78 files changed, 195 insertions, 102 deletions

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index daa963bc8..227eb209b 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -34,10 +34,10 @@ let
       ./Reaktor.nix
       ./realwallpaper.nix
       ./retiolum-bootstrap.nix
-      ./retiolum.nix
       ./rtorrent.nix
       ./secret.nix
       ./setuid.nix
+      ./tinc.nix
       ./tinc_graphs.nix
       ./urlwatch.nix
       ./repo-sync.nix
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index b86e05319..0e1cbd876 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -3,7 +3,10 @@
 with import <stockholm/lib>;
 
 {
-  hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) {
+  hosts = mapAttrs (_: recursiveUpdate {
+    owner = config.krebs.users.lass;
+    managed = true;
+  }) {
     dishfire = {
       cores = 4;
       nets = rec {
@@ -124,6 +127,7 @@ with import <stockholm/lib>;
           ssh.port = 2223;
         };
       };
+      managed = false;
     };
     cloudkrebs = {
       cores = 1;
@@ -300,6 +304,7 @@ with import <stockholm/lib>;
     };
     iso = {
       cores = 1;
+      managed = false;
     };
     sokrateslaptop = {
       nets = {
@@ -321,6 +326,7 @@ with import <stockholm/lib>;
           '';
         };
       };
+      managed = false;
     };
   };
   users = {
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/tinc.nix
index 0a3d7ed2f..8af15c13b 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/tinc.nix
@@ -17,6 +17,27 @@ let
       in {
 
         enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; };
+        enableLegacy = mkEnableOption "/etc/tinc/${netname}";
+
+        confDir = mkOption {
+          type = types.package;
+          default = pkgs.linkFarm "${netname}-etc-tinc"
+            (mapAttrsToList (name: path: { inherit name path; }) {
+              "hosts" = tinc.config.hostsPackage;
+              "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" ''
+                Name = ${tinc.config.host.name}
+                Interface = ${netname}
+                ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo}
+                PrivateKeyFile = ${tinc.config.privkey.path}
+                Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
+                ${tinc.config.extraConfig}
+              '';
+              "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
+                ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
+                ${tinc.config.tincUp}
+              '';
+            });
+        };
 
         host = mkOption {
           type = types.host;
@@ -175,29 +196,16 @@ let
       }
     ) config.krebs.tinc;
 
+    environment.etc = mapAttrs' (netname: cfg:
+      nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy {
+        source = cfg.confDir;
+      })
+    ) config.krebs.tinc;
+
     systemd.services = mapAttrs (netname: cfg:
       let
         tinc = cfg.tincPackage;
         iproute = cfg.iproutePackage;
-
-        confDir = let
-          namePathPair = name: path: { inherit name path; };
-        in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair {
-            "hosts" = cfg.hostsPackage;
-            "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" ''
-              Name = ${cfg.host.name}
-              Interface = ${netname}
-              ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)}
-              PrivateKeyFile = ${cfg.privkey.path}
-              Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port}
-              ${cfg.extraConfig}
-            '';
-            "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
-              ${iproute}/sbin/ip link set ${netname} up
-              ${cfg.tincUp}
-            '';
-          }
-        );
       in {
         description = "Tinc daemon for ${netname}";
         after = [ "network.target" ];
@@ -206,7 +214,7 @@ let
         path = [ tinc iproute ];
         serviceConfig = rec {
           Restart = "always";
-          ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
+          ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid";
           SyslogIdentifier = netname;
         };
       }
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 8bb244cd3..39e89a4b6 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -1,64 +1,33 @@
-{ config, lib, pkgs, ... }@args:
 with import <stockholm/lib>;
-{
-  imports = [
-    ./writers.nix
-  ];
-  nixpkgs.config.packageOverrides = oldpkgs: let
-
-    # This callPackage will try to detect obsolete overrides.
-    callPackage = path: args: let
-      override = pkgs.callPackage path args;
-      upstream = optionalAttrs (override ? "name")
-        (oldpkgs.${(parseDrvName override.name).name} or {});
-    in if upstream ? "name" &&
-          override ? "name" &&
-          compareVersions upstream.name override.name != -1
-      then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
-      else override;
-
-  in {}
-  // mapAttrs (_: flip callPackage {})
-              (filterAttrs (_: dir: pathExists (dir + "/default.nix"))
-                           (subdirsOf ./.))
-  // {
-    empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out";
 
-    haskellPackages = oldpkgs.haskellPackages.override {
-      overrides = self: super:
-        mapAttrs (name: path: self.callPackage path {})
-          (mapAttrs'
-            (name: type:
-              if hasSuffix ".nix" name
-                then {
-                  name = removeSuffix ".nix" name;
-                  value = ./haskell-overrides + "/${name}";
-                }
-                else null)
-            (builtins.readDir ./haskell-overrides));
-    };
+self: super:
 
-    ReaktorPlugins = callPackage ./Reaktor/plugins.nix {};
+# Import files and subdirectories like they are overlays.
+foldl' mergeAttrs {}
+  (map
+    (name: import (./. + "/${name}") self super)
+    (filter
+      (name: name != "default.nix" && !hasPrefix "." name)
+      (attrNames (readDir ./.))))
 
-    buildbot = callPackage ./buildbot {};
-    buildbot-full = callPackage ./buildbot {
-      plugins = with pkgs.buildbot-plugins; [ www console-view waterfall-view ];
-    };
-    buildbot-worker = callPackage ./buildbot/worker.nix {};
+//
 
-    # https://github.com/proot-me/PRoot/issues/106
-    proot = pkgs.writeDashBin "proot" ''
-      export PROOT_NO_SECCOMP=1
-      exec ${oldpkgs.proot}/bin/proot "$@"
-    '';
-
-    # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
-    symlinkJoin = { name, paths, ... }@args: let
-      x = oldpkgs.symlinkJoin args;
-    in if typeOf x != "lambda" then x else oldpkgs.symlinkJoin name paths;
+{
+  ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {};
 
-    test = {
-      infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
-    };
+  buildbot-full = self.callPackage ./simple/buildbot {
+    plugins = with self.buildbot-plugins; [ www console-view waterfall-view ];
   };
+  buildbot-worker = self.callPackage ./simple/buildbot/worker.nix {};
+
+  # https://github.com/proot-me/PRoot/issues/106
+  proot = self.writeDashBin "proot" ''
+    export PROOT_NO_SECCOMP=1
+    exec ${super.proot}/bin/proot "$@"
+  '';
+
+  # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
+  symlinkJoin = { name, paths, ... }@args: let
+    x = super.symlinkJoin args;
+  in if typeOf x != "lambda" then x else super.symlinkJoin name paths;
 }