summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/Reaktor.nix20
-rw-r--r--krebs/3modules/apt-cacher-ng.nix6
-rw-r--r--krebs/3modules/bepasty-server.nix4
-rw-r--r--krebs/3modules/fetchWallpaper.nix2
-rw-r--r--krebs/3modules/git.nix8
-rw-r--r--krebs/3modules/github-hosts-sync.nix4
-rw-r--r--krebs/3modules/go.nix5
-rw-r--r--krebs/3modules/realwallpaper.nix10
-rw-r--r--krebs/3modules/retiolum.nix4
-rw-r--r--krebs/3modules/tinc_graphs.nix2
-rw-r--r--krebs/3modules/urlwatch.nix5
-rw-r--r--krebs/4lib/default.nix3
-rw-r--r--krebs/4lib/genid.nix37
-rw-r--r--krebs/5pkgs/genid/default.nix22
14 files changed, 64 insertions, 68 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix
index 1ec49b81e..0fca52203 100644
--- a/krebs/3modules/Reaktor.nix
+++ b/krebs/3modules/Reaktor.nix
@@ -1,19 +1,8 @@
-{ config, pkgs,lib, ... }:
-
+{ config, lib, pkgs, ... }:
+with lib;
let
- inherit (lib)
- mkIf
- mkOption
- types
- singleton
- isString
- optionalString
- concatStrings
- escapeShellArg
- ;
-
ReaktorConfig = pkgs.writeText "config.py" ''
${if (isString cfg.overrideConfig ) then ''
# Overriden Config
@@ -86,10 +75,9 @@ let
imp = {
# for reaktor get-config
- users.extraUsers = singleton {
+ users.extraUsers = singleton rec {
name = "Reaktor";
- # uid = config.ids.uids.Reaktor;
- uid = 2066439104; #genid Reaktor
+ uid = genid name;
description = "Reaktor user";
home = "/var/lib/Reaktor";
createHome = true;
diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
index 75296bafb..371d39b6f 100644
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -119,16 +119,14 @@ let
imp = {
users.extraUsers.acng = {
- # uid = config.ids.uids.acng;
- uid = 897955083; #genid Reaktor
+ uid = genid "acng";
description = "apt-cacher-ng";
home = acng-home;
createHome = false;
};
users.extraGroups.acng = {
- gid = 897955083; #genid Reaktor
- # gid = config.ids.gids.Reaktor;
+ gid = genid "acng";
};
systemd.services.apt-cacher-ng = {
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index c99c3d11a..e74841205 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -130,12 +130,12 @@ let
) cfg.servers;
users.extraUsers.bepasty = {
- uid = 2796546855; #genid bepasty
+ uid = genid "bepasty";
group = "bepasty";
home = "/var/lib/bepasty-server";
};
users.extraGroups.bepasty = {
- gid = 2796546855; #genid bepasty
+ gid = genid "bepasty";
};
};
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 83ecf4177..f320c7505 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -51,7 +51,7 @@ let
imp = {
users.users.fetchWallpaper = {
name = "fetchWallpaper";
- uid = 3332383611; #genid fetchWallpaper
+ uid = genid "fetchWallpaper";
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 234129497..e6267d7e6 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -145,14 +145,14 @@ let
]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules));
};
- users.extraUsers = singleton {
+ users.extraUsers = singleton rec {
description = "Git repository hosting user";
name = "git";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
config.krebs.users;
- uid = 129318403; # genid git
+ uid = genid name;
};
};
@@ -238,9 +238,9 @@ let
};
};
- fcgitwrap-user = {
+ fcgitwrap-user = rec {
name = "fcgiwrap";
- uid = 2867890860; # genid fcgiwrap
+ uid = genid name;
group = "fcgiwrap";
};
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 5503ee8d6..2aa18d53a 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -56,9 +56,9 @@ let
};
};
- user = {
+ user = rec {
name = "github-hosts-sync";
- uid = 3220554646; # genid github-hosts-sync
+ uid = genid name;
};
