summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-02-15 16:27:11 +0100
committertv <tv@krebsco.de>2016-02-15 16:34:50 +0100
commit8f520b19b623919fa6319029a955d43fd051773c (patch)
tree2181809786e54d053532fab2f24b1ff032592e41
parent673853e092c211e26a08030f87f9c868c6442a71 (diff)
don't try to mimic nixpkgs
-rw-r--r--Makefile3
-rw-r--r--default.nix91
-rw-r--r--krebs/3modules/lib.nix4
-rw-r--r--krebs/default.nix201
-rw-r--r--lass/1systems/cloudkrebs.nix1
-rw-r--r--lass/1systems/dishfire.nix1
-rw-r--r--lass/1systems/echelon.nix1
-rw-r--r--lass/1systems/helios.nix1
-rw-r--r--lass/1systems/mors.nix1
-rw-r--r--lass/1systems/prism.nix1
-rw-r--r--lass/1systems/uriel.nix1
-rw-r--r--lass/2configs/base.nix4
-rw-r--r--lass/3modules/dnsmasq.nix3
-rw-r--r--lass/3modules/newsbot-js.nix3
-rw-r--r--lass/default.nix7
-rw-r--r--makefu/1systems/filepimp.nix1
-rw-r--r--makefu/1systems/gum.nix1
-rw-r--r--makefu/1systems/omo.nix1
-rw-r--r--makefu/1systems/pnp.nix1
-rw-r--r--makefu/1systems/pornocauster.nix1
-rw-r--r--makefu/1systems/repunit.nix1
-rw-r--r--makefu/1systems/tsp.nix1
-rw-r--r--makefu/1systems/vbob.nix1
-rw-r--r--makefu/1systems/wbob.nix1
-rw-r--r--makefu/1systems/wry.nix1
-rw-r--r--makefu/2configs/default.nix4
-rw-r--r--makefu/default.nix8
-rw-r--r--miefda/1systems/bobby.nix2
-rw-r--r--miefda/default.nix6
-rw-r--r--mv/1systems/stro.nix1
-rw-r--r--nixpkgs/default.nix6
-rw-r--r--nixpkgs/krebs0
l---------nixpkgs/lib1
-rw-r--r--nixpkgs/nixos/default.nix1
l---------nixpkgs/nixos/lib1
l---------nixpkgs/nixos/modules1
l---------root1
-rw-r--r--shared/1systems/test-all-krebs-modules.nix3
-rw-r--r--shared/1systems/test-arch.nix1
-rw-r--r--shared/1systems/test-centos6.nix1
-rw-r--r--shared/1systems/test-centos7.nix1
-rw-r--r--shared/1systems/test-failing.nix3
-rw-r--r--shared/1systems/test-minimal-deploy.nix3
-rw-r--r--shared/1systems/wolf.nix1
-rw-r--r--shared/2configs/base.nix4
-rw-r--r--shared/default.nix7
-rw-r--r--tv/1systems/cd.nix1
-rw-r--r--tv/1systems/mkdir.nix1
-rw-r--r--tv/1systems/nomic.nix1
-rw-r--r--tv/1systems/rmdir.nix1
-rw-r--r--tv/1systems/wu.nix1
-rw-r--r--tv/1systems/xu-qemu0.nix1
-rw-r--r--tv/1systems/xu.nix1
-rw-r--r--tv/2configs/default.nix4
-rw-r--r--tv/default.nix9
55 files changed, 103 insertions, 306 deletions
diff --git a/Makefile b/Makefile
index e5e3b19d5..384c872ab 100644
--- a/Makefile
+++ b/Makefile
@@ -9,10 +9,11 @@ export target_path ?= /var/src
evaluate = \
nix-instantiate \
- --arg configuration ./$(LOGNAME)/1systems/$(system).nix \
--eval \
--readonly-mode \
--show-trace \
+ -I nixos-config=./$(LOGNAME)/1systems/$(system).nix \
+ -I stockholm=. \
$(1)
execute = \
diff --git a/default.nix b/default.nix
index c96d4dd1c..52e8924cd 100644
--- a/default.nix
+++ b/default.nix
@@ -1,86 +1,5 @@
-{ configuration ? import (nixpkgs-path + "/nixos/lib/from-env.nix") "NIXOS_CONFIG" <nixos-config>
-, system ? builtins.currentSystem
-, current-host-name ?
