diff options
71 files changed, 1857 insertions, 744 deletions
| diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6d2f15063..fb273c932 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,20 +1,57 @@  before_script: -   - mkdir -p ~/.ssh -   - echo "$deploy_privkey" > deploy.key -   - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key" -   - chmod 600 deploy.key -   - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts +  - nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true +  # prepare github deployment for NUR +  - mkdir -p ~/.ssh +  - echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key +  - chmod 600 ~/.ssh/github_deploy.key +  - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts +  # prepare git fetching of secrets +  - echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key +  - chmod 600 ~/.ssh/gitlab_deploy.key +  - ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts +  # import secret key for secrets +  - echo "$secrets_gpg_key" | gpg --import +wolf deployment test: +  stage: test +  script: +    - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain +    - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337 +    - git submodule update --init +    - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test)  nix-shell test: +  stage: test    script: -    - env      - nix-shell --pure --command 'true' -p stdenv && echo success      - nix-shell --pure --command 'false' -p stdenv || echo success +    - git --version +    - ssh -V +    - gpg --version +    - curl --version +wolf deployment: +  stage: deploy +  script: +    - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa +    - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain +    - git submodule update --init +    - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts +    # TODO, hostname wolf cannot be resolved +    - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy) +  only: +    changes: +      - .gitlab-ci.yml +      - krebs/**/* +      - lib/**/* +      - .gitmodules  nur-packages makefu: +  stage: deploy    script:      - git reset --hard origin/master      - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD      - git remote add deploy git@github.com:makefu/nur-packages.git  || git remote set-url deploy git@github.com:makefu/nur-packages.git -    - git push --force deploy HEAD:master +    - GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master      - curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu +  only: +    changes: +      - makefu/**/*  after_script: -    - rm -f deploy.key +    - rm -rf .ssh/ diff --git a/jeschli/1systems/bolide/config.nix b/jeschli/1systems/bolide/config.nix index a9f564f75..5cb6ef568 100644 --- a/jeschli/1systems/bolide/config.nix +++ b/jeschli/1systems/bolide/config.nix @@ -3,12 +3,14 @@  # and in the NixOS manual (accessible by running ‘nixos-help’).  { config, pkgs, lib, ... }: +let +  unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; }; +in  {    imports =      [        ./hardware-configuration.nix        <stockholm/jeschli> -      <home-manager/nixos>        <stockholm/jeschli/2configs/urxvt.nix>      #  <stockholm/jeschli/2configs/emacs.nix>      ]; @@ -31,6 +33,7 @@  #  networking.hostName = "bolide"; # Define your hostname.  #  networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.    networking.networkmanager.enable = true; +  networking.enableB43Firmware = true; #new    # Select internationalisation properties.    # i18n = { @@ -53,8 +56,6 @@    };    nixpkgs.config.allowUnfree = true;    environment.systemPackages = with pkgs; [ -    home-manager -      wget vim    # system helper      ag @@ -78,7 +79,9 @@      google-chrome    # programming languages      go -    gcc +    gcc9 +    ccls +    unstable.clang_8      ghc      python35      python35Packages.pip @@ -95,22 +98,6 @@      zathura    ]; -  home-manager.useUserPackages = true; -  home-manager.users.jeschli = { -    home.stateVersion = "19.03"; -  }; - -  home-manager.users.jeschli.home.file = { -     ".emacs.d" = { -       source = pkgs.fetchFromGitHub { -         owner = "jeschli"; -         repo = "emacs.d"; -         rev = "8ed6c40"; -         sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0"; -       }; -       recursive = true; -     }; -  };   # Some programs need SUID wrappers, can be configured further or are   # started in user sessions.   # programs.bash.enableCompletion = true; diff --git a/jeschli/1systems/bolide/home.nix b/jeschli/1systems/bolide/home.nix deleted file mode 100644 index 60fee8b67..000000000 --- a/jeschli/1systems/bolide/home.nix +++ /dev/null @@ -1,171 +0,0 @@ -{ pkgs, ... }: - -{ -  home.file = { -     ".emacs.d" = { -       source = pkgs.fetchFromGitHub { -         owner = "jeschli"; -         repo = "emacs.d"; -         rev = "8ed6c40"; -         sha256 = "1q2y478srwp9f58l8cixnd2wj51909gp1z68k8pjlbjy2mrvibs0"; -       }; -       recursive = true; -     }; -     ".config/i3/config".text = '' - -set $mod Mod4 - -font pango:monospace 8 - -floating_modifier $mod - -bindsym $mod+Return exec i3-sensible-terminal - -bindsym $mod+Shift+q kill - -bindsym $mod+d exec rofi -modi drun#run -combi-modi drun#run -show combi -show-icons -display-combi run - -bindsym $mod+x exec rofi -modi window -show window -auto-select - -# switch to last used window -bindsym $mod+Tab exec rofi -show window& sleep 0.15 && xdotool key Down - -# change focus -bindsym $mod+j focus left -bindsym $mod+k focus down -bindsym $mod+l focus up -bindsym $mod+semicolon focus right - -# alternatively, you can use the cursor keys: -bindsym $mod+Left focus left -bindsym $mod+Down focus down -bindsym $mod+Up focus up -bindsym $mod+Right focus right - -# Resizing windows by 10 in i3 using keyboard only -bindsym $mod+Ctrl+Shift+Right resize shrink width 10 px or 10 ppt -bindsym $mod+Ctrl+Shift+Up resize grow height 10 px or 10 ppt -bindsym $mod+Ctrl+Shift+Down resize shrink height 10 px or 10 ppt -bindsym $mod+Ctrl+Shift+Left resize grow width 10 px or 10 ppt - -# move focused window -bindsym $mod+Shift+j move left -bindsym $mod+Shift+k move down -bindsym $mod+Shift+l move up -bindsym $mod+Shift+semicolon move right - -# alternatively, you can use the cursor keys: -bindsym $mod+Shift+Left move left -bindsym $mod+Shift+Down move down -bindsym $mod+Shift+Up move up -bindsym $mod+Shift+Right move right - -# split in horizontal orientation -bindsym $mod+h split h - -# split in vertical orientation -bindsym $mod+v split v - -# enter fullscreen mode for the focused container -bindsym $mod+f fullscreen toggle - -# change container layout (stacked, tabbed, toggle split) -bindsym $mod+s layout stacking -bindsym $mod+w layout tabbed -bindsym $mod+e layout toggle split - -# toggle tiling / floating -bindsym $mod+Shift+space floating toggle - -# change focus between tiling / floating windows -bindsym $mod+space focus mode_toggle - -# focus the parent container -bindsym $mod+a focus parent - -# focus the child container -#bindsym $mod+d focus child - -# Define names for default workspaces for which we configure key bindings later on. -# We use variables to avoid repeating the names in multiple places. -set $ws1 "1" -set $ws2 "2" -set $ws3 "3" -set $ws4 "4" -set $ws5 "5" -set $ws6 "6" -set $ws7 "7" -set $ws8 "8" -set $ws9 "9" -set $ws10 "10" - -# switch to workspace -bindsym $mod+1 workspace $ws1 -bindsym $mod+2 workspace $ws2 -bindsym $mod+3 workspace $ws3 -bindsym $mod+4 workspace $ws4 -bindsym $mod+5 workspace $ws5 -bindsym $mod+6 workspace $ws6 -bindsym $mod+7 workspace $ws7 -bindsym $mod+8 workspace $ws8 -bindsym $mod+9 workspace $ws9 -bindsym $mod+0 workspace $ws10 - -# move focused container to workspace -bindsym $mod+Shift+1 move container to workspace $ws1 -bindsym $mod+Shift+2 move container to workspace $ws2 -bindsym $mod+Shift+3 move container to workspace $ws3 -bindsym $mod+Shift+4 move container to workspace $ws4 -bindsym $mod+Shift+5 move container to workspace $ws5 -bindsym $mod+Shift+6 move container to workspace $ws6 -bindsym $mod+Shift+7 move container to workspace $ws7 -bindsym $mod+Shift+8 move container to workspace $ws8 -bindsym $mod+Shift+9 move container to workspace $ws9 -bindsym $mod+Shift+0 move container to workspace $ws10 - -# reload the configuration file -bindsym $mod+Shift+c reload -# restart i3 inplace (preserves