From a96a51e9ac6abc7385702bd562fc7c34df65d143 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Nov 2017 17:55:25 +0100 Subject: hotdog.r: remove krebs reaktor --- krebs/1systems/hotdog/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 4fdb53ae7..73b5377bd 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -13,7 +13,6 @@ - ]; -- cgit v1.3.1 From 9273a32fee20c3f8607d190aea341251de5f5364 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Nov 2017 17:55:25 +0100 Subject: hotdog.r: remove krebs reaktor --- krebs/1systems/hotdog/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'krebs') diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 4fdb53ae7..73b5377bd 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -13,7 +13,6 @@ - ]; -- cgit v1.3.1 From 5014ba291dce70a8b4ffb36ddc0d9cd3a45aa6e4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 28 Nov 2017 19:40:03 +0100 Subject: types: use cidr only in tinc.subnets --- krebs/3modules/lass/default.nix | 6 ++++-- lib/types.nix | 9 ++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 867f1bd34..d2c3000d6 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -449,8 +449,6 @@ with import ; retiolum = rec { via = internet; addrs = [ - # edinburgh university - "129.215.0.0/16" ip4.addr ip6.addr ]; @@ -472,6 +470,10 @@ with import ; lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== -----END RSA PUBLIC KEY----- ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; }; }; }; diff --git a/lib/types.nix b/lib/types.nix index 08dc0974e..c3b14d807 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -92,7 +92,7 @@ rec { default = null; }; addrs = mkOption { - type = listOf cidr; + type = listOf addr; default = optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip6 != null) config.ip6.addr; @@ -155,6 +155,8 @@ rec { ++ (map (a: "Subnet = ${a}") net.addrs) ++ + (map (a: "Subnet = ${a}") config.subnets) + ++ [config.extraConfig] ++ [config.pubkey] @@ -173,6 +175,11 @@ rec { description = "tinc port to use to connect to host"; default = 655; }; + subnets = mkOption { + type = listOf cidr; + description = "tinc subnets"; + default = []; + }; }; })); default = null; -- cgit v1.3.1 From 8f785237b2dc46c63272e360cece351b2974cb6d Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 30 Nov 2017 22:35:04 +0100 Subject: zones module: init (import from default.nix) --- krebs/3modules/default.nix | 12 +----------- krebs/3modules/zones.nix | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 11 deletions(-) create mode 100644 krebs/3modules/zones.nix (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c89f3229d..a8933e719 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -44,6 +44,7 @@ let ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix + ./zones.nix ]; options.krebs = api; config = lib.mkIf cfg.enable imp; @@ -171,17 +172,6 @@ let ''; }; - # Implements environment.etc."zones/" - environment.etc = let - stripEmptyLines = s: (concatStringsSep "\n" - (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; - all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" - ([cfg.zone-head-config] ++ combined-hosts); - combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); - in lib.mapAttrs' (name: value: nameValuePair - ("zones/" + name) - { text=(stripEmptyLines value); }) all-zones; - krebs.exim-smarthost.internet-aliases = let format = from: to: { inherit from; diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix new file mode 100644 index 000000000..eb1351866 --- /dev/null +++ b/krebs/3modules/zones.nix @@ -0,0 +1,22 @@ +with import ; +{ config, ... }: { + + config = { + # Implements environment.etc."zones/" + environment.etc = let + stripEmptyLines = s: (concatStringsSep "\n" + (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; + all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" + ([config.krebs.zone-head-config] ++ combined-hosts); + combined-hosts = + mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts; + in + mapAttrs' + (name: value: { + name = "zones/${name}"; + value.text = stripEmptyLines value; + }) + all-zones; + }; + +} -- cgit v1.3.1 From 3c631cfa76849cb4640e17d8cdda969e4b6f423e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Dec 2017 22:29:18 +0100 Subject: fetchWallpaper: get DISPLAY from xserver.display --- krebs/3modules/fetchWallpaper.