summaryrefslogtreecommitdiffstats
path: root/krebs/4lib
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/4lib')
-rw-r--r--krebs/4lib/default.nix8
-rw-r--r--krebs/4lib/infest/install-nix.sh50
-rw-r--r--krebs/4lib/infest/prepare.sh76
-rw-r--r--krebs/4lib/types.nix46
4 files changed, 118 insertions, 62 deletions
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index 4d7e0b549..d5b6d03ac 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -26,11 +26,15 @@ let out = rec {
shell = import ./shell.nix { inherit lib; };
tree = import ./tree.nix { inherit lib; };
- toC = x: {
+ toC = x: let
+ type = typeOf x;
+ reject = throw "cannot convert ${type}";
+ in {
list = "{ ${concatStringsSep ", " (map toC x)} }";
null = "NULL";
+ set = if isDerivation x then toJSON x else reject;
string = toJSON x; # close enough
- }.${typeOf x};
+ }.${type} or reject;
subdirsOf = path:
mapAttrs (name: _: path + "/${name}")
diff --git a/krebs/4lib/infest/install-nix.sh b/krebs/4lib/infest/install-nix.sh
deleted file mode 100644
index af1a8bd16..000000000
--- a/krebs/4lib/infest/install-nix.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#! /bin/sh
-set -efu
-
-nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2
-nix_sha256=504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4
-
-install_nix() {(
-
- # install nix on host (cf. https://nixos.org/nix/install)
- if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
- (
- verify() {
- printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c
- }
- if ! verify; then
- curl -C - -O "$nix_url"
- verify
- fi
- )
- nix_src_dir=$(basename $nix_url .tar.bz2)
- tar jxf $nix_src_dir.tar.bz2
- $nix_src_dir/install
- fi
-
- . /root/.nix-profile/etc/profile.d/nix.sh
-
- for i in \
- bash \
- coreutils \
- # This line intentionally left blank.
- do
- if ! nix-env -q $i | grep -q .; then
- nix-env -iA nixpkgs.pkgs.$i
- fi
- done
-
- # install nixos-install
- if ! type nixos-install 2>/dev/null; then
- nixpkgs_expr='import <nixpkgs> { system = builtins.currentSystem; }'
- nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d)
- nix-env \
- --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \
- --arg pkgs "$nixpkgs_expr" \
- --arg modulesPath 'throw "no modulesPath"' \
- -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \
- -iA config.system.build.nixos-install
- fi
-)}
-
-install_nix "$@"
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 0bfc49380..b3824c7d4 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -1,6 +1,9 @@
#! /bin/sh
set -efu
+nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2
+nix_sha256=504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4
+
prepare() {(
if test -e /etc/os-release; then
. /etc/os-release
@@ -33,6 +36,13 @@ prepare() {(
;;
esac
;;
+ nixos)
+ case $(cat /proc/cmdline) in
+ *' root=LABEL=NIXOS_ISO '*)
+ prepare_nixos_iso "$@"
+ exit
+ esac
+ ;;
esac
elif test -e /etc/centos-release; then
case $(cat /etc/centos-release) in
@@ -70,7 +80,25 @@ prepare_debian() {
prepare_common
}
-prepare_common() {
+prepare_nixos_iso() {
+ mountpoint /mnt
+
+ type git 2>/dev/null || nix-env -iA nixos.git
+
+ mkdir -p /mnt/"$target_path"
+ mkdir -p "$target_path"
+
+ if ! mountpoint "$target_path"; then
+ mount --rbind /mnt/"$target_path" "$target_path"
+ fi
+
+ mkdir -p bin
+ rm -f bin/nixos-install
+ cp "$(type -p nixos-install)" bin/nixos-install
+ sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
+}
+
+prepare_common() {(
if ! getent group nixbld >/dev/null; then
groupadd -g 30000 -r nixbld
@@ -133,6 +161,50 @@ prepare_common() {
mkdir -p /mnt/nix
mount --bind /nix /mnt/nix
fi
-}
+
+ #
+ # install nix
+ #
+
+ # install nix on host (cf. https://nixos.org/nix/install)
+ if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
+ (
+ verify() {
+ printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c
+ }
+ if ! verify; then
+ curl -C - -O "$nix_url"
+ verify
+ fi
+ )
+ nix_src_dir=$(basename $nix_url .tar.bz2)
+ tar jxf $nix_src_dir.tar.bz2
+ $nix_src_dir/install
+ fi
+
+ . /root/.nix-profile/etc/profile.d/nix.sh
+
+ for i in \
+ bash \
+ coreutils \
+ # This line intentionally left blank.
+ do
+ if ! nix-env -q $i | grep -q .; then
+ nix-env -iA nixpkgs.pkgs.$i
+ fi
+ done
+
+ # install nixos-install
+ if ! type nixos-install 2>/dev/null; then
+ nixpkgs_expr='import <nixpkgs> { system = builtins.currentSystem; }'
+ nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d)
+ nix-env \
+ --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \
+ --arg pkgs "$nixpkgs_expr" \
+ --arg modulesPath 'throw "no modulesPath"' \
+ -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \
+ -iA config.system.build.nixos-install
+ fi
+)}
prepare "$@"
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 6c396a132..d0a537467 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -10,15 +10,14 @@ types // rec {
options = {
name = mkOption {
type = label;
- };
- dc = mkOption {
- type = label;
+ default = config._module.args.name;
};
cores = mkOption {
type = positive;
};
nets = mkOption {
type = attrsOf net;
+ default = {};
};
extraZones = mkOption {
@@ -155,26 +154,25 @@ types // rec {
merge = mergeOneOption;
};
- user = submodule {
+ user = submodule ({ config, ... }: {
options = {
mail = mkOption {
type = str; # TODO retiolum mail address
};
name = mkOption {
- type = str; # TODO
+ type = username;
+ default = config._module.args.name;
};
pubkey = mkOption {
type = str;
};
};
- };
+ });
# TODO
addr = str;
addr4 = str;
addr6 = str;
- hostname = str;
- label = str;
krebs.file-location = types.submodule {
options = {
@@ -192,4 +190,36 @@ types // rec {
};
};
};
+
+ # RFC952, B. Lexical grammar, <hname>
+ hostname = mkOptionType {
+ name = "hostname";
+ check = x: all label.check (splitString "." x);
+ merge = mergeOneOption;
+ };
+
+ # RFC952, B. Lexical grammar, <name>
+ # RFC1123, 2.1 Host Names and Numbers
+ label = mkOptionType {
+ name = "label";
+ # TODO case-insensitive labels
+ check = x: match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null;
+ merge = mergeOneOption;
+ };
+
+ # POSIX.1‐2013, 3.278 Portable Filename Character Set
+ filename = mkOptionType {
+ name = "POSIX filename";
+ check = let
+ filename-chars = stringToCharacters
+ "-.0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ in s: all (flip elem filename-chars) (stringToCharacters s);
+ merge = mergeOneOption;
+ };
+
+ # POSIX.1-2013, 3.431 User Name
+ username = mkOptionType {
+ name = "POSIX username";
+ check = s: filename.check s && substring 0 1 s != "-";
+ };
}