diff options
author | makefu <github@syntax-fehler.de> | 2021-11-24 08:27:30 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2021-11-24 08:27:30 +0100 |
commit | d2776a87a51bbc63957ee2e590f18a7425a87987 (patch) | |
tree | 7052993633e46defc64737aff54d0272a8ce75c1 /krebs/3modules | |
parent | 60b7a7bded68ebd3a5d76b6e0374e189f3a64300 (diff) | |
parent | 4c7abec39771cbd47dc091c674a0429f5c757ebc (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/airdcpp.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/backup.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/bepasty-server.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/build.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/buildbot/master.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/git.nix | 9 | ||||
-rw-r--r-- | krebs/3modules/github-hosts-sync.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/github-known-hosts.nix | 26 | ||||
-rw-r--r-- | krebs/3modules/htgen.nix | 6 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 6 | ||||
-rw-r--r-- | krebs/3modules/lass/default.nix | 47 | ||||
-rw-r--r-- | krebs/3modules/reaktor2.nix | 3 | ||||
-rw-r--r-- | krebs/3modules/rtorrent.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/shadow.nix | 4 | ||||
-rw-r--r-- | krebs/3modules/tinc.nix | 27 | ||||
-rw-r--r-- | krebs/3modules/tinc_graphs.nix | 2 |
17 files changed, 125 insertions, 21 deletions
diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 0ac9d3350..4ac6e30ee 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -45,7 +45,7 @@ let Nick Name for hub ''; type = str; - default = cfg.Nick; + default = cfg.dcpp.Nick; }; Password = mkOption { description = '' diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 910324f3c..c5cb1cae6 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -14,7 +14,7 @@ let default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "krebs.backup.${config.name}" // { + enable = mkEnableOption "krebs.backup.${config._module.args.name}" // { default = true; }; method = mkOption { @@ -23,6 +23,7 @@ let name = mkOption { type = types.str; default = config._module.args.name; + defaultText = "‹name›"; }; src = mkOption { type = types.krebs.file-location; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 051646b63..c374aa9af 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -58,6 +58,7 @@ let permissions will be set to 755 ''; default = config.users.extraUsers.bepasty.home; + defaultText = "<literal>\${config.users.extraUsers.bepasty.home}</literal>"; }; dataDir = mkOption { @@ -67,6 +68,7 @@ let /var/lib/bepasty-server/data ''; default = "${config.users.extraUsers.bepasty.home}/data"; + defaultText = "<literal>\${config.users.extraUsers.bepasty.home}/data</literal>"; }; extraConfig = mkOption { diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 904deb164..5f961617f 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -10,7 +10,7 @@ with import <stockholm/lib>; }; profile = mkOption { - type = types.absolute-path; + type = types.absolute-pathname; default = "/nix/var/nix/profiles/system"; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a845bb281..e55bd95ea 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -137,7 +137,7 @@ let type = types.listOf types.str; example = [ "cac.json" ]; description = '' - List of all the secrets in <secrets> which should be copied into the + List of all the secrets in ‹secrets› which should be copied into the buildbot master directory. ''; }; diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index c5969caac..4eb1d6411 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -31,6 +31,7 @@ let owner.name = "exim"; source-path = toString <secrets> + "/${config.domain}.dkim.priv"; }; + defaultText = "‹secrets/‹domain›.dkim.priv›"; }; selector = mkOption { type = types.str; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 0aa1ae0f2..1bfd58e31 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -53,7 +53,7 @@ let control system, using a built in cache to decrease pressure on the git server. cgit in this module is being served via fastcgi nginx.This module - deploys a http://cgit.<hostname> nginx configuration and enables nginx + deploys a http://cgit.