diff options
-rw-r--r-- | 0make/makefu/pnp.makefile | 4 | ||||
-rw-r--r-- | Zpubkeys/makefu_omo.ssh.pub | 1 | ||||
-rw-r--r-- | makefu/1systems/pnp.nix (renamed from 1systems/makefu/pnp.nix) | 19 | ||||
-rw-r--r-- | makefu/2configs/base.nix (renamed from 2configs/makefu/base.nix) | 1 | ||||
-rw-r--r-- | makefu/2configs/cgit-retiolum.nix (renamed from 2configs/makefu/cgit-retiolum.nix) | 41 | ||||
-rw-r--r-- | makefu/3modules/default.nix (renamed from 3modules/makefu/default.nix) | 2 |
6 files changed, 45 insertions, 23 deletions
diff --git a/0make/makefu/pnp.makefile b/0make/makefu/pnp.makefile deleted file mode 100644 index a18efe0e0..000000000 --- a/0make/makefu/pnp.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@pnp -nixpkgs_url := https://github.com/nixos/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/makefu/secrets/pnp diff --git a/Zpubkeys/makefu_omo.ssh.pub b/Zpubkeys/makefu_omo.ssh.pub new file mode 100644 index 000000000..5567040fb --- /dev/null +++ b/Zpubkeys/makefu_omo.ssh.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch diff --git a/1systems/makefu/pnp.nix b/makefu/1systems/pnp.nix index 1019c4d70..4c4ce716f 100644 --- a/1systems/makefu/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -8,10 +8,25 @@ imports = [ # Include the results of the hardware scan. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ../../2configs/makefu/base.nix - ../../2configs/makefu/cgit-retiolum.nix + ../2configs/base.nix + ../2configs/cgit-retiolum.nix ]; krebs.build.host = config.krebs.hosts.pnp; + krebs.build.user = config.krebs.users.makefu; + krebs.build.target = "root@pnp"; + + krebs.build.deps = { + nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870"; + }; + secrets = { + url = "/home/makefu/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; boot.loader.grub.enable = true; boot.loader.grub.version = 2; diff --git a/2configs/makefu/base.nix b/makefu/2configs/base.nix index b052b13e4..8dfb2ef27 100644 --- a/2configs/makefu/base.nix +++ b/makefu/2configs/base.nix @@ -39,6 +39,7 @@ with lib; ''; environment.systemPackages = with pkgs; [ + jq git vim gnumake diff --git a/2configs/makefu/cgit-retiolum.nix b/makefu/2configs/cgit-retiolum.nix index 7b8e3bc97..7dfb181c5 100644 --- a/2configs/makefu/cgit-retiolum.nix +++ b/makefu/2configs/cgit-retiolum.nix @@ -1,17 +1,8 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with import ../../4lib/tv { inherit lib pkgs; }; +with import ../../tv/4lib { inherit lib pkgs; }; let - out = { - imports = [ ../../3modules/krebs/git.nix ]; - krebs.git = { - enable = true; - root-title = "public repositories "; - root-desc = "keep on krebsing"; - inherit repos rules; - }; - }; repos = priv-repos // krebs-repos ; rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); @@ -39,12 +30,13 @@ let post-receive = git.irc-announce { nick = config.networking.hostName; channel = "#retiolum"; + # TODO remove the hardcoded hostname server = "cd.retiolum"; }; }; }; - set-owners = with git; repo: user: + set-owners = with git;repo: user: singleton { inherit user; repo = [ repo ]; @@ -61,10 +53,27 @@ let # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv uriel ]; - priv-rules = with config.krebs.users; repo: - set-owners repo [ makefu ]; + #all-makefu = with config.krebs.users; [ makefu ]; + + + all-makefu = with config.krebs.users; [ makefu makefu-omo ]; - krebs-rules = with config.krebs.users; repo: - set-owners repo [ makefu ] ++ set-ro-access repo krebsminister ; + priv-rules = repo: set-owners repo all-makefu; -in out + krebs-rules = repo: + set-owners repo all-makefu ++ set-ro-access repo krebsminister; + +in { + imports = [{ + krebs.users.makefu-omo = { + name = "makefu-omo" ; + pubkey= with builtins; readFile ../../Zpubkeys/makefu_omo.ssh.pub; + }; + }]; + krebs.git = { + enable = true; + root-title = "public repositories"; + root-desc = "keep on krebsing"; + inherit repos rules; + }; +} diff --git a/3modules/makefu/default.nix b/makefu/3modules/default.nix index 45ca8c3eb..015f472f7 100644 --- a/3modules/makefu/default.nix +++ b/makefu/3modules/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with import ../../4lib/krebs { inherit lib; }; +with import ../../krebs/4lib { inherit lib; }; let cfg = config.krebs; |