diff options
| -rw-r--r-- | Makefile | 61 | ||||
| -rw-r--r-- | krebs/3modules/build.nix | 117 | ||||
| -rw-r--r-- | lass/1systems/helios.nix | 19 | ||||
| -rw-r--r-- | lass/1systems/mors.nix | 49 | ||||
| -rw-r--r-- | lass/2configs/browsers.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/git.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/libvirt.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/skype.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/xserver/default.nix | 6 | ||||
| -rw-r--r-- | lass/5pkgs/default.nix | 11 | ||||
| -rw-r--r-- | lass/5pkgs/xmonad-lass/Main.hs | 13 | ||||
| -rw-r--r-- | lass/default.nix | 1 |
12 files changed, 181 insertions, 106 deletions
@@ -1,5 +1,32 @@ -ifndef system -$(error unbound variable: system) +stockholm ?= . + +ifndef nixos-config +$(if $(system),,$(error unbound variable: system)) +nixos-config = ./$(LOGNAME)/1systems/$(system).nix +endif + +# target = [target_user@]target_host[:target_port][/target_path] +ifdef target +_target_user != echo $(target) | sed -n 's/@.*//p' +_target_path != echo $(target) | sed -n 's/^[^/]*//p' +_target_port != echo $(target) | sed -En 's|^.*:([^/]*)(/.*)?$$|\1|p' +_target_host != echo $(target) | sed -En 's/^(.*@)?([^:/]*).*/\2/p' +ifneq ($(_target_host),) +$(if $(target_host),$(error cannot define both, target_host and host in target)) +target_host ?= $(_target_host) +endif +ifneq ($(_target_user),) +$(if $(target_user),$(error cannot define both, target_user and user in target)) +target_user ?= $(_target_user) +endif +ifneq ($(_target_port),) +$(if $(target_port),$(error cannot define both, target_port and port in target)) +target_port ?= $(_target_port) +endif +ifneq ($(_target_path),) +$(if $(target_path),$(error cannot define both, target_path and path in target)) +target_path ?= $(_target_path) +endif endif export target_host ?= $(system) @@ -7,13 +34,18 @@ export target_user ?= root export target_port ?= 22 export target_path ?= /var/src +$(if $(target_host),,$(error unbound variable: target_host)) +$(if $(target_user),,$(error unbound variable: target_user)) +$(if $(target_port),,$(error unbound variable: target_port)) +$(if $(target_path),,$(error unbound variable: target_path)) + evaluate = \ nix-instantiate \ --eval \ --readonly-mode \ --show-trace \ - -I nixos-config=./$(LOGNAME)/1systems/$(system).nix \ - -I stockholm=. \ + -I nixos-config=$(nixos-config) \ + -I stockholm=$(stockholm) \ $(1) execute = \ @@ -22,9 +54,10 @@ execute = \ echo "$$script" | sh # usage: make deploy system=foo [target_host=bar] +deploy: ssh ?= ssh deploy: $(call execute,populate) - ssh $(target_user)@$(target_host) -p $(target_port) \ + $(ssh) $(target_user)@$(target_host) -p $(target_port) \ nixos-rebuild switch --show-trace -I $(target_path) # usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name @@ -41,3 +74,21 @@ install: $(ssh) $(target_user)@$(target_host) -p $(target_port) \ env NIXOS_CONFIG=$(target_path)/nixos-config \ nixos-install + +# usage: make test system=foo [target=bar] [method={eval,build}] +method ?= eval +ifeq ($(method),build) +test: command = nix-build --no-out-link +else +ifeq ($(method),eval) +test: command ?= nix-instantiate --eval --json --readonly-mode --strict +else +$(error bad method: $(method)) +endif +endif +test: ssh ?