# TODO move to lib?
diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix
index 793d1f60d..08a93dab7 100644
--- a/krebs/3modules/go.nix
+++ b/krebs/3modules/go.nix
@@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
-with builtins;
with lib;
let
@@ -31,9 +30,9 @@ let
bind = mkDefault "127.0.0.1";
};
- users.extraUsers.go = {
+ users.extraUsers.go = rec {
name = "go";
- uid = 42774411; #genid go
+ uid = genid name;
description = "go url shortener user";
home = "/var/lib/go";
createHome = true;
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index 7e02538f5..b377368f7 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -1,13 +1,7 @@
arg@{ config, lib, pkgs, ... }:
+with lib;
let
- inherit (lib)
- mkEnableOption
- mkOption
- types
- mkIf
- ;
-
cfg = config.krebs.realwallpaper;
out = {
@@ -89,7 +83,7 @@ let
};
users.extraUsers.realwallpaper = {
- uid = 2009435407; #genid realwallpaper
+ uid = genid "realwallpaper";
home = cfg.workingDir;
createHome = true;
};
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 28ac67306..e0e2692a8 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -133,9 +133,9 @@ let
};
};
- user = {
+ user = rec {
name = "retiolum";
- uid = 301281149; # genid retiolum
+ uid = genid name;
};
tinc = cfg.tincPackage;
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index ba81dd416..1f32c2e59 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -120,7 +120,7 @@ let
};
users.extraUsers.tinc_graphs = {
- uid = 3925439960; #genid tinc_graphs
+ uid = genid "tinc_graphs";
home = "/var/spool/tinc_graphs";
};
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index 206bc5697..31cbfcf6e 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -5,7 +5,6 @@
# cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
# TODO hooks.py
-with builtins;
with lib;
let
cfg = config.krebs.urlwatch;
@@ -136,9 +135,9 @@ let
};
};
- user = {
+ user = rec {
name = "urlwatch";
- uid = 3467631196; # genid urlwatch
+ uid = genid name;
};
in
out
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index 1cabeae27..dfc51bbe4 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -7,6 +7,8 @@ let out = rec {
eq = x: y: x == y;
+ mod = x: y: x - y * (x / y);
+
addName = name: set:
set // { inherit name; };
@@ -17,6 +19,7 @@ let out = rec {
dir.has-default-nix = path: pathExists (path + "/default.nix");
dns = import ./dns.nix { inherit lib; };
+ genid = import ./genid.nix { lib = lib // out; };
git = import ./git.nix { lib = lib // out; };
listset = import ./listset.nix { inherit lib; };
shell = import ./shell.nix { inherit lib; };
diff --git a/krebs/4lib/genid.nix b/krebs/4lib/genid.nix
new file mode 100644
index 000000000..0aed1d351
--- /dev/null
+++ b/krebs/4lib/genid.nix
@@ -0,0 +1,37 @@
+{ lib, ... }:
+with lib;
+with builtins;
+let out = genid;
+
+ # id = genid s = (hash s + min) % max
+ # min <= genid s < max
+ #
+ # min = 2^24 = 16777216 = 0x001000000
+ # max = 2^32 = 4294967296 = 0x100000000
+ #
+ # id is bigger than UID of nobody and GID of nogroup
+ # see <nixos/modules/misc/ids.nix> and some spare for stuff like lxd.
+ #
+ # :: str -> uint32
+ genid = s: sum16 (addmod16_16777216 (hash s));
+
+ # :: str -> list8 uint4
+ hash = s:
+ map hexint (stringToCharacters (substring 32 8 (hashString "sha1" s)));
+
+ # :: list uint -> uint
+ sum16 = foldl (a: i: a * 16 + i) 0;
+
+ # :: list8 uint4 -> list1 uint8 ++ list6 uint4
+ addmod16_16777216 = x: let
+ a = 16 * head x + head (tail x);
+ d = tail (tail x);
+ in [(mod (a + 1) 256)] ++ d;
+
+ # :: char -> uint4
+ hexint = x: hexvals.${toLower x};
+
+ # :: attrset char uint4
+ hexvals = listToAttrs (imap (i: c: { name = c; value = i - 1; })
+ (stringToCharacters "0123456789abcdef"));
+in out
diff --git a/krebs/5pkgs/genid/default.nix b/krebs/5pkgs/genid/default.nix
deleted file mode 100644
index c75bec317..000000000
--- a/krebs/5pkgs/genid/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ lib, pkgs, ... }:
-
-pkgs.writeScriptBin "genid" ''
- #! /bin/sh
- # usage: genid NAME
- set -euf
-
- export PATH=${lib.makeSearchPath "bin" (with pkgs; [
- bc
- coreutils
- ])}
-
- name=$1
- hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F)
- echo "
- min=2^24 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix>
- # and some spare for stuff like lxd.
- max=2^32 # see 2^(8*sizeof(uid_t))
- ibase=16
- ($hash + min) % max
- " | bc
-''