From f9fff51f9979982b12a3b8022651912ccaf25347 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 18 Apr 2018 08:20:21 +0200 Subject: pssh: RIP --- krebs/5pkgs/simple/pssh/default.nix | 36 ------------------------------------ 1 file changed, 36 deletions(-) delete mode 100644 krebs/5pkgs/simple/pssh/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/pssh/default.nix b/krebs/5pkgs/simple/pssh/default.nix deleted file mode 100644 index 2676af0cf..000000000 --- a/krebs/5pkgs/simple/pssh/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ writeDashBin }: - -writeDashBin "pssh" '' - set -efu - case ''${1-} in - - # TODO create plog with -o json | jq ... | map date - - # usage: pssh {-j,--journal} host... - # Follow journal at each host. - -j|--journal) - shift - "$0" journalctl -n0 -ocat --follow --all ::: "$@" \ - | while read line; do - printf '%s %s\n' "$(date --rfc-3339=s)" "$line" - done - ;; - - -*) - echo $0: unknown option: $1 >&2 - exit 1 - ;; - - # usage: pssh command [arg...] ::: host... - # Run command at each host. - *) - exec parallel \ - --line-buffer \ - -j0 \ - --no-notice \ - --tagstring {} \ - ssh -T {} "$@" - ;; - - esac -'' -- cgit v1.2.3 From 105879da15cf7e3bf9cbc67029a3a2ecf50d616c Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 18 Apr 2018 08:21:17 +0200 Subject: urlwatch: use upstream --- krebs/5pkgs/simple/urlwatch/default.nix | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 krebs/5pkgs/simple/urlwatch/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix deleted file mode 100644 index 64f3ad1ac..000000000 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, fetchFromGitHub, python3Packages }: - -python3Packages.buildPythonApplication rec { - name = "urlwatch-${version}"; - version = "2.8"; - - src = fetchFromGitHub { - owner = "thp"; - repo = "urlwatch"; - rev = version; - sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4"; - }; - - propagatedBuildInputs = with python3Packages; [ - appdirs - keyring - minidb - pycodestyle - pyyaml - requests - ]; - - meta = with stdenv.lib; { - description = "A tool for monitoring webpages for updates"; - homepage = https://thp.io/2008/urlwatch/; - license = licenses.bsd3; - maintainers = with maintainers; [ tv ]; - }; -} -- cgit v1.2.3 From 0fe9b28302c905523f2ecefadfd167e1547785f9 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 18 Apr 2018 08:23:38 +0200 Subject: ucspi-tcp: use upstream --- krebs/5pkgs/simple/ucspi-tcp/chmod.patch | 15 ------ krebs/5pkgs/simple/ucspi-tcp/default.nix | 86 -------------------------------- 2 files changed, 101 deletions(-) delete mode 100644 krebs/5pkgs/simple/ucspi-tcp/chmod.patch delete mode 100644 krebs/5pkgs/simple/ucspi-tcp/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch deleted file mode 100644 index dd6933208..000000000 --- a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/hier.c b/hier.c -index 5663ada..1d73b84 100644 ---- a/hier.c -+++ b/hier.c -@@ -2,8 +2,8 @@ - - void hier() - { -- h(auto_home,-1,-1,02755); -- d(auto_home,"bin",-1,-1,02755); -+ h(auto_home,-1,-1,0755); -+ d(auto_home,"bin",-1,-1,0755); - - c(auto_home,"bin","tcpserver",-1,-1,0755); - c(auto_home,"bin","tcprules",-1,-1,0755); diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix deleted file mode 100644 index 3b043be06..000000000 --- a/krebs/5pkgs/simple/ucspi-tcp/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - name = "ucspi-tcp-0.88"; - - src = fetchurl { - url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz"; - sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja"; - }; - - # Plain upstream tarball doesn't build, get patches from Debian - patches = [ - (fetchurl { - url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz"; - sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6"; - }) - ./chmod.patch - ]; - - # Apply Debian patches - postPatch = '' - for fname in debian/diff/*.diff; do - echo "Applying patch $fname" - patch < "$fname" - done - ''; - - # The build system is weird; 'make install' doesn't install anything, instead - # it builds an executable called ./install (from C code) which installs - # binaries to the directory given on line 1 in ./conf-home. - # - # Also, assume getgroups and setgroups work, instead of doing a build time - # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID - # capability). - preBuild = '' - echo "$out" > conf-home - - echo "main() { return 0; }" > chkshsgr.c - ''; - - installPhase = '' - mkdir -p "$out/bin" - mkdir -p "$out/share/man/man1" - - # run the newly built installer - ./install - - # Install Debian man pages (upstream has none) - cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1" - ''; - - meta = with stdenv.lib; { - description = "Command-line tools for building TCP client-server applications"; - longDescription = '' - tcpserver waits for incoming connections and, for each connection, runs a - program of your choice. Your program receives environment variables - showing the local and remote host names, IP addresses, and port numbers. - - tcpserver offers a concurrency limit to protect you from running out of - processes and memory. When you are handling 40 (by default) simultaneous - connections, tcpserver smoothly defers acceptance of new connections. - - tcpserver also provides TCP access control features, similar to - tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules - are compiled into a hashed format with cdb, so it can easily deal with - thousands of different hosts. - - This package includes a recordio tool that monitors all the input and - output of a server. - - tcpclient makes a TCP connection and runs a program of your choice. It - sets up the same environment variables as tcpserver. - - This package includes several sample clients built on top of tcpclient: - who@, date@, finger@, http@, tcpcat, and mconnect. - - tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program - Interface, using the TCP protocol. UCSPI tools are available for several - different networks. - ''; - homepage = http://cr.yp.to/ucspi-tcp.html; - license = licenses.publicDomain; - platforms = platforms.linux; - maintainers = [ maintainers.bjornfor ]; - }; -} -- cgit v1.2.3 From cc0dfeda397e812a9e6db2f65f6ed0a5a4d67571 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 20 Apr 2018 23:25:36 +0200 Subject: Reaktor/plugins: limit url-title length --- krebs/5pkgs/simple/Reaktor/plugins.nix | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index bcfcbf76b..f3b771190 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -120,11 +120,24 @@ rec { url-title = (buildSimpleReaktorPlugin "url-title" { pattern = "^.