth`
|
Refer to `services.nginx.virtualHosts.‹name›.basicAuth`
|
||||||
'';
|
'';
|
||||||
default = {};
|
default = {};
|
||||||
};
|
};
|
||||||
|
@ -55,11 +55,11 @@ in {
|
|||||||
|
|
||||||
The overrides file may contain either regular shadow(5) entries like:
|
The overrides file may contain either regular shadow(5) entries like:
|
||||||
|
|
||||||
<code><login-name>:<hashed-password>:1::::::</code>
|
<code>‹login-name›:‹hashed-password›:1::::::</code>
|
||||||
|
|
||||||
Or shortened entries only containing login name and password like:
|
Or shortened entries only containing login name and password like:
|
||||||
|
|
||||||
<code><login-name>:<hashed-password></code>
|
<code>‹login-name›:‹hashed-password›</code>
|
||||||
'';
|
'';
|
||||||
type = types.nullOr (types.either types.path types.absolute-pathname);
|
type = types.nullOr (types.either types.path types.absolute-pathname);
|
||||||
};
|
};
|
||||||
|
@ -81,9 +81,16 @@ let
|
|||||||
''}
|
''}
|
||||||
${tinc.config.tincUpExtra}
|
${tinc.config.tincUpExtra}
|
||||||
'';
|
'';
|
||||||
|
defaultText = ''
|
||||||
|
ip -4 addr add ‹net.ip4.addr› dev ${netname}
|
||||||
|
ip -4 route add ‹net.ip4.prefix› dev ${netname}
|
||||||
|
ip -6 addr add ‹net.ip6.addr› dev ${netname}
|
||||||
|
ip -6 route add ‹net.ip6.prefix› dev ${netname}
|
||||||
|
${tinc.config.tincUpExtra}
|
||||||
|
'';
|
||||||
description = ''
|
description = ''
|
||||||
tinc-up script to be used. Defaults to setting the
|
tinc-up script to be used. Defaults to setting the
|
||||||
krebs.host.nets.<netname>.ip4 and ip6 for the new ips and
|
krebs.host.nets.‹netname›.ip4 and ip6 for the new ips and
|
||||||
configures forwarding of the respecitive netmask as subnet.
|
configures forwarding of the respecitive netmask as subnet.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
@ -103,6 +110,7 @@ let
|
|||||||
type = with types; attrsOf host;
|
type = with types; attrsOf host;
|
||||||
default =
|
default =
|
||||||
filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
|
filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
|
||||||
|
defaultText = "‹all-hosts-of-‹netname››";
|
||||||
description = ''
|
description = ''
|
||||||
Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>.
|
Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>.
|
||||||
Note that these hosts must have a network named
|
Note that these hosts must have a network named
|
||||||
@ -138,9 +146,10 @@ let
|
|||||||
'') tinc.config.hosts)}
|
'') tinc.config.hosts)}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
defaultText = "‹netname›-tinc-hosts";
|
||||||
description = ''
|
description = ''
|
||||||
Package of tinc host configuration files. By default, a package will
|
Package of tinc host configuration files. By default, a package will
|
||||||
be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This
|
be generated from <literal>config.krebs.‹netname›.hosts</literal>. This
|
||||||
option's main purpose is to expose the generated hosts package to other
|
option's main purpose is to expose the generated hosts package to other
|
||||||
modules, like <literal>config.krebs.tinc_graphs</literal>. But it can
|
modules, like <literal>config.krebs.tinc_graphs</literal>. But it can
|
||||||
also be used to provide a custom hosts directory.
|
also be used to provide a custom hosts directory.
