summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-06-21 16:01:33 +0200
committerlassulus <git@lassul.us>2023-06-21 16:01:33 +0200
commita0c4427c0baa94603fa10c1248944e7837e72642 (patch)
treecaa4053366d62b683e6f6e746e9df0317de88c80 /krebs/3modules
parentc6593fdb393a585e631b9824e2bb3857ba2f90c6 (diff)
parentfdc364520238a38883d28bbfa05ac966e792ed8b (diff)
Merge remote-tracking branch 'ni/flakify'
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/airdcpp.nix7
-rw-r--r--krebs/3modules/announce-activation.nix47
-rw-r--r--krebs/3modules/apt-cacher-ng.nix2
-rw-r--r--krebs/3modules/backup.nix2
-rw-r--r--krebs/3modules/bepasty-server.nix2
-rw-r--r--krebs/3modules/bindfs.nix4
-rw-r--r--krebs/3modules/brockman.nix7
-rw-r--r--krebs/3modules/build.nix4
-rw-r--r--krebs/3modules/ci/default.nix7
-rw-r--r--krebs/3modules/current.nix2
-rw-r--r--krebs/3modules/default.nix228
-rw-r--r--krebs/3modules/dns.nix6
-rw-r--r--krebs/3modules/exim-retiolum.nix4
-rw-r--r--krebs/3modules/exim-smarthost.nix2
-rw-r--r--krebs/3modules/exim.nix2
-rw-r--r--krebs/3modules/fetchWallpaper.nix2
-rw-r--r--krebs/3modules/git.nix8
-rw-r--r--krebs/3modules/github/hosts-sync.nix2
-rw-r--r--krebs/3modules/go.nix2
-rw-r--r--krebs/3modules/hidden-ssh.nix2
-rw-r--r--krebs/3modules/hosts.nix14
-rw-r--r--krebs/3modules/htgen.nix2
-rw-r--r--krebs/3modules/iana-etc.nix4
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/kapacitor.nix2
-rw-r--r--krebs/3modules/konsens.nix5
-rw-r--r--krebs/3modules/krebs-pages.nix5
-rw-r--r--krebs/3modules/krebs.nix8
-rw-r--r--krebs/3modules/monit.nix2
-rw-r--r--krebs/3modules/nixpkgs.nix2
-rw-r--r--krebs/3modules/on-failure.nix2
-rw-r--r--krebs/3modules/os-release.nix6
-rw-r--r--krebs/3modules/per-user.nix4
-rw-r--r--krebs/3modules/permown.nix4
-rw-r--r--krebs/3modules/reaktor2.nix4
-rw-r--r--krebs/3modules/realwallpaper.nix2
-rw-r--r--krebs/3modules/repo-sync.nix2
-rw-r--r--krebs/3modules/retiolum-bootstrap.nix4
-rw-r--r--krebs/3modules/secret.nix6
-rw-r--r--krebs/3modules/setuid.nix5
-rw-r--r--krebs/3modules/shadow.nix7
-rw-r--r--krebs/3modules/sitemap.nix5
-rw-r--r--krebs/3modules/ssh.nix109
-rw-r--r--krebs/3modules/sync-containers.nix5
-rw-r--r--krebs/3modules/sync-containers3.nix2
-rw-r--r--krebs/3modules/systemd.nix15
-rw-r--r--krebs/3modules/tinc.nix4
-rw-r--r--krebs/3modules/tinc_graphs.nix2
-rw-r--r--krebs/3modules/upstream/default.nix5
-rw-r--r--krebs/3modules/upstream/desktop-managers/coma.nix5
-rw-r--r--krebs/3modules/upstream/desktop-managers/none.nix6
-rw-r--r--krebs/3modules/upstream/window-managers/default.nix4
-rw-r--r--krebs/3modules/urlwatch.nix2
-rw-r--r--krebs/3modules/users.nix6
-rw-r--r--krebs/3modules/zones.nix4
55 files changed, 312 insertions, 296 deletions
diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix
index 259f613cc..acd007cb8 100644
--- a/krebs/3modules/airdcpp.nix
+++ b/krebs/3modules/airdcpp.nix
@@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>; #genid
+with lib;
let
+ slib = import ../../lib/pure.nix { inherit lib; };
cfg = config.krebs.airdcpp;
out = {
@@ -265,14 +266,14 @@ let
};
users = lib.mkIf (cfg.user == "airdcpp") {
users.airdcpp = {
- uid = genid "airdcpp";
+ uid = slib.genid "airdcpp";
home = cfg.stateDir;
createHome = true;
isSystemUser = true;
group = "airdcpp";
inherit (cfg) extraGroups;
};
- groups.airdcpp.gid = genid "airdcpp";
+ groups.airdcpp.gid = slib.genid "airdcpp";
};
};
in
diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index a40ae8cef..fa0f1530c 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -1,20 +1,21 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }: let
+{ config, pkgs, lib, ... }:
+let
+ slib = import ../../lib/pure.nix { inherit lib; };
cfg = config.krebs.announce-activation;
announce-activation = pkgs.writeDash "announce-activation" ''
set -efu
message=$(${cfg.get-message})
exec ${pkgs.irc-announce}/bin/irc-announce \
- ${shell.escape cfg.irc.server} \
- ${shell.escape (toString cfg.irc.port)} \
- ${shell.escape cfg.irc.nick} \
- ${shell.escape cfg.irc.channel} \
- ${escapeShellArg cfg.irc.tls} \
+ ${slib.shell.escape cfg.irc.server} \
+ ${slib.shell.escape (toString cfg.irc.port)} \
+ ${slib.shell.escape cfg.irc.nick} \
+ ${slib.shell.escape cfg.irc.channel} \
+ ${lib.escapeShellArg cfg.irc.tls} \
"$message"
'';
default-get-message = pkgs.writeDash "announce-activation-get-message" ''
set -efu
- PATH=${makeBinPath [
+ PATH=${lib.makeBinPath [
pkgs.coreutils
pkgs.gawk
pkgs.gnused
@@ -28,37 +29,37 @@ with import <stockholm/lib>;
'';
in {
options.krebs.announce-activation = {
- enable = mkEnableOption "announce-activation";
- get-message = mkOption {
+ enable = lib.mkEnableOption "announce-activation";
+ get-message = lib.mkOption {
default = default-get-message;
- type = types.package;
+ type = lib.types.package;
};
irc = {
# TODO rename channel to target?
- channel = mkOption {
+ channel = lib.mkOption {
default = "#xxx";
- type = types.str; # TODO types.irc-channel
+ type = lib.types.str; # TODO types.irc-channel
};
- nick = mkOption {
+ nick = lib.mkOption {
default = config.krebs.build.host.name;
- type = types.label;
+ type = slib.types.label;
};
- port = mkOption {
+ port = lib.mkOption {
default = 6667;
- type = types.int;
+ type = lib.types.int;
};
- server = mkOption {
+ server = lib.mkOption {
default = "irc.r";
- type = types.hostname;
+ type = slib.types.hostname;
};
- tls = mkOption {
+ tls = lib.mkOption {
default = false;
- type = types.bool;
+ type = lib.types.bool;
};
};
};
- config = mkIf cfg.enable {
- system.activationScripts.announce-activation = stringAfter [ "etc" ] ''
+ config = lib.mkIf cfg.enable {
+ system.activationScripts.announce-activation = lib.stringAfter [ "etc" ] ''
${announce-activation}
'';
};
diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
index f3c8ff0cd..0efe9ed43 100644
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
-with import <stockholm/lib>;
+with lib;
let
acng-config = pkgs.writeTextFile {
name = "acng-configuration";
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index c1d4d7211..900be5139 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
+with import ../../lib/pure.nix { inherit lib; };
let
out = {
options.krebs.backup = api;
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index c374aa9af..33c825a80 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
+with lib;
let
gunicorn = pkgs.python3Packages.gunicorn;
bepasty = pkgs.bepasty;
diff --git a/krebs/3modules/bindfs.nix b/krebs/3modules/bindfs.nix
index 7e3730e86..60736710f 100644
--- a/krebs/3modules/bindfs.nix
+++ b/krebs/3modules/bindfs.nix
@@ -1,5 +1,5 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
+with lib;
let
cfg = config.krebs.bindfs;
in {
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 8427ca50b..3f0dd0861 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -1,6 +1,7 @@
