summaryrefslogtreecommitdiffstats
path: root/lass/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-06-06 17:17:07 +0200
committertv <tv@krebsco.de>2016-06-06 17:17:07 +0200
commitdda2887e2cf618a7c7744bee2eed806e3a38fe36 (patch)
tree19ad3210a2b8485ac22d26f75b2e2493d3f61596 /lass/3modules
parentc1c645b545b960eb639fc6d41dfa35ee187ae164 (diff)
parent7e344c0627a266685ef1ad79f5193b4e7ba27408 (diff)
Merge remote-tracking branch 'cloudkrebs/master'
Diffstat (limited to 'lass/3modules')
-rw-r--r--lass/3modules/default.nix6
-rw-r--r--lass/3modules/ejabberd/config.nix93
-rw-r--r--lass/3modules/ejabberd/default.nix57
-rw-r--r--lass/3modules/mysql-backup.nix86
-rw-r--r--lass/3modules/per-user.nix53
5 files changed, 239 insertions, 56 deletions
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index f891498c2..380d83a91 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -1,11 +1,11 @@
_:
{
imports = [
- ./xresources.nix
+ ./ejabberd
./folderPerms.nix
- ./per-user.nix
+ ./mysql-backup.nix
./urxvtd.nix
- ./xresources.nix
./wordpress_nginx.nix
+ ./xresources.nix
];
}
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
new file mode 100644
index 000000000..9a4882644
--- /dev/null
+++ b/lass/3modules/ejabberd/config.nix
@@ -0,0 +1,93 @@
+{ config, ... }: with config.krebs.lib; let
+ cfg = config.lass.ejabberd;
+
+ # XXX this is a placeholder that happens to work the default strings.
+ toErlang = builtins.toJSON;
+in toFile "ejabberd.conf" ''
+ {loglevel, 3}.
+ {hosts, ${toErlang cfg.hosts}}.
+ {listen,
+ [
+ {5222, ejabberd_c2s, [
+ starttls,
+ {certfile, ${toErlang cfg.certfile}},
+ {access, c2s},
+ {shaper, c2s_shaper},
+ {max_stanza_size, 65536}
+ ]},
+ {5269, ejabberd_s2s_in, [
+ {shaper, s2s_shaper},
+ {max_stanza_size, 131072}
+ ]},
+ {5280, ejabberd_http, [
+ captcha,
+ http_bind,
+ http_poll,
+ web_admin
+ ]}
+ ]}.
+ {s2s_use_starttls, required}.
+ {s2s_certfile, ${toErlang cfg.s2s_certfile}}.
+ {auth_method, internal}.
+ {shaper, normal, {maxrate, 1000}}.
+ {shaper, fast, {maxrate, 50000}}.
+ {max_fsm_queue, 1000}.
+ {acl, local, {user_regexp, ""}}.
+ {access, max_user_sessions, [{10, all}]}.
+ {access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
+ {access, local, [{allow, local}]}.
+ {access, c2s, [{deny, blocked},
+ {allow, all}]}.
+ {access, c2s_shaper, [{none, admin},
+ {normal, all}]}.
+ {access, s2s_shaper, [{fast, all}]}.
+ {access, announce, [{allow, admin}]}.
+ {access, configure, [{allow, admin}]}.
+ {access, muc_admin, [{allow, admin}]}.
+ {access, muc_create, [{allow, local}]}.
+ {access, muc, [{allow, all}]}.
+ {access, pubsub_createnode, [{allow, local}]}.
+ {access, register, [{allow, local}]}.
+ {language, "en"}.
+ {modules,
+ [
+ {mod_adhoc, []},
+ {mod_announce, [{access, announce}]},
+ {mod_blocking,[]},
+ {mod_caps, []},
+ {mod_configure,[]},
+ {mod_disco, []},
+ {mod_irc, []},
+ {mod_http_bind, []},
+ {mod_last, []},
+ {mod_muc, [
+ {access, muc},
+ {access_create, muc_create},
+ {access_persistent, muc_create},
+ {access_admin, muc_admin}
+ ]},
+ {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
+ {mod_ping, []},
+ {mod_privacy, []},
+ {mod_private, []},
+ {mod_pubsub, [
+ {access_createnode, pubsub_createnode},
+ {ignore_pep_from_offline, true},
+ {last_item_cache, false},
+ {plugins, ["flat", "hometree", "pep"]}
+ ]},
+ {mod_register, [
+ {welcome_message, {"Welcome!",
+ "Hi.\nWelcome to this XMPP server."}},
+ {ip_access, [{allow, "127.0.0.0/8"},
+ {allow, "0.0.0.0/0"}]},
+ {access, register}
+ ]},
+ {mod_roster, []},
+ {mod_shared_roster,[]},
+ {mod_stats, []},
+ {mod_time, []},
+ {mod_vcard, []},
+ {mod_version, []}
+ ]}.
