diff options
author | tv <tv@krebsco.de> | 2017-06-27 19:40:31 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2017-06-27 19:40:31 +0200 |
commit | e1e16e0d5d3c8b80000899920cea89c1b8bd5be4 (patch) | |
tree | f3f2765ac510bc578d2a9c350e9384284fe5fd83 | |
parent | 74429f245d366e783ecbcfb0ebd83a7f57e78e6a (diff) | |
parent | 10b6ac40265a0f653b8753e87894cbfb6fa00590 (diff) |
Merge remote-tracking branch 'prism/master'
-rw-r--r-- | krebs/3modules/setuid.nix | 2 | ||||
-rw-r--r-- | krebs/4lib/infest/prepare.sh | 7 | ||||
-rw-r--r-- | krebs/5pkgs/simple/brain/default.nix | 4 | ||||
-rw-r--r-- | lass/1systems/iso.nix | 2 | ||||
-rw-r--r-- | lass/1systems/mors.nix | 12 | ||||
-rw-r--r-- | lass/1systems/prism.nix | 4 | ||||
-rw-r--r-- | lass/2configs/buildbot-standalone.nix | 120 | ||||
-rw-r--r-- | lass/2configs/ciko.nix | 23 | ||||
-rw-r--r-- | lass/2configs/htop.nix | 2 | ||||
-rw-r--r-- | lass/2configs/mail.nix | 2 | ||||
-rw-r--r-- | lass/2configs/mc.nix | 2 | ||||
-rw-r--r-- | lass/2configs/mpv.nix | 2 | ||||
-rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
-rw-r--r-- | lass/2configs/radio.nix | 5 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 4 | ||||
-rw-r--r-- | makefu/1systems/x.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/default.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/deployment/dirctator.nix | 30 | ||||
-rw-r--r-- | makefu/2configs/git/brain-retiolum.nix | 57 |
19 files changed, 165 insertions, 119 deletions
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index a17ec0883..02176ec4a 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -5,7 +5,7 @@ let out = { options.krebs.setuid = api; - config = imp; + config = mkIf (cfg != {}) imp; }; api = mkOption { diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 3f5d66431..50d521e17 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -43,6 +43,13 @@ prepare() {( exit esac ;; + stockholm) + case $(cat /proc/cmdline) in + *' root=LABEL=NIXOS_ISO '*) + prepare_nixos_iso "$@" + exit + esac + ;; esac elif test -e /etc/centos-release; then case $(cat /etc/centos-release) in diff --git a/krebs/5pkgs/simple/brain/default.nix b/krebs/5pkgs/simple/brain/default.nix index 079db825f..e69b44f0f 100644 --- a/krebs/5pkgs/simple/brain/default.nix +++ b/krebs/5pkgs/simple/brain/default.nix @@ -1,11 +1,11 @@ { pass, writeOut, writeDash, ... }: writeOut "brain" { - "/bin/brain-pass".link = writeDash "brain-pass" '' + "/bin/brain".link = writeDash "brain" '' PASSWORD_STORE_DIR=$HOME/brain \ exec ${pass}/bin/pass $@ ''; - "/bin/brain-passmenu".link = writeDash "brain-passmenu" '' + "/bin/brainmenu".link = writeDash "brainmenu" '' PASSWORD_STORE_DIR=$HOME/brain \ exec ${pass}/bin/passmenu $@ ''; diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 8b2e82d31..b45d5b228 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -21,7 +21,6 @@ with import <stockholm/lib>; coreutils = pkgs.symlinkJoin { name = "coreutils-hack"; paths = [ - pkgs.coreutils (pkgs.writeDashBin "tee" '' if test "$1" = /dev/stderr; then while read -r line; do @@ -32,6 +31,7 @@ with import <stockholm/lib>; ${super.coreutils}/bin/tee "$@" fi '') + pkgs.coreutils ]; }; }; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 6790c0aea..b9ab54503 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -17,7 +17,7 @@ with import <stockholm/lib>; ../2configs/steam.nix ../2configs/wine.nix ../2configs/git.nix - ../2configs/libvirt.nix + ../2configs/virtualbox.nix ../2configs/fetchWallpaper.nix #../2configs/c-base.nix ../2configs/mail.nix @@ -156,15 +156,6 @@ with import <stockholm/lib>; #activationScripts #split up and move into base system.activationScripts.powertopTunables = '' - #Enable Audio codec power management - echo '1' > '/sys/module/snd_hda_intel/parameters/power_save' - #VM writeback timeout - echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs' - #Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp] - #echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control' - #Autosuspend for USB device Biometric Coprocessor - #echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control' - #Runtime PMs echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control' echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' @@ -183,6 +174,7 @@ with import <stockholm/lib>; environment.systemPackages = with pkgs; [ acronym + brain cac-api sshpass get diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 02054a8e5..af847333d 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -46,6 +46,10 @@ in { ../2configs/paste.nix ../2configs/syncthing.nix ../2configs/coders-irc.nix + ../2configs/ciko.nix + { + lass.pyload.enable = true; + } { imports = [ ../2configs/bepasty.nix diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 5edd1075d..e765ddbb4 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -32,7 +32,7 @@ in { stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', - pollinterval=120 + pollinterval=10 ) ) ''; @@ -44,7 +44,7 @@ in { change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=10, name="build-all-branches", - builderNames=["build-hosts", "build-pkgs"] + builderNames=["build-hosts"] ) ) ''; @@ -77,6 +77,11 @@ in { "NIX_REMOTE": "daemon", "dummy_secrets": "true", } + env_tv = { + "LOGNAME": "tv", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } # prepare nix-shell # the dependencies which are used by the test script @@ -91,6 +96,7 @@ in { # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = [ "nix-shell", + "-I", "/var/src", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] @@ -103,45 +109,31 @@ in { build-hosts = '' f = util.BuildFactory() f.addStep(grab_repo) - for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: - addShell(f,name="build-{}".format(i),env=env_shared, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make NIX_PATH=$HOME/$LOGNAME test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(i) - ] + + def build_host(env, host): + addShell(f,name="build-{}".format(i),env=env, + command=nixshell + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + echo $HOME; echo $LOGNAME; \ + test -e $HOME/$LOGNAME/nixpkgs || cp -r /var/src/nixpkgs $HOME/$LOGNAME/; \ + make NIX_PATH=$HOME/$LOGNAME:secrets=/var/src/stockholm/null test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ + system={}".format(host)] ) + for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]: + build_host(env_tv, i) + for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: - addShell(f,name="build-{}".format(i),env=env_lass, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make NIX_PATH=$HOME/$LOGNAME test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(i) - ] - ) + build_host(env_lass, i) for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: - addShell(f,name="build-{}".format(i),env=env_makefu, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make NIX_PATH=$HOME/$LOGNAME test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(i) - ] - ) + build_host(env_makefu, i) for i in [ "hiawatha", "onondaga" ]: - addShell(f,name="build-{}".format(i),env=env_nin, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make NIX_PATH=$HOME/$LOGNAME test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(i) - ] - ) + build_host(env_nin, i) + + for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: + build_host(env_shared, i) bu.append( util.BuilderConfig( @@ -152,63 +144,6 @@ in { ) ''; - - build-pkgs = '' - f = util.BuildFactory() - f.addStep(grab_repo) - for i in [ - "apt-cacher-ng", - "bepasty-client-cli", - "cac-api", - "cac-cert", - "cac-panel", - "charybdis", - "collectd-connect-time", - "dic", - "drivedroid-gen-repo", - "exim", - "fortclientsslvpn", - "get", - "git-hooks", - "github-hosts-sync", - "go", - "hashPassword", - "haskellPackages.blessings", - "haskellPackages.email-header", - "haskellPackages.scanner", - "haskellPackages.xmonad-stockholm", - "krebspaste", - "logf", - "much", - "newsbot-js", - "noVNC", - "ovh-zone", - "passwdqc-utils", - "populate", - "posix-array", - "pssh", - "push", - "Reaktor", - "realwallpaper", - "repo-sync", - "retiolum-bootstrap", - "tarantool", - "test", - "tinc_graphs", - "translate-shell", - "urlwatch", - "with-tmpdir", - "youtube-tools", - ]: - addShell(f,name="build-{}".format(i),env=env_lass, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make system=prism pkgs.{}".format(i)]) - - bu.append(util.BuilderConfig(name="build-pkgs", - workernames=workernames, - factory=f)) - ''; }; enable = true; web.enable = true; @@ -230,9 +165,6 @@ in { username = "testworker"; password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate ]; - extraEnviron = { - NIX_PATH="/var/src"; - }; }; config.krebs.iptables = { tables = { diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix new file mode 100644 index 000000000..56c9a286c --- /dev/null +++ b/lass/2configs/ciko.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + users.users.ciko = { + uid = genid_signed "ciko"; + description = "acc for ciko"; + home = "/home/ciko"; + useDefaultShell = true; + createHome = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" + ]; + }; + krebs.exim-smarthost = { + internet-aliases = [ + { from = "*@slash16.net"; to = "ciko"; } + ]; + sender_domains = [ + "slash16.net" + ]; + }; +} + diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix index ec86d4120..d9307347e 100644 --- a/lass/2configs/htop.nix +++ b/lass/2configs/htop.nix @@ -8,7 +8,6 @@ with import <stockholm/lib>; htop = pkgs.symlinkJoin { name = "htop"; paths = [ - super.htop (pkgs.writeDashBin "htop" '' export HTOPRC=${pkgs.writeText "htoprc" '' fields=0 48 17 18 38 39 40 2 46 47 49 1 @@ -38,6 +37,7 @@ with import <stockholm/lib>; ''} exec ${super.htop}/bin/htop "$@" '') + super.htop ]; }; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 5748b6eaf..feb532709 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -116,10 +116,10 @@ let mutt = pkgs.symlinkJoin { name = "mutt"; paths = [ - pkgs.neomutt (pkgs.writeDashBin "mutt" '' exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@ '') + pkgs.neomutt ]; }; diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index 62fd52f3f..3bd1852a8 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -325,7 +325,6 @@ in { (pkgs.symlinkJoin { name = "mc"; paths = [ - pkgs.mc (pkgs.writeDashBin "mc" '' export MC_DATADIR=${pkgs.writeOut "mc-ext" { "/mc.ext".link = mcExt; @@ -334,6 +333,7 @@ in { export TERM=xterm-256color exec ${pkgs.mc}/bin/mc -S xoria256 "$@" '') + pkgs.mc ]; }) ]; diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index c8b590857..04fd9213e 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -10,10 +10,10 @@ let mpv = pkgs.symlinkJoin { name = "mpv"; paths = [ - pkgs.mpv (pkgs.writeDashBin "mpv" '' exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@" '') + pkgs.mpv ]; }; diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 1c68d58d5..2adba34bb 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "0a4db15"; + ref = "4847963"; }; } diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 1e14e31bb..7f531bf3a 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -132,7 +132,10 @@ in { krebs.Reaktor.playlist = { nickname = "the_playlist|r"; - channels = [ "#the_playlist" ]; + channels = [ + "#the_playlist" + "#krebs" + ]; extraEnviron = { REAKTOR_HOST = "irc.freenode.org"; }; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index b0d28d4da..aaf311576 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -35,17 +35,16 @@ in { "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" - "360gradvideo.tv" "ubikmedia.eu" "facts.cloud" "youthtube.xyz" "illucloud.eu" "illucloud.de" "illucloud.com" + "joemisch.com" "www.apanowicz.de" "www.nirwanabluete.de" "www.aldonasiech.com" - "www.360gradvideo.tv" "www.ubikmedia.eu" "www.facts.cloud" "www.youthtube.xyz" @@ -62,7 +61,6 @@ in { "karlaskop.ubikmedia.de" "nb.ubikmedia.de" "youthtube.ubikmedia.de" - "joemisch.com" ]) ]; diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index d1503c8d7..ee3a7bb1b 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -55,7 +55,7 @@ with import <stockholm/lib>; ../2configs/rad1o.nix # services - #../2configs/git/brain-retiolum.nix + ../2configs/git/brain-retiolum.nix ../2configs/tor.nix ../2configs/steam.nix # ../2configs/buildbot-standalone.nix diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 0d61e8dee..bcd998826 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -22,7 +22,7 @@ with import <stockholm/lib>; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "a772c3a"; # unstable @ 2017-05-09 + graceful requests2 + ref = "7a7c39c"; # unstable @ 2017-05-09 + graceful requests2 + logstash5 in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { diff --git a/makefu/2configs/deployment/dirctator.nix b/makefu/2configs/deployment/dirctator.nix new file mode 100644 index 000000000..b8e61955d --- /dev/null +++ b/makefu/2configs/deployment/dirctator.nix @@ -0,0 +1,30 @@ +{ pkgs, lib, ... }: + +with lib; +let + port = 18872; + runit = pkgs.writeDash "runit" '' + set -xeuf + export PULSE_COOKIE=/var/run/pulse/.config/pulse/cookie + echo "$@" | sed 's/^dirctator://' | ${pkgs.espeak}/bin/espeak -v mb-de7 2>&1 | tee -a /tmp/speak + ''; +in { + services.logstash = { + package = pkgs.logstash5; + enable = true; + inputConfig = '' + irc { + channels => [ "#krebs", "#afra" ] + host => "irc.freenode.net" + nick => "dirctator" + } + ''; + filterConfig = '' + ''; + outputConfig = '' + stdout { codec => rubydebug } + exec { command => "${runit} '%{message}" } + ''; + plugins = [ ]; + }; +} diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix new file mode 100644 index 000000000..18275e3df --- /dev/null +++ b/makefu/2configs/git/brain-retiolum.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }: +# TODO: remove tv lib :) +with import <stockholm/lib>; +let + + repos = krebs-repos; + rules = concatMap krebs-rules (attrValues krebs-repos); + + krebs-repos = mapAttrs make-krebs-repo { + brain = { }; + }; + + + make-krebs-repo = with git; name: { cgit ? {}, ... }: { + inherit cgit name; + public = false; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = true; + channel = "#retiolum"; + # TODO remove the hardcoded hostname + server = "ni.r"; + }; + }; + }; + + + + # TODO: get the list of all krebsministers + krebsminister = with config.krebs.users; [ lass tv ]; + krebs-rules = repo: + set-owners repo [ config.krebs.users.makefu ] ++ set-ro-access repo krebsminister; + + set-ro-access = with git; repo: user: + optional repo.public { + inherit user; + repo = [ repo ]; + perm = fetch; + }; + + set-owners = with git;repo: user: + singleton { + inherit user; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + }; + +in { + krebs.git = { + enable = true; + cgit = { + enable = false; + }; + inherit repos rules; + }; +} |