diff options
| author | lassulus <lassulus@lassul.us> | 2017-07-12 19:11:29 +0200 |
|---|---|---|
| committer | lassulus <lassulus@lassul.us> | 2017-07-12 19:11:29 +0200 |
| commit | b19ebc2abd8f383d477d35040e833cd9c05319ab (patch) | |
| tree | 778a882e0faebc82360c06165b4b00726468b8aa | |
| parent | 5efedd139a20d71268af2afd069dbd595414650f (diff) | |
| parent | cd47613a4d8daf185f4ac0f8ef43af11985a2f65 (diff) | |
Merge branch 'staging/source'
64 files changed, 403 insertions, 282 deletions
@@ -12,7 +12,7 @@ export STOCKHOLM_VERSION ?= $(shell \ system ?= $(HOSTNAME) $(if $(system),,$(error unbound variable: system)) -nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix +nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system)/config.nix ifneq ($(words $(wildcard $(nixos-config))),1) $(error bad nixos-config: $(nixos-config)) endif diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 976d378f9..904deb164 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -14,16 +14,9 @@ with import <stockholm/lib>; default = "/nix/var/nix/profiles/system"; }; - source = mkOption { - type = types.attrsOf types.source; - default = {}; - }; - # TODO deprecate krebs.build.user user = mkOption { type = types.user; }; }; - - config.krebs.build.source.stockholm.file = mkDefault (toString <stockholm>); } diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 2ad9aadc9..e21e0f1b3 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -14,15 +14,30 @@ # # 1 Usage error; arguments couldn't be parsed. # -# 2 Build error; at least one failed derivation could be found. +# 2 Nix error; input looks like Nix failed. +# +# 3 Build error; at least one failed derivation could be found. # -failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX) -trap 'rm -f -- "$failed_drvs"' EXIT +tmpdir=$(mktemp -d --tmpdir whatsupnix.XXXXXXXX) +failed_drvs=$tmpdir/failed_drvs; touch "$failed_drvs" +nix_errors=$tmpdir/nix_errors; touch "$nix_errors" +cleanup() { + rm "$failed_drvs" + rm "$nix_errors" + rmdir "$tmpdir" +} +trap cleanup EXIT exec >&2 -gawk -v failed_drvs="$failed_drvs" ' +gawk \ + -v failed_drvs="$failed_drvs" \ + -v nix_errors="$nix_errors" \ +' + /^(\033\[31;1m)?error:/ { + print $0 >> nix_errors + } match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { print m[1] >> failed_drvs } @@ -73,8 +88,10 @@ while read -r drv; do echo done < "$failed_drvs" -if test -s "$failed_drvs"; then +if test -s "$nix_errors"; then exit 2 +elif test -s "$failed_drvs"; then + exit 3 else exit 0 fi diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs/config.nix index e65b13d00..aa9a1f1ab 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs/config.nix @@ -1,18 +1,17 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - + inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway; ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/git.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/realwallpaper.nix> + <stockholm/lass/2configs/privoxy-retiolum.nix> { networking.interfaces.enp2s1.ip4 = [ { diff --git a/lass/1systems/cloudkrebs/source.nix b/lass/1systems/cloudkrebs/source.nix new file mode 100644 index 000000000..99e71e755 --- /dev/null +++ b/lass/1systems/cloudkrebs/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "cloudkrebs"; +} diff --git a/lass/1systems/dishfire.nix b/lass/1systems/dishfire/config.nix index e12367aca..416edeb82 100644 --- a/lass/1systems/dishfire.nix +++ b/lass/1systems/dishfire/config.nix @@ -2,11 +2,10 @@ { imports = [ - ../. - ../2configs/retiolum.