summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/0tests/data/secrets/konsens.id_ed255190
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/1systems/wolf/config.nix3
-rw-r--r--krebs/2configs/buildbot-stockholm.nix35
-rw-r--r--krebs/2configs/repo-sync.nix172
-rw-r--r--krebs/2configs/shack/mobile.mpd.nix32
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/git.nix11
-rw-r--r--krebs/3modules/konsens.nix80
-rw-r--r--krebs/3modules/lass/default.nix64
-rw-r--r--krebs/3modules/lass/ssh/android.rsa2
-rw-r--r--krebs/3modules/retiolum-bootstrap.nix5
-rw-r--r--krebs/5pkgs/simple/buildbot-classic/default.nix4
-rw-r--r--krebs/5pkgs/simple/cgit-clear-cache.nix8
-rw-r--r--krebs/5pkgs/simple/git-hooks/default.nix15
-rw-r--r--krebs/5pkgs/simple/krops.nix4
-rw-r--r--krebs/krops.nix7
-rw-r--r--krebs/nixpkgs.json7
-rwxr-xr-xkrebs/update-channel.sh9
19 files changed, 344 insertions, 116 deletions
diff --git a/krebs/0tests/data/secrets/konsens.id_ed25519 b/krebs/0tests/data/secrets/konsens.id_ed25519
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/konsens.id_ed25519
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 18b751a7e..0a848426c 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -15,6 +15,7 @@
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
+ <stockholm/krebs/2configs/repo-sync.nix>
];
krebs.build.host = config.krebs.hosts.hotdog;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 6addb0818..914b38051 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -25,6 +25,7 @@ in
<stockholm/krebs/2configs/shack/muell_caller.nix>
<stockholm/krebs/2configs/shack/radioactive.nix>
<stockholm/krebs/2configs/shack/share.nix>
+ <stockholm/krebs/2configs/shack/mobile.mpd.nix>
{
systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
systemd.services.telegraf.environment = {
@@ -114,7 +115,7 @@ in
networking = {
firewall.enable = false;
firewall.allowedTCPPorts = [ 8088 8086 8083 ];
- interfaces."${ext-if}".ip4 = [{
+ interfaces."${ext-if}".ipv4.addresses = [{
address = shack-ip;
prefixLength = 20;
}];
diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix
index 62a5f9ab5..8537ce40c 100644
--- a/krebs/2configs/buildbot-stockholm.nix
+++ b/krebs/2configs/buildbot-stockholm.nix
@@ -4,6 +4,22 @@ let
hostname = config.networking.hostName;
+ sourceRepos = [
+ "http://cgit.enklave.r/stockholm"
+ "http://cgit.gum.r/stockholm"
+ "http://cgit.hotdog.r/stockholm"
+ "http://cgit.ni.r/stockholm"
+ "http://cgit.prism.r/stockholm"
+ ];
+
+ build = pkgs.writeDash "build" ''
+ set -eu
+ export USER="$1"
+ export SYSTEM="$2"
+ $(nix-build $USER/krops.nix --no-out-link --argstr name "$SYSTEM" --argstr target "$HOME/stockholm-build" -A ci)
+ '';
+
+
in
{
networking.firewall.allowedTCPPorts = [ 80 ];
@@ -23,17 +39,16 @@ in
slaves = {
testslave = "lasspass";
};
- change_source.stockholm = ''
- stockholm_repo = 'http://cgit.prism.r/stockholm'
+ change_source.stockholm = concatMapStrings (repo: ''
cs.append(
changes.GitPoller(
- stockholm_repo,
- workdir='stockholm-poller', branches=True,
+ "${repo}",
+ workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True,
project='stockholm',
pollinterval=10
)
)
- '';
+ '') sourceRepos;
scheduler = {
auto-scheduler = ''
sched.append(
@@ -61,7 +76,7 @@ in
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(
- repourl=stockholm_repo,
+ repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'),
mode='full',
submodules=True,
)
@@ -95,15 +110,9 @@ in
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
"NIX_REMOTE": "daemon",
- "dummy_secrets": "true",
},
command=[
- "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
- "--user={}".format(user),
- "--system={}".format(host),
- "--force-populate",
- "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
- ])
+ "${build}", user, host
],
timeout=90001,
workdir='build', # TODO figure out why we need this?
