From ede66e5d5ba5a74f4af7a9fb8479e2016faeb67f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 18 Jun 2017 16:22:32 +0200
Subject: xu: use krebszones, thanks 1ec7dab!

---
 tv/1systems/xu.nix | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

(limited to 'tv')

diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index bfd59531a..d40d8ef56 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -35,6 +35,7 @@ with import <stockholm/lib>;
         haskellPackages.hledger
         htop
         jq
+        krebszones
         mkpasswd
         netcat
         netcup
@@ -47,18 +48,6 @@ with import <stockholm/lib>;
         texlive.combined.scheme-full
         tmux
 
-        (pkgs.writeDashBin "krebszones" ''
-          set -efu
-          export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
-          case $* in
-            import)
-              set -- import /etc/zones/krebsco.de krebsco.de
-              echo "+ krebszones $*" >&2
-              ;;
-          esac
-          exec ${pkgs.krebszones}/bin/ovh-zone "$@"
-        '')
-
         #ack
         #apache-httpd
         #ascii
-- 
cgit v1.2.3


From bae426857eb956fa6941f0a0b3703ee8ab401792 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 18 Jun 2017 18:55:07 +0200
Subject: krebs: update ciko's mail address

---
 tv/1systems/xu.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'tv')

diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index d40d8ef56..3add01748 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -28,6 +28,7 @@ with import <stockholm/lib>;
         # tv
         bc
         bind # dig
+        brain
         cac-api
         dic
         file
-- 
cgit v1.2.3


From 3e4e5e5c098341667087eb1255912c40f3371863 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 19 Jun 2017 01:00:36 +0200
Subject: tv: admit dummy_secrets

---
 tv/2configs/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'tv')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index b1d739ef3..b6c8e4393 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -9,7 +9,10 @@ with import <stockholm/lib>;
     user = config.krebs.users.tv;
     source = let inherit (config.krebs.build) host; in {
       nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix";
-      secrets.file = "/home/tv/secrets/${host.name}";
+      secrets.file =
+        if getEnv "dummy_secrets" == "true"
+          then toString <stockholm/null>
+          else "/home/tv/secrets/${host.name}";
       secrets-common.file = "/home/tv/secrets/common";
       stockholm.file = "/home/tv/stockholm";
       nixpkgs.git = {
-- 
cgit v1.2.3


From f6bb11676deb080096ba5ce335df82d6a0b3ac9c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 19 Jun 2017 01:01:04 +0200
Subject: tv nixpkgs: 99dfb6d -> 412b0a1

---
 tv/2configs/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tv')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index b6c8e4393..13fc73aa7 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -17,7 +17,7 @@ with import <stockholm/lib>;
       stockholm.file = "/home/tv/stockholm";
       nixpkgs.git = {
         url = https://github.com/NixOS/nixpkgs;
-        ref = "99dfb6dce37edcd1db7cb85c2db97089d9d5f442"; # nixos-17.03
+        ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03
       };
     } // optionalAttrs host.secure {
       secrets-master.file = "/home/tv/secrets/master";
-- 
cgit v1.2.3


From 094feb9b4ac1334f6d1390592a52c755083e57d0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 19 Jun 2017 01:01:29 +0200
Subject: tv: add whatsupnix

---
 tv/2configs/default.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'tv')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 13fc73aa7..93b9c0122 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -44,6 +44,7 @@ with import <stockholm/lib>;
         gnumake
         hashPassword
         populate
+        whatsupnix
       ];
     }
     {
-- 
cgit v1.2.3


From f2e151ba2443eb0cfeb45f05e4699082769cdbc9 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 19 Jun 2017 22:46:26 +0200
Subject: tv gitrepos: announce brain

---
 tv/2configs/gitrepos.nix | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'tv')

diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 13b12986c..7e059cc46 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -90,28 +90,31 @@ let {
     {
       brain = {
         collaborators = with config.krebs.users; [ lass makefu ];
+        hooks.post-receive = irc-announce-retiolum;
       };
     } //
     # TODO don't put secrets/repos.nix into the store
     import <secrets/repos.nix> { inherit config lib pkgs; }
   );
 
+  irc-announce-retiolum = pkgs.git-hooks.irc-announce {
+    # TODO make nick = config.krebs.build.host.name the default
+    nick = config.krebs.build.host.name;
+    channel = "#retiolum";
+    server = "ni.r";
+    verbose = true;
+  };
+
   make-public-repo = name: { cgit ? {}, ... }: {
     inherit cgit name;
     public = true;
     hooks = optionalAttrs (config.krebs.build.host.name == "ni") {
-      post-receive = pkgs.git-hooks.irc-announce {
-        # TODO make nick = config.krebs.build.host.name the default
-        nick = config.krebs.build.host.name;
-        channel = "#retiolum";
-        server = "ni.r";
-        verbose = true;
-      };
+      post-receive = irc-announce-retiolum;
     };
   };
 
