diff options
-rw-r--r-- | modules/private/buildbot/common/build_helpers.py (renamed from nixops/modules/buildbot/common/build_helpers.py) | 0 | ||||
-rw-r--r-- | modules/private/buildbot/common/master.cfg (renamed from nixops/modules/buildbot/common/master.cfg) | 0 | ||||
-rw-r--r-- | modules/private/buildbot/default.nix (renamed from nixops/modules/buildbot/default.nix) | 4 | ||||
-rw-r--r-- | modules/private/buildbot/projects/caldance/__init__.py (renamed from nixops/modules/buildbot/projects/caldance/__init__.py) | 0 | ||||
-rw-r--r-- | modules/private/buildbot/projects/cryptoportfolio/__init__.py (renamed from nixops/modules/buildbot/projects/cryptoportfolio/__init__.py) | 0 | ||||
-rw-r--r-- | modules/private/buildbot/projects/test/__init__.py (renamed from nixops/modules/buildbot/projects/test/__init__.py) | 0 | ||||
-rw-r--r-- | modules/private/certificates.nix (renamed from nixops/modules/certificates.nix) | 0 | ||||
-rw-r--r-- | modules/private/default.nix | 12 | ||||
-rw-r--r-- | modules/private/dns.nix (renamed from nixops/modules/dns.nix) | 0 | ||||
-rw-r--r-- | modules/private/ftp.nix (renamed from nixops/modules/ftp.nix) | 0 | ||||
-rw-r--r-- | modules/private/gitolite/default.nix (renamed from nixops/modules/gitolite/default.nix) | 4 | ||||
-rwxr-xr-x | modules/private/gitolite/gitolite_ldap_groups.sh (renamed from nixops/modules/gitolite/gitolite_ldap_groups.sh) | 0 | ||||
-rw-r--r-- | modules/private/mail.nix (renamed from nixops/modules/mail.nix) | 0 | ||||
-rw-r--r-- | modules/private/mpd.nix (renamed from nixops/modules/mpd.nix) | 0 | ||||
-rw-r--r-- | modules/private/pub/default.nix (renamed from nixops/modules/pub/default.nix) | 4 | ||||
-rw-r--r-- | modules/private/pub/restrict (renamed from nixops/modules/pub/restrict) | 0 | ||||
-rw-r--r-- | modules/private/pub/tmux.restrict.conf (renamed from nixops/modules/pub/tmux.restrict.conf) | 0 | ||||
-rw-r--r-- | modules/private/ssh/default.nix (renamed from nixops/modules/ssh/default.nix) | 0 | ||||
-rwxr-xr-x | modules/private/ssh/ldap_authorized_keys.sh (renamed from nixops/modules/ssh/ldap_authorized_keys.sh) | 0 | ||||
-rw-r--r-- | modules/private/system.nix | 30 | ||||
-rw-r--r-- | modules/private/tasks/default.nix (renamed from nixops/modules/task/default.nix) | 4 | ||||
-rw-r--r-- | modules/private/tasks/www/index.php (renamed from nixops/modules/task/www/index.php) | 0 | ||||
-rw-r--r-- | modules/private/websites/tools/git/default.nix | 4 | ||||
-rw-r--r-- | nixops/eldiron.nix | 48 |
24 files changed, 60 insertions, 50 deletions
diff --git a/nixops/modules/buildbot/common/build_helpers.py b/modules/private/buildbot/common/build_helpers.py index 384b1ac..384b1ac 100644 --- a/nixops/modules/buildbot/common/build_helpers.py +++ b/modules/private/buildbot/common/build_helpers.py | |||
diff --git a/nixops/modules/buildbot/common/master.cfg b/modules/private/buildbot/common/master.cfg index abe08e0..abe08e0 100644 --- a/nixops/modules/buildbot/common/master.cfg +++ b/modules/private/buildbot/common/master.cfg | |||
diff --git a/nixops/modules/buildbot/default.nix b/modules/private/buildbot/default.nix index 60279b7..fa6a6f2 100644 --- a/nixops/modules/buildbot/default.nix +++ b/modules/private/buildbot/default.nix | |||
@@ -14,7 +14,7 @@ let | |||
14 | in | 14 | in |
15 | { | 15 | { |
16 | options = { | 16 | options = { |
17 | services.buildbot.enable = lib.mkOption { | 17 | myServices.buildbot.enable = lib.mkOption { |
18 | type = lib.types.bool; | 18 | type = lib.types.bool; |
19 | default = false; | 19 | default = false; |
20 | description = '' | 20 | description = '' |
@@ -23,7 +23,7 @@ in | |||
23 | }; | 23 | }; |
24 | }; | 24 | }; |
25 | 25 | ||
26 | config = lib.mkIf config.services.buildbot.enable { | 26 | config = lib.mkIf config.myServices.buildbot.enable { |
