From 8b58e6e6e25e38586f3cc8879aa0444d4fdf6f0d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 22 Jul 2016 13:06:15 +0200 Subject: nginx: use host name and aliases as default server-names --- krebs/3modules/nginx.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index fc7fcca6f..bc32da3b1 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -31,12 +31,10 @@ let options = { server-names = mkOption { type = with types; listOf str; - # TODO use identity - default = [ - "${config.networking.hostName}" - "${config.networking.hostName}.r" - "${config.networking.hostName}.retiolum" - ]; + default = + [config.krebs.build.host.name] ++ + concatMap (getAttr "aliases") + (attrValues config.krebs.build.host.nets); }; listen = mkOption { type = with types; either str (listOf str); -- cgit v1.2.3 From ccb34ca338bec3219c0d25e1a5518548ce7ec898 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 23 Jul 2016 13:29:39 +0200 Subject: mv: reinit --- krebs/3modules/default.nix | 1 + krebs/3modules/mv/default.nix | 41 +++++++++++++++++++++++++++++++++++++++++ krebs/3modules/tv/default.nix | 2 +- 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 krebs/3modules/mv/default.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a38d2b227..d64d8047a 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -91,6 +91,7 @@ let imp = lib.mkMerge [ { krebs = import ./lass { inherit config lib; }; } { krebs = import ./makefu { inherit config lib; }; } + { krebs = import ./mv { inherit config lib; }; } { krebs = import ./shared { inherit config lib; }; } { krebs = import ./tv { inherit config lib; }; } { diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix new file mode 100644 index 000000000..dc47d8983 --- /dev/null +++ b/krebs/3modules/mv/default.nix @@ -0,0 +1,41 @@ +{ config, ... }: + +with config.krebs.lib; + +{ + hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) { + stro = { + cores = 4; + nets = { + retiolum = { + ip4.addr = "10.243.111.111"; + ip6.addr = "42:0:0:0:0:0:111:111"; + aliases = [ + "stro.r" + "cgit.stro.r" + "stro.retiolum" + "cgit.stro.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0vIzLyoetOyi3R7qOh3gjSvUVjPEdqCvd0NEevDCIhhFy0nIbZ/b + vnuk3EUeTb6e384J8fKB4agig0JeR3JjtDvtjy5g9Cdy2nrU71w8wqU0etmv2PTb + FjbCFfeBXn0N3U7gXwjZGCvjAXa1a4jGb4R2iYBYGG3aY4reCN8B8Ah81h+S0oLg + ZJJfaBmWM5vNRFEI5X4CLaVnwtsoZuXIjYStgNn/9Mg/Y6NQS0H0H+HFeyhigAqG + oYGqNar/2QqPU176V/FwrD30F3qJV1uyzuPta7hmdfOxqYjZ/jqdPSRYtlunYYcq + XbH5oYmzO9NEeVWzjdac/DiV2OP8HufoYwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; + }; + }; + users = { + mv = { + mail = "mv@stro.r"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfMqkfXsGRaXJ86Pi5svAx4508ij5kc4cMLGwr1CLvFI5G7EHggiHMZYooibmkZimBF1PvLM1lOdoptJ4nSmc3UGuQaeV9BpZ1dNXexc8wOmVPKzAHYZG/2upcV/xVZQ9lk3UOmDym6fDUXThMx4nXdhOjScgWpKp7+0N3JRCf2UHusZjWFGlhE9l4irLFHCwlZeBQ16DNF4fc03vsfZBB1ZrGGZlaVpkcY+FTC3sm8R0iF5QGaq8PgltJoCNnp3L1g3Yn7Elva7kCHjZfJC1pu5icV8vZMNptPn1b10gPsNwb302FCjvZohzRcMo39L2gwdNWQmflYfYk+NPY9EgqkLtSvZJywYu8oTVLeYBAp0ZGzJR4+uIH9at/WQF499HFMxpF4uwYiQweUcPiHrrOqI5zLQoOvqh9Jv0UMsnFynNrszbCTgwzeW8bcvv8ILcjE9of8GXRCrlIMvt7Z9q8xrb5j1RhKscvusyyNOAL+HMZl6jgSxUBDtzRqPZ62QHJsBEBdRXdJRQLGeHNW9kGPrh/tiKGucuT3/HZC+2Rcemxt3RVT60+lHkghrMLi0/VOWBUKL9J94UK5xIE4Gb3RTW9DcNK53U4ql+N4ORSSEuhk3Rqzx3Bzv7AXpLKQCFKdB7tjxzGN7sCQM3PBUUo6Tk0VG2cIKOjzTRnDJlb7Q== mv@stro"; + }; + }; +} diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index d04f1cab2..a933cbddb 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -418,7 +418,7 @@ with config.krebs.lib; dv = { mail = "dv@alnus.r"; }; - mv = { + mv-cd = { mail = "mv@cd.r"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; }; -- cgit v1.2.3 From 917bdf236f8b38efeafd6c7b697a437ac18f64a6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:16:22 +0200 Subject: k 3 exim-smarthost: add authenticators option --- krebs/3modules/exim-smarthost.