diff options
| author | tv <tv@krebsco.de> | 2016-02-15 16:27:11 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-02-15 16:34:50 +0100 |
| commit | 8f520b19b623919fa6319029a955d43fd051773c (patch) | |
| tree | 2181809786e54d053532fab2f24b1ff032592e41 | |
| parent | 673853e092c211e26a08030f87f9c868c6442a71 (diff) | |
don't try to mimic nixpkgs
55 files changed, 103 insertions, 306 deletions
@@ -9,10 +9,11 @@ export target_path ?= /var/src evaluate = \ nix-instantiate \ - --arg configuration ./$(LOGNAME)/1systems/$(system).nix \ --eval \ --readonly-mode \ --show-trace \ + -I nixos-config=./$(LOGNAME)/1systems/$(system).nix \ + -I stockholm=. \ $(1) execute = \ diff --git a/default.nix b/default.nix index c96d4dd1c..52e8924cd 100644 --- a/default.nix +++ b/default.nix @@ -1,86 +1,5 @@ -{ configuration ? import (nixpkgs-path + "/nixos/lib/from-env.nix") "NIXOS_CONFIG" <nixos-config> -, system ? builtins.currentSystem -, current-host-name ? - let v = builtins.getEnv "HOSTNAME"; in - if v != "" then v else builtins.readFile /proc/sys/kernel/hostname -, current-user-name ? - let v = builtins.getEnv "LOGNAME"; in - if v != "" then v else abort "undefined variable: LOGNAME" -, nixpkgs-path ? - if (builtins.tryEval <nixpkgs/krebs>).success - then <upstream-nixpkgs> - else <nixpkgs> -, StrictHostKeyChecking ? "yes" -}@args: - -let stockholm = { - inherit krebs; - inherit users; - inherit lib; - inherit config options pkgs; - system = config.system.build.toplevel; - }; - - krebs = import ./krebs (args // { inherit lib stockholm; }); - - lib = let - nlib = import (slib.npath "lib"); - klib = import (slib.kpath "4lib") { lib = nlib; }; - slib = rec { - nspath = ns: p: ./. + "/${ns}/${p}"; - npath = p: nixpkgs-path + "/${p}"; - kpath = nspath "krebs"; - upath = nspath current-user-name; - }; - ulib = let p = slib.upath "4lib"; in - nlib.optionalAttrs (klib.dir.has-default-nix p) - (import p { lib = nlib // klib; }); - in nlib // klib // slib // ulib // builtins; - - inherit (eval configuration) config options pkgs; - - base-module = { config, ... }: { - imports = builtins.filter lib.dir.has-default-nix (lib.concatLists [ - (map (f: f "2configs") [ lib.upath ]) - (map (f: f "3modules") [ lib.kpath lib.upath ]) - (map (f: f "5pkgs") [ lib.kpath lib.upath ]) - ]); - - krebs.lib = lib; - - krebs.current.enable = true; - krebs.current.host = config.krebs.hosts.${current-host-name}; - krebs.current.user = config.krebs.users.${current-user-name}; - }; - - eval = config: import (lib.npath "nixos/lib/eval-config.nix") { - inherit system; - specialArgs = { - inherit lib; - }; - modules = [ - base-module - config - ]; - }; - - # TODO move user namespaces' to users/, so no exception for krebs/ is needed - users = - lib.mapAttrs - (name: _: eval-all-systems (lib.nspath name "1systems")) - (lib.filterAttrs - (n: t: !lib.hasPrefix "." n && t == "directory" && n != "krebs") - (builtins.readDir ./.)); - - eval-all-systems = path: - lib.mapAttrs' - (n: _: (lib.nameValuePair (lib.removeSuffix ".nix" n) - (eval-system (path + "/${n}")))) - (builtins.readDir path); - - eval-system = path: rec { - inherit (eval path) config options; - system = config.system.build.toplevel; - }; - -in stockholm +import <nixpkgs/nixos/lib/eval-config.nix> { + modules = [ + (import <nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>) + ]; +} diff --git a/krebs/3modules/lib.nix b/krebs/3modules/lib.nix index 31390a263..b19f275b5 100644 --- a/krebs/3modules/lib.nix +++ b/krebs/3modules/lib.nix @@ -3,9 +3,13 @@ with lib; let out = { options.krebs.lib = api; + config = imp; }; api = mkOption { default = {}; type = types.attrs; }; + imp = { + krebs.lib = lib // import ../4lib { inherit lib; } // builtins; + }; in out diff --git a/krebs/default.nix b/krebs/default.nix index 17c035896..93e006f3d 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,193 +1,8 @@ -assert false; - -{ current-host-name -, current-user-name -, lib -, stockholm -, StrictHostKeyChecking ? "yes" -}: - -let out = { - inherit infest; - inherit init; - inherit nixos-install; - }; - - infest = - { system ? current-host-name - , target ? system - }@args: let - config = get-config system; - in '' - #! /bin/sh - # krebs.infest - set -efu - - ${rootssh target '' - ${builtins.readFile ./4lib/infest/prepare.sh} - ${builtins.readFile ./4lib/infest/install-nix.sh} - ''} - - (${nixos-install args}) - - ${rootssh target '' - ${builtins.readFile ./4lib/infest/finalize.sh} - ''} - ''; - - init = - { system ? current-host-name - }@args: let - config = get-config system; - in '' - #! /bin/sh - # krebs.init - set -efu - - system=${lib.shell.escape system} - secrets_dir=${config.krebs.build.source.dir.secrets.path} - key_type=ed25519 - key_file=$secrets_dir/ssh.id_$key_type - key_comment=$system - - if test -e "$key_file"; then - echo "Warning: privkey already exists: $key_file" >&2 - else - ssh-keygen \ - -C "$key_comment" \ - -t "$key_type" \ - -f "$key_file" \ - -N "" - rm "$key_file.pub" - fi - - pubkey=$(ssh-keygen -y -f "$key_file") - - cat<<EOF - # put following into config.krebs.hosts.$system: - ssh.privkey.path = <secrets/ssh.$key_type>; - ssh.pubkey = $(echo $pubkey | jq -R .); - EOF - ''; - - nixos-install = - { system ? current-host-name - , target ? system - }@args: let - in '' - #! /bin/sh - # krebs.nixos-install - (${populate (args // { root = "/mnt"; })}) - - ${rootssh target '' - export PATH; PATH=/root/.nix-profile/bin:$PATH - - src=$(type -p nixos-install) - cat_src() { - sed < "$src" "$( - { sed < "$src" -n ' - /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/= - /^nixpkgs=/= - /^NIX_PATH=/,/^$/{/./=} - - # Disable: Copy the NixOS/Nixpkgs sources to the target as - # the initial contents of the NixOS channel. - /^srcs=/,/^ln -sfn /= - ' - } | sed 's:$:s/^/#krebs#/:' - )" - } - - # Location to insert `nix-install` - i=$(sed -n '/^echo "building the system configuration/=' "$src") - - { - cat_src | sed -n "1,$i{p}" - cat ${doc (nix-install args)} - cat_src | sed -n "$i,\''${$i!p}" - } > nixos-install - chmod +x nixos-install - - # Wrap inserted nix-install into chroot. - nix_env=$(cat_src | sed -n ' - s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q - ') - echo "nix-env is $nix_env" >&2 - findpkg() {( - name=$1 - path=$(find /nix/store \ - -mindepth 1 -maxdepth 1 -type d -name '*-'"$name"'-*' \ - | head -n 1 | sed s:^/mnt::) - if echo "$path" | grep .; then - echo "$name is $path" >&2 - else - echo "Error: package not found: $name" >&2 - exit 1 - fi - )} - cacert=$(findpkg cacert) - coreutils=$(findpkg coreutils) - cp "$cacert"/etc/ssl/certs/ca-bundle.crt /mnt/root/SSL_CERT_FILE - env="$coreutils/bin/env SSL_CERT_FILE=/root/SSL_CERT_FILE" - sed -i ' - s:^NIX_PATH=:chroot $mountPoint '"$env"' &: - s:^nix-env:'"$nix_env"': - ' nixos-install - - ./nixos-install - ''} - ''; - - doc = s: - let b = "EOF${builtins.hashString "sha256" s}"; in - '' - <<\${b} - ${s} - ${b} - ''; - - get-config = system: let - config = stockholm.users.${current-user-name}.