From 04c22b427cc01dc5d6649a4b9052b392bd2e6988 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 14 Aug 2018 19:38:48 +0200 Subject: krops: 1.1.0 -> 1.3.0 --- krebs/5pkgs/simple/krops.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix index e4e9928d4..208ba607e 100644 --- a/krebs/5pkgs/simple/krops.nix +++ b/krebs/5pkgs/simple/krops.nix @@ -2,6 +2,6 @@ fetchgit { url = https://cgit.krebsco.de/krops; - rev = "refs/tags/v1.1.0"; - sha256 = "19z5385rdci2bj0l7ksjbgyj84vsb29kz87j9x6vj5vv16y7y4ll"; + rev = "refs/tags/v1.3.0"; + sha256 = "1vfmm7aqi6y6cjz7vivamc70dkaxxxlihj48qvqc0dlj1bi331c2"; } -- cgit v1.2.3 From 7f53d51c0afa7cb2c98a1b21f4df6e5590ec2ce5 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 21 Aug 2018 19:45:50 +0200 Subject: j brauerei: +steam --- jeschli/1systems/brauerei/config.nix | 1 + jeschli/2configs/steam.nix | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 jeschli/2configs/steam.nix diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index e200cbcd4..4cd544a66 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -8,6 +8,7 @@ + ]; diff --git a/jeschli/2configs/steam.nix b/jeschli/2configs/steam.nix new file mode 100644 index 000000000..4d2d66c64 --- /dev/null +++ b/jeschli/2configs/steam.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + + nixpkgs.config.steam.java = true; + environment.systemPackages = with pkgs; [ + steam + ]; + hardware.opengl.driSupport32Bit = true; + + #ports for inhome streaming + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27031"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27036"; target = "ACCEPT"; } + ]; + }; + }; +} -- cgit v1.2.3 From 7a1441bf1c053411921eff0f25c7e9099a13029c Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 23 Aug 2018 13:07:33 +0200 Subject: krops: 1.3.0 -> 1.3.1 --- krebs/5pkgs/simple/krops.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix index 208ba607e..23cc224b8 100644 --- a/krebs/5pkgs/simple/krops.nix +++ b/krebs/5pkgs/simple/krops.nix @@ -2,6 +2,6 @@ fetchgit { url = https://cgit.krebsco.de/krops; - rev = "refs/tags/v1.3.0"; - sha256 = "1vfmm7aqi6y6cjz7vivamc70dkaxxxlihj48qvqc0dlj1bi331c2"; + rev = "refs/tags/v1.3.1"; + sha256 = "0bv984bjc6r1ys1q0wnszv1v1g1wdvjb6i0ibj7namwz0mhg67a7"; } -- cgit v1.2.3 From ce31457b77a65d36893d622b5e1061284e90bf2d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Aug 2018 21:08:28 +0200 Subject: nix-writers: 4d08293 -> 5d79992 --- submodules/nix-writers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/submodules/nix-writers b/submodules/nix-writers index 4d0829328..5d7999226 160000 --- a/submodules/nix-writers +++ b/submodules/nix-writers @@ -1 +1 @@ -Subproject commit 4d0829328e885a6d7163b513998a975e60dd0a72 +Subproject commit 5d79992262e8f16a3efa985375be74abea3bb392 -- cgit v1.2.3 From 23d2950ed7d60aaa066a437b4aaffbf55a76c036 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 28 Aug 2018 20:58:23 +0200 Subject: cgit-clear-cache: init --- krebs/3modules/git.nix | 4 +--- krebs/5pkgs/simple/cgit-clear-cache.nix | 8 ++++++++ 2 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 krebs/5pkgs/simple/cgit-clear-cache.nix diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 5ae24b40b..89726fd7b 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -403,9 +403,7 @@ let )); environment.systemPackages = [ - (pkgs.writeDashBin "cgit-clear-cache" '' - ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/* - '') + (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; }) ]; system.activationScripts.cgit = '' diff --git a/krebs/5pkgs/simple/cgit-clear-cache.nix b/krebs/5pkgs/simple/cgit-clear-cache.nix new file mode 100644 index 000000000..28402c39c --- /dev/null +++ b/krebs/5pkgs/simple/cgit-clear-cache.nix @@ -0,0 +1,8 @@ +with import ; + +{ cache-root ? "/tmp/cgit", findutils, writeDashBin }: + +writeDashBin "cgit-clear-cache" '' + set -efu + ${findutils}/bin/find ${shell.escape cache-root} -type f -delete +'' -- cgit v1.2.3 From 7da08cb47fd07d4220f459475bb8bce405512397 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 28 Aug 2018 22:05:45 +0200 Subject: krebs git: allow git user to rwx cgit cache-root --- krebs/3modules/git.