From 73b073c3fe037f31e05828a1071c9b4b19f7a2ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 1 Jun 2017 12:49:21 +0200 Subject: lass: RIP helios --- krebs/3modules/lass/default.nix | 30 -------- krebs/3modules/lass/ssh/helios.rsa | 1 - lass/1systems/dishfire.nix | 1 - lass/1systems/helios.nix | 130 ---------------------------------- lass/2configs/backups.nix | 24 ------- lass/2configs/buildbot-standalone.nix | 2 +- lass/2configs/downloading.nix | 1 - lass/2configs/exim-smarthost.nix | 1 - lass/2configs/logf.nix | 1 - 9 files changed, 1 insertion(+), 190 deletions(-) delete mode 100644 krebs/3modules/lass/ssh/helios.rsa delete mode 100644 lass/1systems/helios.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0e1cbd876..05b7b5078 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -224,32 +224,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; - helios = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.0.3"; - ip6.addr = "42:0:0:0:0:0:0:7105"; - aliases = [ - "helios.r" - "cgit.helios.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y - Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq - 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I - oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB - hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP - Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - secure = true; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7"; - }; shodan = { cores = 2; nets = { @@ -339,10 +313,6 @@ with import ; mail = "lass@uriel.r"; pubkey = builtins.readFile ./ssh/uriel.rsa; }; - lass-helios = { - mail = "lass@helios.r"; - pubkey = builtins.readFile ./ssh/helios.rsa; - }; lass-shodan = { mail = "lass@shodan.r"; pubkey = builtins.readFile ./ssh/shodan.rsa; diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa deleted file mode 100644 index c2a54b621..000000000 --- a/krebs/3modules/lass/ssh/helios.rsa +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index 9c77f909d..e12367aca 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -70,7 +70,6 @@ relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel - config.krebs.hosts.helios ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix deleted file mode 100644 index 99760dfdb..000000000 --- a/lass/1systems/helios.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ config, pkgs, ... }: - -with builtins; -with import ; - -{ - imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/exim-retiolum.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/git.nix - ../2configs/pass.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - - #{ - # # conflicting stuff with gnome setup - # # TODO: fix this - # imports = [ - # ../2configs/baseX.nix - # ]; - #} - { - # gnome3 for suja - time.timeZone = "Europe/Berlin"; - services.xserver.enable = true; - services.xserver.desktopManager.xfce.enable = true; - networking.wireless.enable = true; - hardware.pulseaudio = { - enable = true; - systemWide = true; - }; - users.users.ferret = { - uid = genid "ferret"; - home = "/home/ferret"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - hashedPassword = "$6$SaneLuyep90p8BPn$0IDbvLgNbRGZL96obWavanTmY6IkBG84vs2b/2oqlpbmTZH3retOYbQKF1uVqu6dD0ZGF4eBq9tqPbwUjRyY00"; - }; - environment.systemPackages = with pkgs; [ - firefox - chromium - maven - arandr - libreoffice - mpv - ]; - } - #{ - # users.extraUsers = { - # root = { - # openssh.authorizedKeys.keys = map readFile [ - # ../../krebs/Zpubkeys/uriel.ssh.pub - # ]; - # }; - # }; - #} - #{ - # services.elasticsearch = { - # enable = true; - # }; - #} - { - krebs.power-action.battery = "BAT1"; - } - ]; - - krebs.build.host = config.krebs.hosts.helios; - - - hardware.enableAllFirmware = true; - nixpkgs.config.allowUnfree = true; - - boot = { - loader.grub.enable = true; - loader.grub.version = 2; - loader.grub.device = "/dev/sda"; - - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; - initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; - kernelModules = [ "msr" ]; - }; - fileSystems = { - "/" = { - device = "/dev/pool/nix"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/sda1"; - }; - - "/home" = { - device = "/dev/pool/home"; - fsType = "ext4"; - }; - - "/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; - "/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; - }; - - #services.udev.extraRules = '' - # SUBSYSTEM=="net", ATTR{address}=="64:27:37:7d:d8:ae", NAME="wl0" - # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" - #''; - - services.xserver.synaptics = { - enable = true; - twoFingerScroll = true; - accelFactor = "0.035"; - additionalOptions = '' - Option "FingerHigh" "60" - Option "FingerLow" "60" - ''; - }; -} diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix index 22b48f6e8..b20e15dd9 100644 --- a/lass/2configs/backups.nix +++ b/lass/2configs/backups.nix @@ -107,29 +107,5 @@ with import ; dst = { host = config.krebs.hosts.shodan; path = "/bku/mors-home"; }; startAt = "05:00"; }; - dishfire-http-helios = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-http"; }; - startAt = "12:00"; - }; - dishfire-sql-helios = { - method = "pull"; - src = { host = config.krebs.hosts.dishfire; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/dishfire-sql"; }; - startAt = "12:15"; - }; - prism-sql-helios = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/bku/sql_dumps"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/prism-sql_dumps"; }; - startAt = "12:30"; - }; - prism-http-helios = { - method = "pull"; - src = { host = config.krebs.hosts.prism; path = "/srv/http"; }; - dst = { host = config.krebs.hosts.helios; path = "/bku/prism-http"; }; - startAt = "12:45"; - }; }; } diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 62b823c3f..227152482 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -113,7 +113,7 @@ in { ] ) - for i in [ "mors", "uriel", "shodan", "helios", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: + for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: addShell(f,name="build-{}".format(i),env=env_lass, command=nixshell + \ ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index eb9575018..d32262810 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -15,7 +15,6 @@ with import ; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-shodan.pubkey - lass-helios.pubkey lass-icarus.pubkey makefu.pubkey ]; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 3353cdac0..b8d00e7d4 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -16,7 +16,6 @@ with import ; relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ config.krebs.hosts.mors config.krebs.hosts.uriel - config.krebs.hosts.helios ]; internet-aliases = with config.krebs.users; [ { from = "postmaster@lassul.us"; to = lass.mail; } # RFC 822 diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix index 3c4948db1..03414a745 100644 --- a/lass/2configs/logf.nix +++ b/lass/2configs/logf.nix @@ -8,7 +8,6 @@ let shodan = "51"; icarus = "53"; echelon = "197"; - helios = "199"; cloudkrebs = "119"; }; in { -- cgit v1.2.3 From 4f58b884dda57db8106768a22a206d6605d6e3e5 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 2 Jun 2017 03:58:13 +0200 Subject: krebsco.de MX: cd -> ni --- krebs/3modules/tv/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 0db686005..6e5f522dc 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -77,9 +77,7 @@ with import ; extraZones = { # TODO generate krebsco.de zone from nets and don't use extraZones at all "krebsco.de" = '' - krebsco.de. 60 IN MX 5 mx23 cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} ''; }; nets = { @@ -212,6 +210,7 @@ with import ; ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} + krebsco.de. 60 IN MX 5 ni ''; }; nets = { -- cgit v1.2.3 From c68fe5f5b59bb598f5b4443f821586c7bb316ba1 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 4 Jun 2017 08:56:32 +0200 Subject: tv/xu krebszones: add sane defaults --- tv/1systems/xu.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 60d1af23e..288373fc9 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -46,6 +46,18 @@ with import ; texlive.combined.scheme-full tmux + (pkgs.writeDashBin "krebszones" '' + set -efu + export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf + case $* in + import) + set -- import /etc/zones/krebsco.de krebsco.de + echo "+ krebszones $*" >&2 + ;; + esac + exec ${pkgs.krebszones}/bin/ovh-zone "$@" + '') + #ack #apache-httpd #ascii -- cgit v1.2.3 From 99a5c110ac4f5056db66f5d229496508ec85dacd Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 4 Jun 2017 09:07:59 +0200 Subject: tv gitconfig: init --- tv/1systems/nomic.nix | 2 +- tv/1systems/wu.nix | 2 +- tv/1systems/xu.nix | 2 +- tv/1systems/zu.nix | 2 +- tv/2configs/git.nix | 137 ---------------------------------------------- tv/2configs/gitconfig.nix | 19 +++++++ tv/2configs/gitrepos.nix | 137 ++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 160 insertions(+), 141 deletions(-) delete mode 100644 tv/2configs/git.nix create mode 100644 tv/2configs/gitconfig.nix create mode 100644 tv/2configs/gitrepos.nix diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 5469fffd5..9b9502254 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -9,7 +9,7 @@ with import ; ../. ../2configs/hw/x220.nix ../2configs/exim-retiolum.nix - ../2configs/git.nix + ../2configs/gitrepos.nix ../2configs/im.nix ../2configs/mail-client.nix ../2configs/nginx/public_html.nix diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 328e71fdc..60f9fa100 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -9,7 +9,7 @@ with import ; ../. ../2configs/hw/w110er.nix ../2configs/exim-retiolum.nix - ../2configs/git.nix + ../2configs/gitrepos.nix ../2configs/im.nix ../2configs/mail-client.nix ../2configs/man.nix diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 288373fc9..0a15ba838 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -9,7 +9,7 @@ with import ; ../. ../2configs/hw/x220.nix ../2configs/exim-retiolum.nix - ../2configs/git.nix + ../2configs/gitrepos.nix ../2configs/mail-client.nix ../2configs/man.nix ../2configs/nginx/public_html.nix diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index b1b2d58ce..5552ef065 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -15,7 +15,7 @@ with import ; ../. ../2configs/hw/x220.nix ../2configs/exim-retiolum.nix - ../2configs/git.nix + ../2configs/gitrepos.nix ../2configs/mail-client.nix ../2configs/man.nix ../2configs/nginx/public_html.nix diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix deleted file mode 100644 index 13b12986c..000000000 --- a/tv/2configs/git.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; - -let { - - body = { - krebs.git = { - enable = true; - cgit = { - settings = { - root-title = "repositories at ${config.krebs.build.host.name}"; - root-desc = "mostly krebs"; - }; - }; - repos = repos; - rules = rules; - }; - }; - - repos = - public-repos // - optionalAttrs config.krebs.build.host.secure restricted-repos; - - rules = concatMap make-rules (attrValues repos); - - public-repos = mapAttrs make-public-repo ({ - } // mapAttrs (_: recursiveUpdate { cgit.section = "1. miscellaneous"; }) { - cac-api = { - cgit.desc = "CloudAtCost API command line interface"; - }; - dic = { - cgit.desc = "dict.leo.org command line interface"; - }; - get = {}; - hstool = { - cgit.desc = "Haskell Development Environment ^_^"; - }; - htgen = { - cgit.desc = "toy HTTP server"; - }; - kirk = { - cgit.desc = "IRC tools"; - }; - load-env = {}; - loldns = { - cgit.desc = "toy DNS server"; - }; - make-snapshot = {}; - much = {}; - netcup = { - cgit.desc = "netcup command line interface"; - }; - populate = { - cgit.desc = "source code installer"; - }; - q = {}; - regfish = {}; - soundcloud = { - cgit.desc = "SoundCloud command line interface"; - }; - stockholm = { - cgit.desc = "NixOS configuration"; - }; - } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) { - ni = { - }; - } // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) { - blessings = {}; - mime = {}; - quipper = {}; - scanner = {}; - wai-middleware-time = {}; - web-routes-wai-custom = {}; - xintmap = {}; - xmonad-stockholm = {}; - } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) { - cgserver = {}; - crude-mail-setup = {}; - dot-xmonad = {}; - hirc = {}; - make-snapshot = {}; - nixos-infest = {}; - painload = {}; - push = {}; - with-tmpdir = {}; - }); - - restricted-repos = mapAttrs make-restricted-repo ( - { - brain = { - collaborators = with config.krebs.users; [ lass makefu ]; - }; - } // - # TODO don't put secrets/repos.nix into the store - import { inherit config lib pkgs; } - ); - - make-public-repo = name: { cgit ? {}, ... }: { - inherit cgit name; - public = true; - hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; - verbose = true; - }; - }; - }; - - make-restricted-repo = name: { collaborators ? [], ... }: { - inherit collaborators name; - public = false; - }; - - make-rules = - with git // config.krebs.users; - repo: - singleton { - user = [ tv tv-xu ]; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ - optional (repo.collaborators or [] != []) { - user = repo.collaborators; - repo = [ repo ]; - perm = fetch; - }; - -} diff --git a/tv/2configs/gitconfig.nix b/tv/2configs/gitconfig.nix new file mode 100644 index 000000000..771a4b2a4 --- /dev/null +++ b/tv/2configs/gitconfig.