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index 48da88a8d..3ca94fc1b 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -3,78 +3,186 @@
with import <stockholm/lib>;
let
+ konsens-user = {
+ name = "konsens";
+ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7";
+ };
mirror = "git@${config.networking.hostName}:";
- defineRepo = name: announce: let
+ defineRepo = {
+ name, desc, section
+ }:
+ let
repo = {
public = true;
name = mkDefault "${name}";
- cgit.desc = mkDefault "mirror for ${name}";
- cgit.section = mkDefault "mirror";
- hooks = mkIf announce (mkDefault {
+ cgit.desc = desc;
+ cgit.section = section;
+ hooks = mkDefault {
post-receive = pkgs.git-hooks.irc-announce {
- nick = config.networking.hostName;
- verbose = false;
channel = "#xxx";
+ refs = [
+ "refs/heads/master"
+ "refs/heads/newest"
+ "refs/tags/*"
+ ];
+ nick = config.networking.hostName;
server = "irc.r";
- branches = [ "master" ];
+ verbose = false;
};
- });
+ };
};
in {
- rules = with git; singleton {
- user = with config.krebs.users; [
- config.krebs.users."${config.networking.hostName}-repo-sync"
- ];
- repo = [ repo ];
- perm = push ''refs/*'' [ non-fast-forward create delete merge ];
- };
+ rules = with git; [
+ {
+ user = with config.krebs.users; [
+ config.krebs.users."${config.networking.hostName}-repo-sync"
+ jeschli
+ lass
+ makefu
+ tv
+ ];
+ repo = [ repo ];
+ perm = push ''refs/*'' [ non-fast-forward create delete merge ];
+ }
+ {
+ user = [
+ konsens-user
+ ];
+ repo = [ repo ];
+ perm = push ''refs/heads/master'' [ create merge ];
+ }
+ {
+ user = attrValues config.krebs.users;
+ repo = [ repo ];
+ perm = fetch;
+ }
+ ];
repos."${name}" = repo;
};
- sync-retiolum = name:
+ sync-retiolum = {
+ name,
+ desc ? "mirror for ${name}",
+ section ? "mirror"
+ }:
{
krebs.repo-sync.repos.${name} = {
branches = {
- makefu = {
- origin.url = "http://cgit.gum/${name}";
+ lassulus = {
+ origin.url = "http://cgit.lassul.us/${name}";
mirror.url = "${mirror}${name}";
};
- tv = {
- origin.url = "http://cgit.ni.r/${name}";
+ makefu = {
+ origin.url = "http://cgit.gum/${name}";
mirror.url = "${mirror}${name}";
};
nin = {
origin.url = "http://cgit.onondaga.r/${name}";
mirror.url = "${mirror}${name}";
};
- lassulus = {
- origin.url = "http://cgit.lassul.us/${name}";
+ tv = {
+ origin.url = "http://cgit.ni.r/${name}";
mirror.url = "${mirror}${name}";
};
};
latest = {
url = "${mirror}${name}";
- ref = "heads/master";
+ ref = "heads/newest";
};
};
- krebs.git = defineRepo name false;
+ krebs.git = defineRepo { inherit name desc section; };
+ };
+
+ sync-remote = {
+ name,
+ url,
+ desc ? "mirror for ${name}",
+ section ? "mirror"
+ }:
+ {
+ krebs.repo-sync.repos.${name} = {
+ branches = {
+ remote = {
+ origin.url = url;
+ mirror.url = "${mirror}${name}";
+ };
+ };
+ };
+ krebs.git = defineRepo { inherit name desc section; };
};
in {
+ krebs.git = {
+ enable = true;
+ cgit.settings = {
+ root-title = "krebs repos";
+ root-desc = "keep calm and engage";
+ };
+ };
krebs.repo-sync = {
enable = true;
};
- krebs.git = {
- enable = mkDefault true;
- cgit = {
- settings = {
- root-title = "Shared Repos";
- root-desc = "keep on krebsing";
- };
+ krebs.konsens = {
+ enable = true;
+ repos = {
+ krops = { branchesToCheck = [ "lassulus" "tv" ]; };
+ stockholm = {};
};
};
+ krebs.secret.files.konsens = {
+ path = "/var/lib/konsens/.ssh/id_ed25519";
+ owner = konsens-user;
+ source-path = "${<secrets/konsens.id_ed25519>}";
+ };
+
imports = [
- (sync-retiolum "stockholm")
+ (sync-retiolum { name = "the_playlist"; desc = "Good Music collection + tools"; section = "art"; })
+
+ (sync-retiolum { name = "stockholm"; desc = "take all computers hostage, they love it"; section = "configuration"; })
