diff options
Diffstat (limited to 'krebs')
45 files changed, 40 insertions, 658 deletions
diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index d58661a28..d87003ac2 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let ReaktorConfig = pkgs.writeText "config.py" '' diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index e80d383f8..f3c8ff0cd 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let acng-config = pkgs.writeTextFile { name = "acng-configuration"; diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 4569d400f..96b283002 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let out = { options.krebs.backup = api; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 080d2188d..50e04cf80 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let gunicorn = pkgs.pythonPackages.gunicorn; bepasty = pkgs.pythonPackages.bepasty-server; diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 4848748cd..51f192703 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { options.krebs.build = { diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index bd17c3765..9e144ee0e 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let # https://github.com/NixOS/nixpkgs/issues/14026 diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 02331ee12..650594a6c 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' import os diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix index 9f63e33ac..e97e53479 100644 --- a/krebs/3modules/current.nix +++ b/krebs/3modules/current.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.current; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a4a5f9cad..ec85464df 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs; @@ -21,7 +21,6 @@ let ./git.nix ./go.nix ./iptables.nix - ./lib.nix ./newsbot-js.nix ./nginx.nix ./nixpkgs.nix diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index a18f1c979..05840e80a 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.exim-retiolum; diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index cfe2e5f04..2ed5607f1 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 7b18c72c1..1127c0a50 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with config.krebs.lib; let +{ config, lib, pkgs, ... }: with import <stockholm/lib>; let cfg = config.krebs.exim; in { options.krebs.exim = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 0adcec3d8..94bcbed9d 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.fetchWallpaper; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 6a03b4638..e6b98a923 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -6,7 +6,7 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.git; @@ -97,7 +97,7 @@ let singleton { user = [ config.krebs.users.tv ]; repo = [ testing ]; # see literal example of repos - perm = push "refs/*" (with config.krebs.lib.git; [ + perm = push "refs/*" (with git; [ non-fast-forward create delete merge ]); } diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 3646d35d6..e6db3aa42 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.github-hosts-sync; diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 52a104bb9..a86f444dc 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.go; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index f2c9c4684..ad1221e8e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { diff --git a/krebs/3modules/lib.nix b/krebs/3modules/lib.nix deleted file mode 100644 index ccd6a6afa..000000000 --- a/krebs/3modules/lib.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - out = { - options.krebs.lib = api; - config = imp; - }; - api = mkOption { - default = {}; - type = types.attrs; - }; - imp = { - krebs.lib = lib // import ../4lib { inherit config lib; } // builtins; - }; -in out diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e79e54aa6..7317e0b60 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index dc47d8983..a95536122 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) { diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 214f55018..1577c5b64 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.nginx; diff --git a/krebs/3modules/nixpkgs.nix b/krebs/3modules/nixpkgs.nix index 5816b8a30..796ee537e 100644 --- a/krebs/3modules/nixpkgs.nix +++ b/krebs/3modules/nixpkgs.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.nixpkgs; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index a471a4bc2..8bb022442 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with config.krebs.lib; let +{ config, lib, pkgs, ... }: with import <stockholm/lib>; let out = { options.krebs.on-failure = api; config = lib.mkIf cfg.enable imp; diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 4c803fff8..50cf72ef9 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,5 +1,5 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let nixos-version-id = "${config.system.nixosVersion}"; nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index 93a7d2293..1b8d092bb 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.per-user; diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index bb5b3e521..f405482de 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.power-action; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index df374e184..1564bd94a 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.realwallpaper; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index