From f5089ed60f26afba7e4366fabb3f787ab94e0822 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 15:16:28 +0200 Subject: krebs: add wolf-repo-sync user --- krebs/3modules/krebs/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index f11b8ef48..c65a132db 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -38,6 +38,7 @@ in { ip6.addr = "42:0:0:0:0:0:77:2"; aliases = [ "puyak.r" + "build.puyak.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -94,5 +95,10 @@ in { krebs = { pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary }; + wolf-repo-sync = { + name = "wolf-repo-sync"; + mail = "spam@krebsco.de"; + pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf''; + }; }; } -- cgit v1.2.3 From 657e099f4a42c5fd707872b914d8d84ff939e849 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 15:19:05 +0200 Subject: krebs: add puyak-repo-sync user --- krebs/3modules/krebs/default.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index c65a132db..c18c70e3e 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -95,6 +95,11 @@ in { krebs = { pubkey = "lol"; # TODO krebs.users.krebs.pubkey should be unnecessary }; + puyak-repo-sync = { + name = "puyak-repo-sync"; + mail = "spam@krebsco.de"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILKVAxlz6L4yLL/4+MFk0YyzQSK+XI4ayxNQfLKepMj"; + }; wolf-repo-sync = { name = "wolf-repo-sync"; mail = "spam@krebsco.de"; -- cgit v1.2.3 From 6dd39253a6d3fb833c36ed0a18e484575c2cfb4a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 20:37:41 +0200 Subject: krebs: add cgit.puyak.r --- krebs/3modules/krebs/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index c18c70e3e..172e791b4 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -39,6 +39,7 @@ in { aliases = [ "puyak.r" "build.puyak.r" + "cgit.puyak.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 8d123b954181aed5f769a4706ba26a3579fd987d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 20:38:51 +0200 Subject: puyak-repo-sync: rotate pubkey --- krebs/3modules/krebs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 172e791b4..f751b4f9f 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -99,7 +99,7 @@ in { puyak-repo-sync = { name = "puyak-repo-sync"; mail = "spam@krebsco.de"; - pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILKVAxlz6L4yLL/4+MFk0YyzQSK+XI4ayxNQfLKepMj"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+18mG/cV1YbR9PXzuu3ScyV9kENy08OXUntpmgh9H2"; }; wolf-repo-sync = { name = "wolf-repo-sync"; -- cgit v1.2.3 From edfd8ca19101e0c5c99fb799f05bd404c6d2287b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 20:47:05 +0200 Subject: krebs git: fix initial chown --- krebs/3modules/git.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 884108ebb..93211d9d4 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -569,7 +569,8 @@ let if ! test -d "$repodir"; then mkdir -m "$mode" "$repodir" git init --bare --template=/var/empty "$repodir" - chown -R git:nogroup "$repodir" + # TODO fix correctly with stringAfter + chown -R ${toString config.users.users.git.uid}:nogroup "$repodir" fi ln -s ${hooks} "$repodir/hooks" '' -- cgit v1.2.3 From 04dfdb5ec644cd3786a4e374304fefc275682ef2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 23:01:39 +0200 Subject: krebs fetchWallpaper: allow everyone to enter dir --- krebs/3modules/fetchWallpaper.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e00c0ec9b..cdb9fe70a 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -49,6 +49,7 @@ let set -euf mkdir -p ${cfg.stateDir} + chmod o+rx ${cfg.stateDir} cd ${cfg.stateDir} (curl --max-time ${toString cfg.maxTime} -s -o wallpaper.tmp -z wallpaper ${shell.escape cfg.url} && mv wallpaper.tmp wallpaper) || : feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper -- cgit v1.2.3 From 54a594dc474255b24bbff80bb6be28e6a1a523d4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Jul 2017 23:01:18 +0200 Subject: krebs backup: extend api with timerConfig --- krebs/3modules/backup.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index bfb0ab591..6f015d66b 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -54,6 +54,12 @@ let }; }); }; + timerConfig = mkOption { + type = with types; attrsOf str; + default = optionalAttrs (config.startAt != null) { + OnCalendar = config.startAt; + }; + }; }; })); }; @@ -82,11 +88,19 @@ let SyslogIdentifier = ExecStart.name; Type = "oneshot"; }; - startAt = mkIf (plan.startAt != null) plan.startAt; }) (filter (plan: build-host-is "pull" "dst" plan || build-host-is "push" "src" plan) enabled-plans)); + systemd.timers = + listToAttrs (map (plan: nameValuePair "backup.${plan.name}" { + wantedBy = [ "timers.target" ]; + timerConfig = plan.timerConfig; + }) (filter (plan: plan.timerConfig != {} && ( + build-host-is "pull" "dst" plan || + build-host-is "push" "src" plan)) + enabled-plans)); + users.groups.backup.gid = genid "backup"; users.users.root.openssh.authorizedKeys.keys = map (plan: getAttr plan.method { -- cgit v1.2.3