summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2015-07-19 16:04:28 +0200
committertv <tv@krebsco.de>2015-07-19 16:05:14 +0200
commite85e956620fb2ff77881b6bd11e856f196127a62 (patch)
treef7518266663d1b98e714865fd82d8d4ddb55fa5f
parent968e192062d9fef02c73eb2098800dff08cb0787 (diff)
3 tv.github-hosts-sync: init
-rw-r--r--3modules/tv/github-hosts-sync.nix83
1 files changed, 83 insertions, 0 deletions
diff --git a/3modules/tv/github-hosts-sync.nix b/3modules/tv/github-hosts-sync.nix
new file mode 100644
index 0000000..3da1064
--- /dev/null
+++ b/3modules/tv/github-hosts-sync.nix
@@ -0,0 +1,83 @@
+{ config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+let
+ cfg = config.tv.github-hosts-sync;
+
+ out = {
+ options.tv.github-hosts-sync = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "tv.github-hosts-sync";
+ port = mkOption {
+ type = types.int; # TODO port type
+ default = 1028;
+ };
+ dataDir = mkOption {
+ type = types.str; # TODO path (but not just into store)
+ default = "/var/lib/github-hosts-sync";
+ };
+ ssh-identity-file = mkOption {
+ type = types.str; # TODO must be named *.ssh.{id_rsa,id_ed25519}
+ default = "/root/src/secrets/github-hosts-sync.ssh.id_rsa";
+ };
+ };
+
+ imp = {
+ systemd.services.github-hosts-sync = {
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ port = toString cfg.port;
+ };
+ serviceConfig = {
+ PermissionsStartOnly = "true";
+ SyslogIdentifier = "github-hosts-sync";
+ User = user.name;
+ Restart = "always";
+ ExecStartPre = pkgs.writeScript "github-hosts-sync-init" ''
+ #! /bin/sh
+ set -euf
+
+ ssh_identity_file_target=$(
+ case ${cfg.ssh-identity-file} in
+ *.ssh.id_rsa|*.ssh.id_ed25519) echo ${cfg.dataDir}/.ssh/id_rsa;;
+ *.ssh.id_ed25519) echo ${cfg.dataDir}/.ssh/id_ed25519;;
+ *)
+ echo "bad identity file name: ${cfg.ssh-identity-file}" >&2
+ exit 1
+ esac
+ )
+
+ mkdir -p ${cfg.dataDir}
+ chown ${user.name}: ${cfg.dataDir}
+
+ install \
+ -o ${user.name} \
+ -m 0400 \
+ ${cfg.ssh-identity-file} \
+ "$ssh_identity_file_target"
+
+ ln -snf ${Zpkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts
+ '';
+ ExecStart = "${Zpkgs.github-hosts-sync}/bin/github-hosts-sync";
+ };
+ };
+
+ users.extraUsers = singleton {
+ inherit (user) name uid;
+ home = cfg.dataDir;
+ };
+ };
+
+ user = {
+ name = "github-hosts-sync";
+ uid = 3203842966; # genid github-hosts-sync
+ };
+
+ Zpkgs = import ../../Zpkgs/tv { inherit pkgs; };
+in
+out