+''
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
new file mode 100644
index 000000000..c68f32ef0
--- /dev/null
+++ b/lass/3modules/ejabberd/default.nix
@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }@args: with config.krebs.lib; let
+ cfg = config.lass.ejabberd;
+in {
+ options.lass.ejabberd = {
+ enable = mkEnableOption "lass.ejabberd";
+ certfile = mkOption {
+ type = types.str;
+ };
+ hosts = mkOption {
+ type = with types; listOf str;
+ };
+ pkgs.ejabberdctl = mkOption {
+ type = types.package;
+ default = pkgs.writeDashBin "ejabberdctl" ''
+ set -efu
+ export SPOOLDIR=${shell.escape cfg.user.home}
+ export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
+ exec ${pkgs.ejabberd}/bin/ejabberdctl \
+ --logs ${shell.escape cfg.user.home} \
+ --spool ${shell.escape cfg.user.home} \
+ "$@"
+ '';
+ };
+ s2s_certfile = mkOption {
+ type = types.str;
+ default = cfg.certfile;
+ };
+ user = mkOption {
+ type = types.user;
+ default = {
+ name = "ejabberd";
+ home = "/var/ejabberd";
+ };
+ };
+ };
+ config = lib.mkIf cfg.enable {
+ environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+
+ systemd.services.ejabberd = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ PermissionsStartOnly = "true";
+ SyslogIdentifier = "ejabberd";
+ User = cfg.user.name;
+ ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
+ };
+ };
+
+ users.users.${cfg.user.name} = {
+ inherit (cfg.user) home name uid;
+ createHome = true;
+ };
+ };
+}
diff --git a/lass/3modules/mysql-backup.nix b/lass/3modules/mysql-backup.nix
new file mode 100644
index 000000000..d2ae67171
--- /dev/null
+++ b/lass/3modules/mysql-backup.nix
@@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cfg = config.lass.mysqlBackup;
+
+ out = {
+ options.lass.mysqlBackup = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "mysqlBackup";
+ config = mkOption {
+ type = with types; attrsOf (submodule ({ config, ... }: {
+ options = {
+ name = mkOption {
+ type = types.str;
+ default = config._module.args.name;
+ };
+ startAt = mkOption {
+ type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
+ default = "*-*-* 01:15:00";
+ };
+ user = mkOption {
+ type = str;
+ default = "root";
+ };
+ password = mkOption {
+ type = nullOr str;
+ default = null;
+ description = ''
+ path to a file containing the mysqlPassword for the specified user.
+ '';
+ };
+ databases = mkOption {
+ type = listOf str;
+ default = [];
+ };
+ location = mkOption {
+ type = str;
+ default = "/bku/sql_dumps";
+ };
+ };
+ }));
+ description = "configuration for mysqlBackup";
+ };
+ };
+
+ imp = {
+
+ #systemd.timers =
+ # mapAttrs (_: plan: {
+ # wantedBy = [ "timers.target" ];
+ # timerConfig = plan.timerConfig;
+ #}) cfg.config;
+
+ systemd.services =
+ mapAttrs' (_: plan: nameValuePair "mysqlBackup-${plan.name}" {
+ path = with pkgs; [
+ mysql
+ gzip
+ ];
+ serviceConfig = rec {
+ ExecStart = start plan;
+ SyslogIdentifier = ExecStart.name;
+ Type = "oneshot";
+ User = plan.user;
+ };
+ startAt = plan.startAt;
+ }) cfg.config;
+ };
+
+
+ start = plan: let
+ backupScript = plan: db:
+ "mysqldump -u ${plan.user} ${optionalString (plan.password != null) "-p$(cat ${plan.password})"} ${db} | gzip -c > ${plan.location}/${db}.gz";
+
+ in pkgs.pkgs.writeDash "mysqlBackup.${plan.name}" ''
+ ${concatMapStringsSep "\n" (backupScript plan) plan.databases}
+ '';
+
+
+in out
diff --git a/lass/3modules/per-user.nix b/lass/3modules/per-user.nix
deleted file mode 100644
index f8d357ce2..000000000
--- a/lass/3modules/per-user.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with config.krebs.lib;
-let
- cfg = config.lass.per-user;
-
- out = {
- options.lass.per-user = api;
- config = imp;
- };
-
- api = mkOption {
- type = with types; attrsOf (submodule {
- options = {
- packages = mkOption {
- type = listOf path;
- default = [];
- };
- };
- });
- default = {};
- };
-
- imp = {
- #
- # TODO only shellInit and use well-known paths
- #
- environment.shellInit = ''
- if test -e ${user-profiles}/"$LOGNAME"; then
- . ${user-profiles}/"$LOGNAME"
- fi
- '';
- environment.interactiveShellInit = ''
- if test -e ${user-profiles}/"$LOGNAME"; then
- . ${user-profiles}/"$LOGNAME"
- fi
- '';
- environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ];
- };
-
- user-profiles = pkgs.runCommand "user-profiles" {} ''
- mkdir $out
- ${concatStrings (mapAttrsToList (logname: { packages, ... }: ''
- cat > $out/${logname} <<\EOF
- ${optionalString (length packages > 0) (
- let path = makeSearchPath "bin" packages; in
- ''export PATH="$PATH":${escapeShellArg path}''
- )}
- EOF
- '') cfg)}
- '';
-
-in out