summaryrefslogtreecommitdiffstats
path: root/old/modules/common
diff options
context:
space:
mode:
Diffstat (limited to 'old/modules/common')
-rw-r--r--old/modules/common/krebs-keys.nix18
-rw-r--r--old/modules/common/krebs-repos.nix36
-rw-r--r--old/modules/common/nixpkgs.nix25
-rw-r--r--old/modules/common/sshkeys.nix26
4 files changed, 105 insertions, 0 deletions
diff --git a/old/modules/common/krebs-keys.nix b/old/modules/common/krebs-keys.nix
new file mode 100644
index 0000000..5e34933
--- /dev/null
+++ b/old/modules/common/krebs-keys.nix
@@ -0,0 +1,18 @@
+# alle public keys der krebsminister fuer R in krebs repos
+{ config, ... }:
+
+let
+ inherit (builtins) readFile;
+in
+
+with import ../lass/sshkeys.nix {
+ config.sshKeys.lass.pub = config.sshKeys.lass.pub;
+ config.sshKeys.uriel.pub = config.sshKeys.uriel.pub;
+ };
+{
+ imports = [
+ ./sshkeys.nix
+ ];
+
+ config.sshKeys.tv.pub = readFile <pubkeys/tv_wu.ssh.pub>;
+}
diff --git a/old/modules/common/krebs-repos.nix b/old/modules/common/krebs-repos.nix
new file mode 100644
index 0000000..86f3731
--- /dev/null
+++ b/old/modules/common/krebs-repos.nix
@@ -0,0 +1,36 @@
+{ lib, ... }:
+
+let
+ inherit (lib) mkDefault;
+
+ mkSecureRepo = name:
+ { inherit name;
+ value = {
+ users = {
+ lass = mkDefault "R";
+ tv = mkDefault "R";
+ makefu = mkDefault "R";
+ };
+ };
+ };
+
+ mkRepo = name:
+ { inherit name;
+ value = {
+ users = {
+ lass = mkDefault "R";
+ tv = mkDefault "R";
+ makefu = mkDefault "R";
+ };
+ };
+ };
+
+in {
+ services.gitolite.repos =
+ (lib.listToAttrs (map mkSecureRepo [ "brain" ])) //
+ (lib.listToAttrs (map mkRepo [
+ "painload"
+ "services"
+ "hosts"
+ ]));
+}
diff --git a/old/modules/common/nixpkgs.nix b/old/modules/common/nixpkgs.nix
new file mode 100644
index 0000000..486cf02
--- /dev/null
+++ b/old/modules/common/nixpkgs.nix
@@ -0,0 +1,25 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ options = {
+ nixpkgs.url = mkOption {
+ type = types.str;
+ description = "URL of the nixpkgs repository.";
+ };
+ nixpkgs.rev = mkOption {
+ type = types.str;
+ default = "origin/master";
+ description = "Revision of the remote repository.";
+ };
+ nixpkgs.dirty = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ If nixpkgs.url is a local path, then use that as it is.
+ TODO this break if URL is not a local path.
+ '';
+ };
+ };
+}
diff --git a/old/modules/common/sshkeys.nix b/old/modules/common/sshkeys.nix
new file mode 100644
index 0000000..5f1c606
--- /dev/null
+++ b/old/modules/common/sshkeys.nix
@@ -0,0 +1,26 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ options = {
+ sshKeys = mkOption {
+ type = types.attrsOf (types.submodule (
+ { config, ... }:
+ {
+ options = {
+ pub = mkOption {
+ type = types.str;
+ description = "Public part of the ssh key.";
+ };
+
+ priv = mkOption {
+ type = types.str;
+ description = "Private part of the ssh key.";
+ };
+ };
+ }));
+ description = "collection of ssh-keys";
+ };
+ };
+}