diff options
| -rw-r--r-- | 0make/makefu/pnp.makefile | 4 | ||||
| -rw-r--r-- | 0make/tv/cd.makefile | 4 | ||||
| -rw-r--r-- | 0make/tv/mkdir.makefile | 4 | ||||
| -rw-r--r-- | 0make/tv/nomic.makefile | 4 | ||||
| -rw-r--r-- | 0make/tv/rmdir.makefile | 4 | ||||
| -rw-r--r-- | 0make/tv/wu.makefile | 4 | ||||
| -rw-r--r-- | 1systems/makefu/pnp.nix | 47 | ||||
| -rw-r--r-- | 2configs/makefu/base.nix | 99 | ||||
| -rw-r--r-- | 2configs/makefu/cgit-retiolum.nix | 69 | ||||
| -rw-r--r-- | 3modules/krebs/default.nix | 168 | ||||
| -rw-r--r-- | 3modules/krebs/urlwatch.nix | 4 | ||||
| -rw-r--r-- | 3modules/makefu/default.nix | 19 | ||||
| -rw-r--r-- | 4lib/krebs/default.nix | 21 | ||||
| -rw-r--r-- | 4lib/krebs/dns.nix | 31 | ||||
| -rw-r--r-- | 4lib/krebs/listset.nix | 11 | ||||
| -rw-r--r-- | 4lib/krebs/tree.nix | 13 | ||||
| -rw-r--r-- | 4lib/krebs/types.nix | 9 | ||||
| -rw-r--r-- | 4lib/tv/default.nix | 52 | ||||
| -rw-r--r-- | Makefile | 85 | ||||
| -rw-r--r-- | Zpkgs/tv/lentil/1.patch | 39 | ||||
| -rw-r--r-- | tv/1systems/cd.nix (renamed from 1systems/tv/cd.nix) | 34 | ||||
| -rw-r--r-- | tv/1systems/mkdir.nix (renamed from 1systems/tv/mkdir.nix) | 28 | ||||
| -rw-r--r-- | tv/1systems/nomic.nix (renamed from 1systems/tv/nomic.nix) | 26 | ||||
| -rw-r--r-- | tv/1systems/rmdir.nix (renamed from 1systems/tv/rmdir.nix) | 28 | ||||
| -rw-r--r-- | tv/1systems/wu.nix (renamed from 1systems/tv/wu.nix) | 120 | ||||
| -rw-r--r-- | tv/2configs/AO753.nix (renamed from 2configs/tv/AO753.nix) | 2 | ||||
| -rw-r--r-- | tv/2configs/CAC-CentOS-7-64bit.nix (renamed from 2configs/tv/CAC-CentOS-7-64bit.nix) | 2 | ||||
| -rw-r--r-- | tv/2configs/CAC-Developer-1.nix (renamed from 2configs/tv/CAC-Developer-1.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/CAC-Developer-2.nix (renamed from 2configs/tv/CAC-Developer-2.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/base.nix (renamed from 2configs/tv/base.nix) | 1 | ||||
| -rw-r--r-- | tv/2configs/bash_completion.sh (renamed from 2configs/tv/bash_completion.sh) | 0 | ||||
| -rw-r--r-- | tv/2configs/charybdis.nix (renamed from 2configs/tv/charybdis.nix) | 136 | ||||
| -rw-r--r-- | tv/2configs/consul-client.nix (renamed from 2configs/tv/consul-client.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/consul-server.nix (renamed from 2configs/tv/consul-server.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/cryptoroot.nix (renamed from 2configs/tv/cryptoroot.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/exim-retiolum.nix (renamed from 2configs/tv/exim-retiolum.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/exim-smarthost.nix (renamed from 2configs/tv/exim-smarthost.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/git.nix (renamed from 2configs/tv/git.nix) | 2 | ||||
| -rw-r--r-- | tv/2configs/mail-client.nix (renamed from 2configs/tv/mail-client.nix) | 2 | ||||
| -rw-r--r-- | tv/2configs/smartd.nix (renamed from 2configs/tv/smartd.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/synaptics.nix (renamed from 2configs/tv/synaptics.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/urlwatch.nix (renamed from 2configs/tv/urlwatch.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/urxvt.nix (renamed from 2configs/tv/urxvt.nix) | 0 | ||||
| -rw-r--r-- | tv/2configs/w110er.nix (renamed from 2configs/tv/w110er.nix) | 2 | ||||
| -rw-r--r-- | tv/2configs/xserver.nix (renamed from 2configs/tv/xserver.nix) | 2 | ||||
| -rw-r--r-- | tv/3modules/consul.nix (renamed from 3modules/tv/consul.nix) | 2 | ||||
| -rw-r--r-- | tv/3modules/default.nix (renamed from 3modules/tv/default.nix) | 0 | ||||
| -rw-r--r-- | tv/3modules/ejabberd.nix (renamed from 3modules/tv/ejabberd.nix) | 0 | ||||
