summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/backup.nix16
-rw-r--r--krebs/3modules/fetchWallpaper.nix1
-rw-r--r--krebs/3modules/git.nix3
-rw-r--r--krebs/3modules/krebs/default.nix12
4 files changed, 30 insertions, 2 deletions
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index bfb0ab591..6f015d66b 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -54,6 +54,12 @@ let
};
});
};
+ timerConfig = mkOption {
+ type = with types; attrsOf str;
+ default = optionalAttrs (config.startAt != null) {
+ OnCalendar = config.startAt;
+ };
+ };
};
}));
};
@@ -82,11 +88,19 @@ let
SyslogIdentifier = ExecStart.name;
Type = "oneshot";
};
- startAt = mkIf (plan.startAt != null) plan.startAt;
}) (filter (plan: build-host-is "pull" "dst" plan ||
build-host-is "push" "src" plan)
enabled-plans));
+ systemd.timers =
+ listToAttrs (map (plan: nameValuePair "backup.${plan.name}" {
+ wantedBy = [ "timers.target" ];
+ timerConfig = plan.timerConfig;
+ }) (filter (plan: plan.timerConfig != {} && (
+ build-host-is "pull" "dst" plan ||
+ build-host-is "push" "src" plan))
+ enabled-plans));
+
users.groups.backup.gid = genid "backup";
users.users.root.openssh.authorizedKeys.keys =
map (plan: getAttr plan.method {
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index e00c0ec9b..cdb9fe70a 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -49,6 +49,7 @@ let
set -euf
mkdir -p ${cfg.stateDir}
+ chmod o+rx ${cfg.stateDir}
cd ${cfg.stateDir}
(curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || :
feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 884108ebb..93211d9d4 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -569,7 +569,8 @@ let
if ! test -d "$repodir"; then
mkdir -m "$mode" "$repodir"
git init --bare --template=/var/empty "$repodir"
- chown -R git:nogroup "$repodir"
+ # TODO fix correctly with stringAfter
+ chown -R ${toString config.users.users.git.uid}:nogroup "$repodir"
fi
ln -s ${hooks} "$repodir/hooks"
''
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index f11b8ef48..f751b4f9f 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -38,6 +38,8 @@ in {
ip6.addr = "42:0:0:0:0:0:77:2";
aliases = [
"puyak.r"
+ "build.puyak.r"
+ "cgit.puyak.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -94,5 +96,15 @@ in {
krebs = {
pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary
};
+ puyak-repo-sync = {
+ name = "puyak-repo-sync";
+ mail = "spam@krebsco.de";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+18mG/cV1YbR9PXzuu3ScyV9kENy08OXUntpmgh9H2";
+ };
+ wolf-repo-sync = {
+ name = "wolf-repo-sync";
+ mail = "spam@krebsco.de";
+ pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf'';
+ };
};
}