summaryrefslogtreecommitdiffstats
path: root/2configs/tv
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-07-27 10:09:13 +0200
committerlassulus <lass@aidsballs.de>2015-07-27 10:09:13 +0200
commit54a01c0c74bdd4233962d62c4e6631f7f8b50f77 (patch)
tree705a3f8307b49e52bd95ecac8cd6d6ca828921a4 /2configs/tv
parent6476abd6ac7e000d0759569a1e2754acb2f518ca (diff)
parent3197897292f0fc8f38d30ad6ddc9742be4a7cc1d (diff)
Merge branch 'tv' into master
Diffstat (limited to '2configs/tv')
-rw-r--r--2configs/tv/base.nix15
-rw-r--r--2configs/tv/charybdis.nix10
-rw-r--r--2configs/tv/consul-server.nix5
-rw-r--r--2configs/tv/exim-retiolum.nix4
-rw-r--r--2configs/tv/exim-smarthost.nix15
-rw-r--r--2configs/tv/git-public.nix87
-rw-r--r--2configs/tv/git.nix90
-rw-r--r--2configs/tv/identity.nix160
-rw-r--r--2configs/tv/smartd.nix2
-rw-r--r--2configs/tv/urlwatch.nix51
10 files changed, 169 insertions, 270 deletions
diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix
index 0494ea08e..06f83ea9e 100644
--- a/2configs/tv/base.nix
+++ b/2configs/tv/base.nix
@@ -9,6 +9,11 @@ let
in
{
+ krebs.enable = true;
+ krebs.search-domain = "retiolum";
+
+ networking.hostName = config.krebs.build.host.name;
+
imports = [
{
users.extraUsers =
@@ -22,8 +27,8 @@ in
{
users.extraUsers = {
root = {
- openssh.authorizedKeys.keys = map readFile [
- ../../Zpubkeys/tv_wu.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
];
};
tv = {
@@ -37,15 +42,15 @@ in
"video"
"wheel"
];
- openssh.authorizedKeys.keys = map readFile [
- ../../Zpubkeys/tv_wu.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
];
};
};
}
{
security.sudo.extraConfig = ''
- Defaults mailto="tv@wu.retiolum"
+ Defaults mailto="${config.krebs.users.tv.mail}"
'';
time.timeZone = "Europe/Berlin";
}
diff --git a/2configs/tv/charybdis.nix b/2configs/tv/charybdis.nix
index a45c7aebe..d78e162cb 100644
--- a/2configs/tv/charybdis.nix
+++ b/2configs/tv/charybdis.nix
@@ -123,7 +123,7 @@ let
#loadmodule "extensions/ip_cloaking.so";
serverinfo {
- name = ${toJSON (head config.tv.identity.self.nets.retiolum.aliases)};
+ name = ${toJSON (head config.krebs.build.host.nets.retiolum.aliases)};
sid = "4z3";
description = "miep!";
network_name = "irc.retiolum";
@@ -133,9 +133,9 @@ let
/* On multi-homed hosts you may need the following. These define
* the addresses we connect from to other servers. */
/* for IPv4 */
- vhost = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs4};
+ vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4};
/* for IPv6 */
- vhost6 = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs6};
+ vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6};
/* ssl_private_key: our ssl private key */
ssl_private_key = "/tmp/ssl.key";
@@ -170,7 +170,7 @@ let
admin {
name = "tv";
description = "peer";
- email = "tv@wu.retiolum";
+ mail = "${config.krebs.users.tv.mail}";
};