*(?Phttp[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; path = with pkgs; [ curl perl ]; - script = pkgs.writeDash "lambda-pl" '' - if [ "$#" -gt 0 ]; then - curl -SsL --max-time 5 "$1" | - perl -l -0777 -ne 'print $1 if /\s*(.*?)\s*<\/title/si' - fi + script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" '' + import sys + import urllib.request + from bs4 import BeautifulSoup + + try: + soup = BeautifulSoup(urllib.request.urlopen(sys.argv[1]), "lxml") + title = soup.find('title').string + + if title: + if len(title) > 512: + print('message to long, skipped') + elif len(title.split('\n')) > 5: + print('to many lines, skipped') + else: + print(title) + except: # noqa: E722 + pass ''; }); -- cgit v1.2.3 From ee30fc920e0512d9d2359404051ba12efc3ee6f2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 12:53:32 +0200 Subject: onebutton.r: init --- krebs/1systems/onebutton/config.nix | 32 ++++++++++++++++++++++++++++++++ krebs/1systems/onebutton/source.nix | 11 +++++++++++ 2 files changed, 43 insertions(+) create mode 100644 krebs/1systems/onebutton/config.nix create mode 100644 krebs/1systems/onebutton/source.nix (limited to 'krebs') diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix new file mode 100644 index 000000000..08a9d6423 --- /dev/null +++ b/krebs/1systems/onebutton/config.nix @@ -0,0 +1,32 @@ +{ config, pkgs, lib, ... }: +{ + imports = [ + + ]; + # NixOS wants to enable GRUB by default + boot.loader.grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + # !!! If your board is a Raspberry Pi 1, select this: + boot.kernelPackages = pkgs.linuxPackages_rpi; + + nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; + nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; + + # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough. + # boot.kernelParams = ["cma=32M"]; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + swapDevices = [ { device = "/swapfile"; size = 1024; } ]; +} diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix new file mode 100644 index 000000000..3ecaf9006 --- /dev/null +++ b/krebs/1systems/onebutton/source.nix @@ -0,0 +1,11 @@ +let + pkgs = import {}; +in import { + name = "onebutton"; + nixpkgs.file = pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs-channels"; + rev = "6c064e6b"; # only binary cache for unstable arm6 + sha256 = "0ssaaaaaaaaaaaawkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8"; + }; +} -- cgit v1.2.3 From 92f7e3e12bdaee3265f583f72e43972269268b1e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 13:02:48 +0200 Subject: generate-secrets: init --- krebs/5pkgs/simple/generate-secrets/default.nix | 46 +++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 krebs/5pkgs/simple/generate-secrets/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix new file mode 100644 index 000000000..a800ff543 --- /dev/null +++ b/krebs/5pkgs/simple/generate-secrets/default.nix @@ -0,0 +1,46 @@ +{ pkgs }: +pkgs.writeDashBin "generate-secrets" '' + HOSTNAME="$1" + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1) + HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null + + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null + ${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null + ${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null + cat < $TMPDIR/hashedPasswords.nix + { + root = "$HASHED_PASSWORD"; + } + EOF + + cd $TMPDIR + for x in *; do + ${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null + done + echo $PASSWORD | ${pkgs.brain}/bin/brain insert -m hosts/$HOSTNAME/root > /dev/null + + cat <; + ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)"; + }; + EOF + + rm -rf $TMPDIR +'' + -- cgit v1.2.3 From b08c606eabe87292e4dc792e7f6faa7d0b679d58 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 13:04:19 +0200 Subject: onebutton.r: init --- krebs/3modules/krebs/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 1e626f0a0..a916c1873 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -91,6 +91,37 @@ in { ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; }; + onebutton = { + cores = 1; + owner = config.krebs.users.krebs; + nets = { + retiolum = { + ip4.addr = "10.243.0.101"; + ip6.addr = "42:0:0:0:0:0:0:101"; + aliases = [ + "onebutton.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA11w6votRExwE0ZEiQmPa + 9WGNsMfNAZEd14iHaHCZH7UPQEH+cH/T6isGPpaysindroMnqFe9mUf/cdYChb6N + aaFreApwGBQaJPUcdy4cfphrFpzmOClpOFuFbnV7ZvAk/wefBad3kUzsq/lK4HvB + 7nPKeOB9kljphLrkzuLL/h2yOenMpO2ZdvwxyWN8HKmUNgvpBQjIr+Hka6cgy7Gp + pBVFHfSnad/eHeEvq91O/bHxrAxzH5N5DVagPDpkbiWYGl+0XVGP/h0CApr15Ael + +j2pJYc0ZlaXIp4KmNRqbd/fLe52JLrWbnFX4rRuY/DhoMqK8kjECEZ7gLiNSpCC + KlnlJ2LXX9c+d79ubzl5yLAJ3d6T4IJqkbAWJDuCrj821M9ZDk/qZwerayhrrvkF + tMYkQoGSe8MvSOU0rTEoH5iSRwDC7M0XzUe4l8/yZLFyD4Prz/dq6coqANfk/tlE + DnH3vDu9lmFvYrLcd6yDWzFfI3mWDJoUa6AKKoScCOaCkRfIM4Aew0i73+h1nJLO + 59AAbZIkDYyWs53QniIG4EQteI9y/9j/628nPAVj68V5oIN76RDXfFHWDWq4DxmU + PpGVmoIKcKZmnl7RrDomRVpuGMdyQ+kCzIGH3XYe12v8Y5beHZBrd3OajgHZ/Tfp + jP873cT6h0hsGm9glgOYho8CAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcZg+iLaPZ0SpLM+nANxIjZC/RIsansjyutK0+gPhIe "; + }; puyak = { ci = true; owner = config.krebs.users.krebs; -- cgit v1.2.3 From 70052cb8c9fedcda1ba8d5270afdf92bc1dd13ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 21 Apr 2018 16:01:31 +0200 Subject: onebutton.r: make it work --- krebs/1systems/onebutton/config.nix | 1 + krebs/1systems/onebutton/source.nix | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index 08a9d6423..19159c8fb 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -29,4 +29,5 @@ }; swapDevices = [ { device = "/swapfile"; size = 1024; } ]; + services.openssh.enable = true; } diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 3ecaf9006..8f25881c9 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -1,11 +1,16 @@ +with import ; let pkgs = import {}; -in import { - name = "onebutton"; - nixpkgs.file = pkgs.fetchFromGitHub { + nixpkgs = pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; # only binary cache for unstable arm6 - sha256 = "0ssaaaaaaaaaaaawkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8"; + sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; + }; +in import { + name = "onebutton"; + override.nixpkgs = mkForce { + file = toString nixpkgs; }; + } -- cgit v1.2.3 From 1501d9e3e6a96e80ed238431ec58b40eb7b1b552 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 16:14:01 +0200 Subject: onebutton.r: minimal disk and default config --- krebs/1systems/onebutton/config.