Merge remote-tracking branch 'cd/master'

2015-12-26 10:51:18 +01:00 · 2015-12-26 10:51:18 +01:00 · ed4db71add
commit ed4db71add
parent cef2be532b 763f0db52a
29 changed files with 82 additions and 92 deletions
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@ -1,19 +1,8 @@
-{ config, pkgs,lib, ... }:
+{ config, lib, pkgs, ... }:
 with lib;
 let
  inherit (lib)
    mkIf
    mkOption
    types
    singleton
    isString
    optionalString
    concatStrings
    escapeShellArg
  ;
  ReaktorConfig = pkgs.writeText "config.py" ''
      ${if (isString cfg.overrideConfig ) then ''
      # Overriden Config
@ -94,10 +83,9 @@ let
  imp = {
    # for reaktor get-config
-    users.extraUsers = singleton {
+    users.extraUsers = singleton rec {
      name = "Reaktor";
-      # uid = config.ids.uids.Reaktor;
+      uid = genid name;
      uid = 2066439104; #genid Reaktor
      description = "Reaktor user";
      home = cfg.workdir;
      createHome = true;
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@ -119,16 +119,14 @@ let
  imp = {
    users.extraUsers.acng = {
-    # uid = config.ids.uids.acng;
+      uid = genid "acng";
      uid = 897955083; #genid Reaktor
      description = "apt-cacher-ng";
      home = acng-home;
      createHome = false;
    };
    users.extraGroups.acng = {
-      gid = 897955083; #genid Reaktor
+      gid = genid "acng";
    # gid = config.ids.gids.Reaktor;
    };
    systemd.services.apt-cacher-ng = {
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@ -130,12 +130,12 @@ let
    ) cfg.servers;
    users.extraUsers.bepasty = {
-      uid = 2796546855; #genid bepasty
+      uid = genid "bepasty";
      group = "bepasty";
      home = "/var/lib/bepasty-server";
    };
    users.extraGroups.bepasty = {
-      gid = 2796546855; #genid bepasty
+      gid = genid "bepasty";
    };
  };
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@ -127,7 +127,7 @@ let
  imp = {
    users.extraUsers.buildbotSlave = {
-      uid = 1408105834; #genid buildbotMaster
+      uid = genid "buildbotSlave";
      description = "Buildbot Slave";
      home = cfg.workDir;
      createHome = false;
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@ -51,7 +51,7 @@ let
  imp = {
    users.users.fetchWallpaper = {
      name = "fetchWallpaper";
-      uid = 3332383611; #genid fetchWallpaper
+      uid = genid "fetchWallpaper";
      description = "fetchWallpaper user";
      home = cfg.stateDir;
      createHome = true;
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@ -145,14 +145,14 @@ let
        ]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
      };
-    users.extraUsers = singleton {
+    users.extraUsers = singleton rec {
      description = "Git repository hosting user";
      name = "git";
      shell = "/bin/sh";
      openssh.authorizedKeys.keys =
        mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
          config.krebs.users;
-      uid = 129318403; # genid git
+      uid = genid name;
    };
  };
@ -238,9 +238,9 @@ let
    };
  };
-  fcgitwrap-user = {
+  fcgitwrap-user = rec {
    name = "fcgiwrap";
-    uid = 2867890860; # genid fcgiwrap
+    uid = genid name;
    group = "fcgiwrap";
  };
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@ -56,9 +56,9 @@ let
    };
  };
-  user = {
+  user = rec {
    name = "github-hosts-sync";
-    uid = 3220554646; # genid github-hosts-sync
+    uid = genid name;
  };
