Merge branch 'staging/jeschli' of prism.r:stockholm

12 files changed, 209 insertions, 41 deletions

diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 901970e81..873c0fa3d 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -38,7 +38,7 @@
 
   networking.hostName = "BLN02NB0154"; # Define your hostname.
   networking.networkmanager.enable = true;
-   #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
   # Select internationalisation properties.
   # i18n = {
@@ -54,7 +54,11 @@
   # List packages installed in system profile. To search by name, run:
   # $ nix-env -qaP | grep wget
   nixpkgs.config.allowUnfree = true;
-  environment.shellAliases = { n = "nix-shell"; };
+  environment.shellAliases = { 
+    n = "nix-shell"; 
+    gd = "cd /home/markus/go/src/gitlab.dcso.lolcat"; 
+    gh = "cd /home/markus/go/src/github.com"; 
+  };
   environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
   environment.systemPackages = with pkgs; [
   # system helper
@@ -62,6 +66,7 @@
     copyq
     dmenu
     git
+    tig
     i3lock
     keepass
     networkmanagerapplet
@@ -72,6 +77,8 @@
     rxvt_unicode
   # editors
     emacs
+  # databases
+    sqlite
   # internet 
     thunderbird
     hipchat
@@ -91,6 +98,7 @@
     jetbrains.pycharm-professional
     jetbrains.webstorm
     jetbrains.goland
+    jetbrains.datagrip
     texlive.combined.scheme-full
     pandoc
     redis
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index ba6d85e7a..0567d58ba 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -44,7 +44,7 @@ with import <stockholm/lib>;
       cores = 2;
       nets = rec {
         internet = {
-          ip4.addr = "45.62.226.163";
+          ip4.addr = "64.137.242.41";
           aliases = [
             "echelon.i"
           ];
diff --git a/krebs/6tests/data/test-config.nix b/krebs/6tests/data/test-config.nix
new file mode 100644
index 000000000..f0927ddd9
--- /dev/null
+++ b/krebs/6tests/data/test-config.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/krebs>
+    <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
+    <nixpkgs/nixos/modules/testing/test-instrumentation.nix>
+  ];
+
+  krebs.hosts.minimal = {
+    cores = 1;
+    secure = false;
+  };
+
+  boot.loader.grub.enable = false;
+  boot.loader.systemd-boot.enable = true;
+
+  krebs.build = {
+    host = config.krebs.hosts.minimal;
+    user = config.krebs.users.krebs;
+  };
+}
diff --git a/krebs/6tests/data/test-source.nix b/krebs/6tests/data/test-source.nix
new file mode 100644
index 000000000..dfc6b3297
--- /dev/null
+++ b/krebs/6tests/data/test-source.nix
@@ -0,0 +1,12 @@
+with import <stockholm/lib>;
+evalSource "" [{
+  nixos-config = {
+    symlink.target = toString ./test-config;
+  };
+  nixpkgs = {
+    symlink.target = toString <nixpkgs>;
+  };
+  stockholm = {
+    symlink.target = toString <stockholm>;
+  };
+}]
diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix
new file mode 100644
index 000000000..842bbc22a
--- /dev/null
+++ b/krebs/6tests/deploy.nix
@@ -0,0 +1,110 @@
+with import <stockholm/lib>;
+import <nixpkgs/nixos/tests/make-test.nix> ({ pkgs, ... }:
+
+let
+  test-config = <stockholm/krebs/6tests/data/test-config.nix>;
+  privKey = ''
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy
+    ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ
+    AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz
+    eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ=
+    -----END OPENSSH PRIVATE KEY-----
+  '';
+  pubKey = ''
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1
+  '';
+
+  ssh-config = pkgs.writeText "ssh-config" ''
+    Host server
+        StrictHostKeyChecking no
+        UserKnownHostsFile=/dev/null
+  '';
+
+  populate-source = {
+    nixos-config = {
+      symlink.target = test-config;
+      type = "symlink";
+    };
+    nixpkgs = {
+      symlink.target = <nixpkgs>;
+      type = "symlink";
+    };
+    stockholm = {
+      symlink.target = <stockholm>;
+      type = "symlink";
+    };
+  };
+
+  test-deploy = pkgs.writeDash "test-deploy" ''
+    cd ${<stockholm>}
+    export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH
+    exec >&2
+    : ${minimalSystem}
+    source=${pkgs.writeJSON "source.json" populate-source}
+    cat > /tmp/derp <<EOF
+      builtins.fromJSON (builtins.readFile "$source")
+    EOF
+    LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
+    #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
+    #    --force-populate \
+    #    --source=/tmp/derp \
+    #    --system=server \
+  '';
+  minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
+    modules = [
+      test-config
+    ];
+  }).config.system.build.toplevel;
+
+in {
+  name = "deploy";
+
+  nodes = {
+
+    server =
+      { config, pkgs, ... }:
+
+      {
+        imports = [ test-config ];
+        environment.variables = {
+          NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}";
+          #LOL = minimalSystem;
+        };
+        services.openssh.enable = true;
+        users.extraUsers.root.openssh.authorizedKeys.keys = [
+          pubKey
+        ];
+        #virtualisation.writableStore = true;
+        virtualisation.pathsInNixDB = [
+          minimalSystem
+          pkgs.stockholm
+        ];
+      };
+
+    client =
+      { config, pkgs, ... }: { };
+
+  };
+
+  testScript = ''
+    startAll;
+
+    $server->waitForUnit("sshd");
+
+    $client->succeed("mkdir -p -m 700 /root/.ssh");
+    $client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519");
+    $client->succeed("cp ${ssh-config} /root/.ssh/config");
+    $client->succeed("chmod 600 /root/.ssh/id_ed25519");
+
+    $server->waitForUnit("network.target");
+    $server->succeed("ip route show 1>&2");
+    $client->waitForUnit("network.target");
+    $client->succeed("${test-deploy}");
+    $server->succeed("nixos-rebuild -I /var/src switch");
+
+    $client->shutdown;
+    $server->shutdown;
+  '';
+})
diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix
index b14ef2a3e..8bd9735a9 100644
--- a/lass/1systems/helios/config.nix
+++ b/lass/1systems/helios/config.nix
@@ -20,20 +20,26 @@ with import <stockholm/lib>;
       boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
       boot.kernelModules = [ "kvm-intel" ];
 