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'krebs') diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index 19159c8fb..c634d73ce 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -2,7 +2,18 @@ { imports = [ + + { # minimal disk usage + environment.noXlibs = true; + nix.gc.automatic = true; + nix.gc.dates = "03:10"; + programs.info.enable = false; + programs.man.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; + services.nixosManual.enable = false; + } ]; + krebs.build.host = config.krebs.hosts.onebutton; # NixOS wants to enable GRUB by default boot.loader.grub.enable = false; # Enables the generation of /boot/extlinux/extlinux.conf -- cgit v1.2.3 From e18887126b848870f60644167db6262c0a558872 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 20:47:23 +0200 Subject: ma: mon.euer points to gum.r --- krebs/3modules/makefu/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e137da7ca..d7a750c6e 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -539,6 +539,7 @@ with import ; dl.euer IN A ${nets.internet.ip4.addr} boot.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} + mon.euer IN A ${nets.internet.ip4.addr} graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} -- cgit v1.2.3 From 6562519e3f8ac4ddb892954eeb8cdedb55ff3d88 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 21 Apr 2018 20:51:16 +0200 Subject: worlddomination: bump to latest, use grequests --- krebs/2configs/shack/worlddomination.nix | 72 +++++++++++++++++++++----------- 1 file changed, 48 insertions(+), 24 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 828b6cd70..838c1958e 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -2,8 +2,56 @@ with import ; let + pkg = pkgs.stdenv.mkDerivation { + name = "worlddomination-2018-04-21"; + src = pkgs.fetchgit { + url = "https://github.com/shackspace/worlddomination/"; + rev = "1b32403b9"; + sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i"; + }; + buildInputs = [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ + docopt + LinkHeader + aiocoap + grequests + paramiko + python + ])) + ]; + installPhase = '' + install -m755 -D backend/push_led.py $out/bin/push-led + install -m755 -D backend/loop_single.py $out/bin/loop-single + # copy the provided file to the package + install -m755 -D backend/wd.lst $out/${wdpath} + ''; + }; pythonPackages = pkgs.python3Packages; # https://github.com/chrysn/aiocoap + grequests = pythonPackages.buildPythonPackage rec { + pname = "grequests"; + version = "0.3.1"; + name = "${pname}-${version}"; + + src = pkgs.fetchFromGitHub { + owner = "kennethreitz"; + repo = "grequests"; + rev = "d1e70eb"; + sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc"; + }; + + doCheck = false; + + propagatedBuildInputs = with pythonPackages; [ requests gevent ]; + + meta = with lib;{ + description = "Asynchronous HTTP requests"; + homepage = https://github.com/kennethreitz/grequests; + license = with licenses; [ bsd2 ]; + maintainers = with maintainers; [ matejc ]; + }; + }; + aiocoap = pythonPackages.buildPythonPackage { name = "aiocoap-0.3"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; @@ -25,30 +73,6 @@ let description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; }; }; - pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2017-06-10"; - src = pkgs.fetchgit { - url = "https://github.com/shackspace/worlddomination/"; - rev = "72fc9b5"; - sha256 = "05h500rswzypcxy4i22qc1vkc8izbzfqa9m86xg289hjxh133xyf"; - }; - buildInputs = [ - (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ - docopt - LinkHeader - aiocoap - requests - paramiko - python - ])) - ]; - installPhase = '' - install -m755 -D backend/push_led.py $out/bin/push-led - install -m755 -D backend/loop_single.py $out/bin/loop-single - # copy the provided file to the package - install -m755 -D backend/wd.lst $out/${wdpath} - ''; - }; wdpath = "/usr/worlddomination/wd.lst"; esphost = "10.42.24.7"; # esp8266 timeout = 10; # minutes -- cgit v1.2.3 From 9a3d7eab701d354bfacc425ed5edc841514a8034 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 24 Apr 2018 19:59:40 +0200 Subject: kops: 1.0.0 -> 1.1.0 --- krebs/5pkgs/simple/kops.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix index a6c82f3ca..8db4b8ddd 100644 --- a/krebs/5pkgs/simple/kops.nix +++ b/krebs/5pkgs/simple/kops.nix @@ -2,6 +2,6 @@ fetchgit { url = https://cgit.krebsco.de/kops; - rev = "refs/tags/v1.0.0"; - sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb"; + rev = "refs/tags/v1.1.0"; + sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb"; } -- cgit v1.2.3 From 8502d51a48c6267545633afaf12074a323a98462 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 24 Apr 2018 23:17:47 +0200 Subject: ejabberd: 17.07 -> 18.01 --- krebs/5pkgs/simple/ejabberd/default.nix | 27 +++++++++++++--------- krebs/5pkgs/simple/ejabberd/ejabberdctl.patch | 32 +++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 11 deletions(-) create mode 100644 krebs/5pkgs/simple/ejabberd/ejabberdctl.patch (limited to 'krebs') diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix index 2799241fa..9e4ed3df5 100644 --- a/krebs/5pkgs/simple/ejabberd/default.nix +++ b/krebs/5pkgs/simple/ejabberd/default.nix @@ -1,5 +1,6 @@ { stdenv, writeScriptBin, lib, fetchurl, git, cacert -, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps +, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd +, flock , withMysql ? false , withPgsql ? false , withSqlite ? false, sqlite @@ -23,17 +24,17 @@ let ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; in stdenv.mkDerivation rec { - version = "17.07"; + version = "18.01"; name = "ejabberd-${version}"; src = fetchurl { url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km"; + sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6"; }; nativeBuildInputs = [ fakegit ]; - buildInputs = [ erlang openssl expat libyaml ] + buildInputs = [ erlang openssl expat libyaml gd ] ++ lib.optional withSqlite sqlite ++ lib.optional withPam pam ++ lib.optional withZlib zlib @@ -50,7 +51,7 @@ in stdenv.mkDerivation rec { configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; - buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; + nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -74,7 +75,7 @@ in stdenv.mkDerivation rec { outputHashMode = "recursive"; outputHashAlgo = "sha256"; - outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7"; + outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk"; }; configureFlags = @@ -92,6 +93,10 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + patches = [ + ./ejabberdctl.patch + ]; + preBuild = '' cp -r $deps deps chmod -R +w deps @@ -101,18 +106,18 @@ in stdenv.mkDerivation rec { postInstall = '' sed -i \ -e '2iexport PATH=${ctlpath}:$PATH' \ - -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ + -e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \ -e 's,\(^ *JOT=\).*,\1,' \ -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ $out/sbin/ejabberdctl ''; - meta = { + meta = with stdenv.lib; { description = "Open-source XMPP application server written in Erlang"; - license = lib.licenses.gpl2; + license = licenses.gpl2; homepage = http://www.ejabberd.im; - platforms = lib.platforms.linux; - maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ]; + platforms = platforms.linux; + maintainers = with maintainers; [ sander abbradar ]; broken = withElixir; }; } diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch new file mode 100644 index 000000000..f7c842b7b --- /dev/null +++ b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch @@ -0,0 +1,32 @@ +--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100 ++++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200 +@@ -42,19 +42,18 @@ + esac + + # parse command line parameters +-for arg; do +- case $arg in +- -n|--node) ERLANG_NODE_ARG=$2; shift;; +- -s|--spool) SPOOL_DIR=$2; shift;; +- -l|--logs) LOGS_DIR=$2; shift;; +- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;; +- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;; +- -d|--config-dir) ETC_DIR=$2; shift;; +- -t|--no-timeout) NO_TIMEOUT="--no-timeout";; +- --) :;; ++while test $# -gt 0; do ++ case $1 in ++ -n|--node) ERLANG_NODE_ARG=$2; shift 2;; ++ -s|--spool) SPOOL_DIR=$2; shift 2;; ++ -l|--logs) LOGS_DIR=$2; shift 2;; ++ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;; ++ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;; ++ -d|--config-dir) ETC_DIR=$2; shift 2;; ++ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;; ++ # --) :;; what is this for? + *) break;; + esac +- shift + done + + # define ejabberd variables if not already defined from the command line -- cgit v1.2.3 From c96b18879e24b77133098d27c6866fb78eab8fde Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Apr 2018 12:56:15 +0200 Subject: newsbot-js: restart daily --- krebs/3modules/newsbot-js.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index d372081ee..00e346f8e 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -93,6 +93,7 @@ let User = "newsbot-js"; Restart = "always"; ExecStart = "${newsbot.package}/bin/newsbot"; + WatchdogSec = "86400"; }; } ) cfg; -- cgit v1.2.3 From 0b9727b3ad324b1d1f6a8db4181be546eb5ec397 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 26 Apr 2018 13:11:14 +0200 Subject: news: update shackspace url --- krebs/2configs/news-spam.nix | 2 +- krebs/2configs/news.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index 63848c234..ac3822bc2 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -120,7 +120,7 @@ [SPAM]sciencemag|http://news.sciencemag.org/rss/current.xml|#snews [SPAM]scmp|http://www.scmp.com/rss/91/feed|#snews [SPAM]sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews - [SPAM]shackspace|http://blog.shackspace.de/?feed=rss2|#snews + [SPAM]shackspace|http://shackspace.de/atom.xml|#snews [SPAM]shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews [SPAM]sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews [SPAM]sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 2628c7986..49a5e3459 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -11,7 +11,7 @@ painload|https://github.com/krebscode/painload/commits/master.atom|#news reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news reddit_nix|http://www.reddit.com/r/nixos/.rss|#news - shackspace|http://blog.shackspace.de/?feed=rss2|#news + shackspace|http://shackspace.de/atom.xml|#news tinc|http://tinc-vpn.org/news/index.rss|#news vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news weechat|http://dev.weechat.org/feed/atom|#news -- cgit v1.2.3 From 5749edd33a867eee28f9f74d86f57a5717f58a18 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 15:52:56 +0200 Subject: l: add monitoring bool to hosts --- krebs/3modules/lass/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0c3e68c39..cf4229a82 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -9,6 +9,7 @@ with import ; hosts = mapAttrs (_: recursiveUpdate { owner = config.krebs.users.lass; ci = true; + monitoring = true; }) { dishfire = { cores = 4; @@ -149,6 +150,7 @@ with import ; }; domsen-nas = { ci = false; + monitoring = false; external = true; nets = rec { internet = { @@ -161,6 +163,7 @@ with import ; }; }; uriel = { + monitoring = false; cores = 1; nets = { gg23 = { @@ -399,10 +402,12 @@ with import ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJzb9BPFClubs6wSOi/ivqPFVPlowXwAxBS0jHaB29hX"; }; iso = { + monitoring = false; ci = false; cores = 1; }; sokrateslaptop = { + monitoring = false; ci = false; external = true; nets = { @@ -426,6 +431,7 @@ with import ; }; }; turingmachine = { + monitoring = false; ci = false; external = true; nets = { @@ -454,6 +460,7 @@ with import ; }; }; eddie = { + monitoring = false; ci = false; external = true; nets = rec { @@ -494,6 +501,7 @@ with import ; }; }; borg = { + monitoring = false; ci = false; external = true; nets = { @@ -521,6 +529,7 @@ with import ; }; }; inspector = { + monitoring = false; ci = false; external = true; nets = rec { @@ -552,6 +561,7 @@ with import ; }; }; dpdkm = { + monitoring = false; ci = false; external = true; nets = rec { -- cgit v1.2.3 From f888226d37abeff6e5c4e61d393a886b16ff0178 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 27 Apr 2018 18:04:46 +0200 Subject: l: RIP echelon.r --- krebs/3modules/lass/default.nix | 33 --------------------------------- 1 file changed, 33 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index cf4229a82..1ad0cd6d4 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -44,39 +44,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; }; - echelon = { - cores = 2; - nets = rec { - internet = { - ip4.addr = "64.137.242.41"; - aliases = [ - "echelon.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.206.103"; - ip6.addr = "42:941e:2816:35f4:5c5e:206b:3f0b:f763"; - aliases = [ - "echelon.r" - "cgit.echelon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ - oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX - MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f - 4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA - n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p - do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; - }; prism = rec { cores = 4; extraZones = { -- cgit v1.2.3 From cfedae61e84501d21e76d382c5c060839742c714 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:23:00 +0200 Subject: hotdog.r: add NIX_REMOTE=daemon to env --- krebs/1systems/hotdog/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 98fb88702..662e094d1 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -21,4 +21,5 @@ boot.isContainer = true; networking.useDHCP = false; krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm"; + environment.variables.NIX_REMOTE = "daemon"; } -- cgit v1.2.3 From 82e465bcfc0e6e6a1481db91f7fd8f43d66d7697 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 09:35:07 +0200 Subject: nixpkgs: 4b4bbce -> b50443b --- krebs/kops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/kops.nix b/krebs/kops.nix index f544b93d2..abd60ee5a 100644 --- a/krebs/kops.nix +++ b/krebs/kops.nix @@ -13,7 +13,7 @@ krebs-source = { nixpkgs.git = { - ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3"; + ref = "b50443b5c4ac0f382c49352a892b9d5d970eb4e7"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; -- cgit v1.2.3 From 936daa16085d2615a4ab624d7249aeda95ec40bb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 16:52:16 +0200 Subject: l: update lassul.us zone --- krebs/3modules/lass/default.nix | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1ad0cd6d4..99010481b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -54,14 +54,17 @@ with import ; "lassul.us" = '' $TTL 3600 @ IN SOA dns16.ovh.net. tech.ovh.net. (2017093001 86400 3600 3600000 300) - 60 IN NS ns16.ovh.net. - 60 IN NS dns16.ovh.net. - 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - 60 IN TXT v=spf1 mx a:lassul.us -all - cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - io 60 IN NS ions.lassul.us. - ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN NS ns16.ovh.net. + 60 IN NS dns16.ovh.net. + 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN TXT v=spf1 mx a:lassul.us -all + 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) + default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + io 60 IN NS ions.lassul.us. + ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { -- cgit v1.2.3 From a8295ac81525996fb5f7393da353eb6fe9f06411 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 17:05:16 +0200 Subject: krebs news-spam: use go.lassul.us --- krebs/2configs/news-spam.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix index ac3822bc2..69c503bf9 100644 --- a/krebs/2configs/news-spam.nix +++ b/krebs/2configs/news-spam.nix @@ -2,6 +2,7 @@ { krebs.newsbot-js.news-spam = { + urlShortenerHost = "go.lassul.us"; feeds = pkgs.writeText "feeds" '' [SPAM]aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews [SPAM]allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews -- cgit v1.2.3 From 1820b1753011eb42bb9be30011e6fbd11993b201 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 28 Apr 2018 23:18:05 +0200 Subject: l: add red.r --- krebs/3modules/lass/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 99010481b..48df04bcb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -639,6 +639,37 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym"; }; + red = { + monitoring = false; + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.0.13"; + ip6.addr = "42:0:0:0:0:0:0:12ed"; + aliases = [ + "red.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArAN/62V2MV18wsZ9VMTG + 4/cqsjvHlffAN8jYDq+GImgREvbiLlFhhHgxwKh0gcDTR8P1xX/00P3/fx/g5bRF + Te7LZT2AFmVFFFfx1n9NBweN/gG2/hzB9J8epbWLNT+RzpzHuAoREvDZ+jweSXaI + phdmQY2s36yrR3TAShqq0q4cwlXuHT00J+InDutM0mTftBQG/fvYkBhHOfq4WSY0 + FeMK7DTKNbsqQiKKQ/kvWi7KfTW0F0c7SDpi7BLwbQzP2WbogtGy9MIrw9ZhE6Ox + TVdAksPKw0TlYdb16X/MkbzBqTYbxFlmWzpMJABMxIVwAfQx3ZGYvJDdDXmQS2qa + mDN2xBb/5pj3fbfp4wbwWlRVSd/AJQtRvaNY24F+UsRJb0WinIguDI6oRZx7Xt8w + oYirKqqq1leb3EYUt8TMIXQsOw0/Iq+JJCwB+ZyLLGVNB19XOxdR3RN1JYeZANpE + cMSS3SdFGgZ//ZAdhIN5kw9yMeKo6Rnt+Vdz3vZWTuSVp/xYO3IMGXNGAdIWIwrJ + 7fwSl/rfXGG816h0sD46U0mxd+i68YOtHlzOKe+vMZ4/FJZYd/E5/IDQluV8HLwa + 5lODfZXUmfStdV+GDA9KVEGUP5xSkC3rMnir66NgHzKpIL002/g/HfGu7O3MrvpW + ng7AMvRv5vbsYcJBj2HUhKUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd/6eCR8yxC14zBJLIQgVa4Zbutv5yr2S8k08ztmBpp"; + }; }; users = { lass = { -- cgit v1.2.3 From 82d5bca54179221759eb59f5bf10975b5261b1e3 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:43:22 +0200 Subject: ma onebutton.r: remove noXlibs --- krebs/1systems/onebutton/config.nix | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'krebs') diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index c634d73ce..dca00a206 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -1,33 +1,34 @@ { config, pkgs, lib, ... }: { + # :l + # builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }) imports = [ - { # minimal disk usage - environment.noXlibs = true; + { # flag to rebuild everything yourself: + # environment.noXlibs = true; + + # minimal disk usage nix.gc.automatic = true; nix.gc.dates = "03:10"; - programs.info.enable = false; - programs.man.enable = false; - services.journald.extraConfig = "SystemMaxUse=50M"; + documentation.man.enable = false; + documentation.info.enable = false; services.nixosManual.enable = false; + services.journald.extraConfig = "SystemMaxUse=50M"; } ]; krebs.build.host = config.krebs.hosts.onebutton; # NixOS wants to enable GRUB by default boot.loader.grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf boot.loader.generic-extlinux-compatible.enable = true; - # !!! If your board is a Raspberry Pi 1, select this: boot.kernelPackages = pkgs.linuxPackages_rpi; nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ]; nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ]; - # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough. - # boot.kernelParams = ["cma=32M"]; - fileSystems = { "/boot" = { device = "/dev/disk/by-label/NIXOS_BOOT"; @@ -41,4 +42,7 @@ swapDevices = [ { device = "/swapfile"; size = 1024; } ]; services.openssh.enable = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; } -- cgit v1.2.3 From 45377068c0bfbb009b7cbe41dbca97dd44c9c955 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 3 May 2018 18:43:59 +0200 Subject: k worlddomination: deploy africa --- krebs/2configs/shack/worlddomination.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'krebs') diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 838c1958e..44176a341 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -75,6 +75,7 @@ let }; wdpath = "/usr/worlddomination/wd.lst"; esphost = "10.42.24.7"; # esp8266 + afrihost = "10.42.25.201"; # africa timeout = 10; # minutes in { systemd.services.worlddomination = { @@ -88,4 +89,16 @@ in { PermissionsStartOnly = true; }; }; + + systemd.services.worlddomination-africa = { + description = "run worlddomination africa"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; # TODO separate user + ExecStart = "${pkg}/bin/push-led ${afrihost} ${pkg}/${wdpath} loop ${toString timeout}"; + Restart = "always"; + PrivateTmp = true; + PermissionsStartOnly = true; + }; + }; } -- cgit v1.2.3 From 6e35be71f64dbb6d83bfd1d6fd8a2d8e1c9eb842 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 3 May 2018 18:49:46 +0200 Subject: kops 1.1.0 -> krops 1.0.0 --- krebs/5pkgs/simple/kops.nix | 7 ------- krebs/5pkgs/simple/krops.nix | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 krebs/5pkgs/simple/kops.nix create mode 100644 krebs/5pkgs/simple/krops.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix deleted file mode 100644 index 8db4b8ddd..000000000 --- a/krebs/5pkgs/simple/kops.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ fetchgit, ... }: - -fetchgit { - url = https://cgit.krebsco.de/kops; - rev = "refs/tags/v1.1.0"; - sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb"; -} diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix new file mode 100644 index 000000000..29bfb52f5 --- /dev/null +++ b/krebs/5pkgs/simple/krops.nix @@ -0,0 +1,7 @@ +{ fetchgit, ... }: + +fetchgit { + url = https://cgit.krebsco.de/krops; + rev = "refs/tags/v1.0.0"; + sha256 = "0ahp3fxb3l1vcjylxw0cd0f4hfp98bxskkf3z9d37hl3m7v4pcb4"; +} -- cgit v1.2.3 From b81fe57e3e137a2449fb8cc5e627e484d84bb00e Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 3 May 2018 22:49:27 +0200 Subject: all hope is lost. RIP --- krebs/1systems/hope/config.nix | 41 ---------------------------------------- krebs/1systems/hope/source.nix | 3 --- krebs/3modules/krebs/default.nix | 32 ------------------------------- 3 files changed, 76 deletions(-) delete mode 100644 krebs/1systems/hope/config.nix delete mode 100644 krebs/1systems/hope/source.nix (limited to 'krebs') diff --git a/krebs/1systems/hope/config.nix b/krebs/1systems/hope/config.nix deleted file mode 100644 index c19b210c5..000000000 --- a/krebs/1systems/hope/config.nix +++ /dev/null @@ -1,41 +0,0 @@ -with import ; -{ config, pkgs, ... }: let - - ip = config.krebs.build.host.nets.internet.ip4.addr; - bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1"; - -in { - imports = [ - - - - - - { - users.extraUsers = { - satan = { - name = "satan"; - uid = 1338; - home = "/home/satan"; - group = "users"; - createHome = true; - useDefaultShell = true; - initialPassword = "test"; - }; - }; - } - ]; - - krebs.build.host = config.krebs.hosts.hope; - - networking = let - address = config.krebs.build.host.nets.internet.ip4.addr; - in { - defaultGateway = bestGuessGateway address; - interfaces.enp2s1.ip4 = singleton { - inherit address; - prefixLength = 24; - }; - nameservers = ["8.8.8.8"]; - }; -} diff --git a/krebs/1systems/hope/source.nix b/krebs/1systems/hope/source.nix deleted file mode 100644 index 7121d1d9d..000000000 --- a/krebs/1systems/hope/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "hope"; -} diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index a916c1873..a938f8ec9 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -30,38 +30,6 @@ let }); in { hosts = { - hope = { - ci = true; - owner = config.krebs.users.krebs; - nets = { - internet = { - ip4.addr = "45.62.225.18"; - aliases = [ - "hope.i" - ]; - ssh.port = 45621; - }; - retiolum = { - ip4.addr = "10.243.77.4"; - ip6.addr = "42:0:0:0:0:0:77:4"; - aliases = [ - "hope.