makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'mors/master' into mors-staging

Browse source
This commit is contained in:
tv 2015-06-14 19:22:37 +02:00
parent 78c3c09f15 afa7f0b98d
commit bff3b50ddd
15 changed files with 445 additions and 164 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
modules/cloudkrebs/networking.nix Normal file
View file

@ -0,0 +1,14 @@
{...}:
{
networking.hostName = "cloudkrebs";
networking.interfaces.enp2s1.ip4 = [
{
address = "104.167.113.104";
prefixLength = 24;
}
];
networking.defaultGateway = "104.167.113.1";
networking.nameservers = [
"8.8.8.8"
];
}

14
modules/common/krebs-keys.nix Normal file
View file

@ -0,0 +1,14 @@
# alle public keys der krebsminister fuer R in krebs repos
{ config, ... }:
with import ../lass/sshkeys.nix {
config.sshKeys.lass.pub = config.sshKeys.lass.pub;
config.sshKeys.uriel.pub = config.sshKeys.uriel.pub;
};
{
imports = [
./sshkeys.nix
];
config.sshKeys.tv.pub = "ssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
}

36
modules/common/krebs-repos.nix Normal file
View file

@ -0,0 +1,36 @@
{ lib, ... }:
let
inherit (lib) mkDefault;
mkSecureRepo = name:
{ inherit name;
value = {
users = {
lass = mkDefault "R";
tv = mkDefault "R";
makefu = mkDefault "R";
};
};
};
mkRepo = name:
{ inherit name;
value = {
users = {
lass = mkDefault "R";
tv = mkDefault "R";
makefu = mkDefault "R";
};
};
};
in {
services.gitolite.repos =
(lib.listToAttrs (map mkSecureRepo [ "brain" ])) //
(lib.listToAttrs (map mkRepo [
"painload"
"services"
"hosts"
]));
}

121
modules/lass/base.nix
View file

@ -24,6 +24,7 @@
environment.systemPackages = with pkgs; [
git
most
rxvt_unicode.terminfo
#network
iptables
@ -68,124 +69,6 @@
enable = true;
dataDir = "/home/gitolite";
adminPubkey = config.sshKeys.lass.pub;
#commonHooks = [
# (pkgs.writeText "irc-announce" ''
# #! /bin/sh
# set -euf
# config_file="$GL_ADMIN_BASE/conf/irc-announce.conf"
# if test -f "$config_file"; then
# . "$config_file"
# fi
# # XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update
# # any relevant gitolite LOCAL_CODE!
# # CAVEAT we hope that IRC_NICK is unique
# IRC_NICK="''${IRC_NICK-gl$GL_TID}"
# IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}"
# IRC_SERVER="''${IRC_SERVER-ire.retiolum}"
# IRC_PORT="''${IRC_PORT-6667}"
# # for privmsg_cat below
# export IRC_CHANNEL
# # collect users that are mentioned in the gitolite configuration
# interested_users="$(perl -e '
# do "gl-conf";
# print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} });
# ')"
# # CAVEAT beware of real TABs in grep pattern!
# # CAVEAT there will never be more than 42 relevant log entries!
# log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^ ]* $GL_TID ")"
# update_log="$(echo "$log" | grep "^[^ ]* $GL_TID update")"
# # (debug output)
# env | sed 's/^/env: /'
# echo "$log" | sed 's/^/log: /'
# # see http://gitolite.com/gitolite/dev-notes.html#lff
# reponame=$(echo "$update_log" | cut -f 4)
# username=$(echo "$update_log" | cut -f 5)
# ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||')
# old_sha=$(echo "$update_log" | cut -f 8)
# new_sha=$(echo "$update_log" | cut -f 9)
# # check if new branch is created
# if test $old_sha = 0000000000000000000000000000000000000000; then
# # TODO what should we really show?
# old_sha=$new_sha^
# fi
# #
# git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)"
# commit_count=$(echo "$git_log" | wc -l)
# # echo2 and cat2 are used output to both, stdout and stderr
# # This is used to see what we send to the irc server. (debug output)
# echo2() { echo "$*"; echo "$*" >&2; }
# cat2() { tee /dev/stderr; }
# # privmsg_cat transforms stdin to a privmsg
# privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
# # ircin is used to feed the output of netcat back to the "irc client"
# # so we can implement expect-like behavior with sed^_^
# # XXX mkselfdestructingtmpfifo would be nice instead of this cruft
# tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
# cd "$tmpdir"
# mkfifo ircin
# trap "
# rm ircin
# cd '$OLDPWD'
# rmdir '$tmpdir'
# trap - EXIT INT QUIT
# " EXIT INT QUIT
# #
# #
# #
# {
# echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
# echo2 "NICK $IRC_NICK"
# # wait for MODE message
# sed -n '/^:[^ ]* MODE /q'
# echo2 "JOIN $IRC_CHANNEL"
# echo "$interested_users" \
# | tr ' ' '\n' \
# | grep -v "^$GL_USER" \
# | sed 's/$/: poke/' \
# | privmsg_cat \
# | cat2
# printf '[13%s] %s pushed %s new commit%s to 6%s %s\n' \
# "$reponame" \
# "$username" \
# "$commit_count" \
# "$(test $commit_count = 1 || echo s)" \
# "$(hostname)" \
# "$ref_name" \
# | privmsg_cat \
# | cat2
# echo "$git_log" \
# | sed 's/^/14/;s/ / /' \
# | privmsg_cat \
# | cat2
# echo2 "PART $IRC_CHANNEL"
# # wait for PART confirmation
# sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
# echo2 'QUIT :Gone to have lunch'
# } < ircin \
# | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
# '')
#];
};
services.openssh = {
@ -211,10 +94,10 @@
extraCommands = ''
iptables -A INPUT -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
iptables -A INPUT -j ACCEPT -i lo
iptables -A INPUT -j ACCEPT -p icmp
#iptables -N Retiolum
iptables -A INPUT -j Retiolum -i retiolum
iptables -A Retiolum -j ACCEPT -p icmp
iptables -A Retiolum -j ACCEPT -m conntrack --ctstate RELATED,ESTABLISHED
iptables -A Retiolum -j REJECT -p tcp --reject-with tcp-reset
iptables -A Retiolum -j REJECT -p udp --reject-with icmp-port-unreachable