bcd9da5ea..7705635f0 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.repo-sync; diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 9d393c90b..4bcd596d4 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.retiolum-bootstrap; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 2b181a556..fddaed9e3 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let out = { options.krebs.tinc = api; diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index d53482339..bcc52fb6e 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.rtorrent; webcfg = config.krebs.rtorrent.web; diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 579f375f3..672c503b0 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: with config.krebs.lib; let +{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let cfg = config.krebs.secret; in { options.krebs.secret = { diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 65a4abe1c..13f981437 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.setuid; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index a9868954e..a05889632 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let testHosts = genAttrs [ "test-arch" diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index d783ba03b..26a51de00 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.tinc_graphs; internal_dir = "${cfg.workingDir}/internal"; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index a933cbddb..5773255ec 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { dns.providers = { diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index ed1a21260..e43f8de4a 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -4,7 +4,7 @@ # TODO inform about unused caches # cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}" -with config.krebs.lib; +with import <stockholm/lib>; let cfg = config.krebs.urlwatch; diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix deleted file mode 100644 index c40b9a868..000000000 --- a/krebs/4lib/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -_: - -let - lib = import <stockholm/lib>; -in - -with lib; - -let out = lib // rec { - - guard = spec@{ type, value, ... }: - assert isOptionType type; - if type.check value - then value - else throw (toString (filter isString [ - "argument" - (if spec ? name then "‘${spec.name}’" else null) - "is not a ${type.name}" - ])); - - types = import ./types.nix { - lib = lib // { inherit genid optionalTrace; }; - }; - - genid = import ./genid.nix { lib = lib // out; }; - genid_signed = x: ((genid x) + 16777216) / 2; - git = import ./git.nix { lib = lib // out; }; - tree = import ./tree.nix { inherit lib; }; - - lpad = n: c: s: - if stringLength s < n - then lpad n c (c + s) - else s; - - toC = x: let - type = typeOf x; - reject = throw "cannot convert ${type}"; - in { - list = "{ ${concatStringsSep ", " (map toC x)} }"; - null = "NULL"; - set = if isDerivation x then toJSON x else reject; - string = toJSON x; # close enough - }.${type} or reject; - - subdirsOf = path: - mapAttrs (name: _: path + "/${name}") - (filterAttrs (_: eq "directory") (readDir path)); - - genAttrs' = names: f: listToAttrs (map f names); - - getAttrs = names: set: - listToAttrs (map (name: nameValuePair name set.${name}) - (filter (flip hasAttr set) names)); - - setAttr = name: value: set: set // { ${name} = value; }; - - optionalTrace = c: msg: x: if c then trace msg x else x; - -}; in out diff --git a/krebs/4lib/genid.nix b/krebs/4lib/genid.nix deleted file mode 100644 index 0aed1d351..000000000 --- a/krebs/4lib/genid.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib, ... }: -with lib; -with builtins; -let out = genid; - - # id = genid s = (hash s + min) % max - # min <= genid s < max - # - # min = 2^24 = 16777216 = 0x001000000 - # max = 2^32 = 4294967296 = 0x100000000 - # - # id is bigger than UID of nobody and GID of nogroup - # see <nixos/modules/misc/ids.nix> and some spare for stuff like lxd. - # - # :: str -> uint32 - genid = s: sum16 (addmod16_16777216 (hash s)); - - # :: str -> list8 uint4 - hash = s: - map hexint (stringToCharacters (substring 32 8 (hashString "sha1" s))); - - # :: list uint -> uint - sum16 = foldl (a: i: a * 16 + i) 0; - - # :: list8 uint4 -> list1 uint8 ++ list6 uint4 - addmod16_16777216 = x: let - a = 16 * head x + head (tail x); - d = tail (tail x); - in [(mod (a + 1) 256)] ++ d; - - # :: char -> uint4 - hexint = x: hexvals.${toLower x}; - - # :: attrset char uint4 - hexvals = listToAttrs (imap (i: c: { name = c; value = i - 1; }) - (stringToCharacters "0123456789abcdef")); -in out diff --git a/krebs/4lib/git.nix b/krebs/4lib/git.nix deleted file mode 100644 index 005c017a9..000000000 --- a/krebs/4lib/git.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, ... }: - -with lib; - -let - addName = name: set: - set // { inherit name; }; - - addNames = mapAttrs addName; - - commands = addNames { - git-receive-pack = {}; - git-upload-pack = {}; - }; - - receive-modes = addNames { - fast-forward = {}; - non-fast-forward = {}; - create = {}; - delete = {}; - merge = {}; # TODO implement in git.nix - }; - - permissions = { - fetch = { - allow-commands = [ - commands.git-upload-pack - ]; - }; - - push = ref: extra-modes: { - allow-commands = [ - commands.git-receive-pack - commands.git-upload-pack - ]; - allow-receive-ref = ref; - allow-receive-modes = [ receive-modes.fast-forward ] ++ extra-modes; - }; - }; - - refs = { - master = "refs/heads/master"; - all-heads = "refs/heads/*"; - }; - -in -commands // receive-modes // permissions // refs diff --git a/krebs/4lib/tree.nix b/krebs/4lib/tree.nix deleted file mode 100644 index 1cd83b3f6..000000000 --- a/krebs/4lib/tree.