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 89726fd7b..8a923efd2 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -348,6 +348,10 @@ let users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; description = "Git repository hosting user"; + extraGroups = [ + # To allow running cgit-clear-cache via hooks. + cfg.cgit.fcgiwrap.group.name + ]; shell = "/bin/sh"; openssh.authorizedKeys.keys = unique @@ -407,7 +411,8 @@ let ]; system.activationScripts.cgit = '' - mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} + mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} + chmod 0770 ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} ''; -- cgit v1.2.3 From 16ad5fb0a835a1022656253ae838e83fa024e692 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 28 Aug 2018 21:48:00 +0200 Subject: tv gitrepos: cgit-clear-cache on post-receive --- tv/2configs/gitrepos.nix | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 06875038d..74fb5215a 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -18,6 +18,10 @@ let { }; }; + cgit-clear-cache = pkgs.cgit-clear-cache.override { + inherit (config.krebs.git.cgit.settings) cache-root; + }; + repos = public-repos // optionalAttrs config.krebs.build.host.secure restricted-repos; @@ -97,8 +101,11 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; - hooks.post-receive = irc-announce { - cgit_endpoint = null; + hooks = { + post-receive = /* sh */ '' + (${irc-announce { cgit_endpoint = null; }}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; }; }; } // @@ -117,14 +124,24 @@ let { make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; - hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = irc-announce {}; + hooks = { + post-receive = /* sh */ '' + (${optionalString (config.krebs.build.host.name == "ni") + (irc-announce {})}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; }; }; make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { - inherit collaborators hooks name; + inherit collaborators name; public = false; + hooks = hooks // { + post-receive = /* sh */ '' + (${hooks.post-receive or ""}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; + }; }; make-rules = -- cgit v1.2.3 From 61e6552da3c48256bf4d17ae691721b3a7d000f2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 Aug 2018 11:39:03 +0200 Subject: l: rip dishfire.r --- krebs/3modules/lass/default.nix | 33 ------------------- lass/1systems/dishfire/config.nix | 63 ------------------------------------- lass/1systems/dishfire/physical.nix | 39 ----------------------- lass/1systems/dishfire/source.nix | 3 -- 4 files changed, 138 deletions(-) delete mode 100644 lass/1systems/dishfire/config.nix delete mode 100644 lass/1systems/dishfire/physical.nix delete mode 100644 lass/1systems/dishfire/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c4a5bbb0d..44b56c4d5 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -11,39 +11,6 @@ with import ; ci = true; monitoring = true; }) { - dishfire = { - cores = 4; - nets = rec { - internet = { - ip4.addr = "144.76.172.188"; - aliases = [ - "dishfire.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.133.99"; - ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233"; - aliases = [ - "dishfire.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs - Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 - uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK - R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd - vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U - HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.port = 993; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; - }; prism = rec { cores = 4; extraZones = { diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix deleted file mode 100644 index 3d5f32180..000000000 --- a/lass/1systems/dishfire/config.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - "ens*" - ]; - } - { - sound.enable = false; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - imports = [ - - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - #TODO: abstract & move to own file - krebs.exim-smarthost = { - enable = true; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ - config.krebs.hosts.mors - config.krebs.hosts.uriel - ]; - system-aliases = [ - { from = "mailer-daemon"; to = "postmaster"; } - { from = "postmaster"; to = "root"; } - { from = "nobody"; to = "root"; } - { from = "hostmaster"; to = "root"; } - { from = "usenet"; to = "root"; } - { from = "news"; to = "root"; } - { from = "webmaster"; to = "root"; } - { from = "www"; to = "root"; } - { from = "ftp"; to = "root"; } - { from = "abuse"; to = "root"; } - { from = "noc"; to = "root"; } - { from = "security"; to = "root"; } - { from = "root"; to = "lass"; } - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.dishfire; -} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix deleted file mode 100644 index 64e3904e0..000000000 --- a/lass/1systems/dishfire/physical.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./config.nix - - ]; - - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" - ]; - - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; -} diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix deleted file mode 100644 index 2445af130..000000000 --- a/lass/1systems/dishfire/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "dishfire"; -} -- cgit v1.2.3 From af2753507d65e01d088161122ce5663c181a46aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 25 Aug 2018 16:54:13 +0200 Subject: add konsens module --- krebs/3modules/default.nix | 1 + krebs/3modules/konsens.nix | 80 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 krebs/3modules/konsens.