From 3be10ef41a1f72ad39a11576df180f44b435d8c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 13:56:24 +0200 Subject: ma iso.euer.krebsco.de: init --- makefu/1systems/iso/config.nix | 1 + makefu/2configs/nginx/iso.euer.nix | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 makefu/2configs/nginx/iso.euer.nix diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix index f863321bd..34a75dbd3 100644 --- a/makefu/1systems/iso/config.nix +++ b/makefu/1systems/iso/config.nix @@ -11,6 +11,7 @@ with import ; # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos krebs.build.host = config.krebs.hosts.iso; + isoImage.isoBaseName = lib.mkForce "stockholm"; krebs.hidden-ssh.enable = true; environment.systemPackages = with pkgs; [ aria2 diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix new file mode 100644 index 000000000..63ef380fa --- /dev/null +++ b/makefu/2configs/nginx/iso.euer.nix @@ -0,0 +1,25 @@ +{config, pkgs, ... }: +let + system = builtins.currentSystem; #we can also build for other platforms + iso = (import + { inherit system; + modules = [ ../../1systems/iso/config.nix ]; } + + ); + image = iso.config.system.build.isoImage; + name = iso.config.isoImage.isoName; +in +{ + services.nginx = { + virtualHosts = { + "iso.euer.krebsco.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "${image}/iso"; + index = name; + }; + }; + }; + }; +} -- cgit v1.2.3 From 9d2749e5caa4b3c8e3208c821199d9c2484c349b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 14:56:24 +0200 Subject: ma iso.euer.krebsco.de: expose iso as drivedroid repo --- makefu/2configs/nginx/iso.euer.nix | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix index 63ef380fa..522b7f6f8 100644 --- a/makefu/2configs/nginx/iso.euer.nix +++ b/makefu/2configs/nginx/iso.euer.nix @@ -1,4 +1,4 @@ -{config, pkgs, ... }: +{ config, pkgs, ... }: let system = builtins.currentSystem; #we can also build for other platforms iso = (import @@ -8,6 +8,25 @@ let ); image = iso.config.system.build.isoImage; name = iso.config.isoImage.isoName; + + drivedroid-cfg = builtins.toJSON [{ + id = "stockholm"; + name = "stockholm"; + tags = [ "hybrid" ]; + url = http://krebsco.de; + releases = [ + { version = iso.config.system.nixos.label; + url = "/stockholm.iso"; + arch = system; } + ]; + # size = TODO; + }]; + web = pkgs.linkFarm "web" [{ + name = "drivedroid.json"; + path = pkgs.writeText "drivedroid.json" drivedroid-cfg; } + { name = "stockholm.iso"; + path = "${image}/iso/${name}"; } + ]; in { services.nginx = { @@ -15,10 +34,8 @@ in "iso.euer.krebsco.de" = { enableACME = true; forceSSL = true; - locations."/" = { - root = "${image}/iso"; - index = name; - }; + root = web; + locations."/".index = "drivedroid.json"; }; }; }; -- cgit v1.2.3 From b2a3bd38ea70307c8b136eba42de7cc882afd441 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 17:13:24 +0200 Subject: ma iso.euer: add imageUrl --- makefu/2configs/nginx/iso.euer.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix index 522b7f6f8..701609d4b 100644 --- a/makefu/2configs/nginx/iso.euer.nix +++ b/makefu/2configs/nginx/iso.euer.nix @@ -11,6 +11,7 @@ let drivedroid-cfg = builtins.toJSON [{ id = "stockholm"; + imageUrl = http://krebsco.de/krebs-v2.png; name = "stockholm"; tags = [ "hybrid" ]; url = http://krebsco.de; -- cgit v1.2.3 From ea9fcce6944eb71ebb03862ced66cf280dad55a2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 18:49:19 +0200 Subject: shell.nix: RIP --- default.nix | 3 - jeschli/1systems/bln/source.nix | 4 - jeschli/1systems/bolide/source.nix | 4 - jeschli/1systems/brauerei/source.nix | 4 - jeschli/1systems/enklave/source.nix | 3 - jeschli/1systems/reagenzglas/.source.nix.swp | Bin 12288 -> 0 bytes jeschli/1systems/reagenzglas/source.nix | 4 - jeschli/source.nix | 26 --- krebs/0tests/deploy.nix | 5 - krebs/1systems/hotdog/source.nix | 3 - krebs/1systems/onebutton/source.nix | 13 -- krebs/1systems/puyak/source.nix | 3 - krebs/1systems/test-all-krebs-modules/source.nix | 3 - krebs/1systems/test-arch/source.nix | 3 - krebs/1systems/test-centos6/source.nix | 3 - krebs/1systems/test-centos7/source.nix | 3 - krebs/1systems/test-failing/source.nix | 3 - krebs/1systems/test-minimal-deploy/source.nix | 3 - krebs/1systems/wolf/source.nix | 3 - krebs/5pkgs/simple/stockholm/default.nix | 230 ----------------------- krebs/source.nix | 29 --- lass/1systems/blue/source.nix | 4 - lass/1systems/cabal/source.nix | 4 - lass/1systems/daedalus/source.nix | 4 - lass/1systems/icarus/source.nix | 4 - lass/1systems/littleT/source.nix | 4 - lass/1systems/mors/source.nix | 4 - lass/1systems/prism/source.nix | 4 - lass/1systems/red/source.nix | 4 - lass/1systems/shodan/source.nix | 3 - lass/1systems/skynet/source.nix | 4 - lass/1systems/uriel/source.nix | 3 - lass/1systems/xerxes/source.nix | 5 - lass/source.nix | 29 --- makefu/2configs/tools/dev.nix | 1 - makefu/source.nix | 2 +- nin/1systems/axon/source.nix | 4 - nin/1systems/hiawatha/source.nix | 4 - nin/1systems/onondaga/source.nix | 4 - nin/source.nix | 23 --- shell.nix | 38 ---- tv/1systems/alnus/source.nix | 4 - tv/1systems/mu/source.nix | 3 - tv/1systems/nomic/source.nix | 4 - tv/1systems/querel/source.nix | 3 - tv/1systems/wu/source.nix | 4 - tv/1systems/xu/source.nix | 4 - tv/1systems/zu/source.nix | 4 - tv/source.nix | 37 ---- 49 files changed, 1 insertion(+), 566 deletions(-) delete mode 100644 jeschli/1systems/bln/source.nix delete mode 100644 jeschli/1systems/bolide/source.nix delete mode 100644 jeschli/1systems/brauerei/source.nix delete mode 100644 jeschli/1systems/enklave/source.nix delete mode 100644 jeschli/1systems/reagenzglas/.source.nix.swp delete mode 100644 jeschli/1systems/reagenzglas/source.nix delete mode 100644 jeschli/source.nix delete mode 100644 krebs/1systems/hotdog/source.nix delete mode 100644 krebs/1systems/onebutton/source.nix delete mode 100644 krebs/1systems/puyak/source.nix delete mode 100644 krebs/1systems/test-all-krebs-modules/source.nix delete mode 100644 krebs/1systems/test-arch/source.nix delete mode 100644 krebs/1systems/test-centos6/source.nix delete mode 100644 krebs/1systems/test-centos7/source.nix delete mode 100644 krebs/1systems/test-failing/source.nix delete mode 100644 