diff options
| author | makefu <github@syntax-fehler.de> | 2018-09-08 18:53:49 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2018-09-08 18:53:49 +0200 |
| commit | be93f44a4c043f3b5177ee4fb971956677ae30ea (patch) | |
| tree | 71006153c7a728490bfd03c291549063381835b0 | |
| parent | 932ce82229626eb82c01c92a1c9ae5a161dc7970 (diff) | |
| parent | af9935950e251c1c61139ac85080805ba29632b4 (diff) | |
Merge remote-tracking branch 'lass/master'
| -rw-r--r-- | jeschli/1systems/brauerei/config.nix | 1 | ||||
| -rw-r--r-- | jeschli/1systems/enklave/config.nix | 1 | ||||
| -rw-r--r-- | jeschli/2configs/git.nix | 73 | ||||
| -rw-r--r-- | jeschli/2configs/retiolum.nix | 2 | ||||
| -rw-r--r-- | jeschli/2configs/steam.nix | 12 | ||||
| -rw-r--r-- | jeschli/krops.nix | 40 | ||||
| -rw-r--r-- | nin/krops.nix | 40 | ||||
| -rw-r--r-- | tv/2configs/gitrepos.nix | 27 |
8 files changed, 190 insertions, 6 deletions
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index e200cbc..4cd544a 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -8,6 +8,7 @@ <stockholm/jeschli/2configs/emacs.nix> <stockholm/jeschli/2configs/xdg.nix> <stockholm/jeschli/2configs/xserver> + <stockholm/jeschli/2configs/steam.nix> <stockholm/jeschli/2configs/virtualbox.nix> ]; diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix index 470566a..cadec3c 100644 --- a/jeschli/1systems/enklave/config.nix +++ b/jeschli/1systems/enklave/config.nix @@ -5,6 +5,7 @@ <stockholm/jeschli> <stockholm/jeschli/2configs/retiolum.nix> <stockholm/jeschli/2configs/IM.nix> + <stockholm/jeschli/2configs/git.nix> <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix> { networking.dhcpcd.allowInterfaces = [ diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix new file mode 100644 index 0000000..77602e0 --- /dev/null +++ b/jeschli/2configs/git.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + + out = { + services.nginx.enable = true; + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + enable = true; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "Bonbon aus Git - die ganze Nacht"; + }; + krebs-page = { + cgit.desc = "Die Krebs Page"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.krebs.build.host.name; + channel = "#xxx"; + server = "irc.r"; + verbose = true; + branches = [ "master" ]; + }; + }; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ jeschli jeschli-brauerei]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix index b611cbe..f226096 100644 --- a/jeschli/2configs/retiolum.nix +++ b/jeschli/2configs/retiolum.nix @@ -17,7 +17,7 @@ tinc = pkgs.tinc_pre; }; - networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 80 655 ]; networking.firewall.allowedUDPPorts = [ 655 ]; environment.systemPackages = [ diff --git a/jeschli/2configs/steam.nix b/jeschli/2configs/steam.nix new file mode 100644 index 0000000..06a068a --- /dev/null +++ b/jeschli/2configs/steam.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: + +{ + + nixpkgs.config.steam.java = true; + environment.systemPackages = with pkgs; [ + steam + ]; + hardware.opengl.driSupport32Bit = true; + + #ports for inhome streaming +} diff --git a/jeschli/krops.nix b/jeschli/krops.nix new file mode 100644 index 0000000..e55f207 --- /dev/null +++ b/jeschli/krops.nix @@ -0,0 +1,40 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./2configs/tests/dummy-secrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; + }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; +} diff --git a/nin/krops.nix b/nin/krops.nix new file mode 100644 index 0000000..2ba8964 --- /dev/null +++ b/nin/krops.nix @@ -0,0 +1,40 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./0tests/dummysecrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; + }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; +} diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 0687503..74fb521 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -18,6 +18,10 @@ let { }; }; + cgit-clear-cache = pkgs.cgit-clear-cache.override { + inherit (config.krebs.git.cgit.settings) cache-root; + }; + repos = public-repos // optionalAttrs config.krebs.build.host.secure restricted-repos; @@ -97,8 +101,11 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; - hooks.post-receive = irc-announce { - cgit_endpoint = null; + hooks = { + post-receive = /* sh */ '' + (${irc-announce { cgit_endpoint = null; }}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; }; }; } // @@ -117,14 +124,24 @@ let { make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; - hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = irc-announce {}; + hooks = { + post-receive = /* sh */ '' + (${optionalString (config.krebs.build.host.name == "ni") + (irc-announce {})}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; }; }; make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { - inherit collaborators hooks name; + inherit collaborators name; public = false; + hooks = hooks // { + post-receive = /* sh */ '' + (${hooks.post-receive or ""}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; + }; }; make-rules = |