  # TODO move to lib?
--- a/krebs/3modules/go.nix
+++ b/krebs/3modules/go.nix
@ -1,6 +1,5 @@
 { config, lib, pkgs, ... }:
 with builtins;
 with lib;
 let
@ -31,9 +30,9 @@ let
      bind = mkDefault "127.0.0.1";
    };
-    users.extraUsers.go = {
+    users.extraUsers.go = rec {
      name = "go";
-      uid = 42774411; #genid go
+      uid = genid name;
      description = "go url shortener user";
      home = "/var/lib/go";
      createHome = true;
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@ -1,13 +1,7 @@
 arg@{ config, lib, pkgs, ... }:
 with lib;
 let
  inherit (lib)
    mkEnableOption
    mkOption
    types
    mkIf
  ;
  cfg = config.krebs.realwallpaper;
  out = {
@ -89,7 +83,7 @@ let
    };
    users.extraUsers.realwallpaper = {
-      uid = 2009435407; #genid realwallpaper
+      uid = genid "realwallpaper";
      home = cfg.workingDir;
      createHome = true;
    };
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@ -133,9 +133,9 @@ let
    };
  };
-  user = {
+  user = rec {
    name = "retiolum";
-    uid = 301281149; # genid retiolum
+    uid = genid name;
  };
  tinc = cfg.tincPackage;
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@ -120,7 +120,7 @@ let
    };
    users.extraUsers.tinc_graphs = {
-      uid = 3925439960; #genid tinc_graphs
+      uid = genid "tinc_graphs";
      home = "/var/spool/tinc_graphs";
    };
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@ -5,7 +5,6 @@
 # cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
 # TODO hooks.py
 with builtins;
 with lib;
 let
  cfg = config.krebs.urlwatch;
@ -136,9 +135,9 @@ let
    };
  };
-  user = {
+  user = rec {
    name = "urlwatch";
-    uid = 3467631196; # genid urlwatch
+    uid = genid name;
  };
 in
 out
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@ -7,6 +7,8 @@ let out = rec {
  eq = x: y: x == y;
  mod = x: y: x - y * (x / y);
  addName = name: set:
    set // { inherit name; };
@ -17,6 +19,7 @@ let out = rec {
  dir.has-default-nix = path: pathExists (path + "/default.nix");
  dns = import ./dns.nix { inherit lib; };
  genid = import ./genid.nix { lib = lib // out; };
  git = import ./git.nix { lib = lib // out; };
  listset = import ./listset.nix { inherit lib; };
  shell = import ./shell.nix { inherit lib; };
--- a/krebs/4lib/genid.nix
+++ b/krebs/4lib/genid.nix
@ -0,0 +1,37 @@
 { lib, ... }:
 with lib;
 with builtins;
 let out = genid;
  # id = genid s = (hash s + min) % max
  # min <= genid s < max
  #
  # min = 2^24 =   16777216 = 0x001000000
  # max = 2^32 = 4294967296 = 0x100000000
  #
  # id is bigger than UID of nobody and GID of nogroup
  # see <nixos/modules/misc/ids.nix> and some spare for stuff like lxd.
  #
  # :: str -> uint32
  genid = s: sum16 (addmod16_16777216 (hash s));
  # :: str -> list8 uint4
  hash = s:
    map hexint (stringToCharacters (substring 32 8 (hashString "sha1" s)));
  # :: list uint -> uint
  sum16 = foldl (a: i: a * 16 + i) 0;
  # :: list8 uint4 -> list1 uint8 ++ list6 uint4
  addmod16_16777216 = x: let
    a = 16 * head x + head (tail x);
    d = tail (tail x);
  in [(mod (a + 1) 256)] ++ d;
  # :: char -> uint4
  hexint = x: hexvals.${toLower x};
  # :: attrset char uint4
  hexvals = listToAttrs (imap (i: c: { name = c; value = i - 1; })
                        (stringToCharacters "0123456789abcdef"));
 in out
--- a/krebs/5pkgs/genid/default.nix
+++ b/krebs/5pkgs/genid/default.nix
@ -1,22 +0,0 @@
 { lib, pkgs, ... }:
 pkgs.writeScriptBin "genid" ''
  #! /bin/sh
  # usage: genid NAME
  set -euf
  export PATH=${lib.makeSearchPath "bin" (with pkgs; [
    bc
    coreutils
  ])}
  name=$1
  hash=$(printf %s "$name" | sha1sum | cut -d\  -f1 | tr a-f A-F)
  echo "
