From 674c5656580e92143fce376feebec21d83e0a81f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Sep 2015 14:58:15 +0200 Subject: lass 2: configure mc globaly --- lass/2configs/base.nix | 1 + lass/2configs/mc.nix | 346 +++++++++++++++++++++++++++++++++++++++++++++ lass/2configs/programs.nix | 1 - 3 files changed, 347 insertions(+), 1 deletion(-) create mode 100644 lass/2configs/mc.nix diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 6774845c0..563035d0c 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -6,6 +6,7 @@ with lib; ../3modules/iptables.nix ../2configs/vim.nix ../2configs/zsh.nix + ../2configs/mc.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix new file mode 100644 index 000000000..87880ed00 --- /dev/null +++ b/lass/2configs/mc.nix @@ -0,0 +1,346 @@ +{ config, pkgs, ... }: + +let + mcExt = pkgs.writeText "mc.ext" '' + # gitfs changeset + regex/^\[git\] + Open=%cd %p/changesetfs:// + View=%cd %p/patchsetfs:// + + ### Archives ### + + # .tgz, .tpz, .tar.gz, .tar.z, .tar.Z, .ipk, .gem + regex/\.t([gp]?z|ar\.g?[zZ])$|\.ipk$|\.gem$ + Open=%cd %p/utar:// + + shell/.tar.bz + # Open=%cd %p/utar:// + + regex/\.t(ar\.bz2|bz2?|b2)$ + Open=%cd %p/utar:// + + # .tar.lzma, .tlz + regex/\.t(ar\.lzma|lz)$ + Open=%cd %p/utar:// + + # .tar.xz, .txz + regex/\.t(ar\.xz|xz)$ + Open=%cd %p/utar:// + + # .tar.F - used in QNX + shell/.tar.F + # Open=%cd %p/utar:// + + # .qpr/.qpk - QNX Neutrino package installer files + regex/\.qp[rk]$ + Open=%cd %p/utar:// + + # tar + shell/i/.tar + Open=%cd %p/utar:// + + # lha + type/^LHa\ .*archive + Open=%cd %p/ulha:// + + # arj + regex/i/\.a(rj|[0-9][0-9])$ + Open=%cd %p/uarj:// + + # cab + shell/i/.cab + Open=%cd %p/ucab:// + + # ha + shell/i/.ha + Open=%cd %p/uha:// + + # rar + regex/i/\.r(ar|[0-9][0-9])$ + Open=%cd %p/urar:// + + # ALZip + shell/i/.alz + Open=%cd %p/ualz:// + + # cpio + shell/.cpio.Z + Open=%cd %p/ucpio:// + + shell/.cpio.xz + Open=%cd %p/ucpio:// + + shell/.cpio.gz + Open=%cd %p/ucpio:// + + shell/i/.cpio + Open=%cd %p/ucpio:// + + # 7zip archives (they are not man pages) + shell/i/.7z + Open=%cd %p/u7z:// + + # patch + regex/\.(diff|patch)(\.bz2)$ + Open=%cd %p/patchfs:// + + regex/\.(diff|patch)(\.(gz|Z))$ + Open=%cd %p/patchfs:// + + # ls-lR + regex/(^|\.)ls-?lR(\.gz|Z|bz2)$ + Open=%cd %p/lslR:// + + # trpm + shell/.trpm + Open=%cd %p/trpm:// + + # RPM packages (SuSE uses *.spm for source packages) + regex/\.(src\.rpm|spm)$ + Open=%cd %p/rpm:// + + shell/.rpm + Open=%cd %p/rpm:// + + # deb + regex/\.u?deb$ + Open=%cd %p/deb:// + + # dpkg + shell/.debd + Open=%cd %p/debd:// + + # apt + shell/.deba + Open=%cd %p/deba:// + + # ISO9660 + shell/i/.iso + Open=%cd %p/iso9660:// + + + regex/\.(diff|patch)$ + Open=%cd %p/patchfs:// + + # ar library + regex/\.s?a$ + Open=%cd %p/uar:// + + # gplib + shell/i/.lib + Open=%cd %p/ulib:// + + + # Mailboxes + type/^ASCII\ mail\ text + Open=%cd %p/mailfs:// + + + ### Sources ### + + # C/C++ + regex/i/\.(c|cc|cpp)$ + Include=editor + + # C/C++ header + regex/i/\.(h|hh|hpp)$ + Include=editor + + # Fortran + shell/i/.f + Include=editor + + # Assembler + regex/i/\.(s|asm)$ + Include=editor + + include/editor + Open=%var{EDITOR:vim} %f + + ### Images ### + + type/^GIF + Include=image + + type/^JPEG + Include=image + + type/^PC\ bitmap + Include=image + + type/^PNG + Include=image + + type/^JNG + Include=image + + type/^MNG + Include=image + + type/^TIFF + Include=image + + type/^PBM + Include=image + + type/^PGM + Include=image + + type/^PPM + Include=image + + type/^Netpbm + Include=image + + shell/.ico + Include=image + + include/image + Open=sxiv %f + View=sxiv %f + + ### Sound files ### + + regex/i/\.(wav|snd|voc|au|smp|aiff|snd|m4a|ape|aac|wv)$ + Include=audio + + regex/i/\.(mod|s3m|xm|it|mtm|669|stm|ult|far)$ + Include=audio + + shell/i/.waw22 + Include=audio + + shell/i/.mp3 + Include=audio + + regex/i/\.og[gax]$ + Include=audio + + regex/i/\.(spx|flac)$ + Include=audio + + regex/i/\.(midi?|rmid?)$ + Include=audio + + shell/i/.wma + Include=audio + + include/audio + Open=mpv %f + View=mpv %f + + ### Video ### + + shell/i/.avi + Include=video + + regex/i/\.as[fx]$ + Include=video + + shell/i/.divx + Include=video + + shell/i/.mkv + Include=video + + regex/i/\.(mov|qt)$ + Include=video + + regex/i/\.(mp4|m4v|mpe?g)$ + Include=video + + # MPEG-2 TS container + H.264 codec + shell/i/.mts + Include=video + + shell/i/.ts + Include=video + + shell/i/.vob + Include=video + + shell/i/.wmv + Include=video + + regex/i/\.fl[icv]$ + Include=video + + shell/i/.ogv + Include=video + + # WebM + shell/i/.webm + Include=video + + type/WebM + Include=video + + include/video + Open=mpv %f + View=mpv %f + + + ### Documents ### + + # PDF + type/^PDF + Open=zathura %f + View=zathura %f + + ### Miscellaneous ### + + # Makefile + regex/[Mm]akefile$ + Open=make -f %f %{Enter parameters} + + + ### Plain compressed files ### + + # ace + shell/i/.ace + Open=%cd %p/uace:// + Extract=unace x %f + + # arc + shell/i/.arc + Open=%cd %p/uarc:// + Extract=arc x %f '*' + Extract (with flags)=I=%{Enter any Arc flags:}; if test -n "$I"; then arc x $I %f; fi + + # zip + shell/i/.zip + Open=%cd %p/uzip:// + + # zip + type/i/^zip\ archive + Open=%cd %p/uzip:// + + # jar(zip) + type/i/^Java\ Jar\ file\ data\ \(zip\) + Open=%cd %p/uzip:// + + # zoo + shell/i/.zoo + Open=%cd %p/uzoo:// + + ### Default ### + + # Default target for anything not described above + default/* + Open=vim %f + View=vim %f + + ''; + +in { + environment.systemPackages = [ + (pkgs.lib.overrideDerivation pkgs.mc (original : { + postInstall = '' + rm -f $out/etc/mc/mc.ext + ln -s ${mcExt} $out/etc/mc/mc.ext + cp $out/share/mc/skins/nicedark.ini $out/share/mc/skins/default.ini + ''; + })) + ]; +} + diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix index 41d241bac..e4840383f 100644 --- a/lass/2configs/programs.nix +++ b/lass/2configs/programs.nix @@ -7,7 +7,6 @@ gnupg1compat htop i3lock - mc mosh mpv pass -- cgit v1.2.3 From 4aaef36a28f0ef0d5268be312420367db6c7008f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Sep 2015 15:00:13 +0200 Subject: lass 2 base: disable nscd --- lass/2configs/base.