summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2020-09-08 22:19:15 +0200
committertv <tv@krebsco.de>2020-09-08 22:19:15 +0200
commitf3aac671f823063f225096984ff8644190cf9b91 (patch)
treec33c4e9d8da1ba419541950f110f4b4dfbf8155b /krebs/2configs
parent6fbbf7e6170f6a1ba42c5dcecd11ca67c6bc5afd (diff)
parent549598bfd9cf6e94f8bb83ebbcc17400069f1198 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/shack/gitlab-runner.nix2
-rw-r--r--krebs/2configs/shack/glados/multi/wasser.nix2
-rw-r--r--krebs/2configs/shack/share.nix4
-rw-r--r--krebs/2configs/wiki.nix83
4 files changed, 88 insertions, 3 deletions
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
index 5f2ca02d9..bd391851a 100644
--- a/krebs/2configs/shack/gitlab-runner.nix
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -14,6 +14,8 @@ in
## registrationConfigurationFile contains:
# CI_SERVER_URL=<CI server URL>
# REGISTRATION_TOKEN=<registration secret>
+ # RUNNER_TAG_LIST=nix,shacklan
+ # RUNNER_NAME=stockholm-runner-$name
registrationConfigFile = <secrets/shackspace-gitlab-ci>;
#gracefulTermination = true;
};
diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix
index 0a7ffc41c..6f3dc98ad 100644
--- a/krebs/2configs/shack/glados/multi/wasser.nix
+++ b/krebs/2configs/shack/glados/multi/wasser.nix
@@ -2,7 +2,7 @@
# switch.crafting_giesskanne_relay
let
glados = import ../lib;
- seconds = 5;
+ seconds = 10;
wasser = "switch.crafting_giesskanne_relay";
in
{
diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix
index 247b9ee7d..465d6ef69 100644
--- a/krebs/2configs/shack/share.nix
+++ b/krebs/2configs/shack/share.nix
@@ -33,6 +33,10 @@
printing = bsd
printcap name = /dev/null
disable spoolss = yes
+
+ # for legacy systems
+ client min protocol = NT1
+ server min protocol = NT1
'';
};
}
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix
index 2350e711e..e4f05a6e6 100644
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@@ -1,9 +1,41 @@
-{ config, ... }:
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+let
+ setupGit = ''
+ export PATH=${makeBinPath [ pkgs.git ]}
+ export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519'
+ repo='git@localhost:wiki'
+ cd ${config.krebs.gollum.stateDir}
+ if ! url=$(git config remote.origin.url); then
+ git remote add origin "$repo"
+ elif test "$url" != "$repo"; then
+ git remote set-url origin "$repo"
+ fi
+ '';
+
+ pushGollum = pkgs.writeDash "push_gollum" ''
+ ${setupGit}
+ git fetch origin
+ git merge --ff-only origin/master
+ '';
+
+ pushCgit = pkgs.writeDash "push_cgit" ''
+ ${setupGit}
+ git push origin master
+ '';
+
+in
{
- services.gollum = {
+ krebs.gollum = {
enable = true;
+ extraConfig = ''
+ Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
+ system('${pushCgit}')
+ end
+ '';
};
+
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
@@ -16,4 +48,51 @@
'';
};
};
+
+ krebs.git = {
+ enable = true;
+ cgit.settings = {
+ root-title = "krebs repos";
+ };
+ rules = with git; [
+ {
+ user = [
+ {
+ name = "gollum";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6";
+ }
+ ] ++ (attrValues config.krebs.users);
+ repo = [ config.krebs.git.repos.wiki ];
+ perm = push ''refs/heads/master'' [ create merge ];
+ }
+ ];
+ repos.wiki = {
+ public = true;
+ name = "wiki";
+ hooks = {
+ post-receive = ''
+ ${pkgs.git-hooks.irc-announce {
+ channel = "#xxx";
+ refs = [
+ "refs/heads/master"
+ ];
+ nick = config.networking.hostName;
+ server = "irc.r";
+ verbose = true;
+ }}
+ /run/wrappers/bin/sudo -S -u gollum ${pushGollum}
+ '';
+ };
+ };
+ };
+
+ krebs.secret.files.gollum = {
+ path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519";
+ owner = { name = "gollum"; };
+ source-path = "${<secrets/gollum.id_ed25519>}";
+ };
+
+ security.sudo.extraConfig = ''
+ git ALL=(gollum) NOPASSWD: ${pushGollum}
+ '';
}