krebs/1systems/test-minimal-deploy/source.nix delete mode 100644 krebs/1systems/wolf/source.nix delete mode 100644 krebs/5pkgs/simple/stockholm/default.nix delete mode 100644 krebs/source.nix delete mode 100644 lass/1systems/blue/source.nix delete mode 100644 lass/1systems/cabal/source.nix delete mode 100644 lass/1systems/daedalus/source.nix delete mode 100644 lass/1systems/icarus/source.nix delete mode 100644 lass/1systems/littleT/source.nix delete mode 100644 lass/1systems/mors/source.nix delete mode 100644 lass/1systems/prism/source.nix delete mode 100644 lass/1systems/red/source.nix delete mode 100644 lass/1systems/shodan/source.nix delete mode 100644 lass/1systems/skynet/source.nix delete mode 100644 lass/1systems/uriel/source.nix delete mode 100644 lass/1systems/xerxes/source.nix delete mode 100644 lass/source.nix delete mode 100644 nin/1systems/axon/source.nix delete mode 100644 nin/1systems/hiawatha/source.nix delete mode 100644 nin/1systems/onondaga/source.nix delete mode 100644 nin/source.nix delete mode 100644 shell.nix delete mode 100644 tv/1systems/alnus/source.nix delete mode 100644 tv/1systems/mu/source.nix delete mode 100644 tv/1systems/nomic/source.nix delete mode 100644 tv/1systems/querel/source.nix delete mode 100644 tv/1systems/wu/source.nix delete mode 100644 tv/1systems/xu/source.nix delete mode 100644 tv/1systems/zu/source.nix delete mode 100644 tv/source.nix diff --git a/default.nix b/default.nix index cab55d40a..5ae8e399e 100644 --- a/default.nix +++ b/default.nix @@ -13,10 +13,7 @@ import { (attrNames (filterAttrs (_: eq "directory") (readDir ( + "/${ns}/1systems")))) (name: let config = import ( + "/${ns}/1systems/${name}/config.nix"); - source = import ( + "/${ns}/1systems/${name}/source.nix"); in import { modules = [ config ]; - } // { - inherit source; }); } diff --git a/jeschli/1systems/bln/source.nix b/jeschli/1systems/bln/source.nix deleted file mode 100644 index 0864fd90c..000000000 --- a/jeschli/1systems/bln/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "bln"; - secure = true; -} diff --git a/jeschli/1systems/bolide/source.nix b/jeschli/1systems/bolide/source.nix deleted file mode 100644 index 0bd7af50f..000000000 --- a/jeschli/1systems/bolide/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "bolide"; - secure = true; -} diff --git a/jeschli/1systems/brauerei/source.nix b/jeschli/1systems/brauerei/source.nix deleted file mode 100644 index 61978768e..000000000 --- a/jeschli/1systems/brauerei/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "brauerei"; - secure = true; -} diff --git a/jeschli/1systems/enklave/source.nix b/jeschli/1systems/enklave/source.nix deleted file mode 100644 index 4f9f37be7..000000000 --- a/jeschli/1systems/enklave/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "enklave"; -} diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp deleted file mode 100644 index 8c1a75f39..000000000 Binary files a/jeschli/1systems/reagenzglas/.source.nix.swp and /dev/null differ diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix deleted file mode 100644 index 7543de6b9..000000000 --- a/jeschli/1systems/reagenzglas/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "reagenzglas"; - secure = true; -} diff --git a/jeschli/source.nix b/jeschli/source.nix deleted file mode 100644 index fc1413ee4..000000000 --- a/jeschli/source.nix +++ /dev/null @@ -1,26 +0,0 @@ -with import ; -host@{ name, secure ? false, override ? {} }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "jeschli"; - _file = + "/jeschli/1systems/${name}/source.nix"; - pkgs = import { - overlays = map import [ - - - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; - nixpkgs = (import host).nixpkgs; - secrets.file = getAttr builder { - buildbot = toString ; - jeschli = "${getEnv "HOME"}/secrets/${name}"; - }; - stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - } - override - ] diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix index d96963500..5fae60ecc 100644 --- a/krebs/0tests/deploy.nix +++ b/krebs/0tests/deploy.nix @@ -44,11 +44,6 @@ let exec >&2 source=${pkgs.writeJSON "source.json" populate-source} LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" - # TODO: make deploy work - #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ - # --force-populate \ - # --source=${./data/test-source.nix} \ - # --system=server \ ''; minimalSystem = (import { modules = [ diff --git a/krebs/1systems/hotdog/source.nix b/krebs/1systems/hotdog/source.nix deleted file mode 100644 index 0fa61b20f..000000000 --- a/krebs/1systems/hotdog/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "hotdog"; -} diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix deleted file mode 100644 index 91a998de7..000000000 --- a/krebs/1systems/onebutton/source.nix +++ /dev/null @@ -1,13 +0,0 @@ -with import ; -let - pkgs = import {}; - nixpkgs = builtins.fetchTarball { - url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; - }; -in import { - name = "onebutton"; - override.nixpkgs = mkForce { - file = toString nixpkgs; - }; - -} diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix deleted file mode 100644 index a21651899..000000000 --- a/krebs/1systems/puyak/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "puyak"; -} diff --git a/krebs/1systems/test-all-krebs-modules/source.nix b/krebs/1systems/test-all-krebs-modules/source.nix deleted file mode 100644 index 66fdaa773..000000000 --- a/krebs/1systems/test-all-krebs-modules/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "test-all-krebs-modules"; -} diff --git a/krebs/1systems/test-arch/source.nix b/krebs/1systems/test-arch/source.nix deleted file mode 100644 index bff9d4325..000000000 --- a/krebs/1systems/test-arch/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "test-arch"; -} diff --git a/krebs/1systems/test-centos6/source.nix b/krebs/1systems/test-centos6/source.nix deleted file mode 100644 index 3693bbb29..000000000 --- a/krebs/1systems/test-centos6/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "test-centos6"; -} diff --git a/krebs/1systems/test-centos7/source.nix b/krebs/1systems/test-centos7/source.nix deleted file mode 100644 index 44230f08d..000000000 --- a/krebs/1systems/test-centos7/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "test-centos7"; -} diff --git a/krebs/1systems/test-failing/source.nix b/krebs/1systems/test-failing/source.nix deleted file mode 100644 index 60b77a0a0..000000000 --- a/krebs/1systems/test-failing/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "test-failing"; -} diff --git a/krebs/1systems/test-minimal-deploy/source.nix b/krebs/1systems/test-minimal-deploy/source.nix deleted file mode 100644 index 032ab12bb..000000000 --- a/krebs/1systems/test-minimal-deploy/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "test-minimal-deploy"; -} diff --git a/krebs/1systems/wolf/source.nix b/krebs/1systems/wolf/source.nix deleted file mode 100644 index c292bfa62..000000000 --- a/krebs/1systems/wolf/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "wolf"; -} diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix deleted file mode 100644 index c973386d6..000000000 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ /dev/null @@ -1,230 +0,0 @@ -{ pkgs }: let - - stockholm-dir = ../../../..; - - lib = import (stockholm-dir + "/lib"); - - # - # high level commands - # - - cmds.deploy = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target.default = /* sh */ "$system"; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "stockholm.deploy" '' - set -efu - - . ${init.env} - . ${init.proxy "deploy" opts} - - # Use system's nixos-rebuild, which is not self-contained - export PATH=/run/current-system/sw/bin - exec ${utils.with-whatsupnix} \ - nixos-rebuild switch \ - --show-trace \ - -I "$target_path" - ''); - - cmds.get-version = pkgs.writeDash "get-version" '' - set -efu - hostname=''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)} - version=git.$(${pkgs.git}/bin/git describe --always --dirty) - case $version in (*-dirty) - version=$version@$hostname - esac - date=$(${pkgs.coreutils}/bin/date +%y.%m) - echo "$date.$version" - ''; - - cmds.install = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeBash "stockholm.install" '' - set -efu - - . ${init.env} - - if \test "''${using_proxy-}" != true; then - ${pkgs.openssh}/bin/ssh \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null \ - "$target_user@$target_host" -p "$target_port" \ - env target_path=$(${pkgs.quote}/bin/quote "$target_path") \ - sh -s prepare \ - < ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"} - # TODO inline prepare.sh? - fi - - . ${init.proxy "install" opts} - - # these variables get defined by nix-shell (i.e. nix-build) from - # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), - # which only exists on / and not at /mnt. - export NIX_BUILD_TOP=/tmp - export TEMPDIR=/tmp - export TEMP=/tmp - export TMPDIR=/tmp - export TMP=/tmp - export XDG_RUNTIME_DIR=/tmp - - export NIXOS_CONFIG="$target_path/nixos-config" - - cd - exec nixos-install - ''); - - cmds.test = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "stockholm.test" /* sh */ '' - set -efu - - export dummy_secrets=true - - . ${init.env} - . ${init.proxy "test" opts} - - exec ${utils.build} config.system.build.toplevel - ''); - - # - # low level commands - # - - # usage: get-source SOURCE_FILE - cmds.get-source = pkgs.writeDash "stockholm.get-source" '' - set -efu - exec ${pkgs.nix}/bin/nix-instantiate \ - --eval \ - --json \ - --readonly-mode \ - --show-trace \ - --strict \ - "$1" - ''; - - # usage: parse-target [--default=TARGET] TARGET - # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.withGetopt { - default_target = { - long = "default"; - short = "d"; - }; - } (opts: pkgs.writeDash "stockholm.parse-target" '' - set -efu - target=$1; shift - for arg; do echo "$0: bad argument: $arg" >&2; done - if \test $# != 0; then exit 2; fi - exec ${pkgs.jq}/bin/jq \ - -enr \ - --arg default_target "$default_target" \ - --arg target "$target" \ - -f ${pkgs.writeText "stockholm.parse-target.jq" '' - def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { - user: .captures[0].string, - host: .captures[1].string, - port: .captures[2].string, - path: .captures[3].string, - }; - def sanitize: with_entries(select(.value != null)); - ($default_target | parse) + ($target | parse | sanitize) | - . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } - ''} - ''); - - init.env = pkgs.writeText "init.env" /* sh */ '' - - export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - - export quiet - export system - export target - export user - - default_target=root@$system:22/var/src - - export target_object="$( - ${cmds.parse-target} "$target" -d "$default_target" - )" - export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" - export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" - export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" - export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" - export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" - ''; - - init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' - if \test "''${using_proxy-}" != true; then - - source=$(${cmds.get-source} "$source_file") - qualified_target=$target_user@$target_host:$target_port$target_path - if \test "$force_populate" = true; then - echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target" - else - echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target" - fi - - if \test "$target_local" != true; then - exec ${pkgs.openssh}/bin/ssh \ - "$target_user@$target_host" -p "$target_port" \ - cd "$target_path/stockholm" \; \ - NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ - nix-shell --run "$(${pkgs.quote}/bin/quote " - ${lib.concatStringsSep " " (lib.mapAttrsToList - (name: opt: /* sh */ - "${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})") - opts - )} \ - using_proxy=true \ - ${lib.shell.escape command} \ - $WITHGETOPT_ORIG_ARGS \ - ")" - fi - fi - ''; - - utils.build = pkgs.writeDash "utils.build" '' - set -efu - ${utils.with-whatsupnix} \ - ${pkgs.nix}/bin/nix-build \ - --no-out-link \ - --show-trace \ - -E "with import ; $1" \ - -I "$target_path" \ - ''; - - utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' - set -efu - if \test "$quiet" = true; then - "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix - else - exec "$@" - fi - ''; - -in - - pkgs.write "stockholm" (lib.mapAttrs' (name: link: - lib.nameValuePair "/bin/${name}" { inherit link; } - ) cmds) diff --git a/krebs/source.nix b/krebs/source.nix deleted file mode 100644 index 5b86e89c6..000000000 --- a/krebs/source.nix +++ /dev/null @@ -1,29 +0,0 @@ -with import ; -host@{ name, secure ? false, override ? {} }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "krebs"; - _file = + "/krebs/1systems/${name}/source.nix"; - pkgs = import { - overlays = map import [ - - - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets = getAttr builder { - buildbot.file = toString ; - krebs.pass = { - dir = "${getEnv "HOME"}/brain"; - name = "krebs-secrets/${name}"; - }; - }; - stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - nixpkgs = (import ./krops.nix { name = ""; }).krebs-source.nixpkgs; - } - override - ] diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix deleted file mode 100644 index d8b979812..000000000 --- a/lass/1systems/blue/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "blue"; - secure = true; -} diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix deleted file mode 100644 index 5d9507f3d..000000000 --- a/lass/1systems/cabal/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "cabal"; - secure = true; -} diff --git a/lass/1systems/daedalus/source.nix b/lass/1systems/daedalus/source.nix deleted file mode 100644 index a15ac80c2..000000000 --- a/lass/1systems/daedalus/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "daedalus"; - secure = true; -} diff --git a/lass/1systems/icarus/source.nix b/lass/1systems/icarus/source.nix deleted file mode 100644 index 5b46a44f3..000000000 --- a/lass/1systems/icarus/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "icarus"; - secure = true; -} diff --git a/lass/1systems/littleT/source.nix b/lass/1systems/littleT/source.nix deleted file mode 100644 index a86b8fd10..000000000 --- a/lass/1systems/littleT/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "littleT"; - secure = true; -} diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix deleted file mode 100644 index a9dfa2eb6..000000000 --- a/lass/1systems/mors/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "mors"; - secure = true; -} diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix deleted file mode 100644 index 3dbd6c52b..000000000 --- a/lass/1systems/prism/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -with import ; -import { - name = "prism"; -} diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix deleted file mode 100644 index f2bad743c..000000000 --- a/lass/1systems/red/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "red"; - secure = true; -} diff --git a/lass/1systems/shodan/source.nix b/lass/1systems/shodan/source.nix deleted file mode 100644 index be24ae2d5..000000000 --- a/lass/1systems/shodan/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "shodan"; -} diff --git a/lass/1systems/skynet/source.nix b/lass/1systems/skynet/source.nix deleted file mode 100644 index 2aa627f5c..000000000 --- a/lass/1systems/skynet/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "skynet"; - secure = true; -} diff --git a/lass/1systems/uriel/source.nix b/lass/1systems/uriel/source.nix deleted file mode 100644 index 11d6e1c34..000000000 --- a/lass/1systems/uriel/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "uriel"; -} diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix deleted file mode 100644 index d256b885b..000000000 --- a/lass/1systems/xerxes/source.nix +++ /dev/null @@ -1,5 +0,0 @@ -with import ; -import { - name = "xerxes"; - secure = true; -} diff --git a/lass/source.nix b/lass/source.nix deleted file mode 100644 index 49f919faf..000000000 --- a/lass/source.nix +++ /dev/null @@ -1,29 +0,0 @@ -with import ; -host@{ name, secure ? false, override ? {} }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "lass"; - _file = + "/lass/1systems/${name}/source.nix"; - pkgs = import { - overlays = map import [ - - - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; - nixpkgs = (import host).nixpkgs; - secrets = getAttr builder { - buildbot.file = toString ; - lass.pass = { - dir = "${getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - } - override - ] diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index b652241bd..0de65cceb 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -20,7 +20,6 @@ brain gen-oath-safe cdrtools - stockholm # nix related nix-repl nix-index diff --git a/makefu/source.nix b/makefu/source.nix index 82a41886b..c350fe72c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -57,7 +57,7 @@ in stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; + stockholm-version.pipe = "${pkgs.coreutils}/bin/echo derp"; } (mkIf ( musnix ) { musnix.git = { diff --git a/nin/1systems/axon/source.nix b/nin/1systems/axon/source.nix deleted file mode 100644 index 6a40296da..000000000 --- a/nin/1systems/axon/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "axon"; - secure = true; -} diff --git a/nin/1systems/hiawatha/source.nix b/nin/1systems/hiawatha/source.nix deleted file mode 100644 index a4b366b9c..000000000 --- a/nin/1systems/hiawatha/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "hiawatha"; - secure = true; -} diff --git a/nin/1systems/onondaga/source.nix b/nin/1systems/onondaga/source.nix deleted file mode 100644 index 60d020222..000000000 --- a/nin/1systems/onondaga/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "onondaga"; - secure = true; -} diff --git a/nin/source.nix b/nin/source.nix deleted file mode 100644 index a4bf0a98c..000000000 --- a/nin/source.nix +++ /dev/null @@ -1,23 +0,0 @@ -with import ; -host@{ name, secure ? false }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "nin"; - _file = + "/nin/1systems/${name}/source.nix"; - pkgs = import { - overlays = map import [ - - - ]; - }; -in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets.file = getAttr builder { - buildbot = toString ; - nin = "/home/nin/secrets/${name}"; - }; - stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - nixpkgs = (import host).nixpkgs; - } diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 3695ed3ac..000000000 --- a/shell.nix +++ /dev/null @@ -1,38 +0,0 @@ -let - lib = import ./lib; - pkgs = import { - overlays = [ - (import ./krebs/5pkgs) - (import ./submodules/nix-writers/pkgs) - ]; - }; - -in pkgs.stdenv.mkDerivation { - name = "stockholm"; - shellHook = /* sh */ '' - export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString } - if test -e /nix/var/nix/daemon-socket/socket; then - export NIX_REMOTE=daemon - fi - export PATH=${lib.makeBinPath [ - pkgs.stockholm - ]}''${PATH+:$PATH} - - eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" - shopt -u no_empty_cmd_completion - unalias -a - - enable -n \ - . [ alias bg bind break builtin caller cd command compgen complete \ - compopt continue dirs disown eval exec false fc fg getopts hash \ - help history jobs kill let local logout mapfile popd printf pushd \ - pwd read readarray readonly shift source suspend test times trap \ - true typeset ulimit umask unalias wait - - exitHandler() { - : - } - - PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' - ''; -} diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix deleted file mode 100644 index 9fd2f668c..000000000 --- a/tv/1systems/alnus/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "alnus"; - override.nixpkgs.git.ref = "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; -} diff --git a/tv/1systems/mu/source.nix b/tv/1systems/mu/source.nix deleted file mode 100644 index 7e148cf36..000000000 --- a/tv/1systems/mu/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "mu"; -} diff --git a/tv/1systems/nomic/source.nix b/tv/1systems/nomic/source.nix deleted file mode 100644 index f173b65a6..000000000 --- a/tv/1systems/nomic/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "nomic"; - secure = true; -} diff --git a/tv/1systems/querel/source.nix b/tv/1systems/querel/source.nix deleted file mode 100644 index 74eab51e4..000000000 --- a/tv/1systems/querel/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "querel"; -} diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix deleted file mode 100644 index 2e9cdeb8a..000000000 --- a/tv/1systems/wu/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "wu"; - secure = true; -} diff --git a/tv/1systems/xu/source.nix b/tv/1systems/xu/source.nix deleted file mode 100644 index 46e1aee90..000000000 --- a/tv/1systems/xu/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "xu"; - secure = true; -} diff --git a/tv/1systems/zu/source.nix b/tv/1systems/zu/source.nix deleted file mode 100644 index 7a5c4f523..000000000 --- a/tv/1systems/zu/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import { - name = "zu"; - secure = true; -} diff --git a/tv/source.nix b/tv/source.nix deleted file mode 100644 index c0df06567..000000000 --- a/tv/source.nix +++ /dev/null @@ -1,37 +0,0 @@ -with import ; -{ name -, dummy_secrets ? getEnv "dummy_secrets" == "true" -, override ? {} -, secure ? false -}@host: let - builder = if dummy_secrets then "buildbot" else "tv"; - _file = + "/tv/1systems/${name}/source.nix"; - pkgs = import { - overlays = map import [ - - - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; - nixpkgs.git = { - ref = mkDefault "7cbf6ca1c84dfc917c1a99524e082fb677501844"; - url = https://github.com/NixOS/nixpkgs; - }; - secrets.file = getAttr builder { - buildbot = toString ; - tv = "/home/tv/secrets/${name}"; - }; - stockholm.file = toString ; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - } - (mkIf (builder == "tv") { - secrets-common.file = "/home/tv/secrets/common"; - }) - (mkIf (builder == "tv" && secure) { - secrets-master.file = "/home/tv/secrets/master"; - }) - override - ] -- cgit v1.2.3 From ca2477ab3a4dbe392e8b9e6614540c4b089ade82 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 20:18:01 +0200 Subject: krebs krops: cd to proper stockholm directory --- krebs/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/krops.nix b/krebs/krops.nix index 5378d6fb0..e5013ad08 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -18,7 +18,7 @@ stockholm.file = toString ../.; stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' set -efu - cd $HOME/stockholm + cd ${lib.escapeShellArg krebs-source.stockholm.file} V=$(${pkgs.coreutils}/bin/date +%y.%m) if test -d .git; then V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty) -- cgit v1.2.3 From 97b44fde9ceda01b7503a00cd4a0f4d49dc375cf Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 21:58:13 +0200 Subject: syncthing-device-id: init Source: https://gist.github.com/spectras/b3a6f0093ddb1635b39279e9a539ca21 --- krebs/5pkgs/simple/syncthing-device-id.nix | 36 ++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 krebs/5pkgs/simple/syncthing-device-id.nix diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix new file mode 100644 index 000000000..f7d167fdf --- /dev/null +++ b/krebs/5pkgs/simple/syncthing-device-id.nix @@ -0,0 +1,36 @@ +{ writePython2Bin }: + +writePython2Bin "syncthing-device-id" {} /* python */ '' + import base64 + import hashlib + import subprocess + import sys + + B32ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' + + def luhn_checksum(data, alphabet=B32ALPHABET): + n = len(alphabet) + number = tuple(alphabet.index(i) for i in reversed(data)) + result = (sum(number[::2]) + + sum(sum(divmod(i * 2, n)) for i in number[1::2])) % n + return alphabet[-result] + + def main(incert): + der_data = subprocess.check_output(['openssl', 'x509', '-outform', 'DER'], stdin=incert) + data_hash = hashlib.sha256(der_data) + b32_hash = base64.b32encode(data_hash.digest()).decode('ascii') + + result = b32_hash.upper().rstrip('=') + blocks = [result[pos:pos+13] for pos in range(0, len(result), 13)] + result = '''.join(block + luhn_checksum(block) for block in blocks) + + blocks = [result[pos:pos+7] for pos in range(0, len(result), 7)] + print('-'.join(blocks)) + + if __name__ == '__main__': + import argparse + parser = argparse.ArgumentParser(description='Generate syncthing ID from certificate') + parser.add_argument('incert', type=argparse.FileType('rb'), help='Certificate path') + args = parser.parse_args() + main(**vars(args)) +'' -- cgit v1.2.3 From 4fc5cf354f386d495918aec22df9b482e8676555 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 22:10:50 +0200 Subject: syncthing-device-id: satisfy flake8 --- krebs/5pkgs/simple/syncthing-device-id.