summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/1systems/hotdog/config.nix5
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--krebs/2configs/buildbot-all.nix5
-rw-r--r--krebs/2configs/hw/x220.nix2
-rw-r--r--krebs/3modules/buildbot/slave.nix2
-rw-r--r--krebs/3modules/ci.nix48
-rw-r--r--krebs/3modules/iptables.nix9
-rw-r--r--krebs/3modules/nin/default.nix45
-rw-r--r--krebs/3modules/tv/default.nix18
-rw-r--r--krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh2
-rw-r--r--krebs/5pkgs/simple/bitlbee-discord/default.nix29
-rw-r--r--krebs/5pkgs/simple/eximlog.nix28
-rw-r--r--krebs/5pkgs/simple/fortclientsslvpn/default.nix4
-rw-r--r--krebs/5pkgs/simple/stockholm/default.nix23
-rw-r--r--krebs/5pkgs/writers.nix46
-rw-r--r--krebs/6tests/default.nix6
-rw-r--r--krebs/6tests/deploy.nix18
-rw-r--r--krebs/source.nix2
-rw-r--r--lass/1systems/helios/config.nix2
-rw-r--r--lass/1systems/mors/config.nix5
-rw-r--r--lass/1systems/prism/config.nix10
-rw-r--r--lass/2configs/IM.nix57
-rw-r--r--lass/2configs/ableton.nix20
-rw-r--r--lass/2configs/baseX.nix2
-rw-r--r--lass/2configs/bitlbee.nix12
-rw-r--r--lass/2configs/default.nix4
-rw-r--r--lass/2configs/exim-smarthost.nix5
-rw-r--r--lass/2configs/reaktor-coders.nix4
-rw-r--r--lass/2configs/security-workarounds.nix2
-rw-r--r--lass/2configs/vim.nix1
-rw-r--r--lass/2configs/weechat.nix47
-rw-r--r--lass/3modules/news.nix2
-rw-r--r--lass/5pkgs/xmonad-lass.nix10
-rw-r--r--lass/source.nix2
-rw-r--r--makefu/1systems/fileleech/config.nix75
-rw-r--r--makefu/1systems/gum/config.nix27
-rw-r--r--makefu/1systems/omo/config.nix1
-rw-r--r--makefu/1systems/vbob/config.nix64
-rw-r--r--makefu/1systems/vbob/source.nix2
-rw-r--r--makefu/1systems/wbob/config.nix3
-rw-r--r--makefu/1systems/x/config.nix1
-rw-r--r--makefu/1systems/x/source.nix2
-rw-r--r--makefu/2configs/default.nix3
-rw-r--r--makefu/2configs/hw/exfat-nofuse.nix4
-rw-r--r--makefu/2configs/hw/tp-x230.nix30
-rw-r--r--makefu/2configs/hw/tp-x2x0.nix7
-rw-r--r--makefu/2configs/mosh.nix3
-rw-r--r--makefu/2configs/remote-build/master.nix6
-rw-r--r--makefu/2configs/stats/telegraf/airsensor.nix36
-rw-r--r--makefu/2configs/stats/telegraf/bamstats.nix35
-rw-r--r--makefu/2configs/tools/all.nix2
-rw-r--r--makefu/2configs/tools/consoles.nix8
-rw-r--r--makefu/2configs/tools/dev.nix8
-rw-r--r--makefu/2configs/tools/mobility.nix9
-rw-r--r--makefu/2configs/torrent.nix13
-rw-r--r--makefu/2configs/vpn/vpnws/client.nix9
-rw-r--r--makefu/2configs/vpn/vpnws/server.nix42
-rw-r--r--makefu/5pkgs/hdl-dump/default.nix33
-rw-r--r--makefu/5pkgs/opl-utils/default.nix27
-rw-r--r--makefu/5pkgs/vpn-ws/default.nix30
-rw-r--r--makefu/source.nix20
-rw-r--r--nin/1systems/axon/config.nix117
-rw-r--r--nin/1systems/axon/source.nix4
-rw-r--r--nin/2configs/default.nix2
-rw-r--r--nin/2configs/git.nix2
-rw-r--r--tv/1systems/querel/config.nix3
-rw-r--r--tv/1systems/wu/config.nix6
-rw-r--r--tv/2configs/default.nix2
-rw-r--r--tv/2configs/exim-retiolum.nix3
-rw-r--r--tv/2configs/exim-smarthost.nix3
-rw-r--r--tv/2configs/hw/w110er.nix17
-rw-r--r--tv/2configs/vim.nix2
-rw-r--r--tv/source.nix12
73 files changed, 864 insertions, 287 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 73b5377bd..98fb88702 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -20,10 +20,5 @@
boot.isContainer = true;
networking.useDHCP = false;
- krebs.repo-sync.repos.stockholm.timerConfig = {
- OnBootSec = "5min";
- OnUnitInactiveSec = "2min";
- RandomizedDelaySec = "2min";
- };
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
}
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 0b21c0b6c..9d6955e7e 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -10,7 +10,6 @@ in
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/krebs/2configs/collectd-base.nix>
<stockholm/krebs/2configs/stats/wolf-client.nix>
- <stockholm/krebs/2configs/save-diskspace.nix>
<stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index 8a647012f..5ea78f227 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -1,13 +1,10 @@