    min=2^24  # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix>
              # and some spare for stuff like lxd.
    max=2^32  # see 2^(8*sizeof(uid_t))
    ibase=16
    ($hash + min) % max
  " | bc
 ''
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@ -184,7 +184,6 @@
    cac
    sshpass
    get
    genid
    teamspeak_client
    hashPassword
  ];
--- a/lass/2configs/libvirt.nix
+++ b/lass/2configs/libvirt.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  mainUser = config.users.extraUsers.mainUser;
@ -8,7 +8,7 @@ in {
  users.extraUsers = {
    libvirt = {
-      uid = 358821352; # genid libvirt
+      uid = lib.genid "libvirt";
      description = "user for running libvirt stuff";
      home = "/home/libvirt";
      useDefaultShell = true;
--- a/lass/2configs/skype.nix
+++ b/lass/2configs/skype.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  mainUser = config.users.extraUsers.mainUser;
@ -7,7 +7,7 @@ in {
  users.extraUsers = {
    skype = {
      name = "skype";
-      uid = 2259819492; #genid skype
+      uid = lib.genid "skype";
      description = "user for running skype";
      home = "/home/skype";
      useDefaultShell = true;
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@ -8,7 +8,7 @@
  users.extraUsers.chat = {
    home = "/home/chat";
-    uid = 986764891; # genid chat
+    uid = lib.genid "chat";
    useDefaultShell = true;
    createHome = true;
    openssh.authorizedKeys.keys = [
--- a/lass/3modules/newsbot-js.nix
+++ b/lass/3modules/newsbot-js.nix
@ -51,7 +51,7 @@ let
  imp = {
    users.extraUsers.newsbot-js = {
      name = "newsbot-js";
-      uid = 1616759810; #genid newsbot-js
+      uid = genid "newsbot-js";
      description = "newsbot-js user";
      home = "/var/empty";
    };
--- a/lass/3modules/owncloud_nginx.nix
+++ b/lass/3modules/owncloud_nginx.nix
@ -207,7 +207,7 @@ let
    #  };
    #});
    users.users.nobody_oc = {
-      uid = 1651469147; # genid nobody_oc
+      uid = genid "nobody_oc";
      useDefaultShell = true;
    };
  };
--- a/lass/3modules/wordpress_nginx.nix
+++ b/lass/3modules/wordpress_nginx.nix
@ -229,7 +229,7 @@ let
      };
    });
    users.users.nobody2 = mkDefault {
-      uid = mkDefault 125816384; # genid nobody2
+      uid = mkDefault (genid "nobody2");
      useDefaultShell = mkDefault true;
    };
  };
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@ -59,7 +59,6 @@ in {
    buildbot
    buildbot-slave
    get
    genid
  ];
  networking.firewall.allowedTCPPorts = [
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@ -16,7 +16,6 @@ with lib;
      environment.systemPackages = with pkgs; [
        # stockholm
        genid
        gnumake
        hashPassword
        lentil
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@ -19,7 +19,6 @@ with lib;
      environment.systemPackages = with pkgs; [
        # stockholm
        genid
        gnumake
        hashPassword
        lentil
--- a/tv/2configs/charybdis.nix
+++ b/tv/2configs/charybdis.nix
@ -72,9 +72,9 @@ let
    };
  };
-  user = {
+  user = rec {
    name = "charybdis";
-    uid = 3748224544; # genid charybdis
+    uid = genid name;
  };
  configFile = toFile "charybdis-ircd.conf" ''
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@ -69,12 +69,10 @@ in
    };
  };
-  users = let
+  users = {
-    id = 3768151709; # genid pulse
+    groups.pulse.gid = config.users.users.pulse.uid;
  in {
    groups.pulse.gid = id;
    users.pulse = {
-      uid = id;
+      uid = genid "pulse";
      group = "pulse";
      extraGroups = [ "audio" ];
      home = "${runDir}/home";
--- a/tv/3modules/consul.nix
+++ b/tv/3modules/consul.nix
@ -109,9 +109,9 @@ let
    };
  };
-  user = {
+  user = rec {
    name = "consul";
-    uid = 2999951406; # genid consul
+    uid = genid name;
  };
 in
--- a/tv/3modules/ejabberd.nix
+++ b/tv/3modules/ejabberd.nix
@ -53,9 +53,9 @@ let
    };
  };
-  user = {
+  user = rec {
    name = "ejabberd";
-    uid = 3499746127; # genid ejabberd
+    uid = genid name;
  };
  my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" ''