Merge remote-tracking branch 'cd/master'
This commit is contained in:
commit
ed4db71add
@ -1,19 +1,8 @@
|
||||
{ config, pkgs,lib, ... }:
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
|
||||
inherit (lib)
|
||||
mkIf
|
||||
mkOption
|
||||
types
|
||||
singleton
|
||||
isString
|
||||
optionalString
|
||||
concatStrings
|
||||
escapeShellArg
|
||||
;
|
||||
|
||||
ReaktorConfig = pkgs.writeText "config.py" ''
|
||||
${if (isString cfg.overrideConfig ) then ''
|
||||
# Overriden Config
|
||||
@ -94,10 +83,9 @@ let
|
||||
|
||||
imp = {
|
||||
# for reaktor get-config
|
||||
users.extraUsers = singleton {
|
||||
users.extraUsers = singleton rec {
|
||||
name = "Reaktor";
|
||||
# uid = config.ids.uids.Reaktor;
|
||||
uid = 2066439104; #genid Reaktor
|
||||
uid = genid name;
|
||||
description = "Reaktor user";
|
||||
home = cfg.workdir;
|
||||
createHome = true;
|
||||
|
@ -119,16 +119,14 @@ let
|
||||
imp = {
|
||||
|
||||
users.extraUsers.acng = {
|
||||
# uid = config.ids.uids.acng;
|
||||
uid = 897955083; #genid Reaktor
|
||||
uid = genid "acng";
|
||||
description = "apt-cacher-ng";
|
||||
home = acng-home;
|
||||
createHome = false;
|
||||
};
|
||||
|
||||
users.extraGroups.acng = {
|
||||
gid = 897955083; #genid Reaktor
|
||||
# gid = config.ids.gids.Reaktor;
|
||||
gid = genid "acng";
|
||||
};
|
||||
|
||||
systemd.services.apt-cacher-ng = {
|
||||
|
@ -130,12 +130,12 @@ let
|
||||
) cfg.servers;
|
||||
|
||||
users.extraUsers.bepasty = {
|
||||
uid = 2796546855; #genid bepasty
|
||||
uid = genid "bepasty";
|
||||
group = "bepasty";
|
||||
home = "/var/lib/bepasty-server";
|
||||
};
|
||||
users.extraGroups.bepasty = {
|
||||
gid = 2796546855; #genid bepasty
|
||||
gid = genid "bepasty";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -127,7 +127,7 @@ let
|
||||
imp = {
|
||||
|
||||
users.extraUsers.buildbotSlave = {
|
||||
uid = 1408105834; #genid buildbotMaster
|
||||
uid = genid "buildbotSlave";
|
||||
description = "Buildbot Slave";
|
||||
home = cfg.workDir;
|
||||
createHome = false;
|
||||
|
@ -51,7 +51,7 @@ let
|
||||
imp = {
|
||||
users.users.fetchWallpaper = {
|
||||
name = "fetchWallpaper";
|
||||
uid = 3332383611; #genid fetchWallpaper
|
||||
uid = genid "fetchWallpaper";
|
||||
description = "fetchWallpaper user";
|
||||
home = cfg.stateDir;
|
||||
createHome = true;
|
||||
|
@ -145,14 +145,14 @@ let
|
||||
]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
|
||||
};
|
||||
|
||||
users.extraUsers = singleton {
|
||||
users.extraUsers = singleton rec {
|
||||
description = "Git repository hosting user";
|
||||
name = "git";
|
||||
shell = "/bin/sh";
|
||||
openssh.authorizedKeys.keys =
|
||||
mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
|
||||
config.krebs.users;
|
||||
uid = 129318403; # genid git
|
||||
uid = genid name;
|
||||
};
|
||||
};
|
||||
|
||||
@ -238,9 +238,9 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
fcgitwrap-user = {
|
||||
fcgitwrap-user = rec {
|
||||
name = "fcgiwrap";
|
||||
uid = 2867890860; # genid fcgiwrap
|
||||
uid = genid name;
|
||||
group = "fcgiwrap";
|
||||
};
|
||||
|
||||
|
@ -56,9 +56,9 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
user = rec {
|
||||
name = "github-hosts-sync";
|
||||
uid = 3220554646; # genid github-hosts-sync
|
||||
uid = genid name;
|
||||
};