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: + +with import ; + +{ + environment.etc.gitconfig.text = '' + [alias] + patch = !${pkgs.git}/bin/git --no-pager diff --no-color + [diff-so-fancy] + markEmptyLines = false + stripLeadingSymbols = false + [pager] + diff = ${pkgs.gitAndTools.diff-so-fancy}/bin/diff-so-fancy \ + | ${pkgs.less}/bin/less -FRX + [user] + email = tv@krebsco.de + name = tv + ''; +} diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix new file mode 100644 index 000000000..13b12986c --- /dev/null +++ b/tv/2configs/gitrepos.nix @@ -0,0 +1,137 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let { + + body = { + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "repositories at ${config.krebs.build.host.name}"; + root-desc = "mostly krebs"; + }; + }; + repos = repos; + rules = rules; + }; + }; + + repos = + public-repos // + optionalAttrs config.krebs.build.host.secure restricted-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo ({ + } // mapAttrs (_: recursiveUpdate { cgit.section = "1. miscellaneous"; }) { + cac-api = { + cgit.desc = "CloudAtCost API command line interface"; + }; + dic = { + cgit.desc = "dict.leo.org command line interface"; + }; + get = {}; + hstool = { + cgit.desc = "Haskell Development Environment ^_^"; + }; + htgen = { + cgit.desc = "toy HTTP server"; + }; + kirk = { + cgit.desc = "IRC tools"; + }; + load-env = {}; + loldns = { + cgit.desc = "toy DNS server"; + }; + make-snapshot = {}; + much = {}; + netcup = { + cgit.desc = "netcup command line interface"; + }; + populate = { + cgit.desc = "source code installer"; + }; + q = {}; + regfish = {}; + soundcloud = { + cgit.desc = "SoundCloud command line interface"; + }; + stockholm = { + cgit.desc = "NixOS configuration"; + }; + } // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) { + ni = { + }; + } // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) { + blessings = {}; + mime = {}; + quipper = {}; + scanner = {}; + wai-middleware-time = {}; + web-routes-wai-custom = {}; + xintmap = {}; + xmonad-stockholm = {}; + } // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) { + cgserver = {}; + crude-mail-setup = {}; + dot-xmonad = {}; + hirc = {}; + make-snapshot = {}; + nixos-infest = {}; + painload = {}; + push = {}; + with-tmpdir = {}; + }); + + restricted-repos = mapAttrs make-restricted-repo ( + { + brain = { + collaborators = with config.krebs.users; [ lass makefu ]; + }; + } // + # TODO don't put secrets/repos.nix into the store + import { inherit config lib pkgs; } + ); + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + hooks = optionalAttrs (config.krebs.build.host.name == "ni") { + post-receive = pkgs.git-hooks.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "ni.r"; + verbose = true; + }; + }; + }; + + make-restricted-repo = name: { collaborators ? [], ... }: { + inherit collaborators name; + public = false; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ tv tv-xu ]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (repo.collaborators or [] != []) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +} -- cgit v1.2.3 From d18eb5ccd1ec6cc0b7797ac72d8bb258689a544b Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 4 Jun 2017 09:18:43 +0200 Subject: xu: add gitconfig --- tv/1systems/xu.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 0a15ba838..bfd59531a 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -9,6 +9,7 @@ with import ; ../. ../2configs/hw/x220.nix ../2configs/exim-retiolum.nix + ../2configs/gitconfig.nix ../2configs/gitrepos.nix ../2configs/mail-client.nix ../2configs/man.nix -- cgit v1.2.3 From 1ebd26d96de5714f35f31fcefc89cbb414c21093 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 6 Jun 2017 14:27:42 +0200 Subject: l 2 nixpkgs: f8dfdd7 -> 8804775 --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index a3916a2ea..60c942367 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "f8dfdd7"; + ref = "8804775"; }; } -- cgit v1.2.3