From 39ebd5001ebcbcc9d991784ec1ce6dd804dbdcd4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 02:15:58 +0200 Subject: getAttrDef: RIP --- krebs/4lib/default.nix | 1 - krebs/4lib/types.nix | 5 +++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 585bd313..e984614a 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -41,7 +41,6 @@ let out = rec { mapAttrs (name: _: path + "/${name}") (filterAttrs (_: eq "directory") (readDir path)); - getAttrDef = name: set: set.${name} or set.default or null; mapAttrValues = f: mapAttrs (_: f); setAttr = name: value: set: set // { ${name} = value; }; diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 66191d0b..f78d601e 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -199,8 +199,9 @@ types // rec { description = '' Set of user's PGP public keys. - Modules supporting PGP may use well-known key names to define option - defaults, e.g. using `getAttrDef well-known-name pubkeys`. + Modules supporting PGP may use well-known key names to define + default values for options, in which case the well-known name + should be documented in the respective option's description. ''; }; pubkey = mkOption { -- cgit v1.2.3 From b5bdd9aed4530924bca3d515eedeed215cfd64c2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 03:11:26 +0200 Subject: krebs.git.cgit :: { bool => submodule { enable :: bool } } --- krebs/3modules/git.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index d2d73ba3..542f1f38 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -13,7 +13,7 @@ let out = { options.krebs.git = api; config = with lib; mkIf cfg.enable (mkMerge [ - (mkIf cfg.cgit cgit-imp) + (mkIf cfg.cgit.enable cgit-imp) git-imp ]); }; @@ -22,10 +22,13 @@ let enable = mkEnableOption "krebs.git"; cgit = mkOption { - type = types.bool; - default = true; + type = types.submodule { + options = { + enable = mkEnableOption "krebs.git.cgit" // { default = true; }; + }; + }; + default = {}; description = '' - Enable cgit. Cgit is an attempt to create a fast web interface for the git version control system, using a built in cache to decrease pressure on the git server. -- cgit v1.2.3 From 6fcc35afb0003f0885994b3c09e401f3178d7a08 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 22:36:40 +0200 Subject: krebs types.uint: init --- krebs/4lib/types.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'krebs') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index f78d601e..d4d28bc7 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -154,6 +154,12 @@ types // rec { merge = mergeOneOption; }; + uint = mkOptionType { + name = "unsigned integer"; + check = x: isInt x && x >= 0; + merge = mergeOneOption; + }; + secret-file = submodule ({ config, ... }: { options = { path = mkOption { type = str; }; -- cgit v1.2.3 From 4a34b27c1c6c3fea2b336c0316c597d74460b428 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 03:14:21 +0200 Subject: krebs.git.cgit: make `cache-root` configurable ... along with all the other stuff :) --- krebs/3modules/git.nix | 191 ++++++++++++++++++++++++++++++++----------------- krebs/4lib/default.nix | 1 - 2 files changed, 125 insertions(+), 67 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 542f1f38..d1ab2ce6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -25,6 +25,11 @@ let type = types.submodule { options = { enable = mkEnableOption "krebs.git.cgit" // { default = true; }; + settings = mkOption { + apply = flip removeAttrs ["_module"]; + default = {}; + type = subtypes.cgit-settings; + }; }; }; default = {}; @@ -66,22 +71,6 @@ let Repositories. ''; }; - root-desc = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Text printed below the heading on the repository index page. - Default value: "a fast webinterface for the git dscm". - ''; - }; - root-title = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Text printed as heading on the repository index page. - Default value: "Git Repository Browser". - ''; - }; rules = mkOption { type = types.listOf subtypes.rule; default = []; @@ -102,8 +91,101 @@ let # TODO put into krebs/4lib/types.nix? subtypes = { - repo = types.submodule ({ + cgit-settings = types.submodule { + # A setting's value of `null` means cgit's default should be used. + options = { + cache-root = mkOption { + type = types.absolute-pathname; + default = "/tmp/cgit"; + }; + cache-size = mkOption { + type = types.uint; + default = 1000; + }; + css = mkOption { + type = types.absolute-pathname; + default = "/static/cgit.css"; + }; + enable-commit-graph = mkOption { + type = types.bool; + default = true; + }; + enable-index-links = mkOption { + type = types.bool; + default = true; + }; + enable-index-owner = mkOption { + type = types.bool; + default = false; + }; + enable-log-filecount = mkOption { + type = types.bool; + default = true; + }; + enable-log-linecount = mkOption { + type = types.bool; + default = true; + }; + enable-remote-branches = mkOption { + type = types.bool; + default = true; + }; + logo = mkOption { + type = types.absolute-pathname; + default = "/static/cgit.png"; + }; + max-stats = mkOption { + type = + types.nullOr (types.enum ["week" "month" "quarter" "year"]); + default = "year"; + }; + robots = mkOption { + type = types.nullOr (types.listOf types.str); + default = ["nofollow" "noindex"]; + }; + root-desc = mkOption { + type = types.nullOr types.str; + default = null; + }; + root-title = mkOption { + type = types.nullOr types.str; + default = null; + }; + }; + }; + repo = types.submodule ({ config, ... }: { options = { + cgit = { + desc = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Repository description. + ''; + }; + path = mkOption { + type = types.str; + default = "${cfg.dataDir}/${config.name}"; + description = '' + An absolute path to the repository directory. For non-bare + repositories this is the .git-directory. + ''; + }; + section = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Repository section. + ''; + }; + url = mkOption { + type = types.str; + default = config.name; + description = '' + The relative url used to access the repository. + ''; + }; + }; collaborators = mkOption { type = types.listOf types.user; default = []; @@ -115,20 +197,6 @@ let an example. ''; }; - desc = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Repository description. - ''; - }; - section = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Repository section. - ''; - }; name = mkOption { type = types.str; description = '' @@ -266,43 +334,34 @@ let # socketType = "unix" (default) }; - environment.etc."cgitrc".text = '' - css=/static/cgit.css - logo=/static/cgit.png - - # if you do not want that webcrawler (like google) index your site - robots=noindex, nofollow - - virtual-root=/ - - # TODO make this nicer (and/or somewhere else) - cache-root=/tmp/cgit - - cache-size=1000 - enable-commit-graph=1 - enable-index-links=1 - enable-index-owner=0 - enable-log-filecount=1 - enable-log-linecount=1 - enable-remote-branches=1 - - ${optionalString (cfg.root-title != null) "root-title=${cfg.root-title}"} - ${optionalString (cfg.root-desc != null) "root-desc=${cfg.root-desc}"} - - snapshots=0 - max-stats=year - - ${concatMapStringsSep "\n" (repo: '' - repo.url=${repo.name} - repo.path=${cfg.dataDir}/${repo.name} - ${optionalString (repo.section != null) "repo.section=${repo.section}"} - ${optionalString (repo.desc != null) "repo.desc=${repo.desc}"} - '') (filter isPublicRepo (attrValues cfg.repos))} - ''; + environment.etc."cgitrc".text = let + repo-to-cgitrc = _: repo: + optionals (isPublicRepo repo) (concatLists [ + [""] # empty line + [(kv-to-cgitrc "repo.url" repo.cgit.url)] + (mapAttrsToList kv-to-cgitrc + (mapAttrs' (k: nameValuePair "repo.