+
+ (sync-retiolum { name = "cholerab"; desc = "krebs thesauron & enterprise-patterns"; section = "documentation"; })
+
+ (sync-retiolum { name = "disko"; desc = "take a description of your disk layout and produce a format script"; section = "software"; })
+ (sync-retiolum { name = "news"; desc = "take a rss feed and a timeout and print it to stdout"; section = "software"; })
+ (sync-retiolum { name = "krops"; desc = "krebs ops"; section = "software"; })
+ (sync-retiolum { name = "go"; desc = "url shortener"; section = "software"; })
+ (sync-retiolum { name = "much"; desc = "curses email client"; section = "software"; })
+ (sync-retiolum { name = "newsbot-js"; desc = "irc rss/atom bot"; section = "software"; })
+ (sync-retiolum { name = "nix-writers"; desc = "high level writers for nix"; section = "software"; })
+
+ (sync-retiolum { name = "cac-api"; desc = "CloudAtCost API command line interface"; section = "miscellaneous"; })
+ (sync-retiolum { name = "dic"; desc = "dict.leo.org command line interface"; section = "miscellaneous"; })
+ (sync-retiolum { name = "get"; section = "miscellaneous"; })
+ (sync-retiolum { name = "hstool"; desc = "Haskell Development Environment ^_^"; section = "miscellaneous"; })
+ (sync-retiolum { name = "htgen"; desc = "toy HTTP server"; section = "miscellaneous"; })
+ (sync-retiolum { name = "kirk"; desc = "IRC tools"; section = "miscellaneous"; })
+ (sync-retiolum { name = "load-env"; section = "miscellaneous"; })
+ (sync-retiolum { name = "loldns"; desc = "toy DNS server"; section = "miscellaneous"; })
+ (sync-retiolum { name = "netcup"; desc = "netcup command line interface"; section = "miscellaneous"; })
+ (sync-retiolum { name = "populate"; desc = "source code installer"; section = "miscellaneous"; })
+ (sync-retiolum { name = "q"; section = "miscellaneous"; })
+ (sync-retiolum { name = "regfish"; section = "miscellaneous"; })
+ (sync-retiolum { name = "soundcloud"; desc = "SoundCloud command line interface"; section = "miscellaneous"; })
+
+ (sync-retiolum { name = "blessings"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "mime"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "quipper"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "scanner"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "wai-middleware-time"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "web-routes-wai-custom"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "xintmap"; section = "Haskell libraries"; })
+ (sync-retiolum { name = "xmonad-stockholm"; desc = "krebs xmonad modules"; section = "Haskell libraries"; })
+
+ (sync-remote { name = "array"; url = "https://github.com/makefu/array"; })
+ (sync-remote { name = "email-header"; url = "https://github.com/4z3/email-header"; })
+ (sync-remote { name = "mycube-flask"; url = "https://github.com/makefu/mycube-flask"; })
+ (sync-remote { name = "reaktor-titlebot"; url = "https://github.com/makefu/reaktor-titlebot"; })
+ (sync-remote { name = "repo-sync"; url = "https://github.com/makefu/repo-sync"; })
+ (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; })
+ (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; })
+ (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; })
+ (sync-remote { name = "Reaktor"; url = "https://github.com/krebs/Reaktor"; })
+ (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; })
];
}
diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix
new file mode 100644
index 000000000..2dc466edb
--- /dev/null
+++ b/krebs/2configs/shack/mobile.mpd.nix
@@ -0,0 +1,32 @@
+{lib,pkgs, ... }:
+let
+ mpdHost = "mpd.shack";
+ ympd = name: port: let
+ webPort = 10000 + port;
+ in {
