From a62be1cef8726a2afa61df3dac9e19a71882b370 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Fri, 24 Jul 2015 20:48:00 +0200
Subject: {2 tv git -> 3 krebs}.users

---
 2configs/tv/git.nix        | 22 +++++--------------
 3modules/krebs/default.nix | 54 ++++++++++++++++++++++++++++++++++++----------
 3modules/krebs/git.nix     | 11 ++++------
 4lib/krebs/default.nix     | 10 ++++++++-
 4lib/krebs/types.nix       | 11 ++++++++++
 4lib/tv/default.nix        |  7 ------
 6 files changed, 72 insertions(+), 43 deletions(-)

diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix
index ac1c413c..b7f9983a 100644
--- a/2configs/tv/git.nix
+++ b/2configs/tv/git.nix
@@ -1,4 +1,5 @@
 { config, lib, pkgs, ... }:
+
 with import ../../4lib/tv { inherit lib pkgs; };
 let
 
@@ -7,7 +8,7 @@ let
       enable = true;
       root-title = "public repositories at ${config.tv.identity.self.name}";
       root-desc = "keep calm and engage";
-      inherit repos rules users;
+      inherit repos rules;
     };
   };
 
@@ -43,20 +44,12 @@ let
   restricted-repos = mapAttrs make-restricted-repo (
     {
       brain = {
-        collaborators = with users; [ lass makefu ];
+        collaborators = with config.krebs.users; [ lass makefu ];
       };
     } //
-    import /root/src/secrets/repos.nix { inherit config lib pkgs users; }
+    import /root/src/secrets/repos.nix { inherit config lib pkgs; }
   );
 
-  # TODO move users to separate module
-  users = mapAttrs make-user {
-    tv = ../../Zpubkeys/tv_wu.ssh.pub;
-    lass = ../../Zpubkeys/lass.ssh.pub;
-    uriel = ../../Zpubkeys/uriel.ssh.pub;
-    makefu = ../../Zpubkeys/makefu.ssh.pub;
-  };
-
   make-public-repo = name: { desc ? null, ... }: {
     inherit name desc;
     public = true;
@@ -77,7 +70,7 @@ let
   };
 
   make-rules =
-    with git // users;
+    with git // config.krebs.users;
     repo:
       singleton {
         user = tv;
@@ -95,9 +88,4 @@ let
         perm = fetch;
       };
 
-  make-user = name: pubkey-file: {
-    inherit name;
-    pubkey = readFile pubkey-file;
-  };
-
 in out
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index fe94e09b..b8722d18 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -1,11 +1,43 @@
-_:
-
-{
-  imports = [
-    ./github-hosts-sync.nix
-    ./git.nix
-    ./nginx.nix
-    ./retiolum.nix
-    ./urlwatch.nix
-  ];
-}
+{ config, lib, ... }:
+
+with import ../../4lib/krebs { inherit lib; };
+let
+  cfg = config.krebs;
+
+  out = {
+    imports = [
+      ./github-hosts-sync.nix
+      ./git.nix
+      ./nginx.nix
+      ./retiolum.nix
+      ./urlwatch.nix
+    ];
+    options.krebs = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    users = mkOption {
+      type = with types; attrsOf user;
+      default = addNames {
+          lass = {
+            pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+          };
+          makefu = {
+            pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
+          };
+          tv = {
+            pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+          };
+          uriel = {
+            pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
+          };
+        };
+    };
+  };
+
+  imp = {
+  };
+
+in
+out
diff --git a/3modules/krebs/git.nix b/3modules/krebs/git.nix
index 3c3e9342..be6619b4 100644
--- a/3modules/krebs/git.nix
+++ b/3modules/krebs/git.nix
@@ -6,8 +6,7 @@
 # TODO when authorized_keys changes, then restart ssh
 #       (or kill already connected users somehow)
 
-with builtins;
-with lib;
+with import ../../4lib/krebs { inherit lib; };
 let
   cfg = config.krebs.git;
 
@@ -119,9 +118,6 @@ let
     rules = mkOption {
       type = types.unspecified;
     };
-    users = mkOption {
-      type = types.unspecified;
-    };
   };
 
   git-imp = {
@@ -149,7 +145,8 @@ let
       name = "git";
       shell = "/bin/sh";
       openssh.authorizedKeys.keys =
-        mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
+        mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
+          config.krebs.users;
       uid = 129318403; # genid git
     };
   };
@@ -255,7 +252,7 @@ let
 
   isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
 
-  makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }:
+  makeAuthorizedKey = git-ssh-command: user@{ name, pubkey, ... }:
     # TODO assert name
     # TODO assert pubkey
     let
diff --git a/4lib/krebs/default.nix b/4lib/krebs/default.nix
index 38c2a97d..0c59076b 100644
--- a/4lib/krebs/default.nix
+++ b/4lib/krebs/default.nix
@@ -1,6 +1,14 @@
 { lib, ... }:
 
-builtins // lib // {
+with builtins;
+with lib;
+
+builtins // lib // rec {
+
+  addName = name: set:
+    set // { inherit name; };
+
+  addNames = mapAttrs addName;
 
   types = import ./types.nix { inherit lib; };
 
diff --git a/4lib/krebs/types.nix b/4lib/krebs/types.nix
index 9d02c779..ca92c690 100644
--- a/4lib/krebs/types.nix
+++ b/4lib/krebs/types.nix
@@ -81,6 +81,17 @@ types // rec {
     merge = mergeOneOption;
   };
 
+  user = submodule {
+    options = {
+      name = mkOption {
+        type = str; # TODO
+      };
+      pubkey = mkOption {
+        type = str;
+      };
+    };
+  };
+
   # TODO
   addr = str;
   addr4 = str;
diff --git a/4lib/tv/default.nix b/4lib/tv/default.nix
index 267a858d..16888c21 100644
--- a/4lib/tv/default.nix
+++ b/4lib/tv/default.nix
@@ -15,16 +15,9 @@ krebs // rec {
     inherit pkgs;
   };
 
-  addName = name: set:
-    set // { inherit name; };
-
-  addNames = mapAttrs addName;
-
-
   # "7.4.335" -> "74"
   majmin = with lib; x : concatStrings (take 2 (splitString "." x));
 
-
   concat = xs :
     if xs == []
       then ""
-- 
cgit v1.2.3