23 files changed, 140 insertions, 81 deletions

diff --git a/Makefile b/Makefile
index cab53d5..e35aa89 100644
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,7 @@ export STOCKHOLM_VERSION ?= $(shell \
 system ?= $(HOSTNAME)
 $(if $(system),,$(error unbound variable: system))
 
-nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix
+nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system)/config.nix
 ifneq ($(words $(wildcard $(nixos-config))),1)
 $(error bad nixos-config: $(nixos-config))
 endif
diff --git a/lib/default.nix b/lib/default.nix
index 803a614..4c54f60 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,6 +1,9 @@
 let
   nixpkgs-lib = import <nixpkgs/lib>;
   lib = with lib; nixpkgs-lib // builtins // {
+
+    evalSource = import ./eval-source.nix;
+
     git = import ./git.nix { inherit lib; };
     shell = import ./shell.nix { inherit lib; };
     types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
diff --git a/lib/eval-source.nix b/lib/eval-source.nix
new file mode 100644
index 0000000..de5f0b4
--- /dev/null
+++ b/lib/eval-source.nix
@@ -0,0 +1,17 @@
+with import <stockholm/lib>;
+let
+  eval = _file: source: evalModules {
+    modules = singleton {
+      inherit _file;
+      options.source = mkOption {
+        type = types.attrsOf types.source;
+        default = {};
+      };
+      config = {
+        inherit source;
+      };
+    };
+  };
+in
+  # This function's return value can be used as pkgs.populate input.
+  _file: source: (eval _file source).config.source
diff --git a/shell.nix b/shell.nix
index e0c60e3..57957f8 100644
--- a/shell.nix
+++ b/shell.nix
@@ -43,9 +43,11 @@ let
   '';
 
   init.env = pkgs.writeText "init.env" /* sh */ ''
-    config=''${config-$LOGNAME/1systems/$system.nix}
+    config=''${config-$LOGNAME/1systems/$system/config.nix}
+    source=''${source-$LOGNAME/1systems/$system/source.nix}
 
     export config
+    export source
     export system
     export target
 
@@ -92,7 +94,7 @@ let
           --show-trace \
           --strict \
           -I nixos-config="$config" \
-          -E 'with import <stockholm>; config.krebs.build.source')
+          "$source")
       echo $_source |
       ${pkgs.populate}/bin/populate \
           "$target_user@$target_host:$target_port$target_path" \
diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus/config.nix
index ef2a050..d08a290 100644
--- a/tv/1systems/alnus.nix
+++ b/tv/1systems/alnus/config.nix
@@ -4,10 +4,10 @@ with import <stockholm/lib>;
 
 {
   imports = [
-    ../.
-    ../2configs/hw/x220.nix
-    ../2configs/exim-retiolum.nix
-    ../2configs/retiolum.nix
+    <stockholm/tv>
+    <stockholm/tv/2configs/hw/x220.nix>
+    <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/retiolum.nix>
   ];
 
   # TODO remove non-hardware stuff from ../2configs/hw/x220.nix
diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix
new file mode 100644
index 0000000..f9dcefe
--- /dev/null
+++ b/tv/1systems/alnus/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/tv/source.nix> {
+  name = "alnus";
+}
diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi/config.nix
index 59f3cd6..b136d1a 100644
--- a/tv/1systems/caxi.nix
+++ b/tv/1systems/caxi/config.nix
@@ -6,10 +6,10 @@ with import <stockholm/lib>;
   krebs.build.host = config.krebs.hosts.caxi;
 
   imports = [
-    ../.
-    ../2configs/hw/CAC-Developer-1.nix
-    ../2configs/fs/CAC-CentOS-7-64bit.nix
-    ../2configs/retiolum.nix
+    <stockholm/tv>
+    <stockholm/tv/2configs/hw/CAC-Developer-1.nix>
+    <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix>
+    <stockholm/tv/2configs/retiolum.nix>
   ];
 
   networking = let
diff --git a/tv/1systems/caxi/source.nix b/tv/1systems/caxi/source.nix
new file mode 100644
index 0000000..bc875b7
--- /dev/null
+++ b/tv/1systems/caxi/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/tv/source.nix> {
+  name = "caxi";
+}
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd/config.nix
index 9f2cec5..f78bcaf 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd/config.nix
@@ -6,11 +6,11 @@ with import <stockholm/lib>;
   krebs.build.host = config.krebs.hosts.cd;
 
   imports = [
-    ../.
-    ../2configs/hw/CAC-Developer-2.nix
-    ../2configs/fs/CAC-CentOS-7-64bit.nix
-    ../2configs/exim-smarthost.nix
-    ../2configs/retiolum.nix
+    <stockholm/tv>
+    <stockholm/tv/2configs/hw/CAC-Developer-2.nix>
+    <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix>
+    <stockholm/tv/2configs/exim-smarthost.nix>
+    <stockholm/tv/2configs/retiolum.nix>
   ];
 
   networking = {
diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix
new file mode 100644
index 0000000..019e8bc
--- /dev/null
+++ b/tv/1systems/cd/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/tv/source.nix> {
+  name = "cd";
+}
diff --git a/tv/1systems/mu.nix b/tv/1systems/mu/config.nix
index 3f3b2c2..239f333 100644
--- a/tv/1systems/mu.nix
+++ b/tv/1systems/mu/config.nix
@@ -4,11 +4,11 @@ with import <stockholm/lib>;
 
