diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 1 | ||||
| -rw-r--r-- | krebs/2configs/ircd.nix | 3 | ||||
| -rw-r--r-- | krebs/3modules/ci.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 13 | ||||
| -rw-r--r-- | krebs/3modules/fetchWallpaper.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 48 | ||||
| -rw-r--r-- | krebs/3modules/zones.nix | 22 | ||||
| -rw-r--r-- | krebs/5pkgs/haskell/nix-diff.nix | 22 | ||||
| -rw-r--r-- | krebs/5pkgs/haskell/xmonad-stockholm.nix | 8 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/stockholm/default.nix | 291 |
10 files changed, 392 insertions, 20 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 4fdb53ae7..73b5377bd 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -13,7 +13,6 @@ <stockholm/krebs/2configs/gitlab-runner-shackspace.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/reaktor-krebs.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix> ]; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 38f58952e..b534f9ad4 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -7,6 +7,9 @@ services.charybdis = { enable = true; + motd = '' + hello + ''; config = '' serverinfo { name = "${config.krebs.build.host.name}.irc.retiolum"; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index adbc1ebe1..b56f5c543 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -104,7 +104,7 @@ in "dummy_secrets": "true", }, command=[ - "nix-shell", "--run", " ".join(["test", + "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", "--user={}".format(user), "--system={}".format(host), "--force-populate", diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index c89f3229d..7cf02cd8b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -44,6 +44,7 @@ let ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix + ./zones.nix ]; options.krebs = api; config = lib.mkIf cfg.enable imp; @@ -60,6 +61,7 @@ let hosts = mkOption { type = with types; attrsOf host; + default = {}; }; users = mkOption { @@ -171,17 +173,6 @@ let ''; }; - # Implements environment.etc."zones/<zone-name>" - environment.etc = let - stripEmptyLines = s: (concatStringsSep "\n" - (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; - all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" - ([cfg.zone-head-config] ++ combined-hosts); - combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); - in lib.mapAttrs' (name: value: nameValuePair - ("zones/" + name) - { text=(stripEmptyLines value); }) all-zones; - krebs.exim-smarthost.internet-aliases = let format = from: to: { inherit from; diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 8d4933cb5..f67188122 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -27,7 +27,7 @@ let }; display = mkOption { type = types.str; - default = ":0"; + default = ":${toString config.services.xserver.display}"; }; unitConfig = mkOption { type = types.attrsOf types.str; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 867f1bd34..ff6ba474f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -449,8 +449,6 @@ with import <stockholm/lib>; retiolum = rec { via = internet; addrs = [ - # edinburgh university - "129.215.0.0/16" ip4.addr ip6.addr ]; @@ -472,6 +470,10 @@ with import <stockholm/lib>; lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== -----END RSA PUBLIC KEY----- ''; + tinc.subnets = [ + # edinburgh university + "129.215.0.0/16" + ]; }; }; }; @@ -533,6 +535,45 @@ with import <stockholm/lib>; }; }; }; + reagenzglas = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.27.27"; + ip6.addr = "42::27"; + aliases = [ + "reagenzglas.