${k}") + (removeAttrs repo.cgit ["url"]))) + ]); + + kv-to-cgitrc = k: v: getAttr (typeOf v) { + bool = kv-to-cgitrc k (if v then 1 else 0); + null = []; # This will be removed by `flatten`. + list = "${k}=${concatStringsSep ", " v}"; + int = "${k}=${toString v}"; + string = "${k}=${v}"; + }; + in + concatStringsSep "\n" + (flatten ( + mapAttrsToList kv-to-cgitrc cfg.cgit.settings + ++ + mapAttrsToList repo-to-cgitrc cfg.repos + )); system.activationScripts.cgit = '' - mkdir -m 0700 -p /tmp/cgit - chown ${toString fcgitwrap-user.uid}:${toString fcgitwrap-group.gid} /tmp/cgit + mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} + chown ${toString fcgitwrap-user.uid}:${toString fcgitwrap-group.gid} ${cfg.cgit.settings.cache-root} ''; krebs.nginx = { diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index e984614a..bfe8c581 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -41,7 +41,6 @@ let out = rec { mapAttrs (name: _: path + "/${name}") (filterAttrs (_: eq "directory") (readDir path)); - mapAttrValues = f: mapAttrs (_: f); setAttr = name: value: set: set // { ${name} = value; }; optionalTrace = c: msg: x: if c then trace msg x else x; -- cgit v1.2.3 From c655e1246daa04abc4cd83dbb62b86dda1d357d4 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 22:41:40 +0200 Subject: krebs.git: s/ensureList/toList/ --- krebs/3modules/git.nix | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index d1ab2ce6..9bc56fc8 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -290,15 +290,15 @@ let environment.etc."${etc-base}".source = scriptFarm "git-ssh-authorizers" { authorize-command = makeAuthorizeScript (map (rule: [ - (map getName (ensureList rule.user)) - (map getName (ensureList rule.repo)) + (map getName (toList rule.user)) + (map getName (toList rule.repo)) (map getName rule.perm.allow-commands) ]) cfg.rules); authorize-push = makeAuthorizeScript (map (rule: [ - (map getName (ensureList rule.user)) - (map getName (ensureList rule.repo)) - (ensureList rule.perm.allow-receive-ref) + (map getName (toList rule.user)) + (map getName (toList rule.repo)) + (toList rule.perm.allow-receive-ref) (map getName rule.perm.allow-receive-modes) ]) (filter (rule: rule.perm.allow-receive-ref != null) cfg.rules)); }; @@ -400,10 +400,6 @@ let gid = fcgitwrap-user.uid; }; - - ensureList = x: - if typeOf x == "list" then x else [x]; - getName = x: x.name; isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix @@ -428,7 +424,7 @@ let makeAuthorizeScript = let # TODO escape - to-pattern = x: concatStringsSep "|" (ensureList x); + to-pattern = x: concatStringsSep "|" (toList x); go = i: ps: if ps == [] then "exit 0" -- cgit v1.2.3 From a3644a38a5f8af779d7db64cdaa6468240ae37d3 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 22:49:26 +0200 Subject: krebs.git: make user configurable --- krebs/3modules/git.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 9bc56fc8..aabf4614 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -87,6 +87,14 @@ let access and permission rules for git repositories. ''; }; + + user = mkOption { + type = types.user; + default = { + name = "git"; + home = "/var/lib/git"; + }; + }; }; # TODO put into krebs/4lib/types.nix? @@ -303,16 +311,15 @@ let ]) (filter (rule: rule.perm.allow-receive-ref != null) cfg.rules)); }; - # TODO cfg.user - users.users.git = rec { + users.users.${cfg.user.name} = { + inherit (cfg.user) home name uid; + createHome = true; description = "Git repository hosting user"; - name = "git"; shell = "/bin/sh"; openssh.authorizedKeys.keys = mapAttrsToList (_: makeAuthorizedKey git-ssh-command) (filterAttrs (_: user: isString user.pubkey) config.krebs.users); - uid = genid name; }; }; -- cgit v1.2.3 From f90f8dc0004097f5f023ea47104b54dcd740e014 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 22:51:35 +0200 Subject: empty: init at 1.0.0 --- krebs/5pkgs/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 53fc4de4..f2bbaf7f 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -20,6 +20,8 @@ with config.krebs.lib; (filterAttrs (_: dir.has-default-nix) (subdirsOf ./.)) // { + empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out"; + haskellPackages = pkgs.haskellPackages.override { overrides = self: super: mapAttrs (name: path: self.callPackage path {}) -- cgit v1.2.3 From 922389ef205825163eb5b4e606b82a65deaa05c2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 23:02:37 +0200 Subject: krebs.git.cgit.fcgiwrap: make user configurable --- krebs/3modules/git.nix | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index aabf4614..0d12155f 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -25,6 +25,21 @@ let type = types.submodule { options = { enable = mkEnableOption "krebs.git.cgit" // { default = true; }; + fcgiwrap = { + group = mkOption { + type = types.group; + default = { + name = "fcgiwrap"; + }; + }; + user = mkOption { + type = types.user; + default = { + name = "fcgiwrap"; + home = toString pkgs.empty; + }; + }; + }; settings = mkOption { apply = flip removeAttrs ["_module"]; default = {}; @@ -324,19 +339,20 @@ let }; cgit-imp = { - users.extraUsers = lib.singleton { - inherit (fcgitwrap-user) group name uid; - home = toString (pkgs.runCommand "empty" {} "mkdir -p $out"); - }; - - users.extraGroups = lib.singleton { - inherit (fcgitwrap-group) gid name; + users = { + groups.${cfg.cgit.fcgiwrap.group.name} = { + inherit (cfg.cgit.fcgiwrap.group) name gid; + }; + users.${cfg.cgit.fcgiwrap.user.name} = { + inherit (cfg.cgit.fcgiwrap.user) home name uid; + group = cfg.cgit.fcgiwrap.group.name; + }; }; services.fcgiwrap = { enable = true; - user = fcgitwrap-user.name; - group = fcgitwrap-user.group; + user = cfg.cgit.fcgiwrap.user.name; + group = cfg.cgit.fcgiwrap.group.name; # socketAddress = "/run/fcgiwrap.sock" (default) # socketType = "unix" (default) }; @@ -368,7 +384,7 @@ let system.activationScripts.cgit = '' mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} - chown ${toString fcgitwrap-user.uid}:${toString fcgitwrap-group.gid} ${cfg.cgit.settings.cache-root} + chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} ''; krebs.nginx = { @@ -396,17 +412,6 @@ let }; }; - fcgitwrap-user = rec { - name = "fcgiwrap"; - uid = genid name; - group = "fcgiwrap"; - }; - - fcgitwrap-group = { - name = fcgitwrap-user.name; - gid = fcgitwrap-user.uid; - }; - getName = x: x.name; isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix -- cgit v1.2.3 From c8b0a57549ce2d340d7e513a33683e26fb5e7ddb Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 23:08:55 +0200 Subject: krebs.git.cgit: add server name for cgit.*.r --- krebs/3modules/git.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 0d12155f..357674a6 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -392,6 +392,7 @@ let servers.cgit = { server-names = [ "cgit.${config.networking.hostName}" + "cgit.${config.networking.hostName}.r" "cgit.${config.networking.hostName}.retiolum" ]; locations = [ -- cgit v1.2.3 From 78dfd1fee8af963eb80d5fc71dcb52c6199a27d9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 23:10:27 +0200 Subject: cgit: RIP --- krebs/5pkgs/cgit/default.nix | 64 -------------------------------------------- 1 file changed, 64 deletions(-) delete mode 100644 krebs/5pkgs/cgit/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/cgit/default.nix b/krebs/5pkgs/cgit/default.nix deleted file mode 100644 index 3180a5bd..00000000 --- a/krebs/5pkgs/cgit/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ stdenv, fetchurl, openssl, zlib, asciidoc, libxml2, libxslt -, docbook_xml_xslt, pkgconfig, luajit -, gzip, bzip2, xz -}: - -stdenv.mkDerivation rec { - name = "cgit-${version}"; - version = "0.12"; - - src = fetchurl { - url = "http://git.zx2c4.com/cgit/snapshot/${name}.tar.xz"; - sha256 = "1dx54hgfyabmg9nm5qp6d01f54nlbqbbdwhwl0llb9imjf237qif"; - }; - - # cgit is tightly coupled with git and needs a git source tree to build. - # IMPORTANT: Remember to check which git version cgit needs on every version - # bump (look in the Makefile). - # NOTE: as of 0.10.1, the git version is compatible from 1.9.0 to - # 1.9.2 (see the repository history) - gitSrc = fetchurl { - url = "mirror://kernel/software/scm/git/git-2.7.2.tar.xz"; - sha256 = "086ga30ksijfxad085ply83ddf955d2b8qxph5sw6c9hab77j15j"; - }; - - buildInputs = [ - openssl zlib asciidoc libxml2 libxslt docbook_xml_xslt pkgconfig luajit - ]; - - postPatch = '' - sed -e 's|"gzip"|"${gzip}/bin/gzip"|' \ - -e 's|"bzip2"|"${bzip2}/bin/bzip2"|' \ - -e 's|"xz"|"${xz}/bin/xz"|' \ - -i ui-snapshot.c - ''; - - # Give cgit a git source tree