 {
   imports = [
-    ../../krebs
-    ../2configs
-    ../3modules
-    ../2configs/exim-retiolum.nix
-    ../2configs/retiolum.nix
+    <stockholm/krebs>
+    <stockholm/tv/2configs>
+    <stockholm/tv/3modules>
+    <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/retiolum.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.mu;
diff --git a/tv/1systems/mu/source.nix b/tv/1systems/mu/source.nix
new file mode 100644
index 0000000..7e148cf
--- /dev/null
+++ b/tv/1systems/mu/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/tv/source.nix> {
+  name = "mu";
+}
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic/config.nix
index 9b95022..d014498 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic/config.nix
@@ -6,16 +6,16 @@ with import <stockholm/lib>;
   krebs.build.host = config.krebs.hosts.nomic;
 
   imports = [
-    ../.
-    ../2configs/hw/x220.nix
-    ../2configs/exim-retiolum.nix
-    ../2configs/gitrepos.nix
-    ../2configs/im.nix
-    ../2configs/mail-client.nix
-    ../2configs/nginx/public_html.nix
-    ../2configs/pulse.nix
-    ../2configs/retiolum.nix
-    ../2configs/xserver
+    <stockholm/tv>
+    <stockholm/tv/2configs/hw/x220.nix>
+    <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/gitrepos.nix>
+    <stockholm/tv/2configs/im.nix>
+    <stockholm/tv/2configs/mail-client.nix>
+    <stockholm/tv/2configs/nginx/public_html.nix>
+    <stockholm/tv/2configs/pulse.nix>
+    <stockholm/tv/2configs/retiolum.nix>
+    <stockholm/tv/2configs/xserver>
   ];
 
   boot.initrd.luks = {
diff --git a/tv/1systems/nomic/source.nix b/tv/1systems/nomic/source.nix
new file mode 100644
index 0000000..f173b65
--- /dev/null
+++ b/tv/1systems/nomic/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/tv/source.nix> {
+  name = "nomic";
+  secure = true;
+}
diff --git a/tv/1systems/test/source.nix b/tv/1systems/test/source.nix
new file mode 100644
index 0000000..f756b85
--- /dev/null
+++ b/tv/1systems/test/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/tv/source.nix> {
+  name = "test";
+}
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu/config.nix
index 4b3bf85..5b2542a 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu/config.nix
@@ -6,17 +6,17 @@ with import <stockholm/lib>;
   krebs.build.host = config.krebs.hosts.wu;
 
   imports = [
-    ../.
-    ../2configs/hw/w110er.nix
-    ../2configs/exim-retiolum.nix
-    ../2configs/gitrepos.nix
-    ../2configs/im.nix
-    ../2configs/mail-client.nix
-    ../2configs/man.nix
-    ../2configs/nginx/public_html.nix
-    ../2configs/pulse.nix
-    ../2configs/retiolum.nix
-    ../2configs/xserver
+    <stockholm/tv>
+    <stockholm/tv/2configs/hw/w110er.nix>
+    <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/gitrepos.nix>
+    <stockholm/tv/2configs/im.nix>
+    <stockholm/tv/2configs/mail-client.nix>
+    <stockholm/tv/2configs/man.nix>
+    <stockholm/tv/2configs/nginx/public_html.nix>
+    <stockholm/tv/2configs/pulse.nix>
+    <stockholm/tv/2configs/retiolum.nix>
+    <stockholm/tv/2configs/xserver>
     {
       environment.systemPackages = with pkgs; [
         # root
diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix
new file mode 100644
index 0000000..2e9cdeb
--- /dev/null
+++ b/tv/1systems/wu/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/tv/source.nix> {
+  name = "wu";
+  secure = true;
+}
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu/config.nix
index d82f45a..2bffddd 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu/config.nix
@@ -6,18 +6,18 @@ with import <stockholm/lib>;
   krebs.build.host = config.krebs.hosts.xu;
 