|
||||||
@ -168,6 +177,7 @@ let
|
|||||||
owner = tinc.config.user;
|
owner = tinc.config.user;
|
||||||
source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv";
|
source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv";
|
||||||
};
|
};
|
||||||
|
defaultText = "‹secrets/‹netname›.rsa_key.priv›";
|
||||||
};
|
};
|
||||||
|
|
||||||
privkey_ed25519 = mkOption {
|
privkey_ed25519 = mkOption {
|
||||||
@ -179,11 +189,12 @@ let
|
|||||||
owner = tinc.config.user;
|
owner = tinc.config.user;
|
||||||
source-path = toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv";
|
source-path = toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv";
|
||||||
};
|
};
|
||||||
|
defaultText = "‹secrets/‹netname›.ed25519_key.priv›";
|
||||||
};
|
};
|
||||||
|
|
||||||
connectTo = mkOption {
|
connectTo = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
${if tinc.config.netname == "retiolum" then "default" else null} = [
|
${if netname == "retiolum" then "default" else null} = [
|
||||||
"gum"
|
"gum"
|
||||||
"ni"
|
"ni"
|
||||||
"prism"
|
"prism"
|
||||||
@ -194,8 +205,10 @@ let
|
|||||||
routeable IPv4 or IPv6 address.
|
routeable IPv4 or IPv6 address.
|
||||||
|
|
||||||
In stockholm this can be done by configuring:
|
In stockholm this can be done by configuring:
|
||||||
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip
|
{
|
||||||
krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655;
|
krebs.hosts.‹host›.nets.‹netname›.via.ip4.addr = external-ip;
|
||||||
|
krebs.hosts.‹host›.nets.‹netname›.tinc.port = 1655;
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -205,6 +218,10 @@ let
|
|||||||
name = tinc.config.netname;
|
name = tinc.config.netname;
|
||||||
home = "/var/lib/${tinc.config.user.name}";
|
home = "/var/lib/${tinc.config.user.name}";
|
||||||
};
|
};
|
||||||
|
defaultText = {
|
||||||
|
name = "‹netname›";
|
||||||
|
home = "/var/lib/‹netname›";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
|
@ -24,6 +24,7 @@ let
|
|||||||
type = types.str;
|
type = types.str;
|
||||||
description = "Path to Hosts directory";
|
description = "Path to Hosts directory";
|
||||||
default = "${config.krebs.tinc.retiolum.hostsPackage}";
|
default = "${config.krebs.tinc.retiolum.hostsPackage}";
|
||||||
|
defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}";
|
||||||
};
|
};
|
||||||
|
|
||||||
network = mkOption {
|
network = mkOption {
|
||||||
@ -68,6 +69,7 @@ let
|
|||||||
Defaults to the new users home dir which defaults to
|
Defaults to the new users home dir which defaults to
|
||||||
/var/cache/tinc_graphs'';
|
/var/cache/tinc_graphs'';
|
||||||
default = config.users.extraUsers.tinc_graphs.home;
|
default = config.users.extraUsers.tinc_graphs.home;
|
||||||
|
defaultText = "<literal>\${config.users.extraUsers.tinc_graphs.home}</literal>";
|
||||||
};
|
};
|
||||||
|
|
||||||
timerConfig = mkOption {
|
timerConfig = mkOption {
|
||||||
|
@ -20,7 +20,7 @@ self: super: {
|
|||||||
"0.10.1" = [
|
"0.10.1" = [
|
||||||
./flameshot/flameshot_imgur_0.9.0.patch
|
./flameshot/flameshot_imgur_0.9.0.patch
|
||||||
];
|
];
|
||||||
}.${old.version};
|
}.${old.version} or [];
|
||||||
});
|
});
|
||||||
|
|
||||||
# https://github.com/proot-me/PRoot/issues/106
|
# https://github.com/proot-me/PRoot/issues/106
|
||||||
|
@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
|
|||||||
pkgs.netcat
|
pkgs.netcat
|
||||||
pkgs.nettools
|
pkgs.nettools
|
||||||
pkgs.openssl
|
pkgs.openssl
|
||||||
pkgs.utillinux
|
pkgs.unixtools.getopt
|
||||||
]};
|
]};
|
||||||
' $out/bin/ircsink
|
' $out/bin/ircsink
|
||||||
'';
|
'';
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175",
|
"rev": "715f63411952c86c8f57ab9e3e3cb866a015b5f2",
|
||||||
"date": "2021-11-01T19:42:18+01:00",
|
"date": "2021-11-17T14:17:56+01:00",
|
||||||
"path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs",
|
"path": "/nix/store/85yrz3ygrzkgw87fp3j42i1i9f4vf0n0-nixpkgs",
|
||||||
"sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg",
|
"sha256": "152kxfk11mgwg8gx0s1rgykyydfb7s746yfylvbwk5mk5cv4z9nv",
|
||||||
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
"leaveDotGit": false
|
"leaveDotGit": false
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
|
"rev": "24528474d2b3370f2f23879a557ae2cc92a5d50b",
|
||||||
"date": "2021-10-31T15:33:08-07:00",
|
"date": "2021-11-19T11:04:27+01:00",
|
||||||
"path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs",
|
"path": "/nix/store/f435816nqq7y14ar1haadw228nbxnh33-nixpkgs",
|
||||||
"sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55",
|
"sha256": "0pdmqzk1l7cwwfp005kzv0dwnmg8xnskzc745052gdxp8pzh1w45",
|
||||||
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
"leaveDotGit": false
|
"leaveDotGit": false
|
||||||
|
10
lass/1systems/dishfire/config.nix
Normal file
10
lass/1systems/dishfire/config.nix
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<stockholm/lass>
|
||||||
|
<stockholm/lass/2configs/retiolum.nix>
|
||||||
|
];
|
||||||
|
|
||||||
|
krebs.build.host = config.krebs.hosts.dishfire;
|
||||||
|
}
|
21
lass/1systems/dishfire/physical.nix
Normal file
21
lass/1systems/dishfire/physical.nix
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./config.nix
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
boot.loader.grub.devices = [ "/dev/sda" ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
}
|
@ -183,35 +183,6 @@ with import <stockholm/lib>;
|
|||||||
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
lass.restic = genAttrs [
|
|
||||||
"daedalus"
|
|
||||||
"icarus"
|
|
||||||
"littleT"
|
|
||||||
"prism"
|
|
||||||
"shodan"
|
|
||||||
"skynet"
|
|
||||||
] (dest: {
|
|
||||||
dirs = [
|
|
||||||
"/home/lass/src"
|
|
||||||
"/home/lass/work"
|
|
||||||
"/home/lass/.gnupg"
|
|
||||||
"/home/lass/Maildir"
|
|
||||||
"/home/lass/stockholm"
|
|
||||||
"/home/lass/.password-store"
|
|
||||||
"/home/bitcoin"
|
|
||||||
"/home/bch"
|
|
||||||
];
|
|
||||||
passwordFile = (toString <secrets>) + "/restic/${dest}";
|
|
||||||
repo = "sftp:backup@${dest}.r:/backups/mors";
|
|
||||||
#sshPrivateKey = config.krebs.build.host.ssh.privkey.path;
|
|
||||||
extraArguments = [
|
|
||||||
"sftp.command='ssh backup@${dest}.r -i ${config.krebs.build.host.ssh.privkey.path} -s sftp'"
|
|
||||||
];
|
|
||||||
timerConfig = {
|
|
||||||
OnCalendar = "00:05";
|
|
||||||
RandomizedDelaySec = "5h";
|
|
||||||
};
|
|
||||||
});
|
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
|
|
||||||
services.earlyoom = {
|
services.earlyoom = {
|
||||||
|
@ -215,6 +215,8 @@ with import <stockholm/lib>;
|
|||||||
noipv4ll
|
noipv4ll
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
documentation.nixos.includeAllModules = true;
|
||||||
|
|
||||||
# use 24:00 time format, the default got sneakily changed around 20.03
|
# use 24:00 time format, the default got sneakily changed around 20.03
|
||||||
i18n.defaultLocale = mkDefault "C.UTF-8";
|
i18n.defaultLocale = mkDefault "C.UTF-8";
|
||||||
time.timeZone = mkDefault"Europe/Berlin";
|
time.timeZone = mkDefault"Europe/Berlin";
|
||||||
|
@ -9,7 +9,6 @@ _:
|
|||||||
./news.nix
|
./news.nix
|
||||||
./nichtparasoup.nix
|
./nichtparasoup.nix
|
||||||
./pyload.nix
|
./pyload.nix
|
||||||
./restic.nix
|
|
||||||
./screenlock.nix
|
./screenlock.nix
|
||||||
./usershadow.nix
|
./usershadow.nix
|
||||||
./xjail.nix
|
./xjail.nix
|
||||||
|
@ -1,119 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
|
|
||||||
{
|
|
||||||
options.lass.restic = mkOption {
|
|
||||||
type = types.attrsOf (types.submodule ({ config, ... }: {
|
|
||||||
options = {
|
|
||||||
name = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = config._module.args.name;
|
|
||||||
};
|
|
||||||
passwordFile = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = toString <secrets/restic-password>;
|
|
||||||
description = ''
|
|
||||||
read the repository password from a file.