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 8d4933cb5..58d361c6e 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -26,8 +26,8 @@ let default = "/var/lib/wallpaper"; }; display = mkOption { - type = types.str; - default = ":0"; + type = types.int; + default = config.services.xserver.display; }; unitConfig = mkOption { type = types.attrsOf types.str; @@ -81,7 +81,7 @@ let environment = { URL = cfg.url; - DISPLAY = cfg.display; + DISPLAY = ":${toString cfg.display}"; }; restartIfChanged = true; -- cgit v1.3.1 From 47e7a6f6880195c41465e92b2d11f060d9e21311 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 3 Dec 2017 23:31:31 +0100 Subject: fetchWallpaper: display should be string --- krebs/3modules/fetchWallpaper.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 58d361c6e..f67188122 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -26,8 +26,8 @@ let default = "/var/lib/wallpaper"; }; display = mkOption { - type = types.int; - default = config.services.xserver.display; + type = types.str; + default = ":${toString config.services.xserver.display}"; }; unitConfig = mkOption { type = types.attrsOf types.str; @@ -81,7 +81,7 @@ let environment = { URL = cfg.url; - DISPLAY = ":${toString cfg.display}"; + DISPLAY = cfg.display; }; restartIfChanged = true; -- cgit v1.3.1 From 054d0cceb132d5f5766de31b3e859c4786fb0661 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 4 Dec 2017 01:01:26 +0100 Subject: ircd: add motd --- krebs/2configs/ircd.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs') diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 38f58952e..b534f9ad4 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -7,6 +7,9 @@ services.charybdis = { enable = true; + motd = '' + hello + ''; config = '' serverinfo { name = "${config.krebs.build.host.name}.irc.retiolum"; -- cgit v1.3.1 From f2bdf5590eb97e6fde86e332f93a733005dfb4a7 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 5 Dec 2017 16:24:52 +0100 Subject: xmonad-stockholm: 1.1.0 -> 1.1.1 --- krebs/5pkgs/haskell/xmonad-stockholm.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index bf19e7d66..954cfd76a 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,13 +1,13 @@ { mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape , xmonad, xmonad-contrib }: -mkDerivation { +mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.1.0"; + version = "1.1.1"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; - rev = "179d29fd4c765dee698058ef63295331ac603639"; - sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj"; + rev = "refs/tags/v${version}"; + sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585"; }; libraryHaskellDepends = [ base containers X11 X11-xshape xmonad xmonad-contrib -- cgit v1.3.1 From d039cd9f487bac52e598f6a715924c58315a1e0a Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 5 Dec 2017 22:36:03 +0100 Subject: haskellPackages.nix-diff: init at 1.0.0 --- krebs/5pkgs/haskell/nix-diff.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 krebs/5pkgs/haskell/nix-diff.nix (limited to 'krebs') diff --git a/krebs/5pkgs/haskell/nix-diff.nix b/krebs/5pkgs/haskell/nix-diff.nix new file mode 100644 index 000000000..2070dbd2e --- /dev/null +++ b/krebs/5pkgs/haskell/nix-diff.nix @@ -0,0 +1,22 @@ +{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl +, nix-derivation, optparse-generic, stdenv, system-filepath, text +, unix, vector +}: +mkDerivation { + pname = "nix-diff"; + version = "1.0.0"; + src = fetchgit { + url = "https://github.com/Gabriel439/nix-diff"; + sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; + rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + attoparsec base containers Diff mtl nix-derivation optparse-generic + system-filepath text unix vector + ]; + homepage = "https://github.com/Gabriel439/nix-diff"; + description = "Explain why two Nix derivations differ"; + license = stdenv.lib.licenses.bsd3; +} -- cgit v1.3.1 From d2de3e883ac0bb229ef45a15fcbf4feb31bb5b75 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 5 Dec 2017 23:08:36 +0100 Subject: stockholm: init --- krebs/5pkgs/simple/stockholm/default.nix | 279 +++++++++++++++++++++++++++++++ shell.nix | 278 +----------------------------- 2 files