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index afc96e9ee..833349769 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -26,6 +26,7 @@ let ./iana-etc.nix ./iptables.nix ./kapacitor.nix + ./konsens.nix ./monit.nix ./newsbot-js.nix ./nixpkgs.nix diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix new file mode 100644 index 000000000..47316d5d6 --- /dev/null +++ b/krebs/3modules/konsens.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + cfg = config.krebs.konsens; + + out = { + options.krebs.konsens = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "git konsens finder"; + repos = mkOption { + type = types.attrsOf (types.submodule ({ config, ...}: { + options = { + url = mkOption { + type = types.str; + default = "git@localhost:${config._module.args.name}"; + }; + branchesToCheck = mkOption { + type = types.listOf types.str; + default = [ "lassulus" "makefu" "tv" ]; + }; + target = mkOption { + type = types.str; + default = "master"; + }; + timerConfig = mkOption { + type = types.attrsOf types.str; + default = { + OnCalendar = "*:00,15,30,45"; + }; + }; + }; + })); + }; + }; + + imp = { + users.users.konsens = rec { + name = "konsens"; + uid = genid name; + home = "/var/lib/konsens"; + createHome = true; + }; + + systemd.timers = mapAttrs' (name: repo: + nameValuePair "konsens-${name}" { + description = "konsens timer"; + wantedBy = [ "timers.target" ]; + timerConfig = repo.timerConfig; + } + ) cfg.repos; + + systemd.services = mapAttrs' (name: repo: + nameValuePair "konsens-${name}" { + after = [ "network.target" "secret.service" ]; + path = [ pkgs.git ]; + restartIfChanged = false; + serviceConfig = { + Type = "simple"; + PermissionsStartOnly = true; + ExecStart = pkgs.writeDash "konsens-${name}" '' + if ! test -e ${name}; then + git clone ${repo.url} ${name} + fi + cd ${name} + git fetch origin + git push origin $(git merge-base ${concatMapStringsSep " " (branch: "origin/${branch}") repo.branchesToCheck}):refs/heads/master + ''; + WorkingDirectory = /var/lib/konsens; + User = "konsens"; + }; + } + ) cfg.repos; + }; + +in out -- cgit v1.2.3 From 427488be8176024e758fe40be32593a10fb1a53b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 Aug 2018 17:42:00 +0200 Subject: repo-sync: add konsens for krops & stockholm --- krebs/2configs/repo-sync.nix | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 7c3b2c90e..813dc154b 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -3,6 +3,10 @@ with import ; let + konsens-user = { + name = "konsens"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7"; + }; mirror = "git@${config.networking.hostName}:"; defineRepo = { @@ -20,7 +24,7 @@ let verbose = false; channel = "#xxx"; server = "irc.r"; - branches = [ "newest" ]; + branches = [ "master" "newest" ]; }; }; }; @@ -37,6 +41,13 @@ let repo = [ repo ]; perm = push ''refs/*'' [ non-fast-forward create delete merge ]; } + { + user = [ + konsens-user + ]; + repo = [ repo ]; + perm = push ''refs/heads/master'' [ create merge ]; + } { user = attrValues config.krebs.users; repo = [ repo ]; @@ -108,6 +119,19 @@ in { krebs.repo-sync = { enable = true; }; + krebs.konsens = { + enable = true; + repos = { + krops = { branchesToCheck = [ "lassulus" "tv" ]; }; + stockholm = {}; + }; + }; + krebs.secret.files.konsens = { + path = "/var/lib/konsens/.ssh/id_ed25519"; + owner = konsens-user; + source-path = "${}"; + }; + imports = [ (sync-retiolum { name = "the_playlist"; desc = "Good Music collection + tools"; section = "art"; }) -- cgit v1.2.3 From 7af81afa3d603a874fd4d0bff1885fe2f91afd41 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 Aug 2018 17:53:56 +0200 Subject: buildbot-standalone: check cgit.hotdog.r --- krebs/2configs/buildbot-stockholm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 62a5f9ab5..1ed38f54f 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -24,7 +24,7 @@ in testslave = "lasspass"; }; change_source.stockholm = '' - stockholm_repo = 'http://cgit.prism.r/stockholm' + stockholm_repo = 'http://cgit.hotdog.r/stockholm' cs.append( changes.GitPoller( stockholm_repo, -- cgit v1.2.3 From 931efb81587b59dd9159de654f1597b579500535 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 29 Aug 2018 17:56:40 +0200 Subject: add dummy_secret for konsens --- krebs/0tests/data/secrets/konsens.id_ed25519 | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 krebs/0tests/data/secrets/konsens.id_ed25519 diff --git a/krebs/0tests/data/secrets/konsens.id_ed25519 b/krebs/0tests/data/secrets/konsens.id_ed25519 new file mode 100644 index 000000000..e69de29bb -- cgit v1.2.3 From bae340cf25d8af2b3ad37acb149486b64dee9a76 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 1 Sep 2018 15:18:23 +0200 Subject: nixpkgs: 4df3426 -> a37638d --- krebs/nixpkgs.