From 721946e1f08aaf7c0fcd913a49a6c97fb36b0282 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 27 May 2021 15:14:50 +0200 Subject: external: add nxnx.r (rtjure) --- krebs/3modules/external/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 7a2075702..123bbac47 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -563,6 +563,32 @@ in { }; }; }; + nxnx = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.126"; + aliases = [ + "nxnx.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA2JWNe54YaFM+flK3LlPwgOSgVRmZi+e+Qhc6uJYIxkQcAvJKpKJQ + 1M4h7OE7eiJLdDp/aGaHe4BuII15/0lFJwYf1Zt8E1zN54QtwuELkDgOhgkhgvVb + tO+maHh10xsQMFlhpUztEk8oQuBu5toC795nKY7lBR2o6V2dPbbVo1+qr7qArOWo + cBlshRhEDjuzJUMHLlUGu43/miWeDewAq4O7U/nNNEz/v8KbESqP9HtTjelAeWz6 + zGha8hSn+Snkt76kP15drgn1L8MMFvnm5EeJ5VkehnpOi8Vi9Yqln+VGwlvbhEdK + ST0gxNBKoSvLITS1P/ypfiEXARUOffgq+kLA2Hyet0DfBjCMD+WkTBlj1QyXLs10 + 3/xBntlOQqBcLIdpi/yRs7miyQlyblqsyiQOCukIvibdHB1RLdVBhUE3A7hgw4R+ + +3ug/mQR+fDOpNB/sOkorcTVgA04KENUHc+6OqA0dvoAYr8l7N4+az3AtyHDNr5x + 4otjxOq4fmu80sbm5Ry9SoNYMc4fOuWIZDHZ/ntDKqzHw3BaNB9vNkpKj22nArI4 + cwAMPPJMJJ+Ef7tIzZ+NKtPudqztoLa5AYNllV7K9gS6NG0Yzk6iIQ42bKgfsZFn + 9AkCdv8EycNIAIbBomPv2XIKYlKs3RfWEjRcSl3TQl4b3bilCicgnLECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { -- cgit v1.2.3 From 3b601871b7b73c917275ac4f0a19c575a7744b7f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 1 Jun 2021 19:05:58 +0200 Subject: external: add nxnv (rtjure) --- krebs/3modules/external/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 123bbac47..31cd9e2c3 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -589,6 +589,32 @@ in { }; }; }; + nxnv = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.127"; + aliases = [ + "nxnv.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB + ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt + NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp + wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt + 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT + eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy + S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/ + 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN + ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW + 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila + jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { -- cgit v1.2.3 From f558f1bc0c779cc310ff8a712d4f178db73de6ef Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 2 Jun 2021 00:11:38 +0200 Subject: *: set isSystemUser or isNormalUser This is a requirement for nixpkgs 21.05, or else evaluation will fail with: Exactly one of users.users.${name}.isSystemUser and users.users.${name}.isNormalUser must be set. --- krebs/3modules/exim.nix | 1 + krebs/3modules/git.nix | 2 ++ krebs/3modules/htgen.nix | 1 + krebs/3modules/tinc.nix | 1 + 4 files changed, 5 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 83d88cb0d..972c7f437 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -78,6 +78,7 @@ in { inherit (cfg.user) home name uid; createHome = true; group = cfg.group.name; + isSystemUser = true; }; }; }; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 4eb881341..d31d91b7c 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -366,6 +366,7 @@ let # To allow running cgit-clear-cache via hooks. cfg.cgit.fcgiwrap.group.name ]; + isSystemUser = true; shell = "/bin/sh"; openssh.authorizedKeys.keys = unique @@ -384,6 +385,7 @@ let users.${cfg.cgit.fcgiwrap.user.name} = { inherit (cfg.cgit.fcgiwrap.user) home name uid; group = cfg.cgit.fcgiwrap.group.name; + isSystemUser = true; }; }; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 70c4fcd2b..063bccc68 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -66,6 +66,7 @@ let nameValuePair htgen.user.name { inherit (htgen.user) home name uid; createHome = true; + isSystemUser = true; } ) cfg; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 4252c8d3b..a8a78a43e 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -236,6 +236,7 @@ let nameValuePair "${netname}" { inherit (cfg.user) home name uid; createHome = true; + isSystemUser = true; } ) config.krebs.tinc; -- cgit v1.2.3 From a400657702a75f928aae7ee5328068a3c8331d27 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 Jun 2021 20:15:42 +0200 Subject: fetchWallpaper: set isSystemUser --- krebs/3modules/fetchWallpaper.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e89b86e32..852c8f630 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -57,6 +57,7 @@ let description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; + isSystemUser = true; }; systemd.timers.fetchWallpaper = { -- cgit v1.2.3 From 26a1458a032531ac51a4b4f984a7efe152a121de Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 13:12:18 +0200 Subject: brockman: isSystemUser --- krebs/3modules/brockman.