summaryrefslogtreecommitdiffstats
path: root/mv
diff options
context:
space:
mode:
Diffstat (limited to 'mv')
-rw-r--r--mv/1systems/stro/config.nix (renamed from mv/1systems/stro.nix)23
-rw-r--r--mv/1systems/stro/source.nix3
-rw-r--r--mv/dummy_secrets/default.nix8
-rw-r--r--mv/dummy_secrets/ssh.ed255193
-rw-r--r--mv/source.nix23
5 files changed, 42 insertions, 18 deletions
diff --git a/mv/1systems/stro.nix b/mv/1systems/stro/config.nix
index bb37aedda..669655eec 100644
--- a/mv/1systems/stro.nix
+++ b/mv/1systems/stro/config.nix
@@ -8,18 +8,6 @@ with import <stockholm/lib>;
build = {
user = config.krebs.users.mv;
host = config.krebs.hosts.stro;
- source = let
- HOME = getEnv "HOME";
- host = config.krebs.build.host;
- in {
- nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
- secrets.file = "${HOME}/secrets/${host.name}";
- stockholm.file = "${HOME}/stockholm";
- nixpkgs.git = {
- url = https://github.com/NixOS/nixpkgs;
- ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
- };
- };
};
};
@@ -27,7 +15,7 @@ with import <stockholm/lib>;
<secrets>
<stockholm/krebs>
<stockholm/tv/2configs/audit.nix>
- <stockholm/tv/2configs/bash.nix>
+ <stockholm/tv/2configs/bash>
<stockholm/tv/2configs/exim-retiolum.nix>
<stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/im.nix>
@@ -40,7 +28,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/xdg.nix>
<stockholm/tv/2configs/xserver>
<stockholm/tv/3modules>
- <stockholm/tv/5pkgs>
];
boot.kernel.sysctl = {
@@ -124,13 +111,13 @@ with import <stockholm/lib>;
nix = {
binaryCaches = ["https://cache.nixos.org"];
- # TODO check if both are required:
- chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
requireSignedBinaryCaches = true;
- useChroot = true;
+ # TODO check if both are required:
+ sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+ useSandbox = true;
};
- nixpkgs.config.allowUnfree = false;
+ nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
users = {
defaultUserShell = "/run/current-system/sw/bin/bash";
diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix
new file mode 100644
index 000000000..888d616c8
--- /dev/null
+++ b/mv/1systems/stro/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/mv/source.nix> {
+ name = "stro";
+}
diff --git a/mv/dummy_secrets/default.nix b/mv/dummy_secrets/default.nix
new file mode 100644
index 000000000..84a5e1186
--- /dev/null
+++ b/mv/dummy_secrets/default.nix
@@ -0,0 +1,8 @@
+{ config, ... }:
+{
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.mv.pubkey
+ ];
+ };
+}
diff --git a/mv/dummy_secrets/ssh.ed25519 b/mv/dummy_secrets/ssh.ed25519
new file mode 100644
index 000000000..a7d2adab4
--- /dev/null
+++ b/mv/dummy_secrets/ssh.ed25519
@@ -0,0 +1,3 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+dummy
+-----END OPENSSH PRIVATE KEY-----
diff --git a/mv/source.nix b/mv/source.nix
new file mode 100644
index 000000000..aa2b13fd8
--- /dev/null
+++ b/mv/source.nix
@@ -0,0 +1,23 @@
+with import <stockholm/lib>;
+host@{ name, override ? {} }: let
+ builder = if getEnv "dummy_secrets" == "true"
+ then "buildbot"
+ else "mv";
+ _file = <stockholm> + "/mv/1systems/${name}/source.nix";
+in
+ evalSource (toString _file) [
+ {
+ nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
+ nixpkgs.git = {
+ # nixos-17.03
+ ref = mkDefault "56da88a298a6f549701a10bb12072804a1ebfbd5";
+ url = https://github.com/NixOS/nixpkgs;
+ };
+ secrets.file = getAttr builder {
+ buildbot = toString <stockholm/mv/dummy_secrets>;
+ mv = "/home/mv/secrets/${name}";
+ };
+ stockholm.file = toString <stockholm>;
+ }
+ override
+ ]