diff options
-rw-r--r-- | 1systems/tv/cd.nix | 6 | ||||
-rw-r--r-- | 1systems/tv/mkdir.nix | 6 | ||||
-rw-r--r-- | 1systems/tv/nomic.nix | 6 | ||||
-rw-r--r-- | 1systems/tv/rmdir.nix | 6 | ||||
-rw-r--r-- | 1systems/tv/wu.nix | 7 | ||||
-rw-r--r-- | 2configs/tv/charybdis.nix | 8 | ||||
-rw-r--r-- | 2configs/tv/consul-server.nix | 2 | ||||
-rw-r--r-- | 2configs/tv/git.nix | 8 | ||||
-rw-r--r-- | 2configs/tv/identity.nix | 8 | ||||
-rw-r--r-- | 3modules/krebs/default.nix | 72 | ||||
-rw-r--r-- | 3modules/tv/default.nix | 1 | ||||
-rw-r--r-- | 3modules/tv/identity.nix | 77 | ||||
-rw-r--r-- | Zpkgs/krebs/default.nix | 3 | ||||
-rw-r--r-- | Zpkgs/krebs/dic.nix (renamed from Zpkgs/tv/dic.nix) | 0 | ||||
-rw-r--r-- | Zpkgs/krebs/genid.nix (renamed from Zpkgs/tv/genid.nix) | 0 | ||||
-rw-r--r-- | Zpkgs/krebs/hashPassword.nix | 16 | ||||
-rw-r--r-- | Zpkgs/tv/default.nix | 6 |
17 files changed, 113 insertions, 119 deletions
diff --git a/1systems/tv/cd.nix b/1systems/tv/cd.nix index c0c41e96c..4b8c40f35 100644 --- a/1systems/tv/cd.nix +++ b/1systems/tv/cd.nix @@ -7,6 +7,8 @@ let in { + krebs.build.host = config.krebs.hosts.cd; + imports = [ ../../2configs/tv/CAC-Developer-2.nix ../../2configs/tv/CAC-CentOS-7-64bit.nix @@ -33,10 +35,6 @@ in singleton config.krebs.github-hosts-sync.port; } { - imports = [ ../../2configs/tv/identity.nix ]; - tv.identity.self = config.krebs.hosts.cd; - } - { tv.iptables = { enable = true; input-internet-accept-new-tcp = [ diff --git a/1systems/tv/mkdir.nix b/1systems/tv/mkdir.nix index 113fc9596..938f50118 100644 --- a/1systems/tv/mkdir.nix +++ b/1systems/tv/mkdir.nix @@ -3,6 +3,8 @@ with lib; { + krebs.build.host = config.krebs.hosts.mkdir; + imports = [ ../../2configs/tv/CAC-Developer-1.nix ../../2configs/tv/CAC-CentOS-7-64bit.nix @@ -11,10 +13,6 @@ with lib; ../../2configs/tv/exim-smarthost.nix ../../2configs/tv/git.nix { - imports = [ ../../2configs/tv/identity.nix ]; - tv.identity.self = config.krebs.hosts.mkdir; - } - { tv.iptables = { enable = true; input-internet-accept-new-tcp = [ diff --git a/1systems/tv/nomic.nix b/1systems/tv/nomic.nix index fc58c1698..1f7f6b188 100644 --- a/1systems/tv/nomic.nix +++ b/1systems/tv/nomic.nix @@ -3,6 +3,8 @@ with lib; { + krebs.build.host = config.krebs.hosts.nomic; + imports = [ ../../2configs/tv/AO753.nix ../../2configs/tv/base.nix @@ -10,10 +12,6 @@ with lib; ../../2configs/tv/exim-retiolum.nix ../../2configs/tv/git.nix { - imports = [ ../../2configs/tv/identity.nix ]; - tv.identity.self = config.krebs.hosts.nomic; - } - { tv.iptables = { enable = true; input-internet-accept-new-tcp = [ diff --git a/1systems/tv/rmdir.nix b/1systems/tv/rmdir.nix index 15d624d1c..45e9997e4 100644 --- a/1systems/tv/rmdir.nix +++ b/1systems/tv/rmdir.nix @@ -3,6 +3,8 @@ with lib; { + krebs.build.host = config.krebs.hosts.rmdir; + imports = [ ../../2configs/tv/CAC-Developer-1.nix ../../2configs/tv/CAC-CentOS-7-64bit.nix @@ -11,10 +13,6 @@ with lib; ../../2configs/tv/exim-smarthost.nix ../../2configs/tv/git.nix { - imports = [ ../../2configs/tv/identity.nix ]; - tv.identity.self = config.krebs.hosts.rmdir; - } - { tv.iptables = { enable = true; input-internet-accept-new-tcp = [ diff --git a/1systems/tv/wu.nix b/1systems/tv/wu.nix index 4a74d552f..0b2dab9df 100644 --- a/1systems/tv/wu.nix +++ b/1systems/tv/wu.nix @@ -7,6 +7,8 @@ let in { + krebs.build.host = config.krebs.hosts.wu; + imports = [ ../../2configs/tv/w110er.nix ../../2configs/tv/base.nix @@ -17,10 +19,6 @@ in ../../2configs/tv/xserver.nix ../../2configs/tv/synaptics.nix # TODO w110er if xserver is enabled { - imports = [ ../../2configs/tv/identity.nix ]; - tv.identity.self = config.krebs.hosts.wu; - } - { environment.systemPackages = with pkgs; [ # stockholm @@ -28,6 +26,7 @@ in gnumake parallel Zpkgs.genid + Zpkgs.hashPassword Zpkgs.lentil # root diff --git a/2configs/tv/charybdis.nix b/2configs/tv/charybdis.nix index a45c7aebe..265f85132 100644 --- a/2configs/tv/charybdis.nix +++ b/2configs/tv/charybdis.nix @@ -123,7 +123,7 @@ let #loadmodule "extensions/ip_cloaking.so"; serverinfo { - name = ${toJSON (head config.tv.identity.self.nets.retiolum.aliases)}; + name = ${toJSON (head config.krebs.build.host.nets.retiolum.aliases)}; sid = "4z3"; description = "miep!"; network_name = "irc.retiolum"; @@ -133,9 +133,9 @@ let /* On multi-homed hosts you may need the following. These define * the addresses we connect from to other servers. */ /* for IPv4 */ - vhost = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs4}; + vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4}; /* for IPv6 */ - vhost6 = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs6}; + vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6}; /* ssl_private_key: our ssl private key */ ssl_private_key = "/tmp/ssl.key"; @@ -240,7 +240,7 @@ let */ # XXX This is stupid because only one host is allowed[?] #host = ''${concatMapStringsSep ", " toJSON ( - # config.tv.identity.self.nets.retiolum.addrs + # config.krebs.build.host.nets.retiolum.addrs #)}; port = 6667; sslport = 6697; diff --git a/2configs/tv/consul-server.nix b/2configs/tv/consul-server.nix index 63dabdc2a..d10f9ea75 100644 --- a/2configs/tv/consul-server.nix +++ b/2configs/tv/consul-server.nix @@ -4,7 +4,7 @@ tv.consul = rec { enable = true; - inherit (config.tv.identity) self; + self = config.krebs.build.host; inherit (self) dc; server = true; diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix index b7f9983a1..f884ea464 100644 --- a/2configs/tv/git.nix +++ b/2configs/tv/git.nix @@ -6,7 +6,7 @@ let out = { krebs.git = { enable = true; - root-title = "public repositories at ${config.tv.identity.self.name}"; + root-title = "public repositories at ${config.krebs.build.host.name}"; root-desc = "keep calm and engage"; inherit repos rules; }; @@ -14,7 +14,7 @@ let repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( public-repos // - optionalAttrs config.tv.identity.self.secure restricted-repos + optionalAttrs config.krebs.build.host.secure restricted-repos ); rules = concatMap make-rules (attrValues repos); @@ -55,8 +55,8 @@ let public = true; hooks = { post-receive = git.irc-announce { - # TODO make nick = config.tv.identity.self.name the default - nick = config.tv.identity.self.name; + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; channel = "#retiolum"; server = "cd.retiolum"; }; diff --git a/2configs/tv/identity.nix b/2configs/tv/identity.nix deleted file mode 100644 index 481ac72a6..000000000 --- a/2configs/tv/identity.