summaryrefslogtreecommitdiffstats
path: root/tv/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'tv/2configs')
-rw-r--r--tv/2configs/default.nix3
-rw-r--r--tv/2configs/elm-packages-proxy.nix123
-rw-r--r--tv/2configs/exim-smarthost.nix1
-rw-r--r--tv/2configs/gitrepos.nix3
-rw-r--r--tv/2configs/hw/x220.nix6
5 files changed, 105 insertions, 31 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 87a5c2e18..07e7ff11d 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -90,9 +90,6 @@ with import <stockholm/lib>;
{
services.cron.enable = false;
- services.nscd.enable =
- # Since 20.09 nscd doesn't cache anymore.
- versionAtLeast (versions.majorMinor version) "20.09";
services.ntp.enable = false;
services.timesyncd.enable = true;
}
diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix
index 17a0d2304..ecced3da2 100644
--- a/tv/2configs/elm-packages-proxy.nix
+++ b/tv/2configs/elm-packages-proxy.nix
@@ -4,20 +4,45 @@
cfg.packageDir = "/var/lib/elm-packages";
cfg.port = 7782;
+ # TODO secret files
+ cfg.htpasswd = "/var/lib/certs/package.elm-lang.org/htpasswd";
+ cfg.sslCertificate = "/var/lib/certs/package.elm-lang.org/fullchain.pem";
+ cfg.sslCertificateKey = "/var/lib/certs/package.elm-lang.org/key.pem";
+
+ semverRegex =
+ "(?<major>0|[1-9]\\d*)\\.(?<minor>0|[1-9]\\d*)\\.(?<patch>0|[1-9]\\d*)(?:-(?<prerelease>(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?<buildmetadata>[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?";
+
in {
services.nginx.virtualHosts."package.elm-lang.org" = {
addSSL = true;
- # TODO secret files
- sslCertificate = "/var/lib/certs/package.elm-lang.org/fullchain.pem";
- sslCertificateKey = "/var/lib/certs/package.elm-lang.org/key.pem";
+ sslCertificate = cfg.sslCertificate;
+ sslCertificateKey = cfg.sslCertificateKey;
+
+ locations."/all-packages".extraConfig = ''
+ proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port};
+ proxy_pass_header Server;
+ '';
locations."/all-packages/since/".extraConfig = ''
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port};
proxy_pass_header Server;
'';
- locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>(?<major>0|[1-9]\\d*)\\.(?<minor>0|[1-9]\\d*)\\.(?<patch>0|[1-9]\\d*)(?:-(?<prerelease>(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?<buildmetadata>[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)/(?:zipball|elm.json|endpoint.json)\$".extraConfig = ''
+ locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>${semverRegex})\$".extraConfig = ''
+ auth_basic "Restricted Area";
+ auth_basic_user_file ${cfg.htpasswd};
+
+ proxy_set_header X-User $remote_user;
+ proxy_set_header X-Author $author;
+ proxy_set_header X-Package $pname;
+ proxy_set_header X-Version $version;
+ proxy_pass_header Server;
+
+ proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port};
+ '';
+
+ locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>${semverRegex})/(?:zipball|elm.json|endpoint.json)\$".extraConfig = ''
set $zipball "${cfg.packageDir}/$author/$pname/$version/zipball";
proxy_set_header X-Author $author;
proxy_set_header X-Package $pname;
@@ -39,14 +64,14 @@ in {
krebs.htgen.elm-packages-proxy = {
port = cfg.port;
- script = /* sh */ ''(. ${pkgs.writeDash "elm-packages-proxy.sh" ''
+ script = /* sh */ ''. ${pkgs.writeDash "elm-packages-proxy.sh" ''
PATH=${lib.makeBinPath [
pkgs.coreutils
pkgs.curl
pkgs.findutils
pkgs.gnugrep
pkgs.jq
- pkgs.unzip
+ pkgs.p7zip
]}
export PATH
file_response() {(
@@ -99,7 +124,7 @@ in {
;;
elm.json)
if ! test -f "$elmjson"; then
- unzip -p "$zipball" \*/elm.json > "$elmjson"
+ 7z x -so "$zipball" \*/elm.json > "$elmjson"
fi
file_response 200 OK "$elmjson" 'application/json; charset=UTF-8'
exit
@@ -119,36 +144,86 @@ in {
;;
esac
;;
- 'POST /all-packages/since/'*)
+ 'POST /packages/'*)
+
+ author=$req_x_author
+ pname=$req_x_package
+ user=$req_x_user
+ version=$req_x_version
+
+ zipball=${cfg.packageDir}/$author/$pname/$version/zipball
+
+ if test -e "$zipball"; then
+ string_response 409 Conflict \
+ "package already exists: $author/$pname@$version" \
+ text/plain
+ else
+ echo "user $user is uploading package $author/$pname@$version" >&2
+ mkdir -p "$(dirname "$zipball")"
+ head -c $req_content_length > "$zipball"
+ string_response 200 OK \
+ "package created: $author/$pname@$version" \
+ text/plain
+ fi
+ exit
+ ;;
+ 'GET /all-packages'|'POST /all-packages')
- # TODO only show newest?
