summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-02-01 15:17:16 +0100
committerlassulus <lass@aidsballs.de>2016-02-01 15:17:16 +0100
commitc5441d30682e0dbe31ebc09bfff6fc0bd0056677 (patch)
tree9201c304bbe936b0e40b8526959ba519db52e154
parent7675c4ca52b4e34b9e411b6aee3b31fc129e7b50 (diff)
parenta2f2f15c5ac0e4d37f8c8e3dcbacab696c832404 (diff)
Merge remote-tracking branch 'cd/master'
-rw-r--r--Makefile22
-rw-r--r--nixpkgs/default.nix1
-rw-r--r--nixpkgs/nixos/default.nix65
l---------nixpkgs/nixos/modules1
-rw-r--r--tv/1systems/cd.nix5
-rw-r--r--tv/1systems/wu.nix2
-rw-r--r--tv/1systems/xu.nix2
-rw-r--r--tv/2configs/default.nix39
-rw-r--r--tv/5pkgs/default.nix3
-rw-r--r--tv/5pkgs/ejabberd/default.nix28
10 files changed, 145 insertions, 23 deletions
diff --git a/Makefile b/Makefile
index 5b898c5..a35d6d1 100644
--- a/Makefile
+++ b/Makefile
@@ -24,7 +24,27 @@ else ifdef system
deploy infest:;@
export get=krebs.$@
export filter=json
- make -s eval | sh
+ script=$$(make -s eval)
+ echo "$$script" | sh
+
+.PHONY: deploy2
+ifdef target
+deploy2: export target-host = $(target)
+else
+deploy2: export target-host = $(system)
+endif
+deploy2:;@
+ target=$${target-$$system}
+ result=$$(nix-instantiate \
+ --json \
+ --eval \
+ krebs/populate.nix \
+ --arg source 'with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; assert source-version == 2; source' \
+ --argstr target-host "$$target" \
+ --argstr target-path /var/src)
+ script=$$(echo "$$result" | jq -r .)
+ echo "$$script" | sh
+ ssh root@$$target nixos-rebuild switch -I /var/src
.PHONY: eval
eval:
diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix
new file mode 100644
index 0000000..92da82c
--- /dev/null
+++ b/nixpkgs/default.nix
@@ -0,0 +1 @@
+import <upstream-nixpkgs>
diff --git a/nixpkgs/nixos/default.nix b/nixpkgs/nixos/default.nix
new file mode 100644
index 0000000..6c5adf3
--- /dev/null
+++ b/nixpkgs/nixos/default.nix
@@ -0,0 +1,65 @@
+{ configuration ? import <upstream-nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>
+, system ? builtins.currentSystem
+}:
+
+let
+ eval-config = modules: import <upstream-nixpkgs/nixos/lib/eval-config.nix> {
+ inherit system;
+ modules = modules ++ [({ config, lib, ... }: with lib; {
+ imports = filter dir.has-default-nix (concatLists [
+ (map (p: p + "/2configs") [ <stockholm-private> ])
+ (map (p: p + "/3modules") [ <stockholm-krebs> <stockholm-private> ])
+ ]);
+
+ krebs.current = {
+ enable = true;
+ host = config.krebs.hosts.${readFile /proc/sys/kernel/hostname};
+ user = config.krebs.users.${getEnv "LOGNAME"};
+ };
+
+ nixpkgs.config.packageOverrides = pkgs: let
+ kpkgs = import <stockholm-krebs/5pkgs> { inherit lib pkgs; };
+ upkgs = import <stockholm-private/5pkgs> { inherit lib; pkgs = pkgs // kpkgs; };
+ in kpkgs // upkgs;
+ })];
+ specialArgs = {
+ lib = let
+ nlib = import <upstream-nixpkgs/lib> // builtins;
+ klib = nlib // import <stockholm-krebs/4lib> { lib = nlib; };
+ ulib = klib // (with klib; let p = <stockholm-private> + "/4lib"; in
+ optionalAttrs (dir.has-default-nix p)
+ (import p { lib = klib; }));
+ in ulib;
+ };
+ };
+
+ eval = eval-config [
+ configuration
+ ];
+
+ # This is for `nixos-rebuild build-vm'.
+ vm = eval-config [
+ configuration
+ <upstream-nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
+ ];
+
+ # This is for `nixos-rebuild build-vm-with-bootloader'.
+ vm-with-bootloader = eval-config [
+ configuration
+ <upstream-nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
+ { virtualisation.useBootLoader = true; }
+ ];
+in
+
+{
+ inherit (eval) config options;
+
+ system = eval.config.system.build.toplevel;
+
+ vm = vm.config.system.build.vm;
+
+ vmWithBootLoader = vm-with-bootloader.config.system.build.vm;
+
+ # The following are used by nixos-rebuild.
