diff options
| author | jeschli <jeschli@gmail.com> | 2018-06-19 09:52:04 +0200 |
|---|---|---|
| committer | jeschli <jeschli@gmail.com> | 2018-06-19 09:52:04 +0200 |
| commit | 324a8615f19c267d67b8a96d8e74b648c875ba04 (patch) | |
| tree | 8f7444a8e69ae254354a83a119d1c62bfaf95989 /krebs | |
| parent | 2a3f60d6fb3cd8d5f1ead4e5ff43fc9364eedad3 (diff) | |
| parent | 8eca9165ce6ffaba1076a916bfa475eb935f0a6f (diff) | |
Merge remote-tracking branch 'origin/staging/jeschli'
Diffstat (limited to 'krebs')
50 files changed, 711 insertions, 624 deletions
diff --git a/krebs/6tests/data/secrets/grafana_security.nix b/krebs/0tests/data/secrets/grafana_security.nix index 0967ef424..0967ef424 100644 --- a/krebs/6tests/data/secrets/grafana_security.nix +++ b/krebs/0tests/data/secrets/grafana_security.nix diff --git a/krebs/6tests/data/secrets/hashedPasswords.nix b/krebs/0tests/data/secrets/hashedPasswords.nix index 0967ef424..0967ef424 100644 --- a/krebs/6tests/data/secrets/hashedPasswords.nix +++ b/krebs/0tests/data/secrets/hashedPasswords.nix diff --git a/krebs/6tests/data/secrets/retiolum.rsa_key.priv b/krebs/0tests/data/secrets/retiolum.rsa_key.priv index e69de29bb..e69de29bb 100644 --- a/krebs/6tests/data/secrets/retiolum.rsa_key.priv +++ b/krebs/0tests/data/secrets/retiolum.rsa_key.priv diff --git a/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix index 963e6db8b..963e6db8b 100644 --- a/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix +++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix diff --git a/krebs/6tests/data/secrets/ssh.id_ed25519 b/krebs/0tests/data/secrets/ssh.id_ed25519 index e69de29bb..e69de29bb 100644 --- a/krebs/6tests/data/secrets/ssh.id_ed25519 +++ b/krebs/0tests/data/secrets/ssh.id_ed25519 diff --git a/krebs/6tests/data/test-config.nix b/krebs/0tests/data/test-config.nix index f0927ddd9..f0927ddd9 100644 --- a/krebs/6tests/data/test-config.nix +++ b/krebs/0tests/data/test-config.nix diff --git a/krebs/6tests/data/test-source.nix b/krebs/0tests/data/test-source.nix index dfc6b3297..dfc6b3297 100644 --- a/krebs/6tests/data/test-source.nix +++ b/krebs/0tests/data/test-source.nix diff --git a/krebs/6tests/default.nix b/krebs/0tests/default.nix index c0ca00296..c0ca00296 100644 --- a/krebs/6tests/default.nix +++ b/krebs/0tests/default.nix diff --git a/krebs/6tests/deploy.nix b/krebs/0tests/deploy.nix index 156e9239f..d96963500 100644 --- a/krebs/6tests/deploy.nix +++ b/krebs/0tests/deploy.nix @@ -3,7 +3,7 @@ import <nixpkgs/nixos/tests/make-test.nix> ({ ... }: let pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; }; - test-config = <stockholm/krebs/6tests/data/test-config.nix>; + test-config = <stockholm/krebs/0tests/data/test-config.nix>; privKey = '' -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW diff --git a/krebs/1systems/hope/config.nix b/krebs/1systems/hope/config.nix deleted file mode 100644 index c19b210c5..000000000 --- a/krebs/1systems/hope/config.nix +++ /dev/null @@ -1,41 +0,0 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let - - ip = config.krebs.build.host.nets.internet.ip4.addr; - bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1"; - -in { - imports = [ - <stockholm/krebs> - <stockholm/krebs/2configs> - <stockholm/krebs/2configs/os-templates/CAC-CentOS-7-64bit.nix> - - <stockholm/krebs/2configs/secret-passwords.nix> - { - users.extraUsers = { - satan = { - name = "satan"; - uid = 1338; - home = "/home/satan"; - group = "users"; - createHome = true; - useDefaultShell = true; - initialPassword = "test"; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.hope; - - networking = let - address = config.krebs.build.host.nets.internet.ip4.addr; - in { - defaultGateway = bestGuessGateway address; - interfaces.enp2s1.ip4 = singleton { - inherit address; - prefixLength = 24; - }; - nameservers = ["8.8.8.8"]; - }; -} diff --git a/krebs/1systems/hope/source.nix b/krebs/1systems/hope/source.nix deleted file mode 100644 index 7121d1d9d..000000000 --- a/krebs/1systems/hope/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "hope"; -} diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 98fb88702..18b751a7e 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -9,16 +9,17 @@ <stockholm/krebs> <stockholm/krebs/2configs> - <stockholm/krebs/2configs/buildbot-all.nix> + <stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/gitlab-runner-shackspace.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix> + <stockholm/krebs/2configs/reaktor-krebs.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; boot.isContainer = true; networking.useDHCP = false; - krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm"; + environment.variables.NIX_REMOTE = "daemon"; } diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix new file mode 100644 index 000000000..dca00a206 --- /dev/null +++ b/krebs/1systems/onebutton/config.nix @@ -0,0 +1,48 @@ +{ config, pkgs, lib, ... }: +{ + # :l <nixpkgs> + # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }) + imports = [ + <stockholm/krebs> + <stockholm/krebs/2configs> + { # flag to rebuild everything yourself: + # environment.noXlibs = true; + + # minimal disk usage + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + documentation.man.enable = false; + documentation.info.enable = false; + services.nixosManual.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; + } + ]; + krebs.build.host = config.krebs.hosts.onebutton; + # NixOS wants to enable GRUB by default + boot.loader.grub.enable = false; + + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + boot.kernelPackages = pkgs.linuxPackages_rpi; + + nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; + nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + swapDevices = [ { device = "/swapfile"; size = 1024; } ]; + services.openssh.enable = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; +} diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix new file mode 100644 index 000000000..8f25881c9 --- /dev/null +++ b/krebs/1systems/onebutton/source.nix @@ -0,0 +1,16 @@ +with import <stockholm/lib>; +let + pkgs = import <nixpkgs> {}; + nixpkgs = pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs-channels"; + rev = "6c064e6b"; # only binary cache for unstable arm6 + sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; + }; +in import <stockholm/krebs/source.nix> { + name = "onebutton"; + override.nixpkgs = mkForce { + file = toString nixpkgs; + }; + +} diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix deleted file mode 100644 index d85cde175..000000000 --- a/krebs/2configs/buildbot-all.nix +++ /dev/null @@ -1,9 +0,0 @@ -with import <stockholm/lib>; -{ lib, config, pkgs, ... }: -{ - networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; - krebs.ci.enable = true; - krebs.ci.treeStableTimer = 1; - krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts); -} - diff --git a/krebs/2configs/buildbot-krebs.nix b/krebs/2configs/buildbot-krebs.nix deleted file mode 100644 index a09b3b98b..000000000 --- a/krebs/2configs/buildbot-krebs.nix +++ /dev/null @@ -1,12 +0,0 @@ -with import <stockholm/lib>; -{ lib, config, pkgs, ... }: -{ - imports = [ - <stockholm/krebs/2configs/repo-sync.nix> - ]; - - networking.firewall.allowedTCPPorts = [ 80 8010 9989 ]; - krebs.ci.enable = true; - krebs.ci.treeStableTimer = 120; - krebs.ci.hosts = [ config.krebs.build.host ]; -} diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix new file mode 100644 index 000000000..04b1c999f --- /dev/null +++ b/krebs/2configs/buildbot-stockholm.nix @@ -0,0 +1,178 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + hostname = config.networking.hostName; + +in +{ + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nginx = { + enable = true; + virtualHosts.build = { + serverAliases = [ "build.