summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/tv/default.nix26
-rw-r--r--krebs/5pkgs/simple/git-hooks/default.nix7
-rw-r--r--krebs/5pkgs/simple/qrscan.nix26
3 files changed, 21 insertions, 38 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index e096118c6..965505a75 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -1,11 +1,13 @@
-with import <stockholm/lib>;
+with import ../../../lib;
{ config, ... }: let
- hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+ evalHost = hostName: hostConfig: evalSubmodule types.host [
+ hostConfig
{
+ name = hostName;
owner = config.krebs.users.tv;
}
- (optionalAttrs (host.nets?retiolum) {
+ (optionalAttrs (hasAttrByPath ["nets" "retiolum"] hostConfig) {
nets.retiolum = {
ip6.addr =
(krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
@@ -23,14 +25,19 @@ with import <stockholm/lib>;
wireguard.pubkey = readFile pubkey-path;
};
})
- host
+ (host: mkIf (host.config.ssh.pubkey != null) {
+ ssh.privkey = mapAttrs (const mkDefault) {
+ path = config.krebs.secret.file "ssh.id_${host.config.ssh.privkey.type}";
+ type = head (toList (match "ssh-([^ ]+) .*" host.config.ssh.pubkey));
+ };
+ })
];
in {
dns.providers = {
"viljetic.de" = "regfish";
};
- hosts = mapAttrs hostDefaults {
+ hosts = mapAttrs evalHost {
alnus = {
ci = true;
cores = 2;
@@ -53,7 +60,6 @@ in {
tinc.pubkey_ed25519 = "Td6pRkmSzSGVJll26rULdr6W4U87xsHZ/87NEaglW3K";
};
};
- ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa";
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
};
au = {
@@ -79,7 +85,6 @@ in {
};
};
secure = true;
- ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au";
};
bu = {
@@ -129,7 +134,6 @@ in {
};
};
secure = true;
- ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rrf9tvuusYlnSZwUiHS4O+AhrpVZ/6n7peSRKojTc root@hu";
};
mu = {
@@ -154,7 +158,6 @@ in {
tinc.pubkey_ed25519 = "cEf/Kq/2Fo70yoIcVmhIp4it9eA7L3GdkgrVE9AWU6C";
};
};
- ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu";
};
ni = {
@@ -234,7 +237,6 @@ in {
};
};
secure = true;
- ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic";
};
wu = {
@@ -261,7 +263,6 @@ in {
};
};
secure = true;
- ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
};
querel = {
@@ -290,7 +291,6 @@ in {
'';
};
};
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFM2GdL9yOjSBmYBE07ClywNOADc/zxqXwZuWd7Mael root@querel.r";
};
xu = {
@@ -321,7 +321,6 @@ in {
};
};
secure = true;
- ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519";
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu";
};
zu = {
@@ -346,7 +345,6 @@ in {
};
};
secure = true;
- ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNjHxyUC7afNGSwfwBfQizmDnHTNLWDRHE8SY9W4oiw2lPhCFGTN8Jz84CKtnABbZhbNY1E8T58emF2h45WzDg/OGi8DPAk4VsXSkIhyvAto+nkTy2L4atjqfvXDvqxTDC9sui+t8p5OqOK+sghe4kiy+Vx1jhnjSnkQsx9Kocu24BYTkNqYxG7uwOz6t262XYNwMn13Y2K/yygDR3Uw3wTnEjpaYnObRxxJS3iTECDzgixiQ6ewXwYNggpzO/+EfW1BTz5vmuEVf4GbQ9iEc7IsVXHhR+N0boCscvSgae9KW9MBun0A2veRFXNkkfBEMfzelz+S63oeVfelkBq6N5aLsHYYGC4VQjimScelHYVwxR7O4fV+NttJaFF7H06FJeFzPt3NYZeoPKealD5y2Muh1UnewpmkMgza9hQ9EmI4/G1fMowqeMq0U6Hu0QMDUAagyalizN97AfsllY2cs0qLNg7+zHMPwc5RgLzs73oPUsF3umz0O42I5p5733vveUlWi5IZeI8CA1ZKdpwyMXXNhIOHs8u+yGsOLfSy3RgjVKp2GjN4lfnFd0LI+p7iEsEWDRkIAvGCOFepsebyVpBjGP+Kqs10bPGpk5dMcyn9iBJejoz9ka+H9+JAG04LnXwt6Rf1CRV3VRCRX1ayZEjRv9czV7U9ZpuFQcIlVRJQ== root@zu";
};
umz = {
diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix
index c9dcc7541..13fe7aa67 100644
--- a/krebs/5pkgs/simple/git-hooks/default.nix
+++ b/krebs/5pkgs/simple/git-hooks/default.nix
@@ -96,7 +96,12 @@ with stockholm.lib;
#$host $GIT_SSH_REPO $ref $link
add_message $(pink push) $link $(gray "($receive_mode)")
- ${optionalString verbose /* sh */ ''
+ ${optionalString (verbose == false || typeOf verbose == "set") /* sh */ ''
+ ${optionalString (verbose.exclude or [] != []) /* sh */ ''
+ case $ref in (${concatStringsSep "|" verbose.exclude})
+ continue
+ esac
+ ''}
add_message "$(
git log \
--format="$(orange %h) %s $(gray '(%ar)')" \
diff --git a/krebs/5pkgs/simple/qrscan.nix b/krebs/5pkgs/simple/qrscan.nix
index 7d99dcee7..df9a98053 100644
--- a/krebs/5pkgs/simple/qrscan.nix
+++ b/krebs/5pkgs/simple/qrscan.nix
@@ -1,27 +1,7 @@
-{ coreutils, gnused, writeDashBin, zbar }:
+{ pkgs }:
-writeDashBin "qrscan" ''
+pkgs.writeDashBin "qrscan" ''
set -efu
- tmpdir=$(${coreutils}/bin/mktemp --tmpdir -d qrscan.XXXXXXXX)
- codefile=$tmpdir/code
-
- cleanup() {
- ${coreutils}/bin/rm "$codefile"
- ${coreutils}/bin/rmdir "$tmpdir"
- }
-
- ${coreutils}/bin/mkfifo "$codefile"
-
- ${zbar}/bin/zbarcam > "$codefile" &
- zbarcampid=$!
-
- exec < "$codefile"
- while read -r code; do
- code=$(printf %s "$code" | ${gnused}/bin/sed -n 's/^QR-Code://p')
- if test -n "$code"; then
- ${coreutils}/bin/kill "$zbarcampid"
- echo "$code"
- fi
- done
+ ${pkgs.zbar}/bin/zbarcam -1 | ${pkgs.gnused}/bin/sed -n 's/^QR-Code://p'
''