Merge remote-tracking branch 'cd/master'

author: makefu <github@syntax-fehler.de> 2015-07-26 18:11:09 +0200
committer: makefu <github@syntax-fehler.de> 2015-07-26 18:11:09 +0200
commit: c355a1d86250aca3f5757082ddd392ef867ca4ee (patch)
tree: a9a596081878d3117e625b9ce164c82339e35812 /2configs
parent: f338d3d4d15ff29b3048b4f89716a8aa1a19f21b (diff)
parent: cea33984057136ea0deac369650e490f420b5445 (diff)
8 files changed, 78 insertions, 32 deletions
diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix
index 14d84c9f..06f83ea9 100644
--- a/2configs/tv/base.nix
+++ b/2configs/tv/base.nix
@@ -10,6 +10,9 @@ in
 
 {
   krebs.enable = true;
+  krebs.search-domain = "retiolum";
+
+  networking.hostName = config.krebs.build.host.name;
 
   imports = [
     {
@@ -24,8 +27,8 @@ in
     {
       users.extraUsers = {
         root = {
-          openssh.authorizedKeys.keys = map readFile [
-            ../../Zpubkeys/tv_wu.ssh.pub
+          openssh.authorizedKeys.keys = [
+            config.krebs.users.tv.pubkey
           ];
         };
         tv = {
@@ -39,15 +42,15 @@ in
             "video"
             "wheel"
           ];
-          openssh.authorizedKeys.keys = map readFile [
-            ../../Zpubkeys/tv_wu.ssh.pub
+          openssh.authorizedKeys.keys = [
+            config.krebs.users.tv.pubkey
           ];
         };
       };
     }
     {
       security.sudo.extraConfig = ''
-        Defaults mailto="tv@wu.retiolum"
+        Defaults mailto="${config.krebs.users.tv.mail}"
       '';
       time.timeZone = "Europe/Berlin";
     }
diff --git a/2configs/tv/charybdis.nix b/2configs/tv/charybdis.nix
index a45c7aeb..d78e162c 100644
--- a/2configs/tv/charybdis.nix
+++ b/2configs/tv/charybdis.nix
@@ -123,7 +123,7 @@ let
     #loadmodule "extensions/ip_cloaking.so";
     
     serverinfo {
-      name = ${toJSON (head config.tv.identity.self.nets.retiolum.aliases)};
+      name = ${toJSON (head config.krebs.build.host.nets.retiolum.aliases)};
       sid = "4z3";
       description = "miep!";
       network_name = "irc.retiolum";
@@ -133,9 +133,9 @@ let
       /* On multi-homed hosts you may need the following. These define
        * the addresses we connect from to other servers. */
       /* for IPv4 */
-      vhost = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs4};
+      vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4};
       /* for IPv6 */
-      vhost6 = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs6};
+      vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6};
       
       /* ssl_private_key: our ssl private key */
       ssl_private_key = "/tmp/ssl.key";
@@ -170,7 +170,7 @@ let
     admin {
       name = "tv";
       description = "peer";
-      email = "tv@wu.retiolum";
+      mail = "${config.krebs.users.tv.mail}";
     };
 
     log {
@@ -240,7 +240,7 @@ let
        */
       # XXX This is stupid because only one host is allowed[?]
       #host = ''${concatMapStringsSep ", " toJSON (
-      #  config.tv.identity.self.nets.retiolum.addrs
+      #  config.krebs.build.host.nets.retiolum.addrs
       #)};
       port = 6667;
       sslport = 6697;
diff --git a/2configs/tv/consul-server.nix b/2configs/tv/consul-server.nix
index 63dabdc2..d10f9ea7 100644
--- a/2configs/tv/consul-server.nix
+++ b/2configs/tv/consul-server.nix
@@ -4,7 +4,7 @@
   tv.consul = rec {
     enable = true;
 
-    inherit (config.tv.identity) self;
+    self = config.krebs.build.host;
     inherit (self) dc;
 
     server = true;
diff --git a/2configs/tv/exim-smarthost.nix b/2configs/tv/exim-smarthost.nix
index a4c47b39..c93189b8 100644
--- a/2configs/tv/exim-smarthost.nix
+++ b/2configs/tv/exim-smarthost.nix
@@ -11,20 +11,21 @@ in
     let
       retiolumHostname = "${config.networking.hostName}.retiolum";
 
-      internet-aliases = [
-        { from = "tomislav@viljetic.de"; to = "tv@wu.retiolum"; }
+      internet-aliases = with config.krebs.users; [
+        { from = "tomislav@viljetic.de"; to = tv.mail; }
 
         # (mindestens) lisp-stammtisch und elli haben die:
-        { from = "tv@viljetic.de"; to = "tv@wu.retiolum"; }
+        { from = "tv@viljetic.de"; to = tv.mail; }
 
-        { from = "tv@destroy.dyn.shackspace.de"; to = "tv@wu.retiolum"; }
+        { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; }
 
-        { from = "mirko@viljetic.de"; to = "mv@cd.retiolum"; }
+        { from = "mirko@viljetic.de"; to = mv.mail; }
 
