summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/4lib/infest/prepare.sh14
-rw-r--r--krebs/5pkgs/simple/whatsupnix/whatsupnix.bash9
-rw-r--r--lass/1systems/icarus.nix17
-rw-r--r--lass/1systems/mors.nix47
-rw-r--r--lass/1systems/prism.nix4
-rw-r--r--lass/2configs/buildbot-standalone.nix6
-rw-r--r--lass/2configs/exim-smarthost.nix2
-rw-r--r--lass/5pkgs/init/default.nix30
-rw-r--r--shell.nix186
-rw-r--r--tv/5pkgs/default.nix88
-rw-r--r--tv/default.nix4
11 files changed, 301 insertions, 106 deletions
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 8e921ce06..50d521e17 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -36,7 +36,14 @@ prepare() {(
;;
esac
;;
- nixos|stockholm)
+ nixos)
+ case $(cat /proc/cmdline) in
+ *' root=LABEL=NIXOS_ISO '*)
+ prepare_nixos_iso "$@"
+ exit
+ esac
+ ;;
+ stockholm)
case $(cat /proc/cmdline) in
*' root=LABEL=NIXOS_ISO '*)
prepare_nixos_iso "$@"
@@ -95,8 +102,7 @@ prepare_nixos_iso() {
mkdir -p bin
rm -f bin/nixos-install
cp "$(type -p nixos-install)" bin/nixos-install
- sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install
-
+ sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
}
get_nixos_install() {
@@ -211,7 +217,7 @@ prepare_common() {(
mkdir -p bin
rm -f bin/nixos-install
cp "$(type -p nixos-install)" bin/nixos-install
- sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install
+ sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
if ! grep -q '^PATH.*#krebs' .bashrc; then
echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc
diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
index 042763048..2ad9aadc9 100644
--- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
+++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
@@ -17,25 +17,22 @@
# 2 Build error; at least one failed derivation could be found.
#
-GAWK=${GAWK:-gawk}
-NIX_STORE=${NIX_STORE:-nix-store}
-
failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX)
trap 'rm -f -- "$failed_drvs"' EXIT
exec >&2
-$GAWK -v failed_drvs="$failed_drvs" '
+gawk -v failed_drvs="$failed_drvs" '
match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) {
print m[1] >> failed_drvs
}
- { print $0 }
+ { print $0; fflush("/dev/stdout") }
'
case $# in
0)
print_log() {
- NIX_PAGER= $NIX_STORE -l "$1"
+ NIX_PAGER= nix-store -l "$1"
}
;;
1)
diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus.nix
index b869a67a7..13c517e3b 100644
--- a/lass/1systems/icarus.nix
+++ b/lass/1systems/icarus.nix
@@ -6,9 +6,9 @@ with import <stockholm/lib>;
../.
../2configs/retiolum.nix
../2configs/hw/tp-x220.nix
- ../2configs/baseX.nix
../2configs/git.nix
../2configs/exim-retiolum.nix
+ ../2configs/baseX.nix
../2configs/browsers.nix
../2configs/programs.nix
../2configs/fetchWallpaper.nix
@@ -22,9 +22,9 @@ with import <stockholm/lib>;
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
- loader.grub.enableCryptodisk = true;
+ loader.grub.efiSupport = true;
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
@@ -34,11 +34,14 @@ with import <stockholm/lib>;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
- "/bku" = {
- device = "/dev/mapper/pool-bku";
- fsType = "btrfs";
- options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ "/boot" = {
+ device = "/dev/sda2";
};
+ #"/bku" = {
+ # device = "/dev/mapper/pool-bku";
+ # fsType = "btrfs";
+ # options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ #};
"/home" = {
device = "/dev/mapper/pool-home";
fsType = "btrfs";
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index b9ab54503..0bfd54515 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -96,49 +96,30 @@ with import <stockholm/lib>;
loader.grub.enable = true;
loader.grub.version = 2;
loader.grub.device = "/dev/sda";
+ loader.grub.efiSupport = true;
- initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ];
};
fileSystems = {
"/" = {
- device = "/dev/big/nix";
- fsType = "ext4";
+ device = "/dev/mapper/pool-root";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
-
"/boot" = {
- device = "/dev/sda1";
- };
-
- "/mnt/loot" = {
- device = "/dev/big/loot";
- fsType = "ext4";
+ device = "/dev/sda2";
};
-
+ #"/bku" = {
+ # device = "/dev/mapper/pool-bku";
+ # fsType = "btrfs";
+ # options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ #};
"/home" = {
- device = "/dev/big/home";
- fsType = "ext4";
- };
-
- "/home/lass" = {
- device = "/dev/big/home-lass";
- fsType = "ext4";
- };
-
- "/home/games/.local/share/Steam" = {
- device = "/dev/big/steam";
- fsType = "ext4";
- };
-
- "/home/virtual/virtual" = {
- device = "/dev/big/virtual";
- fsType = "ext4";
- };
-
- "/mnt/conf" = {
- device = "/dev/big/conf";
- fsType = "ext4";
+ device = "/dev/mapper/pool-home";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
"/tmp" = {
device = "tmpfs";
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index af847333d..531dec9df 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -229,6 +229,10 @@ in {
OnUnitInactiveSec = "2min";
RandomizedDelaySec = "2min";
};
+ krebs.repo-sync.repos.nixpkgs.timerConfig = {
+ OnBootSec = "90min";
+ OnUnitInactiveSec = "24h";
+ };
}
{
lass.usershadow = {
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index e765ddbb4..449feb382 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -120,9 +120,6 @@ in {
system={}".format(host)]
)
- for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]:
- build_host(env_tv, i)
-
for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
build_host(env_lass, i)
@@ -135,6 +132,9 @@ in {
for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
build_host(env_shared, i)
+ for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]:
+ build_host(env_tv, i)
+
bu.append(
util.BuilderConfig(
name="build-hosts",
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index b8d00e7d4..fd2f1f765 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -32,6 +32,8 @@ with import <stockholm/lib>;
{ from = "feed@lassul.us"; to = lass.mail; }
{ from = "art@lassul.us"; to = lass.mail; }
{ from = "irgendwas@lassul.us"; to = lass.mail; }
+ { from = "polo@lassul.us"; to = lass.mail; }
+ { from = "shack@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix
index b484d2c38..679187531 100644
--- a/lass/5pkgs/init/default.nix
+++ b/lass/5pkgs/init/default.nix
@@ -19,14 +19,15 @@ pkgs.writeText "init" ''
disk=${disk}
- luksdev=${disk}2
+ luksdev=${disk}3
luksmap=/dev/mapper/${luksmap}
vgname=${vgname}
+ bootdev=/dev/sda2
+
rootdev=/dev/mapper/${vgname}-root
homedev=/dev/mapper/${vgname}-home
- bkudev=/dev/mapper/${vgname}-bku
#
#generate keyfile
@@ -49,7 +50,8 @@ pkgs.writeText "init" ''
mklabel gpt \
mkpart no-fs 0 1024KiB \
set 1 bios_grub on \
- mkpart primary 1025KiB 100%
+ mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \
+ mkpart primary 1025MiB 100%
fi
if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = primary; then
@@ -78,9 +80,8 @@ pkgs.writeText "init" ''
lvchange -a y /dev/mapper/"$vgname"
- if ! test -e "$rootdev"; then lvcreate -L 100G -n root "$vgname"; fi
- if ! test -e "$homedev"; then lvcreate -L 100G -n home "$vgname"; fi
- if ! test -e "$bkudev"; then lvcreate -L 200G -n bku "$vgname"; fi
+ if ! test -e "$rootdev"; then lvcreate -L 7G -n root "$vgname"; fi
+ if ! test -e "$homedev"; then lvcreate -L 100M -n home "$vgname"; fi
# lvchange -a n "$vgname"
@@ -89,6 +90,10 @@ pkgs.writeText "init" ''
# formatting
#
+ if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
+ mkfs.vfat "$bootdev"
+ fi
+
if ! test "$(blkid -o value -s TYPE "$rootdev")" = btrfs; then
mkfs.btrfs "$rootdev"
fi