${hostname}.r" ]; + locations."/".extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port}; + ''; + }; + }; + + krebs.buildbot.master = { + slaves = { + testslave = "lasspass"; + }; + change_source.stockholm = '' + stockholm_repo = 'http://cgit.prism.r/stockholm' + cs.append( + changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branches=True, + project='stockholm', + pollinterval=10 + ) + ) + ''; + scheduler = { + auto-scheduler = '' + sched.append( + schedulers.SingleBranchScheduler( + change_filter=util.ChangeFilter(branch_re=".*"), + treeStableTimer=60, + name="build-all-branches", + builderNames=[ + "hosts", + ] + ) + ) + ''; + force-scheduler = '' + sched.append( + schedulers.ForceScheduler( + name="hosts", + builderNames=[ + "hosts", + ] + ) + ) + ''; + }; + builder_pre = '' + # prepare grab_repo step for stockholm + grab_repo = steps.Git( + repourl=stockholm_repo, + mode='full', + ) + ''; + builder = { + hosts = '' + from buildbot import interfaces + from buildbot.steps.shell import ShellCommand + + class StepToStartMoreSteps(ShellCommand): + def __init__(self, **kwargs): + ShellCommand.__init__(self, **kwargs) + + def addBuildSteps(self, steps_factories): + for sf in steps_factories: + step = interfaces.IBuildStepFactory(sf).buildStep() + step.setBuild(self.build) + step.setBuildSlave(self.build.slavebuilder.slave) + step_status = self.build.build_status.addStepWithName(step.name) + step.setStepStatus(step_status) + self.build.steps.append(step) + + def start(self): + props = self.build.getProperties() + hosts = json.loads(props.getProperty('hosts_json')) + for host in hosts: + user = hosts[host]['owner'] + + self.addBuildSteps([steps.ShellCommand( + name=str(host), + env={ + "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + }, + command=[ + "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", + "--user={}".format(user), + "--system={}".format(host), + "--force-populate", + "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user), + ]) + ], + timeout=90001, + workdir='build', # TODO figure out why we need this? + )]) + + ShellCommand.start(self) + + + f = util.BuildFactory() + f.addStep(grab_repo) + + f.addStep(steps.SetPropertyFromCommand( + env={ + "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", + "NIX_REMOTE": "daemon", + }, + name="get_hosts", + command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """ + with import <nixpkgs> {}; + let + eval-config = cfg: + import <nixpkgs/nixos/lib/eval-config.nix> { + modules = [ + (import cfg) + ]; + } + ; + + system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here + + ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts; + + filtered-attrs = lib.mapAttrs ( n: v: { + owner = v.owner.name; + }) ci-systems; + + in filtered-attrs + """], + property="hosts_json" + )) + f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here + + bu.append( + util.BuilderConfig( + name="hosts", + slavenames=slavenames, + factory=f + ) + ) + ''; + }; + enable = true; + web.enable = true; + irc = { + enable = true; + nick = "build|${hostname}"; + server = "irc.r"; + channels = [ "noise" "xxx" ]; + allowForce = true; + }; + extraConfig = '' + c['buildbotURL'] = "http://build.${hostname}.r/" + ''; + }; + + krebs.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "lasspass"; + packages = with pkgs; [ gnumake jq nix populate ]; + }; +} diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 90aaa254a..7b970923d 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -50,6 +50,7 @@ with import <stockholm/lib>; users.extraUsers.root.openssh.authorizedKeys.keys = [ # TODO config.krebs.users.lass.pubkey + config.krebs.users.lass-mors.pubkey config.krebs.users.makefu.pubkey # TODO HARDER: config.krebs.users.makefu-omo.pubkey diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index 63848c234..a3f39b40e 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -2,6 +2,7 @@ { krebs.newsbot-js.news-spam = { + urlShortenerHost = "go.lassul.us"; feeds = pkgs.writeText "feeds" '' [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews @@ -93,7 +94,7 @@ [SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews [SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei [SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews - [SPAM]painload|https://github.com/krebscode/painload/commits/master.atom|#snews + [SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews [SPAM]phys|http://phys.org/rss-feed/|#snews [SPAM]piraten|https://www.piratenpartei.de/feed/|#snews [SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews @@ -120,7 +121,7 @@ [SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews [SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews [SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews - [SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews + [SPAM]shackspace|http://shackspace.de/atom.xml|#snews [SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews [SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews [SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 2628c7986..6c59f4d84 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -8,15 +8,15 @@ ethereum|http://blog.ethereum.org/feed|#news LtU|http://lambda-the-ultimate.org/rss.xml|#news mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news - painload|https://github.com/krebscode/painload/commits/master.atom|#news + painload|https://github.com/krebs/painload/commits/master.atom|#news reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news reddit_nix|http://www.reddit.com/r/nixos/.rss|#news - shackspace|http://blog.shackspace.de/?feed=rss2|#news + shackspace|http://shackspace.de/atom.xml|#news tinc|http://tinc-vpn.org/news/index.rss|#news vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news weechat|http://dev.weechat.org/feed/atom|#news xkcd|https://xkcd.com/rss.xml|#news - painload|https://github.com/krebscode/painload/commits/master.atom|#news + painload|https://github.com/krebs/painload/commits/master.atom|#news ''; }; } diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix index 6b17b457d..fa51b84f0 100644 --- a/krebs/2configs/reaktor-krebs.nix +++ b/krebs/2configs/reaktor-krebs.nix @@ -13,13 +13,8 @@ with import <stockholm/lib>; }; plugins = with pkgs.ReaktorPlugins; [ sed-plugin - wiki-todo-add - wiki-todo-done - wiki-todo-show - ]; + ] ++ + (attrValues (todo "agenda")) + ; }; - services.nginx.virtualHosts."lassul.us".locations."