diff options
author | lassulus <lass@aidsballs.de> | 2015-12-26 10:44:54 +0100 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2015-12-26 10:44:54 +0100 |
commit | 6733fa66b46f0d00b7016a92f4ef093ccb7b7a2b (patch) | |
tree | 13bca60f67491263bf027b2b1f09cf5b14b1c9c0 | |
parent | f55b44eb7cffbe0934785afd3a36001ba0713ad1 (diff) | |
parent | 763f0db52ad45eef6e09d7982cd0f6cd898857e3 (diff) |
Merge remote-tracking branch 'cd/master'
29 files changed, 82 insertions, 92 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index 1ec49b81e..0fca52203 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -1,19 +1,8 @@ -{ config, pkgs,lib, ... }: - +{ config, lib, pkgs, ... }: +with lib; let - inherit (lib) - mkIf - mkOption - types - singleton - isString - optionalString - concatStrings - escapeShellArg - ; - ReaktorConfig = pkgs.writeText "config.py" '' ${if (isString cfg.overrideConfig ) then '' # Overriden Config @@ -86,10 +75,9 @@ let imp = { # for reaktor get-config - users.extraUsers = singleton { + users.extraUsers = singleton rec { name = "Reaktor"; - # uid = config.ids.uids.Reaktor; - uid = 2066439104; #genid Reaktor + uid = genid name; description = "Reaktor user"; home = "/var/lib/Reaktor"; createHome = true; diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index 75296bafb..371d39b6f 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -119,16 +119,14 @@ let imp = { users.extraUsers.acng = { - # uid = config.ids.uids.acng; - uid = 897955083; #genid Reaktor + uid = genid "acng"; description = "apt-cacher-ng"; home = acng-home; createHome = false; }; users.extraGroups.acng = { - gid = 897955083; #genid Reaktor - # gid = config.ids.gids.Reaktor; + gid = genid "acng"; }; systemd.services.apt-cacher-ng = { diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index c99c3d11a..e74841205 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -130,12 +130,12 @@ let ) cfg.servers; users.extraUsers.bepasty = { - uid = 2796546855; #genid bepasty + uid = genid "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; }; users.extraGroups.bepasty = { - gid = 2796546855; #genid bepasty + gid = genid "bepasty"; }; }; diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 8711a287a..0e7796d8a 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -127,7 +127,7 @@ let imp = { users.extraUsers.buildbotSlave = { - uid = 1408105834; #genid buildbotMaster + uid = genid "buildbotSlave"; description = "Buildbot Slave"; home = cfg.workDir; createHome = false; diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 83ecf4177..f320c7505 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -51,7 +51,7 @@ let imp = { users.users.fetchWallpaper = { name = "fetchWallpaper"; - uid = 3332383611; #genid fetchWallpaper + uid = genid "fetchWallpaper"; description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 234129497..e6267d7e6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -145,14 +145,14 @@ let ]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules)); }; - users.extraUsers = singleton { + users.extraUsers = singleton rec { description = "Git repository hosting user"; name = "git"; shell = "/bin/sh"; openssh.authorizedKeys.keys = mapAttrsToList (_: makeAuthorizedKey git-ssh-command) config.krebs.users; - uid = 129318403; # genid git + uid = genid name; }; }; @@ -238,9 +238,9 @@ let }; }; - fcgitwrap-user = { + fcgitwrap-user = rec { name = "fcgiwrap"; - uid = 2867890860; # genid fcgiwrap + uid = genid name; group = "fcgiwrap"; }; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 5503ee8d6..2aa18d53a 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -56,9 +56,9 @@ let }; }; - user = { + user = rec { name = "github-hosts-sync"; - uid = 3220554646; # genid github-hosts-sync + uid = genid name; }; # TODO move to lib? diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 793d1f60d..08a93dab7 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: -with builtins; with lib; let @@ -31,9 +30,9 @@ let bind = mkDefault "127.0.0.1"; }; - users.extraUsers.go = { + users.extraUsers.go = rec { name = "go"; - uid = 42774411; #genid go + uid = genid name; description = "go url shortener user"; home = "/var/lib/go"; createHome = true; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 7e02538f5..b377368f7 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -1,13 +1,7 @@ arg@{ config, lib, pkgs, ... }: +with lib; let - inherit (lib) - mkEnableOption - mkOption - types - mkIf - ; - cfg = config.krebs.realwallpaper; out = { @@ -89,7 +83,7 @@ let }; users.extraUsers.realwallpaper = { - uid = 2009435407; #genid realwallpaper + uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; }; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 28ac67306..e0e2692a8 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -133,9 +133,9 @@ let }; }; - user = { + user = rec { name = "retiolum"; - uid = 301281149; # genid retiolum + uid = genid name; }; tinc = cfg.tincPackage; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index ba81dd416..1f32c2e59 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -120,7 +120,7 @@ let }; users.extraUsers.tinc_graphs = { - uid = 3925439960; #genid tinc_graphs + uid = genid "tinc_graphs"; home = "/var/spool/tinc_graphs"; }; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 206bc5697..31cbfcf6e 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -5,7 +5,6 @@ # cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}" # TODO hooks.py -with builtins; with lib; let cfg = config.krebs.urlwatch; @@ -136,9 +135,9 @@ let }; }; - user = { + user = rec { name = "urlwatch"; - uid = 3467631196; # genid urlwatch + uid = genid name; }; in out diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 1cabeae27..dfc51bbe4 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -7,6 +7,8 @@ let out = rec { eq = x: y: x == y; + mod = x: y: x - y * (x / y); + addName = name: set: set // { inherit name; }; @@ -17,6 +19,7 @@ let out = rec { dir.has-default-nix = path: pathExists (path + "/default.nix"); dns = import ./dns.nix { inherit lib; }; + genid = import ./genid.nix { lib = lib // out; }; git = import ./git.nix { lib = lib // out; }; listset = import ./listset.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; diff --git a/krebs/4lib/genid.nix b/krebs/4lib/genid.nix new file mode 100644 index 000000000..0aed1d351 --- /dev/null +++ b/krebs/4lib/genid.nix @@ -0,0 +1,37 @@ +{ lib, ... }: +with lib; +with builtins; +let out = genid; + + # id = genid s = (hash s + min) % max + # min <= genid s < max + # + # min = 2^24 = 16777216 = 0x001000000 + # max = 2^32 = 4294967296 = 0x100000000 + # + # id is bigger than UID of nobody and GID of nogroup + # see <nixos/modules/misc/ids.nix> and some spare for stuff like lxd. + # + # :: str -> uint32 + genid = s: sum16 (addmod16_16777216 (hash s)); + + # :: str -> list8 uint4 + hash = s: + map hexint (stringToCharacters (substring 32 8 (hashString "sha1" s))); + + # :: list uint -> uint + sum16 = foldl (a: i: a * 16 + i) 0; + + # :: list8 uint4 -> list1 uint8 ++ list6 uint4 + addmod16_16777216 = x: let + a = 16 * head x + head (tail x); + d = tail (tail x); + in [(mod (a + 1) 256)] ++ d; + + # :: char -> uint4 + hexint = x: hexvals.${toLower x}; + + # :: attrset char uint4 + hexvals = listToAttrs (imap (i: c: { name = c; value = i - 1; }) + (stringToCharacters "0123456789abcdef")); +in out diff --git a/krebs/5pkgs/genid/default.nix b/krebs/5pkgs/genid/default.nix deleted file mode 100644 index c75bec317..000000000 --- a/krebs/5pkgs/genid/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib, pkgs, ... }: - -pkgs.writeScriptBin "genid" '' - #! /bin/sh - # usage: genid NAME - set -euf - - export PATH=${lib.makeSearchPath "bin" (with pkgs; [ - bc - coreutils - ])} - - name=$1 - hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F) - echo " - min=2^24 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix> - # and some spare for stuff like lxd. - max=2^32 # see 2^(8*sizeof(uid_t)) - ibase=16 - ($hash + min) % max - " | bc -'' diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 9b2200c58..61f57f1f9 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -210,7 +210,6 @@ cac sshpass get - genid teamspeak_client hashPassword ]; diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index 368722e77..7520a0e36 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let mainUser = config.users.extraUsers.mainUser; @@ -8,7 +8,7 @@ in { users.extraUsers = { libvirt = { - uid = 358821352; # genid libvirt + uid = lib.genid "libvirt"; description = "user for running libvirt stuff"; home = "/home/libvirt"; useDefaultShell = true; diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix index 6a226441b..d62a18a52 100644 --- a/lass/2configs/skype.nix +++ b/lass/2configs/skype.