summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--2configs/makefu/cgit-retiolum.nix44
-rw-r--r--3modules/krebs/default.nix3
-rw-r--r--Makefile85
-rw-r--r--default.nix4
-rw-r--r--tv/1systems/cd.nix (renamed from tv/systems/cd.nix)16
-rw-r--r--tv/1systems/mkdir.nix (renamed from tv/systems/mkdir.nix)12
-rw-r--r--tv/1systems/nomic.nix (renamed from tv/systems/nomic.nix)10
-rw-r--r--tv/1systems/rmdir.nix (renamed from tv/systems/rmdir.nix)12
-rw-r--r--tv/1systems/wu.nix (renamed from tv/systems/wu.nix)20
-rw-r--r--tv/2configs/AO753.nix (renamed from tv/configs/AO753.nix)2
-rw-r--r--tv/2configs/CAC-CentOS-7-64bit.nix (renamed from tv/configs/CAC-CentOS-7-64bit.nix)0
-rw-r--r--tv/2configs/CAC-Developer-1.nix (renamed from tv/configs/CAC-Developer-1.nix)0
-rw-r--r--tv/2configs/CAC-Developer-2.nix (renamed from tv/configs/CAC-Developer-2.nix)0
-rw-r--r--tv/2configs/base.nix (renamed from tv/configs/base.nix)0
-rw-r--r--tv/2configs/bash_completion.sh (renamed from tv/configs/bash_completion.sh)0
-rw-r--r--tv/2configs/charybdis.nix (renamed from tv/configs/charybdis.nix)2
-rw-r--r--tv/2configs/consul-client.nix (renamed from tv/configs/consul-client.nix)0
-rw-r--r--tv/2configs/consul-server.nix (renamed from tv/configs/consul-server.nix)0
-rw-r--r--tv/2configs/cryptoroot.nix (renamed from tv/configs/cryptoroot.nix)0
-rw-r--r--tv/2configs/exim-retiolum.nix (renamed from tv/configs/exim-retiolum.nix)0
-rw-r--r--tv/2configs/exim-smarthost.nix (renamed from tv/configs/exim-smarthost.nix)0
-rw-r--r--tv/2configs/git.nix (renamed from tv/configs/git.nix)2
-rw-r--r--tv/2configs/mail-client.nix (renamed from tv/configs/mail-client.nix)2
-rw-r--r--tv/2configs/smartd.nix (renamed from tv/configs/smartd.nix)0
-rw-r--r--tv/2configs/synaptics.nix (renamed from tv/configs/synaptics.nix)0
-rw-r--r--tv/2configs/urlwatch.nix (renamed from tv/configs/urlwatch.nix)0
-rw-r--r--tv/2configs/urxvt.nix (renamed from tv/configs/urxvt.nix)0
-rw-r--r--tv/2configs/w110er.nix (renamed from tv/configs/w110er.nix)2
-rw-r--r--tv/2configs/xserver.nix (renamed from tv/configs/xserver.nix)2
-rw-r--r--tv/3modules/consul.nix (renamed from tv/modules/consul.nix)2
-rw-r--r--tv/3modules/default.nix (renamed from tv/modules/default.nix)0
-rw-r--r--tv/3modules/ejabberd.nix (renamed from tv/modules/ejabberd.nix)0
-rw-r--r--tv/3modules/iptables.nix (renamed from tv/modules/iptables.nix)0
-rw-r--r--tv/4lib/default.nix (renamed from tv/lib/default.nix)0
-rw-r--r--tv/4lib/git.nix (renamed from tv/lib/git.nix)0
-rw-r--r--tv/4lib/modules.nix (renamed from tv/lib/modules.nix)0
-rw-r--r--tv/5pkgs/charybdis/default.nix (renamed from tv/pkgs/charybdis/default.nix)0
-rw-r--r--tv/5pkgs/charybdis/remove-setenv.patch (renamed from tv/pkgs/charybdis/remove-setenv.patch)0
