From d9808bba5855b096b69d0b9285550af59a005f85 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:13:46 +0100 Subject: tv exim-retiolum: init --- tv/1systems/nomic.nix | 7 +------ tv/1systems/wu.nix | 5 +---- tv/1systems/xu.nix | 8 +------- tv/2configs/exim-retiolum.nix | 5 +++++ 4 files changed, 8 insertions(+), 17 deletions(-) create mode 100644 tv/2configs/exim-retiolum.nix diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 7bc7b70..145e9b2 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -5,11 +5,9 @@ with lib; { krebs.build.host = config.krebs.hosts.nomic; - krebs.build.target = "root@nomic.gg23"; - imports = [ ../2configs/hw/AO753.nix - #../2configs/consul-server.nix + ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/pulse.nix ../2configs/xserver @@ -24,9 +22,6 @@ with lib; ]; }; } - { - krebs.exim-retiolum.enable = true; - } { krebs.nginx = { enable = true; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 3bdf8d3..47fdb20 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -7,7 +7,7 @@ with lib; imports = [ ../2configs/hw/w110er.nix - #../2configs/consul-client.nix + ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix ../2configs/pulse.nix @@ -134,9 +134,6 @@ with lib; ]; }; } - { - krebs.exim-retiolum.enable = true; - } { krebs.nginx = { enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index e6894b5..12c115e 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -5,12 +5,9 @@ with lib; { krebs.build.host = config.krebs.hosts.xu; - krebs.build.source.git.nixpkgs.rev = - "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a"; - imports = [ ../2configs/hw/x220.nix - #../2configs/consul-client.nix + ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix ../2configs/pulse.nix @@ -135,9 +132,6 @@ with lib; ]; }; } - { - krebs.exim-retiolum.enable = true; - } { krebs.nginx = { enable = true; diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix new file mode 100644 index 0000000..1af72c2 --- /dev/null +++ b/tv/2configs/exim-retiolum.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + krebs.exim-retiolum.enable = true; +} -- cgit v1.2.3 From caf6c841d4de0184e29b0523dbee169cbadc03d3 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:18:07 +0100 Subject: tv nginx-public_html: init --- tv/1systems/nomic.nix | 11 +---------- tv/1systems/wu.nix | 11 +---------- tv/1systems/xu.nix | 11 +---------- tv/2configs/nginx-public_html.nix | 14 ++++++++++++++ 4 files changed, 17 insertions(+), 30 deletions(-) create mode 100644 tv/2configs/nginx-public_html.nix diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 145e9b2..64fe5a6 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -9,6 +9,7 @@ with lib; ../2configs/hw/AO753.nix ../2configs/exim-retiolum.nix ../2configs/git.nix + ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/xserver { @@ -22,16 +23,6 @@ with lib; ]; }; } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } { krebs.retiolum = { enable = true; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 47fdb20..6dd0512 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -10,6 +10,7 @@ with lib; ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix + ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/xserver { @@ -134,16 +135,6 @@ with lib; ]; }; } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } { krebs.retiolum = { enable = true; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 12c115e..4091295 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -10,6 +10,7 @@ with lib; ../2configs/exim-retiolum.nix ../2configs/git.nix ../2configs/mail-client.nix + ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/xserver { @@ -132,16 +133,6 @@ with lib; ]; }; } - { - krebs.nginx = { - enable = true; - servers.default.locations = [ - (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - '') - ]; - }; - } { krebs.retiolum = { enable = true; diff --git a/tv/2configs/nginx-public_html.nix b/tv/2configs/nginx-public_html.nix new file mode 100644 index 0000000..50c6239 --- /dev/null +++ b/tv/2configs/nginx-public_html.nix @@ -0,0 +1,14 @@ +{ lib, ... }: + +with lib; + +{ + krebs.nginx = { + enable = true; + servers.default.locations = [ + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + '') + ]; + }; +} -- cgit v1.2.3 From 821a650575d6260334cf1beb5ec1de27634075d1 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:32:04 +0100 Subject: tv retiolum: init --- tv/1systems/cd.nix | 11 +---------- tv/1systems/nomic.nix | 10 +--------- tv/1systems/wu.nix | 10 +--------- tv/1systems/xu.nix | 11 +---------- tv/2configs/retiolum.nix | 16 ++++++++++++++++ 5 files changed, 20 insertions(+), 38 deletions(-) create mode 100644 tv/2configs/retiolum.nix diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index b69d765..da44f50 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -17,6 +17,7 @@ with lib; #../2configs/consul-server.nix ../2configs/exim-smarthost.nix ../2configs/git.nix + ../2configs/retiolum.nix ../2configs/urlwatch.nix { imports = [ ../2configs/charybdis.nix ]; @@ -77,16 +78,6 @@ with lib; ''); }; } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "fastpoke" - "pigstarter" - "ire" - ]; - }; - } ]; networking.interfaces.enp2s1.ip4 = [ diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 64fe5a6..b7e77e9 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -11,6 +11,7 @@ with lib; ../2configs/git.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix + ../2configs/retiolum.nix ../2configs/xserver { tv.iptables = { @@ -23,15 +24,6 @@ with lib; ]; }; } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 6dd0512..f52bbc0 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -12,6 +12,7 @@ with lib; ../2configs/mail-client.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix + ../2configs/retiolum.nix ../2configs/xserver { environment.systemPackages = with pkgs; [ @@ -135,15 +136,6 @@ with lib; ]; }; } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "gum" - "pigstarter" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 4091295..54e1686 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -12,6 +12,7 @@ with lib; ../2configs/mail-client.nix ../2configs/nginx-public_html.nix ../2configs/pulse.nix + ../2configs/retiolum.nix ../2configs/xserver { environment.systemPackages = with pkgs; [ @@ -133,16 +134,6 @@ with lib; ]; }; } - { - krebs.retiolum = { - enable = true; - connectTo = [ - "cd" - "gum" - "pigstarter" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix new file mode 100644 index 0000000..91fe81d --- /dev/null +++ b/tv/2configs/retiolum.nix @@ -0,0 +1,16 @@ +{ config, lib, ... }: + +with lib; + +{ + krebs.retiolum = { + enable = true; + connectTo = filter (ne config.krebs.build.host.name) [ + "gum" + "prism" + "echelon" + "cd" + "ire" + ]; + }; +} -- cgit v1.2.3 From 80928f3a135fc636080ea6217c403f71cebefd17 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:40:25 +0100 Subject: tv: open ssh port by default --- tv/1systems/cd.nix | 4 ---- tv/1systems/nomic.nix | 1 - tv/1systems/wu.nix | 1 - tv/1systems/xu.nix | 1 - tv/2configs/default.nix | 5 +++++ 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index da44f50..6db78ca 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -41,7 +41,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "tinc" "smtp" "xmpp-client" @@ -58,10 +57,7 @@ with lib; "cgit.cd.krebsco.de" "cgit.cd.viljetic.de" ]; - } - { # TODO make public_html also available to cd, cd.retiolum (AKA default) - tv.iptables.input-internet-accept-new-tcp = singleton "http"; krebs.nginx.servers.public_html = { server-names = singleton "cd.viljetic.de"; locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index b7e77e9..f176a5f 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -17,7 +17,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index f52bbc0..1670905 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -129,7 +129,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 54e1686..c6f1a39 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -127,7 +127,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "ssh" "http" "tinc" "smtp" diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 3100770..abe9d3d 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -162,6 +162,10 @@ with lib; }; } + { + tv.iptables.enable = true; + } + { services.openssh = { enable = true; @@ -169,6 +173,7 @@ with lib; { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; + tv.iptables.input-internet-accept-new-tcp = singleton "ssh"; } { -- cgit v1.2.3 From 2723462d19dc6bdd149eb0b335da71eb9160fa38 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:44:19 +0100 Subject: tv retiolum: open tinc port --- tv/1systems/cd.nix | 1 - tv/1systems/nomic.nix | 1 - tv/1systems/wu.nix | 1 - tv/1systems/xu.nix | 1 - tv/2configs/retiolum.nix | 1 + 5 files changed, 1 insertion(+), 4 deletions(-) diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 6db78ca..783d23c 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -41,7 +41,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "tinc" "smtp" "xmpp-client" "xmpp-server" diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index f176a5f..6f2c418 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -18,7 +18,6 @@ with lib; enable = true; input-internet-accept-new-tcp = [ "http" - "tinc" "smtp" ]; }; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 1670905..7635f61 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -130,7 +130,6 @@ with lib; enable = true; input-internet-accept-new-tcp = [ "http" - "tinc" "smtp" ]; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index c6f1a39..91b761d 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -128,7 +128,6 @@ with lib; enable = true; input-internet-accept-new-tcp = [ "http" - "tinc" "smtp" ]; }; diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index 91fe81d..d2bb9e6 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -13,4 +13,5 @@ with lib; "ire" ]; }; + tv.iptables.input-internet-accept-new-tcp = singleton "tinc"; } -- cgit v1.2.3 From f574a1dc9cd0c1a868e6fafc172f31a8fdd01c51 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:46:33 +0100 Subject: tv nginx-public_html: open http port --- tv/1systems/nomic.nix | 1 - tv/1systems/wu.nix | 1 - tv/1systems/xu.nix | 1 - tv/2configs/nginx-public_html.nix | 1 + 4 files changed, 1 insertion(+), 3 deletions(-) diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 6f2c418..2b71a97 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -17,7 +17,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "http" "smtp" ]; }; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 7635f61..a51e0e6 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -129,7 +129,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "http" "smtp" ]; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 91b761d..847b572 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -127,7 +127,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "http" "smtp" ]; }; diff --git a/tv/2configs/nginx-public_html.nix b/tv/2configs/nginx-public_html.nix index 50c6239..dc74f7f 100644 --- a/tv/2configs/nginx-public_html.nix +++ b/tv/2configs/nginx-public_html.nix @@ -11,4 +11,5 @@ with lib; '') ]; }; + tv.iptables.input-internet-accept-new-tcp = singleton "http"; } -- cgit v1.2.3 From d82584450cc02aeca15aa7df1bb4731863b558e4 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:50:00 +0100 Subject: tv exim-retiolum: open smtp port to retiolum --- tv/1systems/nomic.nix | 8 -------- tv/1systems/wu.nix | 8 -------- tv/1systems/xu.nix | 8 -------- tv/2configs/exim-retiolum.nix | 5 ++++- 4 files changed, 4 insertions(+), 25 deletions(-) diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 2b71a97..37ef204 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -13,14 +13,6 @@ with lib; ../2configs/pulse.nix ../2configs/retiolum.nix ../2configs/xserver - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "smtp" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index a51e0e6..aef8ca7 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -125,14 +125,6 @@ with lib; unison ]; } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "smtp" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 847b572..31a8a3e 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -123,14 +123,6 @@ with lib; unison ]; } - { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "smtp" - ]; - }; - } ]; boot.initrd.luks = { diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index 1af72c2..aedf258 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -1,5 +1,8 @@ -{ ... }: +{ lib, ... }: + +with lib; { krebs.exim-retiolum.enable = true; + tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp"; } -- cgit v1.2.3 From eda65468603c6f3370840274efdcdf14f42d82f2 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:53:16 +0100 Subject: tv exim-smarthost: open smtp port --- tv/1systems/cd.nix | 1 - tv/2configs/exim-smarthost.nix | 5 ++++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 783d23c..1d94576 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -41,7 +41,6 @@ with lib; tv.iptables = { enable = true; input-internet-accept-new-tcp = [ - "smtp" "xmpp-client" "xmpp-server" ]; diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index f5f63d2..bcfea78 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -1,4 +1,6 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +with lib; { krebs.exim-smarthost = { @@ -34,4 +36,5 @@ { from = "mirko"; to = "mv"; } ]; }; + tv.iptables.input-internet-accept-new-tcp = singleton "smtp"; } -- cgit v1.2.3 From b46ae14ab1eb05060a1af44cc04ea94499d605e5 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:56:10 +0100 Subject: cd: redistribute iptable rules --- tv/1systems/cd.nix | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 1d94576..27e94ae 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -31,6 +31,10 @@ with lib; enable = true; hosts = [ "jabber.viljetic.de" ]; }; + tv.iptables.input-internet-accept-new-tcp = [ + "xmpp-client" + "xmpp-server" + ]; } { krebs.github-hosts-sync.enable = true; @@ -38,19 +42,6 @@ with lib; singleton config.krebs.github-hosts-sync.port; } { - tv.iptables = { - enable = true; - input-internet-accept-new-tcp = [ - "xmpp-client" - "xmpp-server" - ]; - input-retiolum-accept-new-tcp = [ - "http" - ]; - }; - } - { - tv.iptables.input-internet-accept-new-tcp = singleton "http"; krebs.nginx.servers.cgit.server-names = [ "cgit.cd.krebsco.de" "cgit.cd.viljetic.de" @@ -62,8 +53,6 @@ with lib; alias /home/$1/public_html$2; ''); }; - } - { krebs.nginx.servers.viljetic = { server-names = singleton "viljetic.de"; # TODO directly set root (instead via location) @@ -71,6 +60,7 @@ with lib; root ${pkgs.viljetic-pages}; ''); }; + tv.iptables.input-internet-accept-new-tcp = singleton "http"; } ]; -- cgit v1.2.3 From 7f91bf883686accc7abf049c070b76db7450c779 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 01:35:19 +0100 Subject: nixpkgs: symlink upstream-nixpkgs/{default.nix,lib} --- nixpkgs/default.nix | 2 +- nixpkgs/lib | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) mode change 100644 => 120000 nixpkgs/default.nix create mode 120000 nixpkgs/lib diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix deleted file mode 100644 index 92da82c..0000000 --- a/nixpkgs/default.nix +++ /dev/null @@ -1 +0,0 @@ -import diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix new file mode 120000 index 0000000..74e9d76 --- /dev/null +++ b/nixpkgs/default.nix @@ -0,0 +1 @@ +../upstream-nixpkgs/default.nix \ No newline at end of file diff --git a/nixpkgs/lib b/nixpkgs/lib new file mode 120000 index 0000000..2284ef4 --- /dev/null +++ b/nixpkgs/lib @@ -0,0 +1 @@ +../upstream-nixpkgs/lib \ No newline at end of file -- cgit v1.2.3 From f4ffd242cb788678b7b3bd025bec2b1fc77d3346 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 01:53:38 +0100 Subject: krebs/populate.nix -> krebs/v2 populate --- Makefile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index a35d6d1..d7534e1 100644 --- a/Makefile +++ b/Makefile @@ -33,15 +33,20 @@ deploy2: export target-host = $(target) else deploy2: export target-host = $(system) endif +deploy2: export source = \ + with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \ + assert source-version == 2; \ + source deploy2:;@ target=$${target-$$system} result=$$(nix-instantiate \ - --json \ --eval \ - krebs/populate.nix \ - --arg source 'with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; assert source-version == 2; source' \ + --json \ + --arg source "$$source" \ --argstr target-host "$$target" \ - --argstr target-path /var/src) + --argstr target-path /var/src \ + -A populate \ + krebs/v2) script=$$(echo "$$result" | jq -r .) echo "$$script" | sh ssh root@$$target nixos-rebuild switch -I /var/src -- cgit v1.2.3 From c2dd690340e51bd6ab6986856e6300b91adb9a4f Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 03:19:20 +0100 Subject: make {deploy2 -> populate, rebuild} --- Makefile | 51 +++++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/Makefile b/Makefile index d7534e1..ecfc7e5 100644 --- a/Makefile +++ b/Makefile @@ -27,30 +27,6 @@ deploy infest:;@ script=$$(make -s eval) echo "$$script" | sh -.PHONY: deploy2 -ifdef target -deploy2: export target-host = $(target) -else -deploy2: export target-host = $(system) -endif -deploy2: export source = \ - with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \ - assert source-version == 2; \ - source -deploy2:;@ - target=$${target-$$system} - result=$$(nix-instantiate \ - --eval \ - --json \ - --arg source "$$source" \ - --argstr target-host "$$target" \ - --argstr target-path /var/src \ - -A populate \ - krebs/v2) - script=$$(echo "$$result" | jq -r .) - echo "$$script" | sh - ssh root@$$target nixos-rebuild switch -I /var/src - .PHONY: eval eval: @ @@ -73,6 +49,33 @@ endif $${target+--argstr target "$$target"}) echo "$$result" | filter +ifndef target +export target = $(system) +endif + +# usage: make populate system=foo [target=bar] +.PHONY: populate +populate: export source = \ + with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \ + assert source-version == 2; \ + source +populate:;@ + result=$$(nix-instantiate \ + --eval \ + --json \ + --arg source "$$source" \ + --argstr target-host "$$target" \ + --argstr target-path /var/src \ + -A populate \ + krebs/v2) + script=$$(echo "$$result" | jq -r .) + echo "$$script" | sh + +# usage: make rebuild system=foo [target=bar] [operation=switch] +.PHONY: rebuild +rebuild: populate ;@ + ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src + else $(error unbound variable: system[s]) endif -- cgit v1.2.3 From fbda4db013b0af204d2b448c40c15158e747920f Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 03:20:29 +0100 Subject: Makefile,krebs/v2: verbosity++ --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ecfc7e5..f81666a 100644 --- a/Makefile +++ b/Makefile @@ -73,7 +73,7 @@ populate:;@ # usage: make rebuild system=foo [target=bar] [operation=switch] .PHONY: rebuild -rebuild: populate ;@ +rebuild: populate ;@set -x ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src else -- cgit v1.2.3 From f4d836e93660ac47bda5a22430c4544c864804c3 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 03:29:42 +0100 Subject: make populate: define and pass lib to krebs/v2 --- Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f81666a..c4f5cd3 100644 --- a/Makefile +++ b/Makefile @@ -55,14 +55,18 @@ endif # usage: make populate system=foo [target=bar] .PHONY: populate +populate: export lib = \ + let nlib = import ; in \ + nlib // import krebs/4lib { lib = nlib; } // builtins populate: export source = \ - with (import ~/stockholm {}).users.$(LOGNAME).$(system).config.krebs.build; \ + with (import ./. {}).users.$(LOGNAME).$(system).config.krebs.build; \ assert source-version == 2; \ source populate:;@ result=$$(nix-instantiate \ --eval \ --json \ + --arg lib "$$lib" \ --arg source "$$source" \ --argstr target-host "$$target" \ --argstr target-path /var/src \ -- cgit v1.2.3 From f207b15901b0f1ec5598a534ab18ac9e31ffd093 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 03:51:22 +0100 Subject: make {populate,rebuild}: use $target_{host,user,path} --- Makefile | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index c4f5cd3..501dfbe 100644 --- a/Makefile +++ b/Makefile @@ -49,36 +49,39 @@ endif $${target+--argstr target "$$target"}) echo "$$result" | filter -ifndef target -export target = $(system) -endif +export target_host ?