and pass configuration parameters (as make - # variables). - preBuild = '' - mkdir -p git - tar --strip-components=1 -xf "$gitSrc" -C git - - makeFlagsArray+=(prefix="$out" CGIT_SCRIPT_PATH="$out/cgit/") - ''; - - # Install manpage. - postInstall = '' - # xmllint fails: - #make install-man - - # bypassing xmllint works: - a2x --no-xmllint -f manpage cgitrc.5.txt - mkdir -p "$out/share/man/man5" - cp cgitrc.5 "$out/share/man/man5" - ''; - - meta = { - homepage = http://git.zx2c4.com/cgit/about/; - repositories.git = git://git.zx2c4.com/cgit; - description = "Web frontend for git repositories"; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ bjornfor ]; - }; -} -- cgit v1.2.3 From 5e91e789b66350302b3a5f90843d4a10f4fd2c75 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 23:22:12 +0200 Subject: krebs types.absolute-pathname: admit / --- krebs/4lib/types.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index d4d28bc7..f65d5b68 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -337,7 +337,7 @@ types // rec { # TODO two slashes absolute-pathname = mkOptionType { name = "POSIX absolute pathname"; - check = s: pathname.check s && substring 0 1 s == "/"; + check = s: s == "/" || (pathname.check s && substring 0 1 s == "/"); }; # POSIX.1‐2013, 3.267 Pathname -- cgit v1.2.3 From 567800c98e7f17ead15aa99f388d4a91c2f58653 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 23:23:06 +0200 Subject: krebs.git.cgit.settings.virtual-root: init --- krebs/3modules/git.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 357674a6..4fec3857 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -174,6 +174,10 @@ let type = types.nullOr types.str; default = null; }; + virtual-root = mkOption { + type = types.nullOr types.absolute-pathname; + default = "/"; + }; }; }; repo = types.submodule ({ config, ... }: { -- cgit v1.2.3 From a431e036e335d688aa8e59e039dd86fa1eefdc2a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 23:32:28 +0200 Subject: krebs.git: move assert to etcDir's type --- krebs/3modules/git.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 4fec3857..db0b6b0a 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -63,7 +63,11 @@ let description = "Directory used to store repositories."; }; etcDir = mkOption { - type = types.str; + type = mkOptionType { + name = "${types.absolute-pathname.name} starting with `/etc/'"; + check = x: types.absolute-pathname.check x && hasPrefix "/etc/" x; + merge = mergeOneOption; + }; default = "/etc/git"; }; repos = mkOption { @@ -314,7 +318,7 @@ let system.activationScripts.git-init = "${init-script}"; # TODO maybe put all scripts here and then use PATH? - environment.etc."${etc-base}".source = + environment.etc.${removePrefix "/etc/" cfg.etcDir}.source = scriptFarm "git-ssh-authorizers" { authorize-command = makeAuthorizeScript (map (rule: [ (map getName (toList rule.user)) @@ -642,9 +646,5 @@ let ''; }; - etc-base = - assert (hasPrefix "/etc/" cfg.etcDir); - removePrefix "/etc/" cfg.etcDir; - in out -- cgit v1.2.3 From b419d6cd365cda3202dcce5925bd99e973ba535e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 23:38:33 +0200 Subject: krebs.git.user.home: /var/lib/git -> pkgs.empty --- krebs/3modules/git.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index db0b6b0a..0f5e3172 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -111,7 +111,7 @@ let type = types.user; default = { name = "git"; - home = "/var/lib/git"; + home = toString pkgs.empty; }; }; }; @@ -336,7 +336,6 @@ let users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; - createHome = true; description = "Git repository hosting user"; shell = "/bin/sh"; openssh.authorizedKeys.keys = -- cgit v1.2.3 From c80aee7a0b5f3bc064e7f02d9c3d10dc83f1ce73 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 11 Jun 2016 16:11:22 +0200 Subject: krebs types.filename: admit --- krebs/4lib/types.