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 563035d0c..7c4835461 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -54,6 +54,7 @@ with lib; #why is this on in the first place? services.ntp.enable = false; + services.nscd.enable = false; boot.tmpOnTmpfs = true; # see tmpfiles.d(5) -- cgit v1.2.3 From 12da7cf58718a2382a6ce8e0fe8fe537117b5240 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Sep 2015 15:11:55 +0200 Subject: lass 2 desktop-base: dont suspend on lid action --- lass/2configs/desktop-base.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix index 52c29d7e8..8ae768ca9 100644 --- a/lass/2configs/desktop-base.nix +++ b/lass/2configs/desktop-base.nix @@ -61,4 +61,8 @@ in { xkbOptions = "caps:backspace"; }; + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + } -- cgit v1.2.3 From d8867aac2610ce548ecb6d0c6a9ec44158f595fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Sep 2015 15:13:14 +0200 Subject: lass 2 zsh: add -R to vim pager --- lass/2configs/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 646e816fd..c3402eaf4 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -57,7 +57,7 @@ #exports export EDITOR='vim' export MANPAGER='most' - export PAGER='vim -' + export PAGER='vim -R -' # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -' #beautiful colors -- cgit v1.2.3 From cdc490e504b30062765578d66a7f5ccd6449b7b6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 23 Sep 2015 15:15:56 +0200 Subject: lass 2 zsh: fix space in prompt --- lass/2configs/zsh.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index c3402eaf4..64aa45823 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -103,23 +103,21 @@ case $UID in 0) - username='%F{red}root%f' + username='%F{red}root%f ' ;; 1337) username="" ;; *) - username='%F{blue}%n%f' + username='%F{blue}%n%f ' ;; esac if test -n "$SSH_CLIENT"; then PROMPT="$error$username@%F{magenta}%M%f %~ " else - PROMPT="$error$username %~ " + PROMPT="$error$username%~ " fi - - ''; }; users.defaultUserShell = "/run/current-system/sw/bin/zsh"; -- cgit v1.2.3 From 895971f21490222e7d4060d5ec1a6bb4395ff595 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 26 Sep 2015 12:08:22 +0200 Subject: lass 2 texlive: add dependencies for moderncv --- lass/2configs/texlive.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix index 18d72297d..fa20ef81f 100644 --- a/lass/2configs/texlive.nix +++ b/lass/2configs/texlive.nix @@ -2,6 +2,11 @@ { environment.systemPackages = with pkgs; [ - texLive + (texLiveAggregationFun { paths = [ + texLive + texLiveExtra + texLiveCMSuper + texLiveModerncv + ];}) ]; } -- cgit v1.2.3 From 0d806f61d2709f0ff8bf03ee431839035215e689 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 26 Sep 2015 12:12:50 +0200 Subject: lass: add firefoxPatched + firefoxPlugins --- lass/2configs/firefoxPatched.nix | 58 ++++++++++++++++++++++++++++++++ lass/5pkgs/default.nix | 5 +++ lass/5pkgs/firefoxPlugins/noscript.nix | 28 +++++++++++++++ lass/5pkgs/firefoxPlugins/result | 1 + lass/5pkgs/firefoxPlugins/ublock.nix | 31 +++++++++++++++++ lass/5pkgs/firefoxPlugins/vimperator.nix | 19 +++++++++++ 6 files changed, 142 insertions(+) create mode 100644 lass/2configs/firefoxPatched.nix create mode 100644 lass/5pkgs/firefoxPlugins/noscript.nix create mode 120000 lass/5pkgs/firefoxPlugins/result create mode 100644 lass/5pkgs/firefoxPlugins/ublock.nix create mode 100644 lass/5pkgs/firefoxPlugins/vimperator.nix diff --git a/lass/2configs/firefoxPatched.nix b/lass/2configs/firefoxPatched.nix new file mode 100644 index 000000000..daf8a28be --- /dev/null +++ b/lass/2configs/firefoxPatched.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +let + lpkgs = import ../5pkgs { inherit pkgs; }; + + inherit (lib) + concatMapStrings + ; + + plugins = with lpkgs.firefoxPlugins; [ + noscript + ublock + vimperator + ]; + + copyXpi = plugin: + "cp ${plugin}/*.xpi $out/usr/lib/firefox-*/browser/extensions/"; + + preferences = pkgs.writeText "autoload.js" '' + pref('general.config.filename', 'firefox.cfg'); + pref('general.config.obscure_value', 0); + ''; + + config = pkgs.writeText "firefox.cfg" '' + // + lockPref("app.update.enabled", false); + lockPref("extensions.update.enabled", false); + lockPref("autoadmin.global_config_url", ""); + lockPref("extensions.checkUpdateSecurity", false); + lockPref("services.sync.enabled", false); + lockPref("browser.shell.checkDefaultBrowser", false); + lockPref("layout.spellcheckDefault", 0); + lockPref("app.update.auto", false); + lockPref("browser.newtabpage.enabled", false); + lockPref("noscript.firstRunRedirection", false); + lockPref("noscript.hoverUI", false); + lockPref("noscript.notify", false); + defaultPref("extensions.newAddons", false); + defaultPref("extensions.autoDisableScopes", 0); + defaultPref("plugin.scan.plid.all", false); + ''; + +in { + environment.systemPackages = [ + (pkgs.lib.overrideDerivation pkgs.firefox-bin (original : { + installPhase = '' + ${original.installPhase} + find $out/usr/lib + ${concatMapStrings copyXpi plugins} + cd $out/usr/lib/firefox-*/ + mkdir -p browser/defaults/preferences + cp ${preferences} browser/defaults/preferences/autoload.js + cp ${config} ./firefox.cfg + ''; + })) + ]; +} + diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 6df35b905..7427cb620 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -8,4 +8,9 @@ rec { bitlbee-dev = callPackage ./bitlbee-dev.nix {}; bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; }; bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; }; + firefoxPlugins = { + noscript = callPackage ./firefoxPlugins/noscript.nix {}; + ublock = callPackage ./firefoxPlugins/ublock.nix {}; + vimperator = callPackage ./firefoxPlugins/vimperator.nix {}; + }; } diff --git a/lass/5pkgs/firefoxPlugins/noscript.nix b/lass/5pkgs/firefoxPlugins/noscript.nix new file mode 100644 index 000000000..67a00a1b2 --- /dev/null +++ b/lass/5pkgs/firefoxPlugins/noscript.nix @@ -0,0 +1,28 @@ +{ fetchgit, stdenv, bash, zip }: + +stdenv.mkDerivation rec { + name = "noscript"; + id = "{73a6fe31-595d-460b-a920-fcc0f8843232}"; + + src = fetchgit { + url = "https://github.com/avian2/noscript"; + rev = "c900a079793868bb080ab1e23522d29dc121b4c6"; + sha256 = "1y06gh5a622yrsx0h7v92qnvdi97i54ln09zc1lvk8x430z5bdly"; + }; + + buildInputs = [ zip ]; + + patchPhase = '' + substituteInPlace "version.sh" \ + --replace "/bin/bash" "${bash}/bin/bash" + ''; + + buildPhase = '' + ./makexpi.sh + ''; + + installPhase = '' + mkdir -p $out/ + cp *.xpi $out/${id}.xpi + ''; +} diff --git a/lass/5pkgs/firefoxPlugins/result b/lass/5pkgs/firefoxPlugins/result new file mode 