From f076edf90a47117dcf4029e6458b59b7f318fa8e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 23 Jul 2015 18:20:41 +0200 Subject: 2 tv git-public: s/shitment/stockholm/ --- 2configs/tv/git-public.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '2configs') diff --git a/2configs/tv/git-public.nix b/2configs/tv/git-public.nix index aef83667f..7babcbb5b 100644 --- a/2configs/tv/git-public.nix +++ b/2configs/tv/git-public.nix @@ -22,8 +22,8 @@ let (public "quipper") (public "regfish") (public' { - name = "shitment"; - desc = "turn all the computers into one computer!"; + name = "stockholm"; + desc = "take all the computers hostage, they'll love you!"; }) (public "wai-middleware-time") (public "web-routes-wai-custom") -- cgit v1.2.3 From 9be3c091d31d3ffc1d18a67bbf2523e4afc796cd Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 00:24:12 +0200 Subject: 2 tv git-public: simplify --- 2configs/tv/git-public.nix | 141 +++++++++++++++++++++------------------------ 1 file changed, 67 insertions(+), 74 deletions(-) (limited to '2configs') diff --git a/2configs/tv/git-public.nix b/2configs/tv/git-public.nix index 7babcbb5b..7222f99eb 100644 --- a/2configs/tv/git-public.nix +++ b/2configs/tv/git-public.nix @@ -1,87 +1,80 @@ { config, lib, pkgs, ... }: - -with lib; +with import ../../4lib/tv { inherit lib pkgs; }; let - inherit (builtins) map readFile; - inherit (lib) concatMap listToAttrs; - # TODO lib should already include our stuff - inherit (import ../../4lib/tv { inherit lib pkgs; }) addNames git; - - public-git-repos = [ - (public "cgserver") - (public "crude-mail-setup") - (public "dot-xmonad") - (public "hack") - (public "load-env") - (public "make-snapshot") - (public "mime") - (public "much") - (public "nixos-infest") - (public "nixpkgs") - (public "painload") - (public "quipper") - (public "regfish") - (public' { - name = "stockholm"; - desc = "take all the computers hostage, they'll love you!"; - }) - (public "wai-middleware-time") - (public "web-routes-wai-custom") - (public "xintmap") - ]; - users = addNames { - tv = { pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; }; - lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; }; - uriel = { pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; }; - makefu = { pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; }; + out = { + imports = [ ../../3modules/tv/git.nix ]; + tv.git = { + enable = true; + root-title = "public repositories at ${config.tv.identity.self.name}"; + root-desc = "keep calm and engage"; + inherit repos rules users; + }; }; - repos = listToAttrs (map ({ repo, ... }: { name = repo.name; value = repo; }) public-git-repos); + repos = public-repos; + rules = concatMap make-rules (attrValues repos); - rules = concatMap ({ rules, ... }: rules) public-git-repos; + public-repos = mapAttrs make-public-repo { + cgserver = {}; + crude-mail-setup = {}; + dot-xmonad = {}; + hack = {}; + load-env = {}; + make-snapshot = {}; + mime = {}; + much = {}; + nixos-infest = {}; + nixpkgs = {}; + painload = {}; + quipper = {}; + regfish = {}; + stockholm = { + desc = "take all the computers hostage, they'll love you!"; + }; + wai-middleware-time = {}; + web-routes-wai-custom = {}; + xintmap = {}; + }; - public' = { name, desc }: - let - x = public name; - in - x // { repo = x.repo // { inherit desc; }; }; + # TODO move users to separate module + users = mapAttrs make-user { + tv = ../../Zpubkeys/tv_wu.ssh.pub; + lass = ../../Zpubkeys/lass.ssh.pub; + uriel = ../../Zpubkeys/uriel.ssh.pub; + makefu = ../../Zpubkeys/makefu.ssh.pub; + }; - public = repo-name: - rec { - repo = { - name = repo-name; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; # TODO make this the default - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - public = true; + make-public-repo = name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = git.irc-announce { + # TODO make nick = config.tv.identity.self.name the default + nick = config.tv.identity.self.name; + channel = "#retiolum"; + server = "cd.retiolum"; }; - rules = with git; with users; [ - { user = tv; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } - { user = [ lass makefu uriel ]; - repo = [ repo ]; - perm = fetch; - } - ]; }; + }; -in + make-rules = + with git // users; + repo: + singleton { + user = tv; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = [ lass makefu uriel ]; + repo = [ repo ]; + perm = fetch; + }; -{ - imports = [ - ../../3modules/tv/git.nix - ]; - tv.git = { - enable = true; - inherit repos rules users; - root-title = "public repositories at ${config.networking.hostName}"; - root-desc = "keep calm and engage"; + make-user = name: pubkey-file: { + inherit name; + pubkey = readFile pubkey-file; }; -} + +in out -- cgit v1.2.3 From 2b3030c7b27f98b8f00d91c63bd60c980e64071b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Jul 2015 10:52:43 +0200 Subject: makefu: init pnp this is the first entry for my hosts, it provides only very basic support with a lot of copy-paste from tv/lass --- 2configs/makefu/base.nix | 96 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 2configs/makefu/base.nix (limited to '2configs') diff --git a/2configs/makefu/base.nix b/2configs/makefu/base.nix new file mode 100644 index 000000000..ab2e6f247 --- /dev/null +++ b/2configs/makefu/base.