         # TODO killme (wo wird die benutzt?)
-        { from = "tv@cd.retiolum"; to = "tv@wu.retiolum"; }
+        { from = "tv@cd.retiolum"; to = tv.mail; }
 
-        { from = "postmaster@krebsco.de"; to = "tv@wu.retiolum"; }
+        # TODO lists@smtp.retiolum [consul]
+        { from = "postmaster@krebsco.de"; to = tv.mail; }
       ];
 
       system-aliases = [
diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix
index b7f9983a..2c0cc6b1 100644
--- a/2configs/tv/git.nix
+++ b/2configs/tv/git.nix
@@ -6,7 +6,7 @@ let
   out = {
     krebs.git = {
       enable = true;
-      root-title = "public repositories at ${config.tv.identity.self.name}";
+      root-title = "public repositories at ${config.krebs.build.host.name}";
       root-desc = "keep calm and engage";
       inherit repos rules;
     };
@@ -14,7 +14,7 @@ let
 
   repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) (
     public-repos //
-    optionalAttrs config.tv.identity.self.secure restricted-repos
+    optionalAttrs config.krebs.build.host.secure restricted-repos
   );
 
   rules = concatMap make-rules (attrValues repos);
@@ -55,8 +55,8 @@ let
     public = true;
     hooks = {
       post-receive = git.irc-announce {
-        # TODO make nick = config.tv.identity.self.name the default
-        nick = config.tv.identity.self.name;
+        # TODO make nick = config.krebs.build.host.name the default
+        nick = config.krebs.build.host.name;
         channel = "#retiolum";
         server = "cd.retiolum";
       };
@@ -66,7 +66,6 @@ let
   make-restricted-repo = name: { desc ? null, ... }: {
     inherit name desc;
     public = false;
-    hooks = {}; # TODO default
   };
 
   make-rules =
diff --git a/2configs/tv/identity.nix b/2configs/tv/identity.nix
deleted file mode 100644
index 481ac72a..00000000
--- a/2configs/tv/identity.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ config, ... }:
-
-{
-  tv.identity = {
-    enable = true;
-    search = "retiolum";
-  };
-}
diff --git a/2configs/tv/smartd.nix b/2configs/tv/smartd.nix
index 2e9d955d..9c4d8b2d 100644
--- a/2configs/tv/smartd.nix
+++ b/2configs/tv/smartd.nix
@@ -8,7 +8,7 @@
         device = "DEVICESCAN";
         options = toString [
           "-a"
-          "-m tv@wu.retiolum"
+          "-m ${config.krebs.users.tv.mail}"
           "-s (O/../.././09|S/../.././04|L/../../6/05)"
         ];
       }
diff --git a/2configs/tv/urlwatch.nix b/2configs/tv/urlwatch.nix
new file mode 100644
index 00000000..a69b1519
--- /dev/null
+++ b/2configs/tv/urlwatch.nix
@@ -0,0 +1,51 @@
+{ config, ... }:
+
+{
+  krebs.urlwatch = {
+    enable = true;
+    mailto = config.krebs.users.tv.mail;
+    onCalendar = "*-*-* 05:00:00";
+    urls = [
+      ## nixpkgs maintenance
+
+      # 2014-07-29 when one of the following urls change
+      # then we have to update the package
+
+      # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix
+      https://api.github.com/repos/simple-evcorr/sec/tags
+
+      # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix
+      https://thp.io/2008/urlwatch/
+
+      # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix
+      https://api.github.com/repos/ioerror/tlsdate/tags
+
+      # 2015-02-18
+      # ref ~/src/nixpkgs/pkgs/tools/text/qprint/default.nix
+      http://www.fourmilab.ch/webtools/qprint/
+
+      # 2014-09-24 ref https://github.com/4z3/xintmap
+      http://www.mathstat.dal.ca/~selinger/quipper/
+
+      # 2014-12-12 remove nixopsUnstable when nixops get's bumped to 1.3
+      # ref https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/package-management/nixops/unstable.nix
+      http://nixos.org/releases/nixops/
+
+      ## other
+
+      https://nixos.org/channels/nixos-unstable/git-revision
+
+      ## 2014-10-17
+      ## TODO update ~/src/login/default.nix
+      #http://hackage.haskell.org/package/bcrypt
+      #http://hackage.haskell.org/package/cron
+      #http://hackage.haskell.org/package/hyphenation
+      #http://hackage.haskell.org/package/iso8601-time
+      #http://hackage.haskell.org/package/ixset-typed
+      #http://hackage.haskell.org/package/system-command
+      #http://hackage.haskell.org/package/transformers
+      #http://hackage.haskell.org/package/web-routes-wai
+      #http://hackage.haskell.org/package/web-page
+    ];
+  };
+}
author	makefu <github@syntax-fehler.de>	2015-07-26 18:11:09 +0200
committer	makefu <github@syntax-fehler.de>	2015-07-26 18:11:09 +0200
commit	c355a1d86250aca3f5757082ddd392ef867ca4ee (patch)
tree	a9a596081878d3117e625b9ce164c82339e35812 /2configs
parent	f338d3d4d15ff29b3048b4f89716a8aa1a19f21b (diff)
parent	cea33984057136ea0deac369650e490f420b5445 (diff)