120000 index 000000000..aa5334414 --- /dev/null +++ b/lass/5pkgs/firefoxPlugins/result @@ -0,0 +1 @@ +/nix/store/gxr152p1bbgqcd839b0rckdd1h5cr886-vimperator \ No newline at end of file diff --git a/lass/5pkgs/firefoxPlugins/ublock.nix b/lass/5pkgs/firefoxPlugins/ublock.nix new file mode 100644 index 000000000..29ef250e8 --- /dev/null +++ b/lass/5pkgs/firefoxPlugins/ublock.nix @@ -0,0 +1,31 @@ +{ fetchgit, stdenv, bash, python, zip }: + +stdenv.mkDerivation rec { + name = "ublock"; + id = "{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}"; + + src = fetchgit { + url = "https://github.com/chrisaljoudi/uBlock"; + rev = "a70a50052a7914cbf86d46a725812b98434d8c70"; + sha256 = "1qfzy79f8x01i33x0m95k833z1jgxjwb8wvlr6fj6id1kxfvzh77"; + }; + + buildInputs = [ + zip + python + ]; + + patchPhase = '' + substituteInPlace "tools/make-firefox.sh" \ + --replace "/bin/bash" "${bash}/bin/bash" + ''; + + buildPhase = '' + tools/make-firefox.sh all + ''; + + installPhase = '' + mkdir -p $out/ + cp dist/build/uBlock.firefox.xpi $out/${id}.xpi + ''; +} diff --git a/lass/5pkgs/firefoxPlugins/vimperator.nix b/lass/5pkgs/firefoxPlugins/vimperator.nix new file mode 100644 index 000000000..dabef3d20 --- /dev/null +++ b/lass/5pkgs/firefoxPlugins/vimperator.nix @@ -0,0 +1,19 @@ +{ fetchgit, stdenv, zip }: + +stdenv.mkDerivation rec { + name = "vimperator"; + id = "vimperator@mozdev.org"; + + src = fetchgit { + url = "https://github.com/vimperator/vimperator-labs.git"; + rev = "ba7d8e72516fdc22246748c8183d7bc90f6fb073"; + sha256 = "0drz67qm5hxxzw699rswlpjkg4p2lfipx119pk1nyixrqblcsvq2"; + }; + + buildInputs = [ zip ]; + + installPhase = '' + mkdir -p $out/ + cp downloads/vimperator*.xpi $out/${id}.xpi + ''; +} -- cgit v1.2.3 From 227e5276ab3314f9bf5147886a78112b4b67de49 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 26 Sep 2015 12:13:32 +0200 Subject: lass 1 mors: activate firefoxPatched --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 4724fd3e3..de5e824c4 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -22,6 +22,7 @@ ../2configs/retiolum.nix ../2configs/wordpress.nix ../2configs/bitlbee.nix + ../2configs/firefoxPatched.nix ]; krebs.build = { -- cgit v1.2.3 From 5165f8e47fc6b0f18d1d0d38398362a03bae7531 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 26 Sep 2015 12:13:53 +0200 Subject: lass 2 browsers: use systemwide firefox --- lass/2configs/browsers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 4fe06b729..f37dace2c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -62,7 +62,7 @@ in { imports = [ ../3modules/per-user.nix ] ++ [ - ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) + ( createFirefoxUser "ff" [ "audio" ] [ ] ) ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) -- cgit v1.2.3 From b6383dba83a2e9ec6ada40fb780c15a56c8d715e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 27 Sep 2015 20:04:28 +0200 Subject: lass 2 base: bump nixpkgs rev --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 7c4835461..6cdeab1b9 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -44,7 +44,7 @@ with lib; exim-retiolum.enable = true; build.deps.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "e74d0e7ff83c16846a81e1173543f180ad565076"; + rev = "68bd8e4a9dc247726ae89cc8739574261718e328"; }; }; -- cgit v1.2.3 From a6812b4440e095287b6f2228a78b65c7629866de Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Sep 2015 11:55:39 +0200 Subject: lass: make compatible with new krebs.build --- lass/1systems/cloudkrebs.nix | 13 +++++++------ lass/1systems/echelon.nix | 13 +++++++------ lass/1systems/mors.nix | 13 +++++++------ lass/1systems/uriel.nix | 12 +++++++----- lass/2configs/base.nix | 8 +++++--- 5 files changed, 33 insertions(+), 26 deletions(-) diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 7c95e0f87..5235c25e5 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -25,14 +25,15 @@ krebs.build = { user = config.krebs.users.lass; - target = "root@cloudkrebs"; host = config.krebs.hosts.cloudkrebs; - deps = { - secrets = { - url = "/home/lass/secrets/${config.krebs.build.host.name}"; + source = { + dir.secrets = { + host = config.krebs.hosts.mors; + path = "/home/lass/secrets/${config.krebs.build.host.name}"; }; - stockholm = { - url = toString ../..; + dir.stockholm = { + host = config.krebs.hosts.mors; + path = "/home/lass/dev/stockholm"; }; }; }; diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 92976366f..d1a3f34f7 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -28,14 +28,15 @@ in { krebs.build = { user = config.krebs.users.lass; - target = "root@${ip}"; host = config.krebs.hosts.echelon; - deps = { - secrets = { - url = "/home/lass/secrets/${config.krebs.build.host.name}"; + source = { + dir.secrets = { + host = config.krebs.hosts.mors; + path = "/home/lass/secrets/${config.krebs.build.host.name}"; }; - stockholm = { - url = toString ../..; + dir.stockholm = { + host = config.krebs.hosts.mors; + path = "/home/lass/dev/stockholm"; }; }; }; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index de5e824c4..9d234f14b 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -27,14 +27,15 @@ krebs.build = { user = config.krebs.users.lass; - target = "root@mors"; host = config.krebs.hosts.mors; - deps = { - secrets = { - url = "/home/lass/secrets/${config.krebs.build.host.name}"; + source = { + dir.secrets = { + host = config.krebs.hosts.mors; + path = "/home/lass/secrets/${config.krebs.build.host.name}"; }; - stockholm = { - url = toString ../..; + dir.stockholm = { + host = config.krebs.hosts.mors; + path = "/home/lass/dev/stockholm"; }; }; }; diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index bb98975e4..9d96e7814 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -27,12 +27,14 @@ with builtins; user = config.krebs.users.lass; target = "root@uriel"; host = config.krebs.hosts.uriel; - deps = { - secrets = { - url = "/home/lass/secrets/${config.krebs.build.host.name}"; + source = { + dir.secrets = { + host = config.krebs.hosts.mors; + path = "/home/lass/secrets/${config.krebs.build.host.name}"; }; - stockholm = { - url = toString ../..; + dir.stockholm = { + host = config.krebs.hosts.mors; + path = "/home/lass/dev/stockholm"; }; }; }; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 6cdeab1b9..46435649b 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -42,9 +42,11 @@ with lib; enable = true; search-domain = "retiolum"; exim-retiolum.enable = true; - build.deps.nixpkgs = { - url = https://github.com/Lassulus/nixpkgs; - rev = "68bd8e4a9dc247726ae89cc8739574261718e328"; + build.source = { + git.nixpkgs = { + url = https://github.com/Lassulus/nixpkgs; + rev = "68bd8e4a9dc247726ae89cc8739574261718e328"; + }; }; }; -- cgit v1.2.3 From 611ff367cf3d057e78ed3112416073b1f48c6aef Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Sep 2015 11:56:01 +0200 Subject: lass 2 base: add get to pkgs --- lass/2configs/base.