Merge remote-tracking branch 'gum/master' into new-populate

6 files changed, 154 insertions, 39 deletions

diff --git a/Makefile b/Makefile
index aa5d5d8..3857a23 100644
--- a/Makefile
+++ b/Makefile
@@ -41,23 +41,25 @@ target_path ?= $(_target_path)
 endif
 endif
 
-export target_host ?= $(system)
-export target_user ?= root
-export target_port ?= 22
-export target_path ?= /var/src
+target_host ?= $(system)
+target_user ?= root
+target_port ?= 22
+target_path ?= /var/src
 
 $(if $(target_host),,$(error unbound variable: target_host))
 $(if $(target_user),,$(error unbound variable: target_user))
 $(if $(target_port),,$(error unbound variable: target_port))
 $(if $(target_path),,$(error unbound variable: target_path))
 
+target ?= $(target_user)@$(target_host):$(target_port)$(target_path)
+
 build = \
 	nix-build \
 		--no-out-link \
 		--show-trace \
 		-I nixos-config=$(nixos-config) \
 		-I stockholm=$(stockholm) \
-		-E "let build = import <stockholm>; in $(1)"
+		-E "with import <stockholm>; $(1)"
 
 evaluate = \
 	nix-instantiate \
@@ -68,26 +70,37 @@ evaluate = \
 		-I stockholm=$(stockholm) \
 		-E "let eval = import <stockholm>; in with eval; $(1)"
 
-execute = \
-	result=$$($(call evaluate,config.krebs.build.$(1))) && \
-	script=$$(echo "$$result" | jq -r .) && \
-	echo "$$script" | PS5=% sh
-
 ifeq ($(MAKECMDGOALS),)
 $(error No goals specified)
 endif
 
 # usage: make deploy system=foo [target_host=bar]
+ifeq ($(debug),true)
+deploy: rebuild-command = dry-activate
+else
+deploy: rebuild-command = switch
+endif
 deploy: ssh ?= ssh
 deploy:
-	$(call execute,populate)
+	$(MAKE) populate debug=false
 	$(ssh) $(target_user)@$(target_host) -p $(target_port) \
 		env STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \
-			nixos-rebuild switch --show-trace -I $(target_path)
+			nixos-rebuild $(rebuild-command) --show-trace -I $(target_path)
+
+# usage: make populate system=foo
+ifeq ($(debug),true)
+populate: populate-flags += --debug
+endif
+ifneq ($(ssh),)
+populate: populate-flags += --ssh=$(ssh)
+endif
+populate:
+	$(call evaluate,config.krebs.build.source) --json --strict | \
+	populate $(target) $(populate-flags)
 
-# usage: make build.pkgs.get
-build build.:;@$(call build,$${expr-eval})
-build.%:;@$(call build,$@)
+# usage: make pkgs.populate
+pkgs:;@$(error no package selected)
+pkgs.%:;@$(call build,$@)
 
 # usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name
 eval eval.:;@$(call evaluate,$${expr-eval})
@@ -99,7 +112,7 @@ install:
 	$(ssh) $(target_user)@$(target_host) -p $(target_port) \
 		env target_path=$(target_path) \
 			sh -s prepare < krebs/4lib/infest/prepare.sh
-	target_path=/mnt$(target_path) $(call execute,populate)
+	$(MAKE) populate target_path=/mnt$(target_path)
 	$(ssh) $(target_user)@$(target_host) -p $(target_port) \
 		env NIXOS_CONFIG=$(target_path)/nixos-config \
 				STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \
@@ -117,8 +130,7 @@ $(error bad method: $(method))
 endif
 endif
 test: ssh ?= ssh
-test:
-	$(call execute,populate)
+test: populate
 	$(ssh) $(target_user)@$(target_host) -p $(target_port) \
 		$(command) --show-trace -I $(target_path) \
 			-A config.system.build.toplevel $(target_path)/stockholm
diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
index bbb089c..a92a0df 100644
--- a/shared/2configs/base.nix
+++ b/shared/2configs/base.nix
@@ -7,15 +7,14 @@ with config.krebs.lib;
 
   # TODO rename shared user to "krebs"
   krebs.build.user = mkDefault config.krebs.users.shared;
-  krebs.build.source = {
-    nixpkgs = mkDefault {
+  krebs.build.source = let inherit (config.krebs.build) host user; in {
+    nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix";
+    nixpkgs.git = {
       url = https://github.com/NixOS/nixpkgs;
-      rev = "63b9785"; # stable @ 2016-06-01
+      ref = "63b9785"; # stable @ 2016-06-01
     };
-    secrets =  mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}";
-    stockholm = mkDefault "${getEnv "HOME"}/stockholm";
-
-    nixos-config = "symlink:stockholm/${config.krebs.build.user.name}/1systems/${config.krebs.build.host.name}.nix";
+    secrets.file = "${getEnv "HOME"}/secrets/krebs/${host.name}";
+    stockholm.file = "${getEnv "HOME"}/stockholm";
   };
 
   networking.hostName = config.krebs.build.host.name;
diff --git a/shared/2configs/shared-buildbot.nix b/shared/2configs/shared-buildbot.nix
index 6c40d99..688f8f9a 100644
--- a/shared/2configs/shared-buildbot.nix
+++ b/shared/2configs/shared-buildbot.nix
@@ -75,7 +75,8 @@
 