|
|
||||||
'';
|
|
||||||
example = "/etc/nixos/restic-password";
|
|
||||||
|
|
||||||
};
|
|
||||||
repo = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "sftp:backup@prism.r:/backups/${config.name}";
|
|
||||||
description = ''
|
|
||||||
repository to backup to.
|
|
||||||
'';
|
|
||||||
example = "sftp:backup@192.168.1.100:/backups/${config.name}";
|
|
||||||
};
|
|
||||||
dirs = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [];
|
|
||||||
description = ''
|
|
||||||
which directories to backup.
|
|
||||||
'';
|
|
||||||
example = [
|
|
||||||
"/var/lib/postgresql"
|
|
||||||
"/home/user/backup"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
timerConfig = mkOption {
|
|
||||||
type = types.attrsOf types.str;
|
|
||||||
default = {
|
|
||||||
OnCalendar = "daily";
|
|
||||||
};
|
|
||||||
description = ''
|
|
||||||
When to run the backup. See man systemd.timer for details.
|
|
||||||
'';
|
|
||||||
example = {
|
|
||||||
OnCalendar = "00:05";
|
|
||||||
RandomizedDelaySec = "5h";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
user = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "root";
|
|
||||||
description = ''
|
|
||||||
As which user the backup should run.
|
|
||||||
'';
|
|
||||||
example = "postgresql";
|
|
||||||
};
|
|
||||||
extraArguments = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [];
|
|
||||||
description = ''
|
|
||||||
Extra arguments to append to the restic command.
|
|
||||||
'';
|
|
||||||
example = [
|
|
||||||
"sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
initialize = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Create the repository if it doesn't exist.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}));
|
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
|
||||||
systemd.services =
|
|
||||||
mapAttrs' (_: plan:
|
|
||||||
let
|
|
||||||
extraArguments = concatMapStringsSep " " (arg: "-o ${arg}") plan.extraArguments;
|
|
||||||
connectTo = elemAt (splitString ":" plan.repo) 1;
|
|
||||||
resticCmd = "${pkgs.restic}/bin/restic ${extraArguments}";
|
|
||||||
in nameValuePair "backup.${plan.name}" {
|
|
||||||
environment = {
|
|
||||||
RESTIC_PASSWORD_FILE = plan.passwordFile;
|
|
||||||
RESTIC_REPOSITORY = plan.repo;
|
|
||||||
};
|
|
||||||
path = with pkgs; [
|
|
||||||
openssh
|
|
||||||
];
|
|
||||||
restartIfChanged = false;
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStartPre = mkIf plan.initialize (pkgs.writeScript "rustic-${plan.name}-init" ''
|
|
||||||
#! ${pkgs.bash}/bin/bash
|
|
||||||
${resticCmd} snapshots || ${resticCmd} init
|
|
||||||
'');
|
|
||||||
ExecStart = pkgs.writeDash "rustic-${plan.name}" (
|
|
||||||
"#! ${pkgs.bash}/bin/bash\n" +
|
|
||||||
concatMapStringsSep "\n" (dir: "${resticCmd} backup ${dir}") plan.dirs
|
|
||||||
);
|
|
||||||
User = plan.user;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
) config.lass.restic;
|
|
||||||
systemd.timers =
|
|
||||||
mapAttrs' (_: plan: nameValuePair "backup.${plan.name}" {
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig = plan.timerConfig;
|
|
||||||
}) config.lass.restic;
|
|
||||||
};
|
|
||||||
}
|
|
@ -48,6 +48,7 @@ with import <stockholm/lib>;
|
|||||||
wm = mkOption {
|
wm = mkOption {
|
||||||
#TODO find type
|
#TODO find type
|
||||||
type = types.str;
|
type = types.str;
|
||||||
|
defaultText = "‹script›";
|
||||||
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
|
default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" {
|
||||||
executables.xmonad = {
|
executables.xmonad = {
|
||||||
extra-depends = [
|
extra-depends = [
|
||||||
|
@ -34,7 +34,7 @@ rec {
|
|||||||
ci = mkOption {
|
ci = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
If true, then the host wants to be tested by some CI system.
