diff options
-rw-r--r-- | krebs/3modules/default.nix | 1 | ||||
-rw-r--r-- | krebs/3modules/external/dbalan.nix | 50 | ||||
-rw-r--r-- | krebs/nixpkgs-unstable.json | 8 | ||||
-rw-r--r-- | krebs/nixpkgs.json | 8 | ||||
-rw-r--r-- | lass/2configs/fysiirc.nix | 9 | ||||
-rw-r--r-- | lass/krops.nix | 14 |
6 files changed, 72 insertions, 18 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2d73da884..8ea727dc7 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -102,6 +102,7 @@ let imp = lib.mkMerge [ { krebs = import ./external { inherit config; }; } + { krebs = import ./external/dbalan.nix { inherit config; }; } { krebs = import ./external/kmein.nix { inherit config; }; } { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } diff --git a/krebs/3modules/external/dbalan.nix b/krebs/3modules/external/dbalan.nix new file mode 100644 index 000000000..301f010d3 --- /dev/null +++ b/krebs/3modules/external/dbalan.nix @@ -0,0 +1,50 @@ +with import <stockholm/lib>; +{ config, ... }: +let + hostDefaults = hostName: host: flip recursiveUpdate host ({ + ci = false; + external = true; + monitoring = false; + owner = config.krebs.users.dbalan; + } // optionalAttrs (host.nets?retiolum) { + nets.retiolum = { + ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address; + }; + } // optionalAttrs (host.nets?wiregrill) { + nets.wiregrill = { + ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address; + }; + }); +in +{ + users = rec { + dbalan = { + mail = "dbalan@thaum.space"; + pubkey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAiWF+U3VHNfp1IPU0/TWhMioxJvmoyG1AMZMvnQjy5QAAAABHNzaDo= dj@v60"; + }; + }; + hosts = mapAttrs hostDefaults { + v60 = { + nets.retiolum = { + aliases = [ "v60.dbalan.r" ]; + ip4.addr = "10.243.42.12"; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxVRxcCWfjLu9cNo5ELfXyuwhpJBSfod5f9JkclSpydVHaQBfeVC6 + RKfdknQVL6RXiCMFsSAvCvmnIohmpUCbiQWu29P/g0jzQZZ7zNx5L7JHy18x9qAr + 1scu7FRdVErVuWKXXNt0+j45dA+u5HE6RLsjAHGYtQbAr21VLyLF3qq11IWNrFYU + uqSnM/ZPbOPPHLS8XtsQRdJ2cOkccSCO4W6xBar92aPFuDImH60VuxMFEKYWY2bz + p6q0K0rtRqW1qANTV62SUDeA1wMPlSmvnMFY7qesSLk6tJjJ02HwwiOvK2ov1/Rm + bpwcrqrrbUxbCaZC6t7pBBxUOZlGfnO3woZQm63+4TEw/YDHhxD0HbhH88Wc+eHy + I73tuL1oc01JxL131bJV6jcHG7LrG7wTsTdDaZpjbH54adJP47QpTMb0ggsx2WkD + mpxFFSnTZL7ghZO5NGPvidTBp+wJiSOv5igAjA72CvjR3tOF4d5Lsq4JsQeCStjA + OPrIrN0AnJRg2IFDXZEGwTS9AbLWX147O9VrNimLzezOylH4Eihn7GUJ5KLIPjLy + AvsgIYljoJuhGbM8QoWlakwqOndMeoqhz52ORZ5CDgfybJJEbyrYF8gYFVNJOzds + 9gy/F+27TwfjMgcheN2+ogJp+lD754aCF0EJMwaK8ElzQLqAzbBRGAsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "dcPFpCG94cq1KHD4TH9WgOl9fpc1589YvWkmnkEZcSC"; + }; + }; + }; +} diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 49d65160d..b5f64ae2a 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060", - "date": "2022-05-24T17:55:48+02:00", - "path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs", - "sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3", + "rev": "f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5", + "date": "2022-06-26T12:26:21+02:00", + "path": "/nix/store/d7wgj3chybniji4l6z73a0gh67hxym3b-nixpkgs", + "sha256": "1z28a3gqbv62sxahlssc5a722kh46f26f5ss3arbxpv7a1272vf1", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 3e20b2a87..c9e1cd5e0 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "d1086907f56c5a6c33c0c2e8dc9f42ef6988294f", - "date": "2022-05-28T12:29:49+02:00", - "path": "/nix/store/56gsa390lyiik6jdapnj98a2ww8af8ig-nixpkgs", - "sha256": "009dc0njvdn5pzcyd8bp4sc9byf70w4msdkv6q2zfdlnh36im1jl", + "rev": "cd90e773eae83ba7733d2377b6cdf84d45558780", + "date": "2022-06-26T19:49:46+02:00", + "path": "/nix/store/bmaf6x4yxcsvs5wp4rayvai4lw7g6snr-nixpkgs", + "sha256": "1b2wn1ncx9x4651vfcgyqrm93pd7ghnrgqjbkf6ckkpidah69m03", "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix index e12eda42e..809298df4 100644 --- a/lass/2configs/fysiirc.nix +++ b/lass/2configs/fysiirc.nix @@ -10,8 +10,7 @@ ${write_to_irc} "$(echo "$INPUT" | jq -r ' "\(.action): " + "[\(.issue.title // .pull_request.title)] " + - "\(.comment.html_url // .issue.html_url // .pull_request.html_url) " + - "by \(.comment.user.login // .issue.user.login // .pull_request.user.login)" + "\(.comment.html_url // .issue.html_url // .pull_request.html_url) " ')" fi ''; @@ -58,16 +57,16 @@ in { case "$Method $Request_URI" in "POST /") payload=$(head -c "$req_content_length") - echo "$payload" >&2 + raw=$(printf '%s' "$payload" | ${pkgs.curl}/bin/curl --data-binary @- http://p.krebsco.de | tail -1) payload2=$payload - payload2=$(echo "$payload" | tr '\n' ' ' | tr -d '\r') + payload2=$(printf '%s' "$payload" | tr '\n' ' ' | tr -d '\r') if [ "$payload" != "$payload2" ]; then echo "payload has been mangled" >&2 else echo "payload not mangled" >&2 fi - echo "$payload2" > /tmp/last_fysi_payload echo "$payload2" | ${format-github-message}/bin/format-github-message + ${write_to_irc} "$raw" printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' printf '\r\n' diff --git a/lass/krops.nix b/lass/krops.nix index ace37888f..c8a5b94b7 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -37,18 +37,22 @@ in { - deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeCommand "deploy" { + deploy = { target ? "root@${name}/var/src", offline ? false }: pkgs.krops.writeCommand "deploy" { command = targetPath: '' - set -fu + set -xfu outDir=$(mktemp -d) trap "rm -rf $outDir;" INT TERM EXIT - nix build \ + build=$(command -v nom-build || echo "nix-build") + + $build \ -I "${targetPath}" \ - -f '<nixpkgs/nixos>' config.system.build.toplevel \ - -o "$outDir/out" + '<nixpkgs/nixos>' -A config.system.build.toplevel \ + -o "$outDir/out" \ + ${lib.optionalString offline "--option substitute false"} \ + # -vvvvv --show-trace nix-env -p /nix/var/nix/profiles/system --set "$outDir/out" |