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, ... }: - -{ - tv.identity = { - enable = true; - search = "retiolum"; - }; -} diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index 999e68da2..601ecf017 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -19,6 +19,21 @@ let api = { enable = mkEnableOption "krebs"; + build = mkOption { + type = types.submodule { + options = { + host = mkOption { + type = types.host; + }; + user = mkOption { + type = types.user; + }; + }; + }; + # Define defaul value, so unset values of the submodule get reported. + default = {}; + }; + hosts = mkOption { type = with types; attrsOf host; }; @@ -26,12 +41,69 @@ let users = mkOption { type = with types; attrsOf user; }; + + # XXX is there a better place to define search-domain? + # TODO search-domains :: listOf hostname + search-domain = mkOption { + type = types.hostname; + default = ""; + example = "retiolum"; + }; }; imp = mkMerge [ { krebs = lass-imp; } { krebs = makefu-imp; } { krebs = tv-imp; } + { + # XXX This overlaps with krebs.retiolum + networking.extraHosts = + let + # TODO move domain name providers to a dedicated module + # providers : tree label providername + providers = { + internet = "hosts"; + retiolum = "hosts"; + de.viljetic = "regfish"; + de.krebsco = "ovh"; + }; + + # splitByProvider : [alias] -> set providername [alias] + splitByProvider = foldl (acc: alias: insert (providerOf alias) alias acc) {}; + + # providerOf : alias -> providername + providerOf = alias: + tree-get (splitString "." alias) providers; + + # insert : k -> v -> set k [v] -> set k [v] + insert = name: value: set: + set // { ${name} = set.${name} or [] ++ [value]; }; + + # tree k v = set k (either v (tree k v)) + + # tree-get : [k] -> tree k v -> v + tree-get = path: x: + let + y = x.${last path}; + in + if typeOf y != "set" + then y + else tree-get (init path) y; + in + concatStringsSep "\n" (flatten ( + # TODO deepMap ["hosts" "nets"] (hostname: host: netname: net: + mapAttrsToList (hostname: host: + mapAttrsToList (netname: net: + let + aliases = toString (unique (longs ++ shorts)); + longs = (splitByProvider net.aliases).hosts; + shorts = map (removeSuffix ".${cfg.search-domain}") longs; + in + map (addr: "${addr} ${aliases}") net.addrs + ) host.nets + ) config.krebs.hosts + )); + } ]; lass-imp = { diff --git a/3modules/tv/default.nix b/3modules/tv/default.nix index e267d0b9f..bb10d8261 100644 --- a/3modules/tv/default.nix +++ b/3modules/tv/default.nix @@ -4,7 +4,6 @@ _: imports = [ ./consul.nix ./ejabberd.nix - ./identity.nix ./iptables.nix ]; } diff --git a/3modules/tv/identity.nix b/3modules/tv/identity.nix deleted file mode 100644 index 9de432203..000000000 --- a/3modules/tv/identity.