| -rw-r--r-- | tv/3modules/iptables.nix (renamed from 3modules/tv/iptables.nix) | 4 | ||||
| -rw-r--r-- | tv/4lib/default.nix | 27 | ||||
| -rw-r--r-- | tv/4lib/git.nix (renamed from 4lib/tv/git.nix) | 0 | ||||
| -rw-r--r-- | tv/4lib/modules.nix (renamed from 4lib/tv/modules.nix) | 0 | ||||
| -rw-r--r-- | tv/5pkgs/charybdis/default.nix (renamed from Zpkgs/tv/charybdis/default.nix) | 0 | ||||
| -rw-r--r-- | tv/5pkgs/charybdis/remove-setenv.patch (renamed from Zpkgs/tv/charybdis/remove-setenv.patch) | 2 | ||||
| -rw-r--r-- | tv/5pkgs/default.nix (renamed from Zpkgs/tv/default.nix) | 0 | ||||
| -rw-r--r-- | tv/5pkgs/lentil/default.nix (renamed from Zpkgs/tv/lentil/default.nix) | 6 | ||||
| -rw-r--r-- | tv/5pkgs/lentil/syntaxes.patch (renamed from Zpkgs/tv/lentil/syntaxes.patch) | 0 | ||||
| -rw-r--r-- | tv/5pkgs/much.nix (renamed from Zpkgs/tv/much.nix) | 0 | ||||
| -rw-r--r-- | tv/5pkgs/viljetic-pages/default.nix (renamed from Zpkgs/tv/viljetic-pages/default.nix) | 0 | ||||
| -rw-r--r-- | tv/5pkgs/viljetic-pages/index.html (renamed from Zpkgs/tv/viljetic-pages/index.html) | 0 | ||||
| -rw-r--r-- | tv/5pkgs/viljetic-pages/logo.xpm (renamed from Zpkgs/tv/viljetic-pages/logo.xpm) | 0 |
61 files changed, 451 insertions, 666 deletions
diff --git a/0make/makefu/pnp.makefile b/0make/makefu/pnp.makefile deleted file mode 100644 index a18efe0..0000000 --- a/0make/makefu/pnp.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@pnp -nixpkgs_url := https://github.com/nixos/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/makefu/secrets/pnp diff --git a/0make/tv/cd.makefile b/0make/tv/cd.makefile deleted file mode 100644 index e021423..0000000 --- a/0make/tv/cd.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@cd-global -nixpkgs_url := https://github.com/NixOS/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/tv/secrets/cd diff --git a/0make/tv/mkdir.makefile b/0make/tv/mkdir.makefile deleted file mode 100644 index b10398a..0000000 --- a/0make/tv/mkdir.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@mkdir -nixpkgs_url := https://github.com/NixOS/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/tv/secrets/mkdir diff --git a/0make/tv/nomic.makefile b/0make/tv/nomic.makefile deleted file mode 100644 index 9e0b867..0000000 --- a/0make/tv/nomic.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@nomic.gg23 -nixpkgs_url := https://github.com/NixOS/nixpkgs -nixpkgs_rev := 9d5508d85c33b8fb22d79dde6176792eac2c2696 -secrets_dir := /home/tv/secrets/nomic diff --git a/0make/tv/rmdir.makefile b/0make/tv/rmdir.makefile deleted file mode 100644 index 6075bd3..0000000 --- a/0make/tv/rmdir.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@rmdir -nixpkgs_url := https://github.com/NixOS/nixpkgs -nixpkgs_rev := 4c01e6d91993b6de128795f4fbdd25f6227fb870 -secrets_dir := /home/tv/secrets/rmdir diff --git a/0make/tv/wu.makefile b/0make/tv/wu.makefile deleted file mode 100644 index ef7e511..0000000 --- a/0make/tv/wu.makefile +++ /dev/null @@ -1,4 +0,0 @@ -deploy_host := root@wu -nixpkgs_url := /home/tv/src/nixpkgs -nixpkgs_rev := 7725eb1d3ed85fc34edde3c3a7907ab234933a68 -secrets_dir := /home/tv/secrets/wu diff --git a/1systems/makefu/pnp.nix b/1systems/makefu/pnp.nix deleted file mode 100644 index 1019c4d..0000000 --- a/1systems/makefu/pnp.nix +++ /dev/null @@ -1,47 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ../../2configs/makefu/base.nix - ../../2configs/makefu/cgit-retiolum.nix - ]; - krebs.build.host = config.krebs.hosts.pnp; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - hardware.enableAllFirmware = true; - hardware.cpu.amd.updateMicrocode = true; - -# networking.firewall is enabled by default - networking.firewall.allowedTCPPorts = [ 80 ]; - - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - krebs.