summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/ircd.nix3
-rw-r--r--krebs/3modules/ci.nix2
-rw-r--r--krebs/3modules/default.nix13
-rw-r--r--krebs/3modules/fetchWallpaper.nix2
-rw-r--r--krebs/3modules/lass/default.nix48
-rw-r--r--krebs/3modules/zones.nix22
-rw-r--r--krebs/5pkgs/haskell/nix-diff.nix22
-rw-r--r--krebs/5pkgs/haskell/xmonad-stockholm.nix8
-rw-r--r--krebs/5pkgs/simple/stockholm/default.nix291
10 files changed, 392 insertions, 20 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 4fdb53ae7..73b5377bd 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -13,7 +13,6 @@
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
- <stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
];
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 38f58952e..b534f9ad4 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -7,6 +7,9 @@
services.charybdis = {
enable = true;
+ motd = ''
+ hello
+ '';
config = ''
serverinfo {
name = "${config.krebs.build.host.name}.irc.retiolum";
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index adbc1ebe1..b56f5c543 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -104,7 +104,7 @@ in
"dummy_secrets": "true",
},
command=[
- "nix-shell", "--run", " ".join(["test",
+ "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
"--user={}".format(user),
"--system={}".format(host),
"--force-populate",
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index c89f3229d..7cf02cd8b 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -44,6 +44,7 @@ let
./tinc_graphs.nix
./urlwatch.nix
./repo-sync.nix
+ ./zones.nix
];
options.krebs = api;
config = lib.mkIf cfg.enable imp;
@@ -60,6 +61,7 @@ let
hosts = mkOption {
type = with types; attrsOf host;
+ default = {};
};
users = mkOption {
@@ -171,17 +173,6 @@ let
'';
};
- # Implements environment.etc."zones/<zone-name>"
- environment.etc = let
- stripEmptyLines = s: (concatStringsSep "\n"
- (remove "\n" (remove "" (splitString "\n" s)))) + "\n";
- all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
- ([cfg.zone-head-config] ++ combined-hosts);
- combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
- in lib.mapAttrs' (name: value: nameValuePair
- ("zones/" + name)
- { text=(stripEmptyLines value); }) all-zones;
-
krebs.exim-smarthost.internet-aliases = let
format = from: to: {
inherit from;
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index 8d4933cb5..f67188122 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -27,7 +27,7 @@ let
};
display = mkOption {
type = types.str;
- default = ":0";
+ default = ":${toString config.services.xserver.display}";
};
unitConfig = mkOption {
type = types.attrsOf types.str;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 867f1bd34..ff6ba474f 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -449,8 +449,6 @@ with import <stockholm/lib>;
retiolum = rec {
via = internet;
addrs = [
- # edinburgh university
- "129.215.0.0/16"
ip4.addr
ip6.addr
];
@@ -472,6 +470,10 @@ with import <stockholm/lib>;
lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
+ tinc.subnets = [
+ # edinburgh university
+ "129.215.0.0/16"
+ ];
};
};
};
@@ -533,6 +535,45 @@ with import <stockholm/lib>;
};
};
};
+ reagenzglas = {
+ ci = false;
+ external = true;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.27.27";
+ ip6.addr = "42::27";
+ aliases = [
+ "reagenzglas.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P
+ bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0
+ utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO
+ 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5
+ hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u
+ mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW
+ 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06
+ aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw
+ pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu
+ 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/
+ lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5
+ +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz
+ 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli
+ PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0
+ ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn
+ GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE
+ hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2
+ ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX
+ vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe
+ G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44
+ 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x
+ Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
};
users = {
lass = {
@@ -581,5 +622,8 @@ with import <stockholm/lib>;
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE";
mail = "joerg@higgsboson.tk";
};
+ jeschli = {
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01";
+ };
};
}
diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix
new file mode 100644
index 000000000..eb1351866
--- /dev/null
+++ b/krebs/3modules/zones.nix
@@ -0,0 +1,22 @@
+with import <stockholm/lib>;
+{ config, ... }: {
+
+ config = {
+ # Implements environment.etc."zones/<zone-name>"
+ environment.etc = let
+ stripEmptyLines = s: (concatStringsSep "\n"
