diff options
Diffstat (limited to 'krebs/4lib')
-rw-r--r-- | krebs/4lib/infest/1prepare | 74 | ||||
-rw-r--r-- | krebs/4lib/infest/2install-nix | 57 | ||||
-rw-r--r-- | krebs/4lib/infest/3install-nix-tools | 9 | ||||
-rw-r--r-- | krebs/4lib/infest/4finalize | 65 | ||||
-rw-r--r-- | krebs/4lib/types.nix | 10 |
5 files changed, 10 insertions, 205 deletions
diff --git a/krebs/4lib/infest/1prepare b/krebs/4lib/infest/1prepare deleted file mode 100644 index 07c00c3a5..000000000 --- a/krebs/4lib/infest/1prepare +++ /dev/null @@ -1,74 +0,0 @@ -#! /bin/sh -set -efu - -prepare() {( - if test -e /etc/os-release; then - . /etc/os-release - case $ID in - centos) - case $VERSION_ID in - 7) - prepare_centos7 "$@" - exit - ;; - esac - ;; - esac - fi - echo "$0 prepare: unknown OS" >&2 - exit -1 -)} - -prepare_centos7() { - type bzip2 2>/dev/null || yum install -y bzip2 - type git 2>/dev/null || yum install -y git - type rsync 2>/dev/null || yum install -y rsync - if ! getent group nixbld >/dev/null; then - groupadd -g 30000 -r nixbld - fi - for i in `seq 1 10`; do - if ! getent passwd nixbld$i 2>/dev/null; then - useradd \ - -c "CentOS Nix build user $i" \ - -d /var/empty \ - -g 30000 \ - -G 30000 \ - -l \ - -M \ - -s /sbin/nologin \ - -u $(expr 30000 + $i) \ - nixbld$i - rm -f /var/spool/mail/nixbld$i - fi - done - - # - # mount install directory - # - - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then - mkdir -p /newshit - mount --bind /newshit /mnt - fi - - if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then - mkdir -p /mnt/boot - mount /dev/sda1 /mnt/boot - fi - - mount | grep 'on /mnt\>' >&2 - - # - # prepare install directory - # - - mkdir -p /mnt/etc/nixos - mkdir -m 0555 -p /mnt/var/empty - - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then - mkdir -p /mnt/root - mount --bind /root /mnt/root - fi -} - -prepare "$@" diff --git a/krebs/4lib/infest/2install-nix b/krebs/4lib/infest/2install-nix deleted file mode 100644 index 3021c1143..000000000 --- a/krebs/4lib/infest/2install-nix +++ /dev/null @@ -1,57 +0,0 @@ -#! /bin/sh -set -efu - -nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2 -nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4" - -install-nix() {( - - # install nix on host (cf. https://nixos.org/nix/install) - if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then - ( - verify() { - printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c - } - if ! verify; then - curl -C - -O "$nix_url" - verify - fi - ) - nix_src_dir=$(basename $nix_url .tar.bz2) - tar jxf $nix_src_dir.tar.bz2 - mkdir -v -m 0755 -p /nix - $nix_src_dir/install - fi - - #TODO: make this general or move to 1prepare - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then - mkdir -p /mnt/nix - mount --bind /nix /mnt/nix - fi - - . /root/.nix-profile/etc/profile.d/nix.sh - - for i in \ - bash \ - coreutils \ - # This line intentionally left blank. - do - if ! nix-env -q $i | grep -q .; then - nix-env -iA nixpkgs.pkgs.$i - fi - done - - # install nixos-install - if ! type nixos-install 2>/dev/null; then - nixpkgs_expr='import <nixpkgs> { system = builtins.currentSystem; }' - nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d) - nix-env \ - --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ - --arg pkgs "$nixpkgs_expr" \ - --arg modulesPath 'throw "no modulesPath"' \ - -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ - -iA config.system.build.nixos-install - fi -)} - -install-nix "$@" diff --git a/krebs/4lib/infest/3install-nix-tools b/krebs/4lib/infest/3install-nix-tools deleted file mode 100644 index 59fa6f14a..000000000 --- a/krebs/4lib/infest/3install-nix-tools +++ /dev/null @@ -1,9 +0,0 @@ -#! /bin/sh -set -efu - -install-nix-tools() {( - - -)} - -install-nix-tools "$@" diff --git a/krebs/4lib/infest/4finalize b/krebs/4lib/infest/4finalize deleted file mode 100644 index d095fa31b..000000000 --- a/krebs/4lib/infest/4finalize +++ /dev/null @@ -1,65 +0,0 @@ -#! /bin/sh -set -eux -{ - umount /mnt/nix || [ $? -eq 32 ] - umount /mnt/boot || [ $? -eq 32 ] - umount /mnt/root || [ $? -eq 32 ] - umount /mnt || [ $? -eq 32 ] - umount /boot || [ $? -eq 32 ] - - PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i) - export PATH - - mkdir /oldshit - - mv /bin /oldshit/ - mv /newshit/bin / - - # TODO ensure /boot is empty - rmdir /newshit/boot - - # skip /dev - rmdir /newshit/dev - - mv /etc /oldshit/ - mv /newshit/etc / - - # skip /nix (it's already there) - rmdir /newshit/nix - - # skip /proc - rmdir /newshit/proc - - # skip /run - rmdir /newshit/run - - # skip /sys - rmdir /newshit/sys - - # skip /root - rmdir /newshit/root - - # skip /tmp - # TODO rmdir /newshit/tmp - - mv /home /oldshit/ - mv /newshit/home / - - mv /usr /oldshit/ - mv /newshit/usr / - - mv /var /oldshit/ - mv /newshit/var / - - mv /lib /oldshit/ - mv /lib64 /oldshit/ - mv /sbin /oldshit/ - mv /srv /oldshit/ - mv /opt /oldshit/ - - - mv /newshit /root/ # TODO this one shoult be empty - mv /oldshit /root/ - - sync -} diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index f6b4bd8b1..dbffdf850 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -27,6 +27,16 @@ types // rec { type = with types; attrsOf string; }; + infest = { + addr = mkOption { + type = str; + }; + port = mkOption { + type = int; + default = 22; + }; + }; + secure = mkOption { type = bool; default = false; |