-      fileSystems."/" =
-        { device = "/dev/pool/root";
-          fsType = "btrfs";
-        };
+      fileSystems."/" = {
+        device = "/dev/pool/root";
+        fsType = "btrfs";
+      };
+
+      fileSystems."/boot" = {
+        device = "/dev/disk/by-uuid/1F60-17C6";
+        fsType = "vfat";
+      };
 
-      fileSystems."/boot" =
-        { device = "/dev/disk/by-uuid/1F60-17C6";
-          fsType = "vfat";
-        };
+      fileSystems."/home" = {
+        device = "/dev/pool/home";
+        fsType = "btrfs";
+      };
 
-      fileSystems."/home" =
-        { device = "/dev/pool/home";
-          fsType = "btrfs";
-        };
+      fileSystems."/tmp" = {
+        device = "tmpfs";
+        fsType = "tmpfs";
+        options = ["nosuid" "nodev" "noatime"];
+      };
 
       nix.maxJobs = lib.mkDefault 8;
     }
@@ -150,4 +156,7 @@ with import <stockholm/lib>;
 
   services.printing.drivers = [ pkgs.postscript-lexmark ];
 
+  services.logind.extraConfig = ''
+    HandleLidSwitch=ignore
+  '';
 }
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 87270b8b8..1cca76331 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -186,6 +186,7 @@ in {
       #hotdog
       containers.hotdog = {
         config = { ... }: {
+          environment.systemPackages = [ pkgs.git ];
           services.openssh.enable = true;
           users.users.root.openssh.authorizedKeys.keys = [
             config.krebs.users.lass.pubkey
@@ -201,6 +202,7 @@ in {
       #kaepsele
       containers.kaepsele = {
         config = { ... }: {
+          environment.systemPackages = [ pkgs.git ];
           services.openssh.enable = true;
           users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
             lass.pubkey
@@ -217,6 +219,7 @@ in {
       #onondaga
       containers.onondaga = {
         config = { ... }: {
+          environment.systemPackages = [ pkgs.git ];
           services.openssh.enable = true;
           users.users.root.openssh.authorizedKeys.keys = [
             config.krebs.users.lass.pubkey
@@ -290,7 +293,11 @@ in {
     {
       krebs.git.rules = [
         {
-          user = [ config.krebs.users.jeschli ];
+          user = with config.krebs.users; [
+            jeschli
+            jeschli-bln
+            jeschli-brauerei
+          ];
           repo = [ config.krebs.git.repos.stockholm ];
           perm = with git; push "refs/heads/staging/jeschli" [ fast-forward non-fast-forward create delete merge ];
         }
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 0ff47407a..6f5533b0d 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -66,12 +66,12 @@ in {
 