‹hostname› nginx configuration and enables nginx if not yet enabled. ''; }; @@ -207,7 +207,7 @@ let List of users that should be able to do everything with this repo. This option is currently not used by krebs.git but instead can be - used to create rules. See e.g. <stockholm/lass/2configs/git.nix> for + used to create rules. See e.g. ‹stockholm/lass/2configs/git.nix› for an example. ''; }; @@ -222,6 +222,7 @@ let path = mkOption { type = types.str; default = "${cfg.dataDir}/${config.name}"; + defaultText = "${cfg.dataDir}/‹reponame›"; description = '' An absolute path to the repository directory. For non-bare repositories this is the .git-directory. @@ -237,6 +238,7 @@ let url = mkOption { type = types.str; default = config.name; + defaultText = "‹reponame›"; description = '' The relative url used to access the repository. ''; @@ -249,7 +251,7 @@ let List of users that should be able to fetch from this repo. This option is currently not used by krebs.git but instead can be - used to create rules. See e.g. <stockholm/tv/2configs/git.nix> for + used to create rules. See e.g. ‹stockholm/tv/2configs/git.nix› for an example. ''; }; @@ -258,6 +260,7 @@ let description = '' Repository name. ''; + defaultText = "‹reponame›"; }; hooks = mkOption { type = types.attrsOf types.str; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index d385ec355..9421576df 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -18,10 +18,12 @@ let srcDir = mkOption { type = types.str; default = "${config.krebs.tinc.retiolum.confDir}/hosts"; + defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts"; }; ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; default = toString <secrets/github-hosts-sync.ssh.id_ed25519>; + defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›"; }; url = mkOption { type = types.str; diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix index 39b9722ec..d30b41ee5 100644 --- a/krebs/3modules/github-known-hosts.nix +++ b/krebs/3modules/github-known-hosts.nix @@ -2,8 +2,8 @@ services.openssh.knownHosts.github = { hostNames = [ "github.com" - # List generated with - # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R . + # List generated with (IPv6 addresses are currently ignored): + # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R . "192.30.252.*" "192.30.253.*" "192.30.254.*" @@ -28,6 +28,22 @@ "140.82.125.*" "140.82.126.*" "140.82.127.*" + "143.55.64.*" + "143.55.65.*" + "143.55.66.*" + "143.55.67.*" + "143.55.68.*" + "143.55.69.*" + "143.55.70.*" + "143.55.71.*" + "143.55.72.*" + "143.55.73.*" + "143.55.74.*" + "143.55.75.*" + "143.55.76.*" + "143.55.77.*" + "143.55.78.*" + "143.55.79.*" "13.114.40.48" "52.192.72.89" "52.69.186.44" @@ -44,6 +60,9 @@ "18.228.52.138" "18.228.67.229" "18.231.5.6" + "20.201.28.151" + "20.205.243.166" + "102.133.202.242" "18.181.13.223" "54.238.117.237" "54.168.17.15" @@ -60,6 +79,9 @@ "54.233.131.104" "18.231.104.233" "18.228.167.86" + "20.201.28.152" + "20.205.243.160" + "102.133.202.246" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 063bccc68..517dad76f 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -13,7 +13,7 @@ let default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "krebs.htgen-${config.name}"; + enable = mkEnableOption "krebs.htgen-${config._module.args.name}"; name = mkOption { type = types.username; @@ -38,6 +38,10 @@ let name = "htgen-${config.name}"; home = "/var/lib/htgen-${config.name}"; }; + defaultText = { + name = "htgen-‹name›"; + home = "/var/lib/htgen-‹name›"; + }; }; }; })); diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index ec499d63d..776b893f5 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -39,7 +39,10 @@ in { cores = 4; nets = { shack = { - ip4.addr = "10.42.0.50" ; + ip4 = { + addr = "10.42.0.50" ; + prefix = "10.42.0.0/16"; + }; aliases = [ "filebitch.shack" ]; @@ -158,6 +161,7 @@ in { }; puyak = { ci = true; + cores = 4; nets = { retiolum = { ip4.addr = "10.243.77.2"; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index e96b4d8be..1f118b8b0 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -14,7 +14,47 @@ in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs hostDefaults { + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.lass; + ci = true; + monitoring = true; + }) { + dishfire = { + cores = 4; + nets = rec { + internet = { + ip4 = rec { + addr = "157.90.232.92"; + prefix = "${addr}/32"; + }; + aliases = [ + "dishfire.i" + ]; + ssh.port = 45621; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.133.99"; + ip6.addr = r6 "d15f:1233"; + aliases = [ + "dishfire.