2
modules/lass/games.nix
View file

@ -13,7 +13,7 @@ in {
name = "games";
description = "user playing games";
home = "/home/games";
extraGroups = [ "audio" ];
extraGroups = [ "audio" "video" ];
createHome = true;
useDefaultShell = true;
};

173
modules/lass/gitolite-base.nix Normal file
View file

@ -0,0 +1,173 @@
{ config, ... }:
{
services.gitolite = {
mutable = false;
keys = {
lass = config.sshKeys.lass.pub;
uriel = config.sshKeys.uriel.pub;
};
rc = ''
%RC = (
UMASK => 0077,
GIT_CONFIG_KEYS => "",
LOG_EXTRA => 1,
ROLES => {
READERS => 1,
WRITERS => 1,
},
LOCAL_CODE => "$ENV{HOME}/.gitolite",
ENABLE => [
'help',
'desc',
'info',
'perms',
'writable',
'ssh-authkeys',
'git-config',
'daemon',
'gitweb',
'repo-specific-hooks',
],
);
1;
'';
repoSpecificHooks = {
irc-announce = ''
#! /bin/sh
set -euf
config_file="$GL_ADMIN_BASE/conf/irc-announce.conf"
if test -f "$config_file"; then
. "$config_file"
fi
# XXX when changing IRC_CHANNEL or IRC_SERVER/_PORT, don't forget to update
# any relevant gitolite LOCAL_CODE!
# CAVEAT we hope that IRC_NICK is unique
IRC_NICK="''${IRC_NICK-gl$GL_TID}"
IRC_CHANNEL="''${IRC_CHANNEL-#retiolum}"
IRC_SERVER="''${IRC_SERVER-ire.retiolum}"
IRC_PORT="''${IRC_PORT-6667}"
# for privmsg_cat below
export IRC_CHANNEL
# collect users that are mentioned in the gitolite configuration
interested_users="$(perl -e '
do "gl-conf";
print join(" ", keys%{ $one_repo{$ENV{"GL_REPO"}} });
')"
# CAVEAT beware of real TABs in grep pattern!
# CAVEAT there will never be more than 42 relevant log entries!
tab=$(printf '\x09')
log="$(tail -n 42 "$GL_LOGFILE" | grep "^[^$tab]*$tab$GL_TID$tab" || :)"
update_log="$(echo "$log" | grep "^[^$tab]*$tab$GL_TID''${tab}update")"
# (debug output)
env | sed 's/^/env: /'
echo "$log" | sed 's/^/log: /'
# see http://gitolite.com/gitolite/dev-notes.html#lff
reponame=$(echo "$update_log" | cut -f 4)
username=$(echo "$update_log" | cut -f 5)
ref_name=$(echo "$update_log" | cut -f 7 | sed 's|^refs/heads/||')
old_sha=$(echo "$update_log" | cut -f 8)
new_sha=$(echo "$update_log" | cut -f 9)
# check if new branch is created
if test $old_sha = 0000000000000000000000000000000000000000; then
# TODO what should we really show?
old_sha=$new_sha^
fi
#
git_log="$(git log $old_sha..$new_sha --pretty=oneline --abbrev-commit)"
commit_count=$(echo "$git_log" | wc -l)
# echo2 and cat2 are used output to both, stdout and stderr
# This is used to see what we send to the irc server. (debug output)
echo2() { echo "$*"; echo "$*" >&2; }
cat2() { tee /dev/stderr; }
# privmsg_cat transforms stdin to a privmsg
privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
# ircin is used to feed the output of netcat back to the "irc client"
# so we can implement expect-like behavior with sed^_^
# XXX mkselfdestructingtmpfifo would be nice instead of this cruft
tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
cd "$tmpdir"
mkfifo ircin
trap "
rm ircin
cd '$OLDPWD'
rmdir '$tmpdir'
trap - EXIT INT QUIT
" EXIT INT QUIT
#
#
#
{
echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)"
echo2 "NICK $IRC_NICK"
# wait for MODE message
sed -n '/^:[^ ]* MODE /q'
echo2 "JOIN $IRC_CHANNEL"
echo "$interested_users" \
| tr ' ' '\n' \
| grep -v "^$GL_USER" \
| sed 's/$/: poke/' \
| privmsg_cat \
| cat2
printf '[\x0313%s\x03] %s pushed %s new commit%s to \x036%s %s\x03\n' \
"$reponame" \
"$username" \
"$commit_count" \
"$(test $commit_count = 1 || echo s)" \
"$(hostname)" \
"$ref_name" \
| privmsg_cat \
| cat2
echo "$git_log" \
| sed 's/^/\x0314/;s/ /\x03 /' \
| privmsg_cat \
| cat2
echo2 "PART $IRC_CHANNEL"
# wait for PART confirmation
sed -n '/:'"$IRC_NICK"'![^ ]* PART /q'
echo2 'QUIT :Gone to have lunch'
} < ircin \
| nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin
'';
};
customFiles = [
{
path = ".gitolite/conf/irc-announce.conf";
file = ''
IRC_NICK="$(hostname)$GL_TID"
case "$GL_REPO" in
brain|painload|services|load-env|config)
IRC_CHANNEL='#retiolum'
;;
*)
IRC_CHANNEL='&testing'
;;
esac
'';
}
];
};
}