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "gum" - "pigstarter" - "fastpoke" - ]; - }; - -# $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; [ - jq - ]; -} diff --git a/2configs/makefu/base.nix b/2configs/makefu/base.nix deleted file mode 100644 index b052b13..0000000 --- a/2configs/makefu/base.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - imports = [ ]; - krebs.enable = true; - krebs.search-domain = "retiolum"; - - networking.hostName = config.krebs.build.host.name; - users.extraUsers = { - root = { - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - makefu = { - uid = 9001; - group = "users"; - home = "/home/makefu"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - "wheel" - ]; - openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; - }; - }; - - services.openssh.enable = true; - nix.useChroot = true; - - users.mutableUsers = true; - - boot.tmpOnTmpfs = true; - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; - - environment.extraInit = '' - EDITOR=vim - ''; - - environment.systemPackages = with pkgs; [ - git - vim - gnumake - rxvt_unicode.terminfo - ]; - - programs.bash = { - enableCompletion = true; - interactiveShellInit = '' - HISTCONTROL='erasedups:ignorespace' - HISTSIZE=900001 - HISTFILESIZE=$HISTSIZE - - shopt -s checkhash - shopt -s histappend histreedit histverify - shopt -s no_empty_cmd_completion - complete -d cd - ''; - - promptInit = '' - case $UID in - 0) PS1='\[\e[1;31m\]\w\[\e[0m\] ' ;; - 9001) PS1='\[\e[1;32m\]\w\[\e[0m\] ' ;; - *) PS1='\[\e[1;35m\]\u \[\e[1;32m\]\w\[\e[0m\] ' ;; - esac - if test -n "$SSH_CLIENT"; then - PS1='\[\033[35m\]\h'" $PS1" - fi - ''; - }; - - environment.shellAliases = { - lsl = "ls -lAtr"; - }; - - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.runCommand "empty" {} "mkdir -p $out"; - }; - - services.cron.enable = false; - services.nscd.enable = false; - - security.setuidPrograms = [ "sendmail" ]; - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; - # Enable IPv6 Privacy Extensions - boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - - i18n = { - consoleKeyMap = "us"; - defaultLocale = "en_US.UTF-8"; - }; -} diff --git a/2configs/makefu/cgit-retiolum.nix b/2configs/makefu/cgit-retiolum.nix deleted file mode 100644 index d0351a9..0000000 --- a/2configs/makefu/cgit-retiolum.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, lib, pkgs, ... }: -# TODO: remove tv lib :) -with import ../../4lib/tv { inherit lib pkgs; }; -let - - repos = priv-repos // krebs-repos ; - rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos); - - krebs-repos = mapAttrs make-krebs-repo { - stockholm = { - desc = "take all the computers hostage, they'll love you!"; - }; - }; - - priv-repos = mapAttrs make-priv-repo { - autosync = { }; - }; - - - # TODO move users to separate module - make-priv-repo = name: { desc ? null, ... }: { - inherit name desc; - public = false; - }; - - make-krebs-repo = with git; name: { desc ? null, ... }: { - inherit name desc; - public = true; - hooks = { - post-receive = git.irc-announce { - nick = config.networking.hostName; - channel = "#retiolum"; - server = "cd.retiolum"; - }; - }; - }; - - set-owners = with git; repo: user: - singleton { - inherit user; - repo = [ repo ]; - perm = push "refs/*" [ non-fast-forward create delete merge ]; - }; - - set-ro-access = with git; repo: user: - optional repo.public { - inherit user; - repo = [ repo ]; - perm = fetch; - }; - - # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ lass tv uriel ]; - - priv-rules = with config.krebs.users; repo: - set-owners repo [ makefu ]; - - krebs-rules = with config.krebs.users; repo: - set-owners repo [ makefu ] ++ set-ro-access repo krebsminister ; - -in { - imports = [ ../../3modules/krebs/git.nix ]; - krebs.git = { - enable = true; - root-title = "public repositories "; - root-desc = "keep on krebsing"; - inherit repos rules; - }; -} diff --git a/3modules/krebs/default.nix b/3modules/krebs/default.nix index 3c2f7c9..9e25df0 100644 --- a/3modules/krebs/default.nix +++ b/3modules/krebs/default.nix @@ -20,8 +20,108 @@ let enable = mkEnableOption "krebs"; build = mkOption { - type = types.submodule { + type = types.submodule ({ config, ... }: { options = { + target = mkOption { + type = with types; nullOr str; + default = null; + }; + deps = mkOption { + type = with types; attrsOf (submodule { + options = { + url = mkOption { + type = str; + }; + rev = mkOption { + type = nullOr str; + default = null; + }; + }; + }); + default = {}; + }; + script = mkOption { + type = types.str; + default = '' + #! /bin/sh + set -efux + + target=${escapeShellArg cfg.build.target} + + push(){( + src=$1/ + dst=$target:$2 + rsync \ + --exclude .git \ + --exclude .graveyard \ + --exclude old \ + --rsync-path="mkdir -p \"$dst\" && rsync" \ + --usermap=\*:0 \ + --groupmap=\*:0 \ + --delete-excluded \ + -vrLptgoD \ + "$src" "$dst" + )} + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev == null) '' + push ${toString (map escapeShellArg [ + "${url}" + "/root/src/${name}" + ])} + '') config.deps)} + + exec ssh -S none "$target" /bin/sh <<\EOF + set -efux + fetch(){( + url=$1 + rev=$2 + dst=$3 + mkdir -p "$dst" + cd "$dst" + if ! test -e .git; then + git init + fi + if ! cur_url=$(git config remote.origin.url 2>/dev/null); then + git remote add origin "$url" + elif test "$cur_url" != "$url"; then + git remote set-url origin "$url" + fi + if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then + git fetch origin + git checkout "$rev" -- . + git checkout -q "$rev" + git submodule init + git submodule update + fi + git clean -dxf + )} + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev != null) '' + fetch ${toString (map escapeShellArg [ + url + rev + "/root/src/${name}" + ])} + '') config.deps)} + + echo build system... + profile=/nix/var/nix/profiles/system + NIX_PATH=/root/src \ + nix-env \ + -Q \ + -p "$profile" \ + -f '<stockholm>' \ + --set \ + -A system \ + --argstr user-name ${escapeShellArg cfg.build.user.name} \ + --argstr system-name ${escapeShellArg cfg.build.host.name} + + exec "$profile"/bin/switch-to-configuration switch + EOF + ''; + }; host = mkOption { type = types.host; }; @@ -29,11 +129,19 @@ let type = types.user; }; }; - }; + }); # Define defaul value, so unset values of the submodule get reported. default = {}; }; + dns = { + providers = mkOption { + # TODO with types; tree dns.label dns.provider, so we can merge. + # Currently providers can only be merged if aliases occur just once. + type = with types; attrsOf unspecified; + }; + }; + hosts = mkOption { type = with types; attrsOf host; }; @@ -46,8 +154,7 @@ let # TODO search-domains :: listOf hostname search-domain = mkOption { type = types.hostname; - default = ""; - example = "retiolum"; + default = "retiolum"; }; }; @@ -56,38 +163,26 @@ let { krebs = makefu-imp; } { krebs = tv-imp; } { - # XXX This overlaps with krebs.retiolum - networking.extraHosts = - let - # TODO move domain name providers to a dedicated module - # providers : tree label providername - providers = { - internet = "hosts"; - retiolum = "hosts"; - de.viljetic = "regfish"; - de.krebsco = "ovh"; - }; - - # splitByProvider : [alias] -> listset providername alias - splitByProvider = foldl (acc: alias: listset-insert (providerOf alias) alias acc) {}; + krebs.dns.providers = { + de.krebsco = "ovh"; + internet = "hosts"; + retiolum = "hosts"; + }; - # providerOf : alias -> providername - providerOf = alias: - tree-get (splitString "." alias) providers; - in - concatStringsSep "\n" (flatten ( - # TODO deepMap ["hosts" "nets"] (hostname: host: netname: net: - mapAttrsToList (hostname: host: - mapAttrsToList (netname: net: - let - aliases = toString (unique (longs ++ shorts)); - longs = (splitByProvider net.aliases).hosts; - shorts = map (removeSuffix ".