From ffef87c5dfc7cf6443bbef2fcc6661a06365e098 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Oct 2015 17:50:54 +0200 Subject: l: specify krebs.hosts.*.nets.gg23 --- krebs/3modules/lass/default.nix | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index afedf95f2..5c48d9642 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -104,7 +104,11 @@ with import ../../4lib { inherit lib; }; uriel = { cores = 1; dc = "lass"; - nets = rec { + nets = { + gg23 = { + addrs4 = ["10.23.1.12"]; + aliases = ["uriel.gg23"]; + }; retiolum = { addrs4 = ["10.243.81.176"]; addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"]; @@ -131,7 +135,11 @@ with import ../../4lib { inherit lib; }; mors = { cores = 2; dc = "lass"; - nets = rec { + nets = { + gg23 = { + addrs4 = ["10.23.1.11"]; + aliases = ["mors.gg23"]; + }; retiolum = { addrs4 = ["10.243.0.2"]; addrs6 = ["42:0:0:0:0:0:0:dea7"]; @@ -155,6 +163,22 @@ with import ../../4lib { inherit lib; }; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; + schnabel-ap = { + nets = { + gg23 = { + addrs4 = ["10.23.1.20"]; + aliases = ["schnabel-ap.gg23"]; + }; + }; + }; + Reichsfunk-ap = { + nets = { + gg23 = { + addrs4 = ["10.23.1.10"]; + aliases = ["Reichsfunk-ap.gg23"]; + }; + }; + }; }; users = addNames { -- cgit v1.3.1 From 226ea391caec5b3f2f112de263dd2db3a0e012f4 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 21 Oct 2015 00:08:18 +0200 Subject: stockholm: provide krebs lib --- default.nix | 24 +++++++++++++++++++----- krebs/3modules/build.nix | 2 +- krebs/3modules/default.nix | 2 +- krebs/3modules/git.nix | 2 +- krebs/3modules/github-hosts-sync.nix | 3 +-- krebs/3modules/lass/default.nix | 2 +- krebs/3modules/makefu/default.nix | 2 +- krebs/3modules/tv/default.nix | 2 +- krebs/4lib/default.nix | 2 -- krebs/5pkgs/default.nix | 5 ++--- krebs/default.nix | 7 +------ tv/2configs/test.nix | 2 +- tv/3modules/consul.nix | 2 +- tv/4lib/default.nix | 14 ++++---------- 14 files changed, 35 insertions(+), 36 deletions(-) (limited to 'krebs/3modules') diff --git a/default.nix b/default.nix index 11bae7d98..c70225174 100644 --- a/default.nix +++ b/default.nix @@ -47,8 +47,20 @@ let stockholm = { inherit (eval {}) pkgs; }; - krebs = import ./krebs (current // { inherit stockholm; }); - inherit (krebs) lib; + krebs = import ./krebs (current // { inherit lib stockholm; }); + + lib = + let + lib = import ; + klib = import ./krebs/4lib { inherit lib; }; + #ulib = import (./. + "/${current-user-name}/4lib") { lib = lib // klib; }; + ulib = {}; # TODO + in + builtins // lib // klib // ulib // rec { + # TODO move this stuff + stockholm-path = ./.; + nspath = ns: p: stockholm-path + "/${ns}/${p}"; + }; # Path resolvers for common and individual files. # Example: `upath "3modules"` produces the current user's 3modules directory @@ -65,8 +77,8 @@ let stockholm = { let # Notice the ordering. Krebs packages can only depend on Nixpkgs, # whereas user packages additionally can depend on krebs packages. - kpkgs = import (kpath "5pkgs") { inherit pkgs; }; - upkgs = import (upath "5pkgs") { pkgs = pkgs // kpkgs; }; + kpkgs = import (kpath "5pkgs") { inherit lib pkgs; }; + upkgs = import (upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; }; in kpkgs // upkgs; }; @@ -76,8 +88,10 @@ let stockholm = { # packages and modules on top of NixOS. Some of this stuff might become # useful to a broader audience, at which point it should probably be merged # and pull-requested for inclusion into NixOS/nixpkgs. - # TODO provide krebs lib, so modules don't have to import it awkwardly eval = config: import { + specialArgs = { + inherit lib; + }; modules = [ base-module config diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 57495ea69..1205e192b 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with import ../4lib { inherit lib; }; +with lib; let target = config.krebs.build // { user.name = "root"; }; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ff0cc8346..e2aea7057 