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 13bed8bfe..a9a0f6634 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "4df3426f5a5e78cef4835897a43abd9e2a092b74", - "date": "2018-08-19T09:20:40+02:00", - "sha256": "05k5mssiqxffxi45mss9wjns6k76i248rpasa48akdcriry1mp63", + "rev": "a37638d46706610d12c9747614fd1b8f8d35ad48", + "date": "2018-08-30T21:03:26+02:00", + "sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7", "fetchSubmodules": true } -- cgit v1.2.3 From c1e692217834de86416b04c04958c791113b11cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 2 Sep 2018 08:56:12 +0200 Subject: l: rekey, rename borg.r -> rock.r (Mic92) --- krebs/3modules/lass/default.nix | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 44b56c4d5..7d9ef5075 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -408,7 +408,7 @@ with import ; }; }; }; - borg = { + rock = { monitoring = false; ci = false; external = true; @@ -416,22 +416,21 @@ with import ; retiolum = { ip4.addr = "10.243.29.171"; ip6.addr = "42:4992:6a6d:700::2"; - aliases = [ "borg.r" ]; + aliases = [ "rock.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq - bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL - aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD - HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA - 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O - zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml - 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN - fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq - WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB - /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U - EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS - iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- ''; }; }; -- cgit v1.2.3 From 071cc0f5b109b4e17b3d6616fcc20c419ae1f7c8 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 4 Sep 2018 19:54:22 +0200 Subject: j enklave: +cgit --- jeschli/1systems/enklave/config.nix | 1 + jeschli/2configs/retiolum.nix | 2 +- krebs/3modules/jeschli/default.nix | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix index 470566a8b..cadec3cab 100644 --- a/jeschli/1systems/enklave/config.nix +++ b/jeschli/1systems/enklave/config.nix @@ -5,6 +5,7 @@ + { networking.dhcpcd.allowInterfaces = [ diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix index b611cbe7d..f22609655 100644 --- a/jeschli/2configs/retiolum.nix +++ b/jeschli/2configs/retiolum.nix @@ -17,7 +17,7 @@ tinc = pkgs.tinc_pre; }; - networking.firewall.allowedTCPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 80 655 ]; networking.firewall.allowedUDPPorts = [ 655 ]; environment.systemPackages = [ diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index ed9bfad29..ab8fe097d 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -132,6 +132,7 @@ with import ; ip6.addr = "42::30"; aliases = [ "enklave.r" + "cgit.enklave.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From 228ca863767edc07ae50c82034d873ee7ef17310 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 4 Sep 2018 20:09:24 +0200 Subject: j steam: remove dead code --- jeschli/2configs/steam.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/jeschli/2configs/steam.nix b/jeschli/2configs/steam.nix index 4d2d66c64..06a068a3f 100644 --- a/jeschli/2configs/steam.nix +++ b/jeschli/2configs/steam.nix @@ -9,14 +9,4 @@ hardware.opengl.driSupport32Bit = true; #ports for inhome streaming - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; } - { predicate = "-p udp --dport 27031"; target = "ACCEPT"; } - { predicate = "-p udp --dport 27036"; target = "ACCEPT"; } - ]; - }; - }; } -- cgit v1.2.3 From eebf0b5efe7540452cdf759b1798e3c715408fc5 Mon Sep 17 00:00:00 2001 From: jeschli Date: Tue, 4 Sep 2018 20:17:26 +0200 Subject: j: +git --- jeschli/2configs/git.nix | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 jeschli/2configs/git.nix diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix new file mode 100644 index 000000000..77602e0f1 --- /dev/null +++ b/jeschli/2configs/git.