|
If true, then the host wants to be tested by some CI system.
|
||||||
See <stockholm/krebs/2configs/buildbot-all.nix>
|
See ‹stockholm/krebs/2configs/buildbot-all.nix›
|
||||||
'';
|
'';
|
||||||
type = bool;
|
type = bool;
|
||||||
default = false;
|
default = false;
|
||||||
@ -43,7 +43,7 @@ rec {
|
|||||||
external = mkOption {
|
external = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Whether the host is defined externally (in contrast to being defined
|
Whether the host is defined externally (in contrast to being defined
|
||||||
in <stockholm>). This is useful e.g. when legacy and/or adopted
|
in ‹stockholm›). This is useful e.g. when legacy and/or adopted
|
||||||
hosts should be part of retiolum or some other component.
|
hosts should be part of retiolum or some other component.
|
||||||
'';
|
'';
|
||||||
type = bool;
|
type = bool;
|
||||||
@ -102,7 +102,14 @@ rec {
|
|||||||
default = config._module.args.name;
|
default = config._module.args.name;
|
||||||
};
|
};
|
||||||
via = mkOption {
|
via = mkOption {
|
||||||
type = nullOr net;
|
type =
|
||||||
|
# XXX break infinite recursion when generating manuals
|
||||||
|
if config._module.args.name == "‹name›" then
|
||||||
|
mkOptionType {
|
||||||
|
name = "‹net›";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
nullOr net;
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
addrs = mkOption {
|
addrs = mkOption {
|
||||||
@ -128,9 +135,10 @@ rec {
|
|||||||
};
|
};
|
||||||
prefix = mkOption ({
|
prefix = mkOption ({
|
||||||
type = cidr4;
|
type = cidr4;
|
||||||
} // optionalAttrs (config.name == "retiolum") {
|
} // {
|
||||||
default = "10.243.0.0/16";
|
retiolum.default = "10.243.0.0/16";
|
||||||
});
|
wiregrill.default = "10.244.0.0/16";
|
||||||
|
}.${config._module.args.name} or {});
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
default = null;
|
default = null;
|
||||||
@ -144,9 +152,10 @@ rec {
|
|||||||
};
|
};
|
||||||
prefix = mkOption ({
|
prefix = mkOption ({
|
||||||
type = cidr6;
|
type = cidr6;
|
||||||
} // optionalAttrs (config.name == "retiolum") {
|
} // {
|
||||||
default = "42::/16";
|
retiolum.default = "42:0::/32";
|
||||||
});
|
wiregrill.default = "42:1::/32";
|
||||||
|
}.${config._module.args.name} or {});
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
default = null;
|
default = null;
|
||||||
@ -178,7 +187,15 @@ rec {
|
|||||||
[config.extraConfig]
|
[config.extraConfig]
|
||||||
++
|
++
|
||||||
[config.pubkey]
|
[config.pubkey]
|
||||||
|
++
|
||||||
|
optional (config.weight != null) "Weight = ${toString config.weight}"
|
||||||
);
|
);
|
||||||
|
defaultText = ''
|
||||||
|
Address = ‹addr› ‹port› # for each ‹net.via.addrs›
|
||||||
|
Subnet = ‹addr› # for each ‹net.addrs›
|
||||||
|
‹extraConfig›
|
||||||
|
‹pubkey›
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
pubkey = mkOption {
|
pubkey = mkOption {
|
||||||
type = tinc-pubkey;
|
type = tinc-pubkey;
|
||||||
@ -202,6 +219,15 @@ rec {
|
|||||||
description = "tinc subnets";
|
description = "tinc subnets";
|
||||||
default = [];
|
default = [];
|
||||||
};
|
};
|
||||||
|
weight = mkOption {
|
||||||
|
type = nullOr int;
|
||||||
|
description = ''
|
||||||
|
global tinc weight (latency in ms) of this particular node.