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with import ../4lib { inherit lib; }; +with lib; let cfg = config.krebs; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 64b7820b2..234129497 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -6,7 +6,7 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with import ../4lib { inherit lib; }; +with lib; let cfg = config.krebs.git; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 2a1df9e03..5503ee8d6 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -1,7 +1,6 @@ { config, lib, pkgs, ... }: -with builtins; -with import ../4lib { inherit lib; }; +with lib; let cfg = config.krebs.github-hosts-sync; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index afedf95f2..59052021b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,6 +1,6 @@ { lib, ... }: -with import ../../4lib { inherit lib; }; +with lib; { hosts = addNames { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 4628b2acc..9cf5c9aea 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,6 +1,6 @@ { lib, ... }: -with import ../../4lib { inherit lib; }; +with lib; { hosts = addNames { diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 5d5fead8f..5a1ff1416 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,6 +1,6 @@ { lib, ... }: -with import ../../4lib { inherit lib; }; +with lib; { dns.providers = { diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 0a6101314..396307c22 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -3,8 +3,6 @@ with builtins; with lib; -builtins // -lib // rec { eq = x: y: x == y; diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 84fb8725b..0ec4b3ded 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,7 +1,6 @@ -{ pkgs, ... }: - -with import ../4lib { inherit (pkgs) lib; }; +{ lib, pkgs, ... }: +with lib; let subdirs = mapAttrs (_: flip pkgs.callPackage {}) (subdirsOf ./.); pkgs' = pkgs // subdirs; diff --git a/krebs/default.nix b/krebs/default.nix index de805a89c..5518a4496 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,6 +1,7 @@ { current-date , current-host-name , current-user-name +, lib , stockholm }: @@ -8,7 +9,6 @@ let out = { inherit deploy; inherit infest; inherit init; - inherit lib; inherit nixos-install; }; @@ -131,11 +131,6 @@ let out = { ''} ''; - lib = import ./4lib { lib = import ; } // rec { - stockholm-path = ../.; - nspath = ns: p: stockholm-path + "/${ns}/${p}"; - }; - doc = s: let b = "EOF${builtins.hashString "sha256" s}"; in '' diff --git a/tv/2configs/test.nix b/tv/2configs/test.nix index 409b4e9b4..f5f068d6f 100644 --- a/tv/2configs/test.nix +++ b/tv/2configs/test.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import ../4lib { inherit lib pkgs; }; +with lib; let out = { diff --git a/tv/3modules/consul.nix b/tv/3modules/consul.nix index e764ab7b2..ccdee07f5 100644 --- a/tv/3modules/consul.nix +++ b/tv/3modules/consul.nix @@ -5,7 +5,7 @@ # TODO consul-bootstrap HOST that actually does is # TODO tools to inspect state of a cluster in outage state -with import ../4lib { inherit lib pkgs; }; +with lib; let cfg = config.tv.consul; diff --git a/tv/4lib/default.nix b/tv/4lib/default.nix index 106535ba2..7e6b2ab17 100644 --- a/tv/4lib/default.nix +++ b/tv/4lib/default.nix @@ -1,20 +1,14 @@ { lib, pkgs, ... }: -let - krebs = import ../../krebs/4lib { inherit lib; }; -in - -with krebs; - -krebs // rec { +lib // rec { git = import ./git.nix { - lib = krebs; - inherit pkgs; + inherit lib pkgs; }; # "7.4.335" -> "74" majmin = with lib; x : concatStrings (take 2 (splitString "." x)); - shell-escape = krebs.shell.escape; + # TODO deprecate shell-escape for lass + shell-escape = lib.shell.escape; } -- cgit v1.3.1 From 309102967ebad616d3f6a0dec361d80a61092ec8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Oct 2015 01:32:44 +0200 Subject: l: add test systems --- krebs/3modules/lass/default.nix | 31 +++++++++++++++++++++++++++++-- lass/1systems/test-arch.nix | 36 ++++++++++++++++++++++++++++++++++++ lass/1systems/test-centos6.nix | 30 ++++++++++++++++++++++++++++++ lass/1systems/test-centos7.nix | 31 +++++++++++++++++++++++++++++++ 4 files changed, 126 insertions(+), 2 deletions(-) create mode 100644 lass/1systems/test-arch.nix create mode 100644 lass/1systems/test-centos6.nix create mode 100644 lass/1systems/test-centos7.