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + imports = [ ]; + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = map readFile [ + ../../Zpubkeys/makefu_arch.ssh.pub + ]; + }; + makefu = { + uid = 9001; + group = "users"; + home = "/home/makefu"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = map readFile [ + ../../Zpubkeys/makefu_arch.ssh.pub + ]; + }; + }; + + services.openssh.enable = true; + nix.useChroot = true; + + users.mutableUsers = true; + + boot.tmpOnTmpfs = true; + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; + + environment.extraInit = '' + EDITOR=vim + ''; + + environment.systemPackages = with pkgs; [ + git + vim + rxvt_unicode.terminfo + ]; + + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + + ''; + promptInit = '' + case $UID in + 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; + 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; + *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; + esac + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; + environment.shellAliases = { + lsl = "ls -latr"; + }; + + security.setuidPrograms = [ "sendmail" ]; + + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + nixpkgs.config.packageOverrides = pkgs: { + nano = pkgs.runCommand "empty" {} "mkdir -p $out"; + }; + services.cron.enable = false; + services.nscd.enable = false; + boot.kernel.sysctl = { +# Enable IPv6 Privacy Extensions + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + i18n = { + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; + +} -- cgit v1.2.3 From 5f63c4071c7b1680e75671c0acede8a9bce4b14c Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 11:44:49 +0200 Subject: 3: {tv -> krebs}.git --- 2configs/tv/git-public.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '2configs') diff --git a/2configs/tv/git-public.nix b/2configs/tv/git-public.nix index 7222f99eb..7f2b51308 100644 --- a/2configs/tv/git-public.nix +++ b/2configs/tv/git-public.nix @@ -3,8 +3,8 @@ with import ../../4lib/tv { inherit lib pkgs; }; let out = { - imports = [ ../../3modules/tv/git.nix ]; - tv.git = { + imports = [ ../../3modules/krebs/git.nix ]; + krebs.git = { enable = true; root-title = "public repositories at ${config.tv.identity.self.name}"; root-desc = "keep calm and engage"; -- cgit v1.2.3 From e082da2c23ebff82717df11d266ecfd22a70db56 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 12:34:25 +0200 Subject: 3 tv retiolum: RIP --- 2configs/tv/exim-retiolum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '2configs') diff --git a/2configs/tv/exim-retiolum.nix b/2configs/tv/exim-retiolum.nix index efab5cf32..851a0c625 100644 --- a/2configs/tv/exim-retiolum.nix +++ b/2configs/tv/exim-retiolum.nix @@ -4,9 +4,9 @@ services.exim = # This configuration makes only sense for retiolum-enabled hosts. # TODO modular configuration - assert config.tv.retiolum.enable; + assert config.krebs.retiolum.enable; let - # TODO get the hostname from config.tv.retiolum. + # TODO get the hostname from config.krebs.retiolum. retiolumHostname = "${config.networking.hostName}.retiolum"; in { enable = true; -- cgit v1.2.3 From f1ebbc73395e733e222b7f51e3fb554579ec1916 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 17:34:08 +0200 Subject: autoimport 3*/{krebs,$(LOGNAME)} --- 2configs/tv/consul-server.nix | 1 - 2configs/tv/git-public.nix | 1 - 2configs/tv/identity.nix | 1 - 3 files changed, 3 deletions(-) (limited to '2configs') diff --git a/2configs/tv/consul-server.nix b/2configs/tv/consul-server.nix index 1c8dcb884..5d3fd5579 100644 --- a/2configs/tv/consul-server.nix +++ b/2configs/tv/consul-server.nix @@ -1,7 +1,6 @@ { config, ... }: { - imports = [ ../../3modules/tv/consul.nix ]; tv.consul = rec { enable = true; diff --git a/2configs/tv/git-public.nix b/2configs/tv/git-public.nix index 7f2b51308..1bf44e0fc 100644 --- a/2configs/tv/git-public.nix +++ b/2configs/tv/git-public.nix @@ -3,7 +3,6 @@ with import ../../4lib/tv { inherit lib pkgs; }; let out = { - imports = [ ../../3modules/krebs/git.nix ]; krebs.git = { enable = true; root-title = "public repositories at ${config.tv.identity.self.name}"; diff --git a/2configs/tv/identity.nix b/2configs/tv/identity.nix index 44208c956..bcfdc290d 100644 --- a/2configs/tv/identity.nix +++ b/2configs/tv/identity.nix @@ -1,7 +1,6 @@ { config, ... }: { - imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { enable = true; search = "retiolum"; -- cgit v1.2.3 From f4309272e2531a136a40d2332d1bfecec16d9a91 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 18:37:30 +0200 Subject: 2 tv identity: {nomic,wu}.secure = true --- 2configs/tv/identity.