   imports = [
-    ../.
-    ../2configs/hw/x220.nix
-    ../2configs/exim-retiolum.nix
-    ../2configs/gitconfig.nix
-    ../2configs/gitrepos.nix
-    ../2configs/mail-client.nix
-    ../2configs/man.nix
-    ../2configs/nginx/public_html.nix
-    ../2configs/pulse.nix
-    ../2configs/retiolum.nix
-    ../2configs/binary-cache
-    ../2configs/xserver
+    <stockholm/tv>
+    <stockholm/tv/2configs/hw/x220.nix>
+    <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/gitconfig.nix>
+    <stockholm/tv/2configs/gitrepos.nix>
+    <stockholm/tv/2configs/mail-client.nix>
+    <stockholm/tv/2configs/man.nix>
+    <stockholm/tv/2configs/nginx/public_html.nix>
+    <stockholm/tv/2configs/pulse.nix>
+    <stockholm/tv/2configs/retiolum.nix>
+    <stockholm/tv/2configs/binary-cache>
+    <stockholm/tv/2configs/xserver>
     {
       environment.systemPackages = with pkgs; [
 
diff --git a/tv/1systems/xu/source.nix b/tv/1systems/xu/source.nix
new file mode 100644
index 0000000..46e1aee
--- /dev/null
+++ b/tv/1systems/xu/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/tv/source.nix> {
+  name = "xu";
+  secure = true;
+}
diff --git a/tv/1systems/zu.nix b/tv/1systems/zu/config.nix
index 4fae3ca..d2aab8c 100644
--- a/tv/1systems/zu.nix
+++ b/tv/1systems/zu/config.nix
@@ -12,16 +12,16 @@ with import <stockholm/lib>;
         default = {};
       };
     }
-    ../.
-    ../2configs/hw/x220.nix
-    ../2configs/exim-retiolum.nix
-    ../2configs/gitrepos.nix
-    ../2configs/mail-client.nix
-    ../2configs/man.nix
-    ../2configs/nginx/public_html.nix
-    ../2configs/pulse.nix
-    ../2configs/retiolum.nix
-    ../2configs/xserver
+    <stockholm/tv>
+    <stockholm/tv/2configs/hw/x220.nix>
+    <stockholm/tv/2configs/exim-retiolum.nix>
+    <stockholm/tv/2configs/gitrepos.nix>
+    <stockholm/tv/2configs/mail-client.nix>
+    <stockholm/tv/2configs/man.nix>
+    <stockholm/tv/2configs/nginx/public_html.nix>
+    <stockholm/tv/2configs/pulse.nix>
+    <stockholm/tv/2configs/retiolum.nix>
+    <stockholm/tv/2configs/xserver>
     {
       environment.systemPackages = with pkgs; [
 
diff --git a/tv/1systems/zu/source.nix b/tv/1systems/zu/source.nix
new file mode 100644
index 0000000..7a5c4f5
--- /dev/null
+++ b/tv/1systems/zu/source.nix
@@ -0,0 +1,4 @@
+import <stockholm/tv/source.nix> {
+  name = "zu";
+  secure = true;
+}
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 3d95d6d..07496fd 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -6,23 +6,7 @@ with import <stockholm/lib>;
 in {
   krebs.enable = true;
 
-  krebs.build = {
-    user = config.krebs.users.tv;
-    source = let inherit (config.krebs.build) host; in {
-      nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix";
-      secrets.file = getAttr builder {
-        buildbot = toString <stockholm/tv/dummy_secrets>;
-        tv = "/home/tv/secrets/${host.name}";
-      };
-      secrets-common.file = "/home/tv/secrets/common";
-      nixpkgs.git = {
-        url = https://github.com/NixOS/nixpkgs;
-        ref = "057f89b9344e5341796046f25ae4f269be6d4529"; # nixos-17.03
-      };
-    } // optionalAttrs host.secure {
-      secrets-master.file = "/home/tv/secrets/master";
-    };
-  };
+  krebs.build.user = config.krebs.users.tv;
 
   networking.hostName = config.krebs.build.host.name;
 
diff --git a/tv/source.nix b/tv/source.nix
new file mode 100644
index 0000000..7306cd9
--- /dev/null
+++ b/tv/source.nix
@@ -0,0 +1,22 @@
+with import <stockholm/lib>;
+host@{ name, secure ? false }: let
+  builder = if getEnv "dummy_secrets" == "true"
+              then "buildbot"
+              else "tv";
+  _file = <stockholm> + "/tv/1systems/${name}/source.nix";
+in
+  evalSource (toString _file) {
+    nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
+    secrets.file = getAttr builder {
+      buildbot = toString <stockholm/tv/dummy_secrets>;
+      tv = "/home/tv/secrets/${name}";
+    };
+    stockholm.file = toString <stockholm>;
+    secrets-common.file = "/home/tv/secrets/common";
+    nixpkgs.git = {
+      url = https://github.com/NixOS/nixpkgs;
+      ref = "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; # nixos-17.03
+    };
+  } // optionalAttrs secure {
+    secrets-master.file = "/home/tv/secrets/master";
+  }