@@ -97,22 +102,18 @@ pkgs.writeText "init" ''
mkfs.btrfs "$homedev"
fi
- if ! test "$(blkid -o value -s TYPE "$bkudev")" = btrfs; then
- mkfs.btrfs "$bkudev"
- fi
-
if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
mount "$rootdev" /mnt
fi
+ if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
+ mkdir -m 0000 -p /mnt/boot
+ mount "$bootdev" /mnt/boot
+ fi
if ! test "$(lsblk -n -o MOUNTPOINT "$homedev")" = /mnt/home; then
mkdir -m 0000 -p /mnt/home
mount "$homedev" /mnt/home
fi
- if ! test "$(lsblk -n -o MOUNTPOINT "$bkudev")" = /mnt/bku; then
- mkdir -m 0000 -p /mnt/bku
- mount "$bkudev" /mnt/bku
- fi
# umount -R /mnt
@@ -122,6 +123,7 @@ pkgs.writeText "init" ''
nix-env -iA nixos.git
+ # TODO: get sentinal file from target_path
mkdir -p /mnt/var/src
touch /mnt/var/src/.populate
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 000000000..3e7ba81c1
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,186 @@
+let
+ lib = import ./lib;
+ pkgs = import <nixpkgs> { overlays = [(import ./krebs/5pkgs)]; };
+
+ # usage: deploy --system=SYSTEM [--target=TARGET]
+ cmds.deploy = pkgs.writeDash "cmds.deploy" ''
+ set -efu
+
+ command=deploy
+ . ${init.args}
+ \test -n "''${target-}" || target=$system
+ . ${init.env}
+
+ exec ${utils.deploy}
+ '';
+
+ # usage: test --system=SYSTEM --target=TARGET
+ cmds.test = pkgs.writeDash "cmds.test" /* sh */ ''
+ set -efu
+
+ command=test
+ . ${init.args}
+ . ${init.env}
+
+ export dummy_secrets=true
+ exec ${utils.build} config.system.build.toplevel
+ '';
+
+ init.args = pkgs.writeText "init.args" /* sh */ ''
+ args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \
+ -o s:t: \
+ -l system:,target: \
+ -- "$@")
+ if \test $? != 0; then exit 1; fi
+ eval set -- "$args"
+ while :; do case $1 in
+ -s|--system) system=$2; shift 2;;
+ -t|--target) target=$2; shift 2;;
+ --) shift; break;;
+ esac; done
+ for arg; do echo "$command: bad argument: $arg" >&2; done
+ if \test $# != 0; then exit 2; fi
+ '';
+
+ init.env = pkgs.writeText "init.env" /* sh */ ''
+ config=''${config-$LOGNAME/1systems/$system.nix}
+
+ export config
+ export system
+ export target
+
+ export target_object="$(${init.env.parsetarget} $target)"
+ export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)"
+ export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)"
+ export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)"
+ export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)"
+ export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
+
+ if \test "''${using_proxy-}" != true; then
+ ${init.env.populate}
+ if \test "$target_local" != true; then
+ exec ${init.env.proxy} "$command" "$@"
+ fi
+ fi
+ '' // {
+ parsetarget = pkgs.writeDash "init.env.parsetarget" ''
+ set -efu
+ exec ${pkgs.jq}/bin/jq \
+ -enr \
+ --arg target "$1" \
+ -f ${init.env.parsetarget.jq}
+ '' // {
+ jq = pkgs.writeText "init.env.parsetarget.jq" ''
+ def when(c; f): if c then f else . end;
+ def capturesDef(i; v): .captures[i].string | when(. == null; v);
+ $target | match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | {
+ user: capturesDef(0; "root"),
+ host: capturesDef(1; env.system),
+ port: capturesDef(2; "22"),
+ path: capturesDef(3; "/var/src"),
+ } | . + {
+ local: (.user == env.LOGNAME and .host == env.HOSTNAME),
+ }
+ '';
+ };
+ populate = pkgs.writeDash "init.env.populate" ''
+ set -efu
+ ${pkgs.nix}/bin/nix-instantiate \
+ --eval \
+ --json \
+ --readonly-mode \
+ --show-trace \
+ --strict \
+ -I nixos-config="$config" \
+ -E 'with import <stockholm>; config.krebs.build.source' \
+ |
+ ${pkgs.populate}/bin/populate \
+ "$target_user@$target_host:$target_port$target_path" \
+ >&2
+ '';
+ proxy = pkgs.writeDash "init.env.proxy" ''
+ set -efu
+ q() {
+ ${pkgs.jq}/bin/jq -nr --arg x "$*" '$x | @sh "\(.)"'