= $(system) +export target_user ?= root +export target_path ?= /var/src -# usage: make populate system=foo [target=bar] +# usage: make populate system=foo [target_host=bar] .PHONY: populate populate: export lib = \ let nlib = import ; in \ nlib // import krebs/4lib { lib = nlib; } // builtins populate: export source = \ - with (import ./. {}).users.$(LOGNAME).$(system).config.krebs.build; \ - assert source-version == 2; \ - source + with builtins; \ + with (import ./. {}).users.$${getEnv "LOGNAME"}.$${getEnv "system"}; \ + assert config.krebs.build.source-version == 2; \ + config.krebs.build.source populate:;@ result=$$(nix-instantiate \ --eval \ --json \ --arg lib "$$lib" \ --arg source "$$source" \ - --argstr target-host "$$target" \ - --argstr target-path /var/src \ + --argstr target-user "$$target_user" \ + --argstr target-host "$$target_host" \ + --argstr target-path "$$target_path" \ -A populate \ krebs/v2) script=$$(echo "$$result" | jq -r .) echo "$$script" | sh -# usage: make rebuild system=foo [target=bar] [operation=switch] +# usage: make rebuild system=foo [target_host=bar] [operation=switch] .PHONY: rebuild rebuild: populate ;@set -x - ssh root@"$$target" nixos-rebuild "$${operation-switch}" -I /var/src + ssh "$$target_user@$$target_host" \ + nixos-rebuild "$${operation-switch}" -I "$$target_path" else $(error unbound variable: system[s]) -- cgit v1.2.3 From cc712071a0d9f63e92787e5fe8d26058f1349c81 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 04:01:55 +0100 Subject: nixpkgs/nixos/lib -> upstream-nixpkgs/nixos/lib --- nixpkgs/nixos/lib | 1 + 1 file changed, 1 insertion(+) create mode 120000 nixpkgs/nixos/lib diff --git a/nixpkgs/nixos/lib b/nixpkgs/nixos/lib new file mode 120000 index 0000000..eb942f8 --- /dev/null +++ b/nixpkgs/nixos/lib @@ -0,0 +1 @@ +../../upstream-nixpkgs/nixos/lib \ No newline at end of file -- cgit v1.2.3 From 5a9226531d74ed69da3ae2e8b2206c10a8ca633c Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 13:21:59 +0100 Subject: nixpkgs/pkgs -> upstream-nixpkgs/pkgs --- nixpkgs/pkgs | 1 + 1 file changed, 1 insertion(+) create mode 120000 nixpkgs/pkgs diff --git a/nixpkgs/pkgs b/nixpkgs/pkgs new file mode 120000 index 0000000..ce5f544 --- /dev/null +++ b/nixpkgs/pkgs @@ -0,0 +1 @@ +../upstream-nixpkgs/pkgs \ No newline at end of file -- cgit v1.2.3 From 35296ddc29299efcbce09f23a0820818cb21abe6 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 15:34:22 +0100 Subject: tv git public-repos += with-tmpdir --- tv/2configs/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 800deff..5e0f95c 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -39,6 +39,7 @@ let stockholm = { desc = "take all the computers hostage, they'll love you!"; }; + with-tmpdir = {}; } // mapAttrValues (setAttr "section" "2. Haskell libraries") { blessings = {}; mime = {}; -- cgit v1.2.3 From 5f8443345130302259c959e26635dfa86c845740 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 19:17:19 +0100 Subject: tv config: use null for dummy secrets --- tv/2configs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index abe9d3d..777cd4e 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -12,6 +12,7 @@ with lib; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix"; nixpkgs = symlink:stockholm-nixpkgs; + null = "/home/tv/stockholm/null"; secrets = "/home/tv/secrets/${config.krebs.build.host.name}"; secrets-common = "/home/tv/secrets/common"; stockholm-krebs = "/home/tv/stockholm/krebs"; @@ -101,7 +102,7 @@ with lib; }; environment.variables = { - NIX_PATH = mkForce "/var/src"; + NIX_PATH = mkForce "secrets=/var/src/null:/var/src"; }; programs.bash = { -- cgit v1.2.3 From 6b1b215effd669ccc0725c21c234a1a343c41e57 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 19:51:01 +0100 Subject: tv: RIP consul --- tv/1systems/cd.nix | 1 - tv/1systems/mkdir.nix | 1 - tv/1systems/rmdir.nix | 1 - tv/2configs/consul-client.nix | 9 ---- tv/2configs/consul-server.nix | 21 -------- tv/3modules/consul.nix | 118 ------------------------------------------ tv/3modules/default.nix | 1 - 7 files changed, 152 deletions(-) delete mode 100644 tv/2configs/consul-client.nix delete mode 100644 tv/2configs/consul-server.nix delete mode 100644 tv/3modules/consul.nix diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 27e94ae..e42d575 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -14,7 +14,6 @@ with lib; imports = [ ../2configs/hw/CAC-Developer-2.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - #../2configs/consul-server.nix ../2configs/exim-smarthost.nix ../2configs/git.nix ../2configs/retiolum.nix diff --git a/tv/1systems/mkdir.nix b/tv/1systems/mkdir.nix index 9d8a0bc..79e5f73 100644 --- a/tv/1systems/mkdir.nix +++ b/tv/1systems/mkdir.nix @@ -22,7 +22,6 @@ in imports = [ ../2configs/hw/CAC-Developer-1.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/consul-server.nix ../2configs/exim-smarthost.nix ../2configs/git.nix { diff --git a/tv/1systems/rmdir.nix b/tv/1systems/rmdir.nix index 1f1d975..6fd79c5 100644 --- a/tv/1systems/rmdir.nix +++ b/tv/1systems/rmdir.nix @@ -23,7 +23,6 @@ in imports = [ ../2configs/hw/CAC-Developer-1.nix ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/consul-server.nix ../2configs/exim-smarthost.nix ../2configs/git.nix { diff --git a/tv/2configs/consul-client.nix b/tv/2configs/consul-client.nix deleted file mode 100644 index 0a8bf4d..0000000 --- a/tv/2configs/consul-client.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ ./consul-server.nix ]; - - tv.consul = { - server = pkgs.lib.mkForce false; - }; -} diff --git a/tv/2configs/consul-server.nix b/tv/2configs/consul-server.nix deleted file mode 100644 index d10f9ea..0000000 --- a/tv/2configs/consul-server.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, ... }: - -{ - tv.consul = rec { - enable = true; - - self = config.krebs.build.host; - inherit (self) dc; - - server = true; - - hosts = with config.krebs.hosts; [ - # TODO get this list automatically from each host where tv.consul.enable is true - cd - mkdir - nomic - rmdir - #wu - ]; - }; -} diff --git a/tv/3modules/consul.nix b/tv/3modules/consul.nix deleted file mode 100644 index 5c955fd..0000000 --- a/tv/3modules/consul.