-{ pkgs, config, ... }:
-with import <stockholm/lib>;
+{ pkgs, config, lib, ... }:
+with lib;
let
+ slib = import ../../lib/pure.nix { inherit lib; };
cfg = config.krebs.brockman;
in {
options.krebs.brockman = {
@@ -14,7 +15,7 @@ in {
group = "brockman";
createHome = true;
isSystemUser = true;
- uid = genid_uint31 "brockman";
+ uid = slib.genid_uint31 "brockman";
};
users.groups.brockman = {};
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 5f961617f..bf20cb099 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -1,6 +1,6 @@
-{ config, ... }:
+{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
+with import ../../lib/pure.nix { inherit lib; };
{
options.krebs.build = {
diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix
index 022da5884..5035a11a8 100644
--- a/krebs/3modules/ci/default.nix
+++ b/krebs/3modules/ci/default.nix
@@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
+with import ../../../lib/pure.nix { inherit lib; };
let
cfg = config.krebs.ci;
@@ -25,7 +24,7 @@ let
};
hostname = config.networking.hostName;
- getJobs = pkgs.writeDash "get_jobs" ''
+ getJobs = pkgs.writers.writeDash "get_jobs" ''
set -efu
${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2
json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)"
@@ -116,7 +115,7 @@ let
build_script = stages[stage],
),
timeout = 3600,
- command="${pkgs.writeDash "build.sh" ''
+ command="${pkgs.writers.writeDash "build.sh" ''
set -xefu
profile=${shell.escape profileRoot}/$build_name
result=$("$build_script")
diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix
index e97e53479..5c32203fd 100644
--- a/krebs/3modules/current.nix
+++ b/krebs/3modules/current.nix
@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
-with import <stockholm/lib>;
+with lib;
let
cfg = config.krebs.current;
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6d763afed..28ce09941 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -1,170 +1,62 @@
{ config, lib, ... }:
-
-with import <stockholm/lib>;
-let
- cfg = config.krebs;
-
- out = {
- imports = [
- ../../kartei
- ../../submodules/disko/module.nix
- ./acl.nix
- ./airdcpp.nix
- ./announce-activation.nix
- ./apt-cacher-ng.nix
- ./backup.nix
- ./bepasty-server.nix
- ./bindfs.nix
- ./brockman.nix
- ./build.nix
- ./cachecache.nix
- ./ci
- ./current.nix
- ./dns.nix
- ./exim-retiolum.nix
- ./exim-smarthost.nix
- ./exim.nix
- ./fetchWallpaper.nix
- ./git.nix
- ./github
- ./go.nix
- ./hidden-ssh.nix
- ./hosts.nix
- ./htgen.nix
- ./iana-etc.nix
- ./iptables.nix
- ./kapacitor.nix
- ./konsens.nix
- ./krebs-pages.nix
- ./monit.nix
- ./nixpkgs.nix
- ./on-failure.nix
- ./os-release.nix
- ./per-user.nix
- ./permown.nix
- ./power-action.nix
- ./reaktor2.nix
- ./realwallpaper.nix
- ./repo-sync.nix
- ./retiolum-bootstrap.nix
- ./secret.nix
- ./setuid.nix
- ./shadow.nix
- ./sitemap.nix
- ./ssl.nix
- ./sync-containers.nix
- ./sync-containers3.nix
- ./systemd.nix
- ./tinc.nix
- ./tinc_graphs.nix
- ./upstream
- ./urlwatch.nix
- ./users.nix
- ./xresources.nix
- ./zones.nix
- ];
- options.krebs = api;
- config = lib.mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkEnableOption "krebs";
-
- zone-head-config = mkOption {
- type = with types; attrsOf str;
- description = ''
- The zone configuration head which is being used to create the
- zone files. The string for each key is pre-pended to the zone file.