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 46435649b..948b54d8d 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -75,6 +75,8 @@ with lib; most rxvt_unicode.terminfo + get + #network iptables ]; -- cgit v1.2.3 From 0f2f56097b4a404a1b0b0e52f948bba878c05caa Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Sep 2015 11:56:13 +0200 Subject: krebs 3: add fastpoke --- krebs/3modules/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index f0eb290ca..6f7b5c7b9 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -169,6 +169,36 @@ let }; }; }; + fastpoke = { + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["193.22.164.36"]; + aliases = [ + "fastpoke.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.253.152"]; + addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"]; + aliases = [ + "fastpoke.retiolum" + "cgit.fastpoke.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq + DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O + FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ + ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB + EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy + rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; cloudkrebs = { cores = 1; dc = "lass"; #dc = "cac"; -- cgit v1.2.3 From 4d8408aa5a119d9d99c94950d829ab99fab748dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Sep 2015 15:18:31 +0200 Subject: lass: install get only on mors --- lass/1systems/mors.nix | 1 + lass/2configs/base.nix | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 9d234f14b..b7291a8f2 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -174,6 +174,7 @@ environment.systemPackages = with pkgs; [ cac + get ]; #TODO: fix this shit diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 948b54d8d..46435649b 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -75,8 +75,6 @@ with lib; most rxvt_unicode.terminfo - get - #network iptables ]; -- cgit v1.2.3 From 4c2b5f628d59580e84dbe64124150effd4bf539f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Sep 2015 15:18:58 +0200 Subject: krebs Zhosts: bump cloudkrebs Address --- krebs/Zhosts/cloudkrebs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/Zhosts/cloudkrebs b/krebs/Zhosts/cloudkrebs index ed46a36bd..3886371ff 100644 --- a/krebs/Zhosts/cloudkrebs +++ b/krebs/Zhosts/cloudkrebs @@ -1,4 +1,4 @@ -Address = 167.88.34.190 +Address = 104.167.113.104 Subnet = 10.243.206.102 Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f762 -- cgit v1.2.3 From ceb8226bc453244f8740137b58707b8e32a28c76 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Sep 2015 15:19:31 +0200 Subject: krebs: new key for echelon --- krebs/3modules/default.nix | 14 +++++++------- krebs/Zhosts/echelon | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6f7b5c7b9..a0603cd8c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -143,7 +143,7 @@ let dc = "lass"; #dc = "cac"; nets = rec { internet = { - addrs4 = ["162.248.8.63"]; + addrs4 = ["104.233.84.57"]; aliases = [ "echelon.internet" ]; @@ -158,12 +158,12 @@ let ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78 - DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A - IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K - N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t - cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq - UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB + MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ + oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX + MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f + 4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA + n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p + do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB -----END RSA PUBLIC KEY----- ''; }; diff --git a/krebs/Zhosts/echelon b/krebs/Zhosts/echelon index 9d1c324fd..de4366875 100644 --- a/krebs/Zhosts/echelon +++ b/krebs/Zhosts/echelon @@ -1,12 +1,12 @@ -Address = 168.235.156.81 +Address = 104.233.84.57 Subnet = 10.243.206.103 Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f763 -----BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78 -DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A -IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K -N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t -cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq -UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB +MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ +oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX +MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f +4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA +n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p +do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB -----END RSA PUBLIC KEY----- -- cgit v1.2.3 From a34de6743a44760d21589d4e1a154ccc5c621420 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Sep 2015 15:20:13 +0200 Subject: lass 2 retiolum: connect to echelon --- lass/2configs/retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 17cd1d822..d7df15027 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -21,6 +21,7 @@ connectTo = [ "fastpoke" "cloudkrebs" + "echelon" "pigstarter" "gum" "flap" -- cgit v1.2.3 From 60be21be0a06687b22af02d0bbce606860d00638 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 1 Oct 2015 01:44:59 +0200 Subject: get: 1.1.1 -> 1.2.0 --- krebs/5pkgs/get/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix index e2591db73..313c1bbb5 100644 --- a/krebs/5pkgs/get/default.nix +++ b/krebs/5pkgs/get/default.nix @@ -1,12 +1,12 @@ { coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }: stdenv.mkDerivation { - name = "get-1.1.1"; + name = "get-1.2.0"; src = fetchgit { url = http://cgit.cd.retiolum/get; - rev = "e64826a4f5f74cbaa895e538b97d0e523e9709f9"; - sha256 = "4d1aa07bba52f697cf7aa7ad1b02b9ff41598dfea83c578e77b8d81e3e8830d2"; + rev = "9801ebe6f527b9505799ff423c427c03694d85de"; + sha256 = "278dee0b873907650b97cc95a60c26f027ed59d75d9c4c23e9667a352ea60eea"; }; phases = [ -- cgit v1.2.3 From bfe0723728ae2d995b99f22fe9783a34889b1828 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 1 Oct 2015 01:48:15 +0200 Subject: move config scripts to krebs --- Makefile | 15 +- default.nix | 31 ++- krebs/3modules/build.nix | 72 +++++++ krebs/3modules/build/default.nix | 304 ----------------------------- krebs/3modules/build/infest/finalize.sh | 65 ------ krebs/3modules/build/infest/install-nix.sh | 57 ------ krebs/3modules/build/infest/prepare.sh | 74 ------- krebs/3modules/default.nix | 2 +- krebs/4lib/infest/finalize.sh | 65 ++++++ krebs/4lib/infest/install-nix.sh | 57 ++++++ krebs/4lib/infest/prepare.sh | 74 +++++++ krebs/default.nix | 263 +++++++++++++++++++++++++ 12 files changed, 554 insertions(+), 525 deletions(-) create mode 100644 krebs/3modules/build.nix delete mode 100644 krebs/3modules/build/default.nix delete mode 100644 krebs/3modules/build/infest/finalize.sh delete mode 100644 krebs/3modules/build/infest/install-nix.sh delete mode 100644 krebs/3modules/build/infest/prepare.sh create mode 100644 krebs/4lib/infest/finalize.sh create mode 100644 krebs/4lib/infest/install-nix.sh create mode 100644 krebs/4lib/infest/prepare.sh create mode 100644 krebs/default.nix diff --git a/Makefile b/Makefile index 3727793e8..552e6e0fd 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,8 @@ # # usage: -# make system=foo -# make systems='foo bar' +# make infest system=foo [target=bar] +# make [deploy] system=foo [target=bar] +# make [deploy] systems='foo bar' # make eval get=tv.wu.config.time.timeZone [filter=json] # @@ -11,6 +12,7 @@ ifdef systems $(systems): @ + unset target parallel \ --line-buffer \ -j0 \ @@ -20,7 +22,7 @@ $(systems): else ifdef system .PHONY: deploy infest deploy infest:;@ - export get=$$LOGNAME.${system}.config.krebs.build.scripts.$@ + export get=krebs.$@ export filter=json make -s eval | sh @@ -39,8 +41,11 @@ endif --eval \ -A "$$get" \ '' \ - --argstr user-name "$$LOGNAME" \ - --argstr host-name "$$HOSTNAME" \ + --argstr current-date "$$(date -Is)" \ + --argstr current-host-name "$$HOSTNAME" \ + --argstr current-user-name "$$LOGNAME" \ + $${system+--argstr system "$$system"} \ + $${target+--argstr target "$$target"} \ | filter else $(error unbound variable: system[s]) diff --git a/default.nix b/default.nix index 1c3341ba7..7f3f621b8 100644 --- a/default.nix +++ b/default.nix @@ -1,36 +1,29 @@ -{ user-name, host-name }: +{ current-date +, current-host-name +, current-user-name +}: let lib = import ; krebs-modules-path = ./krebs/3modules; krebs-pkgs-path = ./krebs/5pkgs; - user-modules-path = ./. + "/${user-name}/3modules"; - user-pkgs-path = ./. + "/${user-name}/5pkgs"; + user-modules-path = ./. + "/${current-user-name}/3modules"; + user-pkgs-path = ./. + "/${current-user-name}/5pkgs"; out = - (lib.mapAttrs (k: v: mk-namespace (./. + "/${k}")) + (lib.mapAttrs + (k: v: + if builtins.pathExists (./. + "/${k}/1systems") + then mk-namespace (./. + "/${k}") + else import (./. + "/${k}")) (lib.filterAttrs - (k: v: !lib.hasPrefix "." k && v == "directory" && - builtins.pathExists (./. + "/${k}/1systems")) + (k: v: !lib.hasPrefix "." k && v == "directory") (builtins.readDir ./.))); eval = path: import { system = builtins.currentSystem; modules = [ - ({ config, ... }: - with import ./krebs/4lib { inherit lib; }; - { - options.krebs.exec.host = mkOption { - type = types.host; - default = config.krebs.hosts.${host-name}; - }; - options.krebs.exec.user = mkOption { - type = types.user; - default = config.krebs.users.${user-name}; - }; - } - ) path krebs-modules-path user-modules-path diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix new file mode 100644 index 000000000..57495ea69 --- /dev/null +++ b/krebs/3modules/build.nix @@ -0,0 +1,72 @@ +{ config, lib, ... }: + +with import ../4lib { inherit lib; }; + +let + target = config.krebs.build // { user.name = "root"; }; + + out = { + # TODO deprecate krebs.build.host + options.krebs.build.host = mkOption { + type = types.host; + }; + + # TODO make krebs.build.profile shell safe + options.krebs.build.profile = mkOption { + type = types.str; + default = "/nix/var/nix/profiles/system"; + }; + + # TODO make krebs.build.target.host :: host + options.krebs.build.target = mkOption { + type = with types; nullOr str; + default = null; + }; + + # TODO deprecate krebs.build.user + options.krebs.build.user = mkOption { + type = types.user; + }; + + options.krebs.build.source.dir = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + host = mkOption { + type = types.host; + }; + path = mkOption { + type = types.str; + }; + target-path = mkOption { + type = types.str; + default = "/root/${config._module.args.name}"; + }; + url = mkOption { + type = types.str; + default = "file://${config.host.name}${config.path}"; + }; + }; + })); + default = {}; + }; + + options.krebs.build.source.git = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + url = mkOption { + type = types.str; # TODO must be shell safe + }; + rev = mkOption { + type = types.str; + }; + target-path = mkOption { + type = types.str; + default = "/root/${config._module.args.name}"; + }; + }; + })); + default = {}; + }; + }; + +in out diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix deleted file mode 100644 index 23bd8c8fd..000000000 --- a/krebs/3modules/build/default.nix +++ /dev/null @@ -1,304 +0,0 @@ -{ config, lib, ... }: - -with import ../../4lib { inherit lib; }; - -let - target = config.krebs.build // { user.name = "root"; }; - - out = { - # TODO deprecate krebs.build.host - options.krebs.build.host = mkOption { - type = types.host; - }; - - # TODO make krebs.build.profile shell safe - options.krebs.build.profile = mkOption { - type = types.str; - default = "/nix/var/nix/profiles/system"; - }; - - # TODO make krebs.build.target.host :: host - options.krebs.build.target = mkOption { - type = with types; nullOr str; - default = null; - }; - - # TODO deprecate krebs.build.user - options.krebs.build.user = mkOption { - type = types.user; - }; - - options.krebs.build.scripts.init = lib.mkOption { - type = lib.types.str; - default = - let - inherit (config.krebs.build) host; - in - '' - #! /bin/sh - set -efu - - hostname=${host.name} - secrets_dir=${config.krebs.build.source.dir.secrets.path} - key_type=ed25519 - key_file=$secrets_dir/ssh.id_$key_type - key_comment=$hostname - - if test -e "$key_file"; then - echo "Warning: privkey already exists: $key_file" >&2 - else - ssh-keygen \ - -C "$key_comment" \ - -t "$key_type" \ - -f "$key_file" \ - -N "" - rm "$key_file.pub" - fi - - pubkey=$(ssh-keygen -y -f "$key_file") - - cat< nixos-install - chmod +x nixos-install - - # Wrap inserted config.krebs.build.scripts._nix-env into chroot. - nix_env=$(cat_src | sed -n ' - s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q - ') - echo nix-env is $nix_env - sed -i ' - s:^nix-env:chroot $mountPoint '"$nix_env"': - ' nixos-install - - ./nixos-install - - ${readFile ./infest/finalize.sh} - ''} - ''; - }; - - options.krebs.build.scripts._nix-env = lib.mkOption { - type = lib.types.str; - default = '' - set -efu - NIX_PATH=${config.krebs.build.source.NIX_PATH} \ - nix-env \ - -f '' \ - -Q \ - --argstr user-name ${config.krebs.exec.user.name} \ - --argstr host-name ${target.host.name} \ - --profile ${config.krebs.build.profile} \ - --set \ - -A ${lib.escapeShellArg (lib.concatStringsSep "." [ - config.krebs.build.user.name - config.krebs.build.host.name - "system" - ])} - ''; - }; - - options.krebs.build.scripts._source = lib.mkOption { - type = lib.types.str; - default = '' - set -efu - ${ - lib.concatStringsSep "\n" - (lib.mapAttrsToList - (name: { scripts, url, ... }: "(${scripts._source})") - (config.krebs.build.source.dir // - config.krebs.build.source.git)) - } - ''; - }; - - options.krebs.build.source.NIX_PATH = mkOption { - type = types.str; - default = - lib.concatStringsSep ":" - (lib.mapAttrsToList (name: _: "${name}=/root/${name}") - (config.krebs.build.source.dir // - config.krebs.build.source.git)); - }; - - options.krebs.build.source.dir = mkOption { - type = - let - exec = config.krebs.exec; - in - types.attrsOf (types.submodule ({ config, ... }: - let - url = "file://${config.host.name}${config.path}"; - - can-link = config.host.name == target.host.name; - can-push = config.host.name == exec.host.name; - - push-method = '' - rsync \ - --exclude .git \ - --exclude .graveyard \ - --exclude old \ - --exclude tmp \ - --rsync-path='mkdir -p ${config.target-path} && rsync' \ - --delete-excluded \ - -vrLptgoD \ - ${config.path}/ \ - ${target.user.name}@${target.host.name}:${config.target-path} - ''; - in - { - options = { - host = mkOption { - type = types.host; - }; - path = mkOption { - type = types.str; - }; - scripts._source = mkOption { - type = types.str; - default = - #if can-link then link-method else - if can-push then push-method else - throw "cannot source ${url}"; - }; - target-path = mkOption { - type = types.str; - default = "/root/${config._module.args.name}"; - }; - url = mkOption { - type = types.str; - default = "file://${config.host.name}${config.path}"; - }; - }; - } - )); - default = {}; - }; - - options.krebs.build.source.git = mkOption { - type = - let - target = config.krebs.build // { user.name = "root"; }; - in - with types; attrsOf (submodule ({ config, ... }: - { - options = { - url = mkOption { - type = types.str; # TODO must be shell safe - }; - rev = mkOption { - type = types.str; - }; - scripts._source = mkOption { - type = types.str; - default = ssh-target '' - mkdir -p ${config.target-path} - cd ${config.target-path} - if ! test -e .git; then - git init - fi - if ! cur_url=$(git config remote.origin.url 2>/dev/null); then - git remote add origin ${config.url} - elif test "$cur_url" != ${config.url}; then - git remote set-url origin ${config.url} - fi - if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then - git fetch origin - git checkout ${config.rev} -- . - git checkout -q ${config.rev} - git submodule init - git submodule update - fi - git clean -dxf - ''; - }; - target-path = mkOption { - type = types.str; - default = "/root/${config._module.args.name}"; - }; - }; - } - )); - default = {}; - }; - }; - - doc = s: - let b = "EOF${hashString "sha256" s}"; in - '' - <<\${b} - ${s} - ${b} - ''; - - ssh-target = script: - "ssh root@${target.host.name} -T ${doc '' - set -efu - ${script} - ''}"; - -in out diff --git a/krebs/3modules/build/infest/finalize.sh b/krebs/3modules/build/infest/finalize.sh deleted file mode 100644 index ced5a4d4d..000000000 --- a/krebs/3modules/build/infest/finalize.sh +++ /dev/null @@ -1,65 +0,0 @@ -#! /bin/sh -set -eux -{ - umount /mnt/nix || [ $? -eq 32 ] - umount /mnt/boot || [ $? -eq 32 ] - umount /mnt/root || [ $? -eq 32 ] - umount /mnt || [ $? -eq 32 ] - umount /boot || [ $? -eq 32 ] - - PATH=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i) - export PATH - - mkdir /oldshit - - mv /bin /oldshit/ - mv /newshit/bin / - - # TODO ensure /boot is empty - rmdir /newshit/boot - - # skip /dev - rmdir /newshit/dev - - mv /etc /oldshit/ - mv /newshit/etc / - - # skip /nix (it's already there) - rmdir /newshit/nix - - # skip /proc - rmdir /newshit/proc - - # skip /run - rmdir /newshit/run - - # skip /sys - rmdir /newshit/sys - - # skip /root - rmdir /newshit/root - - # skip /tmp - # TODO rmdir /newshit/tmp - - mv /home /oldshit/ - mv /newshit/home / - - mv /usr /oldshit/ - mv /newshit/usr / - - mv /var /oldshit/ - mv /newshit/var / - - mv /lib /oldshit/ - mv /lib64 /oldshit/ - mv /sbin /oldshit/ - mv /srv /oldshit/ - mv /opt /oldshit/ - - - mv /newshit /root/ # TODO this one shoult be empty - mv /oldshit /root/ - - sync -} diff --git a/krebs/3modules/build/infest/install-nix.sh b/krebs/3modules/build/infest/install-nix.sh deleted file mode 100644 index 88c8c3e1e..000000000 --- a/krebs/3modules/build/infest/install-nix.sh +++ /dev/null @@ -1,57 +0,0 @@ -#! /bin/sh -set -efu - -nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2 -nix_sha256=504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4 - -install_nix() {( - - # install nix on host (cf. https://nixos.org/nix/install) - if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then - ( - verify() { - printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c - } - if ! verify; then - curl -C - -O "$nix_url" - verify - fi - ) - nix_src_dir=$(basename $nix_url .tar.bz2) - tar jxf $nix_src_dir.tar.bz2 - mkdir -v -m 0755 -p /nix - $nix_src_dir/install - fi - - #TODO: make this general or move to prepare - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then - mkdir -p /mnt/nix - mount --bind /nix /mnt/nix - fi - - . /root/.nix-profile/etc/profile.d/nix.sh - - for i in \ - bash \ - coreutils \ - # This line intentionally left blank. - do - if ! nix-env -q $i | grep -q .; then - nix-env -iA nixpkgs.pkgs.