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 5c48d9642..3f81acb9e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -2,7 +2,34 @@ with import ../../4lib { inherit lib; }; -{ +let + testHosts = lib.genAttrs [ + "test-arch" + "test-centos6" + "test-centos7" + ] (name: { + inherit name; + nets = { + retiolum = { + addrs4 = ["10.243.111.111"]; + addrs6 = ["42:0:0:0:0:0:0:7357"]; + aliases = [ + "test.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd + mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5 + TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1 + K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8 + QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY + VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }); +in { hosts = addNames { echelon = { cores = 4; @@ -180,7 +207,7 @@ with import ../../4lib { inherit lib; }; }; }; - }; + } // testHosts; users = addNames { lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; diff --git a/lass/1systems/test-arch.nix b/lass/1systems/test-arch.nix new file mode 100644 index 000000000..0ab9da2f3 --- /dev/null +++ b/lass/1systems/test-arch.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; + inherit (lib) head; + +in { + imports = [ + ../2configs/base.nix + { + boot.loader.grub = { + device = "/dev/sda"; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/sda1"; + }; + } + { + networking.dhcpcd.allowInterfaces = [ + "enp*" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.test-arch; +} diff --git a/lass/1systems/test-centos6.nix b/lass/1systems/test-centos6.nix new file mode 100644 index 000000000..7270c2262 --- /dev/null +++ b/lass/1systems/test-centos6.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; + inherit (lib) head; + + ip = "168.235.148.52"; +in { + imports = [ + ../2configs/base.nix + ../2configs/os-templates/CAC-CentOS-6.5-64bit.nix + { + networking.interfaces.enp11s0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = getDefaultGateway ip; + networking.nameservers = [ + "8.8.8.8" + ]; + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.test-centos6; +} diff --git a/lass/1systems/test-centos7.nix b/lass/1systems/test-centos7.nix new file mode 100644 index 000000000..91bd3e0fe --- /dev/null +++ b/lass/1systems/test-centos7.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +let + inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; + inherit (lib) head; + + ip = "168.235.145.85"; +in { + imports = [ + ../2configs/base.nix + ../2configs/os-templates/CAC-CentOS-7-64bit.nix + { + networking.interfaces.enp2s1.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = getDefaultGateway ip; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + { + sound.enable = false; + } + ]; + + krebs.build.host = config.krebs.hosts.test-centos7; +} -- cgit v1.3.1 From 3ce57c3de3f3dc95669d3a0564f6f7d0ff425321 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 21 Oct 2015 00:08:18 +0200 Subject: stockholm: provide krebs lib --- default.nix | 24 +++++++++++++++++++----- krebs/3modules/build.nix | 2 +- krebs/3modules/default.nix | 2 +- krebs/3modules/git.nix | 2 +- krebs/3modules/github-hosts-sync.nix | 3 +-- krebs/3modules/lass/default.nix | 2 +- krebs/3modules/makefu/default.nix | 2 +- krebs/3modules/tv/default.nix | 2 +- krebs/4lib/default.nix | 2 -- krebs/5pkgs/default.nix | 5 ++--- krebs/default.nix | 7 +------ tv/2configs/test.nix | 2 +- tv/3modules/consul.nix | 2 +- tv/4lib/default.nix | 14 ++++---------- 14 files changed, 35 insertions(+), 36 deletions(-) (limited to 'krebs/3modules') diff --git a/default.nix b/default.nix