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ config, lib, pkgs, ... }: - -# if quorum gets lost, then start any node with a config that doesn't contain bootstrap_expect -# but -bootstrap -# TODO consul-bootstrap HOST that actually does is -# TODO tools to inspect state of a cluster in outage state - -with lib; -let - cfg = config.tv.consul; - - out = { - options.tv.consul = api; - config = mkIf cfg.enable (mkMerge [ - imp - { tv.iptables.input-retiolum-accept-new-tcp = [ "8300" "8301" ]; } - # TODO udp for 8301 - ]); - }; - - api = { - enable = mkEnableOption "tv.consul"; - - dc = mkOption { - type = types.label; - }; - hosts = mkOption { - type = with types; listOf host; - }; - encrypt-file = mkOption { - type = types.str; # TODO path (but not just into store) - default = toString ; - }; - data-dir = mkOption { - type = types.str; # TODO path (but not just into store) - default = "/var/lib/consul"; - }; - self = mkOption { - type = types.host; - }; - server = mkOption { - type = types.bool; - default = false; - }; - GOMAXPROCS = mkOption { - type = types.int; - default = cfg.self.cores; - }; - }; - - consul-config = { - datacenter = cfg.dc; - data_dir = cfg.data-dir; - log_level = "INFO"; - #node_name = - server = cfg.server; - enable_syslog = true; - retry_join = - # TODO allow consul in other nets than retiolum [maybe] - concatMap (host: host.nets.retiolum.addrs) - (filter (host: host.name != cfg.self.name) cfg.hosts); - leave_on_terminate = true; - } // optionalAttrs cfg.server { - bootstrap_expect = length cfg.hosts; - leave_on_terminate = false; - }; - - imp = { - environment.systemPackages = with pkgs; [ - consul - ]; - - systemd.services.consul = { - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ - consul - ]; - environment = { - GOMAXPROCS = toString cfg.GOMAXPROCS; - }; - serviceConfig = { - PermissionsStartOnly = "true"; - SyslogIdentifier = "consul"; - User = user.name; - PrivateTmp = "true"; - Restart = "always"; - ExecStartPre = pkgs.writeScript "consul-init" '' - #! /bin/sh - mkdir -p ${cfg.data-dir} - chown ${user.name}: ${cfg.data-dir} - install -o ${user.name} -m 0400 ${cfg.encrypt-file} /tmp/encrypt.json - ''; - ExecStart = pkgs.writeScript "consul-service" '' - #! /bin/sh - set -euf - exec >/dev/null - exec consul agent \ - -config-file=${toFile "consul.json" (toJSON consul-config)} \ - -config-file=/tmp/encrypt.json - ''; - #-node=${cfg.self.fqdn} \ - #ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${user} -D"; - }; - }; - - users.extraUsers = singleton { - inherit (user) name uid; - }; - }; - - user = rec { - name = "consul"; - uid = genid name; - }; - -in -out diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index bb10d82..f7889b2 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -2,7 +2,6 @@ _: { imports = [ - ./consul.nix ./ejabberd.nix ./iptables.nix ]; -- cgit v1.2.3 From 5e2c414d8a1edeefea60ff9fd79b47ee768f4cb6 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:01:28 +0100 Subject: tv vim: drop noise --- tv/2configs/vim.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index bab9492..83cc6e1 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -7,11 +7,6 @@ let vim ]; - # Nano really is just a stupid name for Vim. - nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.vim; - }; - environment.etc.vimrc.source = vimrc; environment.variables.EDITOR = mkForce "vim"; -- cgit v1.2.3 From a0b0c5867e27126045058f4f806426d871514b81 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:02:01 +0100 Subject: tv nix.vim: let b:current_syntax --- tv/2configs/vim.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 83cc6e1..23f90af 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -105,6 +105,8 @@ let syn match String /"\([^\\"]\|\\.\)*"/ syn match Comment /\(^\|\s\)#.*/ + + let b:current_syntax = "nix" ''} au BufRead,BufNewFile /dev/shm/* set nobackup nowritebackup noswapfile -- cgit v1.2.3 From 239f48c4605b7f96237ad37b4ed2fd8c2b49a234 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:05:12 +0100 Subject: wu: selectively allowUnfree nvidia-x11 --- tv/1systems/wu.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index aef8ca7..2fa0e8a 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -157,7 +157,7 @@ with lib; nixpkgs.config.chromium.enablePepperFlash = true; - nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name; hardware.bumblebee.enable = true; hardware.bumblebee.group = "video"; hardware.enableAllFirmware = true; -- cgit v1.2.3 From 828ea685b19fac19f8ef7edb6e386204ada0de0e Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:06:15 +0100 Subject: xu: don't unconditionally allowUnfree --- tv/1systems/xu.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 31a8a3e..8c4af2b 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -155,7 +155,6 @@ with lib; nixpkgs.config.chromium.enablePepperFlash = true; - nixpkgs.config.allowUnfree = true; #hardware.bumblebee.enable = true; #hardware.bumblebee.group = "video"; hardware.enableAllFirmware = true; -- cgit v1.2.3 From 721d632b188f101a238610a7ffa4ad0fcce499bb Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:12:06 +0100 Subject: tv config: allowUnfree = false --- tv/2configs/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 777cd4e..ee1d952 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -70,6 +70,9 @@ with lib; nix.useChroot = true; } + { + nixpkgs.config.allowUnfree = false; + } { environment.profileRelativeEnvVars.PATH = mkForce [ "/bin" ]; -- cgit v1.2.3 From 63b33517293eff59b62d7d7686c67b6ca54173a9 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 20:17:10 +0100 Subject: tv: cleanup allowUnfree --- tv/2configs/hw/AO753.nix | 9 ++++----- tv/2configs/hw/x220.nix | 1 - 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix index acd9ee3..72a4081 100644 --- a/tv/2configs/hw/AO753.nix +++ b/tv/2configs/hw/AO753.nix @@ -1,4 +1,6 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +with lib; { imports = [ @@ -39,8 +41,5 @@ HandleSuspendKey=ignore ''; - nixpkgs.config = { - allowUnfree = false; - allowUnfreePredicate = (x: pkgs.lib.hasPrefix "broadcom-sta-" x.name); - }; + nixpkgs.config.allowUnfreePredicate = pkg: hasPrefix "broadcom-sta-" pkg.name; } diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 8549311..7cec670 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -14,7 +14,6 @@ networking.wireless.enable = true; #hardware.enableAllFirmware = true; - #nixpkgs.config.allowUnfree = true; #zramSwap.enable = true; #zramSwap.numDevices = 2; -- cgit v1.2.3 From b2f19764ef2b1351673d9407a4cd813ce8b8b230 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 3 Feb 2016 13:36:54 +0100 Subject: krebs.git.rules: specify type --- tv/2configs/git.