|
||||
|
||||
# TODO move to lib?
|
||||
|
@ -1,6 +1,5 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
|
||||
let
|
||||
@ -31,9 +30,9 @@ let
|
||||
bind = mkDefault "127.0.0.1";
|
||||
};
|
||||
|
||||
users.extraUsers.go = {
|
||||
users.extraUsers.go = rec {
|
||||
name = "go";
|
||||
uid = 42774411; #genid go
|
||||
uid = genid name;
|
||||
description = "go url shortener user";
|
||||
home = "/var/lib/go";
|
||||
createHome = true;
|
||||
|
@ -1,13 +1,7 @@
|
||||
arg@{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
inherit (lib)
|
||||
mkEnableOption
|
||||
mkOption
|
||||
types
|
||||
mkIf
|
||||
;
|
||||
|
||||
cfg = config.krebs.realwallpaper;
|
||||
|
||||
out = {
|
||||
@ -89,7 +83,7 @@ let
|
||||
};
|
||||
|
||||
users.extraUsers.realwallpaper = {
|
||||
uid = 2009435407; #genid realwallpaper
|
||||
uid = genid "realwallpaper";
|
||||
home = cfg.workingDir;
|
||||
createHome = true;
|
||||
};
|
||||
|
@ -133,9 +133,9 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
user = rec {
|
||||
name = "retiolum";
|
||||
uid = 301281149; # genid retiolum
|
||||
uid = genid name;
|
||||
};
|
||||
|
||||
tinc = cfg.tincPackage;
|
||||
|
@ -120,7 +120,7 @@ let
|
||||
};
|
||||
|
||||
users.extraUsers.tinc_graphs = {
|
||||
uid = 3925439960; #genid tinc_graphs
|
||||
uid = genid "tinc_graphs";
|
||||
home = "/var/spool/tinc_graphs";
|
||||
};
|
||||
|
||||
|
@ -5,7 +5,6 @@
|
||||
# cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
|
||||
# TODO hooks.py
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
let
|
||||
cfg = config.krebs.urlwatch;
|
||||
@ -136,9 +135,9 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
user = rec {
|
||||
name = "urlwatch";
|
||||
uid = 3467631196; # genid urlwatch
|
||||
uid = genid name;
|
||||
};
|
||||
in
|
||||
out
|
||||
|
@ -7,6 +7,8 @@ let out = rec {
|
||||
|
||||
eq = x: y: x == y;
|
||||
|
||||
mod = x: y: x - y * (x / y);
|
||||
|
||||
addName = name: set:
|
||||
set // { inherit name; };
|
||||
|
||||
@ -17,6 +19,7 @@ let out = rec {
|
||||
dir.has-default-nix = path: pathExists (path + "/default.nix");
|
||||
|
||||
dns = import ./dns.nix { inherit lib; };
|
||||
genid = import ./genid.nix { lib = lib // out; };
|
||||
git = import ./git.nix { lib = lib // out; };
|
||||
listset = import ./listset.nix { inherit lib; };
|
||||
shell = import ./shell.nix { inherit lib; };
|
||||
|
37
krebs/4lib/genid.nix
Normal file
37
krebs/4lib/genid.nix
Normal file
@ -0,0 +1,37 @@
|
||||
{ lib, ... }:
|
||||
with lib;
|
||||
with builtins;
|
||||
let out = genid;
|
||||
|
||||
# id = genid s = (hash s + min) % max
|
||||
# min <= genid s < max
|
||||
#
|
||||
# min = 2^24 = 16777216 = 0x001000000
|
||||
# max = 2^32 = 4294967296 = 0x100000000
|
||||
#
|
||||
# id is bigger than UID of nobody and GID of nogroup
|
||||
# see <nixos/modules/misc/ids.nix> and some spare for stuff like lxd.
|
||||
#
|
||||
# :: str -> uint32
|
||||
genid = s: sum16 (addmod16_16777216 (hash s));
|
||||
|
||||
# :: str -> list8 uint4
|
||||
hash = s:
|
||||
map hexint (stringToCharacters (substring 32 8 (hashString "sha1" s)));
|
||||
|
||||
# :: list uint -> uint
|
||||
sum16 = foldl (a: i: a * 16 + i) 0;
|
||||
|
||||
# :: list8 uint4 -> list1 uint8 ++ list6 uint4
|
||||
addmod16_16777216 = x: let
|
||||
a = 16 * head x + head (tail x);
|
||||
d = tail (tail x);
|
||||
in [(mod (a + 1) 256)] ++ d;
|
||||
|
||||
# :: char -> uint4
|
||||
hexint = x: hexvals.${toLower x};
|
||||
|
||||
# :: attrset char uint4
|
||||
hexvals = listToAttrs (imap (i: c: { name = c; value = i - 1; })
|
||||
(stringToCharacters "0123456789abcdef"));
|
||||
in out
|
@ -1,22 +0,0 @@
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
pkgs.writeScriptBin "genid" ''
|
||||
#! /bin/sh
|
||||
# usage: genid NAME
|
||||
set -euf
|
||||
|
||||
export PATH=${lib.makeSearchPath "bin" (with pkgs; [
|
||||
bc
|
||||
coreutils
|
||||
])}
|
||||
|
||||
name=$1
|
||||
hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F)
|
||||
echo "
