Merge remote-tracking branch 'ni/master'

2017-08-01 13:46:49 +02:00 · 2017-08-01 13:46:49 +02:00 · ef128bdd0f
commit ef128bdd0f
parent b95e15654d e19b506f36
7 changed files with 45 additions and 15 deletions
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -70,6 +70,12 @@ let
      type = types.hostname;
      default = "r";
    };
    sitemap = mkOption {
      default = {};
      type = types.attrsOf types.sitemap.entry;
    };
    zone-head-config  = mkOption {
      type = with types; attrsOf str;
      description = ''
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@ -323,6 +323,7 @@ with import <stockholm/lib>;
          aliases = [
            "xu.r"
            "cgit.xu.r"
            "krebs.xu.r"
          ];
          tinc.pubkey = ''
            -----BEGIN RSA PUBLIC KEY-----
@ -374,6 +375,14 @@ with import <stockholm/lib>;
      ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
    };
  };
  sitemap = {
    "http://cgit.krebsco.de" = {
      desc = "Git repositories";
    };
    "http://krebs.xu.r" = {
      desc = "krebs-pages mirror";
    };
  };
  users = {
    dv = {
      mail = "dv@alnus.r";
--- a/krebs/5pkgs/writers.nix
+++ b/krebs/5pkgs/writers.nix
@ -29,10 +29,11 @@ with import <stockholm/lib>;
    execveBin = name: cfg:
      pkgs.execve name (cfg // { destination = "/bin/${name}"; });
-    makeScriptWriter = interpreter: name: text:
+    makeScriptWriter = { interpreter, check ? null }: name: text:
      assert (with types; either absolute-pathname filename).check name;
      pkgs.writeOut (baseNameOf name) {
        ${optionalString (types.absolute-pathname.check name) name} = {
          inherit check;
          executable = true;
          text = "#! ${interpreter}\n${text}";
        };
@ -69,7 +70,9 @@ with import <stockholm/lib>;
      strip --strip-unneeded "$exe"
    '';
-    writeDash = pkgs.makeScriptWriter "${pkgs.dash}/bin/dash";
+    writeDash = pkgs.makeScriptWriter {
      interpreter = "${pkgs.dash}/bin/dash";
    };
    writeDashBin = name:
      assert types.filename.check name;
@ -305,5 +308,7 @@ with import <stockholm/lib>;
        };
      };
-    writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f";
+    writeSed = pkgs.makeScriptWriter {
      interpreter = "${pkgs.gnused}/bin/sed -f";
    };
  }
--- a/lib/types.nix
+++ b/lib/types.nix
@ -5,7 +5,7 @@ let
    all any concatMapStringsSep concatStringsSep const filter flip
    genid hasSuffix head isInt isString length mergeOneOption mkOption
    mkOptionType optional optionalAttrs optionals range splitString
-    stringLength substring test typeOf;
+    stringLength substring test testString typeOf;
  inherit (lib.types)
    attrsOf bool either enum int listOf nullOr path str string submodule;
 in
@ -357,6 +357,20 @@ rec {
  pgp-pubkey = str;
  sitemap.entry = submodule ({ config, ... }: {
    options = {
      desc = mkOption {
        default = null;
        type = nullOr str;
      };
      href = mkOption {
        ${if testString "https?://.*" config._module.args.name
          then "default" else null} = config._module.args.name;
        type = nullOr str; # TODO nullOr uri?
      };
    };
  });
  ssh-pubkey = str;
  ssh-privkey = submodule {
    options = {
--- a/tv/1systems/xu/config.nix
+++ b/tv/1systems/xu/config.nix
@ -13,6 +13,7 @@ with import <stockholm/lib>;
    <stockholm/tv/2configs/gitrepos.nix>
    <stockholm/tv/2configs/mail-client.nix>
    <stockholm/tv/2configs/man.nix>
    <stockholm/tv/2configs/nginx/krebs-pages.nix>
    <stockholm/tv/2configs/nginx/public_html.nix>
    <stockholm/tv/2configs/pulse.nix>
    <stockholm/tv/2configs/retiolum.nix>
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@ -21,16 +21,6 @@ in {
    ./sshd.nix
    ./vim.nix
    ./xdg.nix
    {
      # stockholm dependencies
      environment.systemPackages = with pkgs; [
        git
        gnumake
        hashPassword
        populate
        whatsupnix
      ];
    }
    {
      users = {
        defaultUserShell = "/run/current-system/sw/bin/bash";
@ -47,7 +37,7 @@ in {
    {
      security.hideProcessInformation = true;
      security.sudo.extraConfig = ''
-        Defaults env_keep+="SSH_CLIENT"
+        Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE"
        Defaults mailto="${config.krebs.users.tv.mail}"
        Defaults !lecture
      '';
@ -142,6 +132,8 @@ in {
    {
      environment.systemPackages = [
        pkgs.get
        pkgs.git
        pkgs.hashPassword
        pkgs.htop
        pkgs.kpaste
        pkgs.krebspaste
--- a/tv/2configs/retiolum.nix
+++ b/tv/2configs/retiolum.nix
@ -10,6 +10,9 @@ with import <stockholm/lib>;
      "ni"
      "prism"
    ];
    extraConfig = ''
      LocalDiscovery = yes
    '';
    tincPackage = pkgs.tinc_pre;
  };
  tv.iptables.input-internet-accept-tcp = singleton "tinc";