diff options
33 files changed, 74 insertions, 343 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000..c96fec739 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "submodules/nix-writers"] + path = submodules/nix-writers + url = http://cgit.krebsco.de/nix-writers diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index 578a51c8f..60dbbc50c 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -1,5 +1,5 @@ { pkgs, ... }: -pkgs.writeHaskell "xmonad-jeschli" { +pkgs.writeHaskellPackage "xmonad-jeschli" { executables.xmonad = { extra-depends = [ "containers" diff --git a/jeschli/source.nix b/jeschli/source.nix index 29cf9d818..fc1413ee4 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 04b1c999f..62a5f9ab5 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -63,6 +63,7 @@ in grab_repo = steps.Git( repourl=stockholm_repo, mode='full', + submodules=True, ) ''; builder = { diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index ba0924681..5ae24b40b 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -484,7 +484,7 @@ let reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules)); - # TODO use `writeOut` + # TODO use pkgs.write (from nix-writers) scriptFarm = farm-name: scripts: let diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index fd74983fa..e2322e171 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -66,6 +66,7 @@ with import <stockholm/lib>; ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index c39e39799..2df76fb2f 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -120,7 +120,7 @@ rec { url-title = (buildSimpleReaktorPlugin "url-title" { pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; path = with pkgs; [ curl perl ]; - script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" '' + script = pkgs.writePython3 "url-title" [ "beautifulsoup4" "lxml" ] '' import sys import urllib.request from bs4 import BeautifulSoup diff --git a/krebs/5pkgs/simple/brain/default.nix b/krebs/5pkgs/simple/brain/default.nix index e69b44f0f..9b125862b 100644 --- a/krebs/5pkgs/simple/brain/default.nix +++ b/krebs/5pkgs/simple/brain/default.nix @@ -1,6 +1,6 @@ -{ pass, writeOut, writeDash, ... }: +{ pass, write, writeDash, ... }: -writeOut "brain" { +write "brain" { "/bin/brain".link = writeDash "brain" '' PASSWORD_STORE_DIR=$HOME/brain \ exec ${pass}/bin/pass $@ diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 9afe79510..c973386d6 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -225,6 +225,6 @@ in - pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: + pkgs.write "stockholm" (lib.mapAttrs' (name: link: lib.nameValuePair "/bin/${name}" { inherit link; } ) cmds) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix deleted file mode 100644 index 1939bf854..000000000 --- a/krebs/5pkgs/writers.nix +++ /dev/null @@ -1,318 +0,0 @@ -pkgs: oldpkgs: -with import <stockholm/lib>; - { - execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let - in pkgs.writeC name { inherit destination; } /* c */ '' - #include <unistd.h> - - static char *const filename = ${toC filename}; - - ${if argv == null - then /* Propagate arguments */ /* c */ '' - #define MAIN_ARGS int argc, char **argv - '' - else /* Provide fixed arguments */ /* c */ '' - #define MAIN_ARGS void - static char *const argv[] = ${toC (argv ++ [null])}; - ''} - - static char *const envp[] = ${toC ( - mapAttrsToList (k: v: "${k}=${v}") envp ++ [null] - )}; - - int main (MAIN_ARGS) { - execve(filename, argv, envp); - return -1; - } - ''; - - execveBin = name: cfg: - pkgs.execve name (cfg // { destination = "/bin/${name}"; }); - - makeScriptWriter = { interpreter, check ? null }: name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - inherit check; - executable = true; - text = "#! ${interpreter}\n${text}"; - }; - }; - - writeBash = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - executable = true; - text = "#! ${pkgs.bash}/bin/bash\n${text}"; - }; - }; - - writeBashBin = name: - assert types.filename.check name; - pkgs.writeBash "/bin/${name}"; - - writeC = name: { destination ? "" }: text: pkgs.runCommand name { - inherit text; - passAsFile = [ "text" ]; - } /* sh */ '' - PATH=${makeBinPath (with pkgs; [ - # TODO remove if everyone migrated to 18.03 - (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils) - coreutils - gcc - ])} - exe=$out${destination} - mkdir -p "$(dirname "$exe")" - gcc -O -Wall -o "$exe" -x c "$textPath" - strip --strip-unneeded "$exe" - ''; - - writeDash = pkgs.makeScriptWriter { - interpreter = "${pkgs.dash}/bin/dash"; - }; - - writeDashBin = name: - assert types.filename.check name; - pkgs.writeDash "/bin/${name}"; - - writeEximConfig = name: text: pkgs.runCommand name { - inherit text; - passAsFile = [ "text" ]; - } /* sh */ '' - # TODO validate exim config even with config.nix.useChroot == true - # currently doing so will fail because "user exim was not found" - #${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null - mv "$textPath" $out - ''; - - writeOut = name: specs0: - let - writers.link = - { path - , link - }: - assert path == "" || types.absolute-pathname.check path; - assert types.package.check link; - { - install = /* sh */ '' - ${optionalString (path != "") /* sh */ '' - ${pkgs.coreutils}/bin/mkdir -p $out${dirOf path} - ''} - ${pkgs.coreutils}/bin/ln -s ${link} $out${path} - ''; - }; - - writers.text = - { path - , check ? null - , executable ? false - , mode ? if executable then "0755" else "0644" - , text - }: - assert path == "" || types.absolute-pathname.check path; - assert types.bool.check executable; - assert types.file-mode.check mode; - rec { - var = "file_${hashString "sha1" path}"; - val = text; - install = /* sh */ '' - ${optionalString (check != null) /* sh */ '' - ${check} ''$${var}Path - ''} - ${pkgs.coreutils}/bin/install \ - -m ${mode} \ - -D \ - ''$${var}Path $out${path} - ''; - }; - - write = spec: writers.${spec.type} (removeAttrs spec ["type"]); - - specs = - mapAttrsToList - (path: spec: let - known-types = [ "link" "text" ]; - found-types = attrNames (getAttrs known-types spec); - type = assert length found-types == 1; head found-types; - in spec // { inherit path type; }) - specs0; - - files = map write specs; - - filevars = genAttrs' (filter (hasAttr "var") files) - (spec: nameValuePair spec.var spec.val); - - env = filevars // { passAsFile = attrNames filevars; }; - in - # Use a subshell because <nixpkgs/stdenv/generic/setup.sh>'s genericBuild - # sources (or evaluates) the buildCommand and we don't want to modify its - # shell. In particular, exitHandler breaks in multiple ways with set -u. - pkgs.runCommand name env /* sh */ '' - ( - set -efu - ${concatMapStringsSep "\n" (getAttr "install") files} - ) - ''; - - writeHaskell = - k: - let - k' = parseDrvName k; - name = k'.name; - version = if k'.version != "" then k'.version else "0"; - in - { base-depends ? ["base"] - , executables ? {} - , ghc-options ? ["-Wall" "-O3" "-threaded" "-rtsopts"] - , haskellPackages ? pkgs.haskellPackages - , library ? null - , license ? "WTFPL" - }: - let - isExecutable = executables != {}; - isLibrary = library != null; - - cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ '' - build-type: Simple - cabal-version: >= 1.2 - name: ${name} - version: ${version} - ${concatStringsSep "\n" (mapAttrsToList exe-section executables)} - ${optionalString isLibrary (lib-section library)} - ''; - - exe-install = - exe-name: - { file ? pkgs.writeText "${name}-${exe-name}.hs" text - , relpath ? "${exe-name}.hs" - , text - , ... }: - if types.filename.check exe-name - then /* sh */ "install -D ${file} $out/${relpath}" - else throw "argument ‘exe-name’ is not a ${types.filename.name}"; - - exe-section = - exe-name: - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , file ? pkgs.writeText "${name}-${exe-name}.hs" text - , relpath ? "${exe-name}.hs" - , text - , ... }: /* cabal */ '' - executable ${exe-name} - build-depends: ${concatStringsSep "," build-depends} - ghc-options: ${toString