with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
- imports = [
- <stockholm/krebs/2configs/repo-sync.nix>
- ];
-
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
+ krebs.ci.tests = [ "deploy" ];
}
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 44743b87d..90a1a111f 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -23,7 +23,7 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
- security.rngd.enable = true;
+ security.rngd.enable = mkDefault true;
services.xserver = {
videoDriver = "intel";
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 0af553c5d..fba585448 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -161,7 +161,7 @@ let
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
#remove garbage from old versions
- rm -r ${workdir}
+ rm -rf ${workdir}
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index b56f5c543..bb19f0602 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -24,6 +24,13 @@ in
List of hosts that should be build
'';
};
+ tests = mkOption {
+ type = types.listOf types.str;
+ default = [];
+ description = ''
+ List of tests that should be build
+ '';
+ };
};
config = mkIf cfg.enable {
@@ -56,14 +63,14 @@ in
'';
scheduler = {
build-scheduler = ''
- # build all hosts
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=${toString cfg.treeStableTimer}*60,
name="build-all-branches",
builderNames=[
- "build-hosts"
+ ${optionalString (cfg.hosts != []) ''"hosts",''}
+ ${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
@@ -73,7 +80,8 @@ in
schedulers.ForceScheduler(
name="force",
builderNames=[
- "build-hosts"
+ ${optionalString (cfg.hosts != []) ''"hosts",''}
+ ${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
@@ -91,7 +99,7 @@ in
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
- build-hosts = ''
+ hosts = mkIf (cfg.hosts != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
@@ -120,12 +128,42 @@ in
bu.append(
util.BuilderConfig(
- name="build-hosts",
+ name="hosts",
slavenames=slavenames,
factory=f
)
)
+ '';
+ tests = mkIf (cfg.tests != []) ''
+ f = util.BuildFactory()
+ f.addStep(grab_repo)
+ def run_test(test):
+ addShell(f,
+ name="{}".format(test),
+ env={
+ "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ },
+ command=[
+ "nix-build", "-I", "stockholm=.", "krebs/6tests",
+ "-A", "{}".format(test)
+ ],
+ timeout=90001
+ )
+
+ ${concatMapStringsSep "\n" (test:
+ "run_test(\"${test}\")"
+ ) cfg.tests}
+
+ bu.append(
+ util.BuilderConfig(
+ name="tests",
+ slavenames=slavenames,
+ factory=f
+ )
+ )
'';
};
enable = true;
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index d64ed86de..6298a05a5 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -61,6 +61,15 @@ let
};
};
})));
+ default = {
+ filter.INPUT.policy = "ACCEPT";
+ filter.FORWARD.policy = "ACCEPT";
+ filter.OUTPUT.policy = "ACCEPT";
+ nat.PREROUTING.policy = "ACCEPT";
+ nat.INPUT.policy = "ACCEPT";
+ nat.OUTPUT.policy = "ACCEPT";
+ nat.POSTROUTING.policy = "ACCEPT";
+ };
};
};
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
index aab568352..1a0999b8d 100644
--- a/krebs/3modules/nin/default.nix
+++ b/krebs/3modules/nin/default.nix
@@ -32,6 +32,47 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx";
};
+ axon= {
+ cores = 2;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.134.66";
+ ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
+ aliases = [
+ "axon.retiolum"
+ "axon.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo
+ glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj
+ KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH
+ L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j
+ VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY
+ PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN
+ X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh
+ m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp
+ OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT
+ LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H