-rw-r--r--tv/5pkgs/default.nix (renamed from tv/pkgs/default.nix)0
-rw-r--r--tv/5pkgs/lentil/default.nix (renamed from tv/pkgs/lentil/default.nix)0
-rw-r--r--tv/5pkgs/lentil/syntaxes.patch (renamed from tv/pkgs/lentil/syntaxes.patch)0
-rw-r--r--tv/5pkgs/much.nix (renamed from tv/pkgs/much.nix)0
-rw-r--r--tv/5pkgs/viljetic-pages/default.nix (renamed from tv/pkgs/viljetic-pages/default.nix)0
-rw-r--r--tv/5pkgs/viljetic-pages/index.html (renamed from tv/pkgs/viljetic-pages/index.html)0
-rw-r--r--tv/5pkgs/viljetic-pages/logo.xpm (renamed from tv/pkgs/viljetic-pages/logo.xpm)0
45 files changed, 89 insertions, 131 deletions
diff --git a/2configs/makefu/cgit-retiolum.nix b/2configs/makefu/cgit-retiolum.nix
index d5ad35fda..7b8e3bc97 100644
--- a/2configs/makefu/cgit-retiolum.nix
+++ b/2configs/makefu/cgit-retiolum.nix
@@ -1,4 +1,5 @@
{ config, lib, pkgs, ... }:
+# TODO: remove tv lib :)
with import ../../4lib/tv { inherit lib pkgs; };
let
@@ -7,23 +8,31 @@ let
krebs.git = {
enable = true;
root-title = "public repositories ";
- root-desc = "keep calm and enrage";
- inherit repos rules ;
+ root-desc = "keep on krebsing";
+ inherit repos rules;
};
};
+ repos = priv-repos // krebs-repos ;
+ rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
- repos = public-repos;
- rules = concatMap make-rules (attrValues repos);
-
- public-repos = mapAttrs make-public-repo {
+ krebs-repos = mapAttrs make-krebs-repo {
stockholm = {
desc = "take all the computers hostage, they'll love you!";
};
};
+ priv-repos = mapAttrs make-priv-repo {
+ autosync = { };
+ };
+
+
# TODO move users to separate module
+ make-priv-repo = name: { desc ? null, ... }: {
+ inherit name desc;
+ public = false;
+ };
- make-public-repo = name: { desc ? null, ... }: {
+ make-krebs-repo = with git; name: { desc ? null, ... }: {
inherit name desc;
public = true;
hooks = {
@@ -35,18 +44,27 @@ let
};
};
- make-rules =
- with git // config.krebs.users;
- repo:
+ set-owners = with git; repo: user:
singleton {
- user = makefu;
+ inherit user;
repo = [ repo ];
perm = push "refs/*" [ non-fast-forward create delete merge ];
- } ++
+ };
+
+ set-ro-access = with git; repo: user:
optional repo.public {
- user = [ lass tv uriel ];
+ inherit user;
repo = [ repo ];
perm = fetch;
};
+ # TODO: get the list of all krebsministers
+ krebsminister = with config.krebs.users; [ lass tv uriel ];
+
+ priv-rules = with config.krebs.users; repo:
+ set-owners repo [ makefu ];
+
+ krebs-rules = with config.krebs.users; repo:
+ set-owners repo [ makefu ] ++ set-ro-access repo krebsminister ;
+
in out
diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix
index 234c5e114..a53597fbe 100644
--- a/3modules/krebs/default.nix