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAsQVWCoNZZd77tYw1qEDlUsfcF0ld+jVorq2uR5il1D8sqER644l5 - uaWxPQjSl27xdq5kvzIH24Ab6/xF2EDgE2fUTwpO5coBYafeiGyi5AwURQmYMp2a - 2CV7uUAagFQaSzD0Aj796r1BXPn1IeE+uRSBmmc/+/7L0hweRGLiha34NOMZkq+4 - A0pwI/CjnyRXdV4AqfORHXkelykJPATm+m3bC+KYogPBeNMP2AV2aYgY8a0UJPMK - fjAJCzxYJjiYxm8faJlm2U1bWytZODQa8pRZOrYQa4he2UoU6x78CNcrQkYLPOFC - K2Q7+B5WJNKV6CqYztXuU/6LTHJRmV0FiwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdLHRI29xJj1jmfSidE2Dh7EsDNszm+WH3Kj4zYBkP/"; - }; hotdog = { ci = true; owner = config.krebs.users.krebs; -- cgit v1.2.3 From c1e6915ccf9dbdd38c35f4849fd2a8a89c35a62d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 4 May 2018 20:28:15 +0200 Subject: l: add lol.lassul.us --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 48df04bcb..36fd5fc63 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -65,6 +65,7 @@ with import ; io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { -- cgit v1.2.3 From 8d6ab1e0bb0be7f779b721c797b937be8e452e02 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 7 May 2018 00:35:28 +0200 Subject: l: add icarus.pgp --- krebs/3modules/lass/default.nix | 1 + krebs/3modules/lass/pgp/icarus.pgp | 51 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 krebs/3modules/lass/pgp/icarus.pgp (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 36fd5fc63..aa0b43f9a 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -698,6 +698,7 @@ with import ; lass-icarus = { mail = "lass@icarus.r"; pubkey = builtins.readFile ./ssh/icarus.rsa; + pgp.pubkeys.default = builtins.readFile ./pgp/icarus.pgp; }; lass-xerxes = { mail = "lass@xerxes.r"; diff --git a/krebs/3modules/lass/pgp/icarus.pgp b/krebs/3modules/lass/pgp/icarus.pgp new file mode 100644 index 000000000..f41478a09 --- /dev/null +++ b/krebs/3modules/lass/pgp/icarus.pgp @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFpqAGEBEADWiwVYVFXuK9kM7Y1XFL70jb2ZAZBRIpcZF81URMDFhm6ulvHq +fEhXTpiKKmfnv5Mz6r6wAWLJFKOKZuEvg8NwplRrlBHMkR3iEx4+7sP/dVey7U6f ++gI61ytFHTOKr52gstPVdXO3xhNmdrAI1hFuF2DxoXKloz8tPP92dZcCdm7+5C+2 +KSYEBrIp/Zv1cjkbAFwek5y4ut65sBh/VM+RhSLbqwzyCxwfBE9QAJdIEiSmChql +Lcz6CToYrdXhOY0ykx+QhT092k/6Xh66JeZ63WVHGrF+SSabq5NNcbWi7EISioHd +N6JXZmbXMpS/BxgMe145e3mWnd3KOSeOxaiORqev8VOycjRQJfSm8Ky+GtWIyxp7 +rwEHbY8vlG2X9RMW5UxVmSRPWLykZoX0Xvmnrpwcohb5WdkuCp9NjqF0gDswU8do +bCqASfeWBvJAQkoAlMLU7YH+ymmeQcSVdLy4Jpv1fk5FocQBihTBnC1+ztt7Rm8m +8VGEpH1h174/z4Xn+bCkRZqopl9GlvpilLT8m8N8jdL7QLZJlQwrHVtima8Rg3XZ +TriW1Ha/NxHZ8nN7pbisqXHCrJB0szzu++yVeQ7Ebr7HA0tIHqDhqVR0s6a1g5AX +JYI8vCErowhvPf+BVCUYfmh5dJAY6tt9zrvCneaZ7ogPzOH9kRnZXYi7ZQARAQAB +tBZpY2FydXMgPGxhc3NAaWNhcnVzLnI+iQJOBBMBCAA4FiEEbimq9dgDayT9DrQy +FSODpr2bDFMFAlpqAGECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQFSOD +pr2bDFNVohAAiY6Pp4whrAIKwNkzqLkUl2SyQCVSGOce906jthKSixdfaUORZPdD +AnyYUmPyVpWxKYjZl7IfmDDo7D6m21tP8FxCRK8/oYAtz3uRK5b5sb0/5YR77O9+ +s65sNhU8jiHetUEHQ0Z9UJKfm1DpanJ37uIhVcye8BC8OuSD0v0s+hZ+2ZaN1qdn +qqCkujAILxOWo1ZDqpXfHaV11AotzlgyYmxlXzClsLB0SGhU7HUZesKETn3JUmrV +88kkpug8gn9MpTSPDIWsTeNUWpNhqdDRA+2TUygtpQSKzJC8sdkFaWkMrH3cF6wA +BZ+4tS2mRMQWq9BNMK+xnkWPvYO9e6v4ddXtlcVgGTUhSo+opCXza3dcXE5Xbv8x +a1T5HJSV0HQPTrlAUoXZveu7ZgYVO5SOTCm1jBNKX8WCmvO6yJRalxo9N/d6gswq +tKAGm9tlXpTXnG6tvebmSxjzjVwjbQMDJGy4Cj4bw0GGCdapDFrPidUDY/INmU7D +TWtNsAJlJRuu7ddxIVTspZ7rmDBAOhYzXxGuU3ntZFTiFm9BpCmHYWpeQ5EKuxhJ +mgxzC9wKDoS8NRKwt5ak/mX0vpXkJjF2Lrza0wCAZ1ZYWFNaehEwhNT51s9kZIi3 +w1v2z8xmu7VDq/n2sMRtMe7MVIOh1Nu7l/5Uqeb+EYnEc1NGZsFxcYK5Ag0EWmoA +YQEQALMaaF9HeDpeqDjDpxanjjIz4YXMZoMkXwrLS/Rn2mobG5lJzxU+1AkwXxTD +K45A0YHWsnAH1S8V9Gx+NlUMS/S/m9BruSXNohUKARIJLbltEM/EufOThjgfhW0Y +cLorZ1kOSZvORR9+Ctuq/RcvGFwyLB/4OpcGHUezTIcAkLUo0lKPS4HtT2ogSUIx +UstAMwEOSQIDR6sDDiS0BXNdlkKK6daLpH+snQMGP+ILAyRHGu1MlYkACDQZa5aP +9vpany7zC9Ls7vaewCevZCUJfs00VF72pdCRdBV8oPQqwPfhS+uSCV58WwWCqHTq +8PtxCVVzQdngOvScRvjrijtzlseyyTW3w9DPoDsQ16oM3y0kcnnv2hdfTVuv4+YK +9fVRIrWEAlU3cxud7iws9+vUO9GwyWy+epFLiCgNgJR/RVIIjcHUExn/XAcFStjw +QtW+3BxjYmdJpsh5wvmMJSMZDJFMEdKYPm4RI7ZfKVwl6yFeJt3hNkLxxF7k2fXB +84pIvl03hXA3tRQ5t46wS7L2EPlWT00+MCraczvbIS+SX1nCp4ZXLBs0YmicioBS +Os0zEtVs+80eWMf86MTT7YLwre4t+QRbM/RyIvJFTqBT3ad7/7ZMyEuVJBwDJlpx +LGwZGa6zwnbzcf8Us4kAIRzQoK8VOg/xC/ymJYCk3oJCKD9RABEBAAGJAjYEGAEI +ACAWIQRuKar12ANrJP0OtDIVI4OmvZsMUwUCWmoAYQIbDAAKCRAVI4OmvZsMU1vw +EACDJDmZR5BIPxwr9+1Z5ZgT7XcBUbu4F2w84J3xqCUYqcti6I4lSMtxfw94crMp +HoexOVOhvoTneIliv0a4ZSu84u4CGoFn4M7RA0Ka1SVvbuasXf57sVwRptXjr3LL +f/0olra5rkIyZbsvKm0g2N/bfmCfmtOClFDst2yK/FovW5PJBRx2mT38qBhHG8j2 +P7zG0/vO846FxjAGvOMGlEVGmN+R9BeecomOKsKgvUbsycAwzZi/2vWAUGbJBYjx +Yd+K8wjPE8g5CumxaLSH/dlY/0BOZygjank+aHLrwMtNnplYVJmmqDhdbgwN6DDk +cCQNLQyk61IdhtZ7UzJyFTkXnXiirrO4WzL6GJjunNzvcTUAU5vNiG+2he1GdxZF +WiLRrcC+oIMWVST8fNRwJZU+Ibw/UIfEV/rHau0fJlxZatks7Qd8gjxSHIyElUVj +CYrizbFPZ85IhkCirX2tvhycK/nseAYjDuJkJIp3Io0sl3cQ9M8Kx790LUbYzNC4 +bZn8vA1YwTr1ny3+vEhMhaaVSTeVrWYV8023kwzcLRWra7F1hJcc9+LNmqHvXR67 +uBW2KPIrXKrjJmGkMVBSrf9PJu5jNfvCWOntck7C7xOWoUcgyt3uTpP7FkHVdolh +HFNPouS3w0HoB20zdCpmyFNs6Rjhey2r5JIttd6ATVRVYA== +=gJia +-----END PGP PUBLIC KEY BLOCK----- -- cgit v1.2.3 From 47c0b0261eabdf230bfc7a375a3a008a04b61c4a Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 9 May 2018 11:11:50 +0200 Subject: krebs: 6tests -> 0tests --- krebs/0tests/data/secrets/grafana_security.nix | 1 + krebs/0tests/data/secrets/hashedPasswords.nix | 1 + krebs/0tests/data/secrets/retiolum.rsa_key.priv | 0 .../data/secrets/shackspace-gitlab-ci-token.nix | 1 + krebs/0tests/data/secrets/ssh.id_ed25519 | 0 krebs/0tests/data/test-config.nix | 22 +++++ krebs/0tests/data/test-source.nix | 12 +++ krebs/0tests/default.nix | 6 ++ krebs/0tests/deploy.nix | 106 +++++++++++++++++++++ krebs/3modules/ci.nix | 2 +- krebs/6tests/data/secrets/grafana_security.nix | 1 - krebs/6tests/data/secrets/hashedPasswords.nix | 1 - krebs/6tests/data/secrets/retiolum.rsa_key.priv | 0 .../data/secrets/shackspace-gitlab-ci-token.nix | 1 - krebs/6tests/data/secrets/ssh.id_ed25519 | 0 krebs/6tests/data/test-config.nix | 22 ----- krebs/6tests/data/test-source.nix | 12 --- krebs/6tests/default.nix | 6 -- krebs/6tests/deploy.nix | 106 --------------------- krebs/kops.nix | 2 +- krebs/source.nix | 2 +- 21 files changed, 152 insertions(+), 152 deletions(-) create mode 100644 krebs/0tests/data/secrets/grafana_security.nix create mode 100644 krebs/0tests/data/secrets/hashedPasswords.nix create mode 100644 krebs/0tests/data/secrets/retiolum.rsa_key.priv create mode 100644 krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix create mode 100644 krebs/0tests/data/secrets/ssh.id_ed25519 create mode 100644 krebs/0tests/data/test-config.nix create mode 100644 krebs/0tests/data/test-source.nix create mode 100644 krebs/0tests/default.nix create mode 100644 krebs/0tests/deploy.nix delete mode 100644 krebs/6tests/data/secrets/grafana_security.nix delete mode 100644 krebs/6tests/data/secrets/hashedPasswords.nix delete mode 100644 krebs/6tests/data/secrets/retiolum.rsa_key.priv delete mode 100644 krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix delete mode 100644 krebs/6tests/data/secrets/ssh.id_ed25519 delete mode 100644 krebs/6tests/data/test-config.nix delete mode 100644 krebs/6tests/data/test-source.nix delete mode 100644 krebs/6tests/default.nix delete mode 100644 krebs/6tests/deploy.nix (limited to 'krebs') diff --git a/krebs/0tests/data/secrets/grafana_security.nix b/krebs/0tests/data/secrets/grafana_security.