changed, 282 insertions(+), 275 deletions(-) create mode 100644 krebs/5pkgs/simple/stockholm/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix new file mode 100644 index 000000000..3d41c49c2 --- /dev/null +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -0,0 +1,279 @@ +{ pkgs }: let + + stockholm-dir = ../../../..; + + lib = import (stockholm-dir + "/lib"); + + # + # high level commands + # + + cmds.deploy = pkgs.withGetopt { + diff = { default = /* sh */ "false"; switch = true; }; + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target.default = /* sh */ "$system"; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "stockholm.deploy" '' + set -efu + + . ${init.env} + . ${init.proxy "deploy" opts} + + if \test ${opts.diff.ref} = true; then + + system_profile=/nix/var/nix/profiles/system + system_drv_cur=/etc/system.drv + + system_drv_new=$( + ${pkgs.nix}/bin/nix-instantiate \ + -Q \ + -I "$target_path" \ + -E ' + (import { + modules = [ ]; + }).config.system.build.toplevel + ' + ) + + if \test -e "$system_drv_cur"; then + + system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur") + system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new") + + if \test "$system_drv_cur_c" = "$system_drv_new_c"; then + echo "$0: system up to date" >&2 + exit 0 + fi + + system_drv_cur=$system_drv_cur_c \ + system_drv_new=$system_drv_new_c \ + ${pkgs.utillinux}/bin/script \ + --command ' + ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \ + "$system_drv_cur" "$system_drv_new" + ' \ + --quiet \ + --return \ + /dev/null + + printf 'deploy? [N/y] ' >&2 + read -r REPLY + if \test "$REPLY" != y; then + echo "$0: abort!" >&2 + exit 1 + fi + else + echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2 + fi + + new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new") + + ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system" + PATH=${lib.makeBinPath [ + pkgs.systemd + ]} \ + "$system_profile"/bin/switch-to-configuration switch + + ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur" + exit + fi + + # Use system's nixos-rebuild, which is not self-contained + export PATH=/run/current-system/sw/bin + exec ${utils.with-whatsupnix} \ + nixos-rebuild switch \ + --show-trace \ + -I "$target_path" + ''); + + cmds.install = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeBash "stockholm.install" '' + set -efu + + . ${init.env} + + if \test "''${using_proxy-}" != true; then + ${pkgs.openssh}/bin/ssh \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "$target_user@$target_host" -p "$target_port" \ + env target_path=$(${pkgs.quote}/bin/quote "$target_path") \ + sh -s prepare \ + < ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"} + # TODO inline prepare.sh? + fi + + . ${init.proxy "install" opts} + + # Reset PATH because we need access to nixos-install. + # TODO provide nixos-install instead of relying on prepare.sh + export PATH="$OLD_PATH" + + # these variables get defined by nix-shell (i.e. nix-build) from + # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), + # which only exists on / and not at /mnt. + export NIX_BUILD_TOP=/tmp + export TEMPDIR=/tmp + export TEMP=/tmp + export TMPDIR=/tmp + export TMP=/tmp + export XDG_RUNTIME_DIR=/tmp + + export NIXOS_CONFIG="$target_path/nixos-config" + + cd + exec nixos-install + ''); + + cmds.test = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "stockholm.test" /* sh */ '' + set -efu + + export dummy_secrets=true + + . ${init.env} + . ${init.proxy "test" opts} + + exec ${utils.build} config.system.build.toplevel + ''); + + # + # low level commands + # + + # usage: get-source SOURCE_FILE + cmds.get-source = pkgs.writeDash "stockholm.get-source" '' + set -efu + exec ${pkgs.nix}/bin/nix-instantiate \ + --eval \ + --json \ + --readonly-mode \ + --show-trace \ + --strict \ + "$1" + ''; + + # usage: parse-target [--default=TARGET] TARGET + # TARGET = [USER@]HOST[:PORT][/PATH] + cmds.parse-target = pkgs.withGetopt { + default_target = { + long = "default"; + short = "d"; + }; + } (opts: pkgs.writeDash "stockholm.parse-target" '' + set -efu + target=$1; shift + for arg; do echo "$0: bad argument: $arg" >&2; done + if \test $# != 0; then exit 2; fi + exec ${pkgs.jq}/bin/jq \ + -enr \ + --arg default_target "$default_target" \ + --arg target "$target" \ + -f ${pkgs.writeText "stockholm.parse-target.jq" '' + def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { + user: .captures[0].string, + host: .captures[1].string, + port: .captures[2].string, + path: .captures[3].string, + }; + def sanitize: with_entries(select(.value != null)); + ($default_target | parse) + ($target | parse | sanitize) | + . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } + ''} + ''); + + init.env = pkgs.writeText "init.env" /* sh */ '' + export quiet + export system + export target + export user + + default_target=root@$system:22/var/src + + export target_object="$(parse-target "$target" -d "$default_target")" + export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" + export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" + export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" + export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" + export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" + ''; + + init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' + if \test "''${using_proxy-}" != true; then + + source=$(get-source "$source_file") + qualified_target=$target_user@$target_host:$target_port$target_path + if \test "$force_populate" = true; then + echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target" + else + echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target" + fi + + if \test "$target_local" != true; then + exec ${pkgs.openssh}/bin/ssh \ + "$target_user@$target_host" -p "$target_port" \ + cd "$target_path/stockholm" \; \ + NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ + STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \ + nix-shell --run "$(${pkgs.quote}/bin/quote " + ${lib.concatStringsSep " " (lib.mapAttrsToList + (name: opt: /* sh */ + "${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})") + opts + )} \ + using_proxy=true \ + ${lib.shell.escape command} \ + $WITHGETOPT_ORIG_ARGS \ + ")" + fi + fi + ''; + + utils.build = pkgs.writeDash "utils.build" '' + set -efu + ${utils.with-whatsupnix} \ + ${pkgs.nix}/bin/nix-build \ + --no-out-link \ + --show-trace \ + -E "with import ; $1" \ + -I "$target_path" \ + ''; + + utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' + set -efu + if \test "$quiet" = true; then + "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix + else + exec "$@" + fi + ''; + +in + + pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: + lib.nameValuePair "/bin/${name}" { inherit link; } + ) cmds) diff --git a/shell.nix b/shell.nix index cb251183f..69f5e86c0 100644 --- a/shell.nix +++ b/shell.nix @@ -2,273 +2,7 @@ let lib = import ./lib; pkgs = import { overlays = [(import ./krebs/5pkgs)]; }; - # - # high level commands - # - - cmds.deploy = pkgs.withGetopt { - diff = { default = /* sh */ "false"; switch = true; }; - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target.default = /* sh */ "$system"; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "cmds.deploy" '' - set -efu - - . ${init.env} - . ${init.proxy "deploy" opts} - - if \test ${opts.diff.ref} = true; then - - system_profile=/nix/var/nix/profiles/system - system_drv_cur=/etc/system.drv - - system_drv_new=$( - ${pkgs.nix}/bin/nix-instantiate \ - -Q \ - -I "$target_path" \ - -E ' - (import { - modules = [ ]; - }).config.system.build.toplevel - ' - ) - - if \test -e "$system_drv_cur"; then - - system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur") - system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new") - - if \test "$system_drv_cur_c" = "$system_drv_new_c"; then - echo "$0: system up to date" >&2 - exit 0 - fi - - system_drv_cur=$system_drv_cur_c \ - system_drv_new=$system_drv_new_c \ - ${pkgs.utillinux}/bin/script \ - --command ' - ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \ - "$system_drv_cur" "$system_drv_new" - ' \ - --quiet \ - --return \ - /dev/null - - printf 'deploy? [N/y] ' >&2 - read -r REPLY - if \test "$REPLY" != y; then - echo "$0: abort!" >&2 - exit 1 - fi - else - echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2 - fi - - new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new") - - ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system" - PATH=${lib.makeBinPath [ - pkgs.systemd - ]} \ - "$system_profile"/bin/switch-to-configuration switch - - ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur" - exit - fi - - # Use system's nixos-rebuild, which is not self-contained - export PATH=/run/current-system/sw/bin - exec ${utils.with-whatsupnix} \ - nixos-rebuild switch \ - --show-trace \ - -I "$target_path" - ''); - - cmds.install = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeBash "cmds.install" '' - set -efu - - . ${init.env} - - if \test "''${using_proxy-}" != true; then - ${pkgs.openssh}/bin/ssh \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null \ - "$target_user@$target_host" -p "$target_port" \ - env target_path=$(quote "$target_path") \ - sh -s prepare < ${./krebs/4lib/infest/prepare.sh} - # TODO inline prepare.sh? - fi - - . ${init.proxy "install" opts} - - # Reset PATH because we need access to nixos-install. - # TODO provide nixos-install instead of relying on prepare.sh - export PATH="$OLD_PATH" - - # these variables get defined by nix-shell (i.e. nix-build) from - # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), - # which only exists on / and not at /mnt. - export NIX_BUILD_TOP=/tmp - export TEMPDIR=/tmp - export TEMP=/tmp - export TMPDIR=/tmp - export TMP=/tmp - export XDG_RUNTIME_DIR=/tmp - - export NIXOS_CONFIG="$target_path/nixos-config" - - cd - exec nixos-install - ''); - - cmds.test = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "cmds.test" /* sh */ '' - set -efu - - export dummy_secrets=true - - . ${init.env} - . ${init.proxy "test" opts} - - exec ${utils.build} config.system.build.toplevel - ''); - - # - # low level commands - # - - # usage: get-source SOURCE_FILE - cmds.get-source = pkgs.writeDash "cmds.get-source" '' - set -efu - exec ${pkgs.nix}/bin/nix-instantiate \ - --eval \ - --json \ - --readonly-mode \ - --show-trace \ - --strict \ - "$1" - ''; - - # usage: parse-target [--default=TARGET] TARGET - # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.withGetopt { - default_target = { - long = "default"; - short = "d"; - }; - } (opts: pkgs.writeDash "cmds.parse-target" '' - set -efu - target=$1; shift - for arg; do echo "$0: bad argument: $arg" >&2; done - if \test $# != 0; then exit 2; fi - exec ${pkgs.jq}/bin/jq \ - -enr \ - --arg default_target "$default_target" \ - --arg target "$target" \ - -f ${pkgs.writeText "cmds.parse-target.jq" '' - def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { - user: .captures[0].string, - host: .captures[1].string, - port: .captures[2].string, - path: .captures[3].string, - }; - def sanitize: with_entries(select(.value != null)); - ($default_target | parse) + ($target | parse | sanitize) | - . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } - ''} - ''); - - init.env = pkgs.writeText "init.env" /* sh */ '' - export quiet - export system - export target - export user - - default_target=root@$system:22/var/src - - export target_object="$(parse-target "$target" -d "$default_target")" - export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" - export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" - export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" - export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" - export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" - ''; - - init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' - if \test "''${using_proxy-}" != true; then - - source=$(get-source "$source_file") - qualified_target=$target_user@$target_host:$target_port$target_path - if \test "$force_populate" = true; then - echo "$source" | populate --force "$qualified_target" - else - echo "$source" | populate "$qualified_target" - fi - - if \test "$target_local" != true; then - exec ${pkgs.openssh}/bin/ssh \ - "$target_user@$target_host" -p "$target_port" \ - cd "$target_path/stockholm" \; \ - NIX_PATH=$(quote "$target_path") \ - STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \ - nix-shell --run "$(quote " - ${lib.concatStringsSep " " (lib.mapAttrsToList - (name: opt: /* sh */ "${opt.varname}=\$(quote ${opt.ref})") - opts - )} \ - using_proxy=true \ - ${lib.shell.escape command} \ - $WITHGETOPT_ORIG_ARGS \ - ")" - fi - fi - ''; - - utils.build = pkgs.writeDash "utils.build" '' - set -efu - ${utils.with-whatsupnix} \ - ${pkgs.nix}/bin/nix-build \ - --no-out-link \ - --show-trace \ - -E "with import ; $1" \ - -I "$target_path" \ - ''; - - utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' - set -efu - if \test "$quiet" = true; then - "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix - else - exec "$@" - fi - ''; - - shell.get-version = pkgs.writeDash "shell.get-version" '' + get-version = pkgs.writeDash "get-version" '' set -efu version=git.