Merge remote-tracking branch 'stro/master'

author: tv <tv@krebsco.de> 2017-08-29 21:08:02 +0200
committer: tv <tv@krebsco.de> 2017-08-29 21:08:02 +0200
commit: 957d518374368e47e519d4870e9133a265b6e47c (patch)
tree: 2619fa4819d4c7ca4e98e49a770b8e8729d2b2c1 /mv
parent: 1c65c00764146a13a0fcf8e48de599430e4a2d2e (diff)
parent: 15c510e05b3353b5644c488d5b97005eb877105a (diff)
3 files changed, 31 insertions, 18 deletions
diff --git a/mv/1systems/stro.nix b/mv/1systems/stro/config.nix
index bb37aed..669655e 100644
--- a/mv/1systems/stro.nix
+++ b/mv/1systems/stro/config.nix
@@ -8,18 +8,6 @@ with import <stockholm/lib>;
     build = {
       user = config.krebs.users.mv;
       host = config.krebs.hosts.stro;
-      source = let
-        HOME = getEnv "HOME";
-        host = config.krebs.build.host;
-      in {
-        nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
-        secrets.file = "${HOME}/secrets/${host.name}";
-        stockholm.file = "${HOME}/stockholm";
-        nixpkgs.git = {
-          url = https://github.com/NixOS/nixpkgs;
-          ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
-        };
-      };
     };
   };
 
@@ -27,7 +15,7 @@ with import <stockholm/lib>;
     <secrets>
     <stockholm/krebs>
     <stockholm/tv/2configs/audit.nix>
-    <stockholm/tv/2configs/bash.nix>
+    <stockholm/tv/2configs/bash>
     <stockholm/tv/2configs/exim-retiolum.nix>
     <stockholm/tv/2configs/hw/x220.nix>
     <stockholm/tv/2configs/im.nix>
@@ -40,7 +28,6 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/xdg.nix>
     <stockholm/tv/2configs/xserver>
     <stockholm/tv/3modules>
-    <stockholm/tv/5pkgs>
   ];
 
   boot.kernel.sysctl = {
@@ -124,13 +111,13 @@ with import <stockholm/lib>;
 
   nix = {
     binaryCaches = ["https://cache.nixos.org"];
-    # TODO check if both are required:
-    chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
     requireSignedBinaryCaches = true;
-    useChroot = true;
+    # TODO check if both are required:
+    sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+    useSandbox = true;
   };
 
-  nixpkgs.config.allowUnfree = false;
+  nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
 
   users = {
     defaultUserShell = "/run/current-system/sw/bin/bash";
diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix
new file mode 100644
index 0000000..888d616
--- /dev/null
+++ b/mv/1systems/stro/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/mv/source.nix> {
+  name = "stro";
+}
diff --git a/mv/source.nix b/mv/source.nix
new file mode 100644
index 0000000..8b15639
--- /dev/null
+++ b/mv/source.nix
@@ -0,0 +1,23 @@
+with import <stockholm/lib>;
+host@{ name, override ? {} }: let
+  builder = if getEnv "dummy_secrets" == "true"
+              then "buildbot"
+              else "mv";
+  _file = <stockholm> + "/mv/1systems/${name}/source.nix";
+in
+  evalSource (toString _file) [
+    {
+      nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
+      nixpkgs.git = {
+        # nixos-17.03
+        ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
+        url = https://github.com/NixOS/nixpkgs;
+      };
+      secrets.file = getAttr builder {
+        buildbot = toString <stockholm/mv/dummy_secrets>;
+        mv = "/home/mv/secrets/${name}";
+      };
+      stockholm.file = toString <stockholm>;
+    }
+    override
+  ]
author	tv <tv@krebsco.de>	2017-08-29 21:08:02 +0200
committer	tv <tv@krebsco.de>	2017-08-29 21:08:02 +0200
commit	957d518374368e47e519d4870e9133a265b6e47c (patch)
tree	2619fa4819d4c7ca4e98e49a770b8e8729d2b2c1 /mv
parent	1c65c00764146a13a0fcf8e48de599430e4a2d2e (diff)
parent	15c510e05b3353b5644c488d5b97005eb877105a (diff)