+ systemd.services."ympd-${name}" = {
+ description = "mpd for ${name}";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody";
+ };
+ services.nginx.virtualHosts."mobile.${name}.mpd.shack" = {
+ serverAliases = [
+ "${name}.mpd.wolf.r"
+ "${name}.mpd.wolf.shack"
+ ];
+ locations."/".proxyPass = "http://localhost:${toString webPort}";
+ };
+ };
+in lib.mkMerge [{
+ services.nginx.enable = true;
+}
+ (ympd "lounge" 6600)
+ (ympd "seminarraum" 6601)
+ (ympd "elab" 6602)
+ (ympd "kueche" 6603)
+ (ympd "crafting" 6604)
+ (ympd "fablab" 6605)
+ (ympd "workshop" 6606)
+ (ympd "klo" 6607)
+
+]
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index afc96e9ee..833349769 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -26,6 +26,7 @@ let
./iana-etc.nix
./iptables.nix
./kapacitor.nix
+ ./konsens.nix
./monit.nix
./newsbot-js.nix
./nixpkgs.nix
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 5ae24b40b..8a923efd2 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -348,6 +348,10 @@ let
users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
description = "Git repository hosting user";
+ extraGroups = [
+ # To allow running cgit-clear-cache via hooks.
+ cfg.cgit.fcgiwrap.group.name
+ ];
shell = "/bin/sh";
openssh.authorizedKeys.keys =
unique
@@ -403,13 +407,12 @@ let
));
environment.systemPackages = [
- (pkgs.writeDashBin "cgit-clear-cache" ''
- ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/*
- '')
+ (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; })
];
system.activationScripts.cgit = ''
- mkdir -m 0700 -p ${cfg.cgit.settings.cache-root}
+ mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
+ chmod 0770 ${cfg.cgit.settings.cache-root}
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
'';
diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix
new file mode 100644
index 000000000..74895a971
--- /dev/null
+++ b/krebs/3modules/konsens.nix
@@ -0,0 +1,80 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+ cfg = config.krebs.konsens;
+
+ out = {
+ options.krebs.konsens = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "git konsens finder";
+ repos = mkOption {
+ type = types.attrsOf (types.submodule ({ config, ...}: {
+ options = {
+ url = mkOption {
+ type = types.str;
+ default = "git@localhost:${config._module.args.name}";
+ };
+ branchesToCheck = mkOption {
+ type = types.listOf types.str;
+ default = [ "lassulus" "makefu" "tv" ];
+ };
+ target = mkOption {
+ type = types.str;
+ default = "master";
+ };
+ timerConfig = mkOption {
+ type = types.attrsOf types.str;
+ default = {
+ OnCalendar = "*:00,15,30,45";
+ };
+ };
+ };
+ }));
+ };
+ };
+
+ imp = {
+ users.users.konsens = rec {
+ name = "konsens";
+ uid = genid name;
+ home = "/var/lib/konsens";
+ createHome = true;
+ };
+
+ systemd.timers = mapAttrs' (name: repo:
+ nameValuePair "konsens-${name}" {
+ description = "konsens timer";
+ wantedBy = [ "timers.target" ];
+ timerConfig = repo.timerConfig;
+ }
+ ) cfg.repos;
+
+ systemd.services = mapAttrs' (name: repo:
+ nameValuePair "konsens-${name}" {
+ after = [ "network.target" "secret.service" ];
+ path = [ pkgs.git ];
+ restartIfChanged = false;
+ serviceConfig = {
+ Type = "simple";
+ PermissionsStartOnly = true;
+ ExecStart = pkgs.writeDash "konsens-${name}" ''
+ if ! test -e ${name}; then
+ git clone ${repo.url} ${name}
+ fi
+ cd ${name}
+ git fetch origin
+ git push origin $(git merge-base --octopus ${concatMapStringsSep " " (branch: "origin/${branch}") repo.branchesToCheck}):refs/heads/master
+ '';
+ WorkingDirectory = /var/lib/konsens;
+ User = "konsens";
+ };
+ }
+ ) cfg.repos;
+ };
+
+in out
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index c4a5bbb0d..7d9ef5075 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -11,39 +11,6 @@ with import <stockholm/lib>;