$(${pkgs.git}/bin/git describe --always --dirty) case $version in (*-dirty) @@ -278,10 +12,6 @@ let echo "$date.$version" ''; - shell.cmdspkg = pkgs.writeOut "shell.cmdspkg" (lib.mapAttrs' (name: link: - lib.nameValuePair "/bin/${name}" { inherit link; } - ) cmds); - in pkgs.stdenv.mkDerivation { name = "stockholm"; shellHook = /* sh */ '' @@ -291,9 +21,7 @@ in pkgs.stdenv.mkDerivation { export NIX_REMOTE=daemon fi export PATH=${lib.makeBinPath [ - pkgs.populate - pkgs.quote - shell.cmdspkg + pkgs.stockholm ]} eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" @@ -312,7 +40,7 @@ in pkgs.stdenv.mkDerivation { } export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${get-version})}" PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' ''; -- cgit v1.3.1 From 3fb25717c5c7dbe69f56cea4c529cac398789c2b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 5 Dec 2017 23:20:50 +0100 Subject: stockholm: interpolate cmds.* --- krebs/5pkgs/simple/stockholm/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 3d41c49c2..3d9cea64d 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -214,7 +214,9 @@ default_target=root@$system:22/var/src - export target_object="$(parse-target "$target" -d "$default_target")" + export target_object="$( + ${cmds.parse-target} "$target" -d "$default_target" + )" export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" @@ -225,7 +227,7 @@ init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' if \test "''${using_proxy-}" != true; then - source=$(get-source "$source_file") + source=$(${cmds.get-source} "$source_file") qualified_target=$target_user@$target_host:$target_port$target_path if \test "$force_populate" = true; then echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target" -- cgit v1.3.1 From 289dd785e5bd5f3a628a7f0282ed4f8638277c5c Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 5 Dec 2017 23:25:09 +0100 Subject: stockholm: export HOSTNAME and STOCKHOLM_VERSION --- krebs/5pkgs/simple/stockholm/default.nix | 14 ++++++++++++++ shell.nix | 13 ------------- 2 files changed, 14 insertions(+), 13 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 3d9cea64d..da07c8120 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -207,6 +207,10 @@ ''); init.env = pkgs.writeText "init.env" /* sh */ '' + + export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" + export quiet export system export target @@ -274,6 +278,16 @@ fi ''; + shell.get-version = pkgs.writeDash "stockholm.get-version" '' + set -efu + version=git.$(${pkgs.git}/bin/git describe --always --dirty) + case $version in (*-dirty) + version=$version@$HOSTNAME + esac + date=$(${pkgs.coreutils}/bin/date +%y.%m) + echo "$date.$version" + ''; + in pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: diff --git a/shell.nix b/shell.nix index 69f5e86c0..6c6b7cad7 100644 --- a/shell.nix +++ b/shell.nix @@ -2,16 +2,6 @@ let lib = import ./lib; pkgs = import { overlays = [(import ./krebs/5pkgs)]; }; - get-version = pkgs.writeDash "get-version" '' - set -efu - version=git.$(${pkgs.git}/bin/git describe --always --dirty) - case $version in (*-dirty) - version=$version@$HOSTNAME - esac - date=$(${pkgs.coreutils}/bin/date +%y.%m) - echo "$date.