diff options
author | lassulus <lass@lassul.us> | 2017-06-20 16:05:27 +0200 |
---|---|---|
committer | lassulus <lass@lassul.us> | 2017-06-20 16:05:27 +0200 |
commit | f0bcc6e1f147726cbbf8c3d8a9da503886d2321d (patch) | |
tree | bf8e0eabe03a8dcf9201c580ab1f4ecc4660b8b4 /tv | |
parent | bda14221cf46003ecf76756a5db7422c70737c85 (diff) | |
parent | 57c6b890f9088bb333eeab215ecfeca9d09ce3ef (diff) |
Merge remote-tracking branch 'ni/master' into HEAD
Diffstat (limited to 'tv')
-rw-r--r-- | tv/1systems/xu.nix | 14 | ||||
-rw-r--r-- | tv/2configs/default.nix | 8 | ||||
-rw-r--r-- | tv/2configs/gitrepos.nix | 23 | ||||
-rw-r--r-- | tv/dummy_secrets/default.nix | 8 | ||||
-rw-r--r-- | tv/dummy_secrets/repos.nix | 1 | ||||
-rw-r--r-- | tv/dummy_secrets/ssh.id_ed25519 | 3 | ||||
-rw-r--r-- | tv/dummy_secrets/ssh.id_rsa | 3 |
7 files changed, 37 insertions, 23 deletions
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index bfd59531a..3add01748 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -28,6 +28,7 @@ with import <stockholm/lib>; # tv bc bind # dig + brain cac-api dic file @@ -35,6 +36,7 @@ with import <stockholm/lib>; haskellPackages.hledger htop jq + krebszones mkpasswd netcat netcup @@ -47,18 +49,6 @@ with import <stockholm/lib>; texlive.combined.scheme-full tmux - (pkgs.writeDashBin "krebszones" '' - set -efu - export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf - case $* in - import) - set -- import /etc/zones/krebsco.de krebsco.de - echo "+ krebszones $*" >&2 - ;; - esac - exec ${pkgs.krebszones}/bin/ovh-zone "$@" - '') - #ack #apache-httpd #ascii diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b1d739ef3..4a1247ef5 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -9,12 +9,15 @@ with import <stockholm/lib>; user = config.krebs.users.tv; source = let inherit (config.krebs.build) host; in { nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = "/home/tv/secrets/${host.name}"; + secrets.file = + if getEnv "dummy_secrets" == "true" + then toString <stockholm/tv/dummy_secrets> + else "/home/tv/secrets/${host.name}"; secrets-common.file = "/home/tv/secrets/common"; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "99dfb6dce37edcd1db7cb85c2db97089d9d5f442"; # nixos-17.03 + ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; @@ -41,6 +44,7 @@ with import <stockholm/lib>; gnumake hashPassword populate + whatsupnix ]; } { diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 13b12986c..b6480f356 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -90,28 +90,33 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; + hooks.post-receive = irc-announce { + cgit_endpoint = null; + }; }; } // # TODO don't put secrets/repos.nix into the store import <secrets/repos.nix> { inherit config lib pkgs; } ); + irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate { + channel = "#retiolum"; + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + server = "ni.r"; + verbose = true; + } args); + make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; - verbose = true; - }; + post-receive = irc-announce {}; }; }; - make-restricted-repo = name: { collaborators ? [], ... }: { - inherit collaborators name; + make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { + inherit collaborators hooks name; public = false; }; diff --git a/tv/dummy_secrets/default.nix b/tv/dummy_secrets/default.nix new file mode 100644 index 000000000..ab90db55c --- /dev/null +++ b/tv/dummy_secrets/default.nix @@ -0,0 +1,8 @@ +{ config, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; +} diff --git a/tv/dummy_secrets/repos.nix b/tv/dummy_secrets/repos.nix new file mode 100644 index 000000000..eed712458 --- /dev/null +++ b/tv/dummy_secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/tv/dummy_secrets/ssh.id_ed25519 b/tv/dummy_secrets/ssh.id_ed25519 new file mode 100644 index 000000000..a7d2adab4 --- /dev/null +++ b/tv/dummy_secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +dummy +-----END OPENSSH PRIVATE KEY----- diff --git a/tv/dummy_secrets/ssh.id_rsa b/tv/dummy_secrets/ssh.id_rsa new file mode 100644 index 000000000..dd7209c2e --- /dev/null +++ b/tv/dummy_secrets/ssh.id_rsa @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +dummy +-----END RSA PRIVATE KEY----- |