From 50162983e041012abbddbb562bb655498f47c354 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 12:23:52 +0200 Subject: 4: {tv -> krebs}.types --- 4lib/krebs/default.nix | 7 ++++ 4lib/krebs/types.nix | 81 ++++++++++++++++++++++++++++++++++++++++++++++ 4lib/tv/default.nix | 87 ++++---------------------------------------------- 3 files changed, 94 insertions(+), 81 deletions(-) create mode 100644 4lib/krebs/default.nix create mode 100644 4lib/krebs/types.nix (limited to '4lib') diff --git a/4lib/krebs/default.nix b/4lib/krebs/default.nix new file mode 100644 index 0000000..38c2a97 --- /dev/null +++ b/4lib/krebs/default.nix @@ -0,0 +1,7 @@ +{ lib, ... }: + +builtins // lib // { + + types = import ./types.nix { inherit lib; }; + +} diff --git a/4lib/krebs/types.nix b/4lib/krebs/types.nix new file mode 100644 index 0000000..38ed8a9 --- /dev/null +++ b/4lib/krebs/types.nix @@ -0,0 +1,81 @@ +{ lib, ... }: + +with lib; +with types; + +types // rec { + + host = submodule { + options = { + name = mkOption { + type = label; + }; + dc = mkOption { + type = label; + }; + cores = mkOption { + type = positive; + }; + nets = mkOption { + type = attrsOf net; + apply = x: assert hasAttr "retiolum" x; x; + }; + }; + }; + + net = submodule ({ config, ... }: { + options = { + via = mkOption { + type = nullOr net; + default = null; + }; + addrs = mkOption { + type = listOf addr; + apply = _: config.addrs4 ++ config.addrs6; + }; + addrs4 = mkOption { + type = listOf addr4; + default = []; + }; + addrs6 = mkOption { + type = listOf addr6; + default = []; + }; + aliases = mkOption { + # TODO nonEmptyListOf hostname + type = listOf hostname; + }; + tinc = mkOption { + type = let net-config = config; in submodule ({ config, ... }: { + options = { + config = mkOption { + type = str; + apply = _: '' + ${optionalString (net-config.via != null) + (concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)} + ${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs} + ${config.pubkey} + ''; + }; + pubkey = mkOption { + type = str; + }; + }; + }); + }; + }; + }); + + positive = mkOptionType { + name = "positive integer"; + check = x: isInt x && x > 0; + merge = mergeOneOption; + }; + + # TODO + addr = str; + addr4 = str; + addr6 = str; + hostname = str; + label = str; +} diff --git a/4lib/tv/default.nix b/4lib/tv/default.nix index 092a962..267a858 100644 --- a/4lib/tv/default.nix +++ b/4lib/tv/default.nix @@ -1,9 +1,12 @@ { lib, pkgs, ... }: -with builtins; -with lib; +let + krebs = import ../../4lib/krebs { inherit lib; }; +in -builtins // lib // rec { +with krebs; + +krebs // rec { git = import ./git.nix { lib = lib // { @@ -53,82 +56,4 @@ builtins // lib // rec { if isSafeChar c then c else if c == "\n" then "'\n'" else "\\${c}"); - - types = lib.types // (with lib.types; rec { - - host = submodule { - options = { - name = mkOption { - type = label; - }; - dc = mkOption { - type = label; - }; - cores = mkOption { - type = positive; - }; - nets = mkOption { - type = attrsOf net; - apply = x: assert hasAttr "retiolum" x; x; - }; - }; - }; - - net = submodule ({ config, ... }: { - options = { - via = mkOption { - type = nullOr net; - default = null; - }; - addrs = mkOption { - type = listOf addr; - apply = _: config.addrs4 ++ config.addrs6; - }; - addrs4 = mkOption { - type = listOf addr4; - default = []; - }; - addrs6 = mkOption { - type = listOf addr6; - default = []; - }; - aliases = mkOption { - # TODO nonEmptyListOf hostname - type = listOf hostname; - }; - tinc = mkOption { - type = let net-config = config; in submodule ({ config, ... }: { - options = { - config = mkOption { - type = str; - apply = _: '' - ${optionalString (net-config.via != null) - (concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)} - ${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs} - ${config.pubkey} - ''; - }; - pubkey = mkOption { - type = str; - }; - }; - }); - }; - }; - }); - - positive = mkOptionType { - name = "positive integer"; - check = x: isInt x && x > 0; - merge = mergeOneOption; - }; - - # TODO - addr = str; - addr4 = str; - addr6 = str; - hostname = str; - label = str; - }); - } -- cgit v1.3.1 From 9a53c4bcd8ead4eeb64452f26570d45dacd0041d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 18:36:16 +0200 Subject: 4 krebs.types.host: add option: secure --- 4lib/krebs/types.