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 5e0f95c..01dc7de 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -9,7 +9,7 @@ let enable = true; root-title = "public repositories at ${config.krebs.build.host.name}"; root-desc = "keep calm and engage"; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + repos = repos; rules = rules; }; }; @@ -99,7 +99,7 @@ let repo = [ repo ]; perm = fetch; } ++ - optional (length (repo.collaborators or []) > 0) { + optional (repo.collaborators or [] != []) { user = repo.collaborators; repo = [ repo ]; perm = fetch; -- cgit v1.2.3 From 21718b041f96391ec91497a4932cb6d8bd7f2f30 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 3 Feb 2016 19:39:00 +0100 Subject: cac-1.0.3 -> cac-api-1.1.0 --- tv/1systems/wu.nix | 2 +- tv/2configs/git.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 2fa0e8a..29e6de0 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -43,7 +43,7 @@ with lib; # tv bc bind # dig - cac + cac-api dic file get diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 01dc7de..b818008 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -22,8 +22,8 @@ let public-repos = mapAttrs make-public-repo ({ } // mapAttrValues (setAttr "section" "1. Miscellaneous") { - cac = { - desc = "CloudAtCost command line interface"; + cac-api = { + desc = "CloudAtCost API command line interface"; }; get = {}; hack = {}; -- cgit v1.2.3 From db2a1da01749e876e7881641220aef56d93580ff Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Feb 2016 02:48:28 +0100 Subject: s 1 wolf: provide cgit mirror --- shared/1systems/wolf.nix | 1 + shared/2configs/cgit-mirror.nix | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 shared/2configs/cgit-mirror.nix diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 8cf5be7..e451954 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -12,6 +12,7 @@ in ../2configs/shack-nix-cacher.nix ../2configs/shack-drivedroid.nix ../2configs/buildbot-standalone.nix + ../2configs/cgit-mirror.nix # ../2configs/graphite.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix new file mode 100644 index 0000000..5bcfc58 --- /dev/null +++ b/shared/2configs/cgit-mirror.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + rules = with git;[{ + # user = git-sync; + user = git-sync; + repo = [ stockholm-mirror ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + }]; + + stockholm-mirror = { + public = true; + name = "stockholm-mirror"; + desc = "mirror for all stockholm branches"; + hooks = { + post-receive = pkgs.git-hooks.irc-announce { + nick = config.networking.hostName; + verbose = false; + channel = "#retiolum"; + server = "cd.retiolum"; + }; + }; + }; + + git-sync = { + name = "git-sync"; + mail = "spam@krebsco.de"; + # TODO put git-sync pubkey somewhere more appropriate + pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzUuzyoAhMgJmsiaTVWNSXqcrZNTpKpv0nfFBOMcNXUWEbvfAq5eNpg5cX+P8eoYl6UQgfftbYi06flKK3yJdntxoZKLwJGgJt9NZr8yZTsiIfMG8XosvGNQtGPkBtpLusgmPpu7t2RQ9QrqumBvoUDGYEauKTslLwupp1QeyWKUGEhihn4CuqQKiPrz+9vbNd75XOfVZMggk3j4F7HScatmA+p1EQXWyq5Jj78jQN5ZIRnHjMQcIZ4DOz1U96atwSKMviI1xEZIODYfgoGjjiWYeEtKaLVPtSqtLRGI7l+RNouMfwHLdTWOJSlIdFncfPXC6R19hTll3UHeHLtqLP git-sync''; + }; + +in { + krebs.git = { + enable = true; + root-title = "Shared Repos"; + root-desc = "keep on krebsing"; + inherit rules; + repos.stockholm-mirror = stockholm-mirror; + }; +} -- cgit v1.2.3 From 538b3b863502000355b75ce6c31a422558b1671e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 03:07:47 +0100 Subject: stockholm: stockholm-path -> ./. --- tv/2configs/default.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index ee1d952..46320b7 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -10,14 +10,13 @@ with lib; target = mkDefault "root@${config.krebs.build.host.name}"; source-version = 2; source = mapAttrs (_: mkDefault) ({ - nixos-config = "symlink:stockholm-private/1systems/${config.krebs.build.host.name}.nix"; - nixpkgs = symlink:stockholm-nixpkgs; - null = "/home/tv/stockholm/null"; + nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix"; + nixpkgs = symlink:stockholm/nixpkgs; + null = "symlink:stockholm/null"; secrets = "/home/tv/secrets/${config.krebs.build.host.name}"; secrets-common = "/home/tv/secrets/common"; - stockholm-krebs = "/home/tv/stockholm/krebs"; - stockholm-nixpkgs = "/home/tv/stockholm/nixpkgs"; - stockholm-private = "/home/tv/stockholm/tv"; + stockholm = "/home/tv/stockholm"; + stockholm-user = "symlink:stockholm/tv"; upstream-nixpkgs = { url = https://github.com/NixOS/nixpkgs; rev = "77f8f35d57618c1ba456d968524f2fb2c3448295"; -- cgit v1.2.3 From 5869a7b4d374eccc968ff3198757932bd2eb6095 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 04:44:26 +0100 Subject: RIP current-date --- Makefile | 1 - shared/2configs/buildbot-standalone.nix | 2 -- 2 files changed, 3 deletions(-) diff --git a/Makefile b/Makefile index 501dfbe..a1559b4 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,6 @@ endif -A "$$get" \ -I stockholm="$$PWD" \ '' \ - --argstr current-date "$$(date -Is)" \ --argstr current-host-name "$$HOSTNAME" \ --argstr current-user-name "$$LOGNAME" \ $${system+--argstr system "$$system"} \ diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix index c614bd3..9982dd9 100644 --- a/shared/2configs/buildbot-standalone.nix +++ b/shared/2configs/buildbot-standalone.nix @@ -86,7 +86,6 @@ -I stockholm=. \ --show-trace \ -I secrets=. '' \ - --argstr current-date lol \ --argstr current-user-name shared \ --argstr current-host-name lol \ --strict --json"]) @@ -98,7 +97,6 @@ -I stockholm=. \ -I secrets=. '' \ --show-trace \ - --argstr current-date lol \ --argstr current-user-name shared \ --argstr current-host-name lol \ --strict --json"]) -- cgit v1.2.3 From d23957f9ff4ff5edbc67df16ad4b80c37ca07fc2 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 05:40:26 +0100 Subject: krebs.build.populate: init and drop support for v1 --- Makefile | 108 ++++++++++++++++------------------------------ nixpkgs/krebs | 0 nixpkgs/nixos/default.nix | 66 +--------------------------- nixpkgs/nixos/lib | 2 +- nixpkgs/nixos/modules | 2 +- root | 1 + tv/2configs/default.nix | 4 +- 7 files changed, 41 insertions(+), 142 deletions(-) create mode 100644 nixpkgs/krebs create mode 120000 root diff --git a/Makefile b/Makefile index a1559b4..87a636e 100644 --- a/Makefile +++ b/Makefile @@ -1,87 +1,51 @@ -# -# usage: -# make infest system=foo [target=bar] -# make [deploy] system=foo [target=bar] -# make [deploy] systems='foo bar' -# make eval get=users.tv.wu.config.time.timeZone [filter=json] -# - .ONESHELL: .SHELLFLAGS := -eufc -ifdef systems -$(systems): - @ - unset target - parallel \ - --line-buffer \ - -j0 \ - --no-notice \ - --tagstring {} \ - -q make -s systems= system={} ::: $(systems) -else ifdef system -.PHONY: deploy infest -deploy infest:;@ - export get=krebs.