diff options
author | tv <tv@krebsco.de> | 2015-07-24 12:03:51 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-07-24 12:04:38 +0200 |
commit | 4e846ab7b38bc6c5ecf8213a027cc8ec4fa819d8 (patch) | |
tree | 53b9f0c9bc9042c612c9937d61af84e57500fc69 /3modules/krebs | |
parent | 6e66334ec650a37eca46d4ae85b10fc8200ef460 (diff) |
3: {tv -> krebs}.github-hosts-sync
Diffstat (limited to '3modules/krebs')
-rw-r--r-- | 3modules/krebs/github-hosts-sync.nix | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/3modules/krebs/github-hosts-sync.nix b/3modules/krebs/github-hosts-sync.nix new file mode 100644 index 0000000..c3b56ef --- /dev/null +++ b/3modules/krebs/github-hosts-sync.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; +let + cfg = config.krebs.github-hosts-sync; + + out = { + options.krebs.github-hosts-sync = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "krebs.github-hosts-sync"; + port = mkOption { + type = types.int; # TODO port type + default = 1028; + }; + dataDir = mkOption { + type = types.str; # TODO path (but not just into store) + default = "/var/lib/github-hosts-sync"; + }; + ssh-identity-file = mkOption { + type = types.str; # TODO must be named *.ssh.{id_rsa,id_ed25519} + default = "/root/src/secrets/github-hosts-sync.ssh.id_rsa"; + }; + }; + + imp = { + systemd.services.github-hosts-sync = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = { + port = toString cfg.port; + }; + serviceConfig = { + PermissionsStartOnly = "true"; + SyslogIdentifier = "github-hosts-sync"; + User = user.name; + Restart = "always"; + ExecStartPre = pkgs.writeScript "github-hosts-sync-init" '' + #! /bin/sh + set -euf + + ssh_identity_file_target=$( + case ${cfg.ssh-identity-file} in + *.ssh.id_rsa|*.ssh.id_ed25519) echo ${cfg.dataDir}/.ssh/id_rsa;; + *.ssh.id_ed25519) echo ${cfg.dataDir}/.ssh/id_ed25519;; + *) + echo "bad identity file name: ${cfg.ssh-identity-file}" >&2 + exit 1 + esac + ) + + mkdir -p ${cfg.dataDir} + chown ${user.name}: ${cfg.dataDir} + + install \ + -o ${user.name} \ + -m 0400 \ + ${cfg.ssh-identity-file} \ + "$ssh_identity_file_target" + + ln -snf ${Zpkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts + ''; + ExecStart = "${Zpkgs.github-hosts-sync}/bin/github-hosts-sync"; + }; + }; + + users.extraUsers = singleton { + inherit (user) name uid; + home = cfg.dataDir; + }; + }; + + user = { + name = "github-hosts-sync"; + uid = 3220554646; # genid github-hosts-sync + }; + + Zpkgs = import ../../Zpkgs/krebs { inherit pkgs; }; +in +out |