summaryrefslogtreecommitdiffstats
path: root/3modules/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-07-24 12:03:51 +0200
committertv <tv@krebsco.de>2015-07-24 12:04:38 +0200
commit4e846ab7b38bc6c5ecf8213a027cc8ec4fa819d8 (patch)
tree53b9f0c9bc9042c612c9937d61af84e57500fc69 /3modules/krebs
parent6e66334ec650a37eca46d4ae85b10fc8200ef460 (diff)
3: {tv -> krebs}.github-hosts-sync
Diffstat (limited to '3modules/krebs')
-rw-r--r--3modules/krebs/github-hosts-sync.nix83
1 files changed, 83 insertions, 0 deletions
diff --git a/3modules/krebs/github-hosts-sync.nix b/3modules/krebs/github-hosts-sync.nix
new file mode 100644
index 0000000..c3b56ef
--- /dev/null
+++ b/3modules/krebs/github-hosts-sync.nix
@@ -0,0 +1,83 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+let
+ cfg = config.krebs.github-hosts-sync;
+
+ out = {
+ options.krebs.github-hosts-sync = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "krebs.github-hosts-sync";
+ port = mkOption {
+ type = types.int; # TODO port type
+ default = 1028;
+ };
+ dataDir = mkOption {
+ type = types.str; # TODO path (but not just into store)
+ default = "/var/lib/github-hosts-sync";
+ };
+ ssh-identity-file = mkOption {
+ type = types.str; # TODO must be named *.ssh.{id_rsa,id_ed25519}
+ default = "/root/src/secrets/github-hosts-sync.ssh.id_rsa";
+ };
+ };
+
+ imp = {
+ systemd.services.github-hosts-sync = {
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ port = toString cfg.port;
+ };
+ serviceConfig = {
+ PermissionsStartOnly = "true";
+ SyslogIdentifier = "github-hosts-sync";
+ User = user.name;
+ Restart = "always";
+ ExecStartPre = pkgs.writeScript "github-hosts-sync-init" ''
+ #! /bin/sh
+ set -euf
+
+ ssh_identity_file_target=$(
+ case ${cfg.ssh-identity-file} in
+ *.ssh.id_rsa|*.ssh.id_ed25519) echo ${cfg.dataDir}/.ssh/id_rsa;;
+ *.ssh.id_ed25519) echo ${cfg.dataDir}/.ssh/id_ed25519;;
+ *)
+ echo "bad identity file name: ${cfg.ssh-identity-file}" >&2
+ exit 1
+ esac
+ )
+
+ mkdir -p ${cfg.dataDir}
+ chown ${user.name}: ${cfg.dataDir}
+
+ install \
+ -o ${user.name} \
+ -m 0400 \
+ ${cfg.ssh-identity-file} \
+ "$ssh_identity_file_target"
+
+ ln -snf ${Zpkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts
+ '';
+ ExecStart = "${Zpkgs.github-hosts-sync}/bin/github-hosts-sync";
+ };
+ };
+
+ users.extraUsers = singleton {
+ inherit (user) name uid;
+ home = cfg.dataDir;
+ };
+ };
+
+ user = {
+ name = "github-hosts-sync";
+ uid = 3220554646; # genid github-hosts-sync
+ };
+
+ Zpkgs = import ../../Zpkgs/krebs { inherit pkgs; };
+in
+out