path: root/krebs
diff options
Diffstat (limited to 'krebs')
11 files changed, 69 insertions, 178 deletions
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index 5ea78f227..d85cde175 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -5,6 +5,5 @@ with import <stockholm/lib>; = true; = 1; = filter (getAttr "ci") (attrValues config.krebs.hosts);
- = [ "deploy" ];
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index e269d1fa1..0c3e68c39 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -89,7 +89,7 @@ with import <stockholm/lib>;
60 IN NS
60 IN NS
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- 60 IN TXT v=spf1 mx -all
+ 60 IN TXT v=spf1 mx -all
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
@@ -618,6 +618,47 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
+ cabal = {
+ cores = 2;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "";
+ ip6.addr = "42::1:4";
+ aliases = [
+ "cabal.r"
+ ];
+ tinc.pubkey = ''
+ MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
+ SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
+ rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
+ qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
+ LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
+ rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
+ 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
+ fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
+ yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
+ kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
+ KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
+ TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
+ oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
+ TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
+ rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
+ 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
+ luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
+ w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
+ 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
+ K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
+ ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
+ };
users = {
lass = {
diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix
index 8f71a357f..5fbfe6614 100644
--- a/krebs/3modules/os-release.nix
+++ b/krebs/3modules/os-release.nix
@@ -1,8 +1,11 @@
{ config, ... }:
with import <stockholm/lib>;
- nixos-version-id = "${config.system.nixosVersion}";
- nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
+ nixos-version-id = if (hasAttr "nixos" config.system) then
+ "${config.system.nixos.version}" else "${config.system.nixosVersion}";
+ nixos-codeName = if (hasAttr "nixos" config.system) then
+ "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}";
+ nixos-version = "${nixos-version-id} (${nixos-codeName})";
nixos-pretty-name = "NixOS ${nixos-version}";
stockholm-version-id = let
diff --git a/krebs/5pkgs/haskell/nix-diff/default.nix b/krebs/5pkgs/haskell/nix-diff/default.nix
deleted file mode 100644
index df0315048..000000000
--- a/krebs/5pkgs/haskell/nix-diff/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl
-, nix-derivation, optparse-generic, stdenv, system-filepath, text
-, unix, vector
-mkDerivation {
- pname = "nix-diff";
- version = "1.0.0-krebs1";
- src = fetchgit {
- url = "";
- sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k";
- rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d";
- };
- patches = [
- ./nixos-system.patch
- ];
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- attoparsec base containers Diff mtl nix-derivation optparse-generic
- system-filepath text unix vector
- ];
- homepage = "";
- description = "Explain why two Nix derivations differ";
- license = stdenv.lib.licenses.bsd3;
diff --git a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch b/krebs/5pkgs/haskell/nix-diff/nixos-system.patch
deleted file mode 100644
index 03e186aa9..000000000
--- a/krebs/5pkgs/haskell/nix-diff/nixos-system.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff --git a/src/Main.hs b/src/Main.hs
-index 959ab8e..d3b6077 100644
---- a/src/Main.hs
-+++ b/src/Main.hs
-@@ -95,7 +95,12 @@ pathToText path =
- underneath `/nix/store`, but this is the overwhelmingly common use case
- -}
- derivationName :: FilePath -> Text
--derivationName = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText
-+derivationName p =
-+ if Data.Text.isPrefixOf "nixos-system" s
-+ then "nixos-system"
-+ else s
-+ where
-+ s = Data.Text.dropEnd 4 . Data.Text.drop 44 . pathToText $ p
- -- | Group input derivations by their name
- groupByName :: Map FilePath (Set Text) -> Map Text (Map FilePath (Set Text))
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/ b/krebs/5pkgs/simple/Reaktor/scripts/
index da8e2f726..51ac7a071 100644
--- a/krebs/5pkgs/simple/Reaktor/scripts/
+++ b/krebs/5pkgs/simple/Reaktor/scripts/
@@ -18,20 +18,27 @@ def is_regex(line):
myre = re.compile(r'^s/(?:\\/|[^/])+/(?:\\/|[^/])*/[ig]?$')
return myre.match(line)
line = argv[1]
if is_regex(line):
last = d.get(usr, None)
if last:
from subprocess import Popen, PIPE
- p = Popen(['sed', line], stdin=PIPE, stdout=PIPE)
+ p = Popen(['sed', line], stdin=PIPE, stdout=PIPE, stderr=PIPE)
so, se = p.communicate(bytes("{}\n".format(last), "UTF-8"))
if p.returncode:
- print("something went wrong when trying to process your regex: {}".format(se.decode()))
+ print("something went wrong when trying to process your regex: {}".format(line.strip()))
ret = so.decode()
- print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
- if ret:
- d[usr] = ret
+ if len(ret) > 512:
+ print('message to long, skipped')
+ elif len(ret.split('\n')) > 5:
+ print('to many lines, skipped')
+ else:
+ if last.strip() != ret.strip():
+ print("\x1b[1m{}\x1b[0m meant: {}".format(usr, ret.strip()))
+ if ret:
+ d[usr] = ret
print("no last message")
diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix
deleted file mode 100644
index e51136c60..000000000
--- a/krebs/5pkgs/simple/electron-cash/default.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{ stdenv, fetchFromGitHub, python2Packages }:
-python2Packages.buildPythonApplication rec {
- name = "electron-cash-${src.rev}";
- src = fetchFromGitHub {
- owner = "fyookball";
- repo = "electrum";
- rev = "a2245ea";
- sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv";
- };
- propagatedBuildInputs = with python2Packages; [
- dns
- ecdsa
- jsonrpclib
- pbkdf2
- pyaes
- pycrypto
- pyqt4
- pysocks
- qrcode
- requests
- tlslite
- # plugins
- keepkey
- trezor
- ];
- preBuild = ''
- sed -i 's,usr_share = .*,usr_share = "'$out'/share",g'
- pyrcc4 icons.qrc -o gui/qt/
- # Recording the creation timestamps introduces indeterminism to the build
- sed -i '/Created: .*/d' gui/qt/
- '';
- postInstall = ''
- # Despite setting usr_share above, these files are installed under
- # $out/nix ...
- mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out
- rm -rf $out/lib/python2.7/site-packages/nix
- substituteInPlace $out/share/applications/electron.desktop \
- --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u"
- '';
- doInstallCheck = true;
- installCheckPhase = ''
- $out/bin/electrum help >/dev/null
- '';
- meta = with stdenv.lib; {
- description = "A lightweight Bitcoin wallet";
- longDescription = ''
- An easy-to-use Bitcoin client featuring wallets generated from
- mnemonic seeds (in addition to other, more advanced, wallet options)
- and the ability to perform transactions without downloading a copy
- of the blockchain.
- '';
- homepage =;
- license =;
- };
diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix
new file mode 100644
index 000000000..a6c82f3ca
--- /dev/null
+++ b/krebs/5pkgs/simple/kops.nix
@@ -0,0 +1,7 @@
+{ fetchgit, ... }:
+fetchgit {
+ url =;
+ rev = "refs/tags/v1.0.0";
+ sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix
index 4d15e7ac2..9afe79510 100644
--- a/krebs/5pkgs/simple/stockholm/default.nix
+++ b/krebs/5pkgs/simple/stockholm/default.nix
@@ -9,7 +9,6 @@
cmds.deploy = pkgs.withGetopt {
- diff = { default = /* sh */ "false"; switch = true; };
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
source_file = {
@@ -25,65 +24,6 @@
. ${init.env}
. ${init.proxy "deploy" opts}
- if \test ${opts.diff.ref} = true; then
- system_profile=/nix/var/nix/profiles/system
- system_drv_cur=/etc/system.drv
- system_drv_new=$(
- ${pkgs.nix}/bin/nix-instantiate \
- -Q \
- -I "$target_path" \
- -E '
- (import <nixpkgs/nixos/lib/eval-config.nix> {
- modules = [ <nixos-config> ];
- })
- '
- )
- if \test -e "$system_drv_cur"; then
- system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur")
- system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new")
- if \test "$system_drv_cur_c" = "$system_drv_new_c"; then
- echo "$0: system up to date" >&2
- exit 0
- fi
- system_drv_cur=$system_drv_cur_c \
- system_drv_new=$system_drv_new_c \
- ${pkgs.utillinux}/bin/script \
- --command '
- ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \
- "$system_drv_cur" "$system_drv_new"
- ' \
- --quiet \
- --return \
- /dev/null
- printf 'deploy? [N/y] ' >&2
- read -r REPLY
- if \test "$REPLY" != y; then
- echo "$0: abort!" >&2
- exit 1
- fi
- else
- echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2
- fi
- new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new")
- ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system"
- PATH=${lib.makeBinPath [
- pkgs.systemd
- ]} \
- "$system_profile"/bin/switch-to-configuration switch
- ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur"
- exit
- fi
# Use system's nixos-rebuild, which is not self-contained
export PATH=/run/current-system/sw/bin
exec ${utils.with-whatsupnix} \
diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix
index a48fc0f87..1939bf854 100644
--- a/krebs/5pkgs/writers.nix
+++ b/krebs/5pkgs/writers.nix
@@ -57,7 +57,8 @@ with import <stockholm/lib>;
passAsFile = [ "text" ];
} /* sh */ ''
PATH=${makeBinPath (with pkgs; [
- binutils
+ # TODO remove if everyone migrated to 18.03
+ (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils)
diff --git a/krebs/source.nix b/krebs/source.nix
index 7e0ea7e47..0bd797a16 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -24,7 +24,7 @@ in
stockholm-version.pipe = "${}/bin/get-version";
nixpkgs.git = {
url =;
- ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27
+ ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24
[cgit] Unable to lock slot /tmp/cgit/21000000.lock: No such file or directory (2)