   # prepare nix-shell
   # the dependencies which are used by the test script
-  deps = [ "gnumake", "jq","nix","rsync",
+  deps = [ "gnumake", "jq", "nix",
+            "(import <stockholm>).pkgs.populate",
             "(import <stockholm>).pkgs.test.infest-cac-centos7" ]
   # TODO: --pure , prepare ENV in nix-shell command:
   #                   SSL_CERT_FILE,LOGNAME,NIX_REMOTE
@@ -95,8 +96,7 @@
   for i in [ "test-centos7", "wolf", "test-failing" ]:
     addShell(f,name="populate-{}".format(i),env=env,
             command=nixshell + \
-                      ["{}( make system={} eval.config.krebs.build.populate \
-                         | jq -er .)".format("!" if "failing" in i else "",i)])
+                      ["{}(make system={} populate debug=true)".format("!" if "failing" in i else "",i)])
 
   # XXX we must prepare ./retiolum.rsa_key.priv for secrets to work
   addShell(f,name="instantiate-test-all-modules",env=env,
@@ -179,7 +179,7 @@
     masterhost = "localhost";
     username = "testslave";
     password = "krebspass";
-    packages = with pkgs;[ git nix gnumake jq rsync ];
+    packages = with pkgs; [ gnumake jq nix populate ];
     # all nix commands will need a working nixpkgs installation
     extraEnviron = {
       NIX_PATH="nixpkgs=/var/src/nixpkgs:nixos-config=./shared/1systems/wolf.nix"; };
diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix
new file mode 100644
index 0000000..360390c
--- /dev/null
+++ b/tv/1systems/alnus.nix
@@ -0,0 +1,103 @@
+{ config, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+  imports = [
+    ../.
+    ../2configs/hw/x220.nix
+    ../2configs/exim-retiolum.nix
+    ../2configs/retiolum.nix
+  ];
+
+  # TODO remove non-hardware stuff from ../2configs/hw/x220.nix
+  # networking.wireless.enable collides with networkmanager
+  networking.wireless.enable = mkForce false;
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "ahci" ];
+      luks = {
+        cryptoModules = [ "aes" "sha512" "xts" ];
+        devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
+      };
+    };
+    loader = {
+      efi.canTouchEfiVariables = true;
+      gummiboot.enable = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    chromium
+    firefoxWrapper
+    networkmanagerapplet
+    pidginotr
+    pidgin-with-plugins
+  ];
+
+  fileSystems = {
+    "/boot" = {
+      device = "/dev/sda1";
+    };
+    "/" = {
+      device = "/dev/mapper/main-root";
+      fsType = "btrfs";
+      options = [ "defaults" "noatime" ];
+    };
+    "/home" = {
+      device = "/dev/mapper/main-home";
+      fsType = "btrfs";
+      options = [ "defaults" "noatime" ];
+    };
+  };
+
+  hardware = {
+    enableAllFirmware = true;
+    opengl.driSupport32Bit = true;
+    pulseaudio.enable = true;
+  };
+
+  i18n.defaultLocale = "de_DE.UTF-8";
+
+  krebs.build = {
+    host = config.krebs.hosts.alnus;
+    user = mkForce config.krebs.users.dv;
+    source.nixpkgs.git.ref = mkForce "d7450443c42228832c68fba203a7c15cfcfb264e";
+  };
+
+  networking.networkmanager.enable = true;
+
+  nixpkgs.config = {
+    allowUnfree = true;
+    chromium.enablePepperFlash = true;
+    firefox.enableAdobeFlash = true;
+  };
+
+  services.xserver = {
+    enable = true;
+    layout = "de";
+    xkbOptions = "eurosign:e";
+    synaptics = {
+      enable = true;
+      twoFingerScroll = true;
+    };
+    desktopManager.xfce.enable = true;
+    displayManager.auto = {
+      enable = true;
+      user = "dv";
+    };
+  };
+
+  swapDevices =[ ];
+
+  users.users.dv = {
+    inherit (config.krebs.users.dv) home uid;
+    isNormalUser = true;
+    extraGroups = [
+      "audio"
+      "video"
+      "networkmanager"
+    ];
+  };
+}
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index a9ba1ea..04009f5 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -7,18 +7,18 @@ with config.krebs.lib;
 
   krebs.build = {
     user = config.krebs.users.tv;
-    source = mapAttrs (_: mkDefault) ({
-      nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix";
-      secrets = "/home/tv/secrets/${config.krebs.build.host.name}";
-      secrets-common = "/home/tv/secrets/common";
-      stockholm = "/home/tv/stockholm";
-      nixpkgs = {
+    source = let inherit (config.krebs.build) host; in {
+      nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix";
+      secrets.file = "/home/tv/secrets/${host.name}";
+      secrets-common.file = "/home/tv/secrets/common";
+      stockholm.file = "/home/tv/stockholm";
+      nixpkgs.git = {
         url = https://github.com/NixOS/nixpkgs;
-        rev = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
+        ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
       };
-    } // optionalAttrs config.krebs.build.host.secure {
-      secrets-master = "/home/tv/secrets/master";
-    });
+    } // optionalAttrs host.secure {
+      secrets-master.file = "/home/tv/secrets/master";
+    };
   };
 
   networking.hostName = config.krebs.build.host.name;
diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix
index 9bcf8f3..4bc9713 100644
--- a/tv/2configs/git.nix
+++ b/tv/2configs/git.nix
@@ -36,6 +36,7 @@ let
     much = {};
     newsbot-js = {};
     nixpkgs = {};
+    populate.desc = "source code installer";
     push = {};
     regfish = {};
     soundcloud = {