From 19cc72be381b5718af90418cff45635f94a2012a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 19:14:52 +0200 Subject: wiki: announce changes in #xxx, serve with cgit --- krebs/3modules/default.nix | 1 + krebs/3modules/gollum.nix | 112 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 krebs/3modules/gollum.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f3180722d..2772bf986 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -27,6 +27,7 @@ let ./github-known-hosts.nix ./git.nix ./go.nix + ./gollum.nix ./hidden-ssh.nix ./hosts.nix ./htgen.nix diff --git a/krebs/3modules/gollum.nix b/krebs/3modules/gollum.nix new file mode 100644 index 000000000..4b4e04d16 --- /dev/null +++ b/krebs/3modules/gollum.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.krebs.gollum; +in + +{ + options.krebs.gollum = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable the Gollum service."; + }; + + address = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "IP address on which the web server will listen."; + }; + + port = mkOption { + type = types.int; + default = 4567; + description = "Port on which the web server will run."; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = "Content of the configuration file"; + }; + + mathjax = mkOption { + type = types.bool; + default = false; + description = "Enable support for math rendering using MathJax"; + }; + + allowUploads = mkOption { + type = types.nullOr (types.enum [ "dir" "page" ]); + default = null; + description = "Enable uploads of external files"; + }; + + emoji = mkOption { + type = types.bool; + default = false; + description = "Parse and interpret emoji tags"; + }; + + branch = mkOption { + type = types.str; + default = "master"; + example = "develop"; + description = "Git branch to serve"; + }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/gollum"; + description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup."; + }; + + }; + + config = mkIf cfg.enable { + + users.users.gollum = { + group = config.users.users.gollum.name; + description = "Gollum user"; + home = cfg.stateDir; + createHome = false; + isSystemUser = true; + }; + + users.groups.gollum = { }; + + systemd.tmpfiles.rules = [ + "d '${cfg.stateDir}' - ${config.users.users.gollum.name} ${config.users.groups.gollum.name} - -" + ]; + + systemd.services.gollum = { + description = "Gollum wiki"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.git ]; + + preStart = '' + # This is safe to be run on an existing repo + git init ${cfg.stateDir} + ''; + + serviceConfig = { + User = config.users.users.gollum.name; + Group = config.users.groups.gollum.name; + ExecStart = '' + ${pkgs.gollum}/bin/gollum \ + --port ${toString cfg.port} \ + --host ${cfg.address} \ + --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \ + --ref ${cfg.branch} \ + ${optionalString cfg.mathjax "--mathjax"} \ + ${optionalString cfg.emoji "--emoji"} \ + ${optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \ + ${cfg.stateDir} + ''; + }; + }; + }; +} -- cgit v1.2.3 From e296d69e1af19d93d95668686ab47e4420b9bd3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 12 Aug 2020 22:45:52 +0100 Subject: mic92: allocate retiolum subnet for tinc --- krebs/3modules/external/mic92.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index b8aaf9900..06ee2e7bb 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -273,8 +273,12 @@ in { Pxol8FwH5+Q72bLtvg5Zva8D0Vx2U1jYSHEkRDDzaS5Z6Fus+zeZVMsCAwEAAQ== -----END RSA PUBLIC KEY----- ''; - # ohorn lan - tinc.subnets = [ "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" ]; + tinc.subnets = [ + # ohorn lan + "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" + # same prefix as `config.krebs.hosts.eve.nets.retiolum.ip6.addr` + "42:0000:3c46:70c7::/80" + ]; }; }; }; -- cgit v1.2.3 From da272bc7c33961ffd29eb694cb3ccd1a776c3e93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 13 Aug 2020 08:05:03 +0100 Subject: mic92: use subnet that does not include my server --- krebs/3modules/external/mic92.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 06ee2e7bb..58e9e6be9 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -276,8 +276,8 @@ in { tinc.subnets = [ # ohorn lan "fd42:4492:6a6d:500:8526:2adf:7451:8bbb" - # same prefix as `config.krebs.hosts.eve.nets.retiolum.ip6.addr` - "42:0000:3c46:70c7::/80" + # docker network + "42:0000:002b:1605:3::/80" ]; }; }; -- cgit v1.2.3 From 040ec5de038f0614e441e2cda85255d3eb8d7f9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 19 Aug 2020 18:55:54 +0100 Subject: mic92: update eva public key --- krebs/3modules/external/mic92.nix | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 58e9e6be9..997614e8a 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -458,14 +458,20 @@ in { "eva.