diff options
Diffstat (limited to 'krebs/3modules')
| -rw-r--r-- | krebs/3modules/git.nix | 26 | ||||
| -rw-r--r-- | krebs/3modules/go.nix | 12 | ||||
| -rw-r--r-- | krebs/3modules/iptables.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/os-release.nix | 38 | ||||
| -rw-r--r-- | krebs/3modules/reaktor2.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/upstream/desktop-managers/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/upstream/desktop-managers/none.nix | 11 | ||||
| -rw-r--r-- | krebs/3modules/zones.nix | 3 |
8 files changed, 53 insertions, 46 deletions
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 347a2c32b..6d666b6d6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -391,12 +391,12 @@ let }; }; - services.fcgiwrap = { - enable = true; - user = cfg.cgit.fcgiwrap.user.name; - group = cfg.cgit.fcgiwrap.group.name; - # socketAddress = "/run/fcgiwrap.sock" (default) - # socketType = "unix" (default) + services.fcgiwrap.instances.cgit = { + process.user = cfg.cgit.fcgiwrap.user.name; + process.group = cfg.cgit.fcgiwrap.group.name; + socket.user = cfg.cgit.fcgiwrap.user.name; + socket.group = config.services.nginx.group; + socket.mode = "0660"; }; environment.etc."cgitrc".text = let @@ -460,7 +460,7 @@ let fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; # Smart HTTP transport. Regex based on. # https://github.com/git/git/blob/v2.27.0/http-backend.c#L708-L721 @@ -468,9 +468,19 @@ let include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param GIT_HTTP_EXPORT_ALL ""; fastcgi_param GIT_PROJECT_ROOT ${cfg.dataDir}; + fastcgi_param HOME ${pkgs.write "git-http-backend.home" { + "/.gitconfig".text = /* ini */ '' + [safe] + directory = . + ${concatMapStrings + (repo: "directory = ${cfg.dataDir}/${repo.name}\n") + (attrValues cfg.repos) + } + ''; + }}; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; locations."/static/".extraConfig = '' root ${pkgs.cgit}/cgit; diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 0c3f42f1c..1db19e1ca 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -21,15 +21,16 @@ let imp = { services.redis.servers.go.enable = true; + users.users.htgen-go.extraGroups = [ "redis-go" ]; krebs.htgen.go = { port = cfg.port; - script = ''. ${pkgs.writeDash "go" '' + script = ''. ${pkgs.writers.writeDash "go" '' set -x case "$Method $Request_URI" in "GET /"*) - if item=$(${pkgs.redis}/bin/redis-cli --raw get "''${Request_URI#/}"); then + if item=$(${pkgs.redis}/bin/redis-cli -s /run/redis-go/redis.sock --raw get "''${Request_URI#/}"); then printf 'HTTP/1.1 302 Found\r\n' printf 'Content-Type: text/plain\r\n' printf 'Connection: closed\r\n' @@ -54,11 +55,10 @@ let ) sha256=$(echo "$uri" | sha256sum -b | cut -d\ -f1) - base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") - base32short=$(echo "$base32" | cut -c48-52) - ${pkgs.redis}/bin/redis-cli set "$base32short" "$uri" >/dev/null + short=$(echo "$sha256" | cut -c1-8) + ${pkgs.redis}/bin/redis-cli -s /run/redis-go/redis.sock set "$short" "$uri" >/dev/null - ref="http://$req_host/$base32short" + ref="http://$req_host/$short" printf 'HTTP/1.1 200 OK\r\n' printf 'Content-Type: text/plain; charset=UTF-8\r\n' diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 32a5273a5..16f1f3c84 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -108,12 +108,12 @@ let }) ({ krebs.iptables.tables.filter.INPUT.rules = map - (portRange: { predicate = "-p tcp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) + (portRange: { predicate = "-p tcp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) config.networking.firewall.allowedTCPPortRanges; }) ({ krebs.iptables.tables.filter.INPUT.rules = map - (portRange: { predicate = "-p udp --dport ${toString port.from}:${toString port.to}"; target = "ACCEPT"; }) + (portRange: { predicate = "-p udp --dport ${toString portRange.from}:${toString portRange.to}"; target = "ACCEPT"; }) config.networking.firewall.allowedUDPPortRanges; }) ({ diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index bfd352825..929ec45d9 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -8,28 +8,34 @@ let nixos-version = "${nixos-version-id} (${nixos-codeName})"; nixos-pretty-name = "NixOS ${nixos-version}"; - stockholm-version-id = let - eval = builtins.tryEval (removeSuffix "\n" (readFile <stockholm-version>)); - in - if eval.success then eval.value else "unknown"; - - stockholm-version = "${stockholm-version-id}"; + stockholm-version = "${config.krebs.os-release.stockholm-version-id}"; stockholm-pretty-name = "stockholm ${stockholm-version}"; version = "${stockholm-version}/${nixos-version}"; - version-id = "${stockholm-version-id}/${nixos-version-id}"; + version-id = "${config.krebs.os-release.stockholm-version-id}/${nixos-version-id}"; pretty-name = "${stockholm-pretty-name} / ${nixos-pretty-name}"; home-url = http://cgit.ni.krebsco.de/stockholm; in { - # http://0pointer.de/public/systemd-man/os-release.html - environment.etc."os-release".text = mkForce '' - NAME="stockholm/NixOS" - ID=stockholm - VERSION="${version}" - VERSION_ID="${version-id}" - PRETTY_NAME="${pretty-name}" - HOME_URL="${home-url}" - ''; + options.krebs.os-release = { + stockholm-version-id = lib.mkOption { + type = lib.types.str; + default = let + eval = builtins.tryEval (removeSuffix "\n" (readFile <stockholm-version>)); + in + if eval.success then eval.value else "unknown"; + }; + }; + config = { + # http://0pointer.de/public/systemd-man/os-release.html + environment.etc."os-release".text = mkForce '' + NAME="stockholm/NixOS" + ID=stockholm + VERSION="${version}" + VERSION_ID="${version-id}" + PRETTY_NAME="${pretty-name}" + HOME_URL="${home-url}" + ''; + }; } diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index 978e0c9c0..aa6254786 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -18,7 +18,7 @@ with import ../../lib/pure.nix { inherit lib; }; { }; port = mkOption { default = "6667"; - # TODO type = types.service-name + type = types.str; }; plugins = mkOption { default = []; @@ -70,7 +70,7 @@ with import ../../lib/pure.nix { inherit lib; }; { DynamicUser = true; StateDirectory = cfg.username; ExecStart = let - configFile = pkgs.writeJSON configFileName configValue; + configFile = pkgs.writers.writeJSON configFileName configValue; configFileName = "${cfg.systemd-service-name}.config.json"; configValue = stripAttr ( recursiveUpdate { diff --git a/krebs/3modules/upstream/desktop-managers/default.nix b/krebs/3modules/upstream/desktop-managers/default.nix index 22e75439d..5fd39086c 100644 --- a/krebs/3modules/upstream/desktop-managers/default.nix +++ b/krebs/3modules/upstream/desktop-managers/default.nix @@ -1,6 +1,5 @@ { imports = [ ./coma.nix - ./none.nix ]; } diff --git a/krebs/3modules/upstream/desktop-managers/none.nix b/krebs/3modules/upstream/desktop-managers/none.nix deleted file mode 100644 index 77f7ad513..000000000 --- a/krebs/3modules/upstream/desktop-managers/none.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, ... }: -# Replace upstream none desktop-manager by a real none, that doesn't pull in -# any dependencies. -{ - disabledModules = lib.singleton "services/x11/desktop-managers/none.nix"; - config.services.xserver.desktopManager.session = lib.singleton { - name = "none"; - bgSupport = true; - start = ""; - }; -} diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix index 7a9cf5be1..51e559d88 100644 --- a/krebs/3modules/zones.nix +++ b/krebs/3modules/zones.nix @@ -21,6 +21,9 @@ with lib; { panda NS panda panda A 130.61.237.100 + + xkey A 217.197.83.17 + xkey AAAA 2a0a:4580:5011::1 ''; }; }; |