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - #../2configs/exim-retiolum.nix - ../2configs/git.nix + <stockholm/lass/2configs/git.nix> { boot.loader.grub = { device = "/dev/vda"; @@ -56,7 +55,7 @@ } { imports = [ - ../2configs/websites/fritz.nix + <stockholm/lass/2configs/websites/fritz.nix> ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix new file mode 100644 index 000000000..2445af130 --- /dev/null +++ b/lass/1systems/dishfire/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "dishfire"; +} diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon/config.nix index da8864011..f064a4788 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon/config.nix @@ -1,22 +1,20 @@ { config, lib, pkgs, ... }: let - inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; - + inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway; ip = config.krebs.build.host.nets.internet.ip4.addr; in { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/exim-retiolum.nix - ../2configs/realwallpaper.nix - ../2configs/privoxy-retiolum.nix - ../2configs/git.nix - #../2configs/redis.nix - ../2configs/go.nix - ../2configs/ircd.nix - ../2configs/newsbot-js.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/realwallpaper.nix> + <stockholm/lass/2configs/privoxy-retiolum.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/go.nix> + <stockholm/lass/2configs/ircd.nix> + <stockholm/lass/2configs/newsbot-js.nix> { networking.interfaces.enp2s1.ip4 = [ { @@ -34,9 +32,6 @@ in { sound.enable = false; } { - imports = [ - ../3modules/dnsmasq.nix - ]; lass.dnsmasq = { enable = true; config = '' diff --git a/lass/1systems/echelon/source.nix b/lass/1systems/echelon/source.nix new file mode 100644 index 000000000..96888d5a8 --- /dev/null +++ b/lass/1systems/echelon/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "echelon"; +} diff --git a/lass/1systems/icarus.nix b/lass/1systems/icarus/config.nix index 13c517e3b..791ce0f46 100644 --- a/lass/1systems/icarus.nix +++ b/lass/1systems/icarus/config.nix @@ -1,19 +1,18 @@ { config, pkgs, ... }: -with import <stockholm/lib>; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/baseX.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/games.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/hw/tp-x220.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/backups.nix> + <stockholm/lass/2configs/games.nix> ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/icarus/source.nix b/lass/1systems/icarus/source.nix new file mode 100644 index 000000000..5b46a44f3 --- /dev/null +++ b/lass/1systems/icarus/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "icarus"; + secure = true; +} diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index b45d5b228..820ef74b8 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -4,12 +4,11 @@ with import <stockholm/lib>; { imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> - ../../krebs - ../3modules - ../5pkgs - ../2configs/mc.nix - ../2configs/nixpkgs.nix - ../2configs/vim.nix + <stockholm/krebs> + <stockholm/lass/3modules> + <stockholm/lass/5pkgs> + <stockholm/lass/2configs/mc.nix> + <stockholm/lass/2configs/vim.nix> { # /dev/stderr doesn't work. I don't know why # /proc/self doesn't seem to work correctly diff --git a/lass/1systems/mors.nix b/lass/1systems/mors/config.nix index 0bfd54515..bb0a4e23e 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors/config.nix @@ -3,28 +3,27 @@ with import <stockholm/lib>; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/exim-retiolum.nix - ../2configs/programs.nix - ../2configs/bitcoin.nix - ../2configs/browsers.nix - ../2configs/games.nix - ../2configs/pass.nix - ../2configs/elster.nix - ../2configs/steam.nix - ../2configs/wine.nix - ../2configs/git.nix - ../2configs/virtualbox.nix - ../2configs/fetchWallpaper.nix - #../2configs/c-base.nix - ../2configs/mail.nix - ../2configs/repo-sync.nix - ../2configs/ircd.nix - ../2configs/logf.nix - ../2configs/syncthing.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/hw/tp-x220.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/bitcoin.