diff options
author | tv <tv@krebsco.de> | 2020-09-08 22:19:15 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2020-09-08 22:19:15 +0200 |
commit | f3aac671f823063f225096984ff8644190cf9b91 (patch) | |
tree | c33c4e9d8da1ba419541950f110f4b4dfbf8155b /krebs/2configs | |
parent | 6fbbf7e6170f6a1ba42c5dcecd11ca67c6bc5afd (diff) | |
parent | 549598bfd9cf6e94f8bb83ebbcc17400069f1198 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/2configs')
-rw-r--r-- | krebs/2configs/shack/gitlab-runner.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/glados/multi/wasser.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/share.nix | 4 | ||||
-rw-r--r-- | krebs/2configs/wiki.nix | 83 |
4 files changed, 88 insertions, 3 deletions
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index 5f2ca02d9..bd391851a 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -14,6 +14,8 @@ in ## registrationConfigurationFile contains: # CI_SERVER_URL=<CI server URL> # REGISTRATION_TOKEN=<registration secret> + # RUNNER_TAG_LIST=nix,shacklan + # RUNNER_NAME=stockholm-runner-$name registrationConfigFile = <secrets/shackspace-gitlab-ci>; #gracefulTermination = true; }; diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index 0a7ffc41c..6f3dc98ad 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -2,7 +2,7 @@ # switch.crafting_giesskanne_relay let glados = import ../lib; - seconds = 5; + seconds = 10; wasser = "switch.crafting_giesskanne_relay"; in { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index 247b9ee7d..465d6ef69 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -33,6 +33,10 @@ printing = bsd printcap name = /dev/null disable spoolss = yes + + # for legacy systems + client min protocol = NT1 + server min protocol = NT1 ''; }; } diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 2350e711e..e4f05a6e6 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,9 +1,41 @@ -{ config, ... }: +{ config, pkgs, ... }: +with import <stockholm/lib>; +let + setupGit = '' + export PATH=${makeBinPath [ pkgs.git ]} + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + repo='git@localhost:wiki' + cd ${config.krebs.gollum.stateDir} + if ! url=$(git config remote.origin.url); then + git remote add origin "$repo" + elif test "$url" != "$repo"; then + git remote set-url origin "$repo" + fi + ''; + + pushGollum = pkgs.writeDash "push_gollum" '' + ${setupGit} + git fetch origin + git merge --ff-only origin/master + ''; + + pushCgit = pkgs.writeDash "push_cgit" '' + ${setupGit} + git push origin master + ''; + +in { - services.gollum = { + krebs.gollum = { enable = true; + extraConfig = '' + Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| + system('${pushCgit}') + end + ''; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; @@ -16,4 +48,51 @@ ''; }; }; + + krebs.git = { + enable = true; + cgit.settings = { + root-title = "krebs repos"; + }; + rules = with git; [ + { + user = [ + { + name = "gollum"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6"; + } + ] ++ (attrValues config.krebs.users); + repo = [ config.krebs.git.repos.wiki ]; + perm = push ''refs/heads/master'' [ create merge ]; + } + ]; + repos.wiki = { + public = true; + name = "wiki"; + hooks = { + post-receive = '' + ${pkgs.git-hooks.irc-announce { + channel = "#xxx"; + refs = [ + "refs/heads/master" + ]; + nick = config.networking.hostName; + server = "irc.r"; + verbose = true; + }} + /run/wrappers/bin/sudo -S -u gollum ${pushGollum} + ''; + }; + }; + }; + + krebs.secret.files.gollum = { + path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519"; + owner = { name = "gollum"; }; + source-path = "${<secrets/gollum.id_ed25519>}"; + }; + + security.sudo.extraConfig = '' + git ALL=(gollum) NOPASSWD: ${pushGollum} + ''; } |