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix index f7d167fdf..9fe2b8ffb 100644 --- a/krebs/5pkgs/simple/syncthing-device-id.nix +++ b/krebs/5pkgs/simple/syncthing-device-id.nix @@ -1,6 +1,14 @@ { writePython2Bin }: -writePython2Bin "syncthing-device-id" {} /* python */ '' +writePython2Bin "syncthing-device-id" { + flakeIgnore = [ + "E226" + "E302" + "E305" + "E501" + "F401" + ]; +} /* python */ '' import base64 import hashlib import subprocess -- cgit v1.2.3 From 312eb6e569a3b61325fcf15112500fbf0face65a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 22:11:20 +0200 Subject: syncthing-device-id: use openssl --- krebs/5pkgs/simple/syncthing-device-id.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix index 9fe2b8ffb..9533800fd 100644 --- a/krebs/5pkgs/simple/syncthing-device-id.nix +++ b/krebs/5pkgs/simple/syncthing-device-id.nix @@ -1,4 +1,4 @@ -{ writePython2Bin }: +{ openssl, writePython2Bin }: writePython2Bin "syncthing-device-id" { flakeIgnore = [ @@ -24,7 +24,12 @@ writePython2Bin "syncthing-device-id" { return alphabet[-result] def main(incert): - der_data = subprocess.check_output(['openssl', 'x509', '-outform', 'DER'], stdin=incert) + der_data = subprocess.check_output([ + '${openssl}/bin/openssl', + 'x509', + '-outform', + 'DER', + ], stdin=incert) data_hash = hashlib.sha256(der_data) b32_hash = base64.b32encode(data_hash.digest()).decode('ascii') -- cgit v1.2.3 From 0d907539cb0a4473dbc54fe09bb661cb55a5917d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 11 Sep 2018 19:54:20 +0200 Subject: add the real jeschli to root's authorizedKeys --- krebs/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 7b970923d..fafcd72c3 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -49,6 +49,7 @@ with import ; users.mutableUsers = false; users.extraUsers.root.openssh.authorizedKeys.keys = [ # TODO + config.krebs.users.jeschli-brauerei.pubkey config.krebs.users.lass.pubkey config.krebs.users.lass-mors.pubkey config.krebs.users.makefu.pubkey -- cgit v1.2.3 From c39f89ed98133bd1ccfc3380eca08374a39d3d72 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Sep 2018 14:33:59 +0200 Subject: buildbot-stockholm: use krebs.ci --- krebs/2configs/buildbot-stockholm.nix | 197 ++-------------------------------- 1 file changed, 11 insertions(+), 186 deletions(-) diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 0aa9288ec..0ee91ae34 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -1,47 +1,11 @@ -{ config, pkgs, ... }: with import ; +{ config, ... }: with import ; -let - - hostname = config.networking.hostName; - - sourceRepos = [ - "http://cgit.enklave.r/stockholm" - "http://cgit.gum.r/stockholm" - "http://cgit.hotdog.r/stockholm" - "http://cgit.ni.r/stockholm" - "http://cgit.prism.r/stockholm" - ]; - - # usage: build USER HOST - # This executable is meant to be run with as working directory. - # USER is expected to be a subdirectory of the working directory. - build = pkgs.writeDash "build" '' - set -efu - - user=$1 - host=$2 - - result=$(nix-build \ - --argstr name "$host" \ - --argstr target "$HOME"/stockholm-build \ - --attr test \ - --no-build-output \ - --no-out-link \ - --show-trace \ - "$user"/krops.nix \ - ) - - exec "$result" - ''; - - -in { networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; virtualHosts.build = { - serverAliases = [ "build.${hostname}.r" ]; + serverAliases = [ "build.${config.networking.hostName}.r" ]; locations."/".extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -49,155 +13,16 @@ in ''; }; }; - - krebs.buildbot.master = { - slaves = { - testslave = "lasspass"; - }; - change_source.stockholm = concatMapStrings (repo: '' - cs.append( - changes.GitPoller( - "${repo}", - workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True, - project='stockholm', - pollinterval=10 - ) - ) - '') sourceRepos; - scheduler = { - auto-scheduler = '' - sched.append( - schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=60, - name="build-all-branches", - builderNames=[ - "hosts", - ] - ) - ) - ''; - force-scheduler = '' - sched.append( - schedulers.ForceScheduler( - name="hosts", - builderNames=[ - "hosts", - ] - ) - ) - ''; - }; - builder_pre = '' - # prepare grab_repo step for stockholm - grab_repo = steps.Git( - repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'), - mode='full', - submodules=True, - ) - ''; - builder = { - hosts = '' - from buildbot import interfaces - from buildbot.steps.shell import ShellCommand - - class StepToStartMoreSteps(ShellCommand): - def __init__(self, **kwargs): - ShellCommand.__init__(self, **kwargs) - - def addBuildSteps(self, steps_factories): - for sf in steps_factories: - step = interfaces.IBuildStepFactory(sf).buildStep() - step.setBuild(self.build) - step.setBuildSlave(self.build.slavebuilder.slave) - step_status = self.build.build_status.addStepWithName(step.name) - step.setStepStatus(step_status) - self.build.steps.append(step) - - def start(self): - props = self.build.getProperties() - hosts = json.loads(props.getProperty('hosts_json')) - for host in hosts: - user = hosts[host]['owner'] - - self.addBuildSteps([steps.ShellCommand( - name=str(host), - env={ - "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", - "NIX_REMOTE": "daemon", - }, - command=[ - "${build}", user, host - ], - timeout=90001, - workdir='build', # TODO figure out why we need this? - )]) - - ShellCommand.start(self) - - - f = util.BuildFactory() - f.addStep(grab_repo) - - f.addStep(steps.SetPropertyFromCommand( - env={ - "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", - "NIX_REMOTE": "daemon", - }, - name="get_hosts", - command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """ - with import {}; - let - eval-config = cfg: - import { - modules = [ - (import cfg) - ]; - } - ; - - system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here - - ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts; - - filtered-attrs = lib.mapAttrs ( n: v: { - owner = v.owner.name; - }) ci-systems; - - in filtered-attrs - """], - property="hosts_json" - )) - f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here - - bu.append( - util.BuilderConfig( - name="hosts", - slavenames=slavenames, - factory=f - ) - ) - ''; - }; + krebs.ci = { enable = true; - web.enable = true; - irc = { - enable = true; - nick = "build|${hostname}"; - server = "irc.r"; - channels = [ "noise" "xxx" ]; - allowForce = true; + repos = { + stockholm.urls = [ + "http://cgit.enklave.r/stockholm" + "http://cgit.gum.r/stockholm" + "http://cgit.hotdog.r/stockholm" + "http://cgit.ni.r/stockholm" + "http://cgit.prism.r/stockholm" + ]; }; - extraConfig = '' - c['buildbotURL'] = "http://build.