diff options
| author | nin <nineinchnade@gmail.com> | 2017-07-06 20:36:05 +0200 |
|---|---|---|
| committer | nin <nineinchnade@gmail.com> | 2017-07-06 20:36:05 +0200 |
| commit | d29ffc4524ff086cd5e8b86f8f345db5cd9c14ea (patch) | |
| tree | 094771d5f6797217ce2f6f54c8b03f934aeba6ca | |
| parent | c0a8320cb007ed6e2459ef35380a556857f107fd (diff) | |
| parent | 1531509e5d967d226ea4c28051ebbf245a72f361 (diff) | |
Merge branch 'master' of prism:stockholm
| -rw-r--r-- | Makefile | 29 | ||||
| -rw-r--r-- | shared/2configs/default.nix | 2 | ||||
| -rw-r--r-- | shell.nix | 186 | ||||
| -rw-r--r-- | tv/1systems/alnus.nix | 2 | ||||
| -rw-r--r-- | tv/1systems/cd.nix | 1 | ||||
| -rw-r--r-- | tv/1systems/mu.nix | 11 | ||||
| -rw-r--r-- | tv/1systems/wu.nix | 1 | ||||
| -rw-r--r-- | tv/1systems/xu.nix | 1 | ||||
| -rw-r--r-- | tv/1systems/zu.nix | 1 | ||||
| -rw-r--r-- | tv/2configs/default.nix | 21 | ||||
| -rw-r--r-- | tv/2configs/htop.nix | 2 | ||||
| -rw-r--r-- | tv/2configs/vim.nix | 2 | ||||
| -rw-r--r-- | tv/5pkgs/default.nix | 88 | ||||
| -rw-r--r-- | tv/default.nix | 4 |
14 files changed, 276 insertions, 75 deletions
@@ -51,13 +51,23 @@ $(if $(target_user),,$(error unbound variable: target_user)) $(if $(target_port),,$(error unbound variable: target_port)) $(if $(target_path),,$(error unbound variable: target_path)) +whatsupnix = \ + if type whatsupnix >/dev/null 2>&1; then \ + whatsupnix $(1); \ + else \ + cat; \ + fi + build = \ nix-build \ + -Q \ --no-out-link \ --show-trace \ -I nixos-config=$(nixos-config) \ -I stockholm=$(stockholm) \ - -E "with import <stockholm>; $(1)" + -E "with import <stockholm>; $(1)" \ + $(2) \ + |& $(call whatsupnix) evaluate = \ nix-instantiate \ @@ -66,7 +76,8 @@ evaluate = \ --show-trace \ -I nixos-config=$(nixos-config) \ -I stockholm=$(stockholm) \ - -E "let eval = import <stockholm>; in with eval; $(1)" + -E "let eval = import <stockholm>; in with eval; $(1)" \ + $(2) ifeq ($(MAKECMDGOALS),) $(error No goals specified) @@ -84,11 +95,7 @@ deploy: $(ssh) $(target_user)@$(target_host) -p $(target_port) \ env STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \ nixos-rebuild -Q $(rebuild-command) --show-trace -I $(target_path) \ - |& if type whatsupnix 2>/dev/null; then \ - whatsupnix $(target_user)@$(target_host):$(target_port); \ - else \ - cat; \ - fi + |& $(call whatsupnix,$(target_user)@$(target_host):$(target_port)) # usage: make populate system=foo populate: populate-target = \ @@ -126,10 +133,10 @@ install: # usage: make test system=foo [target=bar] [method={eval,build}] method ?= eval ifeq ($(method),build) -test: command = nix-build --no-out-link +test: test = $(call build,$(1),$(2)) else ifeq ($(method),eval) -test: command ?= nix-instantiate --eval --json --readonly-mode --strict +test: test ?= $(call evaluate,$(1),$(2)) --json --strict | jq -r . else $(error bad method: $(method)) endif @@ -141,6 +148,4 @@ else test: wrapper = $(ssh) $(target_user)@$(target_host) -p $(target_port) endif test: populate - $(wrapper) \ - $(command) --show-trace -I $(target_path) \ - -A config.system.build.toplevel $(target_path)/stockholm + $(wrapper) $(call test,config.system.build.toplevel,-I $(target_path)) diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 894f8a9..398f125 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -11,7 +11,7 @@ with import <stockholm/lib>; nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "58e227052d40021d82d015f3f8da011ae54ea430"; # nixos-17.03 @ 2017-05-24 + ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 }; secrets.file = if getEnv "dummy_secrets" == "true" diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..3e7ba81 --- /dev/null +++ b/shell.nix @@ -0,0 +1,186 @@ +let + lib = import ./lib; + pkgs = import <nixpkgs> { overlays = [(import ./krebs/5pkgs)]; }; + + # usage: deploy --system=SYSTEM [--target=TARGET] + cmds.deploy = pkgs.writeDash "cmds.deploy" '' + set -efu + + command=deploy + . ${init.args} + \test -n "''${target-}" || target=$system + . ${init.env} + + exec ${utils.deploy} + ''; + + # usage: test --system=SYSTEM --target=TARGET + cmds.test = pkgs.writeDash "cmds.test" /* sh */ '' + set -efu + + command=test + . ${init.args} + . ${init.env} + + export dummy_secrets=true + exec ${utils.build} config.system.build.toplevel + ''; + + init.args = pkgs.writeText "init.args" /* sh */ '' + args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ + -o s:t: \ + -l system:,target: \ + -- "$@") + if \test $? != 0; then exit 1; fi + eval set -- "$args" + while :; do case $1 in + -s|--system) system=$2; shift 2;; + -t|--target) target=$2; shift 2;; + --) shift; break;; + esac; done + for arg; do echo "$command: bad argument: $arg" >&2; done + if \test $# != 0; then exit 2; fi + ''; + + init.env = pkgs.writeText "init.env" /* sh */ '' + config=''${config-$LOGNAME/1systems/$system.nix} + + export config + export system + export target + + export target_object="$(${init.env.parsetarget} $target)" + export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" + export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" + export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" + export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" + export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" + + if \test "''${using_proxy-}" != true; then + ${init.env.populate} + if \test "$target_local" != true; then + exec ${init.env.proxy} "$command" "$@" + fi + fi + '' // { + parsetarget = pkgs.writeDash "init.env.parsetarget" '' + set -efu + exec ${pkgs.jq}/bin/jq \ + -enr \ + --arg target "$1" \ + -f ${init.env.parsetarget.jq} + '' // { + jq = pkgs.writeText "init.env.parsetarget.jq" '' + def when(c; f): if c then f else . end; + def capturesDef(i; v): .captures[i].string | when(. == null; v); + $target | match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { + user: capturesDef(0; "root"), + host: capturesDef(1; env.system), + port: capturesDef(2; "22"), + path: capturesDef(3; "/var/src"), + } | . + { + local: (.user == env.LOGNAME and .host == env.HOSTNAME), + } + ''; + }; + populate = pkgs.writeDash "init.env.populate" '' + set -efu + ${pkgs.nix}/bin/nix-instantiate \ + --eval \ + --json \ + --readonly-mode \ + --show-trace \ + --strict \ + -I nixos-config="$config" \ + -E 'with import <stockholm>; config.krebs.build.source' \ + | + ${pkgs.populate}/bin/populate \ + "$target_user@$target_host:$target_port$target_path" \ + >&2 + ''; + proxy = pkgs.writeDash "init.env.proxy" '' + set -efu + q() { + ${pkgs.jq}/bin/jq -nr --arg x "$*" '$x | @sh "\(.)"' + } + exec ${pkgs.openssh}/bin/ssh \ + "$target_user@$target_host" -p "$target_port" \ + cd "$target_path/stockholm" \; \ + NIX_PATH=$(q "$target_path") \ + STOCKHOLM_VERSION=$STOCKHOLM_VERSION \ + nix-shell \ + --command $(q \ + config=$config \ + system=$system \ + target=$target \ + using_proxy=true \ + "$*" + ) + ''; + }; + + utils.build = pkgs.writeDash "utils.build" '' + set -efu + ${pkgs.nix}/bin/nix-build \ + -Q \ + --no-out-link \ + --show-trace \ + -E "with import <stockholm>; $1" \ + -I "$target_path" \ + 2>&1 | + ${pkgs.whatsupnix}/bin/whatsupnix + ''; + + utils.deploy = pkgs.writeDash "utils.deploy" '' + set -efu + PATH=/run/current-system/sw/bin nixos-rebuild switch \ + -Q \ + --show-trace \ + -I "$target_path" \ + 2>&1 | + ${pkgs.whatsupnix}/bin/whatsupnix + ''; + + shell.get-version = pkgs.writeDash "shell.get-version" '' + set -efu + version=git.$(${pkgs.git}/bin/git describe --always --dirty) + case $version in (*-dirty) + version=$version@$HOSTNAME + esac + date=$(${pkgs.coreutils}/bin/date +%y.%m) + echo "$date.