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/elster.nix> + <stockholm/lass/2configs/steam.nix> + <stockholm/lass/2configs/wine.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/virtualbox.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/mail.nix> + <stockholm/lass/2configs/repo-sync.nix> + <stockholm/lass/2configs/ircd.nix> + <stockholm/lass/2configs/logf.nix> + <stockholm/lass/2configs/syncthing.nix> { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix new file mode 100644 index 000000000..a9dfa2eb6 --- /dev/null +++ b/lass/1systems/mors/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "mors"; + secure = true; +} diff --git a/lass/1systems/prism.nix b/lass/1systems/prism/config.nix index 531dec9df..9faa4d473 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism/config.nix @@ -4,13 +4,9 @@ with import <stockholm/lib>; let ip = config.krebs.build.host.nets.internet.ip4.addr; - inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;}) - manageCerts - ; - in { imports = [ - ../. + <stockholm/lass> { networking.interfaces.et0.ip4 = [ { @@ -26,33 +22,33 @@ in { SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" ''; } - ../2configs/retiolum.nix - ../2configs/exim-smarthost.nix - ../2configs/downloading.nix - ../2configs/ts3.nix - ../2configs/bitlbee.nix - ../2configs/weechat.nix - ../2configs/privoxy-retiolum.nix - ../2configs/radio.nix - ../2configs/buildbot-standalone.nix - ../2configs/repo-sync.nix - ../2configs/binary-cache/server.nix - ../2configs/iodined.nix - ../2configs/libvirt.nix - ../2configs/hfos.nix - ../2configs/makefu-sip.nix - ../2configs/monitoring/server.nix - ../2configs/monitoring/monit-alarms.nix - ../2configs/paste.nix - ../2configs/syncthing.nix - ../2configs/coders-irc.nix - ../2configs/ciko.nix + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-smarthost.nix> + <stockholm/lass/2configs/downloading.nix> + <stockholm/lass/2configs/ts3.nix> + <stockholm/lass/2configs/bitlbee.nix> + <stockholm/lass/2configs/weechat.nix> + <stockholm/lass/2configs/privoxy-retiolum.nix> + <stockholm/lass/2configs/radio.nix> + <stockholm/lass/2configs/buildbot-standalone.nix> + <stockholm/lass/2configs/repo-sync.nix> + <stockholm/lass/2configs/binary-cache/server.nix> + <stockholm/lass/2configs/iodined.nix> + <stockholm/lass/2configs/libvirt.nix> + <stockholm/lass/2configs/hfos.nix> + <stockholm/lass/2configs/makefu-sip.nix> + <stockholm/lass/2configs/monitoring/server.nix> + <stockholm/lass/2configs/monitoring/monit-alarms.nix> + <stockholm/lass/2configs/paste.nix> + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/coders-irc.nix> + <stockholm/lass/2configs/ciko.nix> { lass.pyload.enable = true; } { imports = [ - ../2configs/bepasty.nix + <stockholm/lass/2configs/bepasty.nix> ]; krebs.bepasty.servers."paste.r".nginx.extraConfig = '' if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { @@ -170,8 +166,8 @@ in { } { imports = [ - ../2configs/websites/domsen.nix - ../2configs/websites/lassulus.nix + <stockholm/lass/2configs/websites/domsen.nix> + <stockholm/lass/2configs/websites/lassulus.nix> ]; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } @@ -195,7 +191,7 @@ in { } { imports = [ - ../2configs/realwallpaper.nix + <stockholm/lass/2configs/realwallpaper.nix> ]; services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' alias /var/realwallpaper/realwallpaper.png; diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix new file mode 100644 index 000000000..557fbf509 --- /dev/null +++ b/lass/1systems/prism/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "prism"; +} diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan/config.nix index 044e2ccf8..a68471aa0 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan/config.nix @@ -3,17 +3,17 @@ with import <stockholm/lib>; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/hw/tp-x220.nix - ../2configs/baseX.nix - ../2configs/git.nix - ../2configs/exim-retiolum.nix - ../2configs/browsers.nix - ../2configs/programs.nix - ../2configs/fetchWallpaper.nix - ../2configs/backups.nix - ../2configs/wine.