+++ b/3modules/krebs/default.nix
@@ -290,7 +290,7 @@ let
};
};
- makefu-imp = {
+ makefu-imp = {
hosts = addNames {
pnp = {
cores = 1;
@@ -319,6 +319,7 @@ let
};
users = addNames {
makefu = {
+ mail = "root@euer.krebsco.de";
pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
};
};
diff --git a/Makefile b/Makefile
index 6d075e6f2..ca828fd2b 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@
# usage:
# make system=foo
# make systems='foo bar'
-# make eval system=foo get=config.networking.extraHosts
+# make eval system=foo get=config.networking.extraHosts [filter=json]
#
.ONESHELL:
@@ -17,91 +17,30 @@ $(systems):
--tagstring {} \
-q make systems= system={} ::: $(systems)
else ifdef system
-include 0make/$(LOGNAME)/$(system).makefile
.PHONY: deploy
deploy:;@
- system_name=$(system)
- deploy_host=$(deploy_host)
- nixpkgs_url=$(nixpkgs_url)
- nixpkgs_rev=$(nixpkgs_rev)
- secrets_dir=$(secrets_dir)
-
- prepush(){(
- dst=$$1
- src=$$2
- rsync \
- --exclude .git \
- --exclude .graveyard \
- --exclude old \
- --rsync-path="mkdir -p \"$$dst\" && rsync" \
- --usermap=\*:0 \
- --groupmap=\*:0 \
- --delete-excluded \
- -vrLptgoD \
- "$$src/" "$$deploy_host:$$dst"
- )}
-
- prepush /root/src/stockholm "$$PWD"
- prepush /root/src/secrets "$$secrets_dir"
-
- ssh -S none "$$deploy_host" -T env \
- nixpkgs_url="$$nixpkgs_url" \
- nixpkgs_rev="$$nixpkgs_rev" \
- system_name="$$system_name" \
- user_name="$$LOGNAME" \
- sh -euf \
- <<-\EOF
- prefetch(){(
- dst=$$1
- url=$$2
- rev=$$3
- mkdir -p "$$dst"
- cd "$$dst"
- if ! test -e .git; then
- git init
- fi
- if ! cur_url=$$(git config remote.origin.url 2>/dev/null); then
- git remote add origin "$$url"
- elif test "$$cur_url" != "$$url"; then
- git remote set-url origin "$$url"
- fi
- if test "$$(git rev-parse --verify HEAD 2>/dev/null)" != "$$rev"; then
- git fetch origin
- git checkout "$$rev" -- .
- git checkout -q "$$rev"
- git submodule init
- git submodule update
- fi
- git clean -dxf
- )}
-
- prefetch /root/src/nixpkgs "$$nixpkgs_url" "$$nixpkgs_rev"
-
- echo build system...
- NIX_PATH=/root/src \
- nix-build \
- -Q \
- -A system \
- '<stockholm>' \
- --argstr user-name "$$user_name" \
- --argstr system-name "$$system_name"
-
- result/bin/switch-to-configuration switch
- EOF
+ make eval system=$(system) get=config.krebs.build.script filter=json | sh
.PHONY: eval
eval:
@
+ifeq ($(filter),json)
+ extraArgs=--json
+ filter() { jq -r .; }
+else
+ filter() { cat; }
+endif
NIX_PATH=stockholm=$$PWD:$$NIX_PATH \
nix-instantiate \
- --json \
+ $${extraArgs-} \
+ $${json+--json} \
+ $${json+--strict} \
--eval \
- --strict \
-A "$$get" \
'<stockholm>' \
--argstr user-name "$$LOGNAME" \
--argstr system-name "$$system" \
- | jq -r .