+ (remove "\n" (remove "" (splitString "\n" s)))) + "\n";
+ all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
+ ([config.krebs.zone-head-config] ++ combined-hosts);
+ combined-hosts =
+ mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts;
+ in
+ mapAttrs'
+ (name: value: {
+ name = "zones/${name}";
+ value.text = stripEmptyLines value;
+ })
+ all-zones;
+ };
+
+}
diff --git a/krebs/5pkgs/haskell/nix-diff.nix b/krebs/5pkgs/haskell/nix-diff.nix
new file mode 100644
index 000000000..2070dbd2e
--- /dev/null
+++ b/krebs/5pkgs/haskell/nix-diff.nix
@@ -0,0 +1,22 @@
+{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl
+, nix-derivation, optparse-generic, stdenv, system-filepath, text
+, unix, vector
+}:
+mkDerivation {
+ pname = "nix-diff";
+ version = "1.0.0";
+ src = fetchgit {
+ url = "https://github.com/Gabriel439/nix-diff";
+ sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
+ rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
+ };
+ isLibrary = false;
+ isExecutable = true;
+ executableHaskellDepends = [
+ attoparsec base containers Diff mtl nix-derivation optparse-generic
+ system-filepath text unix vector
+ ];
+ homepage = "https://github.com/Gabriel439/nix-diff";
+ description = "Explain why two Nix derivations differ";
+ license = stdenv.lib.licenses.bsd3;
+}
diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix
index bf19e7d66..954cfd76a 100644
--- a/krebs/5pkgs/haskell/xmonad-stockholm.nix
+++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix
@@ -1,13 +1,13 @@
{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape
, xmonad, xmonad-contrib
}:
-mkDerivation {
+mkDerivation rec {
pname = "xmonad-stockholm";
- version = "1.1.0";
+ version = "1.1.1";
src = fetchgit {
url = http://cgit.ni.krebsco.de/xmonad-stockholm;
- rev = "179d29fd4c765dee698058ef63295331ac603639";
- sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj";
+ rev = "refs/tags/v${version}";
+ sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585";
};
libraryHaskellDepends = [
base containers X11 X11-xshape xmonad xmonad-contrib
diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix
new file mode 100644
index 000000000..5705f086d
--- /dev/null
+++ b/krebs/5pkgs/simple/stockholm/default.nix
@@ -0,0 +1,291 @@
+{ pkgs }: let
+
+ stockholm-dir = ../../../..;
+
+ lib = import (stockholm-dir + "/lib");
+
+ #
+ # high level commands
+ #
+
+ cmds.deploy = pkgs.withGetopt {
+ diff = { default = /* sh */ "false"; switch = true; };
+ force-populate = { default = /* sh */ "false"; switch = true; };
+ quiet = { default = /* sh */ "false"; switch = true; };
+ source_file = {
+ default = /* sh */ "$user/1systems/$system/source.nix";
+ long = "source";
+ };
+ system = {};
+ target.default = /* sh */ "$system";
+ user.default = /* sh */ "$LOGNAME";
+ } (opts: pkgs.writeDash "stockholm.deploy" ''
+ set -efu
+
+ . ${init.env}
+ . ${init.proxy "deploy" opts}
+
+ if \test ${opts.diff.ref} = true; then
+
+ system_profile=/nix/var/nix/profiles/system
+ system_drv_cur=/etc/system.drv
+
+ system_drv_new=$(
+ ${pkgs.nix}/bin/nix-instantiate \
+ -Q \
+ -I "$target_path" \
+ -E '
+ (import <nixpkgs/nixos/lib/eval-config.nix> {
+ modules = [ <nixos-config> ];
+ }).config.system.build.toplevel
+ '
+ )
+
+ if \test -e "$system_drv_cur"; then
+
+ system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur")
+ system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new")
+
+ if \test "$system_drv_cur_c" = "$system_drv_new_c"; then
+ echo "$0: system up to date" >&2
+ exit 0
+ fi
+
+ system_drv_cur=$system_drv_cur_c \
+ system_drv_new=$system_drv_new_c \
+ ${pkgs.utillinux}/bin/script \
+ --command '
+ ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \
+ "$system_drv_cur" "$system_drv_new"
+ ' \
+ --quiet \
+ --return \
+ /dev/null
+
+ printf 'deploy? [N/y] ' >&2
+ read -r REPLY
+ if \test "$REPLY" != y; then
+ echo "$0: abort!" >&2
+ exit 1
+ fi
+ else
+ echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2
+ fi
+
+ new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new")
+
+ ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system"
+ PATH=${lib.makeBinPath [
+ pkgs.systemd
+ ]} \
+ "$system_profile"/bin/switch-to-configuration switch
+
+ ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur"
+ exit
+ fi
+
+ # Use system's nixos-rebuild, which is not self-contained
+ export PATH=/run/current-system/sw/bin
+ exec ${utils.with-whatsupnix} \
+ nixos-rebuild switch \
+ --show-trace \
+ -I "$target_path"
+ '');
+
+ cmds.install = pkgs.withGetopt {
+ force-populate = { default = /* sh */ "false"; switch = true; };
+ quiet = { default = /* sh */ "false"; switch = true; };
+ source_file = {
+ default = /* sh */ "$user/1systems/$system/source.nix";
+ long = "source";
+ };
+ system = {};
+ target = {};
+ user.default = /* sh */ "$LOGNAME";
+ } (opts: pkgs.writeBash "stockholm.install" ''
+ set -efu
+
+ . ${init.env}
+
+ if \test "''${using_proxy-}" != true; then
+ ${pkgs.openssh}/bin/ssh \
+ -o StrictHostKeyChecking=no \
+ -o UserKnownHostsFile=/dev/null \
+ "$target_user@$target_host" -p "$target_port" \
+ env target_path=$(${pkgs.quote}/bin/quote "$target_path") \
+ sh -s prepare \
+ < ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"}
+ # TODO inline prepare.sh?