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 9b2ed4a71..7a78880ea 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -12,7 +12,7 @@ in { users.extraUsers.brockman = { home = "/var/lib/brockman"; createHome = true; - isNormalUser = false; + isSystemUser = true; uid = genid_uint31 "brockman"; }; -- cgit v1.2.3 From 47f3dd93452ed40f4fef64b7bcb327d379c499a2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:15:10 +0200 Subject: buildbot: isSystemUser --- krebs/3modules/buildbot/master.nix | 1 + krebs/3modules/buildbot/slave.nix | 1 + 2 files changed, 2 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 8995753ac..a845bb281 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -322,6 +322,7 @@ let description = "Buildbot Master"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotMaster = { diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index c15169fba..d877b9911 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -131,6 +131,7 @@ let description = "Buildbot Slave"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotSlave = { -- cgit v1.2.3 From 8b3cd5aef173520cbea8967a3beae807e508943b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:15:30 +0200 Subject: github-hosts-sync: isSystemUser --- krebs/3modules/github-hosts-sync.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 7d618ebfd..2aa26fa2b 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -72,6 +72,7 @@ let mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; uid = genid_uint31 name; + isSystemUser = true; }; # TODO move to lib? -- cgit v1.2.3 From b9d9b711b89a1d5a8eba6e2a68a8bffd454496c7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:45:43 +0200 Subject: github-hosts-sync: set isSystemUser at correct location --- krebs/3modules/github-hosts-sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 2aa26fa2b..d385ec355 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -65,6 +65,7 @@ let users.users.${user.name} = { inherit (user) uid; home = cfg.dataDir; + isSystemUser = true; }; }; @@ -72,7 +73,6 @@ let mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; uid = genid_uint31 name; - isSystemUser = true; }; # TODO move to lib? -- cgit v1.2.3 From f21ebcf4dc6a15779f0b5410fa7af295d1858411 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:52:48 +0200 Subject: bepasty-server: isSystemUser --- krebs/3modules/bepasty-server.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index ffa9a29e9..051646b63 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -146,6 +146,7 @@ let uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; + isSystemUser = true; }; users.extraGroups.bepasty = { gid = genid_uint31 "bepasty"; -- cgit v1.2.3 From a9f43dff4997510e8845286aabc0f0f059fa459a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:56:41 +0200 Subject: realwallpaper: isSystemUser --- krebs/3modules/realwallpaper.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 86b74a8ca..76f333963 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -60,6 +60,7 @@ let uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; + isSystemUser = true; }; }; -- cgit v1.2.3 From 7fa69b3399d8b52526928df81b2a6cad3f931a28 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:57:08 +0200 Subject: tinc_graphs: isSystemUser --- krebs/3modules/tinc_graphs.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 33a24871f..19cce8aa4 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -127,6 +127,7 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; + isSystemUser = true; }; services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; -- cgit v1.2.3 From e044c3121ac1f886eab15a350c4ab9fd909716e9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:08:59 +0200 Subject: ma: isSystemUser everything --- krebs/3modules/airdcpp.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 56fb31795..0ac9d3350 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -268,6 +268,7 @@ let uid = genid "airdcpp"; home = cfg.stateDir; createHome = true; + isSystemUser = true; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; -- cgit v1.2.3 From eb801fa458de69cfecafe172b178838f2cd97d08 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 15:52:49 +0200 Subject: module urlwatch: add isSystemUser --- krebs/3modules/urlwatch.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 0b7a71db5..6a159a5b2 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -193,6 +193,7 @@ let inherit (user) uid; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; }; -- cgit v1.2.3