From 0b5b4b8eab751d0d1d32573c6f69d08a82b4af1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 23 Jan 2021 18:09:13 +0100 Subject: l green.r: setup with sync-containers --- lass/1systems/green/config.nix | 71 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 69 insertions(+), 2 deletions(-) (limited to 'lass/1systems/green') diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 0b4b50ee4..d7683ff5f 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -9,13 +9,80 @@ with import ; + + + + + + ]; krebs.build.host = config.krebs.hosts.green; - #networking.nameservers = [ "1.1.1.1" ]; + users.users.mainUser.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-android.pubkey + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel + ]; + + lass.bindfs = { + "/home/lass/.weechat" = { + source = "/var/state/lass_weechat"; + options = [ + "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" + "--create-for-user=${toString config.users.users.syncthing.uid}" + ]; + }; + "/home/lass/Maildir" = { + source = "/var/state/lass_mail"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + }; + "/home/lass/sync" = { + source = "/var/state/lass_sync"; + options = [ + "-M ${concatMapStringsSep ":" (u: toString config.users.users.${u}.uid) [ "syncthing" "mainUser" ]}" + "--create-for-user=${toString config.users.users.syncthing.uid}" + ]; + }; + "/var/lib/bitlbee" = { + source = "/var/state/bitlbee"; + options = [ + "-M ${toString config.users.users.bitlbee.uid}" + ]; + clearTarget = true; + }; + "/home/lass/.ssh" = { + source = "/var/state/lass_ssh"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + clearTarget = true; + }; + "/home/lass/.gnupg" = { + source = "/var/state/lass_gnupg"; + options = [ + "-M ${toString config.users.users.mainUser.uid}" + ]; + clearTarget = true; + }; + }; - #time.timeZone = "Europe/Berlin"; + systemd.services."bindfs-_home_lass_Maildir".serviceConfig.ExecStartPost = pkgs.writeDash "symlink-notmuch" '' + sleep 1 + mkdir -p /home/lass/notmuch + chown lass: /home/lass/notmuch + ln -sfTr /home/lass/notmuch /home/lass/Maildir/.notmuch + + mkdir -p /home/lass/notmuch/muchsync + chown lass: /home/lass/notmuch/muchsync + mkdir -p /home/lass/Maildir/.muchsync + ln -sfTr /home/lass/Maildir/.muchsync /home/lass/notmuch/muchsync/tmp + ''; + + krebs.iptables.tables.nat.PREROUTING.rules = [ + { predicate = "-i eth0 -p tcp -m tcp --dport 22"; target = "ACCEPT"; precedence = 101; } + ]; } -- cgit v1.3.1 From cefb50f5f1509c06f92453e09fb63ad71a746fe0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 24 Jan 2021 11:26:39 +0100 Subject: bindfs: l -> krebs --- krebs/3modules/bindfs.nix | 61 ++++++++++++++++++++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + lass/1systems/green/config.nix | 2 +- lass/3modules/bindfs.nix | 61 ------------------------------------------ lass/3modules/default.nix | 1 - 5 files changed, 63 insertions(+), 63 deletions(-) create mode 100644 krebs/3modules/bindfs.nix delete mode 100644 lass/3modules/bindfs.nix (limited to 'lass/1systems/green') diff --git a/krebs/3modules/bindfs.nix b/krebs/3modules/bindfs.nix new file mode 100644 index 000000000..7e3730e86 --- /dev/null +++ b/krebs/3modules/bindfs.nix @@ -0,0 +1,61 @@ +with import ; +{ config, pkgs, ... }: +let + cfg = config.krebs.bindfs; +in { + options.krebs.bindfs = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + target = mkOption { + description = '' + destination where bindfs mounts to. + second positional argument to bindfs. + ''; + default = config._module.args.name; + type = types.absolute-pathname; + }; + source = mkOption { + description = '' + source folder where the mounted directory is originally. + first positional argument to bindfs. + ''; + type = types.absolute-pathname; + }; + options = mkOption { + description = '' + additional arguments to bindfs + ''; + type = types.listOf types.str; + default = []; + }; + clearTarget = mkOption { + description = '' + whether to clear the target folder before mounting + ''; + type = types.bool; + default = false; + }; + }; + })); + default = {}; + }; + + config = mkIf (cfg != {}) { + systemd.services = mapAttrs' (n: mount: let + name = replaceStrings [ "/" ] [ "_" ] n; + in nameValuePair "bindfs-${name}" { + wantedBy = [ "local-fs.target" ]; + path = [ pkgs.coreutils ]; + serviceConfig = { + ExecStartPre = pkgs.writeDash "bindfs-init-${name}" '' + ${optionalString mount.clearTarget '' + rm -rf '${mount.target}' + ''} + mkdir -p '${mount.source}' + mkdir -p '${mount.target}' + ''; + ExecStart = "${pkgs.bindfs}/bin/bindfs -f ${concatStringsSep " " mount.options} ${mount.source} ${mount.target}"; + }; + }) cfg; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 285db40f9..e7d04ead8 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -11,6 +11,7 @@ let ./apt-cacher-ng.nix ./backup.nix ./bepasty-server.nix + ./bindfs.nix ./brockman.nix ./buildbot/master.nix ./buildbot/slave.nix diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index d7683ff5f..fbd2d223f 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -26,7 +26,7 @@ with import ; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel ]; - lass.bindfs = { + krebs.bindfs = { "/home/lass/.weechat" = { source = "/var/state/lass_weechat"; options = [ diff --git a/lass/3modules/bindfs.nix b/lass/3modules/bindfs.nix deleted file mode 100644 index c489ef163..000000000 --- a/lass/3modules/bindfs.nix +++ /dev/null @@ -1,61 +0,0 @@ -with import ; -{ config, pkgs, ... }: -let - cfg = config.lass.bindfs; -in { - options.lass.bindfs = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - target = mkOption { - description = '' - destination where bindfs mounts to. - second positional argument to bindfs. - ''; - default = config._module.args.name; - type = types.absolute-pathname; - }; - source = mkOption { - description = '' - source folder where the mounted directory is originally. - first positional argument to bindfs. - ''; - type = types.absolute-pathname; - }; - options = mkOption { - description = '' - additional arguments to bindfs - ''; - type = types.listOf types.str; - default = []; - }; - clearTarget = mkOption { - description = '' - whether to clear the target folder before mounting - ''; - type = types.bool; - default = false; - }; - }; - })); - default = {}; - }; - - config = mkIf (cfg != {}) { - systemd.services = mapAttrs' (n: mount: let - name = replaceStrings [ "/" ] [ "_" ] n; - in nameValuePair "bindfs-${name}" { - wantedBy = [ "local-fs.target" ]; - path = [ pkgs.coreutils ]; - serviceConfig = { - ExecStartPre = pkgs.writeDash "bindfs-init-${name}" '' - ${optionalString mount.clearTarget '' - rm -rf '${mount.target}' - ''} - mkdir -p '${mount.source}' - mkdir -p '${mount.target}' - ''; - ExecStart = "${pkgs.bindfs}/bin/bindfs -f ${concatStringsSep " " mount.options} ${mount.source} ${mount.target}"; - }; - }) cfg; - }; -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 9f8ae98e5..1ce88b238 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,7 +1,6 @@ _: { imports = [ - ./bindfs.nix ./dnsmasq.nix ./folderPerms.nix ./hosts.nix -- cgit v1.3.1