diff options
| -rw-r--r-- | Makefile | 48 | ||||
| -rw-r--r-- | shared/2configs/base.nix | 13 | ||||
| -rw-r--r-- | shared/2configs/shared-buildbot.nix | 8 | ||||
| -rw-r--r-- | tv/1systems/alnus.nix | 103 | ||||
| -rw-r--r-- | tv/2configs/default.nix | 20 | ||||
| -rw-r--r-- | tv/2configs/git.nix | 1 |
6 files changed, 154 insertions, 39 deletions
@@ -41,23 +41,25 @@ target_path ?= $(_target_path) endif endif -export target_host ?= $(system) -export target_user ?= root -export target_port ?= 22 -export target_path ?= /var/src +target_host ?= $(system) +target_user ?= root +target_port ?= 22 +target_path ?= /var/src $(if $(target_host),,$(error unbound variable: target_host)) $(if $(target_user),,$(error unbound variable: target_user)) $(if $(target_port),,$(error unbound variable: target_port)) $(if $(target_path),,$(error unbound variable: target_path)) +target ?= $(target_user)@$(target_host):$(target_port)$(target_path) + build = \ nix-build \ --no-out-link \ --show-trace \ -I nixos-config=$(nixos-config) \ -I stockholm=$(stockholm) \ - -E "let build = import <stockholm>; in $(1)" + -E "with import <stockholm>; $(1)" evaluate = \ nix-instantiate \ @@ -68,26 +70,37 @@ evaluate = \ -I stockholm=$(stockholm) \ -E "let eval = import <stockholm>; in with eval; $(1)" -execute = \ - result=$$($(call evaluate,config.krebs.build.$(1))) && \ - script=$$(echo "$$result" | jq -r .) && \ - echo "$$script" | PS5=% sh - ifeq ($(MAKECMDGOALS),) $(error No goals specified) endif # usage: make deploy system=foo [target_host=bar] +ifeq ($(debug),true) +deploy: rebuild-command = dry-activate +else +deploy: rebuild-command = switch +endif deploy: ssh ?= ssh deploy: - $(call execute,populate) + $(MAKE) populate debug=false $(ssh) $(target_user)@$(target_host) -p $(target_port) \ env STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \ - nixos-rebuild switch --show-trace -I $(target_path) + nixos-rebuild $(rebuild-command) --show-trace -I $(target_path) + +# usage: make populate system=foo +ifeq ($(debug),true) +populate: populate-flags += --debug +endif +ifneq ($(ssh),) +populate: populate-flags += --ssh=$(ssh) +endif +populate: + $(call evaluate,config.krebs.build.source) --json --strict | \ + populate $(target) $(populate-flags) -# usage: make build.pkgs.get -build build.:;@$(call build,$${expr-eval}) -build.%:;@$(call build,$@) +# usage: make pkgs.populate +pkgs:;@$(error no package selected) +pkgs.%:;@$(call build,$@) # usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name eval eval.:;@$(call evaluate,$${expr-eval}) @@ -99,7 +112,7 @@ install: $(ssh) $(target_user)@$(target_host) -p $(target_port) \ env target_path=$(target_path) \ sh -s prepare < krebs/4lib/infest/prepare.sh - target_path=/mnt$(target_path) $(call execute,populate) + $(MAKE) populate target_path=/mnt$(target_path) $(ssh) $(target_user)@$(target_host) -p $(target_port) \ env NIXOS_CONFIG=$(target_path)/nixos-config \ STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \ @@ -117,8 +130,7 @@ $(error bad method: $(method)) endif endif test: ssh ?= ssh -test: - $(call execute,populate) +test: populate $(ssh) $(target_user)@$(target_host) -p $(target_port) \ $(command) --show-trace -I $(target_path) \ -A config.system.build.toplevel $(target_path)/stockholm diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index bbb089c..a92a0df 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -7,15 +7,14 @@ with config.krebs.lib; # TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.shared; - krebs.build.source = { - nixpkgs = mkDefault { + krebs.build.source = let inherit (config.krebs.build) host user; in { + nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; + nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - rev = "63b9785"; # stable @ 2016-06-01 + ref = "63b9785"; # stable @ 2016-06-01 }; - secrets = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}"; - stockholm = mkDefault "${getEnv "HOME"}/stockholm"; - - nixos-config = "symlink:stockholm/${config.krebs.build.user.name}/1systems/${config.krebs.build.host.name}.nix"; + secrets.file = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + stockholm.file = "${getEnv "HOME"}/stockholm"; }; networking.hostName = config.krebs.build.host.name; diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix index 6c40d99..688f8f9a 100644 --- a/shared/2configs/shared-buildbot.nix +++ b/shared/2configs/shared-buildbot.nix @@ -75,7 +75,8 @@ # prepare nix-shell # the dependencies which are used by the test script - deps = [ "gnumake", "jq","nix","rsync", + deps = [ "gnumake", "jq", "nix", + "(import <stockholm>).pkgs.populate", "(import <stockholm>).pkgs.test.infest-cac-centos7" ] # TODO: --pure , prepare ENV in nix-shell command: # SSL_CERT_FILE,LOGNAME,NIX_REMOTE @@ -95,8 +96,7 @@ for i in [ "test-centos7", "wolf", "test-failing" ]: addShell(f,name="populate-{}".format(i),env=env, command=nixshell + \ - ["{}( make system={} eval.config.krebs.build.populate \ - | jq -er .)".format("!" if "failing" in i else "",i)]) + ["{}(make system={} populate debug=true)".format("!" if "failing" in i else "",i)]) # XXX we must prepare ./retiolum.rsa_key.priv for secrets to work addShell(f,name="instantiate-test-all-modules",env=env, @@ -179,7 +179,7 @@ masterhost = "localhost"; username = "testslave"; password = "krebspass"; - packages = with pkgs;[ git nix gnumake jq rsync ]; + packages = with pkgs; [ gnumake jq nix populate ]; # all nix commands will need a working nixpkgs installation extraEnviron = { NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; }; diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix new file mode 100644 index 0000000..360390c --- /dev/null +++ b/tv/1systems/alnus.nix @@ -0,0 +1,103 @@ +{ config, pkgs, ... }: + +with config.krebs.lib; + +{ + imports = [ + ../. + ../2configs/hw/x220.nix + ../2configs/exim-retiolum.nix + ../2configs/retiolum.nix + ]; + + # TODO remove non-hardware stuff from ../2configs/hw/x220.nix + # networking.wireless.enable collides with networkmanager + networking.wireless.enable = mkForce false; + + boot = { + initrd = { + availableKernelModules = [ "ahci" ]; + luks = { + cryptoModules = [ "aes" "sha512" "xts" ]; + devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + }; + }; + loader = { + efi.canTouchEfiVariables = true; + gummiboot.enable = true; + }; + }; + + environment.systemPackages = with pkgs; [ + chromium + firefoxWrapper + networkmanagerapplet + pidginotr + pidgin-with-plugins + ]; + + fileSystems = { + "/boot" = { + device = "/dev/sda1"; + }; + "/" = { + device = "/dev/mapper/main-root"; + fsType = "btrfs"; + options = [ "defaults" "noatime" ]; + }; + "/home" = { + device = "/dev/mapper/main-home"; + fsType = "btrfs"; + options = [ "defaults" "noatime" ]; + }; + }; + + hardware = { + enableAllFirmware = true; + opengl.driSupport32Bit = true; + pulseaudio.enable = true; + }; + + i18n.defaultLocale = "de_DE.UTF-8"; + + krebs.build = { + host = config.krebs.hosts.alnus; + user = mkForce config.krebs.users.dv; + source.nixpkgs.git.ref = mkForce "d7450443c42228832c68fba203a7c15cfcfb264e"; + }; + + networking.networkmanager.enable = true; + + nixpkgs.config = { + allowUnfree = true; + chromium.enablePepperFlash = true; + firefox.enableAdobeFlash = true; + }; + + services.xserver = { + enable = true; + layout = "de"; + xkbOptions = "eurosign:e"; + synaptics = { + enable = true; + twoFingerScroll = true; + }; + desktopManager.xfce.enable = true; + displayManager.auto = { + enable = true; + user = "dv"; + }; + }; + + swapDevices =[ ]; + + users.users.dv = { + inherit (config.krebs.users.dv) home uid; + isNormalUser = true; + extraGroups = [ + "audio" + "video" + "networkmanager" + ]; + }; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index a9ba1ea..04009f5 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -7,18 +7,18 @@ with config.krebs.lib; krebs.build = { user = config.krebs.users.tv; - source = mapAttrs (_: mkDefault) ({ - nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix"; - secrets = "/home/tv/secrets/${config.krebs.build.host.name}"; - secrets-common = "/home/tv/secrets/common"; - stockholm = "/home/tv/stockholm"; - nixpkgs = { + source = let inherit (config.krebs.build) host; in { + nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; + secrets.file = "/home/tv/secrets/${host.name}"; + secrets-common.file = "/home/tv/secrets/common"; + stockholm.file = "/home/tv/stockholm"; + nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - rev = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; + ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; }; - } // optionalAttrs config.krebs.build.host.secure { - secrets-master = "/home/tv/secrets/master"; - }); + } // optionalAttrs host.secure { + secrets-master.file = "/home/tv/secrets/master"; + }; }; networking.hostName = config.krebs.build.host.name; diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 9bcf8f3..4bc9713 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -36,6 +36,7 @@ let much = {}; newsbot-js = {}; nixpkgs = {}; + populate.desc = "source code installer"; push = {}; regfish = {}; soundcloud = { |