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/krebs/0tests/data/secrets/grafana_security.nix @@ -0,0 +1 @@ +{} diff --git a/krebs/0tests/data/secrets/hashedPasswords.nix b/krebs/0tests/data/secrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/krebs/0tests/data/secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/krebs/0tests/data/secrets/retiolum.rsa_key.priv b/krebs/0tests/data/secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..e69de29bb diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix new file mode 100644 index 000000000..963e6db8b --- /dev/null +++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix @@ -0,0 +1 @@ +"lol" diff --git a/krebs/0tests/data/secrets/ssh.id_ed25519 b/krebs/0tests/data/secrets/ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb diff --git a/krebs/0tests/data/test-config.nix b/krebs/0tests/data/test-config.nix new file mode 100644 index 000000000..f0927ddd9 --- /dev/null +++ b/krebs/0tests/data/test-config.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + ]; + + krebs.hosts.minimal = { + cores = 1; + secure = false; + }; + + boot.loader.grub.enable = false; + boot.loader.systemd-boot.enable = true; + + krebs.build = { + host = config.krebs.hosts.minimal; + user = config.krebs.users.krebs; + }; +} diff --git a/krebs/0tests/data/test-source.nix b/krebs/0tests/data/test-source.nix new file mode 100644 index 000000000..dfc6b3297 --- /dev/null +++ b/krebs/0tests/data/test-source.nix @@ -0,0 +1,12 @@ +with import ; +evalSource "" [{ + nixos-config = { + symlink.target = toString ./test-config; + }; + nixpkgs = { + symlink.target = toString ; + }; + stockholm = { + symlink.target = toString ; + }; +}] diff --git a/krebs/0tests/default.nix b/krebs/0tests/default.nix new file mode 100644 index 000000000..c0ca00296 --- /dev/null +++ b/krebs/0tests/default.nix @@ -0,0 +1,6 @@ +with import ; +{ ... }: + +{ + deploy = import ./deploy.nix; +} diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix new file mode 100644 index 000000000..d96963500 --- /dev/null +++ b/krebs/0tests/deploy.nix @@ -0,0 +1,106 @@ +with import ; +import ({ ... }: + +let + pkgs = import { overlays = [(import ../5pkgs)]; }; + test-config = ; + privKey = '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy + ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ + AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz + eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ= + -----END OPENSSH PRIVATE KEY----- + ''; + pubKey = '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1 + ''; + + ssh-config = pkgs.writeText "ssh-config" '' + Host server + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null + ''; + + populate-source = { + nixos-config = { + symlink.target = test-config; + type = "symlink"; + }; + nixpkgs = { + symlink.target = ; + type = "symlink"; + }; + stockholm = { + symlink.target = ; + type = "symlink"; + }; + }; + + test-deploy = pkgs.writeDash "test-deploy" '' + cd ${} + export NIX_PATH=stockholm=${}:nixpkgs=${}:$NIX_PATH + exec >&2 + source=${pkgs.writeJSON "source.json" populate-source} + LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" + # TODO: make deploy work + #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ + # --force-populate \ + # --source=${./data/test-source.nix} \ + # --system=server \ + ''; + minimalSystem = (import { + modules = [ + test-config + ]; + }).config.system.build.toplevel; + +in { + name = "deploy"; + + nodes = { + + server = + { config, pkgs, ... }: + + { + imports = [ test-config ]; + environment.variables = { + NIX_PATH = mkForce "nixpkgs=${}"; + }; + services.openssh.enable = true; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + pubKey + ]; + virtualisation.pathsInNixDB = [ + minimalSystem + ]; + environment.systemPackages = [ pkgs.git ]; + }; + + client = + { config, pkgs, ... }: + { }; + }; + + testScript = '' + startAll; + + $server->waitForUnit("sshd"); + + $client->succeed("mkdir -p -m 700 /root/.ssh"); + $client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519"); + $client->succeed("cp ${ssh-config} /root/.ssh/config"); + $client->succeed("chmod 600 /root/.ssh/id_ed25519"); + + $server->waitForUnit("network.target"); + $server->succeed("ip route show 1>&2"); + $client->waitForUnit("network.target"); + $client->succeed("${test-deploy}"); + $server->succeed("nixos-rebuild -I /var/src switch"); + + $client->shutdown; + $server->shutdown; + ''; +}) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index bb19f0602..e97aa16eb 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -147,7 +147,7 @@ in "dummy_secrets": "true", }, command=[ - "nix-build", "-I", "stockholm=.", "krebs/6tests", + "nix-build", "-I", "stockholm=.", "krebs/0tests", "-A", "{}".format(test) ], timeout=90001 diff --git a/krebs/6tests/data/secrets/grafana_security.nix b/krebs/6tests/data/secrets/grafana_security.nix deleted file mode 100644 index 0967ef424..000000000 --- a/krebs/6tests/data/secrets/grafana_security.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/krebs/6tests/data/secrets/hashedPasswords.nix b/krebs/6tests/data/secrets/hashedPasswords.nix deleted file mode 100644 index 0967ef424..000000000 --- a/krebs/6tests/data/secrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/krebs/6tests/data/secrets/retiolum.rsa_key.priv b/krebs/6tests/data/secrets/retiolum.rsa_key.priv deleted file mode 100644 index e69de29bb..000000000 diff --git a/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix deleted file mode 100644 index 963e6db8b..000000000 --- a/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix +++ /dev/null @@ -1 +0,0 @@ -"lol" diff --git a/krebs/6tests/data/secrets/ssh.id_ed25519 b/krebs/6tests/data/secrets/ssh.id_ed25519 deleted file mode 100644 index e69de29bb..0000000