ci = true;
monitoring = true;
}) {
- dishfire = {
- cores = 4;
- nets = rec {
- internet = {
- ip4.addr = "144.76.172.188";
- aliases = [
- "dishfire.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.133.99";
- ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233";
- aliases = [
- "dishfire.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs
- Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7
- uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK
- R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd
- vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U
- HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.port = 993;
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy";
- };
prism = rec {
cores = 4;
extraZones = {
@@ -441,7 +408,7 @@ with import <stockholm/lib>;
};
};
};
- borg = {
+ rock = {
monitoring = false;
ci = false;
external = true;
@@ -449,22 +416,21 @@ with import <stockholm/lib>;
retiolum = {
ip4.addr = "10.243.29.171";
ip6.addr = "42:4992:6a6d:700::2";
- aliases = [ "borg.r" ];
+ aliases = [ "rock.r" ];
tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq
- bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL
- aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD
- HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA
- 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O
- zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml
- 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN
- fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq
- WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB
- /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U
- EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS
- iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ==
- -----END PUBLIC KEY-----
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM
+ DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7
+ HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh
+ mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf
+ Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M
+ Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD
+ 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4
+ fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv
+ 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav
+ ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q
+ cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ==
+ -----END RSA PUBLIC KEY-----
'';
};
};
diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa
index f5190f45c..3d35b76e4 100644
--- a/krebs/3modules/lass/ssh/android.rsa
+++ b/krebs/3modules/lass/ssh/android.rsa
@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android
diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix
index 53b06a702..faa3dd714 100644
--- a/krebs/3modules/retiolum-bootstrap.nix
+++ b/krebs/3modules/retiolum-bootstrap.nix
@@ -31,11 +31,8 @@ in
enable = mkDefault true;
virtualHosts.retiolum-bootstrap = {
inherit (cfg) serverName sslCertificate sslCertificateKey;
- enableSSL = true;
+ forceSSL = true;
extraConfig =''
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
- }
root ${pkgs.retiolum-bootstrap};
try_files $uri $uri/retiolum.sh;
diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix
index e6bafbd25..4fae6256d 100644
--- a/krebs/5pkgs/simple/buildbot-classic/default.nix
+++ b/krebs/5pkgs/simple/buildbot-classic/default.nix
@@ -2,7 +2,7 @@
python2Packages.buildPythonApplication rec {
name = "buildbot-classic-${version}";
- version = "0.8.16";
+ version = "0.8.17";
namePrefix = "";
patches = [];
@@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec {
owner = "krebs";
repo = "buildbot-classic";
rev = version;
- sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha";
+ sha256 = "0yn0n37rs2bhz9q0simnvyzz5sfrpqhbdm6pdj6qk7sab4y6xbq8";
};
postUnpack = "sourceRoot=\${sourceRoot}/master";
diff --git a/krebs/5pkgs/simple/cgit-clear-cache.nix b/krebs/5pkgs/simple/cgit-clear-cache.nix
new file mode 100644
index 000000000..28402c39c
--- /dev/null
+++ b/krebs/5pkgs/simple/cgit-clear-cache.nix
@@ -0,0 +1,8 @@
+with import <stockholm/lib>;
+
+{ cache-root ? "/tmp/cgit", findutils, writeDashBin }:
+
+writeDashBin "cgit-clear-cache" ''
+ set -efu
+ ${findutils}/bin/find ${shell.escape cache-root} -type f -delete
+''
diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix
index 1930c7f14..0a2c84410 100644
--- a/krebs/5pkgs/simple/git-hooks/default.nix
+++ b/krebs/5pkgs/simple/git-hooks/default.nix
@@ -6,11 +6,11 @@ with import <stockholm/lib>;
# TODO irc-announce should return a derivation
# but it cannot because krebs.git.repos.*.hooks :: attrsOf str
irc-announce =
- { branches ? []
- , cgit_endpoint ? "http://cgit.${nick}.r"
+ { cgit_endpoint ? "http://cgit.${nick}.r"
, channel
, nick
, port ? 6667
+ , refs ? []
, server
, verbose ? false
}: /* sh */ ''
@@ -57,14 +57,15 @@ with import <stockholm/lib>;
receive_mode=non-fast-forward
fi
- h=$(echo $ref | sed 's:^refs/heads/::')
-
- ${optionalString (branches != []) ''
- if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then
- echo "we are not serving this branch: $h"
+ ${optionalString (refs != []) ''
+ if ! { echo "$ref" | grep -qE "${concatStringsSep "|" refs}"; }; then
+ echo "we are not announcing this ref: $h"
exit 0
fi
''}
+
+ h=$(echo $ref | sed 's:^refs/heads/::')
+
# empty_tree=$(git hash-object -t tree /dev/null)
empty_tree=4b825dc6
diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix
index e4e9928d4..23cc224b8 100644
--- a/krebs/5pkgs/simple/krops.nix
+++ b/krebs/5pkgs/simple/krops.nix
@@ -2,6 +2,6 @@
fetchgit {
url = https://cgit.krebsco.de/krops;
- rev = "refs/tags/v1.1.0";
- sha256 = "19z5385rdci2bj0l7ksjbgyj84vsb29kz87j9x6vj5vv16y7y4ll";
+ rev = "refs/tags/v1.3.1";
+ sha256 = "0bv984bjc6r1ys1q0wnszv1v1g1wdvjb6i0ibj7namwz0mhg67a7";
}
diff --git a/krebs/krops.nix b/krebs/krops.nix
index 0e80aec0e..c71e60571 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -12,7 +12,7 @@
krebs-source = {
nixpkgs.git = {
- ref = "d0c868ec17c2cb2ca845f33fbfe381e9c7e55516";
+ ref = (lib.importJSON ./nixpkgs.json).rev;
url = https://github.com/NixOS/nixpkgs;
};
stockholm.file = toString ../.;
@@ -60,4 +60,9 @@
source = source { test = true; };
target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src";
};
+
+ ci = pkgs.krops.writeTest "${name}-test" {
+ source = source { test = true; };
+ target = "${lib.getEnv "HOME"}/stockholm-build";
+ };
}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
new file mode 100644
index 000000000..a9a0f6634
--- /dev/null
+++ b/krebs/nixpkgs.json
@@ -0,0 +1,7 @@
+{
+ "url": "https://github.com/NixOS/nixpkgs-channels",
+ "rev": "a37638d46706610d12c9747614fd1b8f8d35ad48",
+ "date": "2018-08-30T21:03:26+02:00",
+ "sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7",
+ "fetchSubmodules": true
+}
diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh
new file mode 100755
index 000000000..47d3f29c4
--- /dev/null
+++ b/krebs/update-channel.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+dir=$(dirname $0)
+oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
+nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
+ --url https://github.com/NixOS/nixpkgs-channels \
+ --rev refs/heads/nixos-18.03' \
+> $dir/nixpkgs.json
+newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1