/wiki-todo".extraConfig = '' - default_type "text/plain"; - alias /var/lib/Reaktor/state/wiki-todo; - ''; } diff --git a/krebs/2configs/reaktor-retiolum.nix b/krebs/2configs/reaktor-retiolum.nix index 144b7d484..b32d39b7e 100644 --- a/krebs/2configs/reaktor-retiolum.nix +++ b/krebs/2configs/reaktor-retiolum.nix @@ -10,6 +10,8 @@ with import <stockholm/lib>; }; plugins = with pkgs.ReaktorPlugins; [ sed-plugin - ]; + ] ++ + (attrValues (todo "agenda")) + ; }; } diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 828b6cd70..44176a341 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -2,8 +2,56 @@ with import <stockholm/lib>; let + pkg = pkgs.stdenv.mkDerivation { + name = "worlddomination-2018-04-21"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/worlddomination/"; + rev = "1b32403b9"; + sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + LinkHeader + aiocoap + grequests + paramiko + python + ])) + ]; + installPhase = '' + install -m755 -D backend/push_led.py $out/bin/push-led + install -m755 -D backend/loop_single.py $out/bin/loop-single + # copy the provided file to the package + install -m755 -D backend/wd.lst $out/${wdpath} + ''; + }; pythonPackages = pkgs.python3Packages; # https://github.com/chrysn/aiocoap + grequests = pythonPackages.buildPythonPackage rec { + pname = "grequests"; + version = "0.3.1"; + name = "${pname}-${version}"; + + src = pkgs.fetchFromGitHub { + owner = "kennethreitz"; + repo = "grequests"; + rev = "d1e70eb"; + sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc"; + }; + + doCheck = false; + + propagatedBuildInputs = with pythonPackages; [ requests gevent ]; + + meta = with lib;{ + description = "Asynchronous HTTP requests"; + homepage = https://github.com/kennethreitz/grequests; + license = with licenses; [ bsd2 ]; + maintainers = with maintainers; [ matejc ]; + }; + }; + aiocoap = pythonPackages.buildPythonPackage { name = "aiocoap-0.3"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; @@ -25,32 +73,9 @@ let description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; }; }; - pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2017-06-10"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/worlddomination/"; - rev = "72fc9b5"; - sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - LinkHeader - aiocoap - requests - paramiko - python - ])) - ]; - installPhase = '' - install -m755 -D backend/push_led.py $out/bin/push-led - install -m755 -D backend/loop_single.py $out/bin/loop-single - # copy the provided file to the package - install -m755 -D backend/wd.lst $out/${wdpath} - ''; - }; wdpath = "/usr/worlddomination/wd.lst"; esphost = "10.42.24.7"; # esp8266 + afrihost = "10.42.25.201"; # africa timeout = 10; # minutes in { systemd.services.worlddomination = { @@ -64,4 +89,16 @@ in { PermissionsStartOnly = true; }; }; + + systemd.services.worlddomination-africa = { + description = "run worlddomination africa"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; } diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix deleted file mode 100644 index bb19f0602..000000000 --- a/krebs/3modules/ci.nix +++ /dev/null @@ -1,192 +0,0 @@ -{ config, pkgs, ... }: -with import <stockholm/lib>; -let - cfg = config.krebs.ci; - - hostname = config.networking.hostName; -in -{ - options.krebs.ci = { - enable = mkEnableOption "krebs continous integration"; - stockholmSrc = mkOption { - type = types.str; - default = "http://cgit.${hostname}.r/stockholm"; - }; - treeStableTimer = mkOption { - type = types.int; - default = 10; - description = "how long to wait until we test changes (in minutes)"; - }; - hosts = mkOption { - type = types.listOf types.host; - default = []; - description = '' - List of hosts that should be build - ''; - }; - tests = mkOption { - type = types.listOf types.str; - default = []; - description = '' - List of tests that should be build - ''; - }; - }; - - config = mkIf cfg.enable { - services.nginx = { - enable = true; - virtualHosts.build = { - serverAliases = [ "build.${hostname}.r" ]; - locations."/".extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port}; - ''; - }; - }; - - krebs.buildbot.master = { - slaves = { - testslave = "lasspass"; - }; - change_source.stockholm = '' - stockholm_repo = '${cfg.stockholmSrc}' - cs.append( - changes.GitPoller( - stockholm_repo, - workdir='stockholm-poller', branches=True, - project='stockholm', - pollinterval=10 - ) - ) - ''; - scheduler = { - build-scheduler = '' - sched.append( - schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=${toString cfg.treeStableTimer}*60, - name="build-all-branches", - builderNames=[ - ${optionalString (cfg.hosts != []) ''"hosts",''} - ${optionalString (cfg.tests != []) ''"tests",''} - ] - ) - ) - ''; - force-scheduler = '' - sched.append( - schedulers.ForceScheduler( - name="force", - builderNames=[ - ${optionalString (cfg.hosts != []) ''"hosts",''} - ${optionalString (cfg.tests != []) ''"tests",''} - ] - ) - ) - ''; - }; - builder_pre = '' - # prepare grab_repo step for stockholm - grab_repo = steps.Git( - repourl=stockholm_repo, - mode='full' - ) - - # prepare addShell function - def addShell(factory,**kwargs): - factory.addStep(steps.ShellCommand(**kwargs)) - ''; - builder = { - hosts = mkIf (cfg.hosts != []) '' - f = util.BuildFactory() - f.addStep(grab_repo) - - def build_host(user, host): - addShell(f, - name="{}".format(host), - env={ - "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - }, - command=[ - "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", - "--user={}".format(user), - "--system={}".format(host), - "--force-populate", - "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user), - ]) - ], - timeout=90001 - ) - - ${concatMapStringsSep "\n" (host: - "build_host(\"${host.owner.name}\", \"${host.name}\")" - ) cfg.hosts} - - bu.append( - util.BuilderConfig( - name="hosts", - slavenames=slavenames, - factory=f - ) - ) - ''; - tests = mkIf (cfg.tests != []) '' - f = util.BuildFactory() - f.addStep(grab_repo) - - def run_test(test): - addShell(f, - name="{}".format(test), - env={ - "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", - "NIX_REMOTE": "daemon", - "dummy_secrets": "true", - }, - command=[ - "nix-build", "-I", "stockholm=.", "krebs/6tests", - "-A", "{}".format(test) - ], - timeout=90001 - ) - - ${concatMapStringsSep "\n" (test: - "run_test(\"${test}\")" - ) cfg.tests} - - bu.append( - util.BuilderConfig( - name="tests", - slavenames=slavenames, - factory=f - ) - ) - ''; - }; - enable = true; - web.enable = true; - irc = { - enable = true; - nick = "build|${hostname}"; - server = "irc.r"; - channels = [ "xxx" "noise" ]; - allowForce = true; - }; - extraConfig = '' - c['buildbotURL'] = "http://build.