+ fi
+
+ . ${init.proxy "install" opts}
+
+ # these variables get defined by nix-shell (i.e. nix-build) from
+ # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0),
+ # which only exists on / and not at /mnt.
+ export NIX_BUILD_TOP=/tmp
+ export TEMPDIR=/tmp
+ export TEMP=/tmp
+ export TMPDIR=/tmp
+ export TMP=/tmp
+ export XDG_RUNTIME_DIR=/tmp
+
+ export NIXOS_CONFIG="$target_path/nixos-config"
+
+ cd
+ exec nixos-install
+ '');
+
+ cmds.test = pkgs.withGetopt {
+ force-populate = { default = /* sh */ "false"; switch = true; };
+ quiet = { default = /* sh */ "false"; switch = true; };
+ source_file = {
+ default = /* sh */ "$user/1systems/$system/source.nix";
+ long = "source";
+ };
+ system = {};
+ target = {};
+ user.default = /* sh */ "$LOGNAME";
+ } (opts: pkgs.writeDash "stockholm.test" /* sh */ ''
+ set -efu
+
+ export dummy_secrets=true
+
+ . ${init.env}
+ . ${init.proxy "test" opts}
+
+ exec ${utils.build} config.system.build.toplevel
+ '');
+
+ #
+ # low level commands
+ #
+
+ # usage: get-source SOURCE_FILE
+ cmds.get-source = pkgs.writeDash "stockholm.get-source" ''
+ set -efu
+ exec ${pkgs.nix}/bin/nix-instantiate \
+ --eval \
+ --json \
+ --readonly-mode \
+ --show-trace \
+ --strict \
+ "$1"
+ '';
+
+ # usage: parse-target [--default=TARGET] TARGET
+ # TARGET = [USER@]HOST[:PORT][/PATH]
+ cmds.parse-target = pkgs.withGetopt {
+ default_target = {
+ long = "default";
+ short = "d";
+ };
+ } (opts: pkgs.writeDash "stockholm.parse-target" ''
+ set -efu
+ target=$1; shift
+ for arg; do echo "$0: bad argument: $arg" >&2; done
+ if \test $# != 0; then exit 2; fi
+ exec ${pkgs.jq}/bin/jq \
+ -enr \
+ --arg default_target "$default_target" \
+ --arg target "$target" \
+ -f ${pkgs.writeText "stockholm.parse-target.jq" ''
+ def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | {
+ user: .captures[0].string,
+ host: .captures[1].string,
+ port: .captures[2].string,
+ path: .captures[3].string,
+ };
+ def sanitize: with_entries(select(.value != null));
+ ($default_target | parse) + ($target | parse | sanitize) |
+ . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
+ ''}
+ '');
+
+ init.env = pkgs.writeText "init.env" /* sh */ ''
+
+ export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
+ export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}"
+
+ export quiet
+ export system
+ export target
+ export user
+
+ default_target=root@$system:22/var/src
+
+ export target_object="$(
+ ${cmds.parse-target} "$target" -d "$default_target"
+ )"
+ export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)"
+ export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)"
+ export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)"
+ export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)"
+ export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)"
+ '';
+
+ init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ ''
+ if \test "''${using_proxy-}" != true; then
+
+ source=$(${cmds.get-source} "$source_file")
+ qualified_target=$target_user@$target_host:$target_port$target_path
+ if \test "$force_populate" = true; then
+ echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target"
+ else
+ echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target"
+ fi
+
+ if \test "$target_local" != true; then
+ exec ${pkgs.openssh}/bin/ssh \
+ "$target_user@$target_host" -p "$target_port" \
+ cd "$target_path/stockholm" \; \
+ NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
+ STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
+ nix-shell --run "$(${pkgs.quote}/bin/quote "
+ ${lib.concatStringsSep " " (lib.mapAttrsToList
+ (name: opt: /* sh */
+ "${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})")
+ opts
+ )} \
+ using_proxy=true \
+ ${lib.shell.escape command} \
+ $WITHGETOPT_ORIG_ARGS \
+ ")"
+ fi
+ fi
+ '';
+
+ utils.build = pkgs.writeDash "utils.build" ''
+ set -efu
+ ${utils.with-whatsupnix} \
+ ${pkgs.nix}/bin/nix-build \
+ --no-out-link \
+ --show-trace \
+ -E "with import <stockholm>; $1" \
+ -I "$target_path" \
+ '';
+
+ utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" ''
+ set -efu
+ if \test "$quiet" = true; then
+ "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix
+ else
+ exec "$@"
+ fi
+ '';
+
+ shell.get-version = pkgs.writeDash "stockholm.get-version" ''
+ set -efu
+ version=git.$(${pkgs.git}/bin/git describe --always --dirty)
+ case $version in (*-dirty)
+ version=$version@$HOSTNAME
+ esac
+ date=$(${pkgs.coreutils}/bin/date +%y.%m)
+ echo "$date.$version"
+ '';
+
+in
+
+ pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link:
+ lib.nameValuePair "/bin/${name}" { inherit link; }
+ ) cmds)