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let mainUser = config.users.extraUsers.mainUser; @@ -7,7 +7,7 @@ in { users.extraUsers = { skype = { name = "skype"; - uid = 2259819492; #genid skype + uid = lib.genid "skype"; description = "user for running skype"; home = "/home/skype"; useDefaultShell = true; diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 18007ed61..6a257f0bb 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -8,7 +8,7 @@ users.extraUsers.chat = { home = "/home/chat"; - uid = 986764891; # genid chat + uid = lib.genid "chat"; useDefaultShell = true; createHome = true; openssh.authorizedKeys.keys = [ diff --git a/lass/3modules/newsbot-js.nix b/lass/3modules/newsbot-js.nix index 6d87d256d..5e340b26f 100644 --- a/lass/3modules/newsbot-js.nix +++ b/lass/3modules/newsbot-js.nix @@ -51,7 +51,7 @@ let imp = { users.extraUsers.newsbot-js = { name = "newsbot-js"; - uid = 1616759810; #genid newsbot-js + uid = genid "newsbot-js"; description = "newsbot-js user"; home = "/var/empty"; }; diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix index a0db87b0b..0cb11846c 100644 --- a/lass/3modules/owncloud_nginx.nix +++ b/lass/3modules/owncloud_nginx.nix @@ -207,7 +207,7 @@ let # }; #}); users.users.nobody_oc = { - uid = 1651469147; # genid nobody_oc + uid = genid "nobody_oc"; useDefaultShell = true; }; }; diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix index 2f31f6e02..974aacd83 100644 --- a/lass/3modules/wordpress_nginx.nix +++ b/lass/3modules/wordpress_nginx.nix @@ -229,7 +229,7 @@ let }; }); users.users.nobody2 = mkDefault { - uid = mkDefault 125816384; # genid nobody2 + uid = mkDefault (genid "nobody2"); useDefaultShell = mkDefault true; }; }; diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index a24cefd0d..b8c02cb67 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -59,7 +59,6 @@ in { buildbot buildbot-slave get - genid ]; networking.firewall.allowedTCPPorts = [ diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index a768e781b..54ceb7783 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -16,7 +16,6 @@ with lib; environment.systemPackages = with pkgs; [ # stockholm - genid gnumake hashPassword lentil diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index eac36fafb..1f3e010a4 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -19,7 +19,6 @@ with lib; environment.systemPackages = with pkgs; [ # stockholm - genid gnumake hashPassword lentil diff --git a/tv/2configs/charybdis.nix b/tv/2configs/charybdis.nix index 80c6f7c4a..f9ab3da68 100644 --- a/tv/2configs/charybdis.nix +++ b/tv/2configs/charybdis.nix @@ -72,9 +72,9 @@ let }; }; - user = { + user = rec { name = "charybdis"; - uid = 3748224544; # genid charybdis + uid = genid name; }; configFile = toFile "charybdis-ircd.conf" '' diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 0ddc52789..3db3532d5 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -69,12 +69,10 @@ in }; }; - users = let - id = 3768151709; # genid pulse - in { - groups.pulse.gid = id; + users = { + groups.pulse.gid = config.users.users.pulse.uid; users.pulse = { - uid = id; + uid = genid "pulse"; group = "pulse"; extraGroups = [ "audio" ]; home = "${runDir}/home"; diff --git a/tv/3modules/consul.nix b/tv/3modules/consul.nix index ccdee07f5..5c955fdb5 100644 --- a/tv/3modules/consul.nix +++ b/tv/3modules/consul.nix @@ -109,9 +109,9 @@ let }; }; - user = { + user = rec { name = "consul"; - uid = 2999951406; # genid consul + uid = genid name; }; in diff --git a/tv/3modules/ejabberd.nix b/tv/3modules/ejabberd.nix index 6b231fb56..581e10074 100644 --- a/tv/3modules/ejabberd.nix +++ b/tv/3modules/ejabberd.nix @@ -53,9 +53,9 @@ let }; }; - user = { + user = rec { name = "ejabberd"; - uid = 3499746127; # genid ejabberd + uid = genid name; }; my-ejabberdctl = pkgs.writeScriptBin "ejabberdctl" '' |