+ /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK
+ MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w
+ 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm
+ ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3
+ 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF
+ 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt
+ 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj
+ FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl
+ buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p
+ hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG
+ yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi
+ ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc";
+ };
onondaga = {
cores = 1;
nets = {
@@ -63,6 +104,10 @@ with import <stockholm/lib>;
};
users = {
nin = {
+ mail = "nin@axon.retiolum";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
+ };
+ nin_h = {
mail = "nin@hiawatha.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 98145274c..ce01be5f3 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -201,24 +201,6 @@ with import <stockholm/lib>;
};
};
};
- schnabeldrucker = {
- external = true;
- nets = {
- gg23 = {
- ip4.addr = "10.23.1.21";
- aliases = ["schnabeldrucker.gg23"];
- };
- };
- };
- schnabelscanner = {
- external = true;
- nets = {
- gg23 = {
- ip4.addr = "10.23.1.22";
- aliases = ["schnabelscanner.gg23"];
- };
- };
- };
wu = {
ci = true;
cores = 4;
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
index 3b4d04f80..d500b3cb3 100644
--- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
+++ b/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
@@ -2,5 +2,5 @@
set -eu
printf "Sie meinten wohl \""
echo -n $@ | sed 's/Shack/shack/g'
-echo "\""
+echo "\" check out https://wiki.shackspace.de/project/logo_and_ci#name_ci"
echo "${_from}--"
diff --git a/krebs/5pkgs/simple/bitlbee-discord/default.nix b/krebs/5pkgs/simple/bitlbee-discord/default.nix
new file mode 100644
index 000000000..c01b87d6b
--- /dev/null
+++ b/krebs/5pkgs/simple/bitlbee-discord/default.nix
@@ -0,0 +1,29 @@
+{ fetchurl, fetchFromGitHub, stdenv, bitlbee, autoreconfHook, pkgconfig, glib }:
+
+with stdenv.lib;
+stdenv.mkDerivation rec {
+ name = "bitlbee-discord-2017-12-27";
+
+ src = fetchFromGitHub {
+ rev = "6a03db169ad44fee55609ecd16e19f3c0f99a182";
+ owner = "sm00th";
+ repo = "bitlbee-discord";
+ sha256 = "1ci9a12c6zg8d6i9f95pq6dal79cp4klmmsyj8ag2gin90kl3x95";
+ };
+
+ nativeBuildInputs = [ autoreconfHook pkgconfig ];
+ buildInputs = [ bitlbee glib ];
+
+ preConfigure = ''
+ export BITLBEE_PLUGINDIR=$out/lib/bitlbee
+ ./autogen.sh
+ '';
+
+ meta = {
+ description = "Bitlbee plugin for Discord";
+
+ homepage = https://github.com/sm00th/bitlbee-discord;
+ license = licenses.gpl2Plus;
+ platforms = stdenv.lib.platforms.linux;
+ };
+}
diff --git a/krebs/5pkgs/simple/eximlog.nix b/krebs/5pkgs/simple/eximlog.nix
new file mode 100644
index 000000000..2d64e13e9
--- /dev/null
+++ b/krebs/5pkgs/simple/eximlog.nix
@@ -0,0 +1,28 @@
+{ jq, systemd, writeDashBin }:
+
+let
+ lib = import <stockholm/lib>;
+ user = "exim"; # TODO make this configurable
+in
+
+# TODO execute eximlog only if journalctl doesn't fail
+# bash's set -o pipefail isn't enough
+
+writeDashBin "eximlog" ''
+ ${systemd}/bin/journalctl \
+ -u ${lib.shell.escape user} \
+ -o short-unix \
+ "$@" \
+ |
+ ${jq}/bin/jq -Rr '
+ # Only select lines that start with a timestamp
+ select(test("^[0-9]")) |
+
+ split(" ") |
+ (.[0] | tonumber) as $time |
+ (.[3:] | join(" ")) as $message |
+
+ "\($time | strftime("%Y-%m-%d %H:%M:%S %z")) \($message)"
+
+ '
+''
diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
index cbcfab05f..1f86d6fe4 100644
--- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
@@ -12,8 +12,8 @@ stdenv.mkDerivation rec {
src = fetchurl {
# archive.org mirror:
- # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
- url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
+ url = https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz;