From 8a7e4b95c23c45b9d341f38b7bb96c3acfecff8a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 06:05:49 +0100 Subject: tv.ejabberd: refactor --- tv/3modules/ejabberd/default.nix | 76 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 tv/3modules/ejabberd/default.nix (limited to 'tv/3modules/ejabberd/default.nix') diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix new file mode 100644 index 000000000..51a3060fd --- /dev/null +++ b/tv/3modules/ejabberd/default.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }@args: with config.krebs.lib; let + cfg = config.tv.ejabberd; +in { + options.tv.ejabberd = { + enable = mkEnableOption "tv.ejabberd"; + certfile = mkOption { + type = types.secret-file; + default = { + path = "${cfg.user.home}/ejabberd.pem"; + owner-name = "ejabberd"; + source-path = toString + "/ejabberd.pem"; + }; + }; + hosts = mkOption { + type = with types; listOf str; + }; + pkgs.ejabberdctl = mkOption { + type = types.package; + default = pkgs.writeDashBin "ejabberdctl" '' + set -efu + export SPOOLDIR=${shell.escape cfg.user.home} + export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} + exec ${pkgs.ejabberd}/bin/ejabberdctl \ + --logs ${shell.escape cfg.user.home} \ + "$@" + ''; + }; + s2s_certfile = mkOption { + type = types.secret-file; + default = cfg.certfile; + }; + user = mkOption { + type = types.submodule { + options = { + name = mkOption { + type = types.str; + default = "ejabberd"; + }; + home = mkOption { + type = types.str; + default = "/var/ejabberd"; + }; + }; + }; + default = {}; + }; + }; + config = lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + + krebs.secret.files = { + ejabberd-certfile = cfg.certfile; + ejabberd-s2s_certfile = cfg.s2s_certfile; + }; + + systemd.services.ejabberd = { + wantedBy = [ "multi-user.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + PermissionsStartOnly = "true"; + SyslogIdentifier = "ejabberd"; + User = cfg.user.name; + ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start"; + }; + }; + + users.users.${cfg.user.name} = { + inherit (cfg.user) home name; + createHome = true; + uid = genid cfg.user.name; + }; + }; +} -- cgit v1.3.1 From c5f18dfdfe9874ba48834447c8d3259b115c1357 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 06:39:12 +0100 Subject: tv.{charybdis,ejabberd}.user :: user --- tv/3modules/charybdis/default.nix | 11 +---------- tv/3modules/ejabberd/default.nix | 16 ++++------------ 2 files changed, 5 insertions(+), 22 deletions(-) (limited to 'tv/3modules/ejabberd/default.nix') diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 0bab69529..5cb0c55b7 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -35,16 +35,7 @@ in { default = 6697; }; user = mkOption { - type = types.submodule { - options = { - name = mkOption { - type = types.str; - }; - home = mkOption { - type = types.str; - }; - }; - }; + type = types.user; default = { name = "charybdis"; home = "/var/lib/charybdis"; diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index 51a3060fd..4077da286 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -30,19 +30,11 @@ in { default = cfg.certfile; }; user = mkOption { - type = types.submodule { - options = { - name = mkOption { - type = types.str; - default = "ejabberd"; - }; - home = mkOption { - type = types.str; - default = "/var/ejabberd"; - }; - }; + type = types.user; + default = { + name = "ejabberd"; + home = "/var/ejabberd"; }; - default = {}; }; }; config = lib.mkIf cfg.enable { -- cgit v1.3.1 From 05be525be6d0896b155da7305b2cee950fb3530e Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 06:56:57 +0100 Subject: krebs.types.user: add uid :: int --- krebs/3modules/tv/default.nix | 1 + krebs/4lib/default.nix | 2 +- krebs/4lib/types.nix | 4 ++++ tv/2configs/default.nix | 4 ++-- tv/3modules/charybdis/default.nix | 3 +-- tv/3modules/ejabberd/default.nix | 3 +-- 6 files changed, 10 insertions(+), 7 deletions(-) (limited to 'tv/3modules/ejabberd/default.nix') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 1a9198b4e..b0011ccf7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -354,6 +354,7 @@ with config.krebs.lib; tv = { mail = "tv@nomic.