$i - fi - done - - # install nixos-install - if ! type nixos-install 2>/dev/null; then - nixpkgs_expr='import { system = builtins.currentSystem; }' - nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d) - nix-env \ - --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ - --arg pkgs "$nixpkgs_expr" \ - --arg modulesPath 'throw "no modulesPath"' \ - -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ - -iA config.system.build.nixos-install - fi -)} - -install_nix "$@" diff --git a/krebs/3modules/build/infest/prepare.sh b/krebs/3modules/build/infest/prepare.sh deleted file mode 100644 index 07c00c3a5..000000000 --- a/krebs/3modules/build/infest/prepare.sh +++ /dev/null @@ -1,74 +0,0 @@ -#! /bin/sh -set -efu - -prepare() {( - if test -e /etc/os-release; then - . /etc/os-release - case $ID in - centos) - case $VERSION_ID in - 7) - prepare_centos7 "$@" - exit - ;; - esac - ;; - esac - fi - echo "$0 prepare: unknown OS" >&2 - exit -1 -)} - -prepare_centos7() { - type bzip2 2>/dev/null || yum install -y bzip2 - type git 2>/dev/null || yum install -y git - type rsync 2>/dev/null || yum install -y rsync - if ! getent group nixbld >/dev/null; then - groupadd -g 30000 -r nixbld - fi - for i in `seq 1 10`; do - if ! getent passwd nixbld$i 2>/dev/null; then - useradd \ - -c "CentOS Nix build user $i" \ - -d /var/empty \ - -g 30000 \ - -G 30000 \ - -l \ - -M \ - -s /sbin/nologin \ - -u $(expr 30000 + $i) \ - nixbld$i - rm -f /var/spool/mail/nixbld$i - fi - done - - # - # mount install directory - # - - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then - mkdir -p /newshit - mount --bind /newshit /mnt - fi - - if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then - mkdir -p /mnt/boot - mount /dev/sda1 /mnt/boot - fi - - mount | grep 'on /mnt\>' >&2 - - # - # prepare install directory - # - - mkdir -p /mnt/etc/nixos - mkdir -m 0555 -p /mnt/var/empty - - if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then - mkdir -p /mnt/root - mount --bind /root /mnt/root - fi -} - -prepare "$@" diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2b4a13c42..d3481505b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,7 +6,7 @@ let out = { imports = [ - ./build + ./build.nix ./exim-retiolum.nix ./exim-smarthost.nix ./github-hosts-sync.nix diff --git a/krebs/4lib/infest/finalize.sh b/krebs/4lib/infest/finalize.sh new file mode 100644 index 000000000..ced5a4d4d --- /dev/null +++ b/krebs/4lib/infest/finalize.sh @@ -0,0 +1,65 @@ +#! /bin/sh +set -eux +{ + umount /mnt/nix || [ $? -eq 32 ] + umount /mnt/boot || [ $? -eq 32 ] + umount /mnt/root || [ $? -eq 32 ] + umount /mnt || [ $? -eq 32 ] + umount /boot || [ $? -eq 32 ] + + PATH=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i) + export PATH + + mkdir /oldshit + + mv /bin /oldshit/ + mv /newshit/bin / + + # TODO ensure /boot is empty + rmdir /newshit/boot + + # skip /dev + rmdir /newshit/dev + + mv /etc /oldshit/ + mv /newshit/etc / + + # skip /nix (it's already there) + rmdir /newshit/nix + + # skip /proc + rmdir /newshit/proc + + # skip /run + rmdir /newshit/run + + # skip /sys + rmdir /newshit/sys + + # skip /root + rmdir /newshit/root + + # skip /tmp + # TODO rmdir /newshit/tmp + + mv /home /oldshit/ + mv /newshit/home / + + mv /usr /oldshit/ + mv /newshit/usr / + + mv /var /oldshit/ + mv /newshit/var / + + mv /lib /oldshit/ + mv /lib64 /oldshit/ + mv /sbin /oldshit/ + mv /srv /oldshit/ + mv /opt /oldshit/ + + + mv /newshit /root/ # TODO this one shoult be empty + mv /oldshit /root/ + + sync +} diff --git a/krebs/4lib/infest/install-nix.sh b/krebs/4lib/infest/install-nix.sh new file mode 100644 index 000000000..88c8c3e1e --- /dev/null +++ b/krebs/4lib/infest/install-nix.sh @@ -0,0 +1,57 @@ +#! /bin/sh +set -efu + +nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2 +nix_sha256=504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4 + +install_nix() {( + + # install nix on host (cf. https://nixos.org/nix/install) + if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then + ( + verify() { + printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c + } + if ! verify; then + curl -C - -O "$nix_url" + verify + fi + ) + nix_src_dir=$(basename $nix_url .tar.bz2) + tar jxf $nix_src_dir.tar.bz2 + mkdir -v -m 0755 -p /nix + $nix_src_dir/install + fi + + #TODO: make this general or move to prepare + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then + mkdir -p /mnt/nix + mount --bind /nix /mnt/nix + fi + + . /root/.nix-profile/etc/profile.d/nix.sh + + for i in \ + bash \ + coreutils \ + # This line intentionally left blank. + do + if ! nix-env -q $i | grep -q .; then + nix-env -iA nixpkgs.pkgs.$i + fi + done + + # install nixos-install + if ! type nixos-install 2>/dev/null; then + nixpkgs_expr='import { system = builtins.currentSystem; }' + nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d) + nix-env \ + --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ + --arg pkgs "$nixpkgs_expr" \ + --arg modulesPath 'throw "no modulesPath"' \ + -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ + -iA config.system.build.nixos-install + fi +)} + +install_nix "$@" diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh new file mode 100644 index 000000000..07c00c3a5 --- /dev/null +++ b/krebs/4lib/infest/prepare.sh @@ -0,0 +1,74 @@ +#! /bin/sh +set -efu + +prepare() {( + if test -e /etc/os-release; then + . /etc/os-release + case $ID in + centos) + case $VERSION_ID in + 7) + prepare_centos7 "$@" + exit + ;; + esac + ;; + esac + fi + echo "$0 prepare: unknown OS" >&2 + exit -1 +)} + +prepare_centos7() { + type bzip2 2>/dev/null || yum install -y bzip2 + type git 2>/dev/null || yum install -y git + type rsync 2>/dev/null || yum install -y rsync + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -c "CentOS Nix build user $i" \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + rm -f /var/spool/mail/nixbld$i + fi + done + + # + # mount install directory + # + + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then + mkdir -p /newshit + mount --bind /newshit /mnt + fi + + if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then + mkdir -p /mnt/boot + mount /dev/sda1 /mnt/boot + fi + + mount | grep 'on /mnt\>' >&2 + + # + # prepare install directory + # + + mkdir -p /mnt/etc/nixos + mkdir -m 0555 -p /mnt/var/empty + + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then + mkdir -p /mnt/root + mount --bind /root /mnt/root + fi +} + +prepare "$@" diff --git a/krebs/default.nix b/krebs/default.nix new file mode 100644 index 000000000..0ec4c6079 --- /dev/null +++ b/krebs/default.nix @@ -0,0 +1,263 @@ +{ current-date +, current-host-name +, current-user-name +}@current: rec { + + deploy = + { system ? current-host-name + , target ? system + }@args: let + config = lib.get-config system; + in '' + #! /bin/sh + # ${current-date} ${current-user-name}@${current-host-name} + # krebs.deploy + set -efu + (${lib.populate args}) + ${lib.rootssh target '' + ${lib.install args} + ${config.krebs.build.profile}/bin/switch-to-configuration switch + ''} + echo OK + ''; + + infest = + { system ? current-host-name + , target ? system + }@args: let + in '' + #! /bin/sh + # ${current-date} ${current-user-name}@${current-host-name} + # krebs.infest + set -efu + + # XXX type -p is non-standard + #export RSYNC_RSH; RSYNC_RSH="$(type -p ssh) \ + # -o 'HostName $ {target.host.infest.addr}' \ + # -o 'Port $ {toString target.host.infest.port}' \ + #" + #ssh() { + # eval "$RSYNC_RSH \"\$@\"" + #} + + ${lib.rootssh target '' + ${builtins.readFile ./4lib/infest/prepare.sh} + ${builtins.readFile ./4lib/infest/install-nix.sh} + ''} + + (${lib.populate args}) + + ${lib.rootssh target '' + export PATH; PATH=/root/.nix-profile/bin:$PATH + + src=$(type -p nixos-install) + cat_src() { + sed < "$src" "$( + { sed < "$src" -n ' + /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/= + /^nixpkgs=/= + /^NIX_PATH=/,/^$/{/./=} + + # Disable: Copy the NixOS/Nixpkgs sources to the target as + # the initial contents of the NixOS channel. + /^srcs=/,/^ln -sfn /= + ' + } | sed 's:$:s/^/#krebs#/:' + )" + } + + # Location to insert lib.install + i=$(sed -n '/^echo "building the system configuration/=' "$src") + + { + cat_src | sed -n "1,$i{p}" + cat ${lib.doc (lib.install args)} + cat_src | sed -n "$i,\''${$i!p}" + } > nixos-install + chmod +x nixos-install + + ## Wrap inserted lib.install into chroot. + #nix_env=$(cat_src | sed -n ' + # s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q + #') + #echo nix-env is $nix_env + #sed -i ' + # s:^nix-env:chroot $mountPoint '"$nix_env"': + #' nixos-install + + ./nixos-install + + ${builtins.readFile ./4lib/infest/finalize.sh} + ''} + ''; + + init = + { system ? current-host-name + }@args: let + config = lib.get-config system; + in '' + #! /bin/sh + # ${current-date} ${current-user-name}@${current-host-name} + # krebs.init + set -efu + + system=${lib.shell.escape system} + secrets_dir=${config.krebs.build.source.dir.secrets.path} + key_type=ed25519 + key_file=$secrets_dir/ssh.id_$key_type + key_comment=$system + + if test -e "$key_file"; then + echo "Warning: privkey already exists: $key_file" >&2 + else + ssh-keygen \ + -C "$key_comment" \ + -t "$key_type" \ + -f "$key_file" \ + -N "" + rm "$key_file.pub" + fi + + pubkey=$(ssh-keygen -y -f "$key_file") + + cat<; } // rec { + + stockholm = import ../. current; + + get-config = system: + stockholm.${current-user-name}.${system}.config + or (abort "unknown system: ${system}"); + + doc = s: + let b = "EOF${builtins.hashString "sha256" s}"; in + '' + <<\${b} + ${s} + ${b} + ''; + + rootssh = target: script: + "ssh root@${target} -T ${lib.doc '' + set -efu + ${script} + ''}"; + + install = + { system ? current-host-name + , target ? system + }: + let + stockholm = import ../. { + inherit current-date; + inherit current-host-name; + inherit current-user-name; + }; + + config = stockholm.${current-user-name}.${system}.config + or (abort "unknown system: ${system}"); + + nix-path = + lib.concatStringsSep ":" + (lib.mapAttrsToList (name: _: "${name}=/root/${name}") + (config.krebs.build.source.dir // + config.krebs.build.source.git)); + in '' + set -efu + NIX_PATH=${lib.shell.escape nix-path} \ + nix-env \ + --show-trace \ + -f '' \ + -Q \ + --argstr current-date ${lib.shell.escape current-date} \ + --argstr current-host-name ${lib.shell.escape current-host-name} \ + --argstr current-user-name ${lib.shell.escape current-user-name} \ + --profile ${lib.shell.escape config.krebs.build.profile} \ + --set \ + -A ${lib.escapeShellArg (lib.concatStringsSep "." [ + config.krebs.build.user.name + config.krebs.build.host.name + "system" + ])} + ''; + + populate = + { system ? current-host-name + , target ? system + }@args: + let out = '' + #! /bin/sh + # ${current-date} ${current-user-name}@${current-host-name} + set -efu + ${lib.concatStringsSep "\n" + (lib.concatMap + (type: lib.mapAttrsToList (_: methods.${type}) + config.krebs.build.source.${type}) + ["dir" "git"])} + ''; + + stockholm = import ../. { + inherit current-date; + inherit current-host-name; + inherit current-user-name; + }; + + config = stockholm.${current-user-name}.${system}.config + or (abort "unknown system: ${system}"); + + current-host = config.krebs.hosts.${current-host-name}; + current-user = config.krebs.users.${current-user-name}; + + target-host = config.krebs.hosts.${system}; + + methods.dir = config: + let + can-link = config.host.name == target-host.name; + can-push = config.host.name == current-host.name; + push-method = '' + rsync \ + --exclude .git \ + --exclude .graveyard \ + --exclude old \ + --exclude tmp \ + --rsync-path='mkdir -p ${config.target-path} && rsync' \ + --delete-excluded \ + -vrLptgoD \ + ${config.path}/ \ + root@${target}:${config.target-path} + ''; + url = "file://${config.host.name}${config.path}"; + in + #if can-link then link-method else + if can-push then push-method else + throw "cannot source ${url}"; + + methods.git = config: + lib.rootssh target '' + mkdir -p ${config.target-path} + cd ${config.target-path} + if ! test -e .git; then + git init + fi + if ! cur_url=$(git config remote.origin.url 2>/dev/null); then + git remote add origin ${config.url} + elif test "$cur_url" != ${config.url}; then + git remote set-url origin ${config.url} + fi + if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then + git fetch origin + git checkout ${config.rev} -- . + git checkout -q ${config.rev} + git submodule init + git submodule update + fi + git clean -dxf + ''; + in out; + }; +} -- cgit v1.2.3 From 3bb7ba2