$@ - export filter=json - script=$$(make -s eval) - echo "$$script" | sh - -.PHONY: eval -eval: - @ -ifeq ($(filter),json) - extraArgs='--json --strict' - filter() { jq -r .; } -else - filter() { cat; } +ifndef system +$(error unbound variable: system) endif - result=$$(nix-instantiate \ - $${extraArgs-} \ - --eval \ - -A "$$get" \ - -I stockholm="$$PWD" \ - '' \ - --argstr current-host-name "$$HOSTNAME" \ - --argstr current-user-name "$$LOGNAME" \ - $${system+--argstr system "$$system"} \ - $${target+--argstr target "$$target"}) - echo "$$result" | filter export target_host ?= $(system) export target_user ?= root export target_path ?= /var/src +# usage: make deploy system=foo [target_host=bar] +.PHONY: deploy +deploy: populate ;@set -x + ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path" + # usage: make populate system=foo [target_host=bar] .PHONY: populate -populate: export lib = \ - let nlib = import ; in \ - nlib // import krebs/4lib { lib = nlib; } // builtins -populate: export source = \ - with builtins; \ - with (import ./. {}).users.$${getEnv "LOGNAME"}.$${getEnv "system"}; \ - assert config.krebs.build.source-version == 2; \ - config.krebs.build.source populate:;@ - result=$$(nix-instantiate \ - --eval \ - --json \ - --arg lib "$$lib" \ - --arg source "$$source" \ - --argstr target-user "$$target_user" \ - --argstr target-host "$$target_host" \ - --argstr target-path "$$target_path" \ - -A populate \ - krebs/v2) - script=$$(echo "$$result" | jq -r .) - echo "$$script" | sh - -# usage: make rebuild system=foo [target_host=bar] [operation=switch] -.PHONY: rebuild -rebuild: populate ;@set -x - ssh "$$target_user@$$target_host" \ - nixos-rebuild "$${operation-switch}" -I "$$target_path" + result=$$(make -s eval get=config.krebs.build.populate filter=json) + echo "$$result" | sh +# usage: make eval system=foo get=config.krebs.build [LOGNAME=tv] [filter=json] +.PHONY: eval +eval:;@ +ifeq ($(filter),json) + extraArgs='--json --strict' + filter() { echo "$$1" | jq -r .; } else -$(error unbound variable: system[s]) + filter() { echo "$$1"; } endif + result=$$(nix-instantiate \ + $${extraArgs-} \ + --show-trace \ + --readonly-mode \ + --eval \ + -A "$$get" \ + --arg configuration "") + filter "$$result" + +## usage: make install system=foo target= +#.PHONY: install +#install: ssh = ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null +#install:;@set -x +# $(ssh) "$$target_user@$$target_host" \ +# env target_path=/var/src \ +# sh -s prepare < krebs/4lib/infest/prepare.sh +# make -s populate target_path=/mnt"$$target_path" +# $(ssh) "$$target_user@$$target_host" \ +# env NIXOS_CONFIG=/var/src/nixos-config \ +# nixos-install diff --git a/nixpkgs/krebs b/nixpkgs/krebs new file mode 100644 index 0000000..e69de29 diff --git a/nixpkgs/nixos/default.nix b/nixpkgs/nixos/default.nix index 6c5adf3..4fe08ef 100644 --- a/nixpkgs/nixos/default.nix +++ b/nixpkgs/nixos/default.nix @@ -1,65 +1 @@ -{ configuration ? import "NIXOS_CONFIG" -, system ? builtins.currentSystem -}: - -let - eval-config = modules: import { - inherit system; - modules = modules ++ [({ config, lib, ... }: with lib; { - imports = filter dir.has-default-nix (concatLists [ - (map (p: p + "/2configs") [ ]) - (map (p: p + "/3modules") [ ]) - ]); - - krebs.current = { - enable = true; - host = config.krebs.hosts.${readFile /proc/sys/kernel/hostname}; - user = config.krebs.users.${getEnv "LOGNAME"}; - }; - - nixpkgs.config.packageOverrides = pkgs: let - kpkgs = import { inherit lib pkgs; }; - upkgs = import { inherit lib; pkgs = pkgs // kpkgs; }; - in kpkgs // upkgs; - })]; - specialArgs = { - lib = let - nlib = import // builtins; - klib = nlib // import { lib = nlib; }; - ulib = klib // (with klib; let p = + "/4lib"; in - optionalAttrs (dir.has-default-nix p) - (import p { lib = klib; })); - in ulib; - }; - }; - - eval = eval-config [ - configuration - ]; - - # This is for `nixos-rebuild build-vm'. - vm = eval-config [ - configuration - - ]; - - # This is for `nixos-rebuild build-vm-with-bootloader'. - vm-with-bootloader = eval-config [ - configuration - - { virtualisation.useBootLoader = true; } - ]; -in - -{ - inherit (eval) config options; - - system = eval.config.system.build.toplevel; - - vm = vm.config.system.build.vm; - - vmWithBootLoader = vm-with-bootloader.config.system.build.vm; - - # The following are used by nixos-rebuild. - nixFallback = eval.pkgs.nixUnstable; -} +import diff --git a/nixpkgs/nixos/lib b/nixpkgs/nixos/lib index eb942f8..9e69d1a 120000 --- a/nixpkgs/nixos/lib +++ b/nixpkgs/nixos/lib @@ -1 +1 @@ -../../upstream-nixpkgs/nixos/lib \ No newline at end of file +../../../upstream-nixpkgs/nixos/lib \ No newline at end of file diff --git a/nixpkgs/nixos/modules b/nixpkgs/nixos/modules index 8fbc437..8aa2488 120000 --- a/nixpkgs/nixos/modules +++ b/nixpkgs/nixos/modules @@ -1 +1 @@ -../../upstream-nixpkgs/nixos/modules \ No newline at end of file +../../../upstream-nixpkgs/nixos/modules \ No newline at end of file diff --git a/root b/root new file mode 120000 index 0000000..1cd1825 --- /dev/null +++ b/root @@ -0,0 +1 @@ +../stockholm-user \ No newline at end of file diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 46320b7..57c4620 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -8,11 +8,9 @@ with lib; krebs.build = { user = config.krebs.users.tv; target = mkDefault "root@${config.krebs.build.host.name}"; - source-version = 2; source = mapAttrs (_: mkDefault) ({ nixos-config = "symlink:stockholm/tv/1systems/${config.krebs.build.host.name}.nix"; nixpkgs = symlink:stockholm/nixpkgs; - null = "symlink:stockholm/null"; secrets = "/home/tv/secrets/${config.krebs.build.host.name}"; secrets-common = "/home/tv/secrets/common"; stockholm = "/home/tv/stockholm"; @@ -104,7 +102,7 @@ with lib; }; environment.variables = { - NIX_PATH = mkForce "secrets=/var/src/null:/var/src"; + NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src"; }; programs.bash = { -- cgit v1.2.3 From 1c6213b4cc7c0029c3ec78f03ff2ccc37c1f0278 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 05:52:06 +0100 Subject: make eval: use ./. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 87a636e..e82e39c 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,7 @@ endif --readonly-mode \ --eval \ -A "$$get" \ - --arg configuration "") + --arg configuration "./$$LOGNAME/1systems/$$system.nix") filter "$$result" ## usage: make install system=foo target= -- cgit v1.2.3 From babb08d85f5cc5347cfefa81324772a7566b4240 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 11:32:13 +0100 Subject: make eval: add some more awesome --- Makefile | 40 +++++++++++++++------------------------- 1 file changed, 15 insertions(+), 25 deletions(-) diff --git a/Makefile b/Makefile index e82e39c..9586290 100644 --- a/Makefile +++ b/Makefile @@ -9,34 +9,24 @@ export target_host ?