- let v = builtins.getEnv "HOSTNAME"; in
- if v != "" then v else builtins.readFile /proc/sys/kernel/hostname
-, current-user-name ?
- let v = builtins.getEnv "LOGNAME"; in
- if v != "" then v else abort "undefined variable: LOGNAME"
-, nixpkgs-path ?
- if (builtins.tryEval <nixpkgs/krebs>).success
- then <upstream-nixpkgs>
- else <nixpkgs>
-, StrictHostKeyChecking ? "yes"
-}@args:
-
-let stockholm = {
- inherit krebs;
- inherit users;
- inherit lib;
- inherit config options pkgs;
- system = config.system.build.toplevel;
- };
-
- krebs = import ./krebs (args // { inherit lib stockholm; });
-
- lib = let
- nlib = import (slib.npath "lib");
- klib = import (slib.kpath "4lib") { lib = nlib; };
- slib = rec {
- nspath = ns: p: ./. + "/${ns}/${p}";
- npath = p: nixpkgs-path + "/${p}";
- kpath = nspath "krebs";
- upath = nspath current-user-name;
- };
- ulib = let p = slib.upath "4lib"; in
- nlib.optionalAttrs (klib.dir.has-default-nix p)
- (import p { lib = nlib // klib; });
- in nlib // klib // slib // ulib // builtins;
-
- inherit (eval configuration) config options pkgs;
-
- base-module = { config, ... }: {
- imports = builtins.filter lib.dir.has-default-nix (lib.concatLists [
- (map (f: f "2configs") [ lib.upath ])
- (map (f: f "3modules") [ lib.kpath lib.upath ])
- (map (f: f "5pkgs") [ lib.kpath lib.upath ])
- ]);
-
- krebs.lib = lib;
-
- krebs.current.enable = true;
- krebs.current.host = config.krebs.hosts.${current-host-name};
- krebs.current.user = config.krebs.users.${current-user-name};
- };
-
- eval = config: import (lib.npath "nixos/lib/eval-config.nix") {
- inherit system;
- specialArgs = {
- inherit lib;
- };
- modules = [
- base-module
- config
- ];
- };
-
- # TODO move user namespaces' to users/, so no exception for krebs/ is needed
- users =
- lib.mapAttrs
- (name: _: eval-all-systems (lib.nspath name "1systems"))
- (lib.filterAttrs
- (n: t: !lib.hasPrefix "." n && t == "directory" && n != "krebs")
- (builtins.readDir ./.));
-
- eval-all-systems = path:
- lib.mapAttrs'
- (n: _: (lib.nameValuePair (lib.removeSuffix ".nix" n)
- (eval-system (path + "/${n}"))))
- (builtins.readDir path);
-
- eval-system = path: rec {
- inherit (eval path) config options;
- system = config.system.build.toplevel;
- };
-
-in stockholm
+import <nixpkgs/nixos/lib/eval-config.nix> {
+ modules = [
+ (import <nixpkgs/nixos/lib/from-env.nix> "NIXOS_CONFIG" <nixos-config>)
+ ];
+}
diff --git a/krebs/3modules/lib.nix b/krebs/3modules/lib.nix
index 31390a263..b19f275b5 100644
--- a/krebs/3modules/lib.nix
+++ b/krebs/3modules/lib.nix
@@ -3,9 +3,13 @@ with lib;