${system}.config - or (abort "unknown system: ${system}, user: ${current-user-name}"); - in config; - - nix-install = - { system ? current-host-name - , target ? system - }: - let - config = get-config system; - - nix-path = - lib.concatStringsSep ":" - (lib.mapAttrsToList (name: src: "${name}=${src.target-path}") - (config.krebs.build.source.dir // - config.krebs.build.source.git)); - in '' - set -efu - NIX_PATH=${lib.shell.escape nix-path} \ - nix-env \ - --show-trace \ - -f '<stockholm>' \ - --argstr current-host-name ${lib.shell.escape current-host-name} \ - --argstr current-user-name ${lib.shell.escape current-user-name} \ - --profile ${lib.shell.escape config.krebs.build.profile} \ - --set \ - -A ${lib.escapeShellArg (lib.concatStringsSep "." [ - "users" - config.krebs.build.user.name - config.krebs.build.host.name - "system" - ])} - ''; - - rootssh = target: script: - let - flags = "-o StrictHostKeyChecking=${StrictHostKeyChecking}"; - in - "ssh ${flags} root@${target} -T ${doc '' - set -efu - ${script} - ''}"; - -in out +{ config, lib, pkgs, ... }: +with config.krebs.lib; +{ + imports = [ + ./3modules + ./5pkgs + ]; +} diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index ab24b584b..98f509050 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -7,6 +7,7 @@ let ip = (head config.krebs.build.host.nets.internet.addrs4); in { imports = [ + ../. ../2configs/os-templates/CAC-CentOS-7-64bit.nix ../2configs/base.nix ../2configs/retiolum.nix diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix index cc9836dff..c7d016cd3 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire.nix @@ -2,6 +2,7 @@ { imports = [ + ../. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/base.nix ../2configs/git.nix diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 39af4a96f..2ff6dba70 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -7,6 +7,7 @@ let ip = (head config.krebs.build.host.nets.internet.addrs4); in { imports = [ + ../. ../2configs/os-templates/CAC-CentOS-7-64bit.nix ../2configs/base.nix ../2configs/retiolum.nix diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 67e3738ea..88fb6aac7 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -3,6 +3,7 @@ with builtins; { imports = [ + ../. ../2configs/baseX.nix ../2configs/browsers.nix ../2configs/programs.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index ebce93957..f6ac1b4e6 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -2,6 +2,7 @@ { imports = [ + ../. ../2configs/baseX.nix ../2configs/programs.nix ../2configs/bitcoin.nix diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 95c55533c..05b3470e5 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -6,6 +6,7 @@ let ip = (head config.krebs.build.host.nets.internet.addrs4); in { imports = [ + ../. ../2configs/base.nix ../2configs/downloading.nix ../2configs/git.nix diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index d53e783d0..0758164f0 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -3,6 +3,7 @@ with builtins; { imports = [ + ../. ../2configs/baseX.nix ../2configs/browsers.nix ../2configs/games.nix diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 68103c3ef..d2c96fdaa 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -50,12 +50,10 @@ with config.krebs.lib; user = config.krebs.users.lass; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix"; - nixpkgs = symlink:stockholm/nixpkgs; secrets = "/home/lass/secrets/${config.krebs.build.host.name}"; #secrets-common = "/home/lass/secrets/common"; stockholm = "/home/lass/stockholm"; - stockholm-user = "symlink:stockholm/lass"; - upstream-nixpkgs = { + nixpkgs = { url = https://github.com/Lassulus/nixpkgs; rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; dev = "/home/lass/src/nixpkgs"; diff --git a/lass/3modules/dnsmasq.nix b/lass/3modules/dnsmasq.nix index c05ad0fc9..83a9cb180 100644 --- a/lass/3modules/dnsmasq.nix +++ b/lass/3modules/dnsmasq.