summaryrefslogtreecommitdiffstats
path: root/krebs/4lib
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2015-09-27 15:27:00 +0200
committermakefu <github@syntax-fehler.de>2015-09-27 15:27:00 +0200
commit400dab8254aa175213df8f6bd5ed391d80c7d827 (patch)
treebcd035856f0a8da4a80cbbaa897f2605f57e11f8 /krebs/4lib
parent394408c9b715a2dfb6aba560c4db71b78cf46f8d (diff)
parent95f1673f1f50384682815effa675e5ef5c68847e (diff)
Merge remote-tracking branch 'cd/master' into before-merge
Diffstat (limited to 'krebs/4lib')
-rw-r--r--krebs/4lib/infest/1prepare74
-rw-r--r--krebs/4lib/infest/2install-nix57
-rw-r--r--krebs/4lib/infest/3install-nix-tools9
-rw-r--r--krebs/4lib/infest/4finalize65
-rw-r--r--krebs/4lib/types.nix10
5 files changed, 10 insertions, 205 deletions
diff --git a/krebs/4lib/infest/1prepare b/krebs/4lib/infest/1prepare
deleted file mode 100644
index 07c00c3a5..000000000
--- a/krebs/4lib/infest/1prepare
+++ /dev/null
@@ -1,74 +0,0 @@
-#! /bin/sh
-set -efu
-
-prepare() {(
- if test -e /etc/os-release; then
- . /etc/os-release
- case $ID in
- centos)
- case $VERSION_ID in
- 7)
- prepare_centos7 "$@"
- exit
- ;;
- esac
- ;;
- esac
- fi
- echo "$0 prepare: unknown OS" >&2
- exit -1
-)}
-
-prepare_centos7() {
- type bzip2 2>/dev/null || yum install -y bzip2
- type git 2>/dev/null || yum install -y git
- type rsync 2>/dev/null || yum install -y rsync
- if ! getent group nixbld >/dev/null; then
- groupadd -g 30000 -r nixbld
- fi
- for i in `seq 1 10`; do
- if ! getent passwd nixbld$i 2>/dev/null; then
- useradd \
- -c "CentOS Nix build user $i" \
- -d /var/empty \
- -g 30000 \
- -G 30000 \
- -l \
- -M \
- -s /sbin/nologin \
- -u $(expr 30000 + $i) \
- nixbld$i
- rm -f /var/spool/mail/nixbld$i
- fi
- done
-
- #
- # mount install directory
- #
-
- if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then
- mkdir -p /newshit
- mount --bind /newshit /mnt
- fi
-
- if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then
- mkdir -p /mnt/boot
- mount /dev/sda1 /mnt/boot
- fi
-
- mount | grep 'on /mnt\>' >&2
-
- #
- # prepare install directory
- #
-
- mkdir -p /mnt/etc/nixos
- mkdir -m 0555 -p /mnt/var/empty
-
- if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then
- mkdir -p /mnt/root
- mount --bind /root /mnt/root
- fi
-}
-
-prepare "$@"
diff --git a/krebs/4lib/infest/2install-nix b/krebs/4lib/infest/2install-nix
deleted file mode 100644
index 3021c1143..000000000
--- a/krebs/4lib/infest/2install-nix
+++ /dev/null
@@ -1,57 +0,0 @@
-#! /bin/sh
-set -efu
-
-nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2
-nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4"
-
-install-nix() {(
-
- # install nix on host (cf. https://nixos.org/nix/install)
- if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
- (
- verify() {
- printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c
- }
- if ! verify; then
- curl -C - -O "$nix_url"
- verify
- fi
- )
- nix_src_dir=$(basename $nix_url .tar.bz2)
- tar jxf $nix_src_dir.tar.bz2
- mkdir -v -m 0755 -p /nix
- $nix_src_dir/install
- fi
-
- #TODO: make this general or move to 1prepare
- if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then
- mkdir -p /mnt/nix
- mount --bind /nix /mnt/nix
- fi
-
- . /root/.nix-profile/etc/profile.d/nix.sh
-
- for i in \
- bash \
- coreutils \
- # This line intentionally left blank.
- do
- if ! nix-env -q $i | grep -q .; then
- nix-env -iA nixpkgs.pkgs.$i
- fi
- done
-
- # install nixos-install
- if ! type nixos-install 2>/dev/null; then
- nixpkgs_expr='import <nixpkgs> { system = builtins.currentSystem; }'
- nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d)
- nix-env \
- --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \
- --arg pkgs "$nixpkgs_expr" \
- --arg modulesPath 'throw "no modulesPath"' \
- -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \
- -iA config.system.build.nixos-install
- fi
-)}
-
-install-nix "$@"
diff --git a/krebs/4lib/infest/3install-nix-tools b/krebs/4lib/infest/3install-nix-tools
deleted file mode 100644
index 59fa6f14a..000000000
--- a/krebs/4lib/infest/3install-nix-tools
+++ /dev/null
@@ -1,9 +0,0 @@
-#! /bin/sh
-set -efu
-
-install-nix-tools() {(
-
-
-)}
-
-install-nix-tools "$@"
diff --git a/krebs/4lib/infest/4finalize b/krebs/4lib/infest/4finalize
deleted file mode 100644
index d095fa31b..000000000
--- a/krebs/4lib/infest/4finalize
+++ /dev/null
@@ -1,65 +0,0 @@
-#! /bin/sh
-set -eux
-{
- umount /mnt/nix || [ $? -eq 32 ]
- umount /mnt/boot || [ $? -eq 32 ]
- umount /mnt/root || [ $? -eq 32 ]
- umount /mnt || [ $? -eq 32 ]
- umount /boot || [ $? -eq 32 ]
-
- PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
- export PATH
-
- mkdir /oldshit
-
- mv /bin /oldshit/
- mv /newshit/bin /
-
- # TODO ensure /boot is empty
- rmdir /newshit/boot
-
- # skip /dev
- rmdir /newshit/dev
-
- mv /etc /oldshit/
- mv /newshit/etc /
-
- # skip /nix (it's already there)
- rmdir /newshit/nix
-
- # skip /proc
- rmdir /newshit/proc
-
- # skip /run
- rmdir /newshit/run
-
- # skip /sys
- rmdir /newshit/sys
-
- # skip /root
- rmdir /newshit/root
-
- # skip /tmp
- # TODO rmdir /newshit/tmp
-
- mv /home /oldshit/
- mv /newshit/home /
-
- mv /usr /oldshit/
- mv /newshit/usr /
-
- mv /var /oldshit/
- mv /newshit/var /
-
- mv /lib /oldshit/
- mv /lib64 /oldshit/
- mv /sbin /oldshit/
- mv /srv /oldshit/
- mv /opt /oldshit/
-
-
- mv /newshit /root/ # TODO this one shoult be empty
- mv /oldshit /root/
-
- sync
-}
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index f6b4bd8b1..dbffdf850 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -27,6 +27,16 @@ types // rec {
type = with types; attrsOf string;
};
+ infest = {
+ addr = mkOption {
+ type = str;
+ };
+ port = mkOption {
+ type = int;
+ default = 22;
+ };
+ };
+
secure = mkOption {
type = bool;
default = false;