diff options
author | tv <tv@krebsco.de> | 2018-11-10 19:52:37 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-11-10 19:52:37 +0100 |
commit | 5ea1c2fcbb5756ef99d5fade8a7cd9e33b04a0c6 (patch) | |
tree | f6edbd9d1ff68773f413065a1f1c5dd71150be1a | |
parent | 9a801fa642a60a2c46240670b4e3ad66ea77d995 (diff) | |
parent | 05b288604e7e653efb6035b9953aa849e6e6bc19 (diff) |
Merge remote-tracking branch 'prism/master'
107 files changed, 1570 insertions, 2424 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 0a848426c..cf72e0d73 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,7 +10,6 @@ <stockholm/krebs/2configs> <stockholm/krebs/2configs/buildbot-stockholm.nix> - <stockholm/krebs/2configs/gitlab-runner-shackspace.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix> diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 962dbf49c..65972aacc 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,7 +5,7 @@ 6667 6669 ]; - services.charybdis = { + krebs.charybdis = { enable = true; motd = '' hello diff --git a/krebs/3modules/charybdis.nix b/krebs/3modules/charybdis.nix new file mode 100644 index 000000000..f4a7c1313 --- /dev/null +++ b/krebs/3modules/charybdis.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption singleton types; + inherit (pkgs) coreutils charybdis; + cfg = config.krebs.charybdis; + + configFile = pkgs.writeText "charybdis.conf" '' + ${cfg.config} + ''; +in + +{ + + ###### interface + + options = { + + krebs.charybdis = { + + enable = mkEnableOption "Charybdis IRC daemon"; + + config = mkOption { + type = types.string; + description = '' + Charybdis IRC daemon configuration file. + ''; + }; + + statedir = mkOption { + type = types.string; + default = "/var/lib/charybdis"; + description = '' + Location of the state directory of charybdis. + ''; + }; + + user = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon user. + ''; + }; + + group = mkOption { + type = types.string; + default = "ircd"; + description = '' + Charybdis IRC daemon group. + ''; + }; + + motd = mkOption { + type = types.nullOr types.lines; + default = null; + description = '' + Charybdis MOTD text. + + Charybdis will read its MOTD from /etc/charybdis/ircd.motd . + If set, the value of this option will be written to this path. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable (lib.mkMerge [ + { + users.users = singleton { + name = cfg.user; + description = "Charybdis IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups = singleton { + name = cfg.group; + gid = config.ids.gids.ircd; + }; + + systemd.services.charybdis = { + description = "Charybdis IRC daemon"; + wantedBy = [ "multi-user.target" ]; + environment = { + BANDB_DBPATH = "${cfg.statedir}/ban.db"; + }; + serviceConfig = { + ExecStart = "${charybdis}/bin/charybdis -foreground -logfile /dev/stdout -configfile ${configFile}"; + Group = cfg.group; + User = cfg.user; + PermissionsStartOnly = true; # preStart needs to run with root permissions + }; + preStart = '' + ${coreutils}/bin/mkdir -p ${cfg.statedir} + ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.statedir} + ''; + }; + + } + + (mkIf (cfg.motd != null) { + environment.etc."charybdis/ircd.motd".text = cfg.motd; + }) + ]); +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6307649e3..8f2e22acf 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -14,6 +14,7 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix + ./charybdis.nix ./ci.nix ./current.nix ./exim.nix @@ -111,7 +112,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./tv { inherit config; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 6b4dc3f17..9b9f052a5 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -38,7 +38,7 @@ with import <stockholm/lib>; }; nets = rec { internet = { - ip4.addr = "46.4.114.247"; + ip4.addr = "95.216.1.150"; aliases = [ "prism.i" "paste.i" @@ -87,6 +87,46 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; + + archprism = { + cores = 1; + nets = rec { + internet = { + ip4.addr = "46.4.114.247"; + aliases = [ + "archprism.i" + ]; + ssh.port = 45621; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.0.123"; + ip6.addr = "42:0:0:0:0:0:0:123"; + aliases = [ + "archprism.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG + wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n + f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U + 5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H + BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte + s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l + x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP + gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5 + GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI + l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV + L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc + 6j/HwgWTf85Io/tbVMTNtkECAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; |