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqIc+ozq3hKHMe/X3v4j+6or8LMjEV7MtQ8/+n00xpG4NkI4G38Bv - 3nmAcV7OhN6of0fr0psbBmym+2VxCZbpl8E3g1GWSKpAvlmP/9v4wDVdrADaTvXC - pzCxejtCwEhKLisnMwCMJCuUPbIsSBU+IQDPKP7NP0yY5VapgW3Xl3qXpnehCW1r - NBZjZASnhSXcJRLJayEDN6uBviYrnnfbrHOx4fPcjQPTHX5RYr3EbgGZQO9xki44 - 9dKT4EA95lupTqC3wzuQbaNpvIuVzmggiDY/NsBIVh0/2XjGnO54wtCEPudaLnWd - WNtc1wfVFB6gzgG1N7msOuFUReOIfyF/ywIDAQAB - -----END RSA PUBLIC KEY----- + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyHptaExEcSUjEJ+RH33h + uRK0Ttq8mJLDosWFYcoQkcL9S54aO9kF1gRJAKPBHoOt/IGeOxg2LNYWK6UjWfUy + LB9c42EQ1wWZ2jSJ0LJgYzjR9cp3dlo9aHSa//O6p6eLpXRo9QLf8+aIWhNW5+BG + sLIMR5b6Ngc2l8xQS+wvMmvTWJt3LyfQ6AKiKwCjeyrUFiuw0VWSn1I6n7H+CZBZ + f/UvSxLucy1e0rvbHoTITOflIAfA84iCHsHsZjVqrx1iyOMdPtY2sBPmWhtVemDo + duwzUpIuaJnWS7JOB4jsYWm672/KfzK7yAivqxD19OwqfZ3nNQ7sEDb3p4udw2Lf + 0dqHwZ5Hoj21vs3XiXX/SHcSf5QLzpj1MWBkV3r1D8I8v3P5qUbLunCofp3d9GxE + N0gK06gqbLNonJvC/WD7lxeY32Rh1wYXbzbD/X6aWe/oD8WMIl312hH4cHQHOnVT + t76NISlYTPxwX5mfFsBm8t0GjnnWY2jLwaefk7N/CwoDaKhkhmw1oeAZMuRcDRvE + 0ecpO4CZ6CcYERLxoYHgEAj3cMkSrQ8dT6XS4b9EO4hW4zCQ3RK9xDz71+uaihuB + 6uuTTsn7s0PYBJDNdccOf1Qt8fqPPgzqUKqeUciHojYDDPTC5KQh5m2PBv4I4iIR + LnKOqNUX7UCqbdaE/tfFRG0CAwEAAQ== + -----END PUBLIC KEY----- ''; }; }; -- cgit v1.2.3 From 56d529277f0e6b5677a2f444202accdf11e8f2fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 19 Aug 2020 19:45:25 +0100 Subject: eva: add public ip addresses --- krebs/3modules/external/mic92.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 997614e8a..edd5b48d9 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -451,8 +451,15 @@ in { }; eva = { owner = config.krebs.users.Mic92; - nets = { + nets = rec { + internet = { + # eva.thalheim.io + ip4.addr = "52.59.172.193"; + ip6.addr = "2a05:d014:301:a601:ef0e:5434:d814:b8ed"; + aliases = [ "eva.i" ]; + }; retiolum = { + via = internet; ip4.addr = "10.243.29.185"; aliases = [ "eva.r" -- cgit v1.2.3 From e3fdcdbadfababea9ae70e88846956ebc45e28a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 20 Aug 2020 21:16:50 +0100 Subject: mic92: lower-case user --- krebs/3modules/external/default.nix | 4 ++-- krebs/3modules/external/mic92.nix | 32 ++++++++++++++++---------------- 2 files changed, 18 insertions(+), 18 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 082dfd80f..e1667cb68 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -465,9 +465,9 @@ in { mail = "kieran.meinhardt@gmail.com"; pubkey = ssh-for "kmein"; }; - Mic92 = { + mic92 = { mail = "joerg@thalheim.io"; - pubkey = ssh-for "Mic92"; + pubkey = ssh-for "mic92"; }; qubasa = { mail = "luis.nixos@gmail.com"; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index edd5b48d9..782f8ac04 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -11,7 +11,7 @@ with import ; in { hosts = mapAttrs hostDefaults { amy = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.57"; @@ -44,7 +44,7 @@ in { }; }; clara = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.58"; @@ -77,7 +77,7 @@ in { }; }; dimitrios = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.183"; @@ -98,7 +98,7 @@ in { }; }; donna = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.54"; @@ -132,7 +132,7 @@ in { }; }; dpdkm = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { retiolum = { ip4.addr = "10.243.29.173"; @@ -156,7 +156,7 @@ in { }; }; herbert = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { retiolum = { addrs = [ @@ -179,7 +179,7 @@ in { }; }; inspector = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "141.76.44.154"; @@ -208,7 +208,7 @@ in { }; }; eddie = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eddie.thalheim.io @@ -242,7 +242,7 @@ in { }; }; eve = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eve.thalheim.io @@ -283,7 +283,7 @@ in { }; }; martha = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.53"; @@ -317,7 +317,7 @@ in { }; }; matchbox = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.176"; @@ -343,7 +343,7 @@ in { }; }; rock = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.171"; @@ -367,7 +367,7 @@ in { }; }; rose = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { ip4.addr = "129.215.165.52"; @@ -401,7 +401,7 @@ in { }; }; turingmachine = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.168"; @@ -429,7 +429,7 @@ in { }; }; harsha = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = { retiolum = { ip4.addr = "10.243.29.184"; @@ -450,7 +450,7 @@ in { }; }; eva = { - owner = config.krebs.users.Mic92; + owner = config.krebs.users.mic92; nets = rec { internet = { # eva.thalheim.io -- cgit v1.2.3 From d405f47fede42135735662b324c77ab82420baa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 21 Aug 2020 13:50:46 +0200 Subject: Mic92 -> mic92 --- krebs/3modules/external/ssh/Mic92.pub | 1 - krebs/3modules/external/ssh/mic92.pub | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 krebs/3modules/external/ssh/Mic92.pub create mode 100644 krebs/3modules/external/ssh/mic92.pub (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/ssh/Mic92.pub b/krebs/3modules/external/ssh/Mic92.pub deleted file mode 100644 index 600709c78..000000000 --- a/krebs/3modules/external/ssh/Mic92.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE diff --git a/krebs/3modules/external/ssh/mic92.pub b/krebs/3modules/external/ssh/mic92.pub new file mode 100644 index 000000000..600709c78 --- /dev/null +++ b/krebs/3modules/external/ssh/mic92.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE -- cgit v1.2.3