summaryrefslogtreecommitdiffstats
path: root/nin/2configs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2017-02-04 14:31:47 +0100
committermakefu <github@syntax-fehler.de>2017-02-04 14:31:47 +0100
commitd6c9edd9dc860d560d4ea7a727962aaf93d09322 (patch)
treeaefb49a9372b959cd722bdfcf51001783cda8bb1 /nin/2configs
parentd2df5375e705e55764b4cacd4ea32dffcb4c6041 (diff)
parent8daef993dcb6149a02c72a4895d6e808a6c6a8d4 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'nin/2configs')
-rw-r--r--nin/2configs/default.nix17
-rw-r--r--nin/2configs/git.nix70
2 files changed, 85 insertions, 2 deletions
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
index e181a6041..a1ed76d98 100644
--- a/nin/2configs/default.nix
+++ b/nin/2configs/default.nix
@@ -46,6 +46,12 @@ with import <stockholm/lib>;
SSL_CERT_FILE = ca-bundle;
};
})
+ {
+ nix = {
+ binaryCaches = ["http://cache.prism.r"];
+ binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ };
+ }
];
networking.hostName = config.krebs.build.host.name;
@@ -58,7 +64,10 @@ with import <stockholm/lib>;
user = config.krebs.users.nin;
source = let inherit (config.krebs.build) host; in {
nixos-config.symlink = "stockholm/nin/1systems/${host.name}.nix";
- secrets.file = "/home/nin/secrets/${host.name}";
+ secrets.file =
+ if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/nin/6tests/dummysecrets>
+ else "/home/nin/secrets/${host.name}";
stockholm.file = getEnv "PWD";
};
};
@@ -82,11 +91,14 @@ with import <stockholm/lib>;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
EDITOR=vim
- MANPAGER=most
'';
nixpkgs.config.allowUnfree = true;
+ environment.shellAliases = {
+ gs = "git status";
+ };
+
environment.systemPackages = with pkgs; [
#stockholm
git
@@ -95,6 +107,7 @@ with import <stockholm/lib>;
proot
populate
p7zip
+ termite
unzip
unrar
hashPassword
diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix
new file mode 100644
index 000000000..39f919e79
--- /dev/null
+++ b/nin/2configs/git.nix
@@ -0,0 +1,70 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+
+ out = {
+ krebs.git = {
+ enable = true;
+ cgit = {
+ settings = {
+ root-title = "public repositories at ${config.krebs.build.host.name}";
+ root-desc = "keep calm and engage";
+ };
+ };
+ repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos;
+ rules = rules;
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+ };
+
+ repos = public-repos;
+
+ rules = concatMap make-rules (attrValues repos);
+
+ public-repos = mapAttrs make-public-repo {
+ stockholm = {
+ cgit.desc = "take all the computers hostage, they'll love you!";
+ };
+ };
+
+ make-public-repo = name: { cgit ? {}, ... }: {
+ inherit cgit name;
+ public = true;
+ hooks = {
+ post-receive = pkgs.git-hooks.irc-announce {
+ # TODO make nick = config.krebs.build.host.name the default
+ nick = config.krebs.build.host.name;
+ channel = "#retiolum";
+ server = "ni.r";
+ verbose = config.krebs.build.host.name == "onondaga";
+ # TODO define branches in some kind of option per repo
+ branches = [ "master" ];
+ };
+ };
+ };
+
+ make-rules =
+ with git // config.krebs.users;
+ repo:
+ singleton {
+ user = [ nin ];
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ } ++
+ optional repo.public {
+ user = attrValues config.krebs.users;
+ repo = [ repo ];
+ perm = fetch;
+ } ++
+ optional (length (repo.collaborators or []) > 0) {
+ user = repo.collaborators;
+ repo = [ repo ];
+ perm = fetch;
+ };
+
+in out