diff options
Diffstat (limited to 'old/modules/uriel')
-rw-r--r-- | old/modules/uriel/default.nix | 10 | ||||
-rw-r--r-- | old/modules/uriel/git.nix | 130 | ||||
-rw-r--r-- | old/modules/uriel/retiolum.nix | 31 |
3 files changed, 168 insertions, 3 deletions
diff --git a/old/modules/uriel/default.nix b/old/modules/uriel/default.nix index 7f2b9032b..eb0f3e906 100644 --- a/old/modules/uriel/default.nix +++ b/old/modules/uriel/default.nix @@ -3,8 +3,7 @@ { imports = [ ../lass/desktop-base.nix - ../lass/retiolum-uriel.nix - ../lass/xserver-lass.nix + ./retiolum.nix ../lass/browsers.nix ../lass/programs.nix ../lass/games.nix @@ -18,11 +17,12 @@ ../lass/bird.nix ./repos.nix ../lass/chromium-patched.nix + ./git.nix ]; nixpkgs = { url = "https://github.com/Lassulus/nixpkgs"; - rev = "45c99e522dcc4ef24cf71dbe38d94a308cb30530"; + rev = "7ef800430789252dac47f0b67e75a6b9bb616397"; }; networking.hostName = "uriel"; @@ -106,6 +106,10 @@ environment.systemPackages = with pkgs; [ ]; + #for google hangout + + users.extraUsers.google.extraGroups = [ "audio" "video" ]; + #users.extraGroups = { # loot = { diff --git a/old/modules/uriel/git.nix b/old/modules/uriel/git.nix new file mode 100644 index 000000000..375064868 --- /dev/null +++ b/old/modules/uriel/git.nix @@ -0,0 +1,130 @@ +{ config, lib, pkgs, ... }: + +let + inherit (builtins) map readFile; + inherit (lib) concatMap listToAttrs; + # TODO lib should already include our stuff + inherit (import ../../lib { inherit lib pkgs; }) addNames git; + + x-repos = [ + (krebs-private "brain") + + (public "painload") + (public "shitment") + (public "wai-middleware-time") + (public "web-routes-wai-custom") + + (secret "pass") + + (tv-lass "emse-drywall") + (tv-lass "emse-hsdb") + ]; + + users = addNames { + tv = { pubkey = readFile <pubkeys/tv_wu.ssh.pub>; }; + lass = { pubkey = readFile <pubkeys/lass.ssh.pub>; }; + uriel = { pubkey = readFile <pubkeys/uriel.ssh.pub>; }; + makefu = { pubkey = "xxx"; }; + }; + + repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos); + + rules = concatMap ({ rules, ... }: rules) x-repos; + + krebs-private = repo-name: + rec { + repo = { + name = repo-name; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; # TODO make this the default + channel = "#retiolum"; + server = "ire.retiolum"; + }; + }; + }; + rules = with git; with users; [ + { user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } + { user = [ tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } + ]; + }; + + public = repo-name: + rec { + repo = { + name = repo-name; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; # TODO make this the default + channel = "#retiolum"; + server = "ire.retiolum"; + }; + }; + public = true; + }; + rules = with git; with users; [ + { user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } + { user = [ tv makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } + ]; + }; + + secret = repo-name: + rec { + repo = { + name = repo-name; + hooks = {}; + }; + rules = with git; with users; [ + { user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } + { user = [ uriel ]; + repo = [ repo ]; + perm = fetch; + } + ]; + }; + + tv-lass = repo-name: + rec { + repo = { + name = repo-name; + hooks = {}; + }; + rules = with git; with users; [ + { user = lass; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } + { user = [ tv ]; + repo = [ repo ]; + perm = fetch; + } + ]; + }; + +in + +{ + imports = [ + ../tv/git + ]; + + tv.git = { + enable = true; + inherit repos rules users; + }; +} diff --git a/old/modules/uriel/retiolum.nix b/old/modules/uriel/retiolum.nix new file mode 100644 index 000000000..1e90083fc --- /dev/null +++ b/old/modules/uriel/retiolum.nix @@ -0,0 +1,31 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../tv/retiolum + ../lass/iptables + ]; + + tv.retiolum = { + enable = true; + hosts = ../../hosts; + privateKeyFile = "/etc/nixos/secrets/uriel.retiolum.rsa_key.priv"; + connectTo = [ + "fastpoke" + "gum" + "ire" + ]; + }; + + #networking.firewall.allowedTCPPorts = [ 655 ]; + #networking.firewall.allowedUDPPorts = [ 655 ]; + #lass.iptables = { + # #input-internet-accept-new-tcp = [ "tinc" ]; + # #input-internet-accept-new-udp = [ "tinc" ]; + # tables.retiolum = { + # interfaces = [ "retiolum" "wl0" ]; + # allowed-tcp = [ "tinc" ]; + # allowed-udp = [ "tinc" ]; + # }; + #}; +} |