27 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; | 27 | ids.uids.buildbot = myconfig.env.buildbot.user.uid; |
28 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; | 28 | ids.gids.buildbot = myconfig.env.buildbot.user.gid; |
29 | 29 | ||
diff --git a/nixops/modules/buildbot/projects/caldance/__init__.py b/modules/private/buildbot/projects/caldance/__init__.py index 2c0bad5..2c0bad5 100644 --- a/nixops/modules/buildbot/projects/caldance/__init__.py +++ b/modules/private/buildbot/projects/caldance/__init__.py | |||
diff --git a/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py b/modules/private/buildbot/projects/cryptoportfolio/__init__.py index 5d70f95..5d70f95 100644 --- a/nixops/modules/buildbot/projects/cryptoportfolio/__init__.py +++ b/modules/private/buildbot/projects/cryptoportfolio/__init__.py | |||
diff --git a/nixops/modules/buildbot/projects/test/__init__.py b/modules/private/buildbot/projects/test/__init__.py index e6b8d51..e6b8d51 100644 --- a/nixops/modules/buildbot/projects/test/__init__.py +++ b/modules/private/buildbot/projects/test/__init__.py | |||
diff --git a/nixops/modules/certificates.nix b/modules/private/certificates.nix index 43f6a23..43f6a23 100644 --- a/nixops/modules/certificates.nix +++ b/modules/private/certificates.nix | |||
diff --git a/modules/private/default.nix b/modules/private/default.nix index 242eeb9..894efb7 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix | |||
@@ -47,7 +47,19 @@ set = { | |||
47 | peertubeTool = ./websites/tools/peertube; | 47 | peertubeTool = ./websites/tools/peertube; |
48 | toolsTool = ./websites/tools/tools; | 48 | toolsTool = ./websites/tools/tools; |
49 | 49 | ||
50 | buildbot = ./buildbot; | ||
51 | certificates = ./certificates.nix; | ||
52 | gitolite = ./gitolite; | ||
50 | irc = ./irc.nix; | 53 | irc = ./irc.nix; |
54 | pub = ./pub; | ||
55 | tasks = ./tasks; | ||
56 | dns = ./dns.nix; | ||
57 | ftp = ./ftp.nix; | ||
58 | mail = ./mail.nix; | ||
59 | mpd = ./mpd.nix; | ||
60 | ssh = ./ssh; | ||
61 | |||
62 | system = ./system.nix; | ||
51 | }; | 63 | }; |
52 | in | 64 | in |
53 | builtins.listToAttrs (map (attr: { name = "priv${attr}"; value = set.${attr}; }) (builtins.attrNames set)) | 65 | builtins.listToAttrs (map (attr: { name = "priv${attr}"; value = set.${attr}; }) (builtins.attrNames set)) |
diff --git a/nixops/modules/dns.nix b/modules/private/dns.nix index ced8d9b..ced8d9b 100644 --- a/nixops/modules/dns.nix +++ b/modules/private/dns.nix | |||
diff --git a/nixops/modules/ftp.nix b/modules/private/ftp.nix index 842d2d6..842d2d6 100644 --- a/nixops/modules/ftp.nix +++ b/modules/private/ftp.nix | |||
diff --git a/nixops/modules/gitolite/default.nix b/modules/private/gitolite/default.nix index f085b55..b9914a1 100644 --- a/nixops/modules/gitolite/default.nix +++ b/modules/private/gitolite/default.nix | |||
@@ -1,8 +1,8 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, myconfig, ... }: |
2 | let | 2 | let |
3 | cfg = config.services.myGitolite; | 3 | cfg = config.myServices.gitolite; |
4 | in { | 4 | in { |
5 | options.services.myGitolite = { | 5 | options.myServices.gitolite = { |
6 | enable = lib.mkEnableOption "my gitolite service"; | 6 | enable = lib.mkEnableOption "my gitolite service"; |
7 | gitoliteDir = lib.mkOption { | 7 | gitoliteDir = lib.mkOption { |
8 | type = lib.types.string; | 8 | type = lib.types.string; |
diff --git a/nixops/modules/gitolite/gitolite_ldap_groups.sh b/modules/private/gitolite/gitolite_ldap_groups.sh index 7db0da4..7db0da4 100755 --- a/nixops/modules/gitolite/gitolite_ldap_groups.sh +++ b/modules/private/gitolite/gitolite_ldap_groups.sh | |||
diff --git a/nixops/modules/mail.nix b/modules/private/mail.nix index 611c8b4..611c8b4 100644 --- a/nixops/modules/mail.nix +++ b/modules/private/mail.nix | |||