${hostname}.r/" - ''; - }; - - krebs.buildbot.slave = { - enable = true; - masterhost = "localhost"; - username = "testslave"; - password = "lasspass"; - packages = with pkgs; [ gnumake jq nix populate ]; - }; - - }; -} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6fe01e466..afc96e9ee 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -13,7 +13,6 @@ let ./buildbot/master.nix ./buildbot/slave.nix ./build.nix - ./ci.nix ./current.nix ./exim.nix ./exim-retiolum.nix diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 1e626f0a0..a938f8ec9 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -30,38 +30,6 @@ let }); in { hosts = { - hope = { - ci = true; - owner = config.krebs.users.krebs; - nets = { - internet = { - ip4.addr = "45.62.225.18"; - aliases = [ - "hope.i" - ]; - ssh.port = 45621; - }; - retiolum = { - ip4.addr = "10.243.77.4"; - ip6.addr = "42:0:0:0:0:0:77:4"; - aliases = [ - "hope.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5 - uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a - 2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4 - A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK - fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC - K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/"; - }; hotdog = { ci = true; owner = config.krebs.users.krebs; @@ -91,6 +59,37 @@ in { ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; }; + onebutton = { + cores = 1; + owner = config.krebs.users.krebs; + nets = { + retiolum = { + ip4.addr = "10.243.0.101"; + ip6.addr = "42:0:0:0:0:0:0:101"; + aliases = [ + "onebutton.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA11w6votRExwE0ZEiQmPa + 9WGNsMfNAZEd14iHaHCZH7UPQEH+cH/T6isGPpaysindroMnqFe9mUf/cdYChb6N + aaFreApwGBQaJPUcdy4cfphrFpzmOClpOFuFbnV7ZvAk/wefBad3kUzsq/lK4HvB + 7nPKeOB9kljphLrkzuLL/h2yOenMpO2ZdvwxyWN8HKmUNgvpBQjIr+Hka6cgy7Gp + pBVFHfSnad/eHeEvq91O/bHxrAxzH5N5DVagPDpkbiWYGl+0XVGP/h0CApr15Ael + +j2pJYc0ZlaXIp4KmNRqbd/fLe52JLrWbnFX4rRuY/DhoMqK8kjECEZ7gLiNSpCC + KlnlJ2LXX9c+d79ubzl5yLAJ3d6T4IJqkbAWJDuCrj821M9ZDk/qZwerayhrrvkF + tMYkQoGSe8MvSOU0rTEoH5iSRwDC7M0XzUe4l8/yZLFyD4Prz/dq6coqANfk/tlE + DnH3vDu9lmFvYrLcd6yDWzFfI3mWDJoUa6AKKoScCOaCkRfIM4Aew0i73+h1nJLO + 59AAbZIkDYyWs53QniIG4EQteI9y/9j/628nPAVj68V5oIN76RDXfFHWDWq4DxmU + PpGVmoIKcKZmnl7RrDomRVpuGMdyQ+kCzIGH3XYe12v8Y5beHZBrd3OajgHZ/Tfp + jP873cT6h0hsGm9glgOYho8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe "; + }; puyak = { ci = true; owner = config.krebs.users.krebs; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0c3e68c39..fd74983fa 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -9,6 +9,7 @@ with import <stockholm/lib>; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; ci = true; + monitoring = true; }) { dishfire = { cores = 4; @@ -43,39 +44,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; }; - echelon = { - cores = 2; - nets = rec { - internet = { - ip4.addr = "64.137.242.41"; - aliases = [ - "echelon.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.206.103"; - ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763"; - aliases = [ - "echelon.r" - "cgit.echelon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ - oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX - MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f - 4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA - n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p - do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; - }; prism = rec { cores = 4; extraZones = { @@ -86,14 +54,18 @@ with import <stockholm/lib>; "lassul.us" = '' $TTL 3600 @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) - 60 IN NS ns16.ovh.net. - 60 IN NS dns16.ovh.net. - 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN TXT v=spf1 mx a:lassul.us -all - cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - io 60 IN NS ions.lassul.us. - ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN NS ns16.ovh.net. + 60 IN NS dns16.ovh.net. + 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN TXT v=spf1 mx a:lassul.us -all + 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) + default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + io 60 IN NS ions.lassul.us. + ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { @@ -149,6 +121,7 @@ with import <stockholm/lib>; }; domsen-nas = { ci = false; + monitoring = false; external = true; nets = rec { internet = { @@ -161,6 +134,7 @@ with import <stockholm/lib>; }; }; uriel = { + monitoring = false; cores = 1; nets = { gg23 = { @@ -399,10 +373,12 @@ with import <stockholm/lib>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; iso = { + monitoring = false; ci = false; cores = 1; }; sokrateslaptop = { + monitoring = false; ci = false; external = true; nets = { @@ -426,6 +402,7 @@ with import <stockholm/lib>; }; }; turingmachine = { + monitoring = false; ci = false; external = true; nets = { @@ -454,6 +431,7 @@ with import <stockholm/lib>; }; }; eddie = { + monitoring = false; ci = false; external = true; nets = rec { @@ -494,6 +472,7 @@ with import <stockholm/lib>; }; }; borg = { + monitoring = false; ci = false; external = true; nets = { @@ -521,6 +500,7 @@ with import <stockholm/lib>; }; }; inspector = { + monitoring = false; ci = false; external = true; nets = rec { @@ -552,6 +532,7 @@ with import <stockholm/lib>; }; }; dpdkm = { + monitoring = false; ci = false; external = true; nets = rec { @@ -659,9 +640,76 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; }; + red = { + monitoring = false; + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.13"; + ip6.addr = "42:0:0:0:0:0:0:12ed"; + aliases = [ + "red.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG + 4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF + Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI + phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0 + FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox + TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa + mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w + oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE + cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ + 7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa + 5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW + ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; + }; + blue = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.77"; + ip6.addr = "42:0:0:0:0:0:0:77"; + aliases = [ + "blue.