From 93606315b99a2540c5859d93eb2377ae32fa6506 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 4 Aug 2020 21:25:09 +0200 Subject: shack/share: downgrade samba security --- krebs/2configs/shack/share.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index 247b9ee7d..465d6ef69 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -33,6 +33,10 @@ printing = bsd printcap name = /dev/null disable spoolss = yes + + # for legacy systems + client min protocol = NT1 + server min protocol = NT1 ''; }; } -- cgit v1.2.3 From 57e21968fcef02ddbaf0d87a06358542232b4d90 Mon Sep 17 00:00:00 2001 From: Neos Date: Mon, 10 Aug 2020 20:16:12 +0200 Subject: =?UTF-8?q?Changed=20Gie=C3=9Fzeit=20to=2010=20seconds?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- krebs/2configs/shack/glados/multi/wasser.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index 0a7ffc41c..6f3dc98ad 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -2,7 +2,7 @@ # switch.crafting_giesskanne_relay let glados = import ../lib; - seconds = 5; + seconds = 10; wasser = "switch.crafting_giesskanne_relay"; in { -- cgit v1.2.3 From 19cc72be381b5718af90418cff45635f94a2012a Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 19:14:52 +0200 Subject: wiki: announce changes in #xxx, serve with cgit --- krebs/2configs/wiki.nix | 64 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 2 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 2350e711e..dc6de2efd 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,9 +1,26 @@ -{ config, ... }: +{ config, pkgs, ... }: +with import ; { - services.gollum = { + krebs.gollum = { enable = true; + extraConfig = '' + Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| + system('${toString (pkgs.writers.writeDash "debuglol" '' + export PATH=${makeBinPath [ pkgs.git ]} + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + cd ${config.krebs.gollum.stateDir} + if ! url=$(git config remote.origin.url); then + git remote add origin git@localhost:gollum + elif test "$url" != 'git@localhost:gollum'; then + git remote set-url origin git@localhost:gollum + fi + git push origin master + '')}') + end + ''; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; @@ -16,4 +33,47 @@ ''; }; }; + + krebs.git = { + enable = true; + cgit.settings = { + root-title = "krebs repos"; + }; + rules = with git; [ + { + user = [ + { + name = "gollum"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6"; + } + config.krebs.users.lass-mors + ]; + repo = [ config.krebs.git.repos.gollum ]; + perm = push ''refs/*'' [ create merge ]; + } + ]; + repos.gollum = { + public = true; + name = "gollum"; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + channel = "#xxx"; + refs = [ + "refs/heads/master" + "refs/heads/newest" + "refs/tags/*" + ]; + nick = config.networking.hostName; + server = "irc.r"; + verbose = true; + }; + }; + }; + }; + + krebs.secret.files.gollum = { + path = "${config.krebs.gollum.stateDir}/.ssh/id_ed25519"; + owner = { name = "gollum"; }; + source-path = "${}"; + }; } -- cgit v1.2.3 From 514ba4d303e663529f347d5c3adbaece0f94361b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 20:49:54 +0200 Subject: wiki: rename repo to wiki --- krebs/2configs/wiki.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index dc6de2efd..ad88d666b 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -6,14 +6,15 @@ with import ; enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| - system('${toString (pkgs.writers.writeDash "debuglol" '' + system('${toString (pkgs.writers.writeDash "push_cgit" '' export PATH=${makeBinPath [ pkgs.git ]} export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + repo='git@localhost:wiki' cd ${config.krebs.gollum.stateDir} if ! url=$(git config remote.origin.url); then - git remote add origin git@localhost:gollum - elif test "$url" != 'git@localhost:gollum'; then - git remote set-url origin git@localhost:gollum + git remote add origin "$repo" + elif