diff options
author | tv <tv@krebsco.de> | 2015-07-16 23:22:30 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-07-16 23:22:30 +0200 |
commit | 6aadd262fc1ec1cb7159da9ee62bd35616ddc23d (patch) | |
tree | 57983c04bb49fe0375300861111a61cede545794 /old | |
parent | 546d86da1e3cab814372fc57c83e737617c7fed8 (diff) |
Goodbye old world, and thanks for all the fish!
Diffstat (limited to 'old')
118 files changed, 0 insertions, 8659 deletions
diff --git a/old/Makefile b/old/Makefile deleted file mode 100644 index bef7727..0000000 --- a/old/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -all:;@exit 23 - -tv-cluster := cd mkdir nomic rmdir wu -deploy-cd:; ./deploy cd -deploy-mkdir:; ./deploy mkdir -deploy-nomic:; ./deploy nomic root@nomic-local -deploy-rmdir:; ./deploy rmdir -deploy-wu:; ./deploy wu root@localhost - -ifndef cluster -cluster := $(LOGNAME) -endif -hosts := $($(cluster)-cluster) -ifeq ($(hosts),) -$(error bad cluster: $(cluster)) -else -.ONESHELL: - -.PHONY: deploy $(addprefix deploy-,$(hosts)) -deploy: - exec parallel \ - -j 0 \ - --no-notice \ - --rpl '{u} s/^.* deploy-(.*)/\1/' \ - --tagstring '{u}' \ - --line-buffer \ - $(MAKE) deploy-{} ::: $(hosts) - -.PHONY: rotate-consul-encrypt -rotate-consul-encrypt: - umask 0377 - mkencrypt() { dd status=none if=/dev/random bs=1 count=16 | base64; } - json=$$(printf '{"encrypt":"%s"}\n' $$(mkencrypt)) - cmd=' - f=secrets/{}/rsync/etc/consul/encrypt.json - rm -f "$$f" - echo "$$json" > "$$f" - ' - export json - exec parallel \ - -j 0 \ - --no-notice \ - --rpl '{u} s/^.* deploy-(.*)/\1/' \ - --tagstring '{u}' \ - --line-buffer \ - --quote \ - sh -eufc "$$cmd" ::: $(hosts) -endif diff --git a/old/README.md b/old/README.md deleted file mode 100644 index 8a72d2f..0000000 --- a/old/README.md +++ /dev/null @@ -1,32 +0,0 @@ - - -# Turn a Cloud at Cost CentOS-7-64bit server into NixOS - -1. Configure the system (`$systemname`) you'd like to install (see Configuration below). -2. Create new server instance (either Custom or cloudpro) using "CentOS-7-64bit". - Note the servername (something like c731445864-cloudpro-388922936). -3. `cac_login=xxx cac_key=yyy ./infest-cac-CentOS-7-64bit.sh servername:$servername $systename` -4. Enjoy. (`ssh root@$systename`) - -# Configuration - -Configure your system in modules/$systemname -See modules/cd/default.nix as an example. - -Notice that modules/$systemname/networking will be autogenerated (but not committed). - -secrets/$systemname/nix/foo can be accessed as `<secrets/foo>` from within the configuration. - -You might want `secrets/$systemname/rsync/etc/tinc/retiolum/rsa_key.priv`. - -You might want `secrets/$systemname/nix/hashedPasswords.nix`, which looks like - -```nix -_: { users.extraUsers.root.hashedPassword = "XXX"; } -``` - -`XXX` can be generated with e.g. - -``` -mkpasswd -m sha-512 -S $(openssl rand -base64 16 | tr -d '+=' | head -c 16) -``` diff --git a/old/bin/copy-secrets b/old/bin/copy-secrets deleted file mode 100755 index f404935..0000000 --- a/old/bin/copy-secrets +++ /dev/null @@ -1,69 +0,0 @@ -#! /bin/sh -# -# copy-secrets system_name target -# -set -euf - -system_name=$1 -target=$2 - -nixos_config=$config_root/modules/$system_name -secrets_nix=$secrets_root/$system_name/nix -secrets_rsync=$secrets_root/$system_name/rsync - -if ! test -e "$secrets_rsync"; then - exit # nothing to do -fi - -# XXX this is ugly -# Notice NIX_PATH used from host -# Notice secrets required to evaluate configuration -NIX_PATH=$NIX_PATH:nixos-config=$PWD/modules/$system_name -NIX_PATH=$NIX_PATH:secrets=$PWD/secrets/$system_name/nix -export NIX_PATH - -case $(nixos-query tv.retiolum.enable 2>/dev/null) in true) - retiolum_secret=$(nixos-query tv.retiolum.privateKeyFile) - retiolum_uid=$(nixos-query users.extraUsers.retiolum-tinc.uid) -esac - -case $(nixos-query services.ejabberd-cd.enable 2>/dev/null) in true) - ejabberd_secret=$(nixos-query services.ejabberd-cd.certFile) - ejabberd_uid=$(nixos-query users.extraUsers.ejabberd.uid) -esac - -case $(nixos-query tv.consul.enable 2>/dev/null) in true) - consul_secret=$(nixos-query tv.consul.encrypt-file) - consul_uid=$(nixos-query users.extraUsers.consul.uid) -esac - -(set -x - rsync \ - --rsync-path="mkdir -p \"$2\" && rsync" \ - -vzrlptD \ - "$secrets_rsync/" \ - "$target:/") - -ssh "$target" -T <<EOF -set -euf - -retiolum_secret=${retiolum_secret-} -retiolum_uid=${retiolum_uid-} -ejabberd_secret=${ejabberd_secret-} -ejabberd_uid=${ejabberd_uid-} -consul_secret=${consul_secret-} -consul_uid=${consul_uid-} - -if test -n "\$retiolum_secret"; then - chown -v "\$retiolum_uid:0" "\$retiolum_secret" -fi - -if test -n "\$ejabberd_secret"; then - chown -v "\$ejabberd_uid:0" "\$ejabberd_secret" -fi - -if test -n "\$consul_secret"; then - chown -v "\$consul_uid:0" "\$consul_secret" -fi - -EOF diff --git a/old/bin/genid b/old/bin/genid deleted file mode 100755 index 8e22407..0000000 --- a/old/bin/genid +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/sh -# usage: genid NAME -set -euf -name=$1 -hash=$(printf %s "$name" | sha1sum | cut -d\ -f1 | tr a-f A-F) -echo " - min=2^16 # bigger than nobody and nogroup, see <nixos/modules/misc/ids.nix> - max=2^32 # see 2^(8*sizeof(uid_t)) - ibase=16 - ($hash + min) % max -" | bc diff --git a/old/bin/netmask-to-prefix b/old/bin/netmask-to-prefix deleted file mode 100755 index 1c4dbeb..0000000 --- a/old/bin/netmask-to-prefix +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/sh -set -euf - -netmask=$1 - -binaryNetmask=$(echo $1 | sed 's/^/obase=2;/;s/\./;/g' | bc | tr -d \\n) -binaryPrefix=$(echo $binaryNetmask | sed -n 's/^\(1*\)0*$/\1/p') -if ! echo $binaryPrefix | grep -q .; then - echo $0: bad netmask: $netmask >&2 - exit 4 -fi -printf %s $binaryPrefix | tr -d 0 | wc -c diff --git a/old/bin/nixos-query b/old/bin/nixos-query deleted file mode 100755 index 1111aea..0000000 --- a/old/bin/nixos-query +++ /dev/null @@ -1,4 +0,0 @@ -#! /bin/sh -set -euf -result=$(nix-instantiate -A config."$1" --eval --json '<nixos>') -echo $result | jq -r . diff --git a/old/bin/urlencode b/old/bin/urlencode deleted file mode 100755 index 02ca030..0000000 --- a/old/bin/urlencode +++ /dev/null @@ -1,35 +0,0 @@ -#! /bin/sh -set -euf -exec sed ' - s/%/%25/g - s/ /%20/g - s/!/%21/g - s/"/%22/g - s/#/%23/g - s/\$/%24/g - s/\&/%26/g - s/'\''/%27/g - s/(/%28/g - s/)/%29/g - s/\*/%2a/g - s/+/%2b/g - s/,/%2c/g - s/-/%2d/g - s/\./%2e/g - s/\//%2f/g - s/:/%3a/g - s/;/%3b/g - s//%3e/g - s/?/%3f/g - s/@/%40/g - s/\[/ |