- my_packages=$(
- cd ${cfg.packageDir}
- find -mindepth 3 -maxdepth 3 |
+ response=$(mktemp -t htgen.$$.elm-packages-proxy.all-packages.XXXXXXXX)
+ trap "rm $response >&2" EXIT
+
+ {
+ # upstream packages
+ curl -fsS https://package.elm-lang.org"$Request_URI"
+
+ # private packages
+ (cd ${cfg.packageDir}; find -mindepth 3 -maxdepth 3) |
jq -Rs '
split("\n") |
map(
select(.!="") |
- sub("^\\./(?<author>[^/]+)/(?<pname>[^/]+)/(?<version>[^/]+)$";"\(.author)/\(.pname)@\(.version)")
+ match("^\\./(?<author>[^/]+)/(?<pname>[^/]+)/(?<version>[^/]+)$").captures |
+ map({key:.name,value:.string}) |
+ from_entries
+ ) |
+ reduce .[] as $item ({};
+ ($item|"\(.author)/\(.pname)") as $name |
+ . + { "\($name)": ((.[$name] // []) + [$item.version]) }
)
'
- )
+ } |
+ jq -cs add > $response
- new_upstream_packages=$(
+ file_response 200 OK "$response" 'application/json; charset=UTF-8'
+ exit
+ ;;
+ 'GET /all-packages/since/'*|'POST /all-packages/since/'*)
+
+ response=$(mktemp -t htgen.$$.elm-packages-proxy.all-packages.XXXXXXXX)
+ trap "rm $response >&2" EXIT
+
+ {
+ # upstream packages
curl -fsS https://package.elm-lang.org"$Request_URI"
- )
- response=$(
- jq -n \
- --argjson my_packages "$my_packages" \
- --argjson new_upstream_packages "$new_upstream_packages" \
- '$new_upstream_packages + $my_packages'
- )
+ # private packages
+ (cd ${cfg.packageDir}; find -mindepth 3 -maxdepth 3) |
+ jq -Rs '
+ split("\n") |
+ map(
+ select(.!="") |
+ sub("^\\./(?<author>[^/]+)/(?<pname>[^/]+)/(?<version>[^/]+)$";"\(.author)/\(.pname)@\(.version)")
+ ) |
+ sort_by(split("@") | [.[0]]+(.[1]|split("."))) |
+ reverse
+ '
+ } |
+ jq -cs add > $response
- string_response 200 OK "$response" 'application/json; charset=UTF-8'
+ file_response 200 OK "$response" 'application/json; charset=UTF-8'
exit
;;
esac
- ''})'';
+ ''}'';
};
}
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 68fbcd151..4a0dcf616 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -26,7 +26,6 @@ with import <stockholm/lib>;
{ from = "postmaster@viljetic.de"; to = tv.mail; } # RFC 822
{ from = "mirko@viljetic.de"; to = mv-ni.mail; }
{ from = "tomislav@viljetic.de"; to = tv.mail; }
- { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; }
{ from = "tv@viljetic.de"; to = tv.mail; }
{ from = "tv@shackspace.de"; to = tv.mail; }
];
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 59090c8e3..991281ede 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -83,6 +83,9 @@ let {
krops = {
cgit.desc = "deployment tools";
};
+ mailaids = {
+ cgit.desc = "Assortment of aids for working with electronic mail";
+ };
much = {};
netcup = {
cgit.desc = "netcup command line interface";
diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix
index 61b475537..aadfc6691 100644
--- a/tv/2configs/hw/x220.nix
+++ b/tv/2configs/hw/x220.nix
@@ -48,9 +48,9 @@
};
services.tlp.enable = true;
- services.tlp.extraConfig = ''
- START_CHARGE_THRESH_BAT0=80
- '';
+ services.tlp.settings = {
+ START_CHARGE_THRESH_BAT0 = 80;
+ };
nix = {
buildCores = 2;