summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-07-18 12:15:50 +0200
committerlassulus <lass@aidsballs.de>2016-07-18 12:15:50 +0200
commitaf1959e3bdaabc004663c2dc2120148c18aa6b7c (patch)
treee9f5237e90903a3a1fede41dc2300cffd405e817 /krebs/3modules
parenta71a9ed33a92ba901f7c605506bb2c3ee506e6c7 (diff)
parent33c96a89c5c72218a1c9f16bcea5909cd5135768 (diff)
Merge remote-tracking branch 'gum/master' into new-populate
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/build.nix162
-rw-r--r--krebs/3modules/tv/default.nix27
2 files changed, 39 insertions, 150 deletions
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 9cd095622..4848748cd 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -1,165 +1,27 @@
-{ config, lib, ... }:
+{ config, ... }:
with config.krebs.lib;
-let
- out = {
+{
+ options.krebs.build = {
# TODO deprecate krebs.build.host
- options.krebs.build.host = mkOption {
+ host = mkOption {
type = types.host;
};
- # TODO make krebs.build.profile shell safe
- options.krebs.build.profile = mkOption {
- type = types.str;
+ profile = mkOption {
+ type = types.absolute-path;
default = "/nix/var/nix/profiles/system";
};
- # TODO deprecate krebs.build.user
- options.krebs.build.user = mkOption {
- type = types.user;
- };
-
- options.krebs.build.source = mkOption {
- type = with types; attrsOf (either str (submodule {
- options = {
- url = str;
- rev = str;
- };
- }));
+ source = mkOption {
+ type = types.attrsOf types.source;
default = {};
};
- options.krebs.build.populate = mkOption {
- type = types.str;
- default = let
- target-user = maybeEnv "target_user" "root";
- target-host = maybeEnv "target_host" config.krebs.build.host.name;
- target-port = maybeEnv "target_port" "22";
- target-path = maybeEnv "target_path" "/var/src";
- out = ''
- #! /bin/sh
- set -eu
-
- ssh=''${ssh-ssh}
-
- verbose() {
- printf '%s%s\n' "$PS5$(printf ' %q' "$@")" >&2
- "$@"
- }
-
- { printf 'PS5=%q%q\n' @ "$PS5"
- echo ${shell.escape git-script}
- } | verbose $ssh -p ${shell.escape target-port} \
- ${shell.escape "${target-user}@${target-host}"} -T
-
- unset tmpdir
- trap '
- rm -f "$tmpdir"/*
- rmdir "$tmpdir"
- trap - EXIT INT QUIT
- ' EXIT INT QUIT
- tmpdir=$(mktemp -dt stockholm.XXXXXXXX)
- chmod 0755 "$tmpdir"
-
- ${concatStringsSep "\n" (mapAttrsToList (name: symlink: ''
- verbose ln -s ${shell.escape symlink.target} \
- "$tmpdir"/${shell.escape name}
- '') source-by-method.symlink)}
-
- verbose proot \
- -b "$tmpdir":${shell.escape target-path} \
- ${concatStringsSep " \\\n " (mapAttrsToList (name: file:
- "-b ${shell.escape "${file.path}:${target-path}/${name}"}"
- ) source-by-method.file)} \
- rsync \
- -f ${shell.escape "P /*"} \
- ${concatMapStringsSep " \\\n " (name:
- "-f ${shell.escape "R /${name}"}"
- ) (attrNames source-by-method.file)} \
- --delete \
- -vFrlptD \
- -e "$ssh -p ${shell.escape target-port}" \
- ${shell.escape target-path}/ \
- ${shell.escape "${target-user}@${target-host}:${target-path}"}
- '';
-
- git-script = ''
- #! /bin/sh
- set -efu
-
- export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
-
- verbose() {
- printf '%s%s\n' "$PS5$(printf ' %q' "$@")" >&2
- "$@"
- }
-
- fetch_git() {(
- dst_dir=$1
- src_url=$2
- src_ref=$3
-
- if ! test -e "$dst_dir"; then
- git clone "$src_url" "$dst_dir"
- fi
-
- cd "$dst_dir"
-
- if ! url=$(git config remote.origin.url); then
- git remote add origin "$src_url"
- elif test "$url" != "$src_url"; then
- git remote set-url origin "$src_url"
- fi
-
- # TODO resolve src_ref to commit hash
- hash=$src_ref
-
- if ! test "$(git log --format=%H -1)" = "$hash"; then
- git fetch origin
- git checkout "$hash" -- "$dst_dir"
- git checkout -f "$hash"
- fi
-
- git clean -dxf
- )}
-
- ${concatStringsSep "\n" (mapAttrsToList (name: git: ''
- verbose fetch_git ${concatMapStringsSep " " shell.escape [
- "${target-path}/${name}"
- git.url
- git.rev
- ]}
- '') source-by-method.git)}
- '';
- in out;
+ # TODO deprecate krebs.build.user
+ user = mkOption {
+ type = types.user;
};
-
- };
-
- source-by-method = let
- known-methods = ["git" "file" "symlink"];
- in genAttrs known-methods (const {}) // recursiveUpdate source-by-scheme {
- git = source-by-scheme.http or {} //
- source-by-scheme.https or {};
};
-
- source-by-scheme = foldl' (out: { k, v }: recursiveUpdate out {
- ${v.scheme}.${k} = v;
- }) {} (mapAttrsToList (k: v: { inherit k v; }) normalized-source);
-
- normalized-source = mapAttrs (name: let f = x: getAttr (typeOf x) {
- path = f (toString x);
- string = f {
- url = if substring 0 1 x == "/" then "file://${x}" else x;
- };
- set = let scheme = head (splitString ":" x.url); in recursiveUpdate x {
- inherit scheme;
- } // {
- symlink.target = removePrefix "symlink:" x.url;
- file.path = # TODO file://host/...
- assert hasPrefix "file:///" x.url;
- removePrefix "file://" x.url;
- }.${scheme} or {};
- }; in f) config.krebs.build.source;
-in out
+}
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 075066961..d04f1cab2 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -7,6 +7,30 @@ with config.krebs.lib;
"viljetic.de" = "regfish";
};
hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) {
+ alnus = {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.21.1";
+ ip6.addr = "42:0:0:0:0:0:0:2101";
+ aliases = [
+ "alnus.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAyDGucukxY1xFSkqDaicpiCXZe3NX1Max7N+E9PKXO2yE0EFoGdUP
+ /4hZFO9IbteDwlsTd/RQIhhUWF818TLWzwasUxgmqBFN4d23IIDLHJxgRZ8cPzAs
+ gmBWwnVWRetDETc6HZK6m2rLU6PG53rRLvheZHW/B9nSfUp7n+puehJdGLnBQ8W+
+ q5d/yUmN8hqS6h62yfAZEJSr7Gh/AW6Irmf3gjKRJlRmD2z28hR5tFH+Q/ulxJXQ
+ rNVzusASjRBO9VYOSWnNWI3Zl9vaUtbtEnvyl3PaV9N3gcHzB2HHlyDIotjqXvxU
+ cPLMN0lWOZeDae/9SDT62l/YuETYQo6TxwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_rsa>;
+ ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
+ };
caxi = {
cores = 2;
extraZones = {
@@ -391,6 +415,9 @@ with config.krebs.lib;
};
};
users = {
+ dv = {
+ mail = "dv@alnus.r";
+ };
mv = {
mail = "mv@cd.r";
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";