$version" - ''; - in pkgs.stdenv.mkDerivation { name = "stockholm"; shellHook = /* sh */ '' @@ -39,9 +29,6 @@ in pkgs.stdenv.mkDerivation { : } - export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${get-version})}" - PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' ''; } -- cgit v1.3.1 From 3f8ae7bf425eb2addef7634a113197774fe3f76a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 5 Dec 2017 23:37:19 +0100 Subject: krebs.hosts: set default --- krebs/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a8933e719..7cf02cd8b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -61,6 +61,7 @@ let hosts = mkOption { type = with types; attrsOf host; + default = {}; }; users = mkOption { -- cgit v1.3.1 From 7b38d1a8219ff7cfa39202ff17f1c92bd799c9b0 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 6 Dec 2017 00:02:17 +0100 Subject: stockholm: drop OLD_PATH --- krebs/5pkgs/simple/stockholm/default.nix | 4 ---- shell.nix | 3 +-- 2 files changed, 1 insertion(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index da07c8120..5705f086d 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -120,10 +120,6 @@ . ${init.proxy "install" opts} - # Reset PATH because we need access to nixos-install. - # TODO provide nixos-install instead of relying on prepare.sh - export PATH="$OLD_PATH" - # these variables get defined by nix-shell (i.e. nix-build) from # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), # which only exists on / and not at /mnt. diff --git a/shell.nix b/shell.nix index 6c6b7cad7..bfdf1b3ca 100644 --- a/shell.nix +++ b/shell.nix @@ -5,14 +5,13 @@ let in pkgs.stdenv.mkDerivation { name = "stockholm"; shellHook = /* sh */ '' - export OLD_PATH="$PATH" export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString } if test -e /nix/var/nix/daemon-socket/socket; then export NIX_REMOTE=daemon fi export PATH=${lib.makeBinPath [ pkgs.stockholm - ]} + ]}''${PATH+:$PATH} eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" shopt -u no_empty_cmd_completion -- cgit v1.3.1 From 19781ae7a4897c8f67e98ac6c57b75bb0c3d06b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 6 Dec 2017 00:08:11 +0100 Subject: krebs ci: stockholm=. --- krebs/3modules/ci.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index adbc1ebe1..b56f5c543 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -104,7 +104,7 @@ in "dummy_secrets": "true", }, command=[ - "nix-shell", "--run", " ".join(["test", + "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", "--user={}".format(user), "--system={}".format(host), "--force-populate", -- cgit v1.3.1 From 6b089cb852928fbbf345ac41652028804daf94cb Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 6 Dec 2017 17:12:10 +0100 Subject: l: adopt reagenzglas (for now) --- krebs/3modules/lass/default.nix | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d2c3000d6..772d96009 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -535,6 +535,45 @@ with import ; }; }; }; + reagenzglas = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.27"; + ip6.addr = "42::27"; + aliases = [ + "reagenzglas.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P + bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 + utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO + 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 + hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u + mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW + 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 + aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw + pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu + 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ + lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 + +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz + 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli + PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 + ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn + GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE + hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 + ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX + vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe + G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 + 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x + Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { -- cgit v1.3.1 From e909dcaefe3fd9a7b944babb97a53c824fad3d8c Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 6 Dec 2017 17:58:08 +0100 Subject: l: add jeschli user --- krebs/3modules/lass/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 772d96009..ff6ba474f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -622,5 +622,8 @@ with import ; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; mail = "joerg@higgsboson.tk"; }; + jeschli = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01"; + }; }; } -- cgit v1.3.1