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA28b+WMiQaWbwUPcJlacd + QwyX4PvVm9WItPmmNy+RE2y0Mf04LxZ7RLm5+e0wPuhXXQyhZ06CNd6tjeaKfXUc + sNeC1Vjuh1hsyYJLR5Xf/YRNJQKoaHjbkXGt+rSK7PPuCcsUPOSZSEAgHYVvcFzM + wWE4kTDcBZeISB4+yLmPIZXhnDImRRMEurFNRiocoMmEIu/zyYVq8rnlTl972Agu + PMGo1HqVxCouEWstRvtX5tJmV8yruRbH4tADAruLXErLLwUAx/AYDNRjY1TYYetJ + RoaxejmZVVIvR+hWaDLkHZO89+to6wS5IVChs1anFxMNN6Chq2v8Bb2Nyy1oG/H/ + HzXxj1Rn7CN9es5Wl0UX4h9Zg+hfspoI75lQ509GLusYOyFwgmFF02eMpxgHBiWm + khSJzPkFdYJKUKaZI0nQEGGsFJOe/Se5jj70x3Q5XEuUoQqyahAqwQIYh6uwhbuP + 49RBPHpE+ry6smhUPLTitrRsqeBU4RZRNsUAYyCbwyAH1i+K3Q5PSovgPtlHVr2N + w+VZCzsrtOY2fxXw0e+mncrx/Qga62s4m6a/dyukA5RytA9f6bBsvSTqr7/EQTs6 + ZEBoPudk7ULNEbfjmJtBkeG7wKIlpgzVg/JaCAwMuSgVjrpIHrZmjOVvmOwB8W6J + Ch/o7chVljAwW4JmyRnhZbMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv"; + }; }; - users = { - lass = { + users = rec { + lass = lass-blue; + lass-blue = { + mail = "lass@blue.r"; + pubkey = builtins.readFile ./ssh/blue.rsa; + pgp.pubkeys.default = builtins.readFile ./pgp/blue.pgp; + }; + lass-mors = { mail = "lass@mors.r"; pubkey = builtins.readFile ./ssh/mors.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp; @@ -686,6 +734,7 @@ with import <stockholm/lib>; lass-icarus = { mail = "lass@icarus.r"; pubkey = builtins.readFile ./ssh/icarus.rsa; + pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp; }; lass-xerxes = { mail = "lass@xerxes.r"; diff --git a/krebs/3modules/lass/pgp/blue.pgp b/krebs/3modules/lass/pgp/blue.pgp new file mode 100644 index 000000000..e7a1ac0e1 --- /dev/null +++ b/krebs/3modules/lass/pgp/blue.pgp @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFr9fAEBEACz2E2E7uBulVBBtPmk9IR2yB+uAWSe8Hi7vNiGc1Dbs40jzWuy +AqouqyC5xnVw66+cQaYOsgXiwencmu/cFEV2x2uRLDVh1E/fvc8yxAOizEIY0jm/ +WZ/4IWvTZLVPF3BOhM4p/HGNbdZhRc4RoljLTB34VuY1KSMhs3Vx7n3HgZzdbD7D +itUFU4oY5CnkQp4yl1Htat08cZmbD51VTZB1hDw2Uea+VuMQ/ImRtTqW+Ss4xyPA +DwUE/vRM3CKwBvcjbNL3uUqc5dtZuvruuFeK3ScmdNLytcgXqJzLlwuzHmSt/Tnc +DQZWKGiHnMvrAOkMEvsmiKhboWSAq4sRUPhISqZ7MSvPfhaH5Gcmhi+hL8FZhGY0 +qF7MNLHoimw6MBV6FIIA0vCDn2p5Vwc7L+LqLjWqAvxdfVoeUJjUWbWWNNWg4Tw7 +9e7rAR86e4AvhCZRubRn1aOfKGF5vg/El98OeIwBFQHpr7uznKfjmAEpoGveV+vG +amptMCBAr4Hw76U708XWOQkZ2GDY9cfdxUllhAmmPrNQ/OcT2b4x0xKvMi4nA5G8 +PBOFErkS61zNxsHgpFe2isG+VDqYLfeQhOdB101Qn6IHw3KxyW85CwImUpdRLMUi +0wtcA7M5GB94HRZ8qW6LtFBjwqm2NGudB0alfIWIq7KuRMXus3sJKQ2gDQARAQAB +tBlsYXNzQGJsdWUuciA8bGFzc0BibHVlLnI+iQJOBBMBCAA4FiEEuOpc8JA44Pd5 +NXyK8UJeZkL6H7wFAlr9fAECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ +8UJeZkL6H7ygPQ/+JydbB0IX64ojm34YaeWKVdM5D7JFBdNuKgbAMf0Uhcja6YcU +0YRvuOPpw4lNZqV/1yxDXGHJrVfGolq6uz28oWr+9VUD8QXH9ODm1EMLsU8Jb1Nh +SE+rWSAhEmdw8l9Bi12wq4v/z/JC93/VJLnBGOL8LDEsJ9OatUw71KIt/a50ERoz +uCZbMeLPym8WqSK1kjQehL5pj97BzxmBNpFYwqaniTAuqTN6bhs2ws+k89vjaWIP +T+bEqsJV/vR9KZcNlmKlTQwbsjQ1BZ9EuV4EBL6IAMrqxDeY3mFnT+EpkabfIVSh +38KmG+4PZDXaj6rCsrsH2pUKaZ/Z6Mr3lmFb/1aaK3xKiQyxcMrbcixIIVI8ihTM +HUC3DFFlA7+02b67QomWFLRiZid4gCry7xhZyryQJkN2l20fzRjWf0myzcPO0qxc +y39gUyEqy1oeaffCc1QgDJH2Hvf+P9StyMZIulNuCKJ9tfQR5nkkDAy/2p405Lmf +mdKOMha6bZ+mA5HbmjMqwyFPHEtU6t/mUhlh7mYqNYAJikuqV00N6nTKVrBb2IfK +atoHeUcmvMWBGL7+x3zxwf2pnum6a5iDES2ir87ltOGKGDeMt2Y/Ap30P+uZGnn1 +AiRu2bGkCiQ/WH1StJhAhJeleUfdbOa7/voc14nl3rewqyhqYd8dlI+TWAu5Ag0E +Wv18AQEQAOFMwY2ky5TyRrDqJosq0y/9+8D6RiXlyOnyTQ+bqu4mDEaVu3xNcKLH +CQsTM7gDR9pivapoDo84CK8w519DHCA2EpNGTDO4twcQ3jKqPth809LnibwdKJCe +qsfxsIfN8LbpKDOygZ2av11gcT0ye9uOMkiiRSE2MMGDU/50sskecavUAExDgwFs +v72ReU3fXRfTqYT6p/i/qMB7GbS8PlKFz61JKHDceS5GJUZJ5OWOoq7ZMCz6zrLW +2mQIJ7kblGCJKUnx/lZ5y9nqSCk7jer2qENxWNPOCwD48A78u1Bz8xSN5D1gFO3f +YSKh60kK5UljwkvRD7NvAcg2ifwL1e+/7v8WV9OsHDUBEiJO05tsjJ76QwHnEq6j +4peArcTAHWZ4uGncAgYN/Uii+0vs3oVDsZ9d2uLJxuR3h6T4XVejeuZ3j3o/XX/E +aZwcdH3VpKqEjdG4c4TMz96bN7ZN2DbgTf40rwPFKgWnvhCA9dWlmfy9pW2z2hyg +rJaRGXd/4znj5YlMliDrL4/Yp9j1J1CsoZM68er6/zMU1SA9U/y+MVqMoPCPlczx +mbwWQm1JH6fZv2SzHbZOrZYWKVWX+jPZQV6SjKwSiVrLlZJ0Z8u00HBRRRzXLwXa +OLL/dGP1v+msMv1oCJT1AsMcBEE3bY1efnDP1XK8vBLzoMKGS1RtABEBAAGJAjYE +GAEIACAWIQS46lzwkDjg93k1fIrxQl5mQvofvAUCWv18AQIbDAAKCRDxQl5mQvof +vOC1D/wO+tGKz/y5dc/ifJGTndxoHnU8tarboDll0kcdpTGU7It+ReNustqJZj5v +HK4V/ZXUw5+y6ZasNa/mFYY8oACOI40SlMdyt708XfPqYKXOpnM0oGRGfALi+oKg +iIzYtXsqYk5ZYSFWpgxajHef9HMmHNJ8riSVRugUPubPMKPR65DOXl+BdVIlQw7o +2g3s4Lii0IRKov3BvB51oJMhRK2Ne55VDBid32oIoqXLXS2E2gJQegioAiDUA5J4 +1f96RCeYfxOgaPj/o4eiXK0H3owA3W78/tIjq5218PCIYFsOKPhrSqJ7ZF/5yGwW +ppVzsaz1sE9oULR0VOFUwjpYmyH32WwKkLF6mKumb8Q7Pd/FJq0I3/kxD/OrlNVZ +8UCX0CzxMyfEeSUfScunKLMfopEGxXTR4l8jew7CwxX08H0nkqyegDZSN8MjYxQL +V/zoL+aPjYh1WYf1L8wyBZjQbA6khHwYRZPaHrGfGaCGC8MHiSjPb/nt54+vZXtt +17LcX4VvHwWIBf88JpZO9eyTFPdYIZANSyo6ltbRoomuAywuA5IibCwh/BXi/aVa +Jro4UvbiwMqbVgSAt15VAwEK1Re/NNLBTcVVMHsWr5WNmo0s2C7+j+iIMPEOwhRs +ZFj74cztyOF/dGeCv9ycW29g+ejXaPpFOYQz0A9bBdkEdTGWhQ== +=D854 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/pgp/icarus.pgp b/krebs/3modules/lass/pgp/icarus.pgp new file mode 100644 index 000000000..f41478a09 --- /dev/null +++ b/krebs/3modules/lass/pgp/icarus.pgp @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFpqAGEBEADWiwVYVFXuK9kM7Y1XFL70jb2ZAZBRIpcZF81URMDFhm6ulvHq +fEhXTpiKKmfnv5Mz6r6wAWLJFKOKZuEvg8NwplRrlBHMkR3iEx4+7sP/dVey7U6f ++gI61ytFHTOKr52gstPVdXO3xhNmdrAI1hFuF2DxoXKloz8tPP92dZcCdm7+5C+2 +KSYEBrIp/Zv1cjkbAFwek5y4ut65sBh/VM+RhSLbqwzyCxwfBE9QAJdIEiSmChql +Lcz6CToYrdXhOY0ykx+QhT092k/6Xh66JeZ63WVHGrF+SSabq5NNcbWi7EISioHd +N6JXZmbXMpS/BxgMe145e3mWnd3KOSeOxaiORqev8VOycjRQJfSm8Ky+GtWIyxp7 +rwEHbY8vlG2X9RMW5UxVmSRPWLykZoX0Xvmnrpwcohb5WdkuCp9NjqF0gDswU8do +bCqASfeWBvJAQkoAlMLU7YH+ymmeQcSVdLy4Jpv1fk5FocQBihTBnC1+ztt7Rm8m +8VGEpH1h174/z4Xn+bCkRZqopl9GlvpilLT8m8N8jdL7QLZJlQwrHVtima8Rg3XZ +TriW1Ha/NxHZ8nN7pbisqXHCrJB0szzu++yVeQ7Ebr7HA0tIHqDhqVR0s6a1g5AX +JYI8vCErowhvPf+BVCUYfmh5dJAY6tt9zrvCneaZ7ogPzOH9kRnZXYi7ZQARAQAB +tBZpY2FydXMgPGxhc3NAaWNhcnVzLnI+iQJOBBMBCAA4FiEEbimq9dgDayT9DrQy +FSODpr2bDFMFAlpqAGECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQFSOD +pr2bDFNVohAAiY6Pp4whrAIKwNkzqLkUl2SyQCVSGOce906jthKSixdfaUORZPdD +AnyYUmPyVpWxKYjZl7IfmDDo7D6m21tP8FxCRK8/oYAtz3uRK5b5sb0/5YR77O9+ +s65sNhU8jiHetUEHQ0Z9UJKfm1DpanJ37uIhVcye8BC8OuSD0v0s+hZ+2ZaN1qdn +qqCkujAILxOWo1ZDqpXfHaV11AotzlgyYmxlXzClsLB0SGhU7HUZesKETn3JUmrV +88kkpug8gn9MpTSPDIWsTeNUWpNhqdDRA+2TUygtpQSKzJC8sdkFaWkMrH3cF6wA +BZ+4tS2mRMQWq9BNMK+xnkWPvYO9e6v4ddXtlcVgGTUhSo+opCXza3dcXE5Xbv8x +a1T5HJSV0HQPTrlAUoXZveu7ZgYVO5SOTCm1jBNKX8WCmvO6yJRalxo9N/d6gswq +tKAGm9tlXpTXnG6tvebmSxjzjVwjbQMDJGy4Cj4bw0GGCdapDFrPidUDY/INmU7D +TWtNsAJlJRuu7ddxIVTspZ7rmDBAOhYzXxGuU3ntZFTiFm9BpCmHYWpeQ5EKuxhJ +mgxzC9wKDoS8NRKwt5ak/mX0vpXkJjF2Lrza0wCAZ1ZYWFNaehEwhNT51s9kZIi3 +w1v2z8xmu7VDq/n2sMRtMe7MVIOh1Nu7l/5Uqeb+EYnEc1NGZsFxcYK5Ag0EWmoA +YQEQALMaaF9HeDpeqDjDpxanjjIz4YXMZoMkXwrLS/Rn2mobG5lJzxU+1AkwXxTD +K45A0YHWsnAH1S8V9Gx+NlUMS/S/m9BruSXNohUKARIJLbltEM/EufOThjgfhW0Y +cLorZ1kOSZvORR9+Ctuq/RcvGFwyLB/4OpcGHUezTIcAkLUo0lKPS4HtT2ogSUIx +UstAMwEOSQIDR6sDDiS0BXNdlkKK6daLpH+snQMGP+ILAyRHGu1MlYkACDQZa5aP +9vpany7zC9Ls7vaewCevZCUJfs00VF72pdCRdBV8oPQqwPfhS+uSCV58WwWCqHTq +8PtxCVVzQdngOvScRvjrijtzlseyyTW3w9DPoDsQ16oM3y0kcnnv2hdfTVuv4+YK +9fVRIrWEAlU3cxud7iws9+vUO9GwyWy+epFLiCgNgJR/RVIIjcHUExn/XAcFStjw +QtW+3BxjYmdJpsh5wvmMJSMZDJFMEdKYPm4RI7ZfKVwl6yFeJt3hNkLxxF7k2fXB +84pIvl03hXA3tRQ5t46wS7L2EPlWT00+MCraczvbIS+SX1nCp4ZXLBs0YmicioBS +Os0zEtVs+80eWMf86MTT7YLwre4t+QRbM/RyIvJFTqBT3ad7/7ZMyEuVJBwDJlpx +LGwZGa6zwnbzcf8Us4kAIRzQoK8VOg/xC/ymJYCk3oJCKD9RABEBAAGJAjYEGAEI +ACAWIQRuKar12ANrJP0OtDIVI4OmvZsMUwUCWmoAYQIbDAAKCRAVI4OmvZsMU1vw +EACDJDmZR5BIPxwr9+1Z5ZgT7XcBUbu4F2w84J3xqCUYqcti6I4lSMtxfw94crMp +HoexOVOhvoTneIliv0a4ZSu84u4CGoFn4M7RA0Ka1SVvbuasXf57sVwRptXjr3LL +f/0olra5rkIyZbsvKm0g2N/bfmCfmtOClFDst2yK/FovW5PJBRx2mT38qBhHG8j2 +P7zG0/vO846FxjAGvOMGlEVGmN+R9BeecomOKsKgvUbsycAwzZi/2vWAUGbJBYjx +Yd+K8wjPE8g5CumxaLSH/dlY/0BOZygjank+aHLrwMtNnplYVJmmqDhdbgwN6DDk +cCQNLQyk61IdhtZ7UzJyFTkXnXiirrO4WzL6GJjunNzvcTUAU5vNiG+2he1GdxZF +WiLRrcC+oIMWVST8fNRwJZU+Ibw/UIfEV/rHau0fJlxZatks7Qd8gjxSHIyElUVj +CYrizbFPZ85IhkCirX2tvhycK/nseAYjDuJkJIp3Io0sl3cQ9M8Kx790LUbYzNC4 +bZn8vA1YwTr1ny3+vEhMhaaVSTeVrWYV8023kwzcLRWra7F1hJcc9+LNmqHvXR67 +uBW2KPIrXKrjJmGkMVBSrf9PJu5jNfvCWOntck7C7xOWoUcgyt3uTpP7FkHVdolh +HFNPouS3w0HoB20zdCpmyFNs6Rjhey2r5JIttd6ATVRVYA== +=gJia +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/blue.rsa b/krebs/3modules/lass/ssh/blue.rsa new file mode 100644 index 000000000..c0bf9b817 --- /dev/null +++ b/krebs/3modules/lass/ssh/blue.