index 11bae7d98..c70225174 100644 --- a/default.nix +++ b/default.nix @@ -47,8 +47,20 @@ let stockholm = { inherit (eval {}) pkgs; }; - krebs = import ./krebs (current // { inherit stockholm; }); - inherit (krebs) lib; + krebs = import ./krebs (current // { inherit lib stockholm; }); + + lib = + let + lib = import ; + klib = import ./krebs/4lib { inherit lib; }; + #ulib = import (./. + "/${current-user-name}/4lib") { lib = lib // klib; }; + ulib = {}; # TODO + in + builtins // lib // klib // ulib // rec { + # TODO move this stuff + stockholm-path = ./.; + nspath = ns: p: stockholm-path + "/${ns}/${p}"; + }; # Path resolvers for common and individual files. # Example: `upath "3modules"` produces the current user's 3modules directory @@ -65,8 +77,8 @@ let stockholm = { let # Notice the ordering. Krebs packages can only depend on Nixpkgs, # whereas user packages additionally can depend on krebs packages. - kpkgs = import (kpath "5pkgs") { inherit pkgs; }; - upkgs = import (upath "5pkgs") { pkgs = pkgs // kpkgs; }; + kpkgs = import (kpath "5pkgs") { inherit lib pkgs; }; + upkgs = import (upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; }; in kpkgs // upkgs; }; @@ -76,8 +88,10 @@ let stockholm = { # packages and modules on top of NixOS. Some of this stuff might become # useful to a broader audience, at which point it should probably be merged # and pull-requested for inclusion into NixOS/nixpkgs. - # TODO provide krebs lib, so modules don't have to import it awkwardly eval = config: import { + specialArgs = { + inherit lib; + }; modules = [ base-module config diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 57495ea69..1205e192b 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with import ../4lib { inherit lib; }; +with lib; let target = config.krebs.build // { user.name = "root"; }; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 756245c0b..c695589ca 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with import ../4lib { inherit lib; }; +with lib; let cfg = config.krebs; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 64b7820b2..234129497 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -6,7 +6,7 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with import ../4lib { inherit lib; }; +with lib; let cfg = config.krebs.git; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 2a1df9e03..5503ee8d6 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -1,7 +1,6 @@ { config, lib, pkgs, ... }: -with builtins; -with import ../4lib { inherit lib; }; +with lib; let cfg = config.krebs.github-hosts-sync; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3f81acb9e..d86c00563 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,6 +1,6 @@ { lib, ... }: -with import ../../4lib { inherit lib; }; +with lib; let testHosts = lib.genAttrs [ diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index acc5d7dd2..42764e48c 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,6 +1,6 @@ { lib, ... }: -with import ../../4lib { inherit lib; }; +with lib; { hosts = addNames { diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 5d5fead8f..5a1ff1416 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,6 +1,6 @@ { lib, ... }: -with import ../../4lib { inherit lib; }; +with lib; { dns.providers = { diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 0a6101314..396307c22 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -3,8 +3,6 @@ with builtins; with lib; -builtins // -lib // rec { eq = x: y: x == y; diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 84fb8725b..0ec4b3ded 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,7 +1,6 @@ -{ pkgs, ... }: - -with import ../4lib { inherit (pkgs) lib; }; +{ lib, pkgs, ... }: +with lib; let subdirs = mapAttrs (_: flip pkgs.callPackage {}) (subdirsOf ./.); pkgs' = pkgs // subdirs; diff --git a/krebs/default.nix b/krebs/default.nix index de805a89c..5518a4496 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,6 +1,7 @@ { current-date , current-host-name , current-user-name +, lib , stockholm }: @@ -8,7 +9,6 @@ let out = { inherit deploy; inherit infest; inherit init; - inherit lib; inherit nixos-install; }; @@ -131,11 +131,6 @@ let out = { ''} ''; - lib = import ./4lib { lib = import ; } // rec { - stockholm-path = ../.; - nspath = ns: p: stockholm-path + "/${ns}/${p}"; - }; - doc = s: let b = "EOF${builtins.hashString "sha256" s}"; in '' diff --git a/tv/2configs/test.nix b/tv/2configs/test.nix index 409b4e9b4..f5f068d6f 100644 --- a/tv/2configs/test.nix +++ b/tv/2configs/test.