{2 tv git -> 3 krebs}.users

This commit is contained in:
tv 2015-07-24 20:48:00 +02:00
parent 54becaa19f
commit a62be1cef8
6 changed files with 71 additions and 42 deletions

View file

@ -1,4 +1,5 @@
{ config, lib, pkgs, ... }:
with import ../../4lib/tv { inherit lib pkgs; };
let
@ -7,7 +8,7 @@ let
enable = true;
root-title = "public repositories at ${config.tv.identity.self.name}";
root-desc = "keep calm and engage";
inherit repos rules users;
inherit repos rules;
};
};
@ -43,20 +44,12 @@ let
restricted-repos = mapAttrs make-restricted-repo (
{
brain = {
collaborators = with users; [ lass makefu ];
collaborators = with config.krebs.users; [ lass makefu ];
};
} //
import /root/src/secrets/repos.nix { inherit config lib pkgs users; }
import /root/src/secrets/repos.nix { inherit config lib pkgs; }
);
# TODO move users to separate module
users = mapAttrs make-user {
tv = ../../Zpubkeys/tv_wu.ssh.pub;
lass = ../../Zpubkeys/lass.ssh.pub;
uriel = ../../Zpubkeys/uriel.ssh.pub;
makefu = ../../Zpubkeys/makefu.ssh.pub;
};
make-public-repo = name: { desc ? null, ... }: {
inherit name desc;
public = true;
@ -77,7 +70,7 @@ let
};
make-rules =
with git // users;
with git // config.krebs.users;
repo:
singleton {
user = tv;
@ -95,9 +88,4 @@ let
perm = fetch;
};
make-user = name: pubkey-file: {
inherit name;
pubkey = readFile pubkey-file;
};
in out

View file

@ -1,11 +1,43 @@
_:
{ config, lib, ... }:
{
imports = [
./github-hosts-sync.nix
./git.nix
./nginx.nix
./retiolum.nix
./urlwatch.nix
];
}
with import ../../4lib/krebs { inherit lib; };
let
cfg = config.krebs;
out = {
imports = [
./github-hosts-sync.nix
./git.nix
./nginx.nix
./retiolum.nix
./urlwatch.nix
];
options.krebs = api;
config = mkIf cfg.enable imp;
};
api = {
users = mkOption {
type = with types; attrsOf user;
default = addNames {
lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
};
makefu = {
pubkey = readFile ../../Zpubkeys/makefu.ssh.pub;
};
tv = {
pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
};
uriel = {
pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
};
};
};
};
imp = {
};
in
out

View file

@ -6,8 +6,7 @@
# TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow)
with builtins;
with lib;
with import ../../4lib/krebs { inherit lib; };
let
cfg = config.krebs.git;
@ -119,9 +118,6 @@ let
rules = mkOption {
type = types.unspecified;
};
users = mkOption {
type = types.unspecified;
};
};
git-imp = {
@ -149,7 +145,8 @@ let
name = "git";
shell = "/bin/sh";
openssh.authorizedKeys.keys =
mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users;
mapAttrsToList (_: makeAuthorizedKey git-ssh-command)
config.krebs.users;
uid = 129318403; # genid git
};
};
@ -255,7 +252,7 @@ let
isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }:
makeAuthorizedKey = git-ssh-command: user@{ name, pubkey, ... }:
# TODO assert name
# TODO assert pubkey
let

View file

@ -1,6 +1,14 @@
{ lib, ... }:
builtins // lib // {
with builtins;
with lib;
builtins // lib // rec {
addName = name: set:
set // { inherit name; };
addNames = mapAttrs addName;
types = import ./types.nix { inherit lib; };

View file

@ -81,6 +81,17 @@ types // rec {
merge = mergeOneOption;
};
user = submodule {
options = {
name = mkOption {
type = str; # TODO
};
pubkey = mkOption {
type = str;
};
};
};
# TODO
addr = str;
addr4 = str;

View file

@ -15,16 +15,9 @@ krebs // rec {
inherit pkgs;
};
addName = name: set:
set // { inherit name; };
addNames = mapAttrs addName;
# "7.4.335" -> "74"
majmin = with lib; x : concatStrings (take 2 (splitString "." x));
concat = xs :
if xs == []
then ""