- '';
- # TODO: configure the default somewhere else,
- # maybe use krebs.dns.providers
- default = {
-
- # github.io -> 192.30.252.154
- "krebsco.de" = ''
- $TTL 86400
- @ IN SOA dns19.ovh.net. tech.ovh.net. (2015052000 86400 3600 3600000 86400)
- IN NS ns19.ovh.net.
- IN NS dns19.ovh.net.
- '';
- };
- };
- };
-
- imp = lib.mkMerge [
- {
- services.openssh.hostKeys =
- let inherit (config.krebs.build.host.ssh) privkey; in
- mkIf (privkey != null) [privkey];
-
- services.openssh.knownHosts =
- filterAttrs
- (knownHostName: knownHost:
- knownHost.publicKey != null &&
- knownHost.hostNames != []
- )
- (mapAttrs
- (hostName: host: {
- hostNames =
- concatLists
- (mapAttrsToList
- (netName: net:
- let
- aliases =
- concatLists [
- shortAliases
- net.aliases
- net.addrs
- ];
- shortAliases =
- optionals
- (cfg.dns.search-domain != null)
- (map (removeSuffix ".${cfg.dns.search-domain}")
- (filter (hasSuffix ".${cfg.dns.search-domain}")
- net.aliases));
- addPort = alias:
- if net.ssh.port != 22
- then "[${alias}]:${toString net.ssh.port}"
- else alias;
- in
- map addPort aliases
- )
- host.nets);
- publicKey = host.ssh.pubkey;
- })
- (foldl' mergeAttrs {} [
- cfg.hosts
- {
- localhost = {
- nets.local = {
- addrs = [ "127.0.0.1" "::1" ];
- aliases = [ "localhost" ];
- ssh.port = 22;
- };
- ssh.pubkey = config.krebs.build.host.ssh.pubkey;
- };
- }
- ]));
-
- programs.ssh.extraConfig = concatMapStrings
- (net: ''
- Host ${toString (net.aliases ++ net.addrs)}
- Port ${toString net.ssh.port}
- '')
- (filter
- (net: net.ssh.port != 22)
- (concatMap (host: attrValues host.nets)
- (mapAttrsToList
- (_: host: recursiveUpdate host
- (optionalAttrs (cfg.dns.search-domain != null &&
- hasAttr cfg.dns.search-domain host.nets) {
- nets."" = host.nets.${cfg.dns.search-domain} // {
- aliases = [host.name];
- addrs = [];
- };
- }))
- config.krebs.hosts)));
- }
+{
+ imports = [
+ ../../kartei
+ ./acl.nix
+ ./airdcpp.nix
+ ./announce-activation.nix
+ ./apt-cacher-ng.nix
+ ./backup.nix
+ ./bepasty-server.nix
+ ./bindfs.nix
+ ./brockman.nix
+ ./build.nix
+ ./cachecache.nix
+ ./ci
+ ./current.nix
+ ./dns.nix
+ ./exim-retiolum.nix
+ ./exim-smarthost.nix
+ ./exim.nix
+ ./fetchWallpaper.nix
+ ./git.nix
+ ./github
+ ./go.nix
+ ./hidden-ssh.nix
+ ./hosts.nix
+ ./htgen.nix
+ ./iana-etc.nix
+ ./iptables.nix
+ ./kapacitor.nix
+ ./konsens.nix
+ ./krebs.nix
+ ./krebs-pages.nix
+ ./monit.nix
+ ./nixpkgs.nix
+ ./on-failure.nix
+ ./os-release.nix
+ ./per-user.nix
+ ./permown.nix
+ ./power-action.nix
+ ./reaktor2.nix
+ ./realwallpaper.nix
+ ./repo-sync.nix
+ ./retiolum-bootstrap.nix
+ ./secret.nix
+ ./setuid.nix
+ ./shadow.nix
+ ./ssh.nix
+ ./sitemap.nix
+ ./ssl.nix
+ ./sync-containers.nix
+ ./sync-containers3.nix
+ ./systemd.nix
+ ./tinc.nix
+ ./tinc_graphs.nix
+ ./upstream
+ ./urlwatch.nix
+ ./users.nix
+ ./xresources.nix
+ ./zones.nix
];
-
-in out
+}
diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix
index 8a74d3067..a268b931c 100644