let
out = {
options.krebs.lib = api;
+ config = imp;
};
api = mkOption {
default = {};
type = types.attrs;
};
+ imp = {
+ krebs.lib = lib // import ../4lib { inherit lib; } // builtins;
+ };
in out
diff --git a/krebs/default.nix b/krebs/default.nix
index 17c035896..93e006f3d 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -1,193 +1,8 @@
-assert false;
-
-{ current-host-name
-, current-user-name
-, lib
-, stockholm
-, StrictHostKeyChecking ? "yes"
-}:
-
-let out = {
- inherit infest;
- inherit init;
- inherit nixos-install;
- };
-
- infest =
- { system ? current-host-name
- , target ? system
- }@args: let
- config = get-config system;
- in ''
- #! /bin/sh
- # krebs.infest
- set -efu
-
- ${rootssh target ''
- ${builtins.readFile ./4lib/infest/prepare.sh}
- ${builtins.readFile ./4lib/infest/install-nix.sh}
- ''}
-
- (${nixos-install args})
-
- ${rootssh target ''
- ${builtins.readFile ./4lib/infest/finalize.sh}
- ''}
- '';
-
- init =
- { system ? current-host-name
- }@args: let
- config = get-config system;
- in ''
- #! /bin/sh
- # krebs.init
- set -efu
-
- system=${lib.shell.escape system}
- secrets_dir=${config.krebs.build.source.dir.secrets.path}
- key_type=ed25519
- key_file=$secrets_dir/ssh.id_$key_type
- key_comment=$system
-
- if test -e "$key_file"; then
- echo "Warning: privkey already exists: $key_file" >&2
- else
- ssh-keygen \
- -C "$key_comment" \
- -t "$key_type" \
- -f "$key_file" \
- -N ""
- rm "$key_file.pub"
- fi
-
- pubkey=$(ssh-keygen -y -f "$key_file")
-
- cat<<EOF
- # put following into config.krebs.hosts.$system:
- ssh.privkey.path = <secrets/ssh.$key_type>;
- ssh.pubkey = $(echo $pubkey | jq -R .);
- EOF
- '';
-
- nixos-install =
- { system ? current-host-name
- , target ? system
- }@args: let
- in ''
- #! /bin/sh
- # krebs.nixos-install
- (${populate (args // { root = "/mnt"; })})
-
- ${rootssh target ''
- export PATH; PATH=/root/.nix-profile/bin:$PATH
-
- src=$(type -p nixos-install)
- cat_src() {
- sed < "$src" "$(
- { sed < "$src" -n '
- /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/=
- /^nixpkgs=/=
- /^NIX_PATH=/,/^$/{/./=}
-
- # Disable: Copy the NixOS/Nixpkgs sources to the target as
- # the initial contents of the NixOS channel.
- /^srcs=/,/^ln -sfn /=
- '
- } | sed 's:$:s/^/#krebs#/:'
- )"
- }
-
- # Location to insert `nix-install`
- i=$(sed -n '/^echo "building the system configuration/=' "$src")
-
- {
- cat_src | sed -n "1,$i{p}"
- cat ${doc (nix-install args)}
- cat_src | sed -n "$i,\''${$i!p}"
- } > nixos-install
- chmod +x nixos-install
-
- # Wrap inserted nix-install into chroot.