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to '2configs') diff --git a/2configs/tv/identity.nix b/2configs/tv/identity.nix index bcfdc290d..379d02e45 100644 --- a/2configs/tv/identity.nix +++ b/2configs/tv/identity.nix @@ -98,6 +98,7 @@ ''; }; }; + secure = true; }; rmdir = { cores = 1; @@ -153,6 +154,7 @@ ''; }; }; + secure = true; }; }; }; -- cgit v1.2.3 From 54becaa19fcbc11ac709ddaf86e56ee3b736931d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 19:33:20 +0200 Subject: tv git: add restricted repos --- 2configs/tv/git-public.nix | 79 ---------------------------------- 2configs/tv/git.nix | 103 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 103 insertions(+), 79 deletions(-) delete mode 100644 2configs/tv/git-public.nix create mode 100644 2configs/tv/git.nix (limited to '2configs') diff --git a/2configs/tv/git-public.nix b/2configs/tv/git-public.nix deleted file mode 100644 index 1bf44e0fc..000000000 --- a/2configs/tv/git-public.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ../../4lib/tv { inherit lib pkgs; }; -let - - out = { - krebs.git = { - enable = true; - root-title = "public repositories at ${config.tv.identity.self.name}"; - root-desc = "keep calm and engage"; - inherit repos rules users; - }; - }; - - repos = public-repos; - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo { - cgserver = {}; - crude-mail-setup = {}; - dot-xmonad = {}; - hack = {}; - load-env = {}; - make-snapshot = {}; - mime = {}; - much = {}; - nixos-infest = {}; - nixpkgs = {}; - painload = {}; - quipper = {}; - regfish = {}; - stockholm = { - desc = "take all the computers hostage, they'll love you!"; - }; - wai-middleware-time = {}; - web-routes-wai-custom = {}; - xintmap = {}; - }; - - # TODO move users to separate module - users = mapAttrs make-user { - tv = ../../Zpubkeys/tv_wu.ssh.pub; - lass = ../../Zpubkeys/lass.ssh.pub; - uriel = ../../Zpubkeys/uriel.ssh.pub; - makefu = ../../Zpubkeys/makefu.ssh.pub; - }; - - make-public-repo = name: { desc ? null, ... }: { - inherit name desc; - public = true; - hooks = { - post-receive = git.irc-announce { - # TODO make nick = config.tv.identity.self.name the default - nick = config.tv.identity.self.name; - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - }; - - make-rules = - with git // users; - repo: - singleton { - user = tv; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = [ lass makefu uriel ]; - repo = [ repo ]; - perm = fetch; - }; - - make-user = name: pubkey-file: { - inherit name; - pubkey = readFile pubkey-file; - }; - -in out diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix new file mode 100644 index 000000000..ac1c413c4 --- /dev/null +++ b/2configs/tv/git.nix @@ -0,0 +1,103 @@ +{ config, lib, pkgs, ... }: +with import ../../4lib/tv { inherit lib pkgs; }; +let + + out = { + krebs.git = { + enable = true; + root-title = "public repositories at ${config.tv.identity.self.name}"; + root-desc = "keep calm and engage"; + inherit repos rules users; + }; + }; + + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( + public-repos // + optionalAttrs config.tv.identity.self.secure restricted-repos + ); + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + cgserver = {}; + crude-mail-setup = {}; + dot-xmonad = {}; + hack = {}; + load-env = {}; + make-snapshot = {}; + mime = {}; + much = {}; + nixos-infest = {}; + nixpkgs = {}; + painload = {}; + quipper = {}; + regfish = {}; + stockholm = { + desc = "take all the computers hostage, they'll love you!"; + }; + wai-middleware-time = {}; + web-routes-wai-custom = {}; + xintmap = {}; + }; + + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with users; [ lass makefu ]; + }; + } // + import /root/src/secrets/repos.nix { inherit config lib pkgs users; } + ); + + # TODO move users to separate module + users = mapAttrs make-user { + tv = ../../Zpubkeys/tv_wu.ssh.pub; + lass = ../../Zpubkeys/lass.ssh.pub; + uriel = ../../Zpubkeys/uriel.ssh.pub; + makefu = ../../Zpubkeys/makefu.ssh.pub; + }; + + make-public-repo = name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = git.irc-announce { + # TODO make nick = config.tv.identity.self.name the default + nick = config.tv.identity.self.name; + channel = "#retiolum"; + server = "cd.retiolum"; + }; + }; + }; + + make-restricted-repo = name: { desc ? null, ... }: { + inherit name desc; + public = false; + hooks = {}; # TODO default + }; + + make-rules = + with git // users; + repo: + singleton { + user = tv; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = [ lass makefu uriel ]; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + + make-user = name: pubkey-file: { + inherit name; + pubkey = readFile pubkey-file; + }; + +in out -- cgit v1.2.3 From a62be1cef8726a2afa61df3dac9e19a71882b370 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 20:48:00 +0200 Subject: {2 tv git -> 3 krebs}.users --- 2configs/tv/git.nix | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) (limited to '2configs') diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix index ac1c413c4..b7f9983a1 100644 --- a/2configs/tv/git.nix +++ b/2configs/tv/git.nix @@ -1,4 +1,5 @@ { config, lib, pkgs, ... }: + with import ../../4lib/tv { inherit lib pkgs; }; let @@ -7,7 +8,7 @@ let enable = true; root-title = "public repositories at ${config.tv.identity.self.name}"; root-desc = "keep calm and engage"; - inherit repos rules users; + inherit repos rules; }; }; @@ -43,20 +44,12 @@ let restricted-repos = mapAttrs make-restricted-repo ( { brain = { - collaborators = with users; [ lass makefu ]; + collaborators = with config.krebs.users; [ lass makefu ]; }; } // - import /root/src/secrets/repos.nix { inherit config lib pkgs users; } + import /root/src/secrets/repos.nix { inherit config lib pkgs; } ); - # TODO move users to separate module - users = mapAttrs make-user { - tv = ../../Zpubkeys/tv_wu.ssh.pub; - lass = ../../Zpubkeys/lass.ssh.pub; - uriel = ../../Zpubkeys/uriel.ssh.pub; - makefu = ../../Zpubkeys/makefu.ssh.pub; - }; - make-public-repo = name: { desc ? null, ... }: { inherit name desc; public = true; @@ -77,7 +70,7 @@ let }; make-rules = - with git // users; + with git // config.krebs.users; repo: singleton { user = tv; @@ -95,9 +88,4 @@ let perm = fetch; }; - make-user = name: pubkey-file: { - inherit name; - pubkey = readFile pubkey-file; - }; - in out -- cgit v1.2.3 From 62ad5ff9d2bb41acdad20b68ee47c4a32ce928b6 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 21:15:18 +0200 Subject: { * tv identity -> 3 krebs}.hosts --- 2configs/tv/consul-server.nix | 2 +- 2configs/tv/identity.nix | 153 ------------------------------------------ 2 files changed, 1 insertion(+), 154 deletions(-) (limited to '2configs') diff --git a/2configs/tv/consul-server.nix b/2configs/tv/consul-server.nix index 5d3fd5579..63dabdc2a 100644 --- a/2configs/tv/consul-server.nix +++ b/2configs/tv/consul-server.nix @@ -9,7 +9,7 @@ server = true; - hosts = with config.tv.identity.hosts; [ + hosts = with config.krebs.hosts; [ # TODO get this list automatically from each host where tv.consul.enable is true cd mkdir diff --git a/2configs/tv/identity.nix b/2configs/tv/identity.nix index 379d02e45..481ac72a6 100644 --- a/2configs/tv/identity.nix +++ b/2configs/tv/identity.nix @@ -4,158 +4,5 @@ tv.identity = { enable = true; search = "retiolum"; - hosts = { - cd = { - cores = 2; - dc = "tv"; #dc = "cac"; - nets = rec { - internet = { - addrs4 = ["162.219.7.216"]; - aliases = [ - "cd.internet" - "cd.viljetic.de" - "cgit.cd.viljetic.de" - "cd.krebsco.de" - ]; - }; - retiolum = { - via = internet; - addrs4 = ["10.243.113.222"]; - addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"]; - aliases = [ - "cd.retiolum" - "cgit.cd.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ - rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 - e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN - sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v - CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 - PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V - LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk - DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW - ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK - jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 - Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - mkdir = { - cores = 1; - dc = "tv"; #dc = "cac"; - nets = rec { - internet = { - addrs4 = ["162.248.167.241"]; - aliases = [ - "mkdir.internet" - ]; - }; - retiolum = { - via = internet; - addrs4 = ["10.243.113.223"]; - addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"]; - aliases = [ - "mkdir.retiolum" - "cgit.mkdir.