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import ../4lib { inherit lib pkgs; }; +with lib; let out = { diff --git a/tv/3modules/consul.nix b/tv/3modules/consul.nix index e764ab7b2..ccdee07f5 100644 --- a/tv/3modules/consul.nix +++ b/tv/3modules/consul.nix @@ -5,7 +5,7 @@ # TODO consul-bootstrap HOST that actually does is # TODO tools to inspect state of a cluster in outage state -with import ../4lib { inherit lib pkgs; }; +with lib; let cfg = config.tv.consul; diff --git a/tv/4lib/default.nix b/tv/4lib/default.nix index 106535ba2..7e6b2ab17 100644 --- a/tv/4lib/default.nix +++ b/tv/4lib/default.nix @@ -1,20 +1,14 @@ { lib, pkgs, ... }: -let - krebs = import ../../krebs/4lib { inherit lib; }; -in - -with krebs; - -krebs // rec { +lib // rec { git = import ./git.nix { - lib = krebs; - inherit pkgs; + inherit lib pkgs; }; # "7.4.335" -> "74" majmin = with lib; x : concatStrings (take 2 (splitString "." x)); - shell-escape = krebs.shell.escape; + # TODO deprecate shell-escape for lass + shell-escape = lib.shell.escape; } -- cgit v1.3.1 From 0863983b7d7568266ed078dbce7ff96e08f2f082 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 21 Oct 2015 13:16:04 +0200 Subject: wu: add alias cgit.wu.retiolum --- krebs/3modules/tv/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 5a1ff1416..f3dcd18b0 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -231,6 +231,7 @@ with lib; addrs6 = ["42:0:0:0:0:0:0:1337"]; aliases = [ "wu.retiolum" + "cgit.wu.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.3.1 From b55f07e57af69f918182405d473d22981c515b86 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 21 Oct 2015 13:48:53 +0200 Subject: mkdir: 104.233.84.215 -> 104.167.114.142 --- krebs/3modules/tv/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index f3dcd18b0..4c295dffe 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -65,7 +65,7 @@ with lib; dc = "tv"; #dc = "cac"; nets = rec { internet = { - addrs4 = ["104.233.84.215"]; + addrs4 = ["104.167.114.142"]; aliases = [ "mkdir.internet" ]; -- cgit v1.3.1 From 14f08e2a1c6e8065c0fef15539df030eb2054ac1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 21 Oct 2015 13:51:10 +0200 Subject: k 3 l: add cores to testsystems --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d86c00563..498282b03 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -9,6 +9,7 @@ let "test-centos7" ] (name: { inherit name; + cores = 1; nets = { retiolum = { addrs4 = ["10.243.111.111"]; -- cgit v1.3.1 From 709ebf6bbcc2e0d4644ed35cd42db47c4f2e78c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 23 Oct 2015 15:31:31 +0200 Subject: krebs 3 zone-generation: for consistency, add newline at the end --- krebs/3modules/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 075db1826..bc858f668 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -105,8 +105,8 @@ let # Implements environment.etc."zones/" environment.etc = let - stripEmptyLines = s: concatStringsSep "\n" - (remove "\n" (remove "" (splitString "\n" s))); + stripEmptyLines = s: (concatStringsSep "\n" + (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" ([cfg.zone-head-config] ++ combined-hosts); combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); -- cgit v1.3.1 From daa8fe2aa83451e7d4fc120f7fd417409ac2666c Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 25 Oct 2015 14:07:51 +0100 Subject: init users.shared.wolf --- krebs/3modules/default.nix | 1 + krebs/3modules/shared/default.nix | 42 +++++++++++++++ krebs/Zhosts/wolf | 10 ++++ shared/1systems/wolf.nix | 108 ++++++++++++++++++++++++++++++++++++++ shared/3modules/default.nix | 5 ++ shared/5pkgs/default.nix | 5 ++ 6 files changed, 171 insertions(+) create mode 100644 krebs/3modules/shared/default.nix create mode 100644 krebs/Zhosts/wolf create mode 100644 shared/1systems/wolf.nix create mode 100644 shared/3modules/default.nix create mode 100644 shared/5pkgs/default.