2
modules/lass/sshkeys.nix
View file

@ -6,4 +6,6 @@
];
config.sshKeys.lass.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors";
config.sshKeys.uriel.pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel";
}

29
modules/lass/urxvt.nix
View file

@ -31,31 +31,10 @@ in
URxvt.intensityStyles: false
!solarized colors
URxvt*fading: 5
URxvt*background: #002b36
URxvt*foreground: #657b83
URxvt*fadeColor: #002b36
URxvt*cursorColor: #93a1a1
URxvt*pointerColorBackground: #586e75
URxvt*pointerColorForeground: #93a1a1
URxvt*colorUL: #859900
URxvt*colorBD: #268bd2
URxvt*color0: #073642
URxvt*color8: #002b36
URxvt*color1: #dc322f
URxvt*color9: #cb4b16
URxvt*color2: #859900
URxvt*color10: #586e75
URxvt*color3: #b58900
URxvt*color11: #657b83
URxvt*background: #000000
URxvt*foreground: #ffffff
!change unreadable blue
URxvt*color4: #268bd2
URxvt*color12: #839496
URxvt*color5: #d33682
URxvt*color13: #6c71c4
URxvt*color6: #2aa198
URxvt*color14: #93a1a1
URxvt*color7: #eee8d5
URxvt*color15: #fdf6e3
'';
}