|
||||
min=2^24 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix>
|
||||
# and some spare for stuff like lxd.
|
||||
max=2^32 # see 2^(8*sizeof(uid_t))
|
||||
ibase=16
|
||||
($hash + min) % max
|
||||
" | bc
|
||||
''
|
@ -184,7 +184,6 @@
|
||||
cac
|
||||
sshpass
|
||||
get
|
||||
genid
|
||||
teamspeak_client
|
||||
hashPassword
|
||||
];
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
@ -8,7 +8,7 @@ in {
|
||||
|
||||
users.extraUsers = {
|
||||
libvirt = {
|
||||
uid = 358821352; # genid libvirt
|
||||
uid = lib.genid "libvirt";
|
||||
description = "user for running libvirt stuff";
|
||||
home = "/home/libvirt";
|
||||
useDefaultShell = true;
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
mainUser = config.users.extraUsers.mainUser;
|
||||
@ -7,7 +7,7 @@ in {
|
||||
users.extraUsers = {
|
||||
skype = {
|
||||
name = "skype";
|
||||
uid = 2259819492; #genid skype
|
||||
uid = lib.genid "skype";
|
||||
description = "user for running skype";
|
||||
home = "/home/skype";
|
||||
useDefaultShell = true;
|
||||
|
@ -8,7 +8,7 @@
|
||||
|
||||
users.extraUsers.chat = {
|
||||
home = "/home/chat";
|
||||
uid = 986764891; # genid chat
|
||||
uid = lib.genid "chat";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -51,7 +51,7 @@ let
|
||||
imp = {
|
||||
users.extraUsers.newsbot-js = {
|
||||
name = "newsbot-js";
|
||||
uid = 1616759810; #genid newsbot-js
|
||||
uid = genid "newsbot-js";
|
||||
description = "newsbot-js user";
|
||||
home = "/var/empty";
|
||||
};
|
||||
|
@ -207,7 +207,7 @@ let
|
||||
# };
|
||||
#});
|
||||
users.users.nobody_oc = {
|
||||
uid = 1651469147; # genid nobody_oc
|
||||
uid = genid "nobody_oc";
|
||||
useDefaultShell = true;
|
||||
};
|
||||
};
|
||||
|
@ -229,7 +229,7 @@ let
|
||||
};
|
||||
});
|
||||
users.users.nobody2 = mkDefault {
|
||||
uid = mkDefault 125816384; # genid nobody2
|
||||
uid = mkDefault (genid "nobody2");
|
||||
useDefaultShell = mkDefault true;
|
||||
};
|
||||
};
|
||||
|
@ -59,7 +59,6 @@ in {
|
||||
buildbot
|
||||
buildbot-slave
|
||||
get
|
||||
genid
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
|
@ -16,7 +16,6 @@ with lib;
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
# stockholm
|
||||
genid
|
||||
gnumake
|
||||
hashPassword
|
||||
lentil
|
||||
|
@ -19,7 +19,6 @@ with lib;
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
# stockholm
|
||||
genid
|
||||
gnumake
|
||||
hashPassword
|
||||
lentil
|
||||
|
@ -72,9 +72,9 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
user = rec {
|
||||
name = "charybdis";
|
||||
uid = 3748224544; # genid charybdis
|
||||
uid = genid name;
|
||||
};
|
||||
|
||||
configFile = toFile "charybdis-ircd.conf" ''
|
||||
|
@ -69,12 +69,10 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
users = let
|
||||
id = 3768151709; # genid pulse
|
||||
in {
|
||||
groups.pulse.gid = id;
|
||||
users = {
|
||||
groups.pulse.gid = config.users.users.pulse.uid;
|
||||
users.pulse = {
|
||||
uid = id;
|
||||
uid = genid "pulse";
|
||||
group = "pulse";
|
||||
extraGroups = [ "audio" ];
|
||||
home = "${runDir}/home";
|
||||
|
@ -109,9 +109,9 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
user = rec {
|
||||
name = "consul";
|
||||
uid = 2999951406; # genid consul
|
||||
uid = genid name;
|
||||
};
|
||||
|
||||
in
|
||||
|
@ -53,9 +53,9 @@ let
|
||||
};
|
||||
};
|
||||
|
||||
user = {
|
||||
user = rec {
|
||||
name = "ejabberd";
|
||||
uid = 3499746127; # genid ejabberd
|
||||
uid = genid name;
|
||||
};
|
||||
|
||||
my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" ''
|
||||
|
Loading…
Reference in New Issue
Block a user