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAuyfM+3od75zOYXqnqRMAt+yp/4z/vC3vSWdjUvEmCuM23c5BOBw+ - dKqbWoSPTzOuaQ0szdL7a6YxT+poSUXd/i3pPz59KgCl192rd1pZoJKgvoluITev - voYSP9rFQOUrustfDb9qKW/ZY95cwdCvypo7Vf4ghxwDCnlmyCGz7qXTJMLydNKF - 2PH9KiY4suv15sCg/zisu+q0ZYQXUc1TcgpoIYBOftDunOJoNdbti+XjwWdjGmJZ - Bn4GelsrrpwJFvfDmouHUe8GsD7nTgbZFtiJbKfCEiK16N0Q0d0ZFHhAV2nPjsk2 - 3JhG4n9vxATBkO82f7RLrcrhkx9cbLfN3wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - nomic = { - cores = 2; - dc = "tv"; #dc = "gg23"; - nets = rec { - retiolum = { - addrs4 = ["10.243.0.110"]; - addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"]; - aliases = [ - "nomic.retiolum" - "cgit.nomic.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwb8Yk/YRc17g2J9n960p6j4W/l559OPyuMPdGJ4DmCm3WNQtxoa+ - qTFUiDiI85BcmfqnSeddLG8zTC2XnSlIvCRMJ9oKzppFM4PX4OTAaJZVE5WyCQhw - Kd4tHVdoQgJW5yFepmT9IUmHqkxXJ0R2W93l2eSZNOcnFvFn0ooiAlRi4zAiHClu - 5Mz80Sc2rvez+n9wtC2D06aYjP23pHYld2xighHR9SUqX1dFzgSXNSoWWCcgNp2a - OKcM8LzxLV7MTMZFOJCJndZ77e4LsUvxhQFP6nyKZWg30PC0zufZsuN5o2xsWSlA - Wi9sMB1AUR6mZrxgcgTFpUjbjbLQf+36CwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - }; - rmdir = { - cores = 1; - dc = "tv"; #dc = "cac"; - nets = rec { - internet = { - addrs4 = ["167.88.44.94"]; - aliases = [ - "rmdir.internet" - ]; - }; - retiolum = { - via = internet; - addrs4 = ["10.243.113.224"]; - addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"]; - aliases = [ - "rmdir.retiolum" - "cgit.rmdir.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA+twy4obSbJdmZLfBoe9YYeyoDnXkO/WPa2D6Eh6jXrWk5fbhBjRf - i3EAQfLiXXFJX3E8V8YvJyazXklI19jJtCLDiu/F5kgJJfyAkWHH+a/hcg7qllDM - Xx2CvS/nCbs+p48/VLO6zLC7b1oHu3K/ob5M5bwPK6j9NEDIL5qYiM5PQzV6zryz - hS9E/+l8Z+UUpYcfS3bRovXJAerB4txc/gD3Xmptq1zk53yn1kJFYfVlwyyz+NEF - 59JZj2PDrvWoG0kx/QjiNurs6XfdnyHe/gP3rmSTrihKFVuA3cZM62sDR4FcaeWH - SnKSp02pqjBOjC/dOK97nXpKLJgNH046owIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - wu = { - cores = 4; - # TODO wu is mobile, so dc means "home data center" - dc = "tv"; #dc = "gg23"; - nets = { - retiolum = { - addrs4 = ["10.243.13.37"]; - addrs6 = ["42:0:0:0:0:0:0:1337"]; - aliases = [ - "wu.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEArDvU0cuBsVqTjCX2TlWL4XHSy4qSjUhjrDvUPZSKTVN7x6OENCUn - M27g9H7j4/Jw/8IHoJLiKnXHavOoc9UJM+P9Fla/4TTVADr69UDSnLgH+wGiHcEg - GxPkb2jt0Z8zcpD6Fusj1ATs3sssaLHTHvg1D0LylEWA3cI4WPP13v23PkyUENQT - KpSWfR+obqDl38Q7LuFi6dH9ruyvqK+4syddrBwjPXrcNxcGL9QbDn7+foRNiWw4 - 4CE5z25oGG2iWMShI7fe3ji/fMUAl7DSOOrHVVG9eMtpzy+uI8veOHrdTax4oKik - AFGCrMIov3F0GIeu3nDlrTIZPZDTodbFKQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - }; - }; }; } -- cgit v1.2.3 From b61f19e6edc0a583bf4cae45c62d75fce4ac910a Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 21:27:19 +0200 Subject: krebs.hosts: populate if enable, not via default --- 2configs/tv/base.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to '2configs') diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix index 0494ea08e..14d84c9f6 100644 --- a/2configs/tv/base.nix +++ b/2configs/tv/base.nix @@ -9,6 +9,8 @@ let in { + krebs.enable = true; + imports = [ { users.extraUsers = -- cgit v1.2.3 From 13cc704c60ce97a8d7404a3558ad925100fcc1a9 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Jul 2015 22:39:11 +0200 Subject: pnp provides cgit, update identity --- 2configs/makefu/cgit-retiolum.nix | 52 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 2configs/makefu/cgit-retiolum.nix (limited to '2configs') diff --git a/2configs/makefu/cgit-retiolum.nix b/2configs/makefu/cgit-retiolum.nix new file mode 100644 index 000000000..d5ad35fda --- /dev/null +++ b/2configs/makefu/cgit-retiolum.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, ... }: +with import ../../4lib/tv { inherit lib pkgs; }; +let + + out = { + imports = [ ../../3modules/krebs/git.nix ]; + krebs.git = { + enable = true; + root-title = "public repositories "; + root-desc = "keep calm and enrage"; + inherit repos rules ; + }; + }; + + repos = public-repos; + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + desc = "take all the computers hostage, they'll love you!"; + }; + }; + + # TODO move users to separate module + + make-public-repo = name: { desc ? null, ... }: { + inherit name desc; + public = true; + hooks = { + post-receive = git.irc-announce { + nick = config.networking.hostName; + channel = "#retiolum"; + server = "cd.retiolum"; + }; + }; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = makefu; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = [ lass tv uriel ]; + repo = [ repo ]; + perm = fetch; + }; + +in out -- cgit v1.2.3 From f9c46e9d43c765d426f88f0f318bf02962a67578 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Jul 2015 23:03:50 +0200 Subject: makefu: fix whitespace, use registry instead of readfile --- 2configs/makefu/base.nix | 156 +++++++++++++++++++++++------------------------ 1 file changed, 77 insertions(+), 79 deletions(-) (limited to '2configs') diff --git a/2configs/makefu/base.nix b/2configs/makefu/base.nix index ab2e6f247..b1dd83049 100644 --- a/2configs/makefu/base.nix +++ b/2configs/makefu/base.nix @@ -2,95 +2,93 @@ with lib; { - imports = [ ]; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/makefu_arch.ssh.pub - ]; - }; - makefu = { - uid = 9001; - group = "users"; - home = "/home/makefu"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/makefu_arch.ssh.pub - ]; - }; + imports = [ ]; + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; + makefu = { + uid = 9001; + group = "users"; + home = "/home/makefu"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "wheel" + ]; + openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; + }; + }; - services.openssh.enable = true; - nix.useChroot = true; + services.openssh.enable = true; + nix.useChroot = true; - users.mutableUsers = true; + users.mutableUsers = true; - boot.tmpOnTmpfs = true; - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; + boot.tmpOnTmpfs = true; + systemd.tmpfiles.rules = [ + "d /tmp 1777 root root - -" + ]; - environment.extraInit = '' - EDITOR=vim - ''; + environment.extraInit = '' + EDITOR=vim + ''; - environment.systemPackages = with pkgs; [ - git - vim - rxvt_unicode.terminfo - ]; + environment.systemPackages = with pkgs; [ + git + vim + rxvt_unicode.terminfo + ]; - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE + programs.bash = { + enableCompletion = true; + interactiveShellInit = '' + HISTCONTROL='erasedups:ignorespace' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd + shopt -s checkhash + shopt -s histappend histreedit histverify + shopt -s no_empty_cmd_completion + complete -d cd + ''; - ''; - promptInit = '' - case $UID in - 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; - *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - environment.shellAliases = { - lsl = "ls -latr"; - }; + promptInit = '' + case $UID in + 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; + 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; + *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; + esac + if test -n "$SSH_CLIENT"; then + PS1='\[\033[35m\]\h'" $PS1" + fi + ''; + }; - security.setuidPrograms = [ "sendmail" ]; + environment.shellAliases = { + lsl = "ls -latr"; + }; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.runCommand "empty" {} "mkdir -p $out"; - }; - services.cron.enable = false; - services.nscd.enable = false; - boot.kernel.sysctl = { -# Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; + nixpkgs.config.packageOverrides = pkgs: { + nano = pkgs.runCommand "empty" {} "mkdir -p $out"; + }; + + services.cron.enable = false; + services.nscd.enable = false; + + security.setuidPrograms = [ "sendmail" ]; + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + ''; + # Enable IPv6 Privacy Extensions + boot.kernel.sysctl = { + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + i18n = { + consoleKeyMap = "us"; + defaultLocale = "en_US.UTF-8"; + }; } -- cgit v1.2.3 From 51a698475ea5f2ac7c8ac2a4a8df26905e4af4c1 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 24 Jul 2015 23:13:16 +0200 Subject: makefu: ls -lAtr --- 2configs/makefu/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '2configs') diff --git a/2configs/makefu/base.nix b/2configs/makefu/base.nix index b1dd83049..25b80930b 100644 --- a/2configs/makefu/base.nix +++ b/2configs/makefu/base.nix @@ -66,7 +66,7 @@ with lib; }; environment.shellAliases = { - lsl = "ls -latr"; + lsl = "ls -lAtr"; }; nixpkgs.config.packageOverrides = pkgs: { -- cgit v1.2.3 From 6840ea1191dd7fc1ad02ae698875e044265d716b Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 00:04:04 +0200 Subject: tv.identity -> krebs.build + extraHosts hack --- 2configs/tv/charybdis.nix | 8 ++++---- 2configs/tv/consul-server.nix | 2 +- 2configs/tv/git.nix | 8 ++++---- 2configs/tv/identity.nix | 8 -------- 4 files changed, 9 insertions(+), 17 deletions(-) delete mode 100644 2configs/tv/identity.nix (limited to '2configs') diff --git a/2configs/tv/charybdis.nix b/2configs/tv/charybdis.nix index a45c7aebe..265f85132 100644 --- a/2configs/tv/charybdis.nix +++ b/2configs/tv/charybdis.nix @@ -123,7 +123,7 @@ let #loadmodule "extensions/ip_cloaking.so"; serverinfo { - name = ${toJSON (head config.tv.identity.self.nets.retiolum.aliases)}; + name = ${toJSON (head config.krebs.build.host.nets.retiolum.aliases)}; sid = "4z3"; description = "miep!"; network_name = "irc.retiolum"; @@ -133,9 +133,9 @@ let /* On multi-homed hosts you may need the following. These