diff options
Diffstat (limited to 'mv')
-rw-r--r-- | mv/1systems/stro/config.nix (renamed from mv/1systems/stro.nix) | 23 | ||||
-rw-r--r-- | mv/1systems/stro/source.nix | 3 | ||||
-rw-r--r-- | mv/dummy_secrets/default.nix | 8 | ||||
-rw-r--r-- | mv/dummy_secrets/ssh.ed25519 | 3 | ||||
-rw-r--r-- | mv/source.nix | 23 |
5 files changed, 42 insertions, 18 deletions
diff --git a/mv/1systems/stro.nix b/mv/1systems/stro/config.nix index bb37aedda..669655eec 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro/config.nix @@ -8,18 +8,6 @@ with import <stockholm/lib>; build = { user = config.krebs.users.mv; host = config.krebs.hosts.stro; - source = let - HOME = getEnv "HOME"; - host = config.krebs.build.host; - in { - nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix"; - secrets.file = "${HOME}/secrets/${host.name}"; - stockholm.file = "${HOME}/stockholm"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f"; - }; - }; }; }; @@ -27,7 +15,7 @@ with import <stockholm/lib>; <secrets> <stockholm/krebs> <stockholm/tv/2configs/audit.nix> - <stockholm/tv/2configs/bash.nix> + <stockholm/tv/2configs/bash> <stockholm/tv/2configs/exim-retiolum.nix> <stockholm/tv/2configs/hw/x220.nix> <stockholm/tv/2configs/im.nix> @@ -40,7 +28,6 @@ with import <stockholm/lib>; <stockholm/tv/2configs/xdg.nix> <stockholm/tv/2configs/xserver> <stockholm/tv/3modules> - <stockholm/tv/5pkgs> ]; boot.kernel.sysctl = { @@ -124,13 +111,13 @@ with import <stockholm/lib>; nix = { binaryCaches = ["https://cache.nixos.org"]; - # TODO check if both are required: - chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ]; requireSignedBinaryCaches = true; - useChroot = true; + # TODO check if both are required: + sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ]; + useSandbox = true; }; - nixpkgs.config.allowUnfree = false; + nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs; users = { defaultUserShell = "/run/current-system/sw/bin/bash"; diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix new file mode 100644 index 000000000..888d616c8 --- /dev/null +++ b/mv/1systems/stro/source.nix @@ -0,0 +1,3 @@ +import <stockholm/mv/source.nix> { + name = "stro"; +} diff --git a/mv/dummy_secrets/default.nix b/mv/dummy_secrets/default.nix new file mode 100644 index 000000000..84a5e1186 --- /dev/null +++ b/mv/dummy_secrets/default.nix @@ -0,0 +1,8 @@ +{ config, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.mv.pubkey + ]; + }; +} diff --git a/mv/dummy_secrets/ssh.ed25519 b/mv/dummy_secrets/ssh.ed25519 new file mode 100644 index 000000000..a7d2adab4 --- /dev/null +++ b/mv/dummy_secrets/ssh.ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +dummy +-----END OPENSSH PRIVATE KEY----- diff --git a/mv/source.nix b/mv/source.nix new file mode 100644 index 000000000..aa2b13fd8 --- /dev/null +++ b/mv/source.nix @@ -0,0 +1,23 @@ +with import <stockholm/lib>; +host@{ name, override ? {} }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "mv"; + _file = <stockholm> + "/mv/1systems/${name}/source.nix"; +in + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix"; + nixpkgs.git = { + # nixos-17.03 + ref = mkDefault "56da88a298a6f549701a10bb12072804a1ebfbd5"; + url = https://github.com/NixOS/nixpkgs; + }; + secrets.file = getAttr builder { + buildbot = toString <stockholm/mv/dummy_secrets>; + mv = "/home/mv/secrets/${name}"; + }; + stockholm.file = toString <stockholm>; + } + override + ] |