= ssh +test: + $(call execute,populate) + $(ssh) $(target_user)@$(target_host) -p $(target_port) \ + $(command) --show-trace -I $(target_path) \ + -A config.system.build.toplevel $(target_path)/stockholm diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index a1f446188..c700fbc56 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -20,35 +20,19 @@ let type = types.user; }; - options.krebs.build.source = let - raw = types.either types.str types.path; - url = types.submodule { + options.krebs.build.source = mkOption { + type = with types; attrsOf (either str (submodule { options = { - url = mkOption { - type = types.str; - }; - rev = mkOption { - type = types.str; - }; - dev = mkOption { - type = types.str; - }; + url = str; + rev = str; }; - }; - in mkOption { - type = types.attrsOf (types.either types.str url); - apply = let f = mapAttrs (_: value: { - string = value; - path = toString value; - set = f value; - }.${typeOf value}); in f; + })); default = {}; }; options.krebs.build.populate = mkOption { type = types.str; default = let - source = config.krebs.build.source; target-user = maybeEnv "target_user" "root"; target-host = maybeEnv "target_host" config.krebs.build.host.name; target-port = maybeEnv "target_port" "22"; @@ -75,24 +59,21 @@ let tmpdir=$(mktemp -dt stockholm.XXXXXXXX) chmod 0755 "$tmpdir" - ${concatStringsSep "\n" - (mapAttrsToList - (name: spec: let dst = removePrefix "symlink:" (get-url spec); in - "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}") - symlink-specs)} + ${concatStringsSep "\n" (mapAttrsToList (name: symlink: '' + verbose ln -s ${shell.escape symlink.target} \ + "$tmpdir"/${shell.escape name} + '') source-by-method.symlink)} verbose proot \ - -b $tmpdir:${shell.escape target-path} \ - ${concatStringsSep " \\\n " - (mapAttrsToList - (name: spec: - "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}") - file-specs)} \ + -b "$tmpdir":${shell.escape target-path} \ + ${concatStringsSep " \\\n " (mapAttrsToList (name: file: + "-b ${shell.escape "${file.path}:${target-path}/${name}"}" + ) source-by-method.file)} \ rsync \ -f ${shell.escape "P /*"} \ - ${concatMapStringsSep " \\\n " - (name: "-f ${shell.escape "R /${name}"}") - (attrNames file-specs)} \ + ${concatMapStringsSep " \\\n " (name: + "-f ${shell.escape "R /${name}"}" + ) (attrNames source-by-method.file)} \ --delete \ -vFrlptD \ -e ${shell.escape "ssh -p ${target-port}"} \ @@ -100,30 +81,6 @@ let ${shell.escape "${target-user}@${target-host}:${target-path}"} ''; - get-schema = uri: - if substring 0 1 uri == "/" - then "file" - else head (splitString ":" uri); - - has-schema = schema: uri: get-schema uri == schema; - - get-url = spec: { - string = spec; - path = toString spec; - set = get-url spec.url; - }.${typeOf spec}; - - git-specs = - filterAttrs (_: spec: has-schema "https" (get-url spec)) source // - filterAttrs (_: spec: has-schema "http" (get-url spec)) source // - filterAttrs (_: spec: has-schema "git" (get-url spec)) source; - - file-specs = - filterAttrs (_: spec: has-schema "file" (get-url spec)) source; - - symlink-specs = - filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source; - git-script = '' #! /bin/sh set -efu @@ -162,20 +119,42 @@ let git clean -dxf )} - ${concatStringsSep "\n" - (mapAttrsToList - (name: spec: toString (map shell.escape [ - "verbose" - "fetch_git" - "${target-path}/${name}" - spec.url - spec.rev - ])) - git-specs)} + ${concatStringsSep "\n" (mapAttrsToList (name: git: '' + verbose fetch_git ${concatMapStringsSep " " shell.escape [ + "${target-path}/${name}" + git.url + git.rev + ]} + '') source-by-method.git)} ''; in out; }; }; + source-by-method = let + known-methods = ["git" "file" "symlink"]; + in genAttrs known-methods (const {}) // recursiveUpdate source-by-scheme { + git = source-by-scheme.http or {} // + source-by-scheme.https or {}; + }; + + source-by-scheme = foldl' (out: { k, v }: recursiveUpdate out { + ${v.scheme}.