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIECgKCBAEA4Tbq6aiMhPz55Of/WDEmESGmScRJedQSJoyRuDEDabEktdbP/m7P + bwpLp0lGYphx42+lutFcYOGoH/Lglfj39yhDcrpkYfTnzcGOWutXGuZ+iR5vmGj0 + utJRf/4+a4sB5NboBVZ9Ke/RTjDNSov00C2hFCYTXz89Gd2ap1nDPQpnejOS+9aO + 2W6P/WIKhRH7TfW6M7mUCrjVxWXZgdfSCQYxAXU/+1uAGmJ9qlGlQUIGUGv9Znv5 + hurqwAHzSgEkKc2iUumosz6a8W9Oo3TAEC+jMEO2l/+GJ/8VysG1wtLWDX03GU3u + mBAtrJppEw4QNPTeFg6XSFIwV8Z0fWZ4lGsPJLbAkLUMxtKVWKbdrdpnmiQpLfBW + 8BRbT1pjwEdw0hefA6NwCO3/Y5piEaUEz/gYz9xHFMDXUj9stHtaF0HaqonWyb06 + aX3EEqRBxVsj6/Sgd33b77xqY4WBoOlbhfWj+EAD1Ova26lHELpAg0Z4AncpyOzw + pJcX81U8GgQp899YAc3EAldFfiu094CvM2NKd110K90VlTpos+sqFfNE87vpprMu + 3d1NsYzf+FUM/aXASlqTNL+i8qBDAlODkLdj4+VZ2BjkSH+p2BLZouizSzu4X3I/ + lfy554Dbb/98zlwmX9JrWzBRs2GxxFdIDZ1jK+Ci5qM7oTfujBwiE4jZA6wlK8u5 + +IenSBdaJb0J8nS0Bziz/BLkuBCrl/YFelpZlY0pw6WYlraKbf/nsOpumOYh6zdz + 9jiIPElGvso9FhwigX7xWCiYMK3ryAqm8CL0cTscQW3Yy2JKm1tNIQtAacwnNVli + PqdnPJSo942I+Fl6ZPjZ19ivJIqC+2TjGEY2Et8DkiL6YZfy4bM1zhoWMlXBIil0 + ynnKR/h/CC67cq94JCbtRWKiYXIYtfHPQkS7S1Lk6aSYbIch/wROyh7XJ7EGE7nn + GAVMqI/P/qbW3rwEJGXzI4eJAHa2hwpP2Slimf6uUD/6L2bAnduhYoTsnNSjJmNE + hCC+MHohzk7+isZl0jwIEcMpsohMAwoa5BEhbuYJWeUesT/4PeddLIGYubTZAXp2 + ZdYRepSNUEhSZV0H99MhlqeooDJxnWpsiba5Gb0s6p4gTReGy0jMtWnxI2P5RUFX + vEGt77v4MGrWYTzAL/ZRmESsOj7TXqpSK5YcMC2nr8PcV66LuMjOkRrGoVOV3fBe + G/9pNVb68SRwfPoGa5nGe6C7GPcgko9rgGLLcU1r/4L2bqFhdIQdSfaUX2Hscm44 + 5GdN2UvuwwVxOyU1uPqJcBNnr2yt3x3kw5+zDQ00z/pFntTXWm19m6BUtbkdwN2x + Bn1P3P/mRTEaHxQr9RGg8Zjnix/Q6G7I5QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { @@ -581,5 +622,8 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE"; mail = "joerg@higgsboson.tk"; }; + jeschli = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPuFzd6p3zZETIjoV5mRxCTQgeZk9s/P374mEDbj58wDTT0uGWu2JRf7cL1QRTvd5238tYl0eSHXH65+oaFB/mIvmiRnuw6qQODOMHlSbJN5/J2hEw/3v5gveiP1xNLfKlFhj6mmMRF7Etvzns/kLGLCSjj1UTlfo4iHmtinPmU+iQ8J4foS4cZj4oZesF8gndkc2EFMfL6en7EuU8GK6U9GtwKNL9N4UoUZXu8Nf00pkn/jrpmsDdI4zdVVAxWeu/Lo4li43EVixLcfwQiwzf6S9FvYIv30xPdy92GJSJwxm/QkYuc48VZWUoE+qThf3IEPETtX+MRZrM8RTtY01"; + }; }; } diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix new file mode 100644 index 000000000..eb1351866 --- /dev/null +++ b/krebs/3modules/zones.nix @@ -0,0 +1,22 @@ +with import <stockholm/lib>; +{ config, ... }: { + + config = { + # Implements environment.etc."zones/<zone-name>" + environment.etc = let + stripEmptyLines = s: (concatStringsSep "\n" + (remove "\n" (remove "" (splitString "\n" s)))) + "\n"; + all-zones = foldAttrs (sum: current: sum + "\n" +current ) "" + ([config.krebs.zone-head-config] ++ combined-hosts); + combined-hosts = + mapAttrsToList (name: getAttr "extraZones") config.krebs.hosts; + in + mapAttrs' + (name: value: { + name = "zones/${name}"; + value.text = stripEmptyLines value; + }) + all-zones; + }; + +} diff --git a/krebs/5pkgs/haskell/nix-diff.nix b/krebs/5pkgs/haskell/nix-diff.nix new file mode 100644 index 000000000..2070dbd2e --- /dev/null +++ b/krebs/5pkgs/haskell/nix-diff.nix @@ -0,0 +1,22 @@ +{ mkDerivation, attoparsec, base, containers, Diff, fetchgit, mtl +, nix-derivation, optparse-generic, stdenv, system-filepath, text +, unix, vector +}: +mkDerivation { + pname = "nix-diff"; + version = "1.0.0"; + src = fetchgit { + url = "https://github.com/Gabriel439/nix-diff"; + sha256 = "1k00nx8pannqmpzadkwfrs6bf79yk22ynhd033z5rsyw0m8fcz9k"; + rev = "e32ffa2c7f38b47a71325a042c1d887fb46cdf7d"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + attoparsec base containers Diff mtl nix-derivation optparse-generic + system-filepath text unix vector + ]; + homepage = "https://github.com/Gabriel439/nix-diff"; + description = "Explain why two Nix derivations differ"; + license = stdenv.lib.licenses.bsd3; +} diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix index bf19e7d66..954cfd76a 100644 --- a/krebs/5pkgs/haskell/xmonad-stockholm.nix +++ b/krebs/5pkgs/haskell/xmonad-stockholm.nix @@ -1,13 +1,13 @@ { mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape , xmonad, xmonad-contrib }: -mkDerivation { +mkDerivation rec { pname = "xmonad-stockholm"; - version = "1.1.0"; + version = "1.1.1"; src = fetchgit { url = http://cgit.ni.krebsco.de/xmonad-stockholm; - rev = "179d29fd4c765dee698058ef63295331ac603639"; - sha256 = "0c6mj68xsxxr4j8adkzhjszi7bg6cpisrsmqn587a16sblpbrnkj"; + rev = "refs/tags/v${version}"; + sha256 = "05nnfg6q35z3qgf507qa80bz32jl4k719dl5phlmchplp3769585"; }; libraryHaskellDepends = [ base containers X11 X11-xshape xmonad xmonad-contrib diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix new file mode 100644 index 000000000..5705f086d --- /dev/null +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -0,0 +1,291 @@ +{ pkgs }: let + + stockholm-dir = ../../../..; + + lib = import (stockholm-dir + "/lib"); + + # + # high level commands + # + + cmds.deploy = pkgs.withGetopt { + diff = { default = /* sh */ "false"; switch = true; }; + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target.default = /* sh */ "$system"; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "stockholm.deploy" '' + set -efu + + . ${init.env} + . ${init.proxy "deploy" opts} + + if \test ${opts.diff.ref} = true; then + + system_profile=/nix/var/nix/profiles/system + system_drv_cur=/etc/system.drv + + system_drv_new=$( + ${pkgs.nix}/bin/nix-instantiate \ + -Q \ + -I "$target_path" \ + -E ' + (import <nixpkgs/nixos/lib/eval-config.nix> { + modules = [ <nixos-config> ]; + }).config.system.build.toplevel + ' + ) + + if \test -e "$system_drv_cur"; then + + system_drv_cur_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_cur") + system_drv_new_c=$(${pkgs.coreutils}/bin/readlink -f "$system_drv_new") + + if \test "$system_drv_cur_c" = "$system_drv_new_c"; then + echo "$0: system up to date" >&2 + exit 0 + fi + + system_drv_cur=$system_drv_cur_c \ + system_drv_new=$system_drv_new_c \ + ${pkgs.utillinux}/bin/script \ + --command ' + ${pkgs.haskellPackages.nix-diff}/bin/nix-diff \ + "$system_drv_cur" "$system_drv_new" + ' \ + --quiet \ + --return \ + /dev/null + + printf 'deploy? [N/y] ' >&2 + read -r REPLY + if \test "$REPLY" != y; then + echo "$0: abort!" >&2 + exit 1 + fi + else + echo "$0: --${opts.diff.long} has no effect because "$system_drv_cur" doesn't exist" >&2 + fi + + new_system=$(${pkgs.nix}/bin/nix-store --realize "$system_drv_new") + + ${pkgs.nix}/bin/nix-env -p "$system_profile" --set "$new_system" + PATH=${lib.makeBinPath [ + pkgs.systemd + ]} \ + "$system_profile"/bin/switch-to-configuration switch + + ${pkgs.coreutils}/bin/ln -fns "$system_drv_new" "$system_drv_cur" + exit + fi + + # Use system's nixos-rebuild, which is not self-contained + export PATH=/run/current-system/sw/bin + exec ${utils.with-whatsupnix} \ + nixos-rebuild switch \ + --show-trace \ + -I "$target_path" + ''); + + cmds.install = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeBash "stockholm.install" '' + set -efu + + . ${init.env} + + if \test "''${using_proxy-}" != true; then + ${pkgs.openssh}/bin/ssh \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + "$target_user@$target_host" -p "$target_port" \ + env target_path=$(${pkgs.quote}/bin/quote "$target_path") \ + sh -s prepare \ + < ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"} + # TODO inline prepare.sh? + fi + + . ${init.proxy "install" opts} + + # these variables get defined by nix-shell (i.e. nix-build) from + # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), + # which only exists on / and not at /mnt. + export NIX_BUILD_TOP=/tmp + export TEMPDIR=/tmp + export TEMP=/tmp + export TMPDIR=/tmp + export TMP=/tmp + export XDG_RUNTIME_DIR=/tmp + + export NIXOS_CONFIG="$target_path/nixos-config" + + cd + exec nixos-install + ''); + + cmds.test = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "stockholm.test" /* sh */ '' + set -efu + + export