summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/cal.nix127
-rw-r--r--krebs/2configs/syncthing.nix12
2 files changed, 113 insertions, 26 deletions
diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix
index 90093e8eb..15f0027b3 100644
--- a/krebs/2configs/cal.nix
+++ b/krebs/2configs/cal.nix
@@ -1,33 +1,116 @@
-{ config, lib, pkgs, ... }:
-{
- users.users.testing = {
- uid = pkgs.stockholm.lib.genid_uint31 "testing";
- isNormalUser = true;
- openssh.authorizedKeys.keys = [
- config.krebs.users.xkey.pubkey
- config.krebs.users.lass.pubkey
- ];
- packages = [
- pkgs.calendar-cli
- pkgs.tmux
- ];
- };
+{ config, lib, pkgs, ... }: let
+
+ setupGit = ''
+ export PATH=${lib.makeBinPath [
+ pkgs.coreutils
+ pkgs.git
+ ]}
+ export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i /var/lib/radicale/.ssh/id_ed25519'
+ repo='git@localhost:cal'
+ cd /var/lib/radicale/collections
+ if ! test -d .git; then
+ git init
+ git config user.name "radicale"
+ git config user.email "radicale@${config.networking.hostName}"
+ elif ! url=$(git config remote.origin.url); then
+ git remote add origin "$repo"
+ elif test "$url" != "$repo"; then
+ git remote set-url origin "$repo"
+ fi
+ cp ${pkgs.writeText "gitignore" ''
+ .Radicale.cache
+ ''} .gitignore
+ git add .gitignore
+ '';
- services.xandikos = {
+ pushCal = pkgs.writeDash "push_cal" ''
+ ${setupGit}
+ git fetch origin
+ git merge --ff-only origin/master || :
+ '';
+
+ pushCgit = pkgs.writeDash "push_cgit" ''
+ ${setupGit}
+ git push origin master
+ '';
+
+in {
+ services.radicale = {
enable = true;
- extraOptions = [
- "--autocreate"
- "--defaults"
- "--current-user-principal /krebs"
- "--dump-dav-xml"
- ];
+ rights = {
+ krebs = {
+ user = ".*";
+ collection = ".*";
+ permissions = "rRwW";
+ };
+ };
+ settings = {
+ auth.type = "none";
+ server.hosts = [
+ "0.0.0.0:5232"
+ "[::]:5232"
+ ];
+ storage.filesystem_folder = "/var/lib/radicale/collections";
+ storage.hook = "${pkgs.writers.writeDash "radicale-hook" ''
+ set -efu
+ ${setupGit}
+ ${pkgs.git}/bin/git add -A
+ (${pkgs.git}/bin/git diff --cached --quiet || ${pkgs.git}/bin/git commit -m "Changes by \"$1\"")
+ ${pushCgit}
+ ''} %(user)s";
+ };
};
services.nginx = {
enable = true;
virtualHosts = {
- "calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/";
+ "calendar.r".locations."/".proxyPass = "http://localhost:5232/";
+ };
+ };
+ krebs.git = {
+ enable = true;
+ cgit.settings = {
+ root-title = "krebs repos";
+ };
+ rules = with pkgs.stockholm.lib.git; [
+ {
+ user = [
+ {
+ name = "cal";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe1jtHaNFZKmWemWQVEGVYj+s4QGJaL9WYH+wokOZie";
+ }
+ ] ++ (lib.attrValues config.krebs.users);
+ repo = [ config.krebs.git.repos.cal ];
+ perm = push ''refs/heads/master'' [ create merge ];
+ }
+ ];
+ repos.cal = {
+ public = true;
+ name = "cal";
+ hooks = {
+ post-receive = ''
+ ${pkgs.git-hooks.irc-announce {
+ channel = "#xxx";
+ refs = [
+ "refs/heads/master"
+ ];
+ nick = config.networking.hostName;
+ server = "irc.r";
+ verbose = true;
+ }}
+ /run/wrappers/bin/sudo -S -u radicale ${pushCal}
+ '';
+ };
};
};
+ krebs.secret.files.calendar = {
+ path = "/var/lib/radicale/.ssh/id_ed25519";
+ owner = { name = "radicale"; };
+ source-path = "${<secrets/radicale.id_ed25519>}";
+ };
+
+ security.sudo.extraConfig = ''
+ git ALL=(radicale) NOPASSWD: ${pushCal}
+ '';
}
diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
index dac1863d5..d6d42ca11 100644
--- a/krebs/2configs/syncthing.nix
+++ b/krebs/2configs/syncthing.nix
@@ -1,17 +1,21 @@
-{ config, pkgs, ... }: with import <stockholm/lib>; let
+{ options, config, pkgs, ... }: with import <stockholm/lib>; let
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
- used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders));
+ used_peer_names = unique (filter isString (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)));
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
in {
services.syncthing = {
enable = true;
configDir = "/var/lib/syncthing";
- devices = mk_peers used_peers;
key = toString <secrets/syncthing.key>;
cert = toString <secrets/syncthing.cert>;
- };
+ # workaround for infinite recursion on unstable, remove in 23.11
+ } // (if builtins.hasAttr "settings" options.services.syncthing then
+ { settings.devices = mk_peers used_peers; }
+ else
+ { devices = mk_peers used_peers; }
+ );
boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
}