summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-07-24 20:48:00 +0200
committertv <tv@krebsco.de>2015-07-24 20:49:46 +0200
commit2154167857b6bd35c8b1cce2ad41521164abb2ff (patch)
tree99df541a14bd1baec6150a7da8fcaf2270edd0a1
parente1d542e07d5ee9c26a04f273b0eb6ff8adccf756 (diff)
{2 tv git -> 3 krebs}.users
-rw-r--r--2configs/tv/git.nix22
-rw-r--r--3modules/krebs/default.nix54
-rw-r--r--3modules/krebs/git.nix11
-rw-r--r--4lib/krebs/default.nix10
-rw-r--r--4lib/krebs/types.nix11
-rw-r--r--4lib/tv/default.nix7
6 files changed, 72 insertions, 43 deletions
diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix
index ac1c413..b7f9983 100644
--- a/2configs/tv/git.nix
+++ b/2configs/tv/git.nix
@@ -1,4 +1,5 @@
{ config, lib, pkgs, ... }:
+
with import ../../4lib/tv { inherit lib pkgs; };
let
@@ -7,7 +8,7 @@ let
enable = true;
root-title = "public repositories at ${config.tv.identity.self.name}";
root-desc = "keep calm and engage";
- inherit repos rules users;
+ inherit repos rules;
};
};
@@ -43,20 +44,12 @@ let
restricted-repos = mapAttrs make-restricted-repo (
{
brain = {
- collaborators = with users; [ lass makefu ];
+ collaborators = with config.krebs.users; [ lass makefu ];
};
} //
- import /root/src/secrets/repos.nix { inherit config lib pkgs users; }
+ import /root/src/secrets/repos.nix { inherit config lib pkgs; }
);
- # TODO move users to separate module
- users = mapAttrs make-user {
- tv = ../../Zpubkeys/tv_wu.ssh.pub;
- lass = ../../Zpubkeys/lass.ssh.pub;
- uriel = ../../Zpubkeys/uriel.ssh.pub;
- makefu = ../../Zpubkeys/makefu.ssh.pub;
- };
-
make-public-repo = name: { desc ? null, ... }: {
inherit name desc;
public = true;
@@ -77,7 +70,7 @@ let
};
make-rules =
- with git // users;
+ with git // config.krebs.users;
repo:
singleton {
user = tv;
@@ -95,9 +88,4 @@ let
perm = fetch;
};
- make-user = name: pubkey-file: {
- inherit name;
- pubkey = readFile pubkey-file;
- };
-
in out
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index fe94e09..b8722d1 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -1,11 +1,43 @@
-_:
-
-{
- imports = [
- ./github-hosts-sync.nix
- ./git.nix
- ./nginx.nix
- ./retiolum.nix
- ./urlwatch.nix
- ];
-}
+{ config, lib, ... }:
+
+with import ../../4lib/krebs { inherit lib; };
+let
+ cfg = config.krebs;
+
+ out = {
+ imports = [
+ ./github-hosts-sync.nix
+ ./git.nix
+ ./nginx.nix
+ ./retiolum.nix
+ ./urlwatch.nix
+ ];
+ options.krebs = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ users = mkOption {
+ type = with types; attrsOf user;
+ default = addNames {
+ lass = {
+ pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+ };
+ makefu = {
+ pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
+ };
+ tv = {
+ pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+ };
+ uriel = {
+ pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
+ };
+ };
+ };
+ };
+
+ imp = {
+ };
+
+in
+out
diff --git a/3modules/krebs/git.nix b/3modules/krebs/git.nix
index 3c3e934..be6619b 100644
--- a/3modules/krebs/git.nix
+++ b/3modules/krebs/git.nix
@@ -6,8 +6,7 @@
# TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow)
-with builtins;
-with lib;
+with import ../../4lib/krebs { inherit lib; };
let
cfg = config.krebs.git;
@@ -119,9 +118,6 @@ let
rules = mkOption {
type = types.unspecified;
};
- users = mkOption {
- type = types.unspecified;
- };
};
git-imp = {
@@ -149,7 +145,8 @@ let
name = "git";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
- mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
+ mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
+ config.krebs.users;
uid = 129318403; # genid git
};
};
@@ -255,7 +252,7 @@ let
isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
- makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }:
+ makeAuthorizedKey = git-ssh-command: user@{ name, pubkey, ... }:
# TODO assert name
# TODO assert pubkey
let
diff --git a/4lib/krebs/default.nix b/4lib/krebs/default.nix
index 38c2a97..0c59076 100644
--- a/4lib/krebs/default.nix
+++ b/4lib/krebs/default.nix
@@ -1,6 +1,14 @@
{ lib, ... }:
-builtins // lib // {
+with builtins;
+with lib;
+
+builtins // lib // rec {
+
+ addName = name: set:
+ set // { inherit name; };
+
+ addNames = mapAttrs addName;
types = import ./types.nix { inherit lib; };
diff --git a/4lib/krebs/types.nix b/4lib/krebs/types.nix
index 9d02c77..ca92c69 100644
--- a/4lib/krebs/types.nix
+++ b/4lib/krebs/types.nix
@@ -81,6 +81,17 @@ types // rec {
merge = mergeOneOption;
};
+ user = submodule {
+ options = {
+ name = mkOption {
+ type = str; # TODO
+ };
+ pubkey = mkOption {
+ type = str;
+ };
+ };
+ };
+
# TODO
addr = str;
addr4 = str;
diff --git a/4lib/tv/default.nix b/4lib/tv/default.nix
index 267a858..16888c2 100644
--- a/4lib/tv/default.nix
+++ b/4lib/tv/default.nix
@@ -15,16 +15,9 @@ krebs // rec {
inherit pkgs;
};
- addName = name: set:
- set // { inherit name; };
-
- addNames = mapAttrs addName;
-
-
# "7.4.335" -> "74"
majmin = with lib; x : concatStrings (take 2 (splitString "." x));
-
concat = xs :
if xs == []
then ""