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/hw/tp-x220.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/backups.nix> + <stockholm/lass/2configs/wine.nix> #{ # users.extraUsers = { # root = { diff --git a/lass/1systems/shodan/source.nix b/lass/1systems/shodan/source.nix new file mode 100644 index 000000000..be24ae2d5 --- /dev/null +++ b/lass/1systems/shodan/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "shodan"; +} diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel/config.nix index b84fec317..70bef9883 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel/config.nix @@ -4,9 +4,9 @@ with builtins; with import <stockholm/lib>; { imports = [ - ../. - ../2configs/retiolum.nix - ../2configs/exim-retiolum.nix + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/exim-retiolum.nix> { # locke config i18n.defaultLocale ="de_DE.UTF-8"; diff --git a/lass/1systems/uriel/source.nix b/lass/1systems/uriel/source.nix new file mode 100644 index 000000000..11d6e1c34 --- /dev/null +++ b/lass/1systems/uriel/source.nix @@ -0,0 +1,3 @@ +import <stockholm/lass/source.nix> { + name = "uriel"; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 161db9422..22a7b1c19 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -6,7 +6,6 @@ with import <stockholm/lib>; ../2configs/binary-cache/client.nix ../2configs/gc.nix ../2configs/mc.nix - ../2configs/nixpkgs.nix ../2configs/vim.nix ../2configs/monitoring/client.nix ./htop.nix @@ -72,16 +71,7 @@ with import <stockholm/lib>; krebs = { enable = true; search-domain = "r"; - build = { - user = config.krebs.users.lass; - source = let inherit (config.krebs.build) host; in { - nixos-config.symlink = "stockholm/lass/1systems/${host.name}.nix"; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString <stockholm/lass/2configs/tests/dummy-secrets> - else "/home/lass/secrets/${host.name}"; - }; - }; + build.user = config.krebs.users.lass; }; nix.useSandbox = true; diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix deleted file mode 100644 index f5a3bbf88..000000000 --- a/lass/2configs/nixpkgs.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - krebs.build.source.nixpkgs.git = { - url = https://cgit.lassul.us/nixpkgs; - ref = "d72efac"; - }; -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index fd353e008..e7744395d 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ./dnsmasq.nix ./ejabberd ./folderPerms.nix ./hosts.nix diff --git a/lass/source.nix b/lass/source.nix new file mode 100644 index 000000000..a4e9d9d6a --- /dev/null +++ b/lass/source.nix @@ -0,0 +1,24 @@ +with import <stockholm/lib>; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "lass"; + _file = <stockholm> + "/lass/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; + lass = "/home/lass/secrets/${name}"; + }; + stockholm.file = toString <stockholm>; + nixpkgs.git = { + url = https://cgit.lassul.us/nixpkgs; + # nixos-17.03 + # + copytoram: + # 87a4615 & 334ac4f + # + acme permissions for groups + # fd7a8f1 + ref = "0aac3fc"; + }; + } diff --git a/lib/default.nix b/lib/default.nix index 803a614a1..4c54f60aa 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,9 @@ let nixpkgs-lib = import <nixpkgs/lib>; lib = with lib; nixpkgs-lib // builtins // { + + evalSource = import ./eval-source.nix; + git = import ./git.