   environment.systemPackages = with pkgs; [
     acpi
+    bank
     dic
     dmenu
     gi
     git-preview
     gitAndTools.qgit
-    haskellPackages.hledger
     lm_sensors
     mpv-poll
     much
diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix
index 2b91f91d6..cbf853d64 100644
--- a/lass/2configs/dcso-dev.nix
+++ b/lass/2configs/dcso-dev.nix
@@ -16,8 +16,9 @@ in {
       openssh.authorizedKeys.keys = [
         config.krebs.users.lass.pubkey
         config.krebs.users.lass-android.pubkey
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDhQdDQFMxXOjbC+Avx3mlcFHqQpFUk/q9sO6ATA65jCV3YzN11vhZDDv54hABVS2h8TPXs7Lu3PCvK9qouASd2h4Ie9cExUmn50G/iwgFIODsCugVYBzVt1iwaAdwz1Hb9DKYXbVXanzVJjimmrrlQNvsyZg85lcnfyedpPX5ad+4FdSP68LHqEHC18LTitldR6V4P1omaKHlOtVpDgR/72tDgbtNZDBn3EU+TPk9OLTzjc6PinPw4iIvjEfiu14APwXpFDIqT7P7SjOEFpa0v/1z7dhxIy/Z9XbqyEdUfhv3PjZR5K2C+VzR7g6jVEVR2xFId51MpLv/Un4/lalbphBEw3I90Rr8tatOJiFhyrXbaKTcLqp1sIu05OxdPkm3hzfmLIhoKxhaIlXH7WQ9sAqxL1NAQ7O+J6yT4DMnwKzvpkkJjBaGtV84Pp1cccfNRH8XXID3FkWkrUpdgXWBpyLnRq4ilUJTajkU0GSdXkq8kLL3mWg9LPRTg3dmDj61ZB/qhjM61ppwHJvDRN9WI5HruXIU6nOQjh5yE2C/JZfLcsZD4Y1UDBy5/JSZrCVT2sQjFopkkYEkRCbX7oITHOH4iyRdxZkKWLUPboFrcmBpXO+owCEhO4JZrtfFWMC6qM++nrmiZWOrdIOIvdYHWluhKR2shlkisEKQP5pUqkw== markus.hihn@dcso.de"
+        config.krebs.users.jeschli-bln.pubkey
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1T5+2epslFARSnETdr4wdolA6ocJaD4H9tmz6BZFQKXlwIq+OMp+sSEdwYwW3Lu9+mNbBHPxVVJDWg/We9DXB0ezXPM5Bs1+FcehmkoGwkmgKaFCDt0sL+CfSnog/3wEkN21O/rQxVFqMmiJ7WUDGci6IKCFZ5ZjOsmmfHg5p3LYxU9xv33fNr2v+XauhrGbFtQ7eDz4kSywxN/aw73LN4d8em0V0UV8VPI3Qkw7MamDFwefA+K1TfK8pBzMeruU6N7HLuNkpkAp7kS+K4Zzd72aQtR37a5qMiFUbOxQ9B7iFypuPx0iu6ZwY1s/sM8t3kLmcDJ9O4FOTzlbpneet3as6iJ+Ckr/TlfKor2Tl5pWcXh2FXHoG8VUu5bYmIViJBrKihAlAQfQN0mJ9fdFTnCXVTtbYTy11s4eEVHgUlb7oSpgBnx5bnBONgApbsOX9zyoo8wz8KkZBcf1SQpkV5br8uUAHCcZtHuY6I3kKlv+8lJmgUipiYzMdTi7+dHa49gVEcEKL4ZnJ0msQkl4XT7JjKETLvumC4/TIqVuRu48wuYalkCR9OzxCsTXQ/msBJBztPdYLrEOXVb2HfzuCT+43UuMQ5rP/EoPy0TWQO9BaqfEXqvbOvWjVxj/GMvglQ2ChZTwHxwwTKB8qRVvJLnbZQwizQiSrkzjb6hRJfQ== u0_a165@localhost"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjtdqRxD0+UU7O8xogSqAQYd/Hrc79CTTKnvbhKy7jp2TVfxQpl81ndSH6DN6Cz90mu65C+DFGq43YtKTPqXmTn1+2wru71C2UOl6ZR0tmU7UELkRt4SJuFQLEgQCt3BWvXJPye6cKRRIlb+XZHWyVyCDxHo9EYO2GWI1wIP8mHMltKj65mobHY+R0CJNhhwlFURzTto8C30ejfVg2OW81qkNWqYtpdC9txLUlQ9/LBVKrafHGprmcBEp9qtecVgx8kxHpS7cuQNYoFcfljug4IyFO+uBfdbKqnGM5mra3huNhX3+AcQxKbLMlRgZD+jc47Xs+s5qSvWBou2ygd5T413k/SDOTCxDjidA+dcwzRo0qUWcGL201a5g+F0EvWv8rjre9m0lii6QKEoPyj60y3yfaIHeafels1Ia1FItjkBe8XydiXf7rKq8nmVRlpo8vl+vKwVuJY783tObHjUgBtXJdmnyYGiXxkxSrXa2mQhPz3KodK/QrnqCP27dURcMlp1hFF3LxFz7WtMCLW0yvDuUsuI2pdq0+zdt702wuwXVNIvbq/ssvX/CL8ryBLAogaxN9DN0vpjk+aXQLn11Zt99MgmnnqUgvOKQi1Quog/SxnSBiloKqB6aA10a28Uxoxkr0KAfhWhX3XPpfGMlbVj4GJuevLp0sGDVQT2biUQ== rhaist@RH-NB"
       ];
       packages = with pkgs; [
         emacs25-nox