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to '4lib') diff --git a/4lib/krebs/types.nix b/4lib/krebs/types.nix index 38ed8a9..9d02c77 100644 --- a/4lib/krebs/types.nix +++ b/4lib/krebs/types.nix @@ -20,6 +20,15 @@ types // rec { type = attrsOf net; apply = x: assert hasAttr "retiolum" x; x; }; + secure = mkOption { + type = bool; + default = false; + description = '' + If true, then the host is capable of keeping secret information. + + TODO define minimum requirements for secure hosts + ''; + }; }; }; -- cgit v1.3.1 From 2154167857b6bd35c8b1cce2ad41521164abb2ff Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Jul 2015 20:48:00 +0200 Subject: {2 tv git -> 3 krebs}.users --- 2configs/tv/git.nix | 22 +++++-------------- 3modules/krebs/default.nix | 54 ++++++++++++++++++++++++++++++++++++---------- 3modules/krebs/git.nix | 11 ++++------ 4lib/krebs/default.nix | 10 ++++++++- 4lib/krebs/types.nix | 11 ++++++++++ 4lib/tv/default.nix | 7 ------ 6 files changed, 72 insertions(+), 43 deletions(-) (limited to '4lib') diff --git a/2configs/tv/git.nix b/2configs/tv/git.nix index ac1c413..b7f9983 100644 --- a/2configs/tv/git.nix +++ b/2configs/tv/git.nix @@ -1,4 +1,5 @@ { config, lib, pkgs, ... }: + with import ../../4lib/tv { inherit lib pkgs; }; let @@ -7,7 +8,7 @@ let enable = true; root-title = "public repositories at ${config.tv.identity.self.name}"; root-desc = "keep calm and engage"; - inherit repos rules users; + inherit repos rules; }; }; @@ -43,20 +44,12 @@ let restricted-repos = mapAttrs make-restricted-repo ( { brain = { - collaborators = with users; [ lass makefu ]; + collaborators = with config.krebs.users; [ lass makefu ]; }; } // - import /root/src/secrets/repos.nix { inherit config lib pkgs users; } + import /root/src/secrets/repos.nix { inherit config lib pkgs; } ); - # TODO move users to separate module - users = mapAttrs make-user { - tv = ../../Zpubkeys/tv_wu.ssh.pub; - lass = ../../Zpubkeys/lass.ssh.pub; - uriel = ../../Zpubkeys/uriel.ssh.pub; - makefu = ../../Zpubkeys/makefu.ssh.pub; - }; - make-public-repo = name: { desc ? null, ... }: { inherit name desc; public = true; @@ -77,7 +70,7 @@ let }; make-rules = - with git // users; + with git // config.krebs.users; repo: singleton { user = tv; @@ -95,9 +88,4 @@ let perm = fetch; }; - make-user = name: pubkey-file: { - inherit name; - pubkey = readFile pubkey-file; - }; - in out diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index fe94e09..b8722d1 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -1,11 +1,43 @@ -_: - -{ - imports = [ - ./github-hosts-sync.nix - ./git.nix - ./nginx.nix - ./retiolum.nix - ./urlwatch.nix - ]; -} +{ config, lib, ... }: + +with import ../../4lib/krebs { inherit lib; }; +let + cfg = config.krebs; + + out = { + imports = [ + ./github-hosts-sync.nix + ./git.nix + ./nginx.nix + ./retiolum.nix + ./urlwatch.nix + ]; + options.krebs = api; + config = mkIf cfg.enable imp; + }; + + api = { + users = mkOption { + type = with types; attrsOf user; + default = addNames { + lass = { + pubkey = readFile ../../Zpubkeys/lass.ssh.pub; + }; + makefu = { + pubkey = readFile ../../Zpubkeys/makefu.ssh.pub; + }; + tv = { + pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; + }; + uriel = { + pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; + }; + }; + }; + }; + + imp = { + }; + +in +out diff --git a/3modules/krebs/git.nix b/3modules/krebs/git.nix index 3c3e934..be6619b 100644 --- a/3modules/krebs/git.nix +++ b/3modules/krebs/git.nix @@ -6,8 +6,7 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with builtins; -with lib; +with import ../../4lib/krebs { inherit lib; }; let cfg = config.krebs.git; @@ -119,9 +118,6 @@ let rules = mkOption { type = types.unspecified; }; - users = mkOption { - type = types.unspecified; - }; }; git-imp = { @@ -149,7 +145,8 @@ let name = "git"; shell = "/bin/sh"; openssh.authorizedKeys.keys = - mapAttrsToList (_: makeAuthorizedKey git-ssh-command) cfg.users; + mapAttrsToList (_: makeAuthorizedKey git-ssh-command) + config.krebs.users; uid = 129318403; # genid git }; }; @@ -255,7 +252,7 @@ let isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix - makeAuthorizedKey = git-ssh-command: user@{ name, pubkey }: + makeAuthorizedKey = git-ssh-command: user@{ name, pubkey, ... }: # TODO assert name # TODO assert pubkey let diff --git a/4lib/krebs/default.nix b/4lib/krebs/default.nix index 38c2a97..0c59076 100644 --- a/4lib/krebs/default.nix +++ b/4lib/krebs/default.nix @@ -1,6 +1,14 @@ { lib, ... }: -builtins // lib // { +with builtins; +with lib; + +builtins // lib // rec { + + addName = name: set: + set // { inherit name; }; + + addNames = mapAttrs addName; types = import ./types.nix { inherit lib; }; diff --git a/4lib/krebs/types.nix b/4lib/krebs/types.nix index 9d02c77..ca92c69 100644 --- a/4lib/krebs/types.nix +++ b/4lib/krebs/types.nix @@ -81,6 +81,17 @@ types // rec { merge = mergeOneOption; }; + user = submodule { + options = { + name = mkOption { + type = str; # TODO + }; + pubkey = mkOption { + type = str; + }; + }; + }; + # TODO addr = str; addr4 = str; diff --git a/4lib/tv/default.nix b/4lib/tv/default.nix index 267a858..16888c2 100644 --- a/4lib/tv/default.nix +++ b/4lib/tv/default.nix @@ -15,16 +15,9 @@ krebs // rec { inherit pkgs; }; - addName = name: set: - set // { inherit name; }; - - addNames = mapAttrs addName; - - # "7.4.335" -> "74" majmin = with lib; x : concatStrings (take 2 (splitString "." x)); - concat = xs : if xs == [] then "" -- cgit v1.3.1 From 7f32cf635d2517db72c26842a591ae1a399a9b28 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 01:05:14 +0200 Subject: krebs.types.user += mail --- 4lib/krebs/types.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to '4lib') diff --git a/4lib/krebs/types.nix b/4lib/krebs/types.nix index ca92c69..3d3d75a 100644 --- a/4lib/krebs/types.nix +++ b/4lib/krebs/types.nix @@ -83,6 +83,9 @@ types // rec { user = submodule { options = { + mail = mkOption { + type = str; # TODO retiolum mail address + }; name = mkOption { type = str; # TODO }; -- cgit v1.3.1 From 0906cdb433fe5b8c67c2956c475a9b6d340a260f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Jul 2015 02:14:44 +0200 Subject: {3 -> 4} krebs {listset,tree} --- 3modules/krebs/default.nix | 19 ++----------------- 4lib/krebs/default.nix | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 17 deletions(-) (limited to '4lib') diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index 43e7e4c..33c1088 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -68,27 +68,12 @@ let de.krebsco = "ovh"; }; - # splitByProvider : [alias] -> set providername [alias] - splitByProvider = foldl (acc: alias: insert (providerOf alias) alias acc) {}; + # splitByProvider : [alias] -> listset providername alias + splitByProvider = foldl (acc: alias: listset-insert (providerOf alias) alias acc) {}; # providerOf : alias -> providername providerOf = alias: tree-get (splitString "." alias) providers; - - # insert : k -> v -> set k [v] -> set k [v] - insert = name: value: set: - set // { ${name} = set.${name} or [] ++ [value]; }; - - # tree k v = set k (either v (tree k v)) - - # tree-get : [k] -> tree k v -> v - tree-get = path: x: - let - y = x.${last path}; - in - if typeOf y != "set" - then y - else tree-get (init path) y; in concatStringsSep "\n" (flatten ( # TODO deepMap ["hosts" "nets"] (hostname: host: netname: net: diff --git a/4lib/krebs/default.nix b/4lib/krebs/default.nix index 0c59076..0c42a5d 100644 --- a/4lib/krebs/default.nix +++ b/4lib/krebs/default.nix @@ -12,4 +12,22 @@ builtins // lib // rec { types = import ./types.nix { inherit lib; }; + + # listset k v = set k [v] + + # listset-insert : k -> v -> listset k v -> listset k v + listset-insert = name: value: set: + set // { ${name} = set.${name} or [] ++ [value]; }; + + # tree k v = set k (either v (tree k v)) + + # tree-get : [k] -> tree k v -> v + tree-get = path: x: + let + y = x.${last path}; + in + if typeOf y != "set" + then y + else tree-get (init path) y; + } -- cgit v1.3.1