log {
@@ -240,7 +240,7 @@ let
*/
# XXX This is stupid because only one host is allowed[?]
#host = ''${concatMapStringsSep ", " toJSON (
- # config.tv.identity.self.nets.retiolum.addrs
+ # config.krebs.build.host.nets.retiolum.addrs
#)};
port = 6667;
sslport = 6697;
diff --git a/2configs/tv/consul-server.nix b/2configs/tv/consul-server.nix
index 1c8dcb884..d10f9ea75 100644
--- a/2configs/tv/consul-server.nix
+++ b/2configs/tv/consul-server.nix
@@ -1,16 +1,15 @@
{ config, ... }:
{
- imports = [ ../../3modules/tv/consul.nix ];
tv.consul = rec {
enable = true;
- inherit (config.tv.identity) self;
+ self = config.krebs.build.host;
inherit (self) dc;
server = true;
- hosts = with config.tv.identity.hosts; [
+ hosts = with config.krebs.hosts; [
# TODO get this list automatically from each host where tv.consul.enable is true
cd
mkdir
diff --git a/2configs/tv/exim-retiolum.nix b/2configs/tv/exim-retiolum.nix
index efab5cf32..851a0c625 100644
--- a/2configs/tv/exim-retiolum.nix
+++ b/2configs/tv/exim-retiolum.nix
@@ -4,9 +4,9 @@
services.exim =
# This configuration makes only sense for retiolum-enabled hosts.
# TODO modular configuration
- assert config.tv.retiolum.enable;
+ assert config.krebs.retiolum.enable;
let
- # TODO get the hostname from config.tv.retiolum.
+ # TODO get the hostname from config.krebs.retiolum.
retiolumHostname = "${config.networking.hostName}.retiolum";
in
{ enable = true;
diff --git a/2configs/tv/exim-smarthost.nix b/2configs/tv/exim-smarthost.nix
index a4c47b399..c93189b8a 100644
--- a/2configs/tv/exim-smarthost.nix
+++ b/2configs/tv/exim-smarthost.nix
@@ -11,20 +11,21 @@ in
let
retiolumHostname = "${config.networking.hostName}.retiolum";
- internet-aliases = [
- { from = "tomislav@viljetic.de"; to = "tv@wu.retiolum"; }
+ internet-aliases = with config.krebs.users; [
+ { from = "tomislav@viljetic.de"; to = tv.mail; }
# (mindestens) lisp-stammtisch und elli haben die:
- { from = "tv@viljetic.de"; to = "tv@wu.retiolum"; }
+ { from = "tv@viljetic.de"; to = tv.mail; }
- { from = "tv@destroy.dyn.shackspace.de"; to = "tv@wu.retiolum"; }
+ { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; }
- { from = "mirko@viljetic.de"; to = "mv@cd.retiolum"; }
+ { from = "mirko@viljetic.de"; to = mv.mail; }
# TODO killme (wo wird die benutzt?)
- { from = "tv@cd.retiolum"; to = "tv@wu.retiolum"; }
+ { from = "tv@cd.retiolum"; to = tv.mail; }
- { from = "postmaster@krebsco.de"; to = "tv@wu.retiolum"; }
+ # TODO lists@smtp.retiolum [consul]
+ { from = "postmaster@krebsco.de"; to = tv.mail; }
];
system-aliases = [
diff --git a/2configs/tv/git-public.nix b/2configs/tv/git-public.nix
deleted file mode 100644
index aef83667f..000000000
--- a/2configs/tv/git-public.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
- inherit (builtins) map readFile;
- inherit (lib) concatMap listToAttrs;
- # TODO lib should already include our stuff
- inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git;
-
- public-git-repos = [
- (public "cgserver")
- (public "crude-mail-setup")
- (public "dot-xmonad")
- (public "hack")
- (public "load-env")
- (public "make-snapshot")
- (public "mime")
- (public "much")
- (public "nixos-infest")
- (public "nixpkgs")
- (public "painload")
- (public "quipper")
- (public "regfish")
- (public' {
- name = "shitment";
- desc = "turn all the computers into one computer!";
- })
- (public "wai-middleware-time")
- (public "web-routes-wai-custom")
- (public "xintmap")
- ];
-
- users = addNames {
- tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; };
- lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; };
- uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; };
- makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; };
- };
-
- repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) public-git-repos);
-
- rules = concatMap ({ rules, ... }: rules) public-git-repos;
-
- public' = { name, desc }:
- let
- x = public name;
- in
- x // { repo = x.repo // { inherit desc; }; };
-
- public = repo-name:
- rec {
- repo = {
- name = repo-name;
- hooks = {
- post-receive = git.irc-announce {
- nick = config.networking.hostName; # TODO make this the default
- channel = "#retiolum";
