Merge remote-tracking branch 'cd/master'
This commit is contained in:
commit
facb65bd22
11
Makefile
11
Makefile
@ -9,6 +9,7 @@ export STOCKHOLM_VERSION ?= $(shell \
|
|||||||
printf '%s' "$$date.$$version"; \
|
printf '%s' "$$date.$$version"; \
|
||||||
)
|
)
|
||||||
|
|
||||||
|
system ?= $(HOSTNAME)
|
||||||
$(if $(system),,$(error unbound variable: system))
|
$(if $(system),,$(error unbound variable: system))
|
||||||
|
|
||||||
nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix
|
nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix
|
||||||
@ -54,15 +55,17 @@ evaluate = \
|
|||||||
--show-trace \
|
--show-trace \
|
||||||
-I nixos-config=$(nixos-config) \
|
-I nixos-config=$(nixos-config) \
|
||||||
-I stockholm=$(stockholm) \
|
-I stockholm=$(stockholm) \
|
||||||
-E '{ eval, f }: f eval' \
|
-E "let eval = import <stockholm>; in with eval; $(1)"
|
||||||
--arg eval 'import ./.' \
|
|
||||||
--arg f "eval@{ config, ... }: $(1)"
|
|
||||||
|
|
||||||
execute = \
|
execute = \
|
||||||
result=$$($(call evaluate,config.krebs.build.$(1))) && \
|
result=$$($(call evaluate,config.krebs.build.$(1))) && \
|
||||||
script=$$(echo "$$result" | jq -r .) && \
|
script=$$(echo "$$result" | jq -r .) && \
|
||||||
echo "$$script" | PS5=% sh
|
echo "$$script" | PS5=% sh
|
||||||
|
|
||||||
|
ifeq ($(MAKECMDGOALS),)
|
||||||
|
$(error No goals specified)
|
||||||
|
endif
|
||||||
|
|
||||||
# usage: make deploy system=foo [target_host=bar]
|
# usage: make deploy system=foo [target_host=bar]
|
||||||
deploy: ssh ?= ssh
|
deploy: ssh ?= ssh
|
||||||
deploy:
|
deploy:
|
||||||
@ -73,7 +76,7 @@ deploy:
|
|||||||
|
|
||||||
# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
|
# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
|
||||||
eval eval.:;@$(call evaluate,$${expr-eval})
|
eval eval.:;@$(call evaluate,$${expr-eval})
|
||||||
eval.%:;@$(call evaluate,$*)
|
eval.%:;@$(call evaluate,$@)
|
||||||
|
|
||||||
# usage: make install system=foo [target_host=bar]
|
# usage: make install system=foo [target_host=bar]
|
||||||
install: ssh ?= ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
|
install: ssh ?= ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
|
||||||
|
@ -161,7 +161,7 @@ let
|
|||||||
ciko.mail = "wieczorek.stefan@gmail.com";
|
ciko.mail = "wieczorek.stefan@gmail.com";
|
||||||
Mic92.mail = "joerg@higgsboson.tk";
|
Mic92.mail = "joerg@higgsboson.tk";
|
||||||
in {
|
in {
|
||||||
"cfp@eloop.org" = [{ mail = "eloop2016@krebsco.de"; }];
|
"*@eloop.org" = [{ mail = "eloop2016@krebsco.de"; }];
|
||||||
"eloop2016@krebsco.de" = spam-ml ++ [ ciko Mic92 ];
|
"eloop2016@krebsco.de" = spam-ml ++ [ ciko Mic92 ];
|
||||||
"postmaster@krebsco.de" = spam-ml; # RFC 822
|
"postmaster@krebsco.de" = spam-ml; # RFC 822
|
||||||
"lass@krebsco.de" = lass;
|
"lass@krebsco.de" = lass;
|
||||||
|
@ -164,7 +164,7 @@ let
|
|||||||
control = dkim_disable_verify
|
control = dkim_disable_verify
|
||||||
|
|
||||||
accept message = relay not permitted 2
|
accept message = relay not permitted 2
|
||||||
recipients = lsearch;${lsearch.internet-aliases}
|
recipients = lsearch*@;${lsearch.internet-aliases}
|
||||||
|
|
||||||
require message = relay not permitted
|
require message = relay not permitted
|
||||||
domains = +local_domains : +relay_to_domains
|
domains = +local_domains : +relay_to_domains
|
||||||
@ -198,7 +198,7 @@ let
|
|||||||
internet_aliases:
|
internet_aliases:
|
||||||
debug_print = "R: internet_aliases for $local_part@$domain"
|
debug_print = "R: internet_aliases for $local_part@$domain"
|
||||||
driver = redirect
|
driver = redirect
|
||||||
data = ''${lookup{$local_part@$domain}lsearch{${lsearch.internet-aliases}}}
|
data = ''${lookup{$local_part@$domain}lsearch*@{${lsearch.internet-aliases}}}
|
||||||
|
|
||||||
dnslookup:
|
dnslookup:
|
||||||
debug_print = "R: dnslookup for $local_part@$domain"
|
debug_print = "R: dnslookup for $local_part@$domain"
|
||||||
|
@ -37,7 +37,7 @@ in {
|
|||||||
};
|
};
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
environment = {
|
environment = {
|
||||||
etc."exim.conf".text = ''
|
etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" ''
|
||||||
exim_user = ${cfg.user.name}
|
exim_user = ${cfg.user.name}
|
||||||
exim_group = ${cfg.group.name}
|
exim_group = ${cfg.group.name}
|
||||||
exim_path = /var/setuid-wrappers/exim
|
exim_path = /var/setuid-wrappers/exim
|
||||||
|
@ -355,11 +355,11 @@ with config.krebs.lib;
|
|||||||
};
|
};
|
||||||
users = rec {
|
users = rec {
|
||||||
mv = {
|
mv = {
|
||||||
mail = "mv@cd.retiolum";
|
mail = "mv@cd.r";
|
||||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
|
||||||
};
|
};
|
||||||
tv = {
|
tv = {
|
||||||
mail = "tv@nomic.retiolum";
|
mail = "tv@nomic.r";
|
||||||
pgp.pubkeys.default = ''
|
pgp.pubkeys.default = ''
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
@ -56,6 +56,14 @@ rec {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
writeEximConfig = name: text: pkgs.runCommand name {
|
||||||
|
inherit text;
|
||||||
|
passAsFile = [ "text" ];
|
||||||
|
} ''
|
||||||
|
${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null
|
||||||
|
mv "$textPath" $out
|
||||||
|
'';
|
||||||
|
|
||||||
writeNixFromCabal = name: path: pkgs.runCommand name {} ''
|
writeNixFromCabal = name: path: pkgs.runCommand name {} ''
|
||||||
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
|
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
|
||||||
'';
|
'';
|
||||||
|
Loading…
Reference in New Issue
Block a user