diff options
Diffstat (limited to 'krebs')
47 files changed, 51 insertions, 703 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index d58661a28..d87003ac2 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let ReaktorConfig = pkgs.writeText "config.py" '' diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index e80d383f8..f3c8ff0cd 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let acng-config = pkgs.writeTextFile { name = "acng-configuration"; diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 4569d400f..96b283002 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let out = { options.krebs.backup = api; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 080d2188d..50e04cf80 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let gunicorn = pkgs.pythonPackages.gunicorn; bepasty = pkgs.pythonPackages.bepasty-server; diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 4848748cd..51f192703 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { options.krebs.build = { diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index bd17c3765..9e144ee0e 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let # https://github.com/NixOS/nixpkgs/issues/14026 diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 02331ee12..650594a6c 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' import os diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix index 9f63e33ac..e97e53479 100644 --- a/krebs/3modules/current.nix +++ b/krebs/3modules/current.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.current; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a4a5f9cad..ec85464df 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs; @@ -21,7 +21,6 @@ let ./git.nix ./go.nix ./iptables.nix - ./lib.nix ./newsbot-js.nix ./nginx.nix ./nixpkgs.nix diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index a18f1c979..05840e80a 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.exim-retiolum; diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index cfe2e5f04..2ed5607f1 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 7b18c72c1..1127c0a50 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with config.krebs.lib; let +{ config, lib, pkgs, ... }: with import <stockholm/lib>; let cfg = config.krebs.exim; in { options.krebs.exim = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 0adcec3d8..94bcbed9d 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.fetchWallpaper; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 6a03b4638..20907a3ed 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -6,7 +6,7 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.git; @@ -97,7 +97,7 @@ let singleton { user = [ config.krebs.users.tv ]; repo = [ testing ]; # see literal example of repos - perm = push "refs/*" (with config.krebs.lib.git; [ + perm = push "refs/*" (with git; [ non-fast-forward create delete merge ]); } @@ -389,6 +389,12 @@ let mapAttrsToList repo-to-cgitrc cfg.repos )); + environment.systemPackages = [ + (pkgs.writeDashBin "cgit-clear-cache" '' + ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/* + '') + ]; + system.activationScripts.cgit = '' mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 3646d35d6..e6db3aa42 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.github-hosts-sync; diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 52a104bb9..a86f444dc 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.go; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 08e8995fa..ad1221e8e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { @@ -305,5 +305,7 @@ with config.krebs.lib; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; + sokratess = { + }; }; } diff --git a/krebs/3modules/lib.nix b/krebs/3modules/lib.nix deleted file mode 100644 index ccd6a6afa..000000000 --- a/krebs/3modules/lib.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - out = { - options.krebs.lib = api; - config = imp; - }; - api = mkOption { - default = {}; - type = types.attrs; - }; - imp = { - krebs.lib = lib // import ../4lib { inherit config lib; } // builtins; - }; -in out diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e79e54aa6..7317e0b60 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index dc47d8983..a95536122 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) { diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index b58c555e7..2ff9a5ebb 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -1,10 +1,8 @@ { config, lib, pkgs, ... }: -with builtins; -with lib; +with import <stockholm/lib>; let - inherit (config.krebs.lib) genid; cfg = config.krebs.newsbot-js; diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 214f55018..1577c5b64 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.nginx; diff --git a/krebs/3modules/nixpkgs.nix b/krebs/3modules/nixpkgs.nix index 5816b8a30..796ee537e 100644 --- a/krebs/3modules/nixpkgs.nix +++ b/krebs/3modules/nixpkgs.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.nixpkgs; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index a471a4bc2..8bb022442 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with config.krebs.lib; let +{ config, lib, pkgs, ... }: with import <stockholm/lib>; let out = { options.krebs.on-failure = api; config = lib.mkIf cfg.enable imp; diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 4c803fff8..50cf72ef9 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,5 +1,5 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let nixos-version-id = "${config.system.nixosVersion}"; nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index 93a7d2293..1b8d092bb 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.per-user; diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index bb5b3e521..f405482de 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.power-action; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index df374e184..1564bd94a 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.realwallpaper; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index bcd9da5ea..7705635f0 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.repo-sync; diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 9d393c90b..4bcd596d4 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.retiolum-bootstrap; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 2b181a556..fddaed9e3 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let out = { options.krebs.tinc = api; diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index d53482339..bcc52fb6e 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.rtorrent; webcfg = config.krebs.rtorrent.web; diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 579f375f3..672c503b0 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: with config.krebs.lib; let +{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let cfg = config.krebs.secret; in { options.krebs.secret = { diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 65a4abe1c..13f981437 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.setuid; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index a9868954e..a05889632 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let testHosts = genAttrs [ "test-arch" diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index d783ba03b..26a51de00 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.tinc_graphs; internal_dir = "${cfg.workingDir}/internal"; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index a933cbddb..0e7535e6c 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { dns.providers = { @@ -162,46 +162,6 @@ with config.krebs.lib; }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu"; }; - ire = { - extraZones = { - # TODO generate krebsco.de zone from nets and don't use extraZones at all - "krebsco.de" = '' - ire 60 IN A ${config.krebs.hosts.ire.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "198.147.22.115"; - aliases = [ - "ire.i" - "ire.internet" - "ire.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.ire.nets.internet; - ip4.addr = "10.243.231.66"; - ip6.addr = "42:b912:0f42:a82d:0d27:8610:e89b:490c"; - aliases = [ - "ire.r" - "ire.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwofjmP/XBf5pwsJlWklkSzI+Bo0I0B9ONc7/j+zpbmMRkwbWk4X7 - rVLt1cWvTY15ujg2u8l0o6OgEbIkc6rslkD603fv1sEAd0KOv7iKLgRpE9qfSvAt - 6YpiSv+mxEMTpH0g36OmBfOJ10uT+iHDB/FfxmgGJx//jdJADzLjjWC6ID+iGkGU - 1Sf+yHXF7HRmQ29Yak8LYVCJpGC5bQfWIMSL5lujLq4NchY2d+NZDkuvh42Ayr0K - LPflnPBQ3XnKHKtSsnFR2vaP6q+d3Opsq/kzBnAkjL26jEuFK1v7P/HhNhJoPzwu - nKKWj/W/k448ce374k5ycjvKm0c6baAC/wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - ssh.port = 11423; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY"; - }; kaepsele = { nets = { internet = { diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index ed1a21260..e43f8de4a 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -4,7 +4,7 @@ # TODO inform about unused caches # cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}" -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.urlwatch; diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix deleted file mode 100644 index c40b9a868..000000000 --- a/krebs/4lib/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -_: - -let - lib = import <stockholm/lib>; -in - -with lib; - -let out = lib // rec { - - guard = spec@{ type, value, ... }: - assert isOptionType type; - if type.check value - then value - else throw (toString (filter isString [ - "argument" - (if spec ? name then "‘${spec.name}’" else null) - "is not a ${type.name}" - ])); - - types = import ./types.nix { - lib = lib // { inherit genid optionalTrace; }; - }; - - genid = import ./genid.nix { lib = lib // out; }; - genid_signed = x: ((genid x) + 16777216) / 2; - git = import ./git.nix { lib = lib // out; }; - tree = import ./tree.nix { inherit lib; }; - - lpad = n: c: s: - if stringLength s < n - then lpad n c (c + s) - else s; - - toC = x: let - type = typeOf x; - reject = throw "cannot convert ${type}"; - in { - l |