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"; + uid = 1337; # TODO use default }; tv-nomic = { inherit (tv) mail; diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index d5b6d03ac..8e5cab71f 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -15,7 +15,7 @@ let out = rec { addNames = mapAttrs addName; - types = import ./types.nix { inherit lib; }; + types = import ./types.nix { lib = lib // { inherit genid; }; }; dir.has-default-nix = path: pathExists (path + "/default.nix"); diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 41af1cd4f..422627296 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -179,6 +179,10 @@ types // rec { pubkey = mkOption { type = str; }; + uid = mkOption { + type = int; + default = genid config.name; + }; }; }); diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 13699a3d5..5a1e90bc4 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -40,8 +40,8 @@ with config.krebs.lib; mutableUsers = false; users = { tv = { + inherit (config.krebs.users.tv) home uid; isNormalUser = true; - uid = 1337; extraGroups = [ "tv" ]; }; }; @@ -124,7 +124,7 @@ with config.krebs.lib; 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 1337) + ${toString config.krebs.users.tv.uid}) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; *) diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 5cb0c55b7..87cb37ef4 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -73,9 +73,8 @@ in { }; users.users.${cfg.user.name} = { - inherit (cfg.user) home name; + inherit (cfg.user) home name uid; createHome = true; - uid = genid cfg.user.name; }; }; } diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index 4077da286..da108eb52 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -60,9 +60,8 @@ in { }; users.users.${cfg.user.name} = { - inherit (cfg.user) home name; + inherit (cfg.user) home name uid; createHome = true; - uid = genid cfg.user.name; }; }; } -- cgit v1.3.1 From e3ddf995e92985ee14dab5735ac55045c166aaaf Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 07:18:13 +0100 Subject: krebs types.secret-file: owner-name -> owner :: user --- krebs/3modules/default.nix | 7 +++++++ krebs/3modules/secret.nix | 2 +- krebs/4lib/types.nix | 10 ++++++++-- tv/3modules/charybdis/default.nix | 4 ++-- tv/3modules/ejabberd/default.nix | 2 +- 5 files changed, 19 insertions(+), 6 deletions(-) (limited to 'tv/3modules/ejabberd/default.nix') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index df1c7db63..7a343d333 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -104,6 +104,13 @@ let retiolum = "hosts"; }; + krebs.users.root = { + home = "/root"; + name = "root"; + pubkey = config.krebs.build.host.ssh.pubkey; + uid = 0; + }; + networking.extraHosts = concatStringsSep "\n" (flatten ( mapAttrsToList (hostname: host: mapAttrsToList (netname: net: diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 46802a661..579f375f3 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -25,7 +25,7 @@ in { --compare \ --verbose \ --mode=${shell.escape file.mode} \ - --owner=${shell.escape file.owner-name} \ + --owner=${shell.escape file.owner.name} \ --group=${shell.escape file.group-name} \ ${shell.escape file.source-path} \ ${shell.escape file.path} \ diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 422627296..7792b31d5 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -147,8 +147,14 @@ types // rec { options = { path = mkOption { type = str; }; mode = mkOption { type = str; default = "0400"; }; - owner-name = mkOption { type = str; default = "root"; }; - group-name = mkOption { type = str; default = "root"; }; + owner = mkOption { + type = user; + default = config.krebs.users.root; + }; + group-name = mkOption { + type = str; + default = "root"; + }; source-path = mkOption { type = str; default = toString + "/${config._module.args.name}"; diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 87cb37ef4..3af971cd4 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -18,7 +18,7 @@ in { type = types.secret-file; default = { path = "${cfg.user.home}/dh.pem"; - owner-name = "charybdis"; + owner = cfg.user; source-path = toString + "/charybdis.dh.pem"; }; }; @@ -26,7 +26,7 @@ in { type = types.secret-file; default = { path = "${cfg.user.home}/ssl.key.pem"; - owner-name = "charybdis"; + owner = cfg.user; source-path = toString + "/charybdis.key.pem"; }; }; diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index da108eb52..95ea24be1 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -7,7 +7,7 @@ in { type = types.secret-file; default = { path = "${cfg.user.home}/ejabberd.pem"; - owner-name = "ejabberd"; + owner = cfg.user; source-path = toString + "/ejabberd.pem"; }; }; -- cgit v1.3.1