makefu:rename to user-toplevel structure

1systems/pnp.nix

@@ -0,0 +1,47 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+      ../../2configs/makefu/base.nix
+      ../../2configs/makefu/cgit-retiolum.nix
+    ];
+  krebs.build.host = config.krebs.hosts.pnp;
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  hardware.enableAllFirmware = true;
+  hardware.cpu.amd.updateMicrocode = true;
+
+# networking.firewall is enabled by default
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  fileSystems."/" =
+  { device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+  krebs.retiolum = {
+    enable = true;
+    hosts = ../../Zhosts;
+    connectTo = [
+      "gum"
+      "pigstarter"
+      "fastpoke"
+    ];
+  };
+
+# $ nix-env -qaP | grep wget
+    environment.systemPackages = with pkgs; [
+      jq
+    ];
+}

2configs/base.nix

@@ -0,0 +1,99 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+  imports = [ ];
+  krebs.enable = true;
+  krebs.search-domain = "retiolum";
+
+  networking.hostName = config.krebs.build.host.name;
+  users.extraUsers = {
+    root = {
+        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+    };
+    makefu = {
+      uid = 9001;
+      group = "users";
+      home = "/home/makefu";
+      createHome = true;
+      useDefaultShell = true;
+      extraGroups = [
+        "wheel"
+      ];
+        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
+    };
+  };
+
+  services.openssh.enable = true;
+  nix.useChroot = true;
+
+  users.mutableUsers = true;
+
+  boot.tmpOnTmpfs = true;
+  systemd.tmpfiles.rules = [
+    "d /tmp 1777 root root - -"
+  ];
+
+  environment.extraInit = ''
+    EDITOR=vim
+    '';
+
+  environment.systemPackages = with pkgs; [
+      git
+      vim
+      gnumake
+      rxvt_unicode.terminfo
+  ];
+
+  programs.bash = {
+    enableCompletion = true;
+    interactiveShellInit = ''
+      HISTCONTROL='erasedups:ignorespace'
+      HISTSIZE=900001
+      HISTFILESIZE=$HISTSIZE
+
+      shopt -s checkhash
+      shopt -s histappend histreedit histverify
+      shopt -s no_empty_cmd_completion
+      complete -d cd
+      '';
+
+    promptInit = ''
+      case $UID in
+         0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;;
+      9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;;
+         *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;;
+      esac
+      if test -n "$SSH_CLIENT"; then
+        PS1='\[\033[35m\]\h'" $PS1"
+      fi
+      '';
+  };
+
+  environment.shellAliases = {
+    lsl = "ls -lAtr";
+  };
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    nano = pkgs.runCommand "empty" {} "mkdir -p $out";
+  };
+
+  services.cron.enable = false;
+  services.nscd.enable = false;
+
+  security.setuidPrograms = [ "sendmail" ];
+  services.journald.extraConfig = ''
+    SystemMaxUse=1G
+    RuntimeMaxUse=128M
+    '';
+  # Enable IPv6 Privacy Extensions
+  boot.kernel.sysctl = {
+    "net.ipv6.conf.all.use_tempaddr" = 2;
+    "net.ipv6.conf.default.use_tempaddr" = 2;
+  };
+
+  i18n = {
+    consoleKeyMap = "us";
+    defaultLocale = "en_US.UTF-8";
+  };
+}

2configs/cgit-retiolum.nix

@@ -0,0 +1,70 @@
+{ config, lib, pkgs, ... }:
+# TODO: remove tv lib :)
+with import ../../4lib/tv { inherit lib pkgs; };
+let
+
+  out = {
+    imports = [ ../../3modules/krebs/git.nix ];
+    krebs.git = {
+      enable = true;
+      root-title = "public repositories ";
+      root-desc = "keep on krebsing";
+      inherit repos rules;
+    };
+  };
+  repos = priv-repos // krebs-repos ;
+  rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
+
+  krebs-repos = mapAttrs make-krebs-repo {
+    stockholm = {
+      desc = "take all the computers hostage, they'll love you!";
+    };
+  };
+
+  priv-repos = mapAttrs make-priv-repo {
+    autosync = { };
+  };
+
+
+  # TODO move users to separate module
+  make-priv-repo = name: { desc ? null, ... }: {
+    inherit name desc;
+    public = false;
+  };
+
+  make-krebs-repo = with git; name: { desc ? null, ... }: {
+    inherit name desc;
+    public = true;
+    hooks = {
+      post-receive = git.irc-announce {
+        nick = config.networking.hostName;
+        channel = "#retiolum";
+        server = "cd.retiolum";
+      };
+    };
+  };
+
+  set-owners = with git; repo: user:
+      singleton {
+        inherit user;
+        repo = [ repo ];
+        perm = push "refs/*" [ non-fast-forward create delete merge ];
+      };
+
+  set-ro-access = with git; repo: user:
+      optional repo.public {
+        inherit user;
+        repo = [ repo ];
+        perm = fetch;
+      };
+
+  # TODO: get the list of all krebsministers
+  krebsminister = with config.krebs.users; [ lass tv uriel ];
+
+  priv-rules = with config.krebs.users; repo:
+    set-owners repo [ makefu ];
+
+  krebs-rules = with config.krebs.users; repo:
+    set-owners repo [ makefu ] ++ set-ro-access repo krebsminister ;
+
+in out

3modules/default.nix

@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+
+with import ../../4lib/krebs { inherit lib; };
+let
+  cfg = config.krebs;
+
+  out = {
+    imports = [
+    ];
+    options.krebs = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = { };
+
+  imp = { };
+
+in
+out