dummy_secrets=true + + . ${init.env} + . ${init.proxy "test" opts} + + exec ${utils.build} config.system.build.toplevel + ''); + + # + # low level commands + # + + # usage: get-source SOURCE_FILE + cmds.get-source = pkgs.writeDash "stockholm.get-source" '' + set -efu + exec ${pkgs.nix}/bin/nix-instantiate \ + --eval \ + --json \ + --readonly-mode \ + --show-trace \ + --strict \ + "$1" + ''; + + # usage: parse-target [--default=TARGET] TARGET + # TARGET = [USER@]HOST[:PORT][/PATH] + cmds.parse-target = pkgs.withGetopt { + default_target = { + long = "default"; + short = "d"; + }; + } (opts: pkgs.writeDash "stockholm.parse-target" '' + set -efu + target=$1; shift + for arg; do echo "$0: bad argument: $arg" >&2; done + if \test $# != 0; then exit 2; fi + exec ${pkgs.jq}/bin/jq \ + -enr \ + --arg default_target "$default_target" \ + --arg target "$target" \ + -f ${pkgs.writeText "stockholm.parse-target.jq" '' + def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { + user: .captures[0].string, + host: .captures[1].string, + port: .captures[2].string, + path: .captures[3].string, + }; + def sanitize: with_entries(select(.value != null)); + ($default_target | parse) + ($target | parse | sanitize) | + . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } + ''} + ''); + + init.env = pkgs.writeText "init.env" /* sh */ '' + + export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" + export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}" + + export quiet + export system + export target + export user + + default_target=root@$system:22/var/src + + export target_object="$( + ${cmds.parse-target} "$target" -d "$default_target" + )" + export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" + export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" + export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" + export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" + export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" + ''; + + init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' + if \test "''${using_proxy-}" != true; then + + source=$(${cmds.get-source} "$source_file") + qualified_target=$target_user@$target_host:$target_port$target_path + if \test "$force_populate" = true; then + echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target" + else + echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target" + fi + + if \test "$target_local" != true; then + exec ${pkgs.openssh}/bin/ssh \ + "$target_user@$target_host" -p "$target_port" \ + cd "$target_path/stockholm" \; \ + NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ + STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \ + nix-shell --run "$(${pkgs.quote}/bin/quote " + ${lib.concatStringsSep " " (lib.mapAttrsToList + (name: opt: /* sh */ + "${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})") + opts + )} \ + using_proxy=true \ + ${lib.shell.escape command} \ + $WITHGETOPT_ORIG_ARGS \ + ")" + fi + fi + ''; + + utils.build = pkgs.writeDash "utils.build" '' + set -efu + ${utils.with-whatsupnix} \ + ${pkgs.nix}/bin/nix-build \ + --no-out-link \ + --show-trace \ + -E "with import <stockholm>; $1" \ + -I "$target_path" \ + ''; + + utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' + set -efu + if \test "$quiet" = true; then + "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix + else + exec "$@" + fi + ''; + + shell.get-version = pkgs.writeDash "stockholm.get-version" '' + set -efu + version=git.$(${pkgs.git}/bin/git describe --always --dirty) + case $version in (*-dirty) + version=$version@$HOSTNAME + esac + date=$(${pkgs.coreutils}/bin/date +%y.%m) + echo "$date.$version" + ''; + +in + + pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: + lib.nameValuePair "/bin/${name}" { inherit link; } + ) cmds) |