-  make-restricted-repo = name: { collaborators ? [], ... }: {
-    inherit collaborators name;
+  make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: {
+    inherit collaborators hooks name;
     public = false;
   };
 
-- 
cgit v1.2.3


From 7cdd99f2b777f2335bfac1cfb686c07add288b05 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 19 Jun 2017 23:07:51 +0200
Subject: gitrepos: don't announce brain's cgit link

Because it's not accessible anyway.
---
 tv/2configs/gitrepos.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'tv')

diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 7e059cc46..b6480f356 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -90,26 +90,28 @@ let {
     {
       brain = {
         collaborators = with config.krebs.users; [ lass makefu ];
-        hooks.post-receive = irc-announce-retiolum;
+        hooks.post-receive = irc-announce {
+          cgit_endpoint = null;
+        };
       };
     } //
     # TODO don't put secrets/repos.nix into the store
     import <secrets/repos.nix> { inherit config lib pkgs; }
   );
 
-  irc-announce-retiolum = pkgs.git-hooks.irc-announce {
+  irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate {
+    channel = "#retiolum";
     # TODO make nick = config.krebs.build.host.name the default
     nick = config.krebs.build.host.name;
-    channel = "#retiolum";
     server = "ni.r";
     verbose = true;
-  };
+  } args);
 
   make-public-repo = name: { cgit ? {}, ... }: {
     inherit cgit name;
     public = true;
     hooks = optionalAttrs (config.krebs.build.host.name == "ni") {
-      post-receive = irc-announce-retiolum;
+      post-receive = irc-announce {};
     };
   };
 
-- 
cgit v1.2.3


From 57c6b890f9088bb333eeab215ecfeca9d09ce3ef Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 20 Jun 2017 00:02:04 +0200
Subject: tv dummy_secrets: init

---
 tv/2configs/default.nix         | 2 +-
 tv/dummy_secrets/default.nix    | 8 ++++++++
 tv/dummy_secrets/repos.nix      | 1 +
 tv/dummy_secrets/ssh.id_ed25519 | 3 +++
 tv/dummy_secrets/ssh.id_rsa     | 3 +++
 5 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 tv/dummy_secrets/default.nix
 create mode 100644 tv/dummy_secrets/repos.nix
 create mode 100644 tv/dummy_secrets/ssh.id_ed25519
 create mode 100644 tv/dummy_secrets/ssh.id_rsa

(limited to 'tv')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 93b9c0122..4a1247ef5 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
       nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix";
       secrets.file =
         if getEnv "dummy_secrets" == "true"
-          then toString <stockholm/null>
+          then toString <stockholm/tv/dummy_secrets>
           else "/home/tv/secrets/${host.name}";
       secrets-common.file = "/home/tv/secrets/common";
       stockholm.file = "/home/tv/stockholm";
diff --git a/tv/dummy_secrets/default.nix b/tv/dummy_secrets/default.nix
new file mode 100644
index 000000000..ab90db55c
--- /dev/null
+++ b/tv/dummy_secrets/default.nix
@@ -0,0 +1,8 @@
+{ config, ... }:
+{
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.tv.pubkey
+    ];
+  };
+}
diff --git a/tv/dummy_secrets/repos.nix b/tv/dummy_secrets/repos.nix
new file mode 100644
index 000000000..eed712458
--- /dev/null
+++ b/tv/dummy_secrets/repos.nix
@@ -0,0 +1 @@
+_: {}
diff --git a/tv/dummy_secrets/ssh.id_ed25519 b/tv/dummy_secrets/ssh.id_ed25519
new file mode 100644
index 000000000..a7d2adab4
--- /dev/null
+++ b/tv/dummy_secrets/ssh.id_ed25519
@@ -0,0 +1,3 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+dummy
+-----END OPENSSH PRIVATE KEY-----
diff --git a/tv/dummy_secrets/ssh.id_rsa b/tv/dummy_secrets/ssh.id_rsa
new file mode 100644
index 000000000..dd7209c2e
--- /dev/null
+++ b/tv/dummy_secrets/ssh.id_rsa
@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+dummy
+-----END RSA PRIVATE KEY-----
-- 
cgit v1.2.3