define * the addresses we connect from to other servers. */ /* for IPv4 */ - vhost = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs4}; + vhost = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs4}; /* for IPv6 */ - vhost6 = ${concatMapStringsSep ", " toJSON config.tv.identity.self.nets.retiolum.addrs6}; + vhost6 = ${concatMapStringsSep ", " toJSON config.krebs.build.host.nets.retiolum.addrs6}; /* ssl_private_key: our ssl private key */ ssl_private_key = "/tmp/ssl.key"; @@ -240,7 +240,7 @@ let */ # XXX This is stupid because only one host is allowed[?] #host = ''${concatMapStringsSep ", " toJSON ( - # config.tv.identity.self.nets.retiolum.addrs + # config.krebs.build.host.nets.retiolum.addrs #)}; port = 6667; sslport = 6697; diff --git a/2configs/tv/consul-server.nix b/2configs/tv/consul-server.nix index 63dabdc2a..d10f9ea75 100644 --- a/2configs/tv/consul-server.nix +++ b/2configs/tv/consul-server.nix @@ -4,7 +4,7 @@ tv.consul = rec { enable = true; - inherit (config.tv.identity) self; + self = config.krebs.build.host; inherit (self) dc; server = true; diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix index b7f9983a1..f884ea464 100644 --- a/2configs/tv/git.nix +++ b/2configs/tv/git.nix @@ -6,7 +6,7 @@ let out = { krebs.git = { enable = true; - root-title = "public repositories at ${config.tv.identity.self.name}"; + root-title = "public repositories at ${config.krebs.build.host.name}"; root-desc = "keep calm and engage"; inherit repos rules; }; @@ -14,7 +14,7 @@ let repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) ( public-repos // - optionalAttrs config.tv.identity.self.secure restricted-repos + optionalAttrs config.krebs.build.host.secure restricted-repos ); rules = concatMap make-rules (attrValues repos); @@ -55,8 +55,8 @@ let public = true; hooks = { post-receive = git.irc-announce { - # TODO make nick = config.tv.identity.self.name the default - nick = config.tv.identity.self.name; + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; channel = "#retiolum"; server = "cd.retiolum"; }; diff --git a/2configs/tv/identity.nix b/2configs/tv/identity.nix deleted file mode 100644 index 481ac72a6..000000000 --- a/2configs/tv/identity.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, ... }: - -{ - tv.identity = { - enable = true; - search = "retiolum"; - }; -} -- cgit v1.2.3 From a489c7be84ffa76bb71542277af6c114c40961f2 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 00:44:51 +0200 Subject: tv: source pubkeys from registry --- 2configs/tv/base.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to '2configs') diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix index 14d84c9f6..c7d3e0d2a 100644 --- a/2configs/tv/base.nix +++ b/2configs/tv/base.nix @@ -24,8 +24,8 @@ in { users.extraUsers = { root = { - openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/tv_wu.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey ]; }; tv = { @@ -39,8 +39,8 @@ in "video" "wheel" ]; - openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/tv_wu.ssh.pub + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey ]; }; }; -- cgit v1.2.3 From d03dba41d6543adc2c73a7818cd32ca79046c64b Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 01:06:13 +0200 Subject: krebs.users.[mt]v: set mail --- 2configs/tv/base.nix | 2 +- 2configs/tv/charybdis.nix | 2 +- 2configs/tv/exim-smarthost.nix | 15 ++++++++------- 2configs/tv/smartd.nix | 2 +- 4 files changed, 11 insertions(+), 10 deletions(-) (limited to '2configs') diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix index c7d3e0d2a..ab6d24769 100644 --- a/2configs/tv/base.nix +++ b/2configs/tv/base.nix @@ -47,7 +47,7 @@ in } { security.sudo.extraConfig = '' - Defaults mailto="tv@wu.retiolum" + Defaults mailto="${config.krebs.users.tv.mail}" ''; time.timeZone = "Europe/Berlin"; } diff --git a/2configs/tv/charybdis.nix b/2configs/tv/charybdis.nix index 265f85132..d78e162cb 100644 --- a/2configs/tv/charybdis.nix +++ b/2configs/tv/charybdis.nix @@ -170,7 +170,7 @@ let admin { name = "tv"; description = "peer"; - email = "tv@wu.retiolum"; + mail = "${config.krebs.users.tv.mail}"; }; log { diff --git a/2configs/tv/exim-smarthost.nix b/2configs/tv/exim-smarthost.nix index a4c47b399..c93189b8a 100644 --- a/2configs/tv/exim-smarthost.nix +++ b/2configs/tv/exim-smarthost.nix @@ -11,20 +11,21 @@ in let retiolumHostname = "${config.networking.hostName}.retiolum"; - internet-aliases = [ - { from = "tomislav@viljetic.de"; to = "tv@wu.retiolum"; } + internet-aliases = with config.krebs.users; [ + { from = "tomislav@viljetic.de"; to = tv.mail; } # (mindestens) lisp-stammtisch und elli haben die: - { from = "tv@viljetic.de"; to = "tv@wu.retiolum"; } + { from = "tv@viljetic.de"; to = tv.mail; } - { from = "tv@destroy.dyn.shackspace.de"; to = "tv@wu.retiolum"; } + { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; } - { from = "mirko@viljetic.de"; to = "mv@cd.retiolum"; } + { from = "mirko@viljetic.de"; to = mv.mail; } # TODO killme (wo wird die benutzt?) - { from = "tv@cd.retiolum"; to = "tv@wu.retiolum"; } + { from = "tv@cd.retiolum"; to = tv.mail; } - { from = "postmaster@krebsco.de"; to = "tv@wu.retiolum"; } + # TODO lists@smtp.retiolum [consul] + { from = "postmaster@krebsco.de"; to = tv.mail; } ]; system-aliases = [ diff --git a/2configs/tv/smartd.nix b/2configs/tv/smartd.nix index 2e9d955d1..9c4d8b2d8 100644 --- a/2configs/tv/smartd.nix +++ b/2configs/tv/smartd.nix @@ -8,7 +8,7 @@ device = "DEVICESCAN"; options = toString [ "-a" - "-m tv@wu.retiolum" + "-m ${config.krebs.users.tv.mail}" "-s (O/../.././09|S/../.././04|L/../../6/05)" ]; } -- cgit v1.2.3 From 4df0d6e75b7e34db2fda4c8b782b93d265475272 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 01:14:34 +0200 Subject: tv base: set krebs.search-domain --- 2configs/tv/base.nix | 1 + 1 file changed, 1 insertion(+) (limited to '2configs') diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix index ab6d24769..40fe9ee04 100644 --- a/2configs/tv/base.nix +++ b/2configs/tv/base.nix @@ -10,6 +10,7 @@ in { krebs.enable = true; + krebs.search-domain = "retiolum"; imports = [ { -- cgit v1.2.3 From 1eb292f0c9eeb7d0fad6738bc4f06e646cae289e Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 01:29:37 +0200 Subject: krebs.git.repos.*.hooks: default = {} --- 2configs/tv/git.nix | 1 - 1 file changed, 1 deletion(-) (limited to '2configs') diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix index f884ea464..2c0cc6b14 100644 --- a/2configs/tv/git.nix +++ b/2configs/tv/git.nix @@ -66,7 +66,6 @@ let make-restricted-repo = name: { desc ? null, ... }: { inherit name desc; public = false; - hooks = {}; # TODO default }; make-rules = -- cgit v1.2.3 From 8d7c80aac644558768a689012d7b31d23f559d66 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 01:38:26 +0200 Subject: {1 tv * -> 2 tv base} networking.hostName --- 2configs/tv/base.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to '2configs') diff --git a/2configs/tv/base.nix b/2configs/tv/base.nix index 40fe9ee04..06f83ea9e 100644 --- a/2configs/tv/base.nix +++ b/2configs/tv/base.nix @@ -12,6 +12,8 @@ in krebs.enable = true; krebs.search-domain = "retiolum"; + networking.hostName = config.krebs.build.host.name; + imports = [ { users.extraUsers = -- cgit v1.2.3 From fca9bf179a5cd29b6804b2e16bb21374b82876bf Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 01:46:10 +0200 Subject: {1 tv wu -> 2 tv} urlwatch --- 2configs/tv/urlwatch.nix | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 2configs/tv/urlwatch.nix (limited to '2configs') diff --git a/2configs/tv/urlwatch.nix b/2configs/tv/urlwatch.nix new file mode 100644 index 000000000..a69b1519c --- /dev/null +++ b/2configs/tv/urlwatch.nix @@ -0,0 +1,51 @@ +{ config, ... }: + +{ + krebs.urlwatch = { + enable = true; + mailto = config.krebs.users.tv.mail; + onCalendar = "*-*-* 05:00:00"; + urls = [ + ## nixpkgs maintenance + + # 2014-07-29 when one of the following urls change + # then we have to update the package + + # ref src/nixpkgs/pkgs/tools/admin/sec/default.nix + https://api.github.com/repos/simple-evcorr/sec/tags + + # ref src/nixpkgs/pkgs/tools/networking/urlwatch/default.nix + https://thp.io/2008/urlwatch/ + + # 2014-12-20 ref src/nixpkgs/pkgs/tools/networking/tlsdate/default.nix + https://api.github.com/repos/ioerror/tlsdate/tags + + # 2015-02-18 + # ref ~/src/nixpkgs/pkgs/tools/text/qprint/default.nix + http://www.fourmilab.ch/webtools/qprint/ + + # 2014-09-24 ref https://github.com/4z3/xintmap + http://www.mathstat.dal.ca/~selinger/quipper/ + + # 2014-12-12 remove nixopsUnstable when nixops get's bumped to 1.3 + # ref https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/package-management/nixops/unstable.nix + http://nixos.org/releases/nixops/ + + ## other + + https://nixos.org/channels/nixos-unstable/git-revision + + ## 2014-10-17 + ## TODO update ~/src/login/default.nix + #http://hackage.haskell.org/package/bcrypt + #http://hackage.haskell.org/package/cron + #http://hackage.haskell.org/package/hyphenation + #http://hackage.haskell.org/package/iso8601-time + #http://hackage.haskell.org/package/ixset-typed + #http://hackage.haskell.org/package/system-command + #http://hackage.haskell.org/package/transformers + #http://hackage.haskell.org/package/web-routes-wai + #http://hackage.haskell.org/package/web-page + ]; + }; +} -- cgit v1.2.3