- server = "cd.retiolum";
- };
- };
- public = true;
- };
- rules = with git; with users; [
- { user = tv;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- }
- { user = [ lass makefu uriel ];
- repo = [ repo ];
- perm = fetch;
- }
- ];
- };
-
-in
-
-{
- imports = [
- ../../3modules/tv/git.nix
- ];
- tv.git = {
- enable = true;
- inherit repos rules users;
- root-title = "public repositories at ${config.networking.hostName}";
- root-desc = "keep calm and engage";
- };
-}
diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix
new file mode 100644
index 000000000..2c0cc6b14
--- /dev/null
+++ b/2configs/tv/git.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+
+with import ../../4lib/tv { inherit lib pkgs; };
+let
+
+ out = {
+ krebs.git = {
+ enable = true;
+ root-title = "public repositories at ${config.krebs.build.host.name}";
+ root-desc = "keep calm and engage";
+ inherit repos rules;
+ };
+ };
+
+ repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) (
+ public-repos //
+ optionalAttrs config.krebs.build.host.secure restricted-repos
+ );
+
+ rules = concatMap make-rules (attrValues repos);
+
+ public-repos = mapAttrs make-public-repo {
+ cgserver = {};
+ crude-mail-setup = {};
+ dot-xmonad = {};
+ hack = {};
+ load-env = {};
+ make-snapshot = {};
+ mime = {};
+ much = {};
+ nixos-infest = {};
+ nixpkgs = {};
+ painload = {};
+ quipper = {};
+ regfish = {};
+ stockholm = {
+ desc = "take all the computers hostage, they'll love you!";
+ };
+ wai-middleware-time = {};
+ web-routes-wai-custom = {};
+ xintmap = {};
+ };
+
+ restricted-repos = mapAttrs make-restricted-repo (
+ {
+ brain = {
+ collaborators = with config.krebs.users; [ lass makefu ];
+ };
+ } //
+ import /root/src/secrets/repos.nix { inherit config lib pkgs; }
+ );
+
+ make-public-repo = name: { desc ? null, ... }: {
+ inherit name desc;
+ public = true;
+ hooks = {
+ post-receive = git.irc-announce {
+ # TODO make nick = config.krebs.build.host.name the default
+ nick = config.krebs.build.host.name;
+ channel = "#retiolum";
+ server = "cd.retiolum";
+ };
+ };
+ };
+
+ make-restricted-repo = name: { desc ? null, ... }: {
+ inherit name desc;
+ public = false;
+ };
+
+ make-rules =
+ with git // config.krebs.users;
+ repo:
+ singleton {
+ user = tv;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ } ++
+ optional repo.public {
+ user = [ lass makefu uriel ];
+ repo = [ repo ];
+ perm = fetch;
+ } ++
+ optional (length (repo.collaborators or []) > 0) {
+ user = repo.collaborators;
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+in out
diff --git a/2configs/tv/identity.nix b/2configs/tv/identity.nix
deleted file mode 100644
index 44208c956..000000000
--- a/2configs/tv/identity.nix
+++ /dev/null
@@ -1,160 +0,0 @@
-{ config, ... }:
-
-{
- imports = [ ../../3modules/tv/identity.nix ];
- tv.identity = {
- enable = true;
- search = "retiolum";
- hosts = {
- cd = {
- cores = 2;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["162.219.7.216"];
- aliases = [
- "cd.internet"
- "cd.viljetic.de"
- "cgit.cd.viljetic.de"
- "cd.krebsco.de"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.222"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"];
- aliases = [
- "cd.retiolum"
- "cgit.cd.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
- rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
- e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
- sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
- CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
- PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
- LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
- DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
- ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
- jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
- Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- mkdir = {
- cores = 1;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["162.248.167.241"];
- aliases = [
- "mkdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.223"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"];
- aliases = [
- "mkdir.retiolum"
- "cgit.mkdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+
- dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev
- voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF
- 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ
- Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2
- 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- nomic = {
- cores = 2;
- dc = "tv"; #dc = "gg23";
- nets = rec {
- retiolum = {
- addrs4 = ["10.243.0.110"];
- addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"];
- aliases = [
- "nomic.retiolum"
- "cgit.nomic.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+
- qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw
- Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu
- 5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a
- OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA
- Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- rmdir = {
- cores = 1;
- dc = "tv"; #dc = "cac";
- nets = rec {
- internet = {
- addrs4 = ["167.88.44.94"];
- aliases = [
- "rmdir.internet"
- ];
- };
- retiolum = {
- via = internet;
- addrs4 = ["10.243.113.224"];
- addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"];
- aliases = [
- "rmdir.retiolum"
- "cgit.rmdir.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf
- i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM
- Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz
- hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF
- 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH
- SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- wu = {
- cores = 4;
- # TODO wu is mobile, so dc means "home data center"
- dc = "tv"; #dc = "gg23";
- nets = {
- retiolum = {
- addrs4 = ["10.243.13.37"];
- addrs6 = ["42:0:0:0:0:0:0:1337"];
- aliases = [
- "wu.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn
- M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg
- GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT
- KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4
- 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik
- AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- };
- };
- };
-}
diff --git a/2configs/tv/smartd.nix b/2configs/tv/smartd.nix
index 2e9d955d1..9c4d8b2d8 100644
--- a/2configs/tv/smartd.nix
+++ b/2configs/tv/smartd.nix
@@ -8,7 +8,7 @@
device = "DEVICESCAN";
options = toString [
"-a"
- "-m tv@wu.retiolum"
+ "-m ${config.krebs.users.tv.mail}"
"-s (O/../.././09|S/../.././04|L/../../6/05)"
];
}
diff --git a/2configs/tv/urlwatch.nix b/2configs/tv/urlwatch.nix
new file mode 100644
index 000000000..a69b1519c
--- /dev/null
+++ b/2configs/tv/urlwatch.nix
@@ -0,0 +1,51 @@
+{ config, ... }:
+
+{
+ krebs.urlwatch = {
+ enable = true;
+ mailto = config.krebs.users.tv.mail;
+ onCalendar = "*-*-* 05:00:00";
+ urls = [
+ ## nixpkgs maintenance
+
+ # 2014-07-29 when one of the following urls change
+ # then we have to update the package
+
+ # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
+ https://api.github.com/repos/simple-evcorr/sec/tags
+
+ # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix
+ https://thp.io/2008/urlwatch/
+
+ # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix
+ https://api.github.com/repos/ioerror/tlsdate/tags
+
+ # 2015-02-18
+ # ref ~/src/nixpkgs/pkgs/tools/text/qprint/default.nix
+ http://www.fourmilab.ch/webtools/qprint/
+
+ # 2014-09-24 ref https://github.com/4z3/xintmap
+ http://www.mathstat.dal.ca/~selinger/quipper/
+
+ # 2014-12-12 remove nixopsUnstable when nixops get's bumped to 1.3
+ # ref https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/package-management/nixops/unstable.nix
+ http://nixos.org/releases/nixops/
+
+ ## other
+
+ https://nixos.org/channels/nixos-unstable/git-revision
+
+ ## 2014-10-17
+ ## TODO update ~/src/login/default.nix
+ #http://hackage.haskell.org/package/bcrypt
+ #http://hackage.haskell.org/package/cron
+ #http://hackage.haskell.org/package/hyphenation
+ #http://hackage.haskell.org/package/iso8601-time
+ #http://hackage.haskell.org/package/ixset-typed
+ #http://hackage.haskell.org/package/system-command
+ #http://hackage.haskell.org/package/transformers
+ #http://hackage.haskell.org/package/web-routes-wai
+ #http://hackage.haskell.org/package/web-page
+ ];
+ };
+}