diff options
Diffstat (limited to 'krebs/3modules')
| -rw-r--r-- | krebs/3modules/bepasty-server.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/brockman.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/buildbot/master.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/buildbot/slave.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/ergo.nix | 136 | ||||
| -rw-r--r-- | krebs/3modules/external/default.nix | 26 | ||||
| -rw-r--r-- | krebs/3modules/fetchWallpaper.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/github-hosts-sync.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/jeschli/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/realwallpaper.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/tinc_graphs.nix | 1 |
12 files changed, 172 insertions, 1 deletions
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index ffa9a29e9..051646b63 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -146,6 +146,7 @@ let uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; + isSystemUser = true; }; users.extraGroups.bepasty = { gid = genid_uint31 "bepasty"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 9b2ed4a71..7a78880ea 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -12,7 +12,7 @@ in { users.extraUsers.brockman = { home = "/var/lib/brockman"; createHome = true; - isNormalUser = false; + isSystemUser = true; uid = genid_uint31 "brockman"; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 8995753ac..a845bb281 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -322,6 +322,7 @@ let description = "Buildbot Master"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotMaster = { diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index c15169fba..d877b9911 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -131,6 +131,7 @@ let description = "Buildbot Slave"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotSlave = { diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e75afad1d..8866e91ae 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./ci.nix ./current.nix ./dns.nix + ./ergo.nix ./exim.nix ./exim-retiolum.nix ./exim-smarthost.nix diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix new file mode 100644 index 000000000..14f85c4d7 --- /dev/null +++ b/krebs/3modules/ergo.nix @@ -0,0 +1,136 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkIf mkOption types; + inherit (pkgs) coreutils ergo; + cfg = config.krebs.ergo; + + configFile = pkgs.writeText "ergo.conf" (builtins.toJSON cfg.config); +in + +{ + + ###### interface + + options = { + + krebs.ergo = { + + enable = mkEnableOption "Ergo IRC daemon"; + + config = mkOption { + type = (pkgs.formats.json {}).type; + description = '' + Ergo IRC daemon configuration file. + ''; + default = { + network = { + name = "krebstest"; + }; + server = { + name = "${config.networking.hostName}.r"; + listeners = { + ":6667" = {}; + }; + casemapping = "permissive"; + enforce-utf = true; + lookup-hostnames = false; + ip-cloaking = { + enabled = false; + }; + forward-confirm-hostnames = false; + check-ident = false; + relaymsg = { + enabled = false; + }; + max-sendq = "1M"; + ip-limits = { + count = false; + throttle = false; + }; + }; + datastore = { + path = "${cfg.statedir}/ircd.db"; + }; + accounts = { + authentication-enabled = true; + registration = { + enabled = true; + email-verification = { + enabled = false; + }; + }; + }; + channels = { + default-modes = "+nt"; + }; + limits = { + nicklen = 32; + identlen = 20; + channellen = 64; + awaylen = 390; + kicklen = 390; + topiclen = 390; + }; + }; + }; + + statedir = mkOption { + type = types.path; + default = "/var/lib/ergo"; + description = '' + Location of the state directory of ergo. + ''; + }; + + user = mkOption { + type = types.str; + default = "ergo"; + description = '' + Ergo IRC daemon user. + ''; + }; + + group = mkOption { + type = types.str; + default = "ergo"; + description = '' + Ergo IRC daemon group. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable ({ + users.users.${cfg.user} = { + description = "Ergo IRC daemon user"; + uid = config.ids.uids.ircd; + group = cfg.group; + }; + + users.groups.${cfg.group} = { + gid = config.ids.gids.ircd; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.ergo = { + description = "Ergo IRC daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStartPre = "${ergo}/bin/ergo initdb --conf ${configFile}"; + ExecStart = "${ergo}/bin/ergo run --conf ${configFile}"; + Group = cfg.group; + User = cfg.user; + }; + }; + + }); +} diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 123bbac47..31cd9e2c3 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -589,6 +589,32 @@ in { }; }; }; + nxnv = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.127"; + aliases = [ + "nxnv.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB + ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt + NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp + wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt + 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT + eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy + S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/ + 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN + ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW + 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila + jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e89b86e32..852c8f630 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -57,6 +57,7 @@ let description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; + isSystemUser = true; }; systemd.timers.fetchWallpaper = { diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 7d618ebfd..d385ec355 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -65,6 +65,7 @@ let users.users.${user.name} = { inherit (user) uid; home = cfg.dataDir; + isSystemUser = true; }; }; diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 390f7585f..41743612a 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -49,6 +49,7 @@ in { }; }; enklave = { + ci = false; nets = rec { internet = { ip4.addr = "88.198.164.182"; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 86b74a8ca..76f333963 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -60,6 +60,7 @@ let uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; + isSystemUser = true; }; }; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 33a24871f..19cce8aa4 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -127,6 +127,7 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; + isSystemUser = true; }; services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; |