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e244ef7b7..dd2f9e762 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -76,6 +76,7 @@ let imp = mkMerge [ { krebs = import ./lass { inherit lib; }; } { krebs = import ./makefu { inherit lib; }; } + { krebs = import ./shared { inherit lib; }; } { krebs = import ./tv { inherit lib; }; } { krebs.dns.providers = { diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix new file mode 100644 index 000000000..24dd7b782 --- /dev/null +++ b/krebs/3modules/shared/default.nix @@ -0,0 +1,42 @@ +{ lib, ... }: + +with lib; + +{ + hosts = addNames { + wolf = { + #dc = "shack"; + nets = { + #shack = { + # addrs4 = [ TODO ]; + # aliases = ["wolf.shack"]; + #}; + retiolum = { + addrs4 = ["10.243.77.1"]; + addrs6 = ["42:0:0:0:0:0:77:1"]; + aliases = [ + "wolf.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb + HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7 + apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg + 4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk + 7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH + 8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; + }; + }; + users = addNames { + shared = { + mail = "spam@krebsco.de"; + pubkey = "lol"; # TODO krebs.users.shared.pubkey should be unnecessary + }; + }; +} diff --git a/krebs/Zhosts/wolf b/krebs/Zhosts/wolf new file mode 100644 index 000000000..ded8275bd --- /dev/null +++ b/krebs/Zhosts/wolf @@ -0,0 +1,10 @@ +Subnet = 10.243.77.1/32 +Subnet = 42:0:0:0:0:0:77:1/128 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb +HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7 +apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg +4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk +7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH +8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix new file mode 100644 index 000000000..d4ed40956 --- /dev/null +++ b/shared/1systems/wolf.nix @@ -0,0 +1,108 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + imports = [ + + ]; + + krebs.build.host = config.krebs.hosts.wolf; + # TODO rename shared user to "krebs" + krebs.build.user = config.krebs.users.shared; + krebs.build.target = "wolf"; + + krebs.enable = true; + krebs.retiolum = { + enable = true; + connectTo = [ + # TODO remove connectTo cd, this was only used for bootstrapping + "cd" + "gum" + "pigstarter" + ]; + }; + + krebs.build.source = { + git.nixpkgs = { + url = https://github.com/NixOS/nixpkgs; + rev = "e916273209560b302ab231606babf5ce1c481f08"; + }; + dir.secrets = { + # TODO use current-host-name to determine secrets host + host = config.krebs.hosts.wu; + path = "${getEnv "HOME"}/secrets/krebs/wolf"; + }; + dir.stockholm = { + # TODO use current-host-name to determine stockholm host + host = config.krebs.hosts.wu; + path = "${getEnv "HOME"}/stockholm"; + }; + }; + + networking.hostName = config.krebs.build.host.name; + + boot.kernel.sysctl = { + # Enable IPv6 Privacy Extensions + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" + ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; + + swapDevices = [ + { device = "/dev/disk/by-label/swap"; } + ]; + + nix.maxJobs = 1; + nix.trustedBinaryCaches = [ + "https://cache.nixos.org" + "http://cache.nixos.org" + "http://hydra.nixos.org" + ]; + nix.useChroot = true; + + nixpkgs.config.packageOverrides = pkgs: { + nano = pkgs.vim; + }; + + environment.systemPackages = with pkgs; [ + git + rxvt_unicode.terminfo + ]; + + time.timeZone = "Europe/Berlin"; + + programs.ssh.startAgent = false; + + services.openssh = { + enable = true; + hostKeys = [ + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + services.cron.enable = false; + services.nscd.enable = false; + services.ntp.enable = false; + + users.mutableUsers = false; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + # TODO + config.krebs.users.lass.pubkey + config.krebs.users.makefu.pubkey + config.krebs.users.tv.pubkey + ]; + + # The NixOS release to be compatible with for stateful data such as databases. + system.stateVersion = "15.09"; +} diff --git a/shared/3modules/default.nix b/shared/3modules/default.nix new file mode 100644 index 000000000..7fbdb77f4 --- /dev/null +++ b/shared/3modules/default.nix @@ -0,0 +1,5 @@ +# TODO don't require 3modules +_: + +{ +} diff --git a/shared/5pkgs/default.nix b/shared/5pkgs/default.nix new file mode 100644 index 000000000..fdcfbb209 --- /dev/null +++ b/shared/5pkgs/default.nix @@ -0,0 +1,5 @@ +# TODO don't require 5pkgs +_: + +{ +} -- cgit v1.3.1 From 8f15daf2ea25304e9cbc8d449fb92078b2fb6f03 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 25 Oct 2015 14:15:21 +0100 Subject: init krebs.current --- default.nix | 6 +++++- krebs/3modules/current.nix | 26 ++++++++++++++++++++++++++ krebs/3modules/default.nix | 1 + 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 krebs/3modules/current.nix (limited to 'krebs/3modules') diff --git a/default.nix b/default.nix index c78464198..472d7597d 100644 --- a/default.nix +++ b/default.nix @@ -31,9 +31,13 @@ let stockholm = { kpath = lib.nspath "krebs"; upath = lib.nspath current-user-name; - base-module = { + base-module = { config, ... }: { imports = map (f: f "3modules") [ kpath upath ]; + krebs.current.enable = true; + krebs.current.host = config.krebs.hosts.${current-host-name}; + krebs.current.user = config.krebs.users.${current-user-name}; + nixpkgs.config.packageOverrides = pkgs: let kpkgs = import (kpath "5pkgs") { inherit lib pkgs; }; diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix new file mode 100644 index 000000000..41941e289 --- /dev/null +++ b/krebs/3modules/current.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.krebs.current; + + out = { + options.krebs.current = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "krebs.current"; + host = mkOption { + type = types.host; + }; + user = mkOption { + type = types.user; + }; + }; + + imp = { + }; + +in out diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index dd2f9e762..2b5fc478c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -8,6 +8,7 @@ let imports = [ ./bepasty-server.nix ./build.nix + ./current.nix ./exim-retiolum.nix ./exim-smarthost.nix ./github-hosts-sync.nix -- cgit v1.3.1 From cca25c7b66c44e0ec826d466bd48f2463df03fe9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 25 Oct 2015 18:06:46 +0100 Subject: wry: listen for graphs.retiolum --- krebs/3modules/makefu/default.nix | 1 + makefu/1systems/wry.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d328033cc..e36a083f2 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -185,6 +185,7 @@ with lib; addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"]; aliases = [ "graphs.wry.retiolum" + "graphs.retiolum" "paste.wry.retiolum" "paste.retiolum" "wry.retiolum" diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 6627d87b5..3baf31dc5 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -47,7 +47,7 @@ in { # TODO: remove hard-coded hostname complete = { listen = [ "${internal-ip}:80" ]; - server-names = [ "graphs.wry" ]; + server-names = [ "graphs.wry" "graphs.retiolum" "graphs.wry.retiolum" ]; }; anonymous = { listen = [ "${external-ip}:80" ] ; -- cgit v1.3.1 From 642583145200f5a2cb8be1b38707e2b2ea3dc3e5 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 25 Oct 2015 21:54:59 +0100 Subject: k 3 tinc_graphs: is now completely self-contained --- krebs/3modules/tinc_graphs.nix | 7 +++++-- krebs/5pkgs/tinc_graphs/default.nix | 26 ++++++++++++++++++++++++++ makefu/5pkgs/tinc_graphs/default.nix | 26 -------------------------- 3 files changed, 31 insertions(+), 28 deletions(-) create mode 100644 krebs/5pkgs/tinc_graphs/default.nix delete mode 100644 makefu/5pkgs/tinc_graphs/default.