diff options
author | tv <tv@krebsco.de> | 2015-07-24 20:48:00 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-07-24 20:49:46 +0200 |
commit | 2154167857b6bd35c8b1cce2ad41521164abb2ff (patch) | |
tree | 99df541a14bd1baec6150a7da8fcaf2270edd0a1 /3modules/krebs | |
parent | e1d542e07d5ee9c26a04f273b0eb6ff8adccf756 (diff) |
{2 tv git -> 3 krebs}.users
Diffstat (limited to '3modules/krebs')
-rw-r--r-- | 3modules/krebs/default.nix | 54 | ||||
-rw-r--r-- | 3modules/krebs/git.nix | 11 |
2 files changed, 47 insertions, 18 deletions
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index fe94e09..b8722d1 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -1,11 +1,43 @@ -_: - -{ - imports = [ - ./github-hosts-sync.nix - ./git.nix - ./nginx.nix - ./retiolum.nix - ./urlwatch.nix - ]; -} +{ config, lib, ... }: + +with import ../../4lib/krebs { inherit lib; }; +let + cfg = config.krebs; + + out = { + imports = [ + ./github-hosts-sync.nix + ./git.nix + ./nginx.nix + ./retiolum.nix + ./urlwatch.nix + ]; + options.krebs = api; + config = mkIf cfg.enable imp; + }; + + api = { + users = mkOption { + type = with types; attrsOf user; + default = addNames { + lass = { + pubkey = readFile ../../Zpubkeys/lass.ssh.pub; + }; + makefu = { + pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; + }; + tv = { + pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; + }; + uriel = { + pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; + }; + }; + }; + }; + + imp = { + }; + +in +out diff --git a/3modules/krebs/git.nix b/3modules/krebs/git.nix index 3c3e934..be6619b 100644 --- a/3modules/krebs/git.nix +++ b/3modules/krebs/git.nix @@ -6,8 +6,7 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with builtins; -with lib; +with import ../../4lib/krebs { inherit lib; }; let cfg = config.krebs.git; @@ -119,9 +118,6 @@ let rules = mkOption { type = types.unspecified; }; - users = mkOption { - type = types.unspecified; - }; }; git-imp = { @@ -149,7 +145,8 @@ let name = "git"; shell = "/bin/sh"; openssh.authorizedKeys.keys = - mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users; + mapAttrsToList (_: makeAuthorizedKey git-ssh-command) + config.krebs.users; uid = 129318403; # genid git }; }; @@ -255,7 +252,7 @@ let isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix - makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }: + makeAuthorizedKey = git-ssh-command: user@{ name, pubkey, ... }: # TODO assert name # TODO assert pubkey let |