summaryrefslogtreecommitdiffstats
path: root/tv
diff options
context:
space:
mode:
authorlassulus <lass@lassul.us>2017-06-20 16:05:27 +0200
committerlassulus <lass@lassul.us>2017-06-20 16:05:27 +0200
commitf0bcc6e1f147726cbbf8c3d8a9da503886d2321d (patch)
treebf8e0eabe03a8dcf9201c580ab1f4ecc4660b8b4 /tv
parentbda14221cf46003ecf76756a5db7422c70737c85 (diff)
parent57c6b890f9088bb333eeab215ecfeca9d09ce3ef (diff)
Merge remote-tracking branch 'ni/master' into HEAD
Diffstat (limited to 'tv')
-rw-r--r--tv/1systems/xu.nix14
-rw-r--r--tv/2configs/default.nix8
-rw-r--r--tv/2configs/gitrepos.nix23
-rw-r--r--tv/dummy_secrets/default.nix8
-rw-r--r--tv/dummy_secrets/repos.nix1
-rw-r--r--tv/dummy_secrets/ssh.id_ed255193
-rw-r--r--tv/dummy_secrets/ssh.id_rsa3
7 files changed, 37 insertions, 23 deletions
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index bfd59531a..3add01748 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -28,6 +28,7 @@ with import <stockholm/lib>;
# tv
bc
bind # dig
+ brain
cac-api
dic
file
@@ -35,6 +36,7 @@ with import <stockholm/lib>;
haskellPackages.hledger
htop
jq
+ krebszones
mkpasswd
netcat
netcup
@@ -47,18 +49,6 @@ with import <stockholm/lib>;
texlive.combined.scheme-full
tmux
- (pkgs.writeDashBin "krebszones" ''
- set -efu
- export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
- case $* in
- import)
- set -- import /etc/zones/krebsco.de krebsco.de
- echo "+ krebszones $*" >&2
- ;;
- esac
- exec ${pkgs.krebszones}/bin/ovh-zone "$@"
- '')
-
#ack
#apache-httpd
#ascii
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index b1d739ef3..4a1247ef5 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -9,12 +9,15 @@ with import <stockholm/lib>;
user = config.krebs.users.tv;
source = let inherit (config.krebs.build) host; in {
nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix";
- secrets.file = "/home/tv/secrets/${host.name}";
+ secrets.file =
+ if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/tv/dummy_secrets>
+ else "/home/tv/secrets/${host.name}";
secrets-common.file = "/home/tv/secrets/common";
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "99dfb6dce37edcd1db7cb85c2db97089d9d5f442"; # nixos-17.03
+ ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";
@@ -41,6 +44,7 @@ with import <stockholm/lib>;
gnumake
hashPassword
populate
+ whatsupnix
];
}
{
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 13b12986c..b6480f356 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -90,28 +90,33 @@ let {
{
brain = {
collaborators = with config.krebs.users; [ lass makefu ];
+ hooks.post-receive = irc-announce {
+ cgit_endpoint = null;
+ };
};
} //
# TODO don't put secrets/repos.nix into the store
import <secrets/repos.nix> { inherit config lib pkgs; }
);
+ irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate {
+ channel = "#retiolum";
+ # TODO make nick = config.krebs.build.host.name the default
+ nick = config.krebs.build.host.name;
+ server = "ni.r";
+ verbose = true;
+ } args);
+
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = optionalAttrs (config.krebs.build.host.name == "ni") {
- post-receive = pkgs.git-hooks.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#retiolum";
- server = "ni.r";
- verbose = true;
- };
+ post-receive = irc-announce {};
};
};
- make-restricted-repo = name: { collaborators ? [], ... }: {
- inherit collaborators name;
+ make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: {
+ inherit collaborators hooks name;
public = false;
};
diff --git a/tv/dummy_secrets/default.nix b/tv/dummy_secrets/default.nix
new file mode 100644
index 000000000..ab90db55c
--- /dev/null
+++ b/tv/dummy_secrets/default.nix
@@ -0,0 +1,8 @@
+{ config, ... }:
+{
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
+ ];
+ };
+}
diff --git a/tv/dummy_secrets/repos.nix b/tv/dummy_secrets/repos.nix
new file mode 100644
index 000000000..eed712458
--- /dev/null
+++ b/tv/dummy_secrets/repos.nix
@@ -0,0 +1 @@
+_: {}
diff --git a/tv/dummy_secrets/ssh.id_ed25519 b/tv/dummy_secrets/ssh.id_ed25519
new file mode 100644
index 000000000..a7d2adab4
--- /dev/null
+++ b/tv/dummy_secrets/ssh.id_ed25519
@@ -0,0 +1,3 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+dummy
+-----END OPENSSH PRIVATE KEY-----
diff --git a/tv/dummy_secrets/ssh.id_rsa b/tv/dummy_secrets/ssh.id_rsa
new file mode 100644
index 000000000..dd7209c2e
--- /dev/null
+++ b/tv/dummy_secrets/ssh.id_rsa
@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+dummy
+-----END RSA PRIVATE KEY-----