$version" + ''; + + shell.cmdspkg = pkgs.writeOut "shell.cmdspkg" (lib.mapAttrs' (name: link: + lib.nameValuePair "/bin/${name}" { inherit link; } + ) cmds); + +in pkgs.stdenv.mkDerivation { + name = "stockholm"; + shellHook = /* sh */ '' + export NIX_PATH="stockholm=$PWD''${NIX_PATH+:$NIX_PATH}" + export PATH=${lib.makeBinPath [ + shell.cmdspkg + ]} + + eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" + shopt -u no_empty_cmd_completion + unalias -a + + enable -n \ + . [ alias bg bind break builtin caller cd command compgen complete \ + compopt continue dirs disown eval exec false fc fg getopts hash \ + help history jobs kill let local logout mapfile popd printf pushd \ + pwd read readarray readonly shift source suspend test times trap \ + true typeset ulimit umask unalias wait + + exitHandler() { + : + } + + export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" + + PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' + ''; +} diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix index 4bc0318..ef2a050 100644 --- a/tv/1systems/alnus.nix +++ b/tv/1systems/alnus.nix @@ -58,7 +58,7 @@ with import <stockholm/lib>; krebs.build = { host = config.krebs.hosts.alnus; user = mkForce config.krebs.users.dv; - source.nixpkgs.git.ref = mkForce "e924319cb6c74aa2a9c943eddeb0caef79db01bc"; + source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; }; networking.networkmanager.enable = true; diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 108006f..9f2cec5 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -25,7 +25,6 @@ with import <stockholm/lib>; }; environment.systemPackages = with pkgs; [ - htop iftop iotop iptables diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index fcd0a21..3f3b2c2 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -79,15 +79,12 @@ with import <stockholm/lib>; gimp xsane firefoxWrapper - chromiumDev + chromium skype libreoffice - kde4.l10n.de - kde4.plasma-nm pidgin-with-plugins pidginotr - kde4.print_manager #foomatic_filters #gutenprint #cups_pdf_filter @@ -101,7 +98,7 @@ with import <stockholm/lib>; security.wrappers = { sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron - slock.slock = "${pkgs.slock}/bin/slock"; + slock.source = "${pkgs.slock}/bin/slock"; }; security.pam.loginLimits = [ @@ -138,7 +135,9 @@ with import <stockholm/lib>; twoFingerScroll = true; }; - services.xserver.desktopManager.kde4.enable = true; + services.xserver.desktopManager.plasma5 = { + enable = true; + }; services.xserver.displayManager.auto = { enable = true; user = "vv"; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 60f9fa1..4b3bf85 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -31,7 +31,6 @@ with import <stockholm/lib>; get gnupg1compat haskellPackages.hledger - htop jq mkpasswd netcat diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 3add017..d82f45a 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -34,7 +34,6 @@ with import <stockholm/lib>; file gnupg1compat haskellPackages.hledger - htop jq krebszones mkpasswd diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 5552ef0..4fae3ca 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -36,7 +36,6 @@ with import <stockholm/lib>; file gnupg1compat haskellPackages.hledger - htop jq mkpasswd netcat diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 4a1247e..bab1c72 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,20 +1,20 @@ -{ config, lib, pkgs, ... }: - with import <stockholm/lib>; - -{ +{ config, lib, pkgs, ... }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "tv"; +in { krebs.enable = true; krebs.build = { user = config.krebs.users.tv; source = let inherit (config.krebs.build) host; in { nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString <stockholm/tv/dummy_secrets> - else "/home/tv/secrets/${host.name}"; + secrets.file = getAttr builder { + buildbot = toString <stockholm/tv/dummy_secrets>; + tv = "/home/tv/secrets/${host.name}"; + }; secrets-common.file = "/home/tv/secrets/common"; - stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03 @@ -158,9 +158,10 @@ with import <stockholm/lib>; { environment.systemPackages = [ pkgs.get + pkgs.htop pkgs.krebspaste - pkgs.ovh-zone pkgs.nix-prefetch-scripts + pkgs.ovh-zone pkgs.push ]; } diff --git a/tv/2configs/htop.nix b/tv/2configs/htop.nix index 5d7e027..d7d2d7b 100644 --- a/tv/2configs/htop.nix +++ b/tv/2configs/htop.nix @@ -7,7 +7,6 @@ with import <stockholm/lib>; htop = pkgs.symlinkJoin { name = "htop"; paths = [ - super.htop (pkgs.writeDashBin "htop" '' export HTOPRC=${pkgs.writeText "htoprc" '' fields=0 48 17 18 38 39 40 2 46 47 49 1 @@ -37,6 +36,7 @@ with import <stockholm/lib>; ''} exec ${super.htop}/bin/htop "$@" '') + super.htop ]; }; }; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 93ed46d..a3af937 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -300,7 +300,6 @@ let { vim-wrapper = pkgs.symlinkJoin { name = "vim"; paths = [ - pkgs.vim_configurable (pkgs.writeDashBin "vim" '' set -efu (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) @@ -310,6 +309,7 @@ let { # vim-orgmode needs Python, thus vim_configurable instead of just vim exec ${pkgs.vim_configurable}/bin/vim "$@" '') + pkgs.vim_configurable ]; }; diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index ae47ab0..284e42a 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,40 +1,54 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; -{ - nixpkgs.config.packageOverrides = super: let - - # This callPackage will try to detect obsolete overrides. - callPackage = path: args: let - override = super.callPackage path args; - upstream = optionalAttrs (override ? "name") - (super.${(parseDrvName override.name).name} or {}); - in if upstream ? "name" && - override ? "name" && - compareVersions upstream.name override.name != -1 - then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override - else override; - - in {} - // mapAttrs (_: flip callPackage {}) - (filterAttrs (_: dir: pathExists (dir + "/default.nix")) - (subdirsOf ./.)) - // { - # TODO use XDG_RUNTIME_DIR? - cr = pkgs.writeDashBin "cr" '' - set -efu - export LC_TIME=de_DE.utf8 - exec ${pkgs.chromium}/bin/chromium \ - --ssl-version-min=tls1 \ - --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \ - --disk-cache-size=50000000 \ - "$@" - ''; - ejabberd = callPackage ./ejabberd { - erlang = pkgs.erlangR16; - }; - ff = pkgs.writeDashBin "ff" '' - exec ${pkgs.firefoxWrapper}/bin/firefox "$@" - ''; - gnupg = pkgs.gnupg21; +self: super: let + + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = super.callPackage path args; + upstream = optionalAttrs (override ? "name") + (super.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then + trace + "Upstream `${upstream.name}' gets overridden by `${override.name}'." + override + else override; + +in { + + # TODO use XDG_RUNTIME_DIR? + cr = self.writeDashBin "cr" '' + set -efu + export LC_TIME=de_DE.utf8 + exec ${self.chromium}/bin/chromium \ + --ssl-version-min=tls1 \ + --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \ + --disk-cache-size=50000000 \ + "$@" + ''; + + ejabberd = callPackage ./ejabberd { + erlang = self.erlangR16; }; + + ff = self.writeDashBin "ff" '' + exec ${self.firefoxWrapper}/bin/firefox "$@" + ''; + + gnupg = self.gnupg21; + + # https://github.com/NixOS/nixpkgs/issues/16113 + wvdial = let + nixpkgs-1509 = import (self.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + in nixpkgs-1509.wvdial; + } + +// mapAttrs (_: flip callPackage {}) + (filterAttrs (_: dir: pathExists (dir + "/default.nix")) + (subdirsOf ./.)) diff --git a/tv/default.nix b/tv/default.nix index b1c7c1b..d077cc0 100644 --- a/tv/default.nix +++ b/tv/default.nix @@ -1,9 +1,9 @@ -_: +{ pkgs, ... }: { imports = [ ../krebs ./2configs ./3modules - ./5pkgs ]; + nixpkgs.config.packageOverrides = import ./5pkgs pkgs; } |