summaryrefslogtreecommitdiffstats
path: root/old/modules/uriel
diff options
context:
space:
mode:
Diffstat (limited to 'old/modules/uriel')
-rw-r--r--old/modules/uriel/default.nix10
-rw-r--r--old/modules/uriel/git.nix130
-rw-r--r--old/modules/uriel/retiolum.nix31
3 files changed, 168 insertions, 3 deletions
diff --git a/old/modules/uriel/default.nix b/old/modules/uriel/default.nix
index 7f2b9032b..eb0f3e906 100644
--- a/old/modules/uriel/default.nix
+++ b/old/modules/uriel/default.nix
@@ -3,8 +3,7 @@
{
imports = [
../lass/desktop-base.nix
- ../lass/retiolum-uriel.nix
- ../lass/xserver-lass.nix
+ ./retiolum.nix
../lass/browsers.nix
../lass/programs.nix
../lass/games.nix
@@ -18,11 +17,12 @@
../lass/bird.nix
./repos.nix
../lass/chromium-patched.nix
+ ./git.nix
];
nixpkgs = {
url = "https://github.com/Lassulus/nixpkgs";
- rev = "45c99e522dcc4ef24cf71dbe38d94a308cb30530";
+ rev = "7ef800430789252dac47f0b67e75a6b9bb616397";
};
networking.hostName = "uriel";
@@ -106,6 +106,10 @@
environment.systemPackages = with pkgs; [
];
+ #for google hangout
+
+ users.extraUsers.google.extraGroups = [ "audio" "video" ];
+
#users.extraGroups = {
# loot = {
diff --git a/old/modules/uriel/git.nix b/old/modules/uriel/git.nix
new file mode 100644
index 000000000..375064868
--- /dev/null
+++ b/old/modules/uriel/git.nix
@@ -0,0 +1,130 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (builtins) map readFile;
+ inherit (lib) concatMap listToAttrs;
+ # TODO lib should already include our stuff
+ inherit (import ../../lib { inherit lib pkgs; }) addNames git;
+
+ x-repos = [
+ (krebs-private "brain")
+
+ (public "painload")
+ (public "shitment")
+ (public "wai-middleware-time")
+ (public "web-routes-wai-custom")
+
+ (secret "pass")
+
+ (tv-lass "emse-drywall")
+ (tv-lass "emse-hsdb")
+ ];
+
+ users = addNames {
+ tv = { pubkey = readFile <pubkeys/tv_wu.ssh.pub>; };
+ lass = { pubkey = readFile <pubkeys/lass.ssh.pub>; };
+ uriel = { pubkey = readFile <pubkeys/uriel.ssh.pub>; };
+ makefu = { pubkey = "xxx"; };
+ };
+
+ repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) x-repos);
+
+ rules = concatMap ({ rules, ... }: rules) x-repos;
+
+ krebs-private = repo-name:
+ rec {
+ repo = {
+ name = repo-name;
+ hooks = {
+ post-receive = git.irc-announce {
+ nick = config.networking.hostName; # TODO make this the default
+ channel = "#retiolum";
+ server = "ire.retiolum";
+ };
+ };
+ };
+ rules = with git; with users; [
+ { user = lass;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ }
+ { user = [ tv makefu uriel ];
+ repo = [ repo ];
+ perm = fetch;
+ }
+ ];
+ };
+
+ public = repo-name:
+ rec {
+ repo = {
+ name = repo-name;
+ hooks = {
+ post-receive = git.irc-announce {
+ nick = config.networking.hostName; # TODO make this the default
+ channel = "#retiolum";
+ server = "ire.retiolum";
+ };
+ };
+ public = true;
+ };
+ rules = with git; with users; [
+ { user = lass;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ }
+ { user = [ tv makefu uriel ];
+ repo = [ repo ];
+ perm = fetch;
+ }
+ ];
+ };
+
+ secret = repo-name:
+ rec {
+ repo = {
+ name = repo-name;
+ hooks = {};
+ };
+ rules = with git; with users; [
+ { user = lass;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ }
+ { user = [ uriel ];
+ repo = [ repo ];
+ perm = fetch;
+ }
+ ];
+ };
+
+ tv-lass = repo-name:
+ rec {
+ repo = {
+ name = repo-name;
+ hooks = {};
+ };
+ rules = with git; with users; [
+ { user = lass;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ }
+ { user = [ tv ];
+ repo = [ repo ];
+ perm = fetch;
+ }
+ ];
+ };
+
+in
+
+{
+ imports = [
+ ../tv/git
+ ];
+
+ tv.git = {
+ enable = true;
+ inherit repos rules users;
+ };
+}
diff --git a/old/modules/uriel/retiolum.nix b/old/modules/uriel/retiolum.nix
new file mode 100644
index 000000000..1e90083fc
--- /dev/null
+++ b/old/modules/uriel/retiolum.nix
@@ -0,0 +1,31 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../tv/retiolum
+ ../lass/iptables
+ ];
+
+ tv.retiolum = {
+ enable = true;
+ hosts = ../../hosts;
+ privateKeyFile = "/etc/nixos/secrets/uriel.retiolum.rsa_key.priv";
+ connectTo = [
+ "fastpoke"
+ "gum"
+ "ire"
+ ];
+ };
+
+ #networking.firewall.allowedTCPPorts = [ 655 ];
+ #networking.firewall.allowedUDPPorts = [ 655 ];
+ #lass.iptables = {
+ # #input-internet-accept-new-tcp = [ "tinc" ];
+ # #input-internet-accept-new-udp = [ "tinc" ];
+ # tables.retiolum = {
+ # interfaces = [ "retiolum" "wl0" ];
+ # allowed-tcp = [ "tinc" ];
+ # allowed-udp = [ "tinc" ];
+ # };
+ #};
+}