${hostname}.r/" - ''; - }; - - krebs.buildbot.slave = { - enable = true; - masterhost = "localhost"; - username = "testslave"; - password = "lasspass"; - packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ]; }; } -- cgit v1.2.3 From d580af7fd9c210f584603aa32318761b4eb3a877 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 12 Sep 2018 15:21:45 +0200 Subject: ci: join #xxx again --- krebs/3modules/ci.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index cf82401d3..33afb2c0a 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -141,7 +141,7 @@ let enable = true; nick = "build|${hostname}"; server = "irc.r"; - channels = [ "noise" ]; + channels = [ "xxx" "noise" ]; allowForce = true; }; extraConfig = '' -- cgit v1.2.3 From f2c8723bb8ad12abb6b9ec6d562acf7d64cc5fff Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Sep 2018 14:41:26 +0200 Subject: ci: silence nix-build/nix-instantiate --- krebs/3modules/ci.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 33afb2c0a..37aef74ef 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -26,8 +26,8 @@ let hostname = config.networking.hostName; getJobs = pkgs.writeDash "get_jobs" '' - nix-build --no-out-link ./ci.nix 2>&1 > /dev/null - nix-instantiate --eval --strict --json ./ci.nix + nix-build --no-out-link --quiet -Q ./ci.nix > /dev/null + nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; imp = { -- cgit v1.2.3 From 244d31c7611e26e9cac91af2e945910b38acee96 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 13 Sep 2018 14:41:58 +0200 Subject: ci: split schedulers by repo --- krebs/3modules/ci.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 37aef74ef..fdc8b9dc4 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -53,9 +53,12 @@ let nameValuePair name '' sched.append( schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), + change_filter=util.ChangeFilter( + branch_re=".*", + project='${name}', + ), treeStableTimer=60, - name="build-all-branches", + name="${name}-all-branches", builderNames=[ "${name}", ] -- cgit v1.2.3 From b658de054d724064a3531de2d4a53a7a28cdc6ac Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 16:17:39 +0200 Subject: ma omo.r: split hardware config, use disko for tsp hardware --- makefu/1systems/hardware/tsp-disk.json | 23 ++++ makefu/1systems/omo/config.nix | 226 +++------------------------------ makefu/1systems/omo/hw/omo.nix | 117 +++++++++++++++++ makefu/1systems/omo/hw/tsp-tools.nix | 11 ++ makefu/1systems/omo/hw/tsp.nix | 32 +++++ makefu/2configs/dcpp/hub.nix | 102 +++++++++++++++ makefu/2configs/hub.nix | 102 --------------- 7 files changed, 303 insertions(+), 310 deletions(-) create mode 100644 makefu/1systems/hardware/tsp-disk.json create mode 100644 makefu/1systems/omo/hw/omo.nix create mode 100644 makefu/1systems/omo/hw/tsp-tools.nix create mode 100644 makefu/1systems/omo/hw/tsp.nix create mode 100644 makefu/2configs/dcpp/hub.nix delete mode 100644 makefu/2configs/hub.nix diff --git a/makefu/1systems/hardware/tsp-disk.json b/makefu/1systems/hardware/tsp-disk.json new file mode 100644 index 000000000..5a4bd26ab --- /dev/null +++ b/makefu/1systems/hardware/tsp-disk.json @@ -0,0 +1,23 @@ +{ + "type": "devices", + "content": { + "sda": { + "type": "table", + "format": "msdos", + "partitions": [ + { "type": "partition", + "part-type": "primary", + "start": "1M", + "end": "100%", + "bootable": true, + "content": { + "type": "filesystem", + "format": "ext4", + "mountpoint": "/" + } + } + ] + } + } +} + diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 109877bf1..47e815e77 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -4,52 +4,17 @@ { config, pkgs, lib, ... }: let - toMapper = id: "/media/crypt${builtins.toString id}"; - byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; - rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; - rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; - primaryInterface = "enp2s0"; - firetv = "192.168.1.238"; - # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 - # cryptsetup luksAddKey $dev tmpkey - # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 - # mkfs.xfs /dev/mapper/crypt0 -L crypt0 - - # omo Chassis: - # __FRONT_ - # |* d0 | - # | | - # |* d1 | - # | | - # |* d3 | - # | | - # |* | - # |* d2 | - # | * | - # | * | - # |_______| - # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; - cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; - cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; - cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; - cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; - # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; - # all physical disks - - # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } - dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; - allDisks = [ rootDisk ] ++ dataDisks; + primaryInterface = config.makefu.server.primary-itf; in { imports = [ + #./hw/omo.nix + ./hw/tsp.nix - # TODO: unlock home partition via ssh - - + # @@ -78,6 +43,7 @@ in { + { hardware.pulseaudio.systemWide = true; makefu.mpd.musicDirectory = "/media/cryptX/music"; @@ -99,74 +65,9 @@ in { # Temporary: # - { # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; - } - { - systemd.services.firetv = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = "nobody"; - ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; - }; - }; - nixpkgs.config.permittedInsecurePackages = [ - "homeassistant-0.65.5" - ]; - services.home-assistant = { - config = { - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - }; - media_player = [ - { platform = "kodi"; - host = firetv; - } - { platform = "firetv"; - # assumes python-firetv running - } - ]; - sensor = [ - { platform = "luftdaten"; - name = "Ditzingen"; - sensorid = "663"; - monitored_conditions = [ "P1" "P2" ]; - } - # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ - { platform = "darksky"; - api_key = "c73619e6ea79e553a585be06aacf3679"; - language = "de"; - monitored_conditions = [ "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "hourly_summary" - "uv_index" ]; - units = "si" ; - update_interval = { - days = 0; - hours = 0; - minutes = 10; - seconds = 0; - }; - } - ]; - frontend = { }; - http = { }; - }; - enable = true; - #configDir = "/var/lib/hass"; - }; - } + ]; makefu.full-populate = true; - makefu.server.primary-itf = primaryInterface; krebs.rtorrent = { downloadDir = lib.mkForce "/media/cryptX/torrent"; extraConfig = '' @@ -178,18 +79,6 @@ in { members = [ "makefu" "misa" ]; }; networking.firewall.trustedInterfaces = [ primaryInterface ]; - # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net - # tcp:80 - nginx for sharing files - # tcp:655 udp:655 - tinc - # tcp:8111 - graphite - # tcp:8112 - pyload - # tcp:9090 - sabnzbd - # tcp:9200 - elasticsearch - # tcp:5601 - kibana - networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 80 655 5601 8111 8112 9200 9090 ]; - - # services.openssh.allowSFTP = false; # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -199,90 +88,11 @@ in { enable = true; servedir = "/media/cryptX/emu/ps3"; }; - # HDD Array stuff - services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - - makefu.snapraid = { - enable = true; - # TODO: 3 is not protected - disks = map toMapper [ 0 1 ]; - parity = toMapper 2; - }; - - # TODO create folders in /media - system.activationScripts.createCryptFolders = '' - ${lib.concatMapStringsSep "\n" - (d: "install -m 755 -d " + (toMapper d) ) - [ 0 1 2 "X" ]} - ''; - environment.systemPackages = with pkgs;[ - mergerfs # hard requirement for mount - wol # wake up filepimp - f3 - ]; - fileSystems = let - cryptMount = name: - { "/media/${name}" = { - device = "/dev/mapper/${name}"; fsType = "xfs"; - options = [ "nofail" ]; - };}; - in cryptMount "crypt0" - // cryptMount "crypt1" - // cryptMount "crypt2" - // cryptMount "crypt3" - // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); - fsType = "mergerfs"; - noCheck = true; - options = [ "defaults" "allow_other" "nofail" "nonempty" ]; - }; - }; - - powerManagement.powerUpCommands = lib.concatStrings (map (disk: '' - ${pkgs.hdparm}/sbin/hdparm -S 100 ${disk} - ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} - ${pkgs.hdparm}/sbin/hdparm -y ${disk} - '') allDisks); - # crypto unlocking - boot = { - initrd.luks = { - devices = let - usbkey = name: device: { - inherit name device keyFile; - keyFileSize = 4096; - allowDiscards = true; - }; - in [ - (usbkey "luksroot" rootPartition) - (usbkey "crypt0" cryptDisk0) - (usbkey "crypt1" cryptDisk1) - (usbkey "crypt2" cryptDisk2) - (usbkey "crypt3" cryptDisk3) - ]; - }; - loader.grub.device = lib.mkForce rootDisk; - - initrd.availableKernelModules = [ - "ahci" - "ohci_pci" - "ehci_pci" - "pata_atiixp" - "firewire_ohci" - "usb_storage" - "usbhid" - ]; - - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - }; users.users.misa = { uid = 9002; name = "misa"; }; - # hardware.enableAllFirmware = true; - hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; @@ -290,23 +100,23 @@ in { nickname = "Reaktor|shack"; workdir = "/var/lib/Reaktor/shack"; channels = [ "#shackspace" ]; - plugins = with pkgs.ReaktorPlugins;[ - shack-correct - # stockholm-issue - sed-plugin - random-emoji ]; + plugins = with pkgs.ReaktorPlugins; + [ shack-correct + # stockholm-issue + sed-plugin + random-emoji ]; }; krebs.Reaktor.reaktor-bgt = { nickname = "Reaktor|bgt"; workdir = "/var/lib/Reaktor/bgt"; channels = [ "#binaergewitter" ]; - plugins = with pkgs.ReaktorPlugins;[ - titlebot - # stockholm-issue - nixos-version - shack-correct - sed-plugin - random-emoji ]; + plugins = with pkgs.ReaktorPlugins; + [ titlebot + # stockholm-issue + nixos-version + shack-correct + sed-plugin + random-emoji ]; }; krebs.build.host = config.krebs.hosts.omo; diff --git a/makefu/1systems/omo/hw/omo.nix b/makefu/1systems/omo/hw/omo.nix new file mode 100644 index 000000000..1b618a486 --- /dev/null +++ b/makefu/1systems/omo/hw/omo.nix @@ -0,0 +1,117 @@ +{ config, pkgs, lib, ... }: +let + toMapper = id: "/media/crypt${builtins.toString id}"; + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = byid "usb-Verbatim_STORE_N_GO_070B3CEE0B223954-0:0"; + rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; + rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; + primaryInterface = "enp2s0"; + # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 + # cryptsetup luksAddKey $dev tmpkey + # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 + # mkfs.xfs /dev/mapper/crypt0 -L crypt0 + + # omo Chassis: + # __FRONT_ + # |* d0 | + # | | + # |* d1 | + # | | + # |* d3 | + # | | + # |* | + # |* d2 | + # | * | + # | * | + # |_______| + # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; + cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; + cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; + cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; + # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; + # all physical disks + + # TODO callPackage ../3modules/MonitorDisks { disks = allDisks } + dataDisks = [ cryptDisk0 cryptDisk1 cryptDisk2 cryptDisk3 ]; + allDisks = [ rootDisk ] ++ dataDisks; +in { + imports = + [ # TODO: unlock home partition via ssh + ]; + makefu.server.primary-itf = primaryInterface; + system.activationScripts.createCryptFolders = '' + ${lib.concatMapStringsSep "\n" + (d: "install -m 755 -d " + (toMapper d) ) + [ 0 1 2 "X" ]} + ''; + + makefu.snapraid = { + enable = true; + # TODO: 3 is not protected + disks = map toMapper [ 0 1 ]; + parity = toMapper 2; + }; + fileSystems = let + cryptMount = name: + { "/media/${name}" = { + device = "/dev/mapper/${name}"; fsType = "xfs"; + options = [ "nofail" ]; + };}; + in cryptMount "crypt0" + // cryptMount "crypt1" + // cryptMount "crypt2" + // cryptMount "crypt3" + // { "/media/cryptX" = { + device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); + fsType = "mergerfs"; + noCheck = true