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index a6c628353..e415d20ab 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -95,8 +95,12 @@ let ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' #!/bin/sh + mkdir -p "${internal_dir}" "${external_dir}" if ! test -e "${cfg.workingDir}/internal/index.html"; then - cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}" + cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}" + fi + if ! test -e "${cfg.workingDir}/external/index.html"; then + cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}" fi ''; @@ -118,7 +122,6 @@ let users.extraUsers.tinc_graphs = { uid = 3925439960; #genid tinc_graphs home = "/var/spool/tinc_graphs"; - createHome = true; }; krebs.nginx.servers = mkIf cfg.nginx.enable { diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix new file mode 100644 index 000000000..3040cabe8 --- /dev/null +++ b/krebs/5pkgs/tinc_graphs/default.nix @@ -0,0 +1,26 @@ +{stdenv,fetchurl,pkgs,python3Packages, ... }: + +python3Packages.buildPythonPackage rec { + name = "tinc_graphs-${version}"; + version = "0.3.8"; + propagatedBuildInputs = with pkgs;[ + python3Packages.pygeoip + ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat + ]; + src = fetchurl { + url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz"; + sha256 = "0jc014ipx9pbx5dwi9s5n921c2c26m5vvzrvpjmca550gpdqd5f4"; + }; + preFixup = with pkgs;'' + wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin" + wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin" + wrapProgram $out/bin/tinc-stats2json --prefix PATH : "${tinc}/bin" + ''; + + meta = { + homepage = http://krebsco.de/; + description = "Create Graphs from Tinc Stats"; + license = stdenv.lib.licenses.wtfpl; + }; +} + diff --git a/makefu/5pkgs/tinc_graphs/default.nix b/makefu/5pkgs/tinc_graphs/default.nix deleted file mode 100644 index 62a787d30..000000000 --- a/makefu/5pkgs/tinc_graphs/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{stdenv,fetchurl,pkgs,python3Packages, ... }: - -python3Packages.buildPythonPackage rec { - name = "tinc_graphs-${version}"; - version = "0.3.6"; - propagatedBuildInputs = with pkgs;[ - python3Packages.pygeoip - ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat - ]; - src = fetchurl { - url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz"; - sha256 = "0ghdx9aaipmppvc2b6cgks4nxw6zsb0fhjrmnisbx7rz0vjvzc74"; - }; - preFixup = with pkgs;'' - wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin" - wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin" - wrapProgram $out/bin/tinc-stats2json --prefix PATH : "${tinc}/bin" - ''; - - meta = { - homepage = http://krebsco.de/; - description = "Create Graphs from Tinc Stats"; - license = stdenv.lib.licenses.wtfpl; - }; -} - -- cgit v1.3.1 From 526adba3c81d267266946e7fc96a4a3b51cab366 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 26 Oct 2015 00:04:15 +0100 Subject: k 3 urlwatch: add verbose flag --- krebs/3modules/urlwatch.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 80d9f5e93..206bc5697 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -56,6 +56,13 @@ let https://nixos.org/channels/nixos-unstable/git-revision ]; }; + verbose = mkOption { + type = types.bool; + default = false; + description = '' + verbose output of urlwatch + ''; + }; }; urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls); @@ -106,7 +113,7 @@ let cd /tmp - urlwatch -e --urls="$urlsFile" > changes 2>&1 || : + urlwatch -e ${optionalString cfg.verbose "-v"} --urls="$urlsFile" > changes || : if test -s changes; then date=$(date -R) -- cgit v1.3.1