diff --git a/nixops/modules/mpd.nix b/modules/private/mpd.nix index 9903bdf..9903bdf 100644 --- a/nixops/modules/mpd.nix +++ b/modules/private/mpd.nix | |||
diff --git a/nixops/modules/pub/default.nix b/modules/private/pub/default.nix index cdc68db..c31c8eb 100644 --- a/nixops/modules/pub/default.nix +++ b/modules/private/pub/default.nix | |||
@@ -1,7 +1,7 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, myconfig, ... }: |
2 | { | 2 | { |
3 | options = { | 3 | options = { |
4 | services.pub.enable = lib.mkOption { | 4 | myServices.pub.enable = lib.mkOption { |
5 | type = lib.types.bool; | 5 | type = lib.types.bool; |
6 | default = false; | 6 | default = false; |
7 | description = '' | 7 | description = '' |
@@ -10,7 +10,7 @@ | |||
10 | }; | 10 | }; |
11 | }; | 11 | }; |
12 | 12 | ||
13 | config = lib.mkIf config.services.pub.enable { | 13 | config = lib.mkIf config.myServices.pub.enable { |
14 | users.users.pub = let | 14 | users.users.pub = let |
15 | restrict = pkgs.runCommand "restrict" { | 15 | restrict = pkgs.runCommand "restrict" { |
16 | file = ./restrict; | 16 | file = ./restrict; |
diff --git a/nixops/modules/pub/restrict b/modules/private/pub/restrict index b2f3be3..b2f3be3 100644 --- a/nixops/modules/pub/restrict +++ b/modules/private/pub/restrict | |||
diff --git a/nixops/modules/pub/tmux.restrict.conf b/modules/private/pub/tmux.restrict.conf index 5aefd1c..5aefd1c 100644 --- a/nixops/modules/pub/tmux.restrict.conf +++ b/modules/private/pub/tmux.restrict.conf | |||
diff --git a/nixops/modules/ssh/default.nix b/modules/private/ssh/default.nix index beedaff..beedaff 100644 --- a/nixops/modules/ssh/default.nix +++ b/modules/private/ssh/default.nix | |||
diff --git a/nixops/modules/ssh/ldap_authorized_keys.sh b/modules/private/ssh/ldap_authorized_keys.sh index d556452..d556452 100755 --- a/nixops/modules/ssh/ldap_authorized_keys.sh +++ b/modules/private/ssh/ldap_authorized_keys.sh | |||
diff --git a/modules/private/system.nix b/modules/private/system.nix new file mode 100644 index 0000000..fba504e --- /dev/null +++ b/modules/private/system.nix | |||
@@ -0,0 +1,30 @@ | |||
1 | { pkgs, privateFiles, ... }: | ||
2 | { | ||
3 | config = { | ||
4 | nixpkgs.overlays = builtins.attrValues (import ../../overlays); | ||
5 | _module.args = { | ||
6 | pkgsNext = import <nixpkgsNext> {}; | ||
7 | pkgsPrevious = import <nixpkgsPrevious> {}; | ||
8 | myconfig = { | ||
9 | inherit privateFiles; | ||
10 | env = import "${privateFiles}/environment.nix"; | ||
11 | }; | ||
12 | }; | ||
13 | |||
14 | services.journald.extraConfig = '' | ||
15 | MaxLevelStore="warning" | ||
16 | MaxRetentionSec="1year" | ||
17 | ''; | ||
18 | |||
19 | users.users.root.packages = [ | ||
20 | pkgs.telnet | ||
21 | pkgs.htop | ||
22 | pkgs.iftop | ||
23 | ]; | ||
24 | |||
25 | environment.systemPackages = [ | ||
26 | pkgs.vim | ||
27 | ]; | ||
28 | |||
29 | }; | ||
30 | } | ||
diff --git a/nixops/modules/task/default.nix b/modules/private/tasks/default.nix index 9aeaa3f..30f49ee 100644 --- a/nixops/modules/task/default.nix +++ b/modules/private/tasks/default.nix | |||
@@ -1,6 +1,6 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, myconfig, ... }: |
2 | let | 2 | let |
3 | cfg = config.services.myTasks; | 3 | cfg = config.myServices.tasks; |
4 | server_vardir = config.services.taskserver.dataDir; | 4 | server_vardir = config.services.taskserver.dataDir; |
5 | fqdn = "task.immae.eu"; | 5 | fqdn = "task.immae.eu"; |
6 | user = config.services.taskserver.user; | 6 | user = config.services.taskserver.user; |
@@ -81,7 +81,7 @@ let | |||
81 | echo "Please login" > $out/index.html | 81 | echo "Please login" > $out/index.html |
82 | ''; | 82 | ''; |
83 | in { | 83 | in { |
84 | options.services.myTasks = { | 84 | options.myServices.tasks = { |
85 | enable = lib.mkEnableOption "my tasks service"; | 85 | enable = lib.mkEnableOption "my tasks service"; |