ghc-options} - main-is: ${relpath} - ''; - - get-depends = - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , ... - }: - build-depends; - - lib-install = - { exposed-modules - , ... }: - concatStringsSep "\n" (mapAttrsToList mod-install exposed-modules); - - lib-section = - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , exposed-modules - , ... }: /* cabal */ '' - library - build-depends: ${concatStringsSep "," build-depends} - ghc-options: ${toString ghc-options} - exposed-modules: ${concatStringsSep "," (attrNames exposed-modules)} - ''; - - mod-install = - mod-name: - { file ? pkgs.writeText "${name}-${mod-name}.hs" text - , relpath ? "${replaceStrings ["."] ["/"] mod-name}.hs" - , text - , ... }: - if types.haskell.modid.check mod-name - then /* sh */ "install -D ${file} $out/${relpath}" - else throw "argument ‘mod-name’ is not a ${types.haskell.modid.name}"; - in - haskellPackages.mkDerivation { - inherit isExecutable isLibrary license version; - executableHaskellDepends = - attrVals - (concatMap get-depends (attrValues executables)) - haskellPackages; - libraryHaskellDepends = - attrVals - (optionals isLibrary (get-depends library)) - haskellPackages; - pname = name; - src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ '' - install -D ${cabal-file} $out/${cabal-file.name} - ${optionalString isLibrary (lib-install library)} - ${concatStringsSep "\n" (mapAttrsToList exe-install executables)} - ''; - }; - - writeJq = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "jqcheck.sh" '' - exec ${pkgs.jq}/bin/jq -f "$1" < /dev/null - ''; - inherit text; - }; - }; - - writeJSON = name: value: pkgs.runCommand name { - json = toJSON value; - passAsFile = [ "json" ]; - } /* sh */ '' - ${pkgs.jq}/bin/jq . "$jsonPath" > "$out" - ''; - - writeNixFromCabal = - trace (toString [ - "The function `writeNixFromCabal` has been deprecated in favour of" - "`writeHaskell`." - ]) - (name: path: pkgs.runCommand name {} /* sh */ '' - ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out - ''); - - writePython2 = deps: - let - py = pkgs.python2.withPackages(ps: attrVals deps ps); - in - pkgs.makeScriptWriter { - interpreter = "${py}/bin/python"; - check = pkgs.writeDash "python2check.sh" '' - exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1" - ''; - }; - - writePython2Bin = d: name: - pkgs.writePython2 d "/bin/${name}"; - - writePython3 = deps: - let - py = pkgs.python3.withPackages(ps: attrVals deps ps); - in - pkgs.makeScriptWriter { - interpreter = "${py}/bin/python"; - check = pkgs.writeDash "python3check.sh" '' - exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1" - ''; - }; - - writePython3Bin = d: name: - pkgs.writePython3 d "/bin/${name}"; - - writeSed = pkgs.makeScriptWriter { - interpreter = "${pkgs.gnused}/bin/sed -f"; - }; - } diff --git a/krebs/default.nix b/krebs/default.nix index 55bf66f77..d99f60aaa 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -3,6 +3,10 @@ with import <stockholm/lib>; { imports = [ ./3modules + { + nixpkgs.config.packageOverrides = + import ../submodules/nix-writers/pkgs pkgs; + } ]; nixpkgs.config.packageOverrides = import ./5pkgs pkgs; } diff --git a/krebs/source.nix b/krebs/source.nix index 2aaa27b2b..5b86e89c6 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 64c179e67..6a8040c9d 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -8,11 +8,6 @@ <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/browsers.nix> - <stockholm/lass/2configs/programs.nix> - <stockholm/lass/2configs/fetchWallpaper.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/AP.nix> <stockholm/lass/2configs/blue-host.nix> ]; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 9a0bb49e9..780403813 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -281,6 +281,18 @@ with import <stockholm/lib>; ]; } { + services.nginx = { + enable = true; + virtualHosts."radio.