summaryrefslogtreecommitdiffstats
path: root/3modules/krebs
diff options
context:
space:
mode:
Diffstat (limited to '3modules/krebs')
-rw-r--r--3modules/krebs/default.nix54
-rw-r--r--3modules/krebs/git.nix11
2 files changed, 47 insertions, 18 deletions
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index fe94e09b3..b8722d18f 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -1,11 +1,43 @@
-_:
-
-{
- imports = [
- ./github-hosts-sync.nix
- ./git.nix
- ./nginx.nix
- ./retiolum.nix
- ./urlwatch.nix
- ];
-}
+{ config, lib, ... }:
+
+with import ../../4lib/krebs { inherit lib; };
+let
+ cfg = config.krebs;
+
+ out = {
+ imports = [
+ ./github-hosts-sync.nix
+ ./git.nix
+ ./nginx.nix
+ ./retiolum.nix
+ ./urlwatch.nix
+ ];
+ options.krebs = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ users = mkOption {
+ type = with types; attrsOf user;
+ default = addNames {
+ lass = {
+ pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+ };
+ makefu = {
+ pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
+ };
+ tv = {
+ pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+ };
+ uriel = {
+ pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
+ };
+ };
+ };
+ };
+
+ imp = {
+ };
+
+in
+out
diff --git a/3modules/krebs/git.nix b/3modules/krebs/git.nix
index 3c3e93426..be6619b4b 100644
--- a/3modules/krebs/git.nix
+++ b/3modules/krebs/git.nix
@@ -6,8 +6,7 @@
# TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow)
-with builtins;
-with lib;
+with import ../../4lib/krebs { inherit lib; };
let
cfg = config.krebs.git;
@@ -119,9 +118,6 @@ let
rules = mkOption {
type = types.unspecified;
};
- users = mkOption {
- type = types.unspecified;
- };
};
git-imp = {
@@ -149,7 +145,8 @@ let
name = "git";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
- mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
+ mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
+ config.krebs.users;
uid = 129318403; # genid git
};
};
@@ -255,7 +252,7 @@ let
isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
- makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }:
+ makeAuthorizedKey = git-ssh-command: user@{ name, pubkey, ... }:
# TODO assert name
# TODO assert pubkey
let