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 6fbd4d0df..9ece2af77 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -27,15 +27,6 @@ in {
     ./sqlBackup.nix
     (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
     (servePage [
-      "karlaskop.de"
-      "www.karlaskop.de"
-    ])
-    (servePage [ "makeup.apanowicz.de" ])
-    (servePage [
-      "pixelpocket.de"
-      "www.pixelpocket.de"
-    ])
-    (servePage [
       "habsys.de"
       "habsys.eu"
       "www.habsys.de"
@@ -48,22 +39,18 @@ in {
       "nirwanabluete.de"
       "aldonasiech.com"
       "ubikmedia.eu"
-      "facts.cloud"
       "youthtube.xyz"
-      "illucloud.eu"
-      "illucloud.de"
-      "illucloud.com"
       "joemisch.com"
+      "weirdwednesday.de"
+
       "www.apanowicz.de"
       "www.nirwanabluete.de"
       "www.aldonasiech.com"
       "www.ubikmedia.eu"
-      "www.facts.cloud"
       "www.youthtube.xyz"
-      "www.illucloud.eu"
-      "www.illucloud.de"
-      "www.illucloud.com"
       "www.ubikmedia.de"
+      "www.weirdwednesday.de"
+
       "aldona2.ubikmedia.de"
       "apanowicz.ubikmedia.de"
       "cinevita.ubikmedia.de"
@@ -74,8 +61,6 @@ in {
       "nb.ubikmedia.de"
       "youthtube.ubikmedia.de"
       "weirdwednesday.ubikmedia.de"
-      "weirdwednesday.de"
-      "www.weirdwednesday.de"
       "freemonkey.ubikmedia.de"
       "jarugadesign.ubikmedia.de"
     ])
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 10df08e7f..a158cd3c6 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -21,6 +21,17 @@
     xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
     yt-next = pkgs.callPackage ./yt-next/default.nix {};
 
+    bank = pkgs.writeDashBin "bank" ''
+      tmp=$(mktemp)
+      ${pkgs.pass}/bin/pass show hledger > $tmp
+      ${pkgs.hledger}/bin/hledger --file=$tmp "$@"
+      ${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then
+        exit 0
+      else
+        ${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger
+      fi
+      ${pkgs.coreutils}/bin/rm $tmp
+    '';
     screengrab = pkgs.writeDashBin "screengrab" ''
       resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
       ${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
diff --git a/lass/source.nix b/lass/source.nix
index 710bfdf2d..bf992d4d2 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,11 +10,14 @@ in
       nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
       nixpkgs.git = {
         url = https://github.com/nixos/nixpkgs;
-        ref = "cb751f9";
+        ref = "af7e479";
       };
-      secrets.file = getAttr builder {
-        buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;
-        lass = "/home/lass/secrets/${name}";
+      secrets = getAttr builder {
+        buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
+        lass.pass = {
+          dir = "${getEnv "HOME"}/.password-store";
+          name = "hosts/${name}";
+        };
       };
       stockholm.file = toString <stockholm>;
     }