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.port = 655; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; + }; prism = rec { cores = 4; extraZones = { @@ -54,7 +94,10 @@ in { }; nets = rec { internet = { - ip4.addr = "95.216.1.150"; + ip4 = { + addr = "95.216.1.150"; + prefix = "0.0.0.0/0"; + }; aliases = [ "prism.i" "paste.i" diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index fcc453fa4..26aac5d5a 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -26,11 +26,13 @@ with import <stockholm/lib>; }; stateDir = mkOption { default = "/var/lib/${self.config.username}"; + defaultText = "/var/lib/‹username›"; readOnly = true; type = types.absolute-pathname; }; systemd-service-name = mkOption { default = "reaktor2${optionalString (name != "default") "-${name}"}"; + defaultText = "reaktor2-‹name› or just reaktor2 if ‹name› is \"default\""; type = types.filename; }; sendDelaySec = mkOption { @@ -39,6 +41,7 @@ with import <stockholm/lib>; }; username = mkOption { default = self.config.systemd-service-name; + defaultText = "‹systemd-service-name›"; type = types.username; }; useTLS = mkOption { diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index e5566f329..4a96f6203 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -96,7 +96,7 @@ let basic authentication to be used. If unset, no authentication will be enabled. - Refer to `services.nginx.virtualHosts.<name>.basicAuth` + Refer to `services.nginx.virtualHosts.‹name›.basicAuth` ''; default = {}; }; diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix index 9505efb0c..f056cfd8e 100644 --- a/krebs/3modules/shadow.nix +++ b/krebs/3modules/shadow.nix @@ -55,11 +55,11 @@ in { The overrides file may contain either regular shadow(5) entries like: - <code><login-name>:<hashed-password>:1::::::</code> + <code>‹login-name›:‹hashed-password›:1::::::</code> Or shortened entries only containing login name and password like: - <code><login-name>:<hashed-password></code> + <code>‹login-name›:‹hashed-password›</code> ''; type = types.nullOr (types.either types.path types.absolute-pathname); }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 2c19aefdb..898b5e8c3 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -81,9 +81,16 @@ let ''} ${tinc.config.tincUpExtra} ''; + defaultText = '' + ip -4 addr add ‹net.ip4.addr› dev ${netname} + ip -4 route add ‹net.ip4.prefix› dev ${netname} + ip -6 addr add ‹net.ip6.addr› dev ${netname} + ip -6 route add ‹net.ip6.prefix› dev ${netname} + ${tinc.config.tincUpExtra} + ''; description = '' tinc-up script to be used. Defaults to setting the - krebs.host.nets.<netname>.ip4 and ip6 for the new ips and + krebs.host.nets.‹netname›.ip4 and ip6 for the new ips and configures forwarding of the respecitive netmask as subnet. ''; }; @@ -103,6 +110,7 @@ let type = with types; attrsOf host; default = filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; + defaultText = "‹all-hosts-of-‹netname››"; description = '' Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>. Note that these hosts must have a network named @@ -138,9 +146,10 @@ let '') tinc.config.hosts)} ''; }; + defaultText = "‹netname›-tinc-hosts"; description = '' Package of tinc host configuration files. By default, a package will - be generated from <literal>config.krebs.${tinc.config.netname}.hosts</literal>. This + be generated from <literal>config.krebs.‹netname›.hosts</literal>. This option's main purpose is to expose the generated hosts package to other modules, like <literal>config.krebs.tinc_graphs</literal>. But it can also be used to provide a custom hosts directory. @@ -168,6 +177,7 @@ let owner = tinc.config.user; source-path = toString <secrets> + "/${tinc.config.netname}.rsa_key.priv"; }; + defaultText = "‹secrets/‹netname›.rsa_key.priv›"; }; privkey_ed25519 = mkOption { @@ -179,11 +189,12 @@ let owner = tinc.config.user; source-path = toString <secrets> + "/${tinc.config.netname}.ed25519_key.priv"; }; + defaultText = "‹secrets/‹netname›.ed25519_key.priv›"; }; connectTo = mkOption { type = types.listOf types.str; - ${if tinc.config.netname == "retiolum" then "default" else null} = [ + ${if netname == "retiolum" then "default" else null} = [ "gum" "ni" "prism" @@ -194,8 +205,10 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; + { + krebs.hosts.‹host›.nets.‹netname›.via.ip4.addr = external-ip; + krebs.hosts.‹host›.nets.‹netname›.tinc.port = 1655; + } ''; }; @@ -205,6 +218,10 @@ let name = tinc.config.netname; home = "/var/lib/${tinc.config.user.name}"; }; + defaultText = { + name = "‹netname›"; + home = "/var/lib/‹netname›"; + }; }; }; })); diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 19cce8aa4..7a414e6e3 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -24,6 +24,7 @@ let type = types.str; description = "Path to Hosts directory"; default = "${config.krebs.tinc.retiolum.hostsPackage}"; + defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}"; }; network = mkOption { @@ -68,6 +69,7 @@ let Defaults to the new users home dir which defaults to /var/cache/tinc_graphs''; default = config.users.extraUsers.tinc_graphs.home; + defaultText = "<literal>\${config.users.extraUsers.tinc_graphs.home}</literal>"; }; timerConfig = mkOption { |