|
||||||
|
can be set to some high value to make it unprobable to be used as router.
|
||||||
|
if set to null, tinc will autogenerate the value based on latency.
|
||||||
|
'';
|
||||||
|
default = if net.via != null then null else 300;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
default = null;
|
default = null;
|
||||||
@ -227,6 +253,7 @@ rec {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
|
default = null;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
@ -252,6 +279,7 @@ rec {
|
|||||||
path = mkOption {
|
path = mkOption {
|
||||||
type = absolute-pathname;
|
type = absolute-pathname;
|
||||||
default = "/run/keys/${config.name}";
|
default = "/run/keys/${config.name}";
|
||||||
|
defaultText = "/run/keys/‹name›";
|
||||||
};
|
};
|
||||||
mode = mkOption {
|
mode = mkOption {
|
||||||
type = file-mode;
|
type = file-mode;
|
||||||
@ -267,10 +295,12 @@ rec {
|
|||||||
service = mkOption {
|
service = mkOption {
|
||||||
type = systemd.unit-name;
|
type = systemd.unit-name;
|
||||||
default = "secret-${lib.systemd.encodeName config.name}.service";
|
default = "secret-${lib.systemd.encodeName config.name}.service";
|
||||||
|
defaultText = "secret-‹name›.service";
|
||||||
};
|
};
|
||||||
source-path = mkOption {
|
source-path = mkOption {
|
||||||
type = str;
|
type = str;
|
||||||
default = toString <secrets> + "/${config.name}";
|
default = toString <secrets> + "/${config.name}";
|
||||||
|
defaultText = "‹secrets/‹name››";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
@ -379,6 +409,7 @@ rec {
|
|||||||
home = mkOption {
|
home = mkOption {
|
||||||
type = absolute-pathname;
|
type = absolute-pathname;
|
||||||
default = "/home/${config.name}";
|
default = "/home/${config.name}";
|
||||||
|
defaultText = "/home/‹name›";
|
||||||
};
|
};
|
||||||
mail = mkOption {
|
mail = mkOption {
|
||||||
type = nullOr str;
|
type = nullOr str;
|
||||||
@ -406,6 +437,7 @@ rec {
|
|||||||
uid = mkOption {
|
uid = mkOption {
|
||||||
type = int;
|
type = int;
|
||||||
default = genid_uint31 config.name;
|
default = genid_uint31 config.name;
|
||||||
|
defaultText = "genid_uint31 ‹name›";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
@ -414,10 +446,12 @@ rec {
|
|||||||
name = mkOption {
|
name = mkOption {
|
||||||
type = username;
|
type = username;
|
||||||
default = config._module.args.name;
|
default = config._module.args.name;
|
||||||
|
defaultText = "genid_uint31 ‹name›";
|
||||||
};
|
};
|
||||||
gid = mkOption {
|
gid = mkOption {
|
||||||
type = int;
|
type = int;
|
||||||
default = genid_uint31 config.name;
|
default = genid_uint31 config.name;
|
||||||
|
defaultText = "genid_uint31 ‹name›";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user