= $(system) export target_user ?= root export target_path ?= /var/src +evaluate = \ + nix-instantiate \ + --arg configuration "./$$LOGNAME/1systems/$$system.nix" \ + --eval \ + --readonly-mode \ + --show-trace \ + $(1) + +execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh + # usage: make deploy system=foo [target_host=bar] -.PHONY: deploy -deploy: populate ;@set -x +deploy: + $(call execute,populate) ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path" -# usage: make populate system=foo [target_host=bar] -.PHONY: populate -populate:;@ - result=$$(make -s eval get=config.krebs.build.populate filter=json) - echo "$$result" | sh - -# usage: make eval system=foo get=config.krebs.build [LOGNAME=tv] [filter=json] -.PHONY: eval -eval:;@ -ifeq ($(filter),json) - extraArgs='--json --strict' - filter() { echo "$$1" | jq -r .; } -else - filter() { echo "$$1"; } -endif - result=$$(nix-instantiate \ - $${extraArgs-} \ - --show-trace \ - --readonly-mode \ - --eval \ - -A "$$get" \ - --arg configuration "./$$LOGNAME/1systems/$$system.nix") - filter "$$result" +# usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name +eval eval.:;@$(call evaluate) +eval.%:;@$(call evaluate,-A $*) ## usage: make install system=foo target= #.PHONY: install -- cgit v1.2.3 From 0c6260817979f515a2024adc5ab8924442058ee2 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 11:54:00 +0100 Subject: make deploy: properly print ssh target --- Makefile | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 9586290..886a26f 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -.ONESHELL: -.SHELLFLAGS := -eufc - ifndef system $(error unbound variable: system) endif @@ -22,7 +19,7 @@ execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh # usage: make deploy system=foo [target_host=bar] deploy: $(call execute,populate) - ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path" + @set -x; ssh "$$target_user@$$target_host" nixos-rebuild switch -I "$$target_path" # usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name eval eval.:;@$(call evaluate) @@ -33,7 +30,7 @@ eval.%:;@$(call evaluate,-A $*) #install: ssh = ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null #install:;@set -x # $(ssh) "$$target_user@$$target_host" \ -# env target_path=/var/src \ +# env target_path="$target_path" \ # sh -s prepare < krebs/4lib/infest/prepare.sh # make -s populate target_path=/mnt"$$target_path" # $(ssh) "$$target_user@$$target_host" \ -- cgit v1.2.3 From d3b462c97b814c37677308ded38c1d79bc26ba5c Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 11:57:47 +0100 Subject: Makefile execute: don't try to run failed evaluations :D --- Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 886a26f..e61d16b 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,10 @@ evaluate = \ --show-trace \ $(1) -execute = $(call evaluate,-A config.krebs.build.$(1) --json) | jq -r . | sh +execute = \ + result=$$($(call evaluate,-A config.krebs.build.$(1) --json)) && \ + script=$$(echo "$$result" | jq -r .) && \ + echo "$$script" | sh # usage: make deploy system=foo [target_host=bar] deploy: -- cgit v1.2.3 From 8e231e4e8daa7323c2ff14b9baec5ccdfe5321c8 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Feb 2016 14:36:48 +0100 Subject: s 2 base: new paths, cosmetics --- shared/2configs/base.nix | 18 +++++++----------- shared/2configs/cgit-mirror.nix | 7 +++---- 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index 5e60726..dd698ba 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -16,20 +16,16 @@ with lib; # TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.shared; krebs.build.source = { - git.nixpkgs = { + upstream-nixpkgs = mkDefault { url = https://github.com/NixOS/nixpkgs; rev = "d0e3cca"; - target-path = "/var/src/nixpkgs"; - }; - dir.secrets = { - host = config.krebs.current.host; - path = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}"; - }; - dir.stockholm = { - host = config.krebs.current.host; - path = mkDefault "${getEnv "HOME"}/stockholm"; - target-path = "/var/src/stockholm"; }; + secrets = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}"; + stockholm = mkDefault "${getEnv "HOME"}/stockholm"; + + nixos-config = "symlink:stockholm/${config.krebs.build.user.name}/1systems/${config.krebs.build.host.name}.nix"; + nixpkgs = symlink:stockholm/nixpkgs; + stockholm-user = "symlink:stockholm/${config.krebs.build.user.name}"; }; networking.hostName = config.krebs.build.host.name; diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix index 5bcfc58..4ff1902 100644 --- a/shared/2configs/cgit-mirror.nix +++ b/shared/2configs/cgit-mirror.nix @@ -2,12 +2,11 @@ with lib; let - rules = with git;[{ - # user = git-sync; - user = git-sync; + rules = with git; singleton { + user = [ git-sync ]; repo = [ stockholm-mirror ]; perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }]; + }; stockholm-mirror = { public = true; -- cgit v1.2.3 From f281f65e9311ae6acb9113cbed089a20a5c19254 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Feb 2016 16:38:21 +0100 Subject: ma 1: refactor buildbot config, add documentation --- shared/1systems/wolf.nix | 2 +- shared/2configs/buildbot-standalone.nix | 150 -------------------------------- shared/2configs/shared-buildbot.nix | 148 +++++++++++++++++++++++++++++++ 3 files changed, 149 insertions(+), 151 deletions(-) delete mode 100644 shared/2configs/buildbot-standalone.nix create mode 100644 shared/2configs/shared-buildbot.nix diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index e451954..bcfbd68 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -11,7 +11,7 @@ in ../2configs/collectd-base.nix ../2configs/shack-nix-cacher.nix ../2configs/shack-drivedroid.nix - ../2configs/buildbot-standalone.nix + ../2configs/shared-buildbot.nix ../2configs/cgit-mirror.nix # ../2configs/graphite.nix ]; diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix deleted file mode 100644 index 9982dd9..0000000 --- a/shared/2configs/buildbot-standalone.nix +++ /dev/null @@ -1,150 +0,0 @@ -{ lib, config, pkgs, ... }: - -{ - networking.firewall.allowedTCPPorts = [ 8010 9989 ]; - krebs.buildbot.master = { - secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ]; - slaves = { - testslave = "krebspass"; - }; - change_source.stockholm = '' - stockholm_repo = 'http://cgit.gum/stockholm' - cs.append(changes.GitPoller( - stockholm_repo, - workdir='stockholm-poller', branch='master', - project='stockholm', - pollinterval=120)) - ''; - scheduler = { - force-scheduler = '' - sched.append(schedulers.ForceScheduler( - name="force", -