diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6d2f15063..fb273c932 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,20 +1,57 @@ before_script: - - mkdir -p ~/.ssh - - echo "$deploy_privkey" > deploy.key - - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key" - - chmod 600 deploy.key - - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts + - nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true + # prepare github deployment for NUR + - mkdir -p ~/.ssh + - echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key + - chmod 600 ~/.ssh/github_deploy.key + - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts + # prepare git fetching of secrets + - echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key + - chmod 600 ~/.ssh/gitlab_deploy.key + - ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts + # import secret key for secrets + - echo "$secrets_gpg_key" | gpg --import +wolf deployment test: + stage: test + script: + - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain + - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337 + - git submodule update --init + - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test) nix-shell test: + stage: test script: - - env - nix-shell --pure --command 'true' -p stdenv && echo success - nix-shell --pure --command 'false' -p stdenv || echo success + - git --version + - ssh -V + - gpg --version + - curl --version +wolf deployment: + stage: deploy + script: + - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa + - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain + - git submodule update --init + - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts + # TODO, hostname wolf cannot be resolved + - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy) + only: + changes: + - .gitlab-ci.yml + - krebs/**/* + - lib/**/* + - .gitmodules nur-packages makefu: + stage: deploy script: - git reset --hard origin/master - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git - - git push --force deploy HEAD:master + - GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu + only: + changes: + - makefu/**/* after_script: - - rm -f deploy.key + - rm -rf .ssh/ diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix index a9f564f75..5cb6ef568 100644 --- a/jeschli/1systems/bolide/config.nix +++ b/jeschli/1systems/bolide/config.nix @@ -3,12 +3,14 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, ... }: +let + unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; +in { imports = [ ./hardware-configuration.nix <stockholm/jeschli> - <home-manager/nixos> <stockholm/jeschli/2configs/urxvt.nix> # <stockholm/jeschli/2configs/emacs.nix> ]; @@ -31,6 +33,7 @@ # networking.hostName = "bolide"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; + networking.enableB43Firmware = true; #new # Select internationalisation properties. # i18n = { @@ -53,8 +56,6 @@ }; nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ - home-manager - wget vim # system helper ag @@ -78,7 +79,9 @@ google-chrome # programming languages go - gcc + gcc9 + ccls + unstable.clang_8 ghc python35 python35Packages.pip @@ -95,22 +98,6 @@ zathura ]; - home-manager.useUserPackages = true; - home-manager.users.jeschli = { - home.stateVersion = "19.03"; - }; - - home-manager.users.jeschli.home.file = { - ".emacs.d" = { - source = pkgs.fetchFromGitHub { - owner = "jeschli"; - repo = "emacs.d"; - rev = "8ed6c40"; - sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0"; - }; - recursive = true; - }; - }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.bash.enableCompletion = true; diff --git a/jeschli/1systems/bolide/home.nix b/jeschli/1systems/bolide/home.nix deleted file mode 100644 index 60fee8b67..000000000 --- a/jeschli/1systems/bolide/home.nix +++ /dev/null @@ -1,171 +0,0 @@ -{ pkgs, ... }: - -{ - home.file = { - ".emacs.d" = { - source = pkgs.fetchFromGitHub { - owner = "jeschli"; - repo = "emacs.d"; - rev = "8ed6c40"; - sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0"; - }; - recursive = true; - }; - ".config/i3/config".text = '' - -set $mod Mod4 - -font pango:monospace 8 - -floating_modifier $mod - -bindsym $mod+Return exec i3-sensible-terminal - -bindsym $mod+Shift+q kill - -bindsym $mod+d exec rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run - -bindsym $mod+x exec rofi -modi window -show window -auto-select - -# switch to last used window -bindsym $mod+Tab exec rofi -show window& sleep 0.15 && xdotool key Down - -# change focus -bindsym $mod+j focus left -bindsym $mod+k focus down -bindsym $mod+l focus up -bindsym $mod+semicolon focus right - -# alternatively, you can use the cursor keys: -bindsym $mod+Left focus left -bindsym $mod+Down focus down -bindsym $mod+Up focus up -bindsym $mod+Right focus right - -# Resizing windows by 10 in i3 using keyboard only -bindsym $mod+Ctrl+Shift+Right resize shrink width 10 px or 10 ppt -bindsym $mod+Ctrl+Shift+Up resize grow height 10 px or 10 ppt -bindsym $mod+Ctrl+Shift+Down resize shrink height 10 px or 10 ppt -bindsym $mod+Ctrl+Shift+Left resize grow width 10 px or 10 ppt - -# move focused window -bindsym $mod+Shift+j move left -bindsym $mod+Shift+k move down -bindsym $mod+Shift+l move up -bindsym $mod+Shift+semicolon move right - -# alternatively, you can use the cursor keys: -bindsym $mod+Shift+Left move left -bindsym $mod+Shift+Down move down -bindsym $mod+Shift+Up move up -bindsym $mod+Shift+Right move right - -# split in horizontal orientation -bindsym $mod+h split h - -# split in vertical orientation -bindsym $mod+v split v - -# enter fullscreen mode for the focused container -bindsym $mod+f fullscreen toggle - -# change container layout (stacked, tabbed, toggle split) -bindsym $mod+s layout stacking -bindsym $mod+w layout tabbed -bindsym $mod+e layout toggle split - -# toggle tiling / floating -bindsym $mod+Shift+space floating toggle - -# change focus between tiling / floating windows -bindsym $mod+space focus mode_toggle - -# focus the parent container -bindsym $mod+a focus parent - -# focus the child container -#bindsym $mod+d focus child - -# Define names for default workspaces for which we configure key bindings later on. -# We use variables to avoid repeating the names in multiple places. -set $ws1 "1" -set $ws2 "2" -set $ws3 "3" -set $ws4 "4" -set $ws5 "5" -set $ws6 "6" -set $ws7 "7" -set $ws8 "8" -set $ws9 "9" -set $ws10 "10" - -# switch to workspace -bindsym $mod+1 workspace $ws1 -bindsym $mod+2 workspace $ws2 -bindsym $mod+3 workspace $ws3 -bindsym $mod+4 workspace $ws4 -bindsym $mod+5 workspace $ws5 -bindsym $mod+6 workspace $ws6 -bindsym $mod+7 workspace $ws7 -bindsym $mod+8 workspace $ws8 -bindsym $mod+9 workspace $ws9 -bindsym $mod+0 workspace $ws10 - -# move focused container to workspace -bindsym $mod+Shift+1 move container to workspace $ws1 -bindsym $mod+Shift+2 move container to workspace $ws2 -bindsym $mod+Shift+3 move container to workspace $ws3 -bindsym $mod+Shift+4 move container to workspace $ws4 -bindsym $mod+Shift+5 move container to workspace $ws5 -bindsym $mod+Shift+6 move container to workspace $ws6 -bindsym $mod+Shift+7 move container to workspace $ws7 -bindsym $mod+Shift+8 move container to workspace $ws8 -bindsym $mod+Shift+9 move container to workspace $ws9 -bindsym $mod+Shift+0 move container to workspace $ws10 - -# reload the configuration file -bindsym $mod+Shift+c reload -# restart i3 inplace (preserves your layout/session, can be used to upgrade i3) -bindsym $mod+Shift+r restart -# exit i3 (logs you out of your X session) -bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'" - -bindsym $mod+p exec i3-sensible-pager - -# resize window (you can also use the mouse for that) -mode "resize" { - # These bindings trigger as soon as you enter the resize mode - - # Pressing left will shrink the window’s width. - # Pressing right will grow the window’s width. - # Pressing up will shrink the window’s height. - # Pressing down will grow the window’s height. - bindsym j resize shrink width 10 px or 10 ppt - bindsym k resize grow height 10 px or 10 ppt - bindsym l resize shrink height 10 px or 10 ppt - bindsym semicolon resize grow width 10 px or 10 ppt - - # same bindings, but for the arrow keys - bindsym Left resize shrink width 10 px or 10 ppt - bindsym Down resize grow height 10 px or 10 ppt - bindsym Up resize shrink height 10 px or 10 ppt - bindsym Right resize grow width 10 px or 10 ppt - - # back to normal: Enter or Escape or $mod+r - bindsym Return mode "default" - bindsym Escape mode "default" - bindsym $mod+r mode "default" -} - -bindsym $mod+r mode "resize" - -# Start i3bar to display a workspace bar (plus the system information i3status -# finds out, if available) -bar { - position top - status_command i3status -} - ''; - }; - -} diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 059ec6d71..aabb4b7ba 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -2,6 +2,7 @@ let xmonad-jeschli = pkgs.callPackage <stockholm/jeschli/5pkgs/simple/xmonad-jeschli> { inherit config; }; mainUser = config.krebs.build.user.name; + unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; in { imports = [ @@ -52,6 +53,8 @@ in copyq curl dmenu + aspell + ispell rofi xdotool git @@ -75,22 +78,14 @@ in elixir elmPackages.elm exercism - gcc + gcc9 + ccls + unstable.clang_8 ghc go - python35 - python35Packages.pip - (vagrant.override { - bundlerEnv = bundlerEnv.override { - bundler = bundler.overrideAttrs (old: { - name = "bundler-1.16.1"; - src = fetchurl { - url = "https://rubygems.org/gems/bundler-1.16.1.gem"; - sha256 = "1s2nq4qnffxg3kwrk7cnwxcvfihlhxm9absl2l6d3qckf3sy1f22"; - }; - }); - }; - }) + python37 + python37Packages.pip + pipenv # dev tools gnumake jetbrains.clion diff --git a/jeschli/krops.nix b/jeschli/krops.nix index f3964a553..30b06c1e6 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -9,6 +9,10 @@ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + nixpkgs-unstable.git = { + url = "https://github.com/nixos/nixpkgs-channels"; + ref = "nixos-unstable"; + }; secrets = if test then { file = toString ./2configs/tests/dummy-secrets; } else { diff --git a/krebs/0tests/data/secrets/shack/muell_mail.js b/krebs/0tests/data/secrets/shack/muell_mail.js new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/shack/muell_mail.js diff --git a/krebs/0tests/data/secrets/shack/s3-power.json b/krebs/0tests/data/secrets/shack/s3-power.json new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/krebs/0tests/data/secrets/shack/s3-power.json @@ -0,0 +1 @@ +{} diff --git a/krebs/0tests/data/secrets/shack/unifi-prometheus-pw b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 32e416831..60ec625f2 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -14,7 +14,6 @@ <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/nscd-fix.nix> <stockholm/krebs/2configs/reaktor2.nix> - <stockholm/krebs/2configs/repo-sync.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index af11c6944..ea73e4bd2 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -7,13 +7,14 @@ <stockholm/krebs/2configs/secret-passwords.nix> <stockholm/krebs/2configs/hw/x220.nix> - <stockholm/krebs/2configs/stats/puyak-client.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> <stockholm/krebs/2configs/go.nix> <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/news.nix> <stockholm/krebs/2configs/news-spam.nix> + <stockholm/krebs/2configs/shack/prometheus/node.nix> + <stockholm/krebs/2configs/shack/gitlab-runner.nix> ]; krebs.build.host = config.krebs.hosts.puyak; @@ -59,9 +60,9 @@ }; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchExternalPower = "ignore"; + services.udev.extraRules = '' SUBSYSTEM= |