+ }
+ exec ${pkgs.openssh}/bin/ssh \
+ "$target_user@$target_host" -p "$target_port" \
+ cd "$target_path/stockholm" \; \
+ NIX_PATH=$(q "$target_path") \
+ STOCKHOLM_VERSION=$STOCKHOLM_VERSION \
+ nix-shell \
+ --command $(q \
+ config=$config \
+ system=$system \
+ target=$target \
+ using_proxy=true \
+ "$*"
+ )
+ '';
+ };
+
+ utils.build = pkgs.writeDash "utils.build" ''
+ set -efu
+ ${pkgs.nix}/bin/nix-build \
+ -Q \
+ --no-out-link \
+ --show-trace \
+ -E "with import <stockholm>; $1" \
+ -I "$target_path" \
+ 2>&1 |
+ ${pkgs.whatsupnix}/bin/whatsupnix
+ '';
+
+ utils.deploy = pkgs.writeDash "utils.deploy" ''
+ set -efu
+ PATH=/run/current-system/sw/bin nixos-rebuild switch \
+ -Q \
+ --show-trace \
+ -I "$target_path" \
+ 2>&1 |
+ ${pkgs.whatsupnix}/bin/whatsupnix
+ '';
+
+ shell.get-version = pkgs.writeDash "shell.get-version" ''
+ set -efu
+ version=git.$(${pkgs.git}/bin/git describe --always --dirty)
+ case $version in (*-dirty)
+ version=$version@$HOSTNAME
+ esac
+ date=$(${pkgs.coreutils}/bin/date +%y.%m)
+ echo "$date.$version"
+ '';
+
+ shell.cmdspkg = pkgs.writeOut "shell.cmdspkg" (lib.mapAttrs' (name: link:
+ lib.nameValuePair "/bin/${name}" { inherit link; }
+ ) cmds);
+
+in pkgs.stdenv.mkDerivation {
+ name = "stockholm";
+ shellHook = /* sh */ ''
+ export NIX_PATH="stockholm=$PWD''${NIX_PATH+:$NIX_PATH}"
+ export PATH=${lib.makeBinPath [
+ shell.cmdspkg
+ ]}
+
+ eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)"
+ shopt -u no_empty_cmd_completion
+ unalias -a
+
+ enable -n \
+ . [ alias bg bind break builtin caller cd command compgen complete \
+ compopt continue dirs disown eval exec false fc fg getopts hash \
+ help history jobs kill let local logout mapfile popd printf pushd \
+ pwd read readarray readonly shift source suspend test times trap \
+ true typeset ulimit umask unalias wait
+
+ exitHandler() {
+ :
+ }
+
+ export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
+ export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}"
+
+ PS1='\[\e[38;5;162m\]\w\[\e[0m\] '
+ '';
+}
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index ae47ab0f3..284e42a79 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -1,40 +1,54 @@
-{ config, pkgs, ... }:
with import <stockholm/lib>;
-{
- nixpkgs.config.packageOverrides = super: let
-
- # This callPackage will try to detect obsolete overrides.
- callPackage = path: args: let
- override = super.callPackage path args;
- upstream = optionalAttrs (override ? "name")
- (super.${(parseDrvName override.name).name} or {});
- in if upstream ? "name" &&
- override ? "name" &&
- compareVersions upstream.name override.name != -1
- then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
- else override;
-
- in {}
- // mapAttrs (_: flip callPackage {})
- (filterAttrs (_: dir: pathExists (dir + "/default.nix"))
- (subdirsOf ./.))
- // {
- # TODO use XDG_RUNTIME_DIR?
- cr = pkgs.writeDashBin "cr" ''
- set -efu
- export LC_TIME=de_DE.utf8
- exec ${pkgs.chromium}/bin/chromium \
- --ssl-version-min=tls1 \
- --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
- --disk-cache-size=50000000 \
- "$@"
- '';
- ejabberd = callPackage ./ejabberd {
- erlang = pkgs.erlangR16;
- };
- ff = pkgs.writeDashBin "ff" ''
- exec ${pkgs.firefoxWrapper}/bin/firefox "$@"
- '';
- gnupg = pkgs.gnupg21;
+self: super: let
+
+ # This callPackage will try to detect obsolete overrides.
+ callPackage = path: args: let
+ override = super.callPackage path args;
+ upstream = optionalAttrs (override ? "name")
+ (super.${(parseDrvName override.name).name} or {});
+ in if upstream ? "name" &&
+ override ? "name" &&
+ compareVersions upstream.name override.name != -1
+ then
+ trace
+ "Upstream `${upstream.name}' gets overridden by `${override.name}'."
+ override
+ else override;
+
+in {
+
+ # TODO use XDG_RUNTIME_DIR?
+ cr = self.writeDashBin "cr" ''
+ set -efu
+ export LC_TIME=de_DE.utf8
+ exec ${self.chromium}/bin/chromium \
+ --ssl-version-min=tls1 \
+ --disk-cache-dir=/tmp/chromium-disk-cache_"$LOGNAME" \
+ --disk-cache-size=50000000 \
+ "$@"
+ '';
+
+ ejabberd = callPackage ./ejabberd {
+ erlang = self.erlangR16;
};
+
+ ff = self.writeDashBin "ff" ''
+ exec ${self.firefoxWrapper}/bin/firefox "$@"
+ '';
+
+ gnupg = self.gnupg21;
+
+ # https://github.com/NixOS/nixpkgs/issues/16113
+ wvdial = let
+ nixpkgs-1509 = import (self.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs-channels";
+ rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
+ sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
+ }) {};
+ in nixpkgs-1509.wvdial;
+
}
+
+// mapAttrs (_: flip callPackage {})
+ (filterAttrs (_: dir: pathExists (dir + "/default.nix"))
+ (subdirsOf ./.))
diff --git a/tv/default.nix b/tv/default.nix
index b1c7c1be8..d077cc09f 100644
--- a/tv/default.nix
+++ b/tv/default.nix
@@ -1,9 +1,9 @@
-_:
+{ pkgs, ... }:
{
imports = [
../krebs
./2configs
./3modules
- ./5pkgs
];
+ nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
}