86 | }; | 86 | }; |
87 | 87 | ||
diff --git a/nixops/modules/task/www/index.php b/modules/private/tasks/www/index.php index deaf8af..deaf8af 100644 --- a/nixops/modules/task/www/index.php +++ b/modules/private/tasks/www/index.php | |||
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix index 3e8b605..75d0240 100644 --- a/modules/private/websites/tools/git/default.nix +++ b/modules/private/websites/tools/git/default.nix | |||
@@ -4,7 +4,9 @@ let | |||
4 | inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins; | 4 | inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins; |
5 | env = myconfig.env.tools.mantisbt; | 5 | env = myconfig.env.tools.mantisbt; |
6 | }; | 6 | }; |
7 | gitweb = pkgs.callPackage ./gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; }; | 7 | gitweb = pkgs.callPackage ./gitweb.nix { |
8 | gitoliteDir = config.myServices.gitolite.gitoliteDir; | ||
9 | }; | ||
8 | 10 | ||
9 | cfg = config.myServices.websites.tools.git; | 11 | cfg = config.myServices.websites.tools.git; |
10 | in { | 12 | in { |
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix index 69231d1..51af1f6 100644 --- a/nixops/eldiron.nix +++ b/nixops/eldiron.nix | |||
@@ -7,17 +7,8 @@ | |||
7 | 7 | ||
8 | eldiron = { config, pkgs, myconfig, ... }: | 8 | eldiron = { config, pkgs, myconfig, ... }: |
9 | { | 9 | { |
10 | nixpkgs.overlays = builtins.attrValues (import ../overlays); | ||
11 | _module.args = { | ||
12 | pkgsNext = import <nixpkgsNext> {}; | ||
13 | pkgsPrevious = import <nixpkgsPrevious> {}; | ||
14 | myconfig = { | ||
15 | inherit privateFiles; | ||
16 | env = import "${privateFiles}/environment.nix"; | ||
17 | }; | ||
18 | }; | ||
19 | |||
20 | boot.kernelPackages = pkgs.linuxPackages_latest; | 10 | boot.kernelPackages = pkgs.linuxPackages_latest; |
11 | _module.args.privateFiles = privateFiles; | ||
21 | 12 | ||
22 | networking = { | 13 | networking = { |
23 | firewall.enable = true; | 14 | firewall.enable = true; |
@@ -30,30 +21,15 @@ | |||
30 | myconfig.env.servers.eldiron.ips); | 21 | myconfig.env.servers.eldiron.ips); |
31 | }; | 22 | }; |
32 | 23 | ||
33 | imports = [ | 24 | imports = builtins.attrValues (import ../modules); |
34 | ./modules/ssh | 25 | |
35 | ./modules/certificates.nix | 26 | myServices.buildbot.enable = true; |
36 | ./modules/gitolite | ||
37 | ./modules/mpd.nix | ||
38 | ./modules/mail.nix | ||
39 | ./modules/ftp.nix | ||
40 | ./modules/pub | ||
41 | ./modules/task | ||
42 | ./modules/buildbot | ||
43 | ./modules/dns.nix | ||
44 | ] ++ (builtins.attrValues (import ../modules)); | ||
45 | myServices.databases.enable = true; | 27 | myServices.databases.enable = true; |
28 | myServices.gitolite.enable = true; | ||
46 | myServices.irc.enable = true; | 29 | myServices.irc.enable = true; |
47 | services.myGitolite.enable = true; | 30 | myServices.pub.enable = true; |
31 | myServices.tasks.enable = true; | ||
48 | services.pure-ftpd.enable = true; | 32 | services.pure-ftpd.enable = true; |
49 | services.pub.enable = true; | ||
50 | services.myTasks.enable = true; | ||
51 | services.buildbot.enable = true; | ||
52 | |||
53 | services.journald.extraConfig = '' | ||
54 | MaxLevelStore="warning" | ||
55 | MaxRetentionSec="1year" | ||
56 | ''; | ||
57 | 33 | ||
58 | deployment = { | 34 | deployment = { |
59 | targetEnv = "hetzner"; | 35 | targetEnv = "hetzner"; |
@@ -75,16 +51,6 @@ | |||
75 | }; | 51 | }; |
76 | }; | 52 | }; |
77 | 53 | ||
78 | users.users.root.packages = [ | ||
79 | pkgs.telnet | ||
80 | pkgs.htop | ||
81 | pkgs.iftop | ||
82 | ]; | ||
83 | |||
84 | environment.systemPackages = [ | ||
85 | pkgs.vim | ||
86 | ]; | ||
87 | |||
88 | services.cron = { | 54 | services.cron = { |
89 | enable = true; | 55 | enable = true; |
90 | systemCronJobs = [ | 56 | systemCronJobs = [ |