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with builtins; +with lib; let cfg = config.lass.dnsmasq; diff --git a/lass/3modules/newsbot-js.nix b/lass/3modules/newsbot-js.nix index ef4d97b76..5e340b26f 100644 --- a/lass/3modules/newsbot-js.nix +++ b/lass/3modules/newsbot-js.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with builtins; +with lib; let cfg = config.lass.newsbot-js; diff --git a/lass/default.nix b/lass/default.nix new file mode 100644 index 000000000..69b4abaac --- /dev/null +++ b/lass/default.nix @@ -0,0 +1,7 @@ +_: +{ + imports = [ + ../krebs + ./3modules + ]; +} diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix index fb9324ee9..f2c592ea9 100644 --- a/makefu/1systems/filepimp.nix +++ b/makefu/1systems/filepimp.nix @@ -11,6 +11,7 @@ let in { imports = [ # Include the results of the hardware scan. + ../. ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix ../2configs/smart-monitor.nix diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 43fc8109d..04adc4941 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -6,6 +6,7 @@ let internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; in { imports = [ + ../. ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix ../2configs/fs/simple-swap.nix diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 34d5a394d..6cff35e9d 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -20,6 +20,7 @@ let in { imports = [ + ../. # TODO: unlock home partition via ssh ../2configs/fs/single-partition-ext4.nix ../2configs/tinc-basic-retiolum.nix diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix index 51c124bbe..8791ad1d7 100644 --- a/makefu/1systems/pnp.nix +++ b/makefu/1systems/pnp.nix @@ -6,6 +6,7 @@ { imports = [ + ../. ../2configs/tinc-basic-retiolum.nix ../2configs/headless.nix ../../krebs/3modules/Reaktor.nix diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index d8ccc5846..b2cf0be79 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -6,6 +6,7 @@ { imports = [ # Include the results of the hardware scan. + ../. ../2configs/main-laptop.nix #< base-gui + zsh # Krebs diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix index 0c6ba09fb..6d2e7273d 100644 --- a/makefu/1systems/repunit.nix +++ b/makefu/1systems/repunit.nix @@ -7,6 +7,7 @@ { imports = [ # Include the results of the hardware scan. + ../. <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ../2configs/cgit-retiolum.nix ]; diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix index 990db65d2..d5d44cce0 100644 --- a/makefu/1systems/tsp.nix +++ b/makefu/1systems/tsp.nix @@ -6,6 +6,7 @@ { imports = [ # Include the results of the hardware scan. + ../. ../2configs/base-gui.nix ../2configs/tinc-basic-retiolum.nix ../2configs/fs/sda-crypto-root.nix diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 2dee83728..e07525d0d 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -6,6 +6,7 @@ krebs.build.host = config.krebs.hosts.vbob; imports = [ # Include the results of the hardware scan. + ../. <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> ../2configs/main-laptop.nix #< base-gui diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix index 8917e4339..b4f7c9058 100644 --- a/makefu/1systems/wbob.nix +++ b/makefu/1systems/wbob.nix @@ -2,6 +2,7 @@ { imports = [ # Include the results of the hardware scan. + ../. ../2configs/main-laptop.nix ]; krebs = { diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 41d207ed2..747321968 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -7,6 +7,7 @ |