- nix_env=$(cat_src | sed -n '
- s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q
- ')
- echo "nix-env is $nix_env" >&2
- findpkg() {(
- name=$1
- path=$(find /nix/store \
- -mindepth 1 -maxdepth 1 -type d -name '*-'"$name"'-*' \
- | head -n 1 | sed s:^/mnt::)
- if echo "$path" | grep .; then
- echo "$name is $path" >&2
- else
- echo "Error: package not found: $name" >&2
- exit 1
- fi
- )}
- cacert=$(findpkg cacert)
- coreutils=$(findpkg coreutils)
- cp "$cacert"/etc/ssl/certs/ca-bundle.crt /mnt/root/SSL_CERT_FILE
- env="$coreutils/bin/env SSL_CERT_FILE=/root/SSL_CERT_FILE"
- sed -i '
- s:^NIX_PATH=:chroot $mountPoint '"$env"' &:
- s:^nix-env:'"$nix_env"':
- ' nixos-install
-
- ./nixos-install
- ''}
- '';
-
- doc = s:
- let b = "EOF${builtins.hashString "sha256" s}"; in
- ''
- <<\${b}
- ${s}
- ${b}
- '';
-
- get-config = system: let
- config = stockholm.users.${current-user-name}.${system}.config
- or (abort "unknown system: ${system}, user: ${current-user-name}");
- in config;
-
- nix-install =
- { system ? current-host-name
- , target ? system
- }:
- let
- config = get-config system;
-
- nix-path =
- lib.concatStringsSep ":"
- (lib.mapAttrsToList (name: src: "${name}=${src.target-path}")
- (config.krebs.build.source.dir //
- config.krebs.build.source.git));
- in ''
- set -efu
- NIX_PATH=${lib.shell.escape nix-path} \
- nix-env \
- --show-trace \
- -f '<stockholm>' \
- --argstr current-host-name ${lib.shell.escape current-host-name} \
- --argstr current-user-name ${lib.shell.escape current-user-name} \
- --profile ${lib.shell.escape config.krebs.build.profile} \
- --set \
- -A ${lib.escapeShellArg (lib.concatStringsSep "." [
- "users"
- config.krebs.build.user.name
- config.krebs.build.host.name
- "system"
- ])}
- '';
-
- rootssh = target: script:
- let
- flags = "-o StrictHostKeyChecking=${StrictHostKeyChecking}";
- in
- "ssh ${flags} root@${target} -T ${doc ''
- set -efu
- ${script}
- ''}";
-
-in out
+{ config, lib, pkgs, ... }:
+with config.krebs.lib;
+{
+ imports = [
+ ./3modules
+ ./5pkgs
+ ];
+}
diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix
index ab24b584b..98f509050 100644
--- a/lass/1systems/cloudkrebs.nix
+++ b/lass/1systems/cloudkrebs.nix
@@ -7,6 +7,7 @@ let
ip = (head config.krebs.build.host.nets.internet.addrs4);
in {
imports = [
+ ../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/retiolum.nix
diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire.nix
index cc9836dff..c7d016cd3 100644
--- a/lass/1systems/dishfire.nix
+++ b/lass/1systems/dishfire.nix
@@ -2,6 +2,7 @@
{
imports = [
+ ../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
../2configs/git.nix
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index 39af4a96f..2ff6dba70 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -7,6 +7,7 @@ let
ip = (head config.krebs.build.host.nets.internet.addrs4);
in {
imports = [
+ ../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/base.nix
../2configs/retiolum.nix
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 67e3738ea..88fb6aac7 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -3,6 +3,7 @@
with builtins;
{
imports = [
+ ../.
../2configs/baseX.nix
../2configs/browsers.nix
../2configs/programs.nix
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index ebce93957..f6ac1b4e6 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -2,6 +2,7 @@
{
imports = [
+ ../.
../2configs/baseX.nix
../2configs/programs.nix
../2configs/bitcoin.nix
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 95c55533c..05b3470e5 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -6,6 +6,7 @@ let
ip = (head config.krebs.build.host.nets.internet.addrs4);
in {
imports = [
+ ../.
../2configs/base.nix
../2configs/downloading.nix
../2configs/git.nix
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index d53e783d0..0758164f0 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -3,6 +3,7 @@
with builtins;
{
imports = [
+ ../.