${cfg.search-domain}") longs; - in - map (addr: "${addr} ${aliases}") net.addrs - ) host.nets - ) config.krebs.hosts - )); + # XXX This overlaps with krebs.retiolum + networking.extraHosts = concatStringsSep "\n" (flatten ( + mapAttrsToList (hostname: host: + mapAttrsToList (netname: net: + let + aliases = toString (unique (longs ++ shorts)); + providers = dns.split-by-provider net.aliases cfg.dns.providers; + longs = providers.hosts; + shorts = map (removeSuffix ".${cfg.search-domain}") longs; + in + map (addr: "${addr} ${aliases}") net.addrs + ) host.nets + ) cfg.hosts + )); } ]; @@ -140,6 +235,9 @@ let }; tv-imp = { + dns.providers = { + de.viljetic = "regfish"; + }; hosts = addNames { cd = { cores = 2; diff --git a/3modules/krebs/urlwatch.nix b/3modules/krebs/urlwatch.nix index 58de72f..39d9fec 100644 --- a/3modules/krebs/urlwatch.nix +++ b/3modules/krebs/urlwatch.nix @@ -35,20 +35,22 @@ let }; mailto = mkOption { type = types.str; + default = config.krebs.build.user.mail; description = '' Content of the To: header of the generated mails. [AKA recipient :)] ''; }; onCalendar = mkOption { type = types.str; + default = "04:23"; description = '' Run urlwatch at this interval. The format is described in systemd.time(7), CALENDAR EVENTS. ''; - example = "04:23"; }; urls = mkOption { type = with types; listOf str; + default = []; description = "URL to watch."; example = [ https://nixos.org/channels/nixos-unstable/git-revision diff --git a/3modules/makefu/default.nix b/3modules/makefu/default.nix deleted file mode 100644 index 45ca8c3..0000000 --- a/3modules/makefu/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, ... }: - -with import ../../4lib/krebs { inherit lib; }; -let - cfg = config.krebs; - - out = { - imports = [ - ]; - options.krebs = api; - config = mkIf cfg.enable imp; - }; - - api = { }; - - imp = { }; - -in -out diff --git a/4lib/krebs/default.nix b/4lib/krebs/default.nix index 0c42a5d..b675853 100644 --- a/4lib/krebs/default.nix +++ b/4lib/krebs/default.nix @@ -12,22 +12,7 @@ builtins // lib // rec { types = import ./types.nix { inherit lib; }; - - # listset k v = set k [v] - - # listset-insert : k -> v -> listset k v -> listset k v - listset-insert = name: value: set: - set // { ${name} = set.${name} or [] ++ [value]; }; - - # tree k v = set k (either v (tree k v)) - - # tree-get : [k] -> tree k v -> v - tree-get = path: x: - let - y = x.${last path}; - in - if typeOf y != "set" - then y - else tree-get (init path) y; - + dns = import ./dns.nix { inherit lib; }; + listset = import ./listset.nix { inherit lib; }; + tree = import ./tree.nix { inherit lib; }; } diff --git a/4lib/krebs/dns.nix b/4lib/krebs/dns.nix new file mode 100644 index 0000000..b2cf3c2 --- /dev/null +++ b/4lib/krebs/dns.nix @@ -0,0 +1,31 @@ +{ lib, ... }: + +let + listset = import ./listset.nix { inherit lib; }; +in + +with builtins; +with lib; + +rec { + # label = string + + # TODO does it make sense to have alias = list label? + + # split-by-provider : + # [[label]] -> tree label provider -> listset provider alias + split-by-provider = as: providers: + foldl (m: a: listset.insert (provider-of a providers) a m) {} as; + + # provider-of : alias -> tree label provider -> provider + # Note that we cannot use tree.get here, because path can be longer + # than the tree depth. + provider-of = a: + let + go = path: tree: + if typeOf tree == "string" + then tree |