--- a/krebs/3modules/dns.nix
+++ b/krebs/3modules/dns.nix
@@ -1,5 +1,5 @@
-with import <stockholm/lib>;
-{ config, ... }: {
+{ config, lib, pkgs, ... }:
+with import ../../lib/pure.nix { inherit lib; }; {
options = {
krebs.dns.providers = mkOption {
type = types.attrsOf types.str;
@@ -8,7 +8,7 @@ with import <stockholm/lib>;
type = types.nullOr types.hostname;
};
};
- config = mkIf config.krebs.enable {
+ config = lib.mkIf config.krebs.enable {
krebs.dns.providers = {
"krebsco.de" = "zones";
shack = "hosts";
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index a16661c9f..f78f1746c 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -1,5 +1,5 @@
-with import <stockholm/lib>;
-{ config, pkgs, lib, ... }: let
+{ config, pkgs, lib, ... }:
+with import ../../lib/pure.nix { inherit lib; }; let
cfg = config.krebs.exim-retiolum;
# Due to improvements to the JSON notation, braces around top-level objects
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 62f15027a..7b3dace6a 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
-with import <stockholm/lib>;
+with import ../../lib/pure.nix { inherit lib; };
let
cfg = config.krebs.exim-smarthost;
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index 0f0aa67f0..917a8e5a4 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: with import <stockholm/lib>; let
+{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let
cfg = config.krebs.exim;
in {
options.krebs.exim = {
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index dc0133a63..79187adfa 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
+with import ../../lib/pure.nix { inherit lib; };
let
cfg = config.krebs.fetchWallpaper;
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 02c673e43..1ec216f62 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -6,14 +6,14 @@
# TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow)
-with import <stockholm/lib>;
+with import ../../lib/pure.nix { inherit lib; };
let
cfg = config.krebs.git;
out = {
options.krebs.git = api;
- config = with lib; mkIf cfg.enable (mkMerge [
- (mkIf cfg.cgit.enable cgit-imp)
+ config = with lib; lib.mkIf cfg.enable (mkMerge [
+ (lib.mkIf cfg.cgit.enable cgit-imp)
git-imp
]);
};
@@ -446,7 +446,7 @@ let
];
locations."/".extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
- fastcgi_param SCRIPT_FILENAME ${pkgs.writeDash "cgit-wrapper" ''
+ fastcgi_param SCRIPT_FILENAME ${pkgs.writers.writeDash "cgit-wrapper" ''
set -efu
exec 3>&1
${pkgs.cgit}/cgit/cgit.cgi "$@" 2>&1 >&3 3>&- \
diff --git a/krebs/3modules/github/hosts-sync.nix b/krebs/3modules/github/hosts-sync.nix
index 71eed6c69..6f9aee0ce 100644
--- a/krebs/3modules/github/hosts-sync.nix
+++ b/krebs/3modules/github/hosts-sync.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
+with lib;
let
cfg = config.krebs.github-hosts-sync;
diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix
index 80cd90e27..9dc8fe6d2 100644
--- a/krebs/3modules/go.nix
+++ b/krebs/3modules/go.n