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:8000; + ''; + }; + }; + } + { lass.nichtparasoup.enable = true; services.nginx = { enable = true; @@ -341,6 +353,14 @@ with import <stockholm/lib>; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } + { + services.murmur.enable = true; + services.murmur.registerName = "lassul.us"; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + ]; + + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index afdefaa45..b27368613 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -81,6 +81,7 @@ in { mpv-poll much ncdu + nix-index nix-repl nmap pavucontrol diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 657234bc1..83c235f3e 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -5,6 +5,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/container-networking.nix> ]; + systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { environment.systemPackages = [ pkgs.git ]; diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index 3bd1852a8..eb457b7d3 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -326,7 +326,7 @@ in { name = "mc"; paths = [ (pkgs.writeDashBin "mc" '' - export MC_DATADIR=${pkgs.writeOut "mc-ext" { + export MC_DATADIR=${pkgs.write "mc-ext" { "/mc.ext".link = mcExt; "/sfs.ini".text = ""; }}; diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 5a39f7115..0ce147acd 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -65,7 +65,7 @@ with import <stockholm/lib>; }) (buildSimpleReaktorPlugin "random-unicorn-porn" { pattern = "^!rup$$"; - script = pkgs.writePython2 [] "rup" '' + script = pkgs.writePython2 "rup" [] '' t1 = """ _. ;=',_ () diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index fc9e63e31..cb2890969 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -45,7 +45,7 @@ "pwstore-fast" "bytestring" ]; - body = pkgs.writeHaskell "passwords" { + body = pkgs.writeHaskellPackage "passwords" { executables.verify_pam = { extra-depends = deps; text = '' diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 325ebcc99..4c0023a76 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -44,7 +44,7 @@ with import <stockholm/lib>; wm = mkOption { #TODO find type type = types.string; - default = "${pkgs.writeHaskell "xephyrify-xmonad" { + default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 868c1072a..7180f2a69 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -pkgs.writeHaskell "xmonad-lass" { +pkgs.writeHaskellPackage "xmonad-lass" { executables.xmonad = { extra-depends = [ "containers" diff --git a/lass/5pkgs/dpass/default.nix b/lass/5pkgs/dpass/default.nix index 7e75d50c7..c1e803bcb 100644 --- a/lass/5pkgs/dpass/default.nix +++ b/lass/5pkgs/dpass/default.nix @@ -1,6 +1,6 @@ -{ pass, writeOut, writeDash, ... }: +{ pass, write, writeDash, ... }: -writeOut "dsco-pass" { +write "dsco-pass" { "/bin/dpass".link = writeDash "dpass" '' PASSWORD_STORE_DIR=$HOME/.dpasswordstore \ exec ${pass}/bin/pass $@ diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index 8d6036843..20c546dbb 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -1,8 +1,8 @@ -{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }: +{ writeDashBin, writeHaskellPackage, coreutils, xorg, virtualgl, ... }: let - xephyrify-xmonad = writeHaskell "xephyrify-xmonad" { + xephyrify-xmonad = writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" diff --git a/lass/source.nix b/lass/source.nix index e7991da2a..49f919faf 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in diff --git a/makefu/source.nix b/makefu/source.nix index 85953615e..c1e291b8a 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -20,6 +20,7 @@ let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; # TODO: automate updating of this ref + cherry-picks diff --git a/mv/source.nix b/mv/source.nix index 1a7b83961..29dfe9723 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -7,6 +7,7 @@ host@{ name, override ? {} }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in diff --git a/nin/1systems/axon/config.nix b/nin/1systems/axon/config.nix index 483a4f84b..5e81afdbd 100644 --- a/nin/1systems/axon/config.nix +++ b/nin/1systems/axon/config.nix |