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index aba6ee0b5..8b6627678 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -2,6 +2,7 @@ with config.krebs.lib; let + indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; out = { @@ -12,6 +13,11 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + authenticators = mkOption { + type = types.attrsOf types.str; + default = {}; + }; + dkim = mkOption { type = types.listOf (types.submodule ({ config, ... }: { options = { @@ -257,6 +263,10 @@ let begin rewrite begin authenticators + ${concatStringsSep "\n" (mapAttrsToList (name: text: '' + ${name}: + ${indent text} + '') cfg.authenticators)} ''; }; }; -- cgit v1.2.3 From 3d8318d625db60060a3624081059f93b66ca5c46 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jul 2016 19:16:41 +0200 Subject: k 3 exim-smarthost: add ssl options --- krebs/3modules/exim-smarthost.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 8b6627678..cfe2e5f04 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -86,6 +86,16 @@ let default = []; }; + ssl_cert = mkOption { + type = types.nullOr types.str; + default = null; + }; + + ssl_key = mkOption { + type = types.nullOr types.str; + default = null; + }; + system-aliases = mkOption { type = types.listOf (types.submodule ({ options = { @@ -142,7 +152,9 @@ let syslog_timestamp = false syslog_duplication = false - tls_advertise_hosts = + ${optionalString (cfg.ssl_cert != null) "tls_certificate = ${cfg.ssl_cert}"} + ${optionalString (cfg.ssl_key != null) "tls_privatekey = ${cfg.ssl_key}"} + tls_advertise_hosts =${optionalString (cfg.ssl_cert != null) " *"} begin acl -- cgit v1.2.3 From b139155bee6006f21993f3b2b6bfd5adde6fff6f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 26 Jul 2016 21:36:47 +0200 Subject: l 3 power-action -> k 3 power-action --- krebs/3modules/default.nix | 1 + krebs/3modules/power-action.nix | 97 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 krebs/3modules/power-action.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index d64d8047a..9af42acc9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -28,6 +28,7 @@ let ./on-failure.nix ./os-release.nix ./per-user.nix + ./power-action.nix ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix new file mode 100644 index 000000000..4c2533eb7 --- /dev/null +++ b/krebs/3modules/power-action.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + cfg = config.krebs.power-action; + + out = { + options.krebs.power-action = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "power-action"; + battery = mkOption { + type = types.str; + default = "BAT0"; + }; + user = mkOption { + type = types.user; + default = { + name = "power-action"; + }; + }; + startAt = mkOption { + type = types.str; + default = "*:0/1"; + }; + plans = mkOption { + type = with types; attrsOf (submodule { + options = { + charging = mkOption { + type = nullOr bool; + default = null; + description = '' + check for charging status. + null = don't care + true = only if system is charging + false = only if system is discharging + ''; + }; + upperLimit = mkOption { + type = int; + }; + lowerLimit = mkOption { + type = int; + }; + action = mkOption { + type = path; + }; + }; + }); + }; + }; + + imp = { + systemd.services.power-action = { + serviceConfig = rec { + ExecStart = startScript; + User = cfg.user.name; + }; + startAt = cfg.startAt; + }; + users.users.${cfg.user.name} = { + inherit (cfg.user) name uid; + }; + }; + + startScript = pkgs.writeDash "power-action" '' + set -euf + + power="$(${powerlvl})" + state="$(${state})" + ${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)} + ''; + charging_check = plan: + if (plan.charging == null) then "" else + if plan.charging + then ''&& [ "$state" = "true" ]'' + else ''&& ! [ "$state" = "true" ]'' + ; + + writeRule = _: plan: + "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; + + powerlvl = pkgs.writeDash "powerlvl" '' + cat /sys/class/power_supply/${cfg.battery}/capacity + ''; + + state = pkgs.writeDash "state" '' + if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ] + then echo "false" + else echo "true" + fi + ''; + +in out -- cgit v1.2.3