../2configs/baseX.nix
../2configs/browsers.nix
../2configs/games.nix
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 68103c3ef..d2c96fdaa 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,12 +50,10 @@ with config.krebs.lib;
user = config.krebs.users.lass;
source = mapAttrs (_: mkDefault) ({
nixos-config = "symlink:stockholm/lass/1systems/${config.krebs.build.host.name}.nix";
- nixpkgs = symlink:stockholm/nixpkgs;
secrets = "/home/lass/secrets/${config.krebs.build.host.name}";
#secrets-common = "/home/lass/secrets/common";
stockholm = "/home/lass/stockholm";
- stockholm-user = "symlink:stockholm/lass";
- upstream-nixpkgs = {
+ nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
dev = "/home/lass/src/nixpkgs";
diff --git a/lass/3modules/dnsmasq.nix b/lass/3modules/dnsmasq.nix
index c05ad0fc9..83a9cb180 100644
--- a/lass/3modules/dnsmasq.nix
+++ b/lass/3modules/dnsmasq.nix
@@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
-with config.krebs.lib;
+with builtins;
+with lib;
let
cfg = config.lass.dnsmasq;
diff --git a/lass/3modules/newsbot-js.nix b/lass/3modules/newsbot-js.nix
index ef4d97b76..5e340b26f 100644
--- a/lass/3modules/newsbot-js.nix
+++ b/lass/3modules/newsbot-js.nix
@@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
-with config.krebs.lib;
+with builtins;
+with lib;
let
cfg = config.lass.newsbot-js;
diff --git a/lass/default.nix b/lass/default.nix
new file mode 100644
index 000000000..69b4abaac
--- /dev/null
+++ b/lass/default.nix
@@ -0,0 +1,7 @@
+_:
+{
+ imports = [
+ ../krebs
+ ./3modules
+ ];
+}
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index fb9324ee9..f2c592ea9 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -11,6 +11,7 @@ let
in {
imports =
[ # Include the results of the hardware scan.
+ ../.
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
../2configs/smart-monitor.nix
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 43fc8109d..04adc4941 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -6,6 +6,7 @@ let
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
in {
imports = [
+ ../.
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
../2configs/fs/simple-swap.nix
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 34d5a394d..6cff35e9d 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -20,6 +20,7 @@ let
in {
imports =
[
+ ../.
# TODO: unlock home partition via ssh
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
diff --git a/makefu/1systems/pnp.nix b/makefu/1systems/pnp.nix
index 51c124bbe..8791ad1d7 100644
--- a/makefu/1systems/pnp.nix
+++ b/makefu/1systems/pnp.nix
@@ -6,6 +6,7 @@
{
imports =
[
+ ../.
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
../../krebs/3modules/Reaktor.nix
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index d8ccc5846..b2cf0be79 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -6,6 +6,7 @@
{
imports =
[ # Include the results of the hardware scan.
+ ../.
../2configs/main-laptop.nix #< base-gui + zsh
# Krebs
diff --git a/makefu/1systems/repunit.nix b/makefu/1systems/repunit.nix
index 0c6ba09fb..6d2e7273d 100644
--- a/makefu/1systems/repunit.nix
+++ b/makefu/1systems/repunit.nix
@@ -7,6 +7,7 @@
{
imports =
[ # Include the results of the hardware scan.
+ ../.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/cgit-retiolum.nix
];
diff --git a/makefu/1systems/tsp.nix b/makefu/1systems/tsp.nix
index 990db65d2..d5d44cce0 100644
--- a/makefu/1systems/tsp.nix
+++ b/makefu/1systems/tsp.nix
@@ -6,6 +6,7 @@
{
imports =
[ # Include the results of the hardware scan.
+ ../.
../2configs/base-gui.nix
../2configs/tinc-basic-retiolum.nix
../2configs/fs/sda-crypto-root.nix
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 2dee83728..e07525d0d 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -6,6 +6,7 @@
krebs.build.host = config.krebs.hosts.vbob;
imports =
[ # Include the results of the hardware scan.
+ ../.
<nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
../2configs/main-laptop.nix #< base-gui
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index 8917e4339..b4f7c9058 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -2,6 +2,7 @@
{
imports =
[ # Include the results of the hardware scan.
+ ../.
../2configs/main-laptop.nix
];
krebs = {
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 41d207ed2..747321968 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -7,6 +7,7 @@ let
internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
in {
imports = [
+ ../.
# TODO: copy this config or move to krebs
../../tv/2configs/hw/CAC.nix
../../tv/2configs/fs/CAC-CentOS-7-64bit.nix
diff --git a/makefu/2configs/default.nix b/makefu/2configs/d