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, ... }: - -with lib; - -rec { - # tree k v = set k (either v (tree k v)) - - # get : [k] -> tree k v -> v - get = path: tree: - if length path > 0 - then get (tail path) tree.${head path} # TODO check if elem exists - else tree; -} diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix deleted file mode 100644 index 8d6ace2e5..000000000 --- a/krebs/4lib/types.nix +++ /dev/null @@ -1,446 +0,0 @@ -{ lib, ... }: - -with builtins; -with lib; -with types; - -types // rec { - - host = submodule ({ config, ... }: { - options = { - name = mkOption { - type = label; - default = config._module.args.name; - }; - cores = mkOption { - type = positive; - }; - nets = mkOption { - type = attrsOf net; - default = {}; - }; - - owner = mkOption { - type = user; - }; - - extraZones = mkOption { - default = {}; - # TODO: string is either MX, NS, A or AAAA - type = with types; attrsOf string; - }; - - secure = mkOption { - type = bool; - default = false; - description = '' - If true, then the host is capable of keeping secret information. - - TODO define minimum requirements for secure hosts - ''; - }; - - ssh.pubkey = mkOption { - type = nullOr ssh-pubkey; - default = null; - }; - ssh.privkey = mkOption { - type = nullOr ssh-privkey; - default = null; - }; - }; - }); - - net = submodule ({ config, ... }: { - options = { - name = mkOption { - type = label; - default = config._module.args.name; - }; - via = mkOption { - type = nullOr net; - default = null; - }; - addrs = mkOption { - type = listOf addr; - default = - optional (config.ip4 != null) config.ip4.addr ++ - optional (config.ip6 != null) config.ip6.addr; - }; - aliases = mkOption { - # TODO nonEmptyListOf hostname - type = listOf hostname; - default = []; - }; - ip4 = mkOption { - type = nullOr (submodule { - options = { - addr = mkOption { - type = addr4; - }; - prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) - } // optionalAttrs (config.name == "retiolum") { - default = "10.243.0.0/16"; - }); - }; - }); - default = null; - }; - ip6 = mkOption { - type = nullOr (submodule { - options = { - addr = mkOption { - type = addr6; - }; - prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) - } // optionalAttrs (config.name == "retiolum") { - default = "42::/16"; - }); - }; - }); - default = null; - }; - ssh = mkOption { - type = submodule { - options = { - port = mkOption { - type = int; - default = 22; - }; - }; - }; - default = {}; - }; - tinc = mkOption { - type = let net = config; in nullOr (submodule ({ config, ... }: { - options = { - config = mkOption { - type = str; - default = concatStringsSep "\n" ( - (optionals (net.via != null) - (map (a: "Address = ${a} ${toString config.port}") net.via.addrs)) - ++ - (map (a: "Subnet = ${a}") net.addrs) - ++ - [config.extraConfig] - ++ - [config.pubkey] - ); - }; - pubkey = mkOption { - type = tinc-pubkey; - }; - extraConfig = mkOption { - description = "Extra Configuration to be appended to the hosts file"; - default = ""; - type = string; - }; - port = mkOption { - type = int; - description = "tinc port to use to connect to host"; - default = 655; - }; - }; - })); - default = null; - }; - }; - }); - - positive = mkOptionType { - name = "positive integer"; - check = x: isInt x && x > 0; - merge = mergeOneOption; - }; - - uint = mkOptionType { - name = "unsigned integer"; - check = x: isInt x && x >= 0; - merge = mergeOneOption; - }; - - secret-file = submodule ({ config, ... }: { - options = { - name = mkOption { - type = filename; - default = config._module.args.name; - }; - path = mkOption { - type = absolute-pathname; - default = "/run/keys/${config.name}"; - }; - mode = mkOption { - type = file-mode; - default = "0400"; - }; - owner = mkOption { - type = user; - }; - group-name = mkOption { - type = str; - default = "root"; - }; - source-path = mkOption { - type = str; - default = toString <secrets> + "/${config.name}"; - }; - }; - }); - - - source = submodule ({ config, ... }: { - options = { - type = let - types = ["file" "git" "symlink"]; - in mkOption { - type = enum types; - default = let - cands = filter (k: config.${k} != null) types; - in - if length cands == 1 - then head cands - else throw "cannot determine type"; - }; - file = let - file-path = (file-source.getSubOptions "FIXME").path.type; - in mkOption { - type = nullOr (either file-source file-path); - default = null; - apply = x: - if file-path.check x - then { path = x; } - else x; - }; - git = mkOption { - type = nullOr git-source; - default = null; - }; - symlink = let - symlink-target = (symlink-source.getSubOptions "FIXME").target.type; - in mkOption { - type = nullOr (either symlink-source symlink-target); - default = null; - apply = x: - if symlink-target.check x - then { target = x; } - else x; - }; - }; - }); - - file-source = submodule { - options = { - path = mkOption { - type = absolute-pathname; - }; - }; - }; - - git-source = submodule { - options = { - ref = mkOption { - type = str; # TODO types.git.ref - }; - url = mkOption { - type = str; # TODO types.git.url - }; - }; - }; - - symlink-source = submodule { - options = { - target = mkOption { - type = pathname; # TODO relative-pathname - }; - }; - }; - - - suffixed-str = suffs: - mkOptionType { - name = "string suffixed by ${concatStringsSep ", " suffs}"; - check = x: isString x && any (flip hasSuffix x) suffs; - merge = mergeOneOption; - }; - - user = submodule ({ config, ... }: { - options = { - home = mkOption { - type = absolute-pathname; - default = "/home/${config.name}"; - }; - mail = mkOption { - type = str; # TODO retiolum mail address - default = "${config._module.args.name}@${config.networking.hostName}.r"; - }; - name = mkOption { - type = username; - default = config._module.args.name; - }; - pgp.pubkeys = mkOption { - type = attrsOf pgp-pubkey; - default = {}; - description = '' - Set of user's PGP public keys. - - Modules supporting PGP may use well-known key names to define - default values for options, in which case the well-known name - should be documented in the respective option's description. - ''; - }; - pubkey = mkOption { - type = nullOr ssh-pubkey; - default = null; - }; - uid = mkOption { - type = int; - default = genid config.name; - }; - }; - }); - group = submodule ({ config, ... }: { - options = { - name = mkOption { - type = username; - default = config._module.args.name; - }; - gid = mkOption { - type = int; - default = genid config.name; - }; - }; - }); - - addr = either addr4 addr6; - addr4 = mkOptionType { - name = "IPv4 address"; - check = let - IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in - concatMapStringsSep "." (const d) (range 1 4); - in x: isString x && match IPv4address x != null; - merge = mergeOneOption; - }; - addr6 = mkOptionType { - name = "IPv6 address"; - check = let - # TODO check IPv6 address harder - IPv6address = "[0-9a-f.:]+"; - in x: isString x && match IPv6address x != null; - merge = mergeOneOption; - }; - - pgp-pubkey = str; - - ssh-pubkey = str; - ssh-privkey = submodule { - options = { - bits = mkOption { - type = nullOr (enum ["4096"]); - default = null; - }; - path = mkOption { - type = either path str; - apply = x: { - path = toString x; - string = x; - }.${typeOf x}; - }; - type = mkOption { - type = enum ["rsa" "ed25519"]; - default = "ed25519"; - }; - }; - }; - - tinc-pubkey = str; - - krebs.file-location = types.submodule { - options = { - # TODO user - host = mkOption { - type = host; - }; - # TODO merge with ssl.privkey.path - path = mkOption { - type = types.either types.path types.str; - apply = x: { - path = toString x; - string = x; - }.${typeOf x}; - }; - }; - }; - - file-mode = mkOptionType { - name = "file mode"; - check = x: isString x && match "[0-7]{4}" x != null; - merge = mergeOneOption; - }; - - haskell.conid = mkOptionType { - name = "Haskell constructor identifier"; - check = x: - isString x && match "[[:upper:]][[:lower:]_[:upper:]0-9']*" x != null; - merge = mergeOneOption; - }; - - haskell.modid = mkOptionType { - name = "Haskell module identifier"; - check = x: isString x && all haskell.conid.check (splitString "." x); - merge = mergeOneOption; - }; - - # RFC952, B. Lexical grammar, <hname> - hostname = mkOptionType { - name = "hostname"; - check = x: isString x && all label.check (splitString "." x); - merge = mergeOneOption; - }; - - # RFC952, B. Lexical grammar, <name> - # RFC1123, 2.1 Host Names and Numbers - label = mkOptionType { - name = "label"; - # TODO case-insensitive labels - check = x: isString x - && match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null; - merge = mergeOneOption; - }; - - # POSIX.1‐2013, 3.278 Portable Filename Character Set - filename = mkOptionType { - name = "POSIX filename"; - check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null; - merge = mergeOneOption; - }; - - # POSIX.1‐2013, 3.2 Absolute Pathname - # TODO normalize slashes - # TODO two slashes - absolute-pathname = mkOptionType { - name = "POSIX absolute pathname"; - check = x: let xs = splitString "/" x; xa = head xs; in - isString x - && stringLength x > 0 - && (xa == "/" || (xa == "" && all filename.check (tail xs))); - merge = mergeOneOption; - }; - - # POSIX.1‐2013, 3.267 Pathname - # TODO normalize slashes - pathname = mkOptionType { - name = "POSIX pathname"; - check = x: let xs = splitString "/" x; in - isString x && all filename.check (if head xs == "" then tail xs else xs); - merge = mergeOneOption; - }; - - # POSIX.1-2013, 3.431 User Name - username = mkOptionType { - name = "POSIX username"; - check = filename.check; - merge = mergeOneOption; - }; -} diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 841543819..5860b9a15 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; rec { execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let in writeC name { inherit destination; } /* c */ '' diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 75d1dac82..876f8b9a4 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }@args: -with config.krebs.lib; +with import <stockholm/lib>; { nixpkgs.config.packageOverrides = pkgs: let diff --git a/krebs/default.nix b/krebs/default.nix index 93e006f3d..e5e8cbc49 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; { imports = [ ./3modules |