diff options
Diffstat (limited to 'krebs/4lib')
| -rw-r--r-- | krebs/4lib/infest/3install-nix-tools | 9 | ||||
| -rw-r--r-- | krebs/4lib/infest/finalize.sh (renamed from krebs/4lib/infest/4finalize) | 2 | ||||
| -rw-r--r-- | krebs/4lib/infest/install-nix.sh (renamed from krebs/4lib/infest/2install-nix) | 8 | ||||
| -rw-r--r-- | krebs/4lib/infest/prepare.sh (renamed from krebs/4lib/infest/1prepare) | 0 | ||||
| -rw-r--r-- | krebs/4lib/shell.nix | 2 | ||||
| -rw-r--r-- | krebs/4lib/types.nix | 61 |
6 files changed, 65 insertions, 17 deletions
diff --git a/krebs/4lib/infest/3install-nix-tools b/krebs/4lib/infest/3install-nix-tools deleted file mode 100644 index 59fa6f14a..000000000 --- a/krebs/4lib/infest/3install-nix-tools +++ /dev/null @@ -1,9 +0,0 @@ -#! /bin/sh -set -efu - -install-nix-tools() {( - - -)} - -install-nix-tools "$@" diff --git a/krebs/4lib/infest/4finalize b/krebs/4lib/infest/finalize.sh index d095fa31b..ced5a4d4d 100644 --- a/krebs/4lib/infest/4finalize +++ b/krebs/4lib/infest/finalize.sh @@ -7,7 +7,7 @@ set -eux umount /mnt || [ $? -eq 32 ] umount /boot || [ $? -eq 32 ] - PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i) + PATH=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i) export PATH mkdir /oldshit diff --git a/krebs/4lib/infest/2install-nix b/krebs/4lib/infest/install-nix.sh index 3021c1143..88c8c3e1e 100644 --- a/krebs/4lib/infest/2install-nix +++ b/krebs/4lib/infest/install-nix.sh @@ -2,9 +2,9 @@ set -efu nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2 -nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4" +nix_sha256=504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4 -install-nix() {( +install_nix() {( # install nix on host (cf. https://nixos.org/nix/install) if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then @@ -23,7 +23,7 @@ install-nix() {( $nix_src_dir/install fi - #TODO: make this general or move to 1prepare + #TODO: make this general or move to prepare if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then mkdir -p /mnt/nix mount --bind /nix /mnt/nix @@ -54,4 +54,4 @@ install-nix() {( fi )} -install-nix "$@" +install_nix "$@" diff --git a/krebs/4lib/infest/1prepare b/krebs/4lib/infest/prepare.sh index 07c00c3a5..07c00c3a5 100644 --- a/krebs/4lib/infest/1prepare +++ b/krebs/4lib/infest/prepare.sh diff --git a/krebs/4lib/shell.nix b/krebs/4lib/shell.nix index 2a6da5c16..5910adacc 100644 --- a/krebs/4lib/shell.nix +++ b/krebs/4lib/shell.nix @@ -6,7 +6,7 @@ with lib; rec { escape = let - isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null; + isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null; in stringAsChars (c: if isSafeChar c then c diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index f6b4bd8b1..039f803ef 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -1,11 +1,12 @@ { lib, ... }: +with builtins; with lib; with types; types // rec { - host = submodule { + host = submodule ({ config, ... }: { options = { name = mkOption { type = label; @@ -27,6 +28,19 @@ types // rec { type = with types; attrsOf string; }; + infest = { + addr = mkOption { + type = str; + apply = trace "Obsolete option `krebs.hosts.${config.name}.infest.addr' is used. It was replaced by the `target' argument to `make` or `get`. See Makefile for more information."; + }; + port = mkOption { + type = int; + default = 22; + # TODO replacement: allow target with port, SSH-style: [lol]:666 + apply = trace "Obsolete option `krebs.hosts.${config.name}.infest.port' is used. It's gone without replacement."; + }; + }; + secure = mkOption { type = bool; default = false; @@ -36,8 +50,39 @@ types // rec { TODO define minimum requirements for secure hosts ''; }; + + ssh.pubkey = mkOption { + type = nullOr str; + default = null; + apply = x: + if x != null + then x + else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null; + }; + ssh.privkey = mkOption { + type = nullOr (submodule { + options = { + bits = mkOption { + type = nullOr (enum ["4096"]); + default = null; + }; + path = mkOption { + type = either path str; + apply = x: { + path = toString x; + string = x; + }.${typeOf x}; + }; + type = mkOption { + type = enum ["rsa" "ed25519"]; + default = "ed25519"; + }; + }; + }); + default = null; + }; }; - }; + }); net = submodule ({ config, ... }: { options = { @@ -61,6 +106,18 @@ types // rec { aliases = mkOption { # TODO nonEmptyListOf hostname type = listOf hostname; + default = []; + }; + ssh = mkOption { + type = submodule { + options = { + port = mkOption { + type = nullOr int; + default = null; + }; + }; + }; + default = {}; }; tinc = mkOption { type = let net-config = config; in nullOr (submodule ({ config, ... }: { |