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHYLHcHSumTUr0jTu1XmmwRMqjLHYvo4AYuEg1QdishDbwU5KCqarSf7sxLTjeBgOugHP/oJZclin+e9GTQ5hlBEtc26IVQqirNVD1BCZrt/y5ok0p8p+2Rhzh89kfRI6Etp+8cPbot4h3Vg6tY57icKn3visaMdH0cI2pAQbPWwSY+cmyXU5cfcFC8ahcZpEgth4ycC5yM/qdHxZek2wN+58ApgjEjuvTD6y4iXqdWmqHVoGaeNV7OFiiKVaYoJND1igHLNw2VEQR5aPsmc8gadBtGIQb43YqObNBDWwMjvozmQVFPycMmMTDwA1n+IWxvwz34KEzyw5jQShUTCRDji4vK58WfC16fPLbW+ohCe+9Yyg7TRdjDFA5jTA3rFM7tZS8EhpLgyHupNi1GbUVmeyhqTdWp+H66u5zTzC5Q/PYOk1M0D/X/C6dXyIcB4lLr9mDTGvS1aOZVZJuDF4pLyI2oZzaySALjcofCJyNpBBUtUXHsiT4VNuJExl4XEXjvQKnPKojEzpTsK1rm/ZSa3vBCv0gBbjQ8uU1q86ODIDy35q2GQvsLMkAbduBLeA9m1EdZXLYComSfVLalArw3Q+4vd/FHhoOicVkrwIzcPiYg9uQZm2NrjiBkYlWCdXTFc49ghIDrPXLnwwWqPuZcs430u6Somk8XzuRZBC7ZDdjbiS5D8vQkDThQrmmFPRs+bp1N9VkC+LaBtFnbFaYARF6i2yFUD9YNSEEu2r14u+KGlg5P7ndIkE+BhAOIp4XcHejVFWfvKvYpMRZ4LDVkPIJdmZ4gIIfGbdBNMv1zRsX6O0NOhiEP1pNYb+HdY5R2YYIvtxn1sC/TrjoN3ELAQA9YBszHEaYjvmqHh08/CWCEpgHIagCccYdSzbtM9GsoAcePL4E7kqSZxIfbNjrYQEBEQbu16pj7bMxVhH8QaouOdjiioqr2tBr5HwA05HP1poGProOzsmJxdph7pb4hJ1P+OEeuwTRIVLudYYl6iBajGW2IdsUo+xGANpuPBpQyB4RajJ4XcXP8K3xVY6x7DfH3DwKfCFAc6KzyADa2xw7/uwBRi2HOyKazkPe5ESYLWY29krqH2tO+IYkgm5tAEkf79j4R9aCeZe/HyjPDlSPZ2NwAZpWKJFkBTveiwoe2noZSAeVKrcblFN5ic0or+ci+CSbmctce8mbqB7QHEJJh5flLDzBMIuh4eroH/Dp5MBbDqxu/T8yCCRHFz70KXpaIFSGlSIebTRt1Om9+CWTgTp95cM0HrAhZDnN/W9FRdAFsA/IjEJ2Eh3tHpdvFZ3XgIq52MrHJdopQo7KUoOVhJiFCo5L0PcKNRVpMbcCKVk1i9k8jqyM9AVgwGrnijiaafUaFmBIlC/U2FZZ+KRtIyDcIRrnGGKE7DEyhBQ9YavxpOFDDSXuC5aPjMNcSGydGArtDd5+5Yp0YraY0oe6UTuzypsxdI8W6IbePryvEeOXG5b/6YayC2sq+7wRconaa9DU= lass@blue diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e137da7ca..d7a750c6e 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -539,6 +539,7 @@ with import <stockholm/lib>; dl.euer IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} + mon.euer IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index d372081ee..00e346f8e 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -93,6 +93,7 @@ let User = "newsbot-js"; Restart = "always"; ExecStart = "${newsbot.package}/bin/newsbot"; + WatchdogSec = "86400"; }; } ) cfg; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 8dbdc7e65..71670d336 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,30 +32,6 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - kaepsele = { - external = true; - nets = { - retiolum = { - ip4.addr = "10.243.166.2"; - ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d"; - aliases = [ - "kaepsele.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm - QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF - 6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb - JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK - ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf - ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj"; - }; mu = { ci = true; cores = 2; diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index bcfcbf76b..c39e39799 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -120,33 +120,48 @@ rec { url-title = (buildSimpleReaktorPlugin "url-title" { pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; path = with pkgs; [ curl perl ]; - script = pkgs.writeDash "lambda-pl" '' - if [ "$#" -gt 0 ]; then - curl -SsL --max-time 5 "$1" | - perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' - fi + script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" '' + import sys + import urllib.request + from bs4 import BeautifulSoup + + try: + soup = BeautifulSoup(urllib.request.urlopen(sys.argv[1]), "lxml") + title = soup.find('title').string + + if title: + if len(title) > 512: + print('message to long, skipped') + elif len(title.split('\n')) > 5: + print('to many lines, skipped') + else: + print(title) + except: # noqa: E722 + pass ''; }); - wiki-todo-add = buildSimpleReaktorPlugin "wiki-todo-add" { - pattern = "^wiki-todo: (?P<args>.*)$$"; - script = pkgs.writeDash "wiki-todo-add" '' - echo "$*" >> wiki-todo - echo "added todo. check on http://lassul.us/wiki-todo" - ''; - }; - wiki-todo-done = buildSimpleReaktorPlugin "wiki-todo-done" { - pattern = "^wiki-done: (?P<args>.*)$$"; - script = pkgs.writeDash "wiki-todo-done" '' - ${pkgs.gnugrep}/bin/grep -Fvxe "$*" wiki-todo > wiki-todo.tmp - ${pkgs.coreutils}/bin/mv wiki-todo.tmp wiki-todo - echo "thank you for resolving todo: $*" - ''; - }; - wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" { - pattern = "^wiki-show$"; - script = pkgs.writeDash "wiki-show" '' - ${pkgs.coreutils}/bin/cat wiki-todo - ''; + todo = name: { + add = buildSimpleReaktorPlugin "${name}-add" { + pattern = "^${name}-add: (?P<args>.*)$$"; + script = pkgs.writeDash "${name}-add" '' + echo "$*" >> ${name}-todo + echo "added ${name} todo" + ''; + }; + delete = buildSimpleReaktorPlugin "${name}-delete" { + pattern = "^${name}-delete: (?P<args>.*)$$"; + script = pkgs.writeDash "${name}-delete" '' + ${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp + ${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo + echo "removed ${name} todo: $*" + ''; + }; + show = buildSimpleReaktorPlugin "${name}-show" { + pattern = "^${name}-show$"; + script = pkgs.writeDash "${name}-show" '' + ${pkgs.coreutils}/bin/cat ${name}-todo + ''; + }; }; } diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 3cb691f53..e6bafbd25 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -7,7 +7,7 @@ python2Packages.buildPythonApplication rec { patches = []; src = fetchFromGitHub { - owner = "krebscode"; + owner = "krebs"; repo = "buildbot-classic"; rev = version; sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix index 2799241fa..b4ab13b43 100644 --- a/krebs/5pkgs/simple/ejabberd/default.nix +++ b/krebs/5pkgs/simple/ejabberd/default.nix @@ -1,5 +1,5 @@ { stdenv, writeScriptBin, lib, fetchurl, git, cacert -, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps +, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd , withMysql ? false , withPgsql ? false , withSqlite ? false, sqlite @@ -23,17 +23,17 @@ let ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; in stdenv.mkDerivation rec { - version = "17.07"; + version = "18.01"; name = "ejabberd-${version}"; src = fetchurl { url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km"; + sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6"; }; nativeBuildInputs = [ fakegit ]; - buildInputs = [ erlang openssl expat libyaml ] + buildInputs = [ erlang openssl expat libyaml gd ] ++ lib.optional withSqlite sqlite ++ lib.optional withPam pam ++ lib.optional withZlib zlib @@ -50,7 +50,7 @@ in stdenv.mkDerivation rec { configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; - buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; + nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -74,7 +74,7 @@ in stdenv.mkDerivation rec { outputHashMode = "recursive"; outputHashAlgo = "sha256"; - outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7"; + outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk"; }; configureFlags = @@ -92,6 +92,10 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + patches = [ + ./ejabberdctl.patch + ]; + preBuild = '' cp -r $deps deps chmod -R +w deps @@ -107,12 +111,12 @@ in stdenv.mkDerivation rec { $out/sbin/ejabberdctl ''; - meta = { + meta = with stdenv.lib; { description = "Open-source XMPP application server written in Erlang"; - license = lib.licenses.gpl2; + license = licenses.gpl2; homepage = http://www.ejabberd.im; - platforms = lib.platforms.linux; - maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ]; + platforms = platforms.linux; + maintainers = with maintainers; [ sander abbradar ]; broken = withElixir; }; } diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch new file mode 100644 index 000000000..f7c842b7b --- /dev/null +++ b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch @@ -0,0 +1,32 @@ +--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100 ++++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200 +@@ -42,19 +42,18 @@ + esac + + # parse command line parameters +-for arg; do +- case $arg in +- -n|--node) ERLANG_NODE_ARG=$2; shift;; +- -s|--spool) SPOOL_DIR=$2; shift;; +- -l|--logs) LOGS_DIR=$2; shift;; +- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;; +- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;; +- -d|--config-dir) ETC_DIR=$2; shift;; +- -t|--no-timeout) NO_TIMEOUT="--no-timeout";; +- --) :;; ++while test $# -gt 0; do ++ case $1 in ++ -n|--node) ERLANG_NODE_ARG=$2; shift 2;; ++ -s|--spool) SPOOL_DIR=$2; shift 2;; ++ -l|--logs) LOGS_DIR=$2; shift 2;; ++ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;; ++ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;; ++ -d|--config-dir) ETC_DIR=$2; shift 2;; ++ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;; ++ # --) :;; what is this for? + *) break;; + esac +- shift + done + + # define ejabberd variables if not already defined from the command line diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix new file mode 100644 index 000000000..a800ff543 --- /dev/null +++ b/krebs/5pkgs/simple/generate-secrets/default.nix @@ -0,0 +1,46 @@ +{ pkgs }: +pkgs.writeDashBin "generate-secrets" '' + HOSTNAME="$1" + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) + HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null + ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null + ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + cat <<EOF > $TMPDIR/hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + } + EOF + + cd $TMPDIR + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.brain}/bin/brain insert -m hosts/$HOSTNAME/root > /dev/null + + cat <<EOF + $HOSTNAME = { + cores = 1; + owner = config.krebs.users.krebs; + nets = { + retiolum = { + ip4.addr = "10.243.0.changeme"; + ip6.addr = "42:0:0:0:0:0:0:changeme"; + aliases = [ + "$HOSTNAME.r" + ]; + tinc.pubkey = ${"''"} + $(cat $TMPDIR/retiolum.rsa_key.pub) + ${"''"}; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + }; + EOF + + rm -rf $TMPDIR +'' + diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix deleted file mode 100644 index a6c82f3ca..000000000 --- a/krebs/5pkgs/simple/kops.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ fetchgit, ... }: - -fetchgit { - url = https://cgit.krebsco.de/kops; - rev = "refs/tags/v1.0.0"; - sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; -} diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix new file mode 100644 index 000000000..29bfb52f5 --- /dev/null +++ b/krebs/5pkgs/simple/krops.nix @@ -0,0 +1,7 @@ +{ fetchgit, ... }: + +fetchgit { + url = https://cgit.krebsco.de/krops; + rev = "refs/tags/v1.0.0"; + sha256 = "0ahp3fxb3l1vcjylxw0cd0f4hfp98bxskkf3z9d37hl3m7v4pcb4"; +} diff --git a/krebs/5pkgs/simple/painload/default.nix b/krebs/5pkgs/simple/painload/default.nix index 136ec4394..3b1c83b42 100644 --- a/krebs/5pkgs/simple/painload/default.nix +++ b/krebs/5pkgs/simple/painload/default.nix @@ -1,7 +1,7 @@ { fetchgit, ... }: fetchgit { - url = https://github.com/krebscode/painload; + url = https://github.com/krebs/painload; rev = "c113487f73713a03b1a139b22bb34b86234d0495"; sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6"; } diff --git a/krebs/5pkgs/simple/pssh/default.nix b/krebs/5pkgs/simple/pssh/default.nix deleted file mode 100644 index 2676af0cf..000000000 --- a/krebs/5pkgs/simple/pssh/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ writeDashBin }: - -writeDashBin "pssh" '' - set -efu - case ''${1-} in - - # TODO create plog with -o json | jq ... | map date - - # usage: pssh {-j,--journal} host... - # Follow journal at each host. - -j|--journal) - shift - "$0" journalctl -n0 -ocat --follow --all ::: "$@" \ - | while read line; do - printf '%s %s\n' "$(date --rfc-3339=s)" "$line" - done - ;; - - -*) - echo $0: unknown option: $1 >&2 - exit 1 - ;; - - # usage: pssh command [arg...] ::: host... - # Run command at each host. - *) - exec parallel \ - --line-buffer \ - -j0 \ - --no-notice \ - --tagstring {} \ - ssh -T {} "$@" - ;; - - esac -'' diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 20326901d..8393cd79f 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -10,7 +10,7 @@ with python3Packages; buildPythonPackage rec { pkgs.git ]; src = fetchFromGitHub { - owner = "krebscode"; + owner = "krebs"; repo = "repo-sync"; rev = version; sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw"; diff --git a/krebs/5pkgs/simple/retiolum-bootstrap/default.nix b/krebs/5pkgs/simple/retiolum-bootstrap/default.nix index 331b1cb7f..c0651f627 100644 --- a/krebs/5pkgs/simple/retiolum-bootstrap/default.nix +++ b/krebs/5pkgs/simple/retiolum-bootstrap/default.nix @@ -6,7 +6,7 @@ stdenv.mkDerivation rec { src = fetchurl { - url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh; + url = https://raw.githubusercontent.com/krebs/painload/master/retiolum/scripts/tinc_setup/new_install.sh; sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s"; }; @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { meta = { description = "Retiolum boostrap scripts"; - url = https://github.com/krebscode/painload; + url = https://github.com/krebs/painload; license = licenses.wtfpl; platforms = platforms.unix; maintainers = with maintainers; [ makefu ]; diff --git