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index f65d5b68..b048f48d 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -325,10 +325,7 @@ types // rec { # POSIX.1‐2013, 3.278 Portable Filename Character Set filename = mkOptionType { name = "POSIX filename"; - check = let - filename-chars = stringToCharacters - "-.0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - in s: all (flip elem filename-chars) (stringToCharacters s); + check = x: match "[0-9A-Za-z._-]+" x != null; merge = mergeOneOption; }; -- cgit v1.2.3 From cda4c2d96b70c296ad97e4d9118aa55ea7c3a594 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 11 Jun 2016 16:29:18 +0200 Subject: krebs types.filename: maximize strictness --- krebs/4lib/types.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index b048f48d..628555a9 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -325,7 +325,7 @@ types // rec { # POSIX.1‐2013, 3.278 Portable Filename Character Set filename = mkOptionType { name = "POSIX filename"; - check = x: match "[0-9A-Za-z._-]+" x != null; + check = x: match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null; merge = mergeOneOption; }; @@ -347,6 +347,6 @@ types // rec { # POSIX.1-2013, 3.431 User Name username = mkOptionType { name = "POSIX username"; - check = s: filename.check s && substring 0 1 s != "-"; + check = filename.check; }; } -- cgit v1.2.3 From 8353b1293e4e4c307e7b875a5449ac901a5afc7d Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 11 Jun 2016 16:36:42 +0200 Subject: krebs {{absolute-,}path,user}name: mergeOneOption --- krebs/4lib/types.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 628555a9..678ae7a6 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -335,6 +335,7 @@ types // rec { absolute-pathname = mkOptionType { name = "POSIX absolute pathname"; check = s: s == "/" || (pathname.check s && substring 0 1 s == "/"); + merge = mergeOneOption; }; # POSIX.1‐2013, 3.267 Pathname @@ -342,11 +343,13 @@ types // rec { pathname = mkOptionType { name = "POSIX pathname"; check = s: isString s && all filename.check (splitString "/" s); + merge = mergeOneOption; }; # POSIX.1-2013, 3.431 User Name username = mkOptionType { name = "POSIX username"; check = filename.check; + merge = mergeOneOption; }; } -- cgit v1.2.3 From fb8be5838adfe58fc5d13235ac82022cbdb8f6e4 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 12 Jun 2016 13:53:23 +0200 Subject: writeFiles: init --- krebs/5pkgs/builders.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'krebs') diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index f60bbc9d..8ba0ab5a 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -81,6 +81,26 @@ rec { mv "$textPath" $out ''; + writeFiles = name: specs0: + let + specs = mapAttrsToList (path: spec0: { + path = assert types.pathname.check path; path; + var = "file_${hashString "sha1" path}"; + text = spec0.text; + }) specs0; + + filevars = genAttrs' specs (spec: nameValuePair spec.var spec.text); + + env = filevars // { passAsFile = attrNames filevars; }; + in + pkgs.runCommand name env /* sh */ '' + set -efu + PATH=${makeBinPath [pkgs.coreutils]} + ${concatMapStrings (spec: /* sh */ '' + install -D ''$${spec.var}Path $out${spec.path} + '') specs} + ''; + writeHaskell = k: let -- cgit v1.2.3 From 29442eda7c864265ccf23df0b350572d5527dd86 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 12 Jun 2016 18:13:05 +0200 Subject: krebs {absolute,}-pathname: admit harder --- krebs/4lib/types.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 678ae7a6..4742877a 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -334,7 +334,8 @@ types // rec { # TODO two slashes absolute-pathname = mkOptionType { name = "POSIX absolute pathname"; - check = s: s == "/" || (pathname.check s && substring 0 1 s == "/"); + check = x: let xs = splitString "/" x; xa = head xs; in + xa == "/" || (xa == "" && all filename.check (tail xs)); merge = mergeOneOption; }; @@ -342,7 +343,8 @@ types // rec { # TODO normalize slashes pathname = mkOptionType { name = "POSIX pathname"; - check = s: isString s && all filename.check (splitString "/" s); + check = x: let xs = splitString "/" x; in + all filename.check (if head xs == "" then tail xs else xs); merge = mergeOneOption; }; -- cgit v1.2.3