+ | filter
else
$(error unbound variable: system[s])
endif
diff --git a/default.nix b/default.nix
index 77c5ead22..0ee1c3d05 100644
--- a/default.nix
+++ b/default.nix
@@ -5,8 +5,8 @@ let
eval = import <nixpkgs/nixos/lib/eval-config.nix> {
system = builtins.currentSystem;
modules = map (p: ./. + "/${p}") [
- "${user-name}/systems/${system-name}.nix"
- "${user-name}/modules"
+ "${user-name}/1systems/${system-name}.nix"
+ "${user-name}/3modules"
"3modules/krebs"
];
};
diff --git a/tv/systems/cd.nix b/tv/1systems/cd.nix
index 037248c49..54292eb83 100644
--- a/tv/systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -3,7 +3,7 @@
with lib;
let
- tvpkgs = import ../pkgs { inherit pkgs; };
+ tvpkgs = import ../5pkgs { inherit pkgs; };
in
{
@@ -26,14 +26,14 @@ in
};
imports = [
- ../configs/CAC-Developer-2.nix
- ../configs/CAC-CentOS-7-64bit.nix
- ../configs/base.nix
- ../configs/consul-server.nix
- ../configs/exim-smarthost.nix
- ../configs/git.nix
+ ../2configs/CAC-Developer-2.nix
+ ../2configs/CAC-CentOS-7-64bit.nix
+ ../2configs/base.nix
+ ../2configs/consul-server.nix
+ ../2configs/exim-smarthost.nix
+ ../2configs/git.nix
{
- imports = [ ../configs/charybdis.nix ];
+ imports = [ ../2configs/charybdis.nix ];
tv.charybdis = {
enable = true;
sslCert = ../../Zcerts/charybdis_cd.crt.pem;
diff --git a/tv/systems/mkdir.nix b/tv/1systems/mkdir.nix
index f601ec838..cd3d3b5c4 100644
--- a/tv/systems/mkdir.nix
+++ b/tv/1systems/mkdir.nix
@@ -22,12 +22,12 @@ with lib;
};
imports = [
- ../configs/CAC-Developer-1.nix
- ../configs/CAC-CentOS-7-64bit.nix
- ../configs/base.nix
- ../configs/consul-server.nix
- ../configs/exim-smarthost.nix
- ../configs/git.nix
+ ../2configs/CAC-Developer-1.nix
+ ../2configs/CAC-CentOS-7-64bit.nix
+ ../2configs/base.nix
+ ../2configs/consul-server.nix
+ ../2configs/exim-smarthost.nix
+ ../2configs/git.nix
{
tv.iptables = {
enable = true;
diff --git a/tv/systems/nomic.nix b/tv/1systems/nomic.nix
index c96fe3811..b9a10cb4f 100644
--- a/tv/systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -22,11 +22,11 @@ with lib;
};
imports = [
- ../configs/AO753.nix
- ../configs/base.nix
- ../configs/consul-server.nix
- ../configs/exim-retiolum.nix
- ../configs/git.nix
+ ../2configs/AO753.nix
+ ../2configs/base.nix
+ ../2configs/consul-server.nix
+ ../2configs/exim-retiolum.nix
+ ../2configs/git.nix
{
tv.iptables = {
enable = true;
diff --git a/tv/systems/rmdir.nix b/tv/1systems/rmdir.nix
index fa91516d9..c8ac43e4c 100644
--- a/tv/systems/rmdir.nix
+++ b/tv/1systems/rmdir.nix
@@ -22,12 +22,12 @@ with lib;
};
imports = [
- ../configs/CAC-Developer-1.nix
- ../configs/CAC-CentOS-7-64bit.nix
- ../configs/base.nix
- ../configs/consul-server.nix
- ../configs/exim-smarthost.nix
- ../configs/git.nix
+ ../2configs/CAC-Developer-1.nix
+ ../2configs/CAC-CentOS-7-64bit.nix
+ ../2configs/base.nix
+ ../2configs/consul-server.nix
+ ../2configs/exim-smarthost.nix
+ ../2configs/git.nix
{
tv.iptables = {
enable = true;
diff --git a/tv/systems/wu.nix b/tv/1systems/wu.nix
index 7c52d9484..27691ec56 100644
--- a/tv/systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -3,7 +3,7 @@
with lib;
let
- tvpkgs = import ../pkgs { inherit pkgs; };
+ tvpkgs = import ../5pkgs { inherit pkgs; };
in
{
@@ -26,15 +26,15 @@ in