your layout/session, can be used to upgrade i3) -bindsym $mod+Shift+r restart -# exit i3 (logs you out of your X session) -bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -b 'Yes, exit i3' 'i3-msg exit'" - -bindsym $mod+p exec i3-sensible-pager - -# resize window (you can also use the mouse for that) -mode "resize" { -        # These bindings trigger as soon as you enter the resize mode - -        # Pressing left will shrink the window’s width. -        # Pressing right will grow the window’s width. -        # Pressing up will shrink the window’s height. -        # Pressing down will grow the window’s height. -        bindsym j resize shrink width 10 px or 10 ppt -        bindsym k resize grow height 10 px or 10 ppt -        bindsym l resize shrink height 10 px or 10 ppt -        bindsym semicolon resize grow width 10 px or 10 ppt - -        # same bindings, but for the arrow keys -        bindsym Left resize shrink width 10 px or 10 ppt -        bindsym Down resize grow height 10 px or 10 ppt -        bindsym Up resize shrink height 10 px or 10 ppt -        bindsym Right resize grow width 10 px or 10 ppt - -        # back to normal: Enter or Escape or $mod+r -        bindsym Return mode "default" -        bindsym Escape mode "default" -        bindsym $mod+r mode "default" -} - -bindsym $mod+r mode "resize" - -# Start i3bar to display a workspace bar (plus the system information i3status -# finds out, if available) -bar { -        position top -        status_command i3status -} -     ''; -  };  -   -} diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix index 059ec6d71..aabb4b7ba 100644 --- a/jeschli/1systems/brauerei/config.nix +++ b/jeschli/1systems/brauerei/config.nix @@ -2,6 +2,7 @@  let    xmonad-jeschli = pkgs.callPackage <stockholm/jeschli/5pkgs/simple/xmonad-jeschli> { inherit config; };    mainUser = config.krebs.build.user.name; +  unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };  in  {    imports = [ @@ -52,6 +53,8 @@ in      copyq      curl      dmenu +    aspell +    ispell      rofi      xdotool      git @@ -75,22 +78,14 @@ in      elixir      elmPackages.elm      exercism -    gcc +    gcc9 +    ccls +    unstable.clang_8      ghc      go -    python35 -    python35Packages.pip -    (vagrant.override { -      bundlerEnv = bundlerEnv.override { -        bundler = bundler.overrideAttrs (old: { -          name = "bundler-1.16.1"; -          src = fetchurl { -            url = "https://rubygems.org/gems/bundler-1.16.1.gem"; -            sha256 = "1s2nq4qnffxg3kwrk7cnwxcvfihlhxm9absl2l6d3qckf3sy1f22"; -          }; -        }); -      }; -    }) +    python37 +    python37Packages.pip +    pipenv    # dev tools      gnumake      jetbrains.clion diff --git a/jeschli/krops.nix b/jeschli/krops.nix index f3964a553..30b06c1e6 100644 --- a/jeschli/krops.nix +++ b/jeschli/krops.nix @@ -9,6 +9,10 @@      (krebs-source { test = test; })      {        nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; +      nixpkgs-unstable.git = { +        url = "https://github.com/nixos/nixpkgs-channels"; +        ref = "nixos-unstable"; +      };        secrets = if test then {          file = toString ./2configs/tests/dummy-secrets;        } else { diff --git a/krebs/0tests/data/secrets/shack/muell_mail.js b/krebs/0tests/data/secrets/shack/muell_mail.js new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/shack/muell_mail.js diff --git a/krebs/0tests/data/secrets/shack/s3-power.json b/krebs/0tests/data/secrets/shack/s3-power.json new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/krebs/0tests/data/secrets/shack/s3-power.json @@ -0,0 +1 @@ +{} diff --git a/krebs/0tests/data/secrets/shack/unifi-prometheus-pw b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 32e416831..60ec625f2 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -14,7 +14,6 @@      <stockholm/krebs/2configs/ircd.nix>      <stockholm/krebs/2configs/nscd-fix.nix>      <stockholm/krebs/2configs/reaktor2.nix> -    <stockholm/krebs/2configs/repo-sync.nix>    ];    krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index af11c6944..ea73e4bd2 100644 --- a/krebs/1systems/puyak/config.nix +++ b/ | 