test "$url" != "$repo"; then + git remote set-url origin "$repo" fi git push origin master '')}') @@ -48,13 +49,13 @@ with import ; } config.krebs.users.lass-mors ]; - repo = [ config.krebs.git.repos.gollum ]; + repo = [ config.krebs.git.repos.wiki ]; perm = push ''refs/*'' [ create merge ]; } ]; - repos.gollum = { + repos.wiki = { public = true; - name = "gollum"; + name = "wiki"; hooks = { post-receive = pkgs.git-hooks.irc-announce { channel = "#xxx"; -- cgit v1.2.3 From 03939b14e1d5820bee8c43d63b34c6e3e0e5eac4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Aug 2020 22:52:37 +0200 Subject: wiki: allow push to git --- krebs/2configs/wiki.nix | 70 +++++++++++++++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 26 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index ad88d666b..e4f05a6e6 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -1,23 +1,37 @@ { config, pkgs, ... }: with import ; +let + setupGit = '' + export PATH=${makeBinPath [ pkgs.git ]} + export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' + repo='git@localhost:wiki' + cd ${config.krebs.gollum.stateDir} + if ! url=$(git config remote.origin.url); then + git remote add origin "$repo" + elif test "$url" != "$repo"; then + git remote set-url origin "$repo" + fi + ''; + + pushGollum = pkgs.writeDash "push_gollum" '' + ${setupGit} + git fetch origin + git merge --ff-only origin/master + ''; + + pushCgit = pkgs.writeDash "push_cgit" '' + ${setupGit} + git push origin master + ''; + +in { krebs.gollum = { enable = true; extraConfig = '' Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1| - system('${toString (pkgs.writers.writeDash "push_cgit" '' - export PATH=${makeBinPath [ pkgs.git ]} - export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i ${config.krebs.gollum.stateDir}/.ssh/id_ed25519' - repo='git@localhost:wiki' - cd ${config.krebs.gollum.stateDir} - if ! url=$(git config remote.origin.url); then - git remote add origin "$repo" - elif test "$url" != "$repo"; then - git remote set-url origin "$repo" - fi - git push origin master - '')}') + system('${pushCgit}') end ''; }; @@ -47,27 +61,27 @@ with import ; name = "gollum"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXbjDnQWg8EECsNRZZWezocMIiuENhCSQFcFUXcsOQ6"; } - config.krebs.users.lass-mors - ]; + ] ++ (attrValues config.krebs.users); repo = [ config.krebs.git.repos.wiki ]; - perm = push ''refs/*'' [ create merge ]; + perm = push ''refs/heads/master'' [ create merge ]; } ]; repos.wiki = { public = true; name = "wiki"; hooks = { - post-receive = pkgs.git-hooks.irc-announce { - channel = "#xxx"; - refs = [ - "refs/heads/master" - "refs/heads/newest" - "refs/tags/*" - ]; - nick = config.networking.hostName; - server = "irc.r"; - verbose = true; - }; + post-receive = '' + ${pkgs.git-hooks.irc-announce { + channel = "#xxx"; + refs = [ + "refs/heads/master" + ]; + nick = config.networking.hostName; + server = "irc.r"; + verbose = true; + }} + /run/wrappers/bin/sudo -S -u gollum ${pushGollum} + ''; }; }; }; @@ -77,4 +91,8 @@ with import ; owner = { name = "gollum"; }; source-path = "${}"; }; + + security.sudo.extraConfig = '' + git ALL=(gollum) NOPASSWD: ${pushGollum} + ''; } -- cgit v1.2.3 From a7f67a851b9cc2988169b96b06a9befc89de4c1c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 12 Aug 2020 23:10:48 +0200 Subject: gitlab-ci: run only on tags we have some rogue non-nix runners going around on gitlab-ci therefore we now tag the runners shacklan - inside the shack lan nix - has nix installed --- krebs/2configs/shack/gitlab-runner.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index 5f2ca02d9..bd391851a 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -14,6 +14,8 @@ in ## registrationConfigurationFile contains: # CI_SERVER_URL= # REGISTRATION_TOKEN= + # RUNNER_TAG_LIST=nix,shacklan + # RUNNER_NAME=stockholm-runner-$name registrationConfigFile = ; #gracefulTermination = true; }; -- cgit v1.2.3