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with import ; + +let + + out = { + services.nginx.enable = true; + krebs.git = { + enable = true; + cgit = { + settings = { + root-title = "public repositories at ${config.krebs.build.host.name}"; + root-desc = "keep calm and engage"; + }; + enable = true; + }; + repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + rules = rules; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } + ]; + }; + + repos = public-repos; + + rules = concatMap make-rules (attrValues repos); + + public-repos = mapAttrs make-public-repo { + stockholm = { + cgit.desc = "Bonbon aus Git - die ganze Nacht"; + }; + krebs-page = { + cgit.desc = "Die Krebs Page"; + }; + }; + + make-public-repo = name: { cgit ? {}, ... }: { + inherit cgit name; + public = true; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.krebs.build.host.name; + channel = "#xxx"; + server = "irc.r"; + verbose = true; + branches = [ "master" ]; + }; + }; + }; + + make-rules = + with git // config.krebs.users; + repo: + singleton { + user = [ jeschli jeschli-brauerei]; + repo = [ repo ]; + perm = push "refs/*" [ non-fast-forward create delete merge ]; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } ++ + optional (length (repo.collaborators or []) > 0) { + user = repo.collaborators; + repo = [ repo ]; + perm = fetch; + }; + +in out -- cgit v1.2.3 From 39870dbc4ab8849af41ffdf49bc64d4abea5b4b1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 7 Sep 2018 14:59:01 +0200 Subject: l krops: get target as argument --- lass/1systems/blue/config.nix | 2 +- lass/krops.nix | 15 ++++----------- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index a84bb37f6..261e53e93 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -16,7 +16,7 @@ with import ; deploy = pkgs.writeDash "deploy" '' set -eu export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" --argstr target "root@$SYSTEM/var/src" -A deploy) ''; }; diff --git a/lass/krops.nix b/lass/krops.nix index 776a3a55d..ca3914f53 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -1,4 +1,4 @@ -{ config ? config, name }: let +{ config ? config, name, target}: let inherit (import ../krebs/krops.nix { inherit name; }) krebs-source lib @@ -24,19 +24,12 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) deploy = pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; - target = "root@${name}/var/src"; + inherit target; }; # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) - test = pkgs.krops.writeTest "${name}-test" { + ci = pkgs.krops.writeTest "${name}-test" { source = source { test = true; }; - target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; + inherit target; }; - - ci = map (host: - pkgs.krops.writeTest "${host.name}-test" { - source = source { test = true; }; - target = "${lib.getEnv "TMPDIR"}/lass/${host.name}"; - } - ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts)); } -- cgit v1.2.3 From c667b2c66407f2daf67c635ca429858fa80c5dab Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 7 Sep 2018 16:55:37 +0200 Subject: l krops: get dummy-secrets via relative path --- lass/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/krops.nix b/lass/krops.nix index ca3914f53..c12c0925c 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -10,7 +10,7 @@ { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; secrets = if test then { - file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + file = toString ./2configs/tests/dummy-secrets; } else { pass = { dir = "${lib.getEnv "HOME"}/.password-store"; -- cgit v1.2.3 From f8a594cff85af8e19fa3aa7e6159004105285142 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 7 Sep 2018 17:30:31 +0200 Subject: buildbot-stockholm: use krops.nix --- krebs/2configs/buildbot-stockholm.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 1ed38f54f..13d4c6729 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -4,6 +4,14 @@ let hostname = config.networking.hostName; + build = pkgs.writeDash "build" '' + set -eu + export USER="$1" + export SYSTEM="$2" + $(nix-build $USER/krops.nix --no-out-link --argstr name "$SYSTEM" --argstr target "$HOME/stockholm-build" -A ci) + ''; + + in { networking.firewall.allowedTCPPorts = [ 80 ]; @@ -95,15 +103,9 @@ in env={ "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", "NIX_REMOTE": "daemon", - "dummy_secrets": "true", }, command=[ - "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", - "--user={}".format(user), - "--system={}".format(host), - "--force-populate", - "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user), - ]) + "${build}", user, host ], timeout=90001, workdir='build', # TODO figure out why we need this? -- cgit v1.2.3 From 293dada1cd44d23249697cb7c86d0a12f34c0e0d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 7 Sep 2018 17:35:41 +0200 Subject: Revert "l krops: get target as argument" This reverts commit 39870dbc4ab8849af41ffdf49bc64d4abea5b4b1. --- lass/1systems/blue/config.nix | 2 +- lass/krops.nix | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index 261e53e93..a84bb37f6 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -16,7 +16,7 @@ with import ; deploy = pkgs.writeDash "deploy" '' set -eu export SYSTEM="$1" - $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" --argstr target "root@$SYSTEM/var/src" -A deploy) + $(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) ''; }; diff --git a/lass/krops.nix b/lass/krops.nix index c12c0925c..5111730ed 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -1,4 +1,4 @@ -{ config ? config, name, target}: let +{ config ? config, name }: let inherit (import ../krebs/krops.nix { inherit name; }) krebs-source lib @@ -24,12 +24,19 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) deploy = pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; - inherit target; + target = "root@${name}/var/src"; }; # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) - ci = pkgs.krops.writeTest "${name}-test" { + test = pkgs.krops.writeTest "${name}-test" { source = source { test = true; }; - inherit target; + target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; }; + + ci = map (host: + pkgs.krops.writeTest "${host.name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "TMPDIR"}/lass/${host.name}"; + } + ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts)); } -- cgit v1.2.3 From f21ec7612c1151a3a679a67b08a768aac43a9605 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 7 Sep 2018 17:40:10 +0200 Subject: l krops: prepare .ci for buildbot --- lass/krops.nix | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/lass/krops.nix b/lass/krops.nix index 5111730ed..cf2ebfbd2 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -30,13 +30,11 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) test = pkgs.krops.writeTest "${name}-test" { source = source { test = true; }; - target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; }; - ci = map (host: - pkgs.krops.writeTest "${host.name}-test" { - source = source { test = true; }; - target = "${lib.getEnv "TMPDIR"}/lass/${host.name}"; - } - ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts)); + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; } -- cgit v1.2.3 From 3376f0ace51510f8ad71d91a63b8bbdd9d9b0a41 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 7 Sep 2018 17:55:22 +0200 Subject: l krops: remove broken config arg --- lass/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/krops.nix b/lass/krops.nix index cf2ebfbd2..c5a932206 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -1,4 +1,4 @@ -{ config ? config, name }: let +{ name }: let inherit (import ../krebs/krops.nix { inherit name; }) krebs-source lib -- cgit v1.2.3 From 3a3af330f7bcdee39d9583701c7db0dd3d5e69c2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 7 Sep 2018 19:46:20 +0200 Subject: krops.nix: add ci --- krebs/krops.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/krebs/krops.nix b/krebs/krops.nix index c334bc07d..c71e60571 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -60,4 +60,9 @@ source = source { test = true; }; target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; } -- cgit v1.2.3 From 32548552b04bbc8b086778852c13fc72e5fed8eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 8 Sep 2018 12:10:45 +0200 Subject: m krops.nix: prepare for buildbot --- makefu/krops.nix | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index 3b5f3df9c..9a701dcac 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -81,10 +81,8 @@ in { target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; }; - ci = map (host: - pkgs.krops.writeTest "${host.name}-test" { - source = source { test = true; }; - target = "${lib.getEnv "TMPDIR"}/makefu/${host.name}"; - } - ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "makefu") (lib.attrValues config.krebs.hosts)); + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; } -- cgit v1.2.3 From 288db486eec19c88215f333065cf14fe44086cf7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 8 Sep 2018 12:30:50 +0200 Subject: j: add krops.nix --- jeschli/krops.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 jeschli/krops.nix diff --git a/jeschli/krops.nix b/jeschli/krops.nix new file mode 100644 index 000000000..e55f207d3 --- /dev/null +++ b/jeschli/krops.nix @@ -0,0 +1,40 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./2configs/tests/dummy-secrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; + }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; +} -- cgit v1.2.3 From 68bf23466fcaf91df0f11ba0828ef41fc9f694bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 8 Sep 2018 12:31:56 +0200 Subject: n: add krops.nix --- nin/krops.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 nin/krops.nix diff --git a/nin/krops.nix b/nin/krops.nix new file mode 100644 index 000000000..2ba896419 --- /dev/null +++ b/nin/krops.nix @@ -0,0 +1,40 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./0tests/dummysecrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; + }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; +} -- cgit v1.2.3