};
imports = [
- ../configs/w110er.nix
- ../configs/base.nix
- ../configs/consul-client.nix
- ../configs/exim-retiolum.nix
- ../configs/git.nix
- ../configs/mail-client.nix
- ../configs/xserver.nix
- ../configs/synaptics.nix # TODO w110er if xserver is enabled
- ../configs/urlwatch.nix
+ ../2configs/w110er.nix
+ ../2configs/base.nix
+ ../2configs/consul-client.nix
+ ../2configs/exim-retiolum.nix
+ ../2configs/git.nix
+ ../2configs/mail-client.nix
+ ../2configs/xserver.nix
+ ../2configs/synaptics.nix # TODO w110er if xserver is enabled
+ ../2configs/urlwatch.nix
{
environment.systemPackages = with pkgs; [
diff --git a/tv/configs/AO753.nix b/tv/2configs/AO753.nix
index c103ce2d7..96167ce01 100644
--- a/tv/configs/AO753.nix
+++ b/tv/2configs/AO753.nix
@@ -2,7 +2,7 @@
{
imports = [
- ../configs/smartd.nix
+ ../2configs/smartd.nix
];
boot.loader.grub = {
diff --git a/tv/configs/CAC-CentOS-7-64bit.nix b/tv/2configs/CAC-CentOS-7-64bit.nix
index 168d1d97b..168d1d97b 100644
--- a/tv/configs/CAC-CentOS-7-64bit.nix
+++ b/tv/2configs/CAC-CentOS-7-64bit.nix
diff --git a/tv/configs/CAC-Developer-1.nix b/tv/2configs/CAC-Developer-1.nix
index 37bc32afb..37bc32afb 100644
--- a/tv/configs/CAC-Developer-1.nix
+++ b/tv/2configs/CAC-Developer-1.nix
diff --git a/tv/configs/CAC-Developer-2.nix b/tv/2configs/CAC-Developer-2.nix
index fedb808df..fedb808df 100644
--- a/tv/configs/CAC-Developer-2.nix
+++ b/tv/2configs/CAC-Developer-2.nix
diff --git a/tv/configs/base.nix b/tv/2configs/base.nix
index 997d4c235..997d4c235 100644
--- a/tv/configs/base.nix
+++ b/tv/2configs/base.nix
diff --git a/tv/configs/bash_completion.sh b/tv/2configs/bash_completion.sh
index 537484fb9..537484fb9 100644
--- a/tv/configs/bash_completion.sh
+++ b/tv/2configs/bash_completion.sh
diff --git a/tv/configs/charybdis.nix b/tv/2configs/charybdis.nix
index 977626d27..bf45bf294 100644
--- a/tv/configs/charybdis.nix
+++ b/tv/2configs/charybdis.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
let
- tvpkgs = import ../pkgs { inherit pkgs; };
+ tvpkgs = import ../5pkgs { inherit pkgs; };
in
with builtins;
diff --git a/tv/configs/consul-client.nix b/tv/2configs/consul-client.nix
index 0a8bf4d75..0a8bf4d75 100644
--- a/tv/configs/consul-client.nix
+++ b/tv/2configs/consul-client.nix
diff --git a/tv/configs/consul-server.nix b/tv/2configs/consul-server.nix
index d10f9ea75..d10f9ea75 100644
--- a/tv/configs/consul-server.nix
+++ b/tv/2configs/consul-server.nix
diff --git a/tv/configs/cryptoroot.nix b/tv/2configs/cryptoroot.nix
index 04618ac4a..04618ac4a 100644
--- a/tv/configs/cryptoroot.nix
+++ b/tv/2configs/cryptoroot.nix
diff --git a/tv/configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 851a0c625..851a0c625 100644
--- a/tv/configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
diff --git a/tv/configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index c93189b8a..c93189b8a 100644
--- a/tv/configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
diff --git a/tv/configs/git.nix b/tv/2configs/git.nix
index 01d29012c..ecb98cef2 100644
--- a/tv/configs/git.nix
+++ b/tv/2configs/git.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import ../lib { inherit lib pkgs; };
+with import ../4lib { inherit lib pkgs; };
let
out = {
