diff options
Diffstat (limited to 'nin')
| -rw-r--r-- | nin/1systems/hiawatha.nix | 9 | ||||
| -rw-r--r-- | nin/1systems/onondaga.nix | 1 | ||||
| -rw-r--r-- | nin/2configs/default.nix | 17 | ||||
| -rw-r--r-- | nin/2configs/git.nix | 70 | ||||
| -rw-r--r-- | nin/6tests/dummysecrets/hashedPasswords.nix | 1 | ||||
| -rw-r--r-- | nin/6tests/dummysecrets/ssh.id_ed25519 | 0 | 
6 files changed, 91 insertions, 7 deletions
| diff --git a/nin/1systems/hiawatha.nix b/nin/1systems/hiawatha.nix index 6fa8a3388..af865497e 100644 --- a/nin/1systems/hiawatha.nix +++ b/nin/1systems/hiawatha.nix @@ -11,6 +11,7 @@ with lib;      ../.      <nixpkgs/nixos/modules/installer/scan/not-detected.nix>      ../2configs/retiolum.nix +    ../2configs/git.nix    ];    krebs.build.host = config.krebs.hosts.hiawatha; @@ -76,15 +77,13 @@ with lib;    environment.systemPackages = with pkgs; [      firefox -    steam -    thunderbird -    vim      git -    hexchat      networkmanagerapplet      python +    steam +    thunderbird +    vim      virtmanager -    libvirt    ];    nixpkgs.config = { diff --git a/nin/1systems/onondaga.nix b/nin/1systems/onondaga.nix index 59f26c46b..576847032 100644 --- a/nin/1systems/onondaga.nix +++ b/nin/1systems/onondaga.nix @@ -10,6 +10,7 @@      <nixpkgs/nixos/modules/profiles/qemu-guest.nix>      ../2configs/retiolum.nix      ../2configs/weechat.nix +    ../2configs/git.nix    ];    krebs.build.host = config.krebs.hosts.onondaga; diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index e181a6041..a1ed76d98 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -46,6 +46,12 @@ with import <stockholm/lib>;          SSL_CERT_FILE = ca-bundle;        };      }) +    { +      nix = { +        binaryCaches = ["http://cache.prism.r"]; +        binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; +      }; +    }    ];    networking.hostName = config.krebs.build.host.name; @@ -58,7 +64,10 @@ with import <stockholm/lib>;        user = config.krebs.users.nin;        source = let inherit (config.krebs.build) host; in {          nixos-config.symlink = "stockholm/nin/1systems/${host.name}.nix"; -        secrets.file = "/home/nin/secrets/${host.name}"; +        secrets.file = +        if getEnv "dummy_secrets" == "true" +          then toString <stockholm/nin/6tests/dummysecrets> +          else "/home/nin/secrets/${host.name}";          stockholm.file = getEnv "PWD";        };      }; @@ -82,11 +91,14 @@ with import <stockholm/lib>;    # multiple-definition-problem when defining environment.variables.EDITOR    environment.extraInit = ''      EDITOR=vim -    MANPAGER=most    '';    nixpkgs.config.allowUnfree = true; +  environment.shellAliases = { +    gs = "git status"; +  }; +    environment.systemPackages = with pkgs; [    #stockholm      git @@ -95,6 +107,7 @@ with import <stockholm/lib>;      proot      populate      p7zip +    termite      unzip      unrar      hashPassword diff --git a/nin/2configs/git.nix b/nin/2configs/git.nix new file mode 100644 index 000000000..39f919e79 --- /dev/null +++ b/nin/2configs/git.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + +  out = { +    krebs.git = { +      enable = true; +      cgit = { +        settings = { +          root-title = "public repositories at ${config.krebs.build.host.name}"; +          root-desc = "keep calm and engage"; +        }; +      }; +      repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; +      rules = rules; +    }; + +    krebs.iptables.tables.filter.INPUT.rules = [ +      { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } +    ]; +  }; + +  repos = public-repos; + +  rules = concatMap make-rules (attrValues repos); + +  public-repos = mapAttrs make-public-repo { +    stockholm = { +      cgit.desc = "take all the computers hostage, they'll love you!"; +    }; +  }; + +  make-public-repo = name: { cgit ? {}, ... }: { +    inherit cgit name; +    public = true; +    hooks = { +      post-receive = pkgs.git-hooks.irc-announce { +        # TODO make nick = config.krebs.build.host.name the default +        nick = config.krebs.build.host.name; +        channel = "#retiolum"; +        server = "ni.r"; +        verbose = config.krebs.build.host.name == "onondaga"; +        # TODO define branches in some kind of option per repo +        branches = [ "master" ]; +      }; +    }; +  }; + +  make-rules = +    with git // config.krebs.users; +    repo: +      singleton { +        user = [ nin ]; +        repo = [ repo ]; +        perm = push "refs/*" [ non-fast-forward create delete merge ]; +      } ++ +      optional repo.public { +        user = attrValues config.krebs.users; +        repo = [ repo ]; +        perm = fetch; +      } ++ +      optional (length (repo.collaborators or []) > 0) { +        user = repo.collaborators; +        repo = [ repo ]; +        perm = fetch; +      }; + +in out diff --git a/nin/6tests/dummysecrets/hashedPasswords.nix b/nin/6tests/dummysecrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/nin/6tests/dummysecrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/nin/6tests/dummysecrets/ssh.id_ed25519 b/nin/6tests/dummysecrets/ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/nin/6tests/dummysecrets/ssh.id_ed25519 | 