a/krebs/5pkgs/simple/thesauron/default.nix b/krebs/5pkgs/simple/thesauron/default.nix new file mode 100644 index 000000000..d543319f2 --- /dev/null +++ b/krebs/5pkgs/simple/thesauron/default.nix @@ -0,0 +1,7 @@ +{ fetchgit, callPackage }: let + src = fetchgit { + url = "https://github.com/krebs/thesauron"; + rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5"; + "sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva"; + }; +in callPackage src {} diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch deleted file mode 100644 index dd6933208..000000000 --- a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/hier.c b/hier.c -index 5663ada..1d73b84 100644 ---- a/hier.c -+++ b/hier.c -@@ -2,8 +2,8 @@ - - void hier() - { -- h(auto_home,-1,-1,02755); -- d(auto_home,"bin",-1,-1,02755); -+ h(auto_home,-1,-1,0755); -+ d(auto_home,"bin",-1,-1,0755); - - c(auto_home,"bin","tcpserver",-1,-1,0755); - c(auto_home,"bin","tcprules",-1,-1,0755); diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix deleted file mode 100644 index 3b043be06..000000000 --- a/krebs/5pkgs/simple/ucspi-tcp/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - name = "ucspi-tcp-0.88"; - - src = fetchurl { - url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz"; - sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja"; - }; - - # Plain upstream tarball doesn't build, get patches from Debian - patches = [ - (fetchurl { - url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz"; - sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6"; - }) - ./chmod.patch - ]; - - # Apply Debian patches - postPatch = '' - for fname in debian/diff/*.diff; do - echo "Applying patch $fname" - patch < "$fname" - done - ''; - - # The build system is weird; 'make install' doesn't install anything, instead - # it builds an executable called ./install (from C code) which installs - # binaries to the directory given on line 1 in ./conf-home. - # - # Also, assume getgroups and setgroups work, instead of doing a build time - # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID - # capability). - preBuild = '' - echo "$out" > conf-home - - echo "main() { return 0; }" > chkshsgr.c - ''; - - installPhase = '' - mkdir -p "$out/bin" - mkdir -p "$out/share/man/man1" - - # run the newly built installer - ./install - - # Install Debian man pages (upstream has none) - cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1" - ''; - - meta = with stdenv.lib; { - description = "Command-line tools for building TCP client-server applications"; - longDescription = '' - tcpserver waits for incoming connections and, for each connection, runs a - program of your choice. Your program receives environment variables - showing the local and remote host names, IP addresses, and port numbers. - - tcpserver offers a concurrency limit to protect you from running out of - processes and memory. When you are handling 40 (by default) simultaneous - connections, tcpserver smoothly defers acceptance of new connections. - - tcpserver also provides TCP access control features, similar to - tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules - are compiled into a hashed format with cdb, so it can easily deal with - thousands of different hosts. - - This package includes a recordio tool that monitors all the input and - output of a server. - - tcpclient makes a TCP connection and runs a program of your choice. It - sets up the same environment variables as tcpserver. - - This package includes several sample clients built on top of tcpclient: - who@, date@, finger@, http@, tcpcat, and mconnect. - - tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program - Interface, using the TCP protocol. UCSPI tools are available for several - different networks. - ''; - homepage = http://cr.yp.to/ucspi-tcp.html; - license = licenses.publicDomain; - platforms = platforms.linux; - maintainers = [ maintainers.bjornfor ]; - }; -} diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix deleted file mode 100644 index 64f3ad1ac..000000000 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, fetchFromGitHub, python3Packages }: - -python3Packages.buildPythonApplication rec { - name = "urlwatch-${version}"; - version = "2.8"; - - src = fetchFromGitHub { - owner = "thp"; - repo = "urlwatch"; - rev = version; - sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4"; - }; - - propagatedBuildInputs = with python3Packages; [ - appdirs - keyring - minidb - pycodestyle - pyyaml - requests - ]; - - meta = with stdenv.lib; { - description = "A tool for monitoring webpages for updates"; - homepage = https://thp.io/2008/urlwatch/; - license = licenses.bsd3; - maintainers = with maintainers; [ tv ]; - }; -} diff --git a/krebs/kops.nix b/krebs/krops.nix index f544b93d2..97cd6a939 100644 --- a/krebs/kops.nix +++ b/krebs/krops.nix @@ -1,19 +1,18 @@ { name }: rec { - kops = (import <nixpkgs> {}).fetchgit { - url = https://cgit.krebsco.de/kops/; - rev = "e89cf20d4310070a877c2e24a287659546b561c9"; - sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; + krops = builtins.fetchGit { + url = https://cgit.krebsco.de/krops/; + rev = "4e466eaf05861b47365c5ef46a31a188b70f3615"; }; - lib = import "${kops}/lib"; + lib = import "${krops}/lib"; # TODO document why pkgs should be used like this - pkgs = import "${kops}/pkgs" {}; + pkgs = import "${krops}/pkgs" {}; krebs-source = { nixpkgs.git = { - ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3"; + ref = "7295e175bf6c6e8aa54f1b4d99256ee95d13d385"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; @@ -38,7 +37,7 @@ secrets = if test then { - file = toString <stockholm/krebs/6tests/data/secrets>; + file = toString <stockholm/krebs/0tests/data/secrets>; } else { pass = { @@ -51,14 +50,14 @@ ]; # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) - deploy = pkgs.kops.writeDeploy "${name}-deploy" { + deploy = pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; target = "root@${name}/var/src"; }; # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) - test = pkgs.kops.writeTest "${name}-test" { + test = pkgs.krops.writeTest "${name}-test" { source = source { test = true; }; - target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; + target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; }; } diff --git a/krebs/source.nix b/krebs/source.nix index 3ee12b37f..2aaa27b2b 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,7 +14,7 @@ in { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; secrets = getAttr builder { - buildbot.file = toString <stockholm/krebs/6tests/data/secrets>; + buildbot.file = toString <stockholm/krebs/0tests/data/secrets>; krebs.pass = { dir = "${getEnv "HOME"}/brain"; name = "krebs-secrets/${name}"; @@ -22,7 +22,7 @@ in }; stockholm.file = toString <stockholm>; stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - nixpkgs = (import ./kops.nix { name = ""; }).krebs-source.nixpkgs; + nixpkgs = (import ./krops.nix { name = ""; }).krebs-source.nixpkgs; } override ] |