diff --git a/tv/configs/mail-client.nix b/tv/2configs/mail-client.nix
index 035f296b9..a632cf7c4 100644
--- a/tv/configs/mail-client.nix
+++ b/tv/2configs/mail-client.nix
@@ -1,6 +1,6 @@
{ pkgs, ... }:
-with import ../pkgs { inherit pkgs; };
+with import ../5pkgs { inherit pkgs; };
{
environment.systemPackages = [
diff --git a/tv/configs/smartd.nix b/tv/2configs/smartd.nix
index 9c4d8b2d8..9c4d8b2d8 100644
--- a/tv/configs/smartd.nix
+++ b/tv/2configs/smartd.nix
diff --git a/tv/configs/synaptics.nix b/tv/2configs/synaptics.nix
index c47cb9deb..c47cb9deb 100644
--- a/tv/configs/synaptics.nix
+++ b/tv/2configs/synaptics.nix
diff --git a/tv/configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index a69b1519c..a69b1519c 100644
--- a/tv/configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
diff --git a/tv/configs/urxvt.nix b/tv/2configs/urxvt.nix
index 89bb421aa..89bb421aa 100644
--- a/tv/configs/urxvt.nix
+++ b/tv/2configs/urxvt.nix
diff --git a/tv/configs/w110er.nix b/tv/2configs/w110er.nix
index 96ee8c75b..e580b2161 100644
--- a/tv/configs/w110er.nix
+++ b/tv/2configs/w110er.nix
@@ -2,7 +2,7 @@
{
imports = [
- ../configs/smartd.nix
+ ../2configs/smartd.nix
];
boot.extraModprobeConfig = ''
diff --git a/tv/configs/xserver.nix b/tv/2configs/xserver.nix
index ec94359ee..7fc07f927 100644
--- a/tv/configs/xserver.nix
+++ b/tv/2configs/xserver.nix
@@ -2,7 +2,7 @@
{
imports = [
- ../configs/urxvt.nix # TODO via xserver
+ ../2configs/urxvt.nix # TODO via xserver
];
services.xserver.enable = true;
diff --git a/tv/modules/consul.nix b/tv/3modules/consul.nix
index 83a430c2f..82a15c024 100644
--- a/tv/modules/consul.nix
+++ b/tv/3modules/consul.nix
@@ -5,7 +5,7 @@
# TODO consul-bootstrap HOST that actually does is
# TODO tools to inspect state of a cluster in outage state
-with import ../lib { inherit lib pkgs; };
+with import ../4lib { inherit lib pkgs; };
let
cfg = config.tv.consul;
diff --git a/tv/modules/default.nix b/tv/3modules/default.nix
index bb10d8261..bb10d8261 100644
--- a/tv/modules/default.nix
+++ b/tv/3modules/default.nix
diff --git a/tv/modules/ejabberd.nix b/tv/3modules/ejabberd.nix
index 2910a9a69..2910a9a69 100644
--- a/tv/modules/ejabberd.nix
+++ b/tv/3modules/ejabberd.nix
diff --git a/tv/modules/iptables.nix b/tv/3modules/iptables.nix
index cbf49f577..cbf49f577 100644
--- a/tv/modules/iptables.nix
+++ b/tv/3modules/iptables.nix
diff --git a/tv/lib/default.nix b/tv/4lib/default.nix
index e0a295f17..e0a295f17 100644
--- a/tv/lib/default.nix
+++ b/tv/4lib/default.nix
diff --git a/tv/lib/git.nix b/tv/4lib/git.nix
index 2b25debdc..2b25debdc 100644
--- a/tv/lib/git.nix
+++ b/tv/4lib/git.nix
diff --git a/tv/lib/modules.nix b/tv/4lib/modules.nix
index 248e638ea..248e638ea 100644
--- a/tv/lib/modules.nix
+++ b/tv/4lib/modules.nix
diff --git a/tv/pkgs/charybdis/default.nix b/tv/5pkgs/charybdis/default.nix
index f3e6be40e..f3e6be40e 100644
--- a/tv/pkgs/charybdis/default.nix
+++ b/tv/5pkgs/charybdis/default.nix
diff --git a/tv/pkgs/charybdis/remove-setenv.patch b/tv/5pkgs/charybdis/remove-setenv.patch
index bbaf95e19..bbaf95e19 100644
--- a/tv/pkgs/charybdis/remove-setenv.patch
+++ b/tv/5pkgs/charybdis/remove-setenv.patch
diff --git a/tv/pkgs/default.nix b/tv/5pkgs/default.nix
index 50625f868..50625f868 100644