45
modules/lass/vim.nix
View file

@ -1,9 +1,20 @@
{ config, pkgs, ... }:
{
let
customPlugins.mustang2 = pkgs.vimUtils.buildVimPlugin {
name = "Mustang2";
src = pkgs.fetchFromGitHub {
owner = "croaker";
repo = "mustang-vim";
rev = "6533d7d21bf27cae94d9c2caa575f627f003dfd5";
sha256 = "0zlmcrr04j3dkiivrhqi90f618lmnnnpvbz1b9msfs78cmgw9w67";
};
};
environment.systemPackages = with pkgs; [
(vim_configurable.customize {
in {
environment.systemPackages = [
(pkgs.vim_configurable.customize {
name = "vim";
vimrcConfig.customRC = ''
@ -12,7 +23,7 @@
syntax on
" TODO autoload colorscheme file
set background=dark
colorscheme solarized
colorscheme mustang
filetype off
filetype plugin indent on
@ -47,8 +58,6 @@
"Tabwidth
set ts=2 sts=2 sw=2 et
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
" create Backup/tmp/undo dirs
function! InitBackupDir()
@ -79,15 +88,29 @@
set viminfo='20,<1000,s100,h,n~/.vim/tmp/info
set undodir=$HOME/.vim/undo
set undofile
" highlight whitespaces
highlight ExtraWhitespace ctermbg=red guibg=red
match ExtraWhitespace /\s\+$/
autocmd BufWinEnter * match ExtraWhitespace /\s\+$/
autocmd InsertEnter * match ExtraWhitespace /\s\+\%#\@<!$/
autocmd InsertLeave * match ExtraWhitespace /\s\+$/
autocmd BufWinLeave * call clearmatches()
"ft specific stuff
autocmd BufRead *.js,*.json set ts=2 sts=2 sw=2 et
autocmd BufRead *.hs set ts=4 sts=4 sw=4 et
"esc timeout
set timeoutlen=1000 ttimeoutlen=0
'';
vimrcConfig.vam.knownPlugins = vimPlugins;
vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins;
vimrcConfig.vam.pluginDictionaries = [
{ name = "Gundo"; }
{ name = "commentary"; }
{ name = "vim-addon-nix"; }
{ name = "colors-solarized"; }
{ names = [ "Gundo" "commentary" "mustang2" ]; }
{ names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; }
];
})
];
}

2
modules/lass/virtualbox.nix
View file

@ -12,7 +12,7 @@ in {
description = "user for running VirtualBox";
home = "/home/virtual";
useDefaultShell = true;
extraGroups = [ "vboxusers" ];
extraGroups = [ "vboxusers" "audio" ];
createHome = true;
};
};

2
modules/lass/wine.nix
View file

@ -13,7 +13,7 @@ in {
description = "user for running wine";
home = "/home/wine";
useDefaultShell = true;
extraGroups = [];
extraGroups = [ "audio" ];
createHome = true;
};
};

7
modules/mors/default.nix
View file

@ -24,10 +24,12 @@
../lass/binary-caches.nix
../lass/ircd.nix
../../secrets/mors-pw.nix
./repos.nix
];
nixpkgs = {
url = "https://github.com/Lassulus/nixpkgs";
rev = "eba85883a07a9fc414d7860f8d6fee4d9f09b2ac";
rev = "b74c8eeb73a75eb61148c190df4733474a99a205";
};
networking.hostName = "mors";
@ -54,8 +56,6 @@
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
#kernelModules = [ "kvm-intel" "msr" ];
kernelModules = [ "msr" ];
extraModprobeConfig = ''
'';
};
fileSystems = {
"/" = {
@ -145,7 +145,6 @@
'';
services.xserver = {
videoDriver = "intel";
vaapiDrivers = [ pkgs.vaapiIntel ];
deviceSection = ''

78
modules/mors/repos.nix Normal file
View file

@ -0,0 +1,78 @@
{ ... }:
{
imports = [
../lass/gitolite-base.nix
../common/krebs-keys.nix
../common/krebs-repos.nix
];
services.gitolite = {
repos = {
config = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
pass = {
users = {
lass = "RW+";
uriel = "R";
};
};
load-env = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
emse-hsdb = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
brain = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
#hooks.post-receive = irc-announce;
};
painload = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
};
services = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
};
xmonad-config = {
users = {
lass = "RW+";
uriel = "R";
};
};
};
};
}

6
modules/uriel/default.nix
View file

@ -16,13 +16,14 @@
../../secrets/uriel-pw.nix
../lass/sshkeys.nix
../lass/bird.nix
./repos.nix
];
nixpkgs = {
url = "https://github.com/Lassulus/nixpkgs";
rev = "b42ecfb8c61e514bf7733b4ab0982d3e7e27dacb";
rev = "b74c8eeb73a75eb61148c190df4733474a99a205";
};
networking.hostName = "uriel";
networking.wireless.enable = true;
nix.maxJobs = 2;
@ -104,6 +105,7 @@
environment.systemPackages = with pkgs; [
];
#users.extraGroups = {
# loot = {
# members = [

78
modules/uriel/repos.nix Normal file
View file

@ -0,0 +1,78 @@
{ ... }:
{
imports = [
../lass/gitolite-base.nix
../common/krebs-keys.nix
../common/krebs-repos.nix
];
services.gitolite = {
repos = {
config = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
pass = {
users = {
lass = "RW+";
uriel = "R";
};
};
load-env = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
emse-hsdb = {
users = {
lass = "RW+";
uriel = "R";
tv = "R";
};
extraConfig = "option hook.post-receive = irc-announce";
};
brain = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
#hooks.post-receive = irc-announce;
};
painload = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
};
services = {
users = {
lass = "RW+";
};
extraConfig = "option hook.post-receive = irc-announce";
};
xmonad-config = {
users = {
lass = "RW+";
uriel = "R";
};
};
};
};
}