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ../../4lib/tv { inherit lib pkgs; }; -let - cfg = config.tv.identity; - - out = { - options.tv.identity = api; - config = mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "tv.identity"; - - self = mkOption { - type = types.host; - }; - - #others = mkOption { - # type = types.host; - # default = filterAttrs (name: _host: name != cfg.self.name) cfg.hosts; - #}; - - search = mkOption { - type = types.hostname; - }; - }; - - imp = { - networking.extraHosts = - concatStringsSep "\n" (flatten ( - # TODO deepMap ["hosts" "nets"] (hostname: host: netname: net: - mapAttrsToList (hostname: host: - mapAttrsToList (netname: net: - let - aliases = toString (unique (longs ++ shorts)); - longs = (splitByProvider net.aliases).hosts; - shorts = map (removeSuffix ".${cfg.search}") longs; - in - map (addr: "${addr} ${aliases}") net.addrs - ) host.nets - ) config.krebs.hosts - )); - }; - - # TODO move domain name providers to a dedicated module - # providers : tree label providername - providers = { - internet = "hosts"; - retiolum = "hosts"; - de.viljetic = "regfish"; - de.krebsco = "ovh"; - }; - - # splitByProvider : [alias] -> set providername [alias] - splitByProvider = foldl (acc: alias: insert (providerOf alias) alias acc) {}; - - # providerOf : alias -> providername - providerOf = alias: - tree-get (splitString "." alias) providers; - - # insert : k -> v -> set k [v] -> set k [v] - insert = name: value: set: - set // { ${name} = set.${name} or [] ++ [value]; }; - - # tree k v = set k (either v (tree k v)) - - # tree-get : [k] -> tree k v -> v - tree-get = path: x: - let - y = x.${last path}; - in - if typeOf y != "set" - then y - else tree-get (init path) y; -in -out diff --git a/Zpkgs/krebs/default.nix b/Zpkgs/krebs/default.nix index be8f72011..231fda797 100644 --- a/Zpkgs/krebs/default.nix +++ b/Zpkgs/krebs/default.nix @@ -6,6 +6,9 @@ in pkgs // { + dic = callPackage ./dic.nix {}; + genid = callPackage ./genid.nix {}; github-hosts-sync = callPackage ./github-hosts-sync.nix {}; github-known_hosts = callPackage ./github-known_hosts.nix {}; + hashPassword = callPackage ./hashPassword.nix {}; } diff --git a/Zpkgs/tv/dic.nix b/Zpkgs/krebs/dic.nix index 571773d22..571773d22 100644 --- a/Zpkgs/tv/dic.nix +++ b/Zpkgs/krebs/dic.nix diff --git a/Zpkgs/tv/genid.nix b/Zpkgs/krebs/genid.nix index c75bec317..c75bec317 100644 --- a/Zpkgs/tv/genid.nix +++ b/Zpkgs/krebs/genid.nix diff --git a/Zpkgs/krebs/hashPassword.nix b/Zpkgs/krebs/hashPassword.nix new file mode 100644 index 000000000..a10340cc4 --- /dev/null +++ b/Zpkgs/krebs/hashPassword.nix @@ -0,0 +1,16 @@ +{ lib, pkgs, ... }: + +pkgs.writeScriptBin "hashPassword" '' + #! /bin/sh + # usage: hashPassword + set -euf + + export PATH=${lib.makeSearchPath "bin" (with pkgs; [ + coreutils + mkpasswd + openssl + ])} + + salt=$(openssl rand -base64 16 | tr -d '+=' | head -c 16) + exec mkpasswd -m sha-512 -S "$salt" +'' diff --git a/Zpkgs/tv/default.nix b/Zpkgs/tv/default.nix index e3e12bd18..50625f868 100644 --- a/Zpkgs/tv/default.nix +++ b/Zpkgs/tv/default.nix @@ -2,13 +2,11 @@ let inherit (pkgs) callPackage; + krebs = import ../../Zpkgs/krebs { inherit pkgs; }; in -pkgs // -{ +krebs // { charybdis = callPackage ./charybdis {}; - dic = callPackage ./dic.nix {}; - genid = callPackage ./genid.nix {}; lentil = callPackage ./lentil {}; much = callPackage ./much.nix {}; viljetic-pages = callPackage ./viljetic-pages {}; |