diff options
| author | makefu <github@syntax-fehler.de> | 2015-07-29 14:56:06 +0200 | 
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2015-07-29 14:56:06 +0200 | 
| commit | 0bf2b871dda30231443324588ab8142e125e9774 (patch) | |
| tree | 0646d45eab135eb2c7d8665c31d7ac135e29afff /krebs/3modules/github-hosts-sync.nix | |
| parent | 671710c573980d859cb82993cd0514058a63262f (diff) | |
| parent | 1bf670270c1e87900a908f7e9b949b5502158f4f (diff) | |
merge cloudkrebs, fix path to krebs/4lib
Diffstat (limited to 'krebs/3modules/github-hosts-sync.nix')
| -rw-r--r-- | krebs/3modules/github-hosts-sync.nix | 83 | 
1 files changed, 83 insertions, 0 deletions
| diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix new file mode 100644 index 000000000..0274b9d15 --- /dev/null +++ b/krebs/3modules/github-hosts-sync.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; +let +  cfg = config.krebs.github-hosts-sync; + +  out = { +    options.krebs.github-hosts-sync = api; +    config = mkIf cfg.enable imp; +  }; + +  api = { +    enable = mkEnableOption "krebs.github-hosts-sync"; +    port = mkOption { +      type = types.int; # TODO port type +      default = 1028; +    }; +    dataDir = mkOption { +      type = types.str; # TODO path (but not just into store) +      default = "/var/lib/github-hosts-sync"; +    }; +    ssh-identity-file = mkOption { +      type = types.str; # TODO must be named *.ssh.{id_rsa,id_ed25519} +      default = "/root/src/secrets/github-hosts-sync.ssh.id_rsa"; +    }; +  }; + +  imp = { +    systemd.services.github-hosts-sync = { +      after = [ "network.target" ]; +      wantedBy = [ "multi-user.target" ]; +      environment = { +        port = toString cfg.port; +      }; +      serviceConfig = { +        PermissionsStartOnly = "true"; +        SyslogIdentifier = "github-hosts-sync"; +        User = user.name; +        Restart = "always"; +        ExecStartPre = pkgs.writeScript "github-hosts-sync-init" '' +          #! /bin/sh +          set -euf + +          ssh_identity_file_target=$( +            case ${cfg.ssh-identity-file} in +              *.ssh.id_rsa|*.ssh.id_ed25519) echo ${cfg.dataDir}/.ssh/id_rsa;; +              *.ssh.id_ed25519) echo ${cfg.dataDir}/.ssh/id_ed25519;; +              *) +                echo "bad identity file name: ${cfg.ssh-identity-file}" >&2 +                exit 1 +            esac +          ) + +          mkdir -p ${cfg.dataDir} +          chown ${user.name}: ${cfg.dataDir} + +          install \ +            -o ${user.name} \ +            -m 0400 \ +            ${cfg.ssh-identity-file} \ +            "$ssh_identity_file_target" + +          ln -snf ${kpkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts +        ''; +        ExecStart = "${kpkgs.github-hosts-sync}/bin/github-hosts-sync"; +      }; +    }; + +    users.extraUsers = singleton { +      inherit (user) name uid; +      home = cfg.dataDir; +    }; +  }; + +  user = { +    name = "github-hosts-sync"; +    uid = 3220554646; # genid github-hosts-sync +  }; + +  kpkgs = import ../../krebs/5pkgs { inherit pkgs; }; +in +out | 