${k} = v; + }) {} (mapAttrsToList (k: v: { inherit k v; }) normalized-source); + + normalized-source = mapAttrs (name: let f = x: getAttr (typeOf x) { + path = f (toString x); + string = f { + url = if substring 0 1 x == "/" then "file://${x}" else x; + }; + set = let scheme = head (splitString ":" x.url); in recursiveUpdate x { + inherit scheme; + } // { + symlink.target = removePrefix "symlink:" x.url; + file.path = # TODO file://host/... + assert hasPrefix "file:///" x.url; + removePrefix "file://" x.url; + }.${scheme} or {}; + }; in f) config.krebs.build.source; in out diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 88fb6aac7..0103b6ec0 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -8,6 +8,7 @@ with builtins; ../2configs/browsers.nix ../2configs/programs.nix ../2configs/git.nix + ../2configs/pass.nix #{ # users.extraUsers = { # root = { @@ -17,6 +18,15 @@ with builtins; # }; # }; #} + { + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; precedence = 9001; } + ]; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.helios; @@ -53,15 +63,6 @@ with builtins; # SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:b8:c8:2e", NAME="et0" #''; - services.xserver = { - videoDriver = "intel"; - vaapiDrivers = [ pkgs.vaapiIntel ]; - deviceSection = '' - Option "AccelMethod" "sna" - BusID "PCI:0:2:0" - ''; - }; - services.xserver.synaptics = { enable = true; twoFingerScroll = true; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index f6ac1b4e6..a7f4ee5f8 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -20,12 +20,12 @@ ../2configs/git.nix #../2configs/wordpress.nix ../2configs/bitlbee.nix - ../2configs/firefoxPatched.nix + #../2configs/firefoxPatched.nix ../2configs/skype.nix ../2configs/teamviewer.nix ../2configs/libvirt.nix ../2configs/fetchWallpaper.nix - ../2configs/buildbot-standalone.nix + #../2configs/buildbot-standalone.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ @@ -97,6 +97,46 @@ # { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; } # ]; #} + { + containers.pythonenv = { + config = { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + + environment = { + systemPackages = with pkgs; [ + git + libxml2 + libxslt + libzip + python27Full + python27Packages.buildout + stdenv + zlib + ]; + + pathsToLink = [ "/include" ]; + + shellInit = '' + # help pip to find libz.so when building lxml + export LIBRARY_PATH=/var/run/current-system/sw/lib + # ditto for header files, e.g. sqlite + export C_INCLUDE_PATH=/var/run/current-system/sw/include + ''; + }; + + }; + }; + } + { + services.mysql = { + enable = true; + package = pkgs.mariadb; + rootPassword = "<secrets>/mysql_rootPassword"; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; @@ -170,6 +210,11 @@ device = "/dev/big/public"; fsType = "ext4"; }; + + "/mnt/conf" = { + device = "/dev/big/conf"; + fsType = "ext4"; + }; }; services.udev.extraRules = '' diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 61016fed0..eb764068b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -58,7 +58,7 @@ in { ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) - ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) + ( createChromiumUser "flash" [ "audio" ] [ pkgs.flash ] ) ]; nixpkgs.config.packageOverrides = pkgs : { diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 76b897d1f..0aab298c7 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -42,6 +42,8 @@ let brain = { collaborators = with config.krebs.users; [ tv makefu ]; }; + extraction_webinterface = {}; + politics-fetching = {}; } // import <secrets/repos.nix> { inherit config lib pkgs; } ); diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index 7520a0e36..a51ccae58 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -2,13 +2,14 @@ let mainUser = config.users.extraUsers.mainUser; + inherit (config.krebs.lib) genid; in { virtualisation.libvirtd.enable = true; users.extraUsers = { libvirt = { - uid = lib.genid "libvirt"; + uid = genid "libvirt"; description = "user for running libvirt stuff"; home = "/home/libvirt"; useDefaultShell = true; diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix index d62a18a52..5b6da4a95 100644 --- a/lass/2configs/skype.nix +++ b/lass/2configs/skype.nix @@ -2,12 +2,13 @@ let mainUser = config.users.extraUsers.mainUser; + inherit (config.krebs.lib) genid; in { users.extraUsers = { skype = { name = "skype"; - uid = lib.genid "skype"; + uid = genid "skype"; description = "user for running skype"; home = "/home/skype"; useDefaultShell = true; diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 82cfd57bb..203ed0b09 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -93,11 +93,9 @@ let xmonad-start = pkgs.writeScriptBin "xmonad" '' #! ${pkgs.bash}/bin/bash set -efu - export PATH; PATH=${makeSearchPath "bin" [ - pkgs.alsaUtils - pkgs.pulseaudioLight + export PATH; PATH=${makeSearchPath "bin" ([ pkgs.rxvt_unicode - ]}:/var/setuid-wrappers + ] ++ config.environment.systemPackages)}:/var/setuid-wrappers settle() {( # Use PATH for a clean journal command=''${1##*/} diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index fee4654ae..ce29ae33c 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,16 +1,13 @@ { pkgs, ... }: -let - inherit (pkgs) callPackage; -in { nixpkgs.config.packageOverrides = rec { firefoxPlugins = { - noscript = callPackage ./firefoxPlugins/noscript.nix {}; - ublock = callPackage ./firefoxPlugins/ublock.nix {}; - vimperator = callPackage ./firefoxPlugins/vimperator.nix {}; + noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; + ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; + vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; }; - newsbot-js = callPackage ./newsbot-js/default.nix {}; + newsbot-js = pkgs.callPackage ./newsbot-js/default.nix {}; xmonad-lass = let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in pkgs.haskellPackages.callPackage src {}; diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs index faaa00aab..503df3be7 100644 --- a/lass/5pkgs/xmonad-lass/Main.hs +++ b/lass/5pkgs/xmonad-lass/Main.hs @@ -12,7 +12,6 @@ import XMonad import System.IO (hPutStrLn, stderr) import System.Environment (getArgs, withArgs, getEnv, getEnvironment) import System.Posix.Process (executeFile) -import XMonad.Prompt (defaultXPConfig) import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace , removeEmptyWorkspace) import XMonad.Actions.GridSelect @@ -73,7 +72,7 @@ mainNoArgs = do -- $ withUrgencyHook borderUrgencyHook "magenta" -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never } $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ") - $ defaultConfig + $ def { terminal = myTerm , modMask = mod4Mask , workspaces = workspaces0 @@ -169,7 +168,7 @@ myWSConfig = myGSConfig } pagerConfig :: PagerConfig -pagerConfig = defaultPagerConfig +pagerConfig = def { pc_font = myFont , pc_cellwidth = 64 --, pc_cellheight = 36 -- TODO automatically keep screen aspect @@ -182,13 +181,13 @@ pagerConfig = defaultPagerConfig where windowColors _ _ _ True _ = ("#ef4242","#ff2323") windowColors wsf m c u wf = do - let def = defaultWindowColors wsf m c u wf + let y = defaultWindowColors wsf m c u wf if m == False && wf == True - then ("#402020", snd def) - else def + then ("#402020", snd y) + else y wGSConfig :: GSConfig Window -wGSConfig = defaultGSConfig +wGSConfig = def { gs_cellheight = 20 , gs_cellwidth = 192 , gs_cellpadding = 5 diff --git a/lass/default.nix b/lass/default.nix index 69b4abaac..377708c3e 100644 --- a/lass/default.nix +++ b/lass/default.nix @@ -3,5 +3,6 @@ _: imports = [ ../krebs ./3modules + ./5pkgs ]; } |