+ nixFallback = eval.pkgs.nixUnstable;
+}
diff --git a/nixpkgs/nixos/modules b/nixpkgs/nixos/modules
new file mode 120000
index 0000000..8fbc437
--- /dev/null
+++ b/nixpkgs/nixos/modules
@@ -0,0 +1 @@
+../../upstream-nixpkgs/nixos/modules \ No newline at end of file
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 8c2a9ae..b69d765 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -6,6 +6,11 @@ with lib;
krebs.build.host = config.krebs.hosts.cd;
krebs.build.target = "root@cd.internet";
+ krebs.build.source.upstream-nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "b7ff030";
+ };
+
imports = [
../2configs/hw/CAC-Developer-2.nix
../2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 54ceb77..3bdf8d3 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -18,7 +18,7 @@ with lib;
# stockholm
gnumake
hashPassword
- lentil
+ haskellPackages.lentil
parallel
(pkgs.writeScriptBin "im" ''
#! ${pkgs.bash}/bin/bash
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 1f3e010..e6894b5 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -21,7 +21,7 @@ with lib;
# stockholm
gnumake
hashPassword
- lentil
+ haskellPackages.lentil
parallel
(pkgs.writeScriptBin "im" ''
#! ${pkgs.bash}/bin/bash
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index d3a1778..3100770 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -8,20 +8,23 @@ with lib;
krebs.build = {
user = config.krebs.users.tv;
target = mkDefault "root@${config.krebs.build.host.name}";
- source = {
- git.nixpkgs = {
- url = mkDefault https://github.com/NixOS/nixpkgs;
- rev = mkDefault "b7ff0301d6f26bd8419e888fd0e129f3dc8bd328";
- target-path = mkDefault "/var/src/nixpkgs";
+ source-version = 2;
+ source = mapAttrs (_: mkDefault) ({
+ nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix";
+ nixpkgs = symlink:stockholm-nixpkgs;
+ secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
+ secrets-common = "/home/tv/secrets/common";
+ stockholm-krebs = "/home/tv/stockholm/krebs";
+ stockholm-nixpkgs = "/home/tv/stockholm/nixpkgs";
+ stockholm-private = "/home/tv/stockholm/tv";
+ upstream-nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "77f8f35d57618c1ba456d968524f2fb2c3448295";
+ dev = "/home/tv/nixpkgs";
};
- dir.secrets = {
- path = mkDefault "/home/tv/secrets/${config.krebs.build.host.name}";
- };
- dir.stockholm = {
- path = mkDefault "/home/tv/stockholm";
- target-path = mkDefault "/var/src/stockholm";
- };
- };
+ } // optionalAttrs config.krebs.build.host.secure {
+ secrets-master = "/home/tv/secrets/master";
+ });
};
networking.hostName = config.krebs.build.host.name;
@@ -98,12 +101,7 @@ with lib;
};
environment.variables = {
- NIX_PATH =
- with config.krebs.build.source; with dir; with git;
- mkForce (concatStringsSep ":" [
- "nixpkgs=${nixpkgs.target-path}"
- "secrets=${stockholm.target-path}/null"
- ]);
+ NIX_PATH = mkForce "/var/src";
};
programs.bash = {
@@ -182,7 +180,8 @@ with lib;
{
systemd.tmpfiles.rules = let
forUsers = flip map users;
- isUser = { group, ... }: hasSuffix "users" group;
+ isUser = { name, group, ... }:
+ name == "root" || hasSuffix "users" group;
users = filter isUser (mapAttrsToList (_: id) config.users.users);
in forUsers (u: "d /run/xdg/${u.name} 0700 ${u.name} ${u.group} -");
environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME";
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index 2108d97..be10e91 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -11,6 +11,9 @@
--disk-cache-size=50000000 \
"%@"
'';
+ ejabberd = pkgs.callPackage ./ejabberd {
+ erlang = pkgs.erlangR16;
+ };
ff = pkgs.callPackage ./ff {};
viljetic-pages = pkgs.callPackage ./viljetic-pages {};
xmonad-tv =
diff --git a/tv/5pkgs/ejabberd/default.nix b/tv/5pkgs/ejabberd/default.nix
new file mode 100644
index 0000000..3a77c5c
--- /dev/null
+++ b/tv/5pkgs/ejabberd/default.nix
@@ -0,0 +1,28 @@
+{stdenv, fetchurl, expat, erlang, zlib, openssl, pam, lib}:
+
+stdenv.mkDerivation rec {
+ version = "2.1.13";
+ name = "ejabberd-${version}";
+ src = fetchurl {
+ url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
+ sha256 = "0vf8mfrx7vr3c5h3nfp3qcgwf2kmzq20rjv1h9sk3nimwir1q3d8";
+ };
+ buildInputs = [ expat erlang zlib openssl pam ];
+ patchPhase = ''
+ sed -i \
+ -e "s|erl \\\|${erlang}/bin/erl \\\|" \
+ -e 's|EXEC_CMD=\"sh -c\"|EXEC_CMD=\"${stdenv.shell} -c\"|' \
+ src/ejabberdctl.template
+ '';
+ preConfigure = ''
+ cd src
+ '';
+ configureFlags = ["--enable-pam"];
+
+ meta = {
+ description = "Open-source XMPP application server written in Erlang";
+ license = stdenv.lib.licenses.gpl2;
+ homepage = http://www.ejabberd.im;
+ maintainers = [ lib.maintainers.sander ];
+ };
+}