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; diff --git a/lib/eval-source.nix b/lib/eval-source.nix new file mode 100644 index 000000000..468fc92d1 --- /dev/null +++ b/lib/eval-source.nix @@ -0,0 +1,15 @@ +with import <stockholm/lib>; +let + eval = _file: source: evalModules { + modules = singleton { + inherit _file; + imports = map (source: { inherit source; }) (toList source); + options.source = mkOption { + type = types.attrsOf types.source; + default = {}; + }; + }; + }; +in + # This function's return value can be used as pkgs.populate input. + _file: source: (eval _file source).config.source diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules/config.nix index 39d7c494b..7ebcf3b50 100644 --- a/shared/1systems/test-all-krebs-modules.nix +++ b/shared/1systems/test-all-krebs-modules/config.nix @@ -3,7 +3,7 @@ let en = { enable = true;}; in { imports = [ - ../. + <stockholm/shared> ]; krebs = { enable = true; diff --git a/shared/1systems/test-all-krebs-modules/source.nix b/shared/1systems/test-all-krebs-modules/source.nix new file mode 100644 index 000000000..58d72365f --- /dev/null +++ b/shared/1systems/test-all-krebs-modules/source.nix @@ -0,0 +1,3 @@ +import <stockholm/shared/source.nix> { + name = "test-all-krebs-modules"; +} diff --git a/shared/1systems/test-arch.nix b/shared/1systems/test-arch/config.nix index a13fea425..453483d48 100644 --- a/shared/1systems/test-arch.nix +++ b/shared/1systems/test-arch/config.nix @@ -2,7 +2,7 @@ { imports = [ - ../. + <stockholm/shared> { boot.loader.grub = { device = "/dev/sda"; diff --git a/shared/1systems/test-arch/source.nix b/shared/1systems/test-arch/source.nix new file mode 100644 index 000000000..ca2305684 --- /dev/null +++ b/shared/1systems/test-arch/source.nix @@ -0,0 +1,3 @@ +import <stockholm/shared/source.nix> { + name = "test-arch"; +} diff --git a/shared/1systems/test-centos6.nix b/shared/1systems/test-centos6/config.nix index ebcece383..a81ff7c51 100644 --- a/shared/1systems/test-centos6.nix +++ b/shared/1systems/test-centos6/config.nix @@ -7,8 +7,8 @@ let gw = "168.235.148.1"; in { imports = [ - ../. - ../2configs/os-templates/CAC-CentOS-6.5-64bit.nix + <stockholm/shared> + <stockholm/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix> { networking.interfaces.enp11s0.ip4 = [ { diff --git a/shared/1systems/test-centos6/source.nix b/shared/1systems/test-centos6/source.nix new file mode 100644 index 000000000..0c7c78ec0 --- /dev/null +++ b/shared/1systems/test-centos6/source.nix @@ -0,0 +1,3 @@ +import <stockholm/shared/source.nix> { + name = "test-centos6"; +} diff --git a/shared/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix deleted file mode 100644 index 9ea063c9b..000000000 --- a/shared/1systems/test-centos7.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) head; - -in { - imports = [ - ../. - ../2configs/os-templates/CAC-CentOS-7-64bit.nix - ../2configs/temp/networking.nix - ../2configs/temp/dirs.nix - ]; - - sound.enable = false; - krebs.build.host = config.krebs.hosts.test-centos7; -} diff --git a/shared/1systems/test-centos7/config.nix b/shared/1systems/test-centos7/config.nix new file mode 100644 index 000000000..58f99e87c --- /dev/null +++ b/shared/1systems/test-centos7/config.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) head; + +in { + imports = [ + <stockholm/shared> + <stockholm/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix> + <stockholm/shared/2configs/temp/networking.nix> + <stockholm/shared/2configs/temp/dirs.nix> + ]; + + sound.enable = false; + krebs.build.host = config.krebs.hosts.test-centos7; +} diff --git a/shared/1systems/test-centos7/source.nix b/shared/1systems/test-centos7/source.nix new file mode 100644 index 000000000..5144477fe --- /dev/null +++ b/shared/1systems/test-centos7/source.nix @@ -0,0 +1,3 @@ +import <stockholm/shared/source.nix> { + name = "test-centos7"; +} diff --git a/shared/1systems/test-failing.nix b/shared/1systems/test-failing/config.nix index fe1c2cb65..fb6a58397 100644 --- a/shared/1systems/test-failing.nix +++ b/shared/1systems/test-failing/config.nix @@ -2,7 +2,7 @@ { imports = [ - ../. + <stockholm/shared> ]; programs.ssh.startAgent = true; programs.ssh.startAgent = false; diff --git a/shared/1systems/test-failing/source.nix b/shared/1systems/test-failing/source.nix new file mode 100644 index 000000000..3e17d0b52 --- /dev/null +++ b/shared/1systems/test-failing/source.nix @@ -0,0 +1,3 @@ +import <stockholm/shared/source.nix> { + name = "test-failing"; +} diff --git a/shared/1systems/test-minimal-deploy.nix b/shared/1systems/test-minimal-deploy/config.nix index bec2b38d5..eab703671 100644 --- a/shared/1systems/test-minimal-deploy.nix +++ b/shared/1systems/test-minimal-deploy/config.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { imports = [ - ../. + <stockholm/shared> ]; krebs = { enable = true; diff --git a/shared/1systems/test-minimal-deploy/source.nix b/shared/1systems/test-minimal-deploy/source.nix new file mode 100644 index 000000000..2368cdd49 --- /dev/null +++ b/shared/1systems/test-minimal-deploy/source.nix @@ -0,0 +1,3 @@ +import <stockholm/shared/source.nix> { + name = "test-minimal-deploy"; +} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf/config.nix index 584ee0373..636f8e822 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf/config.nix @@ -4,24 +4,24 @@ let in { imports = [ - ../. + <stockholm/shared> <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ../2configs/collectd-base.nix - ../2configs/central-stats-client.nix - ../2configs/save-diskspace.nix - - ../2configs/cgit-mirror.nix - ../2configs/graphite.nix - ../2configs/repo-sync.nix - ../2configs/shared-buildbot.nix - - ../2configs/shack/worlddomination.nix - ../2configs/shack/drivedroid.nix - # ../2configs/shack/nix-cacher.nix - ../2configs/shack/mqtt_sub.nix - ../2configs/shack/muell_caller.nix - ../2configs/shack/radioactive.nix - ../2configs/shack/share.nix + <stockholm/shared/2configs/collectd-base.nix> + <stockholm/shared/2configs/central-stats-client.nix> + <stockholm/shared/2configs/save-diskspace.nix> + + <stockholm/shared/2configs/cgit-mirror.nix> + <stockholm/shared/2configs/graphite.nix> + <stockholm/shared/2configs/repo-sync.nix> + <stockholm/shared/2configs/shared-buildbot.nix> + + <stockholm/shared/2configs/shack/worlddomination.nix> + <stockholm/shared/2configs/shack/drivedroid.nix> + # <stockholm/shared/2configs/shack/nix-cacher.nix> + <stockholm/shared/2configs/shack/mqtt_sub.nix> + <stockholm/shared/2configs/shack/muell_caller.nix> + <stockholm/shared/2configs/shack/radioactive.nix> + <stockholm/shared/2configs/shack/share.nix> ]; # use your own binary cache, fallback use cache.nixos.org (which is used by @@ -43,6 +43,7 @@ in }; nix = { + # use the up to date prism cache binaryCaches = [ "http://cache.prism.r" "https://cache.nixos.org/" diff --git a/shared/1systems/wolf/source.nix b/shared/1systems/wolf/source.nix new file mode 100644 index 000000000..d2bc4952a --- /dev/null +++ b/shared/1systems/wolf/source.nix @@ -0,0 +1,3 @@ +import <stockholm/shared/source.nix> { + name = "wolf"; +} diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index 398f125e4..2146f42e8 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -7,18 +7,6 @@ with import <stockholm/lib>; # TODO rename shared user to "krebs" krebs.build.user = mkDefault config.krebs.users.shared; - krebs.build.source = let inherit (config.krebs.build) host user; in { - nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 - }; - secrets.file = - if getEnv "dummy_secrets" == "true" - then toString <stockholm/shared/6tests/data/secrets> - else "${getEnv "HOME"}/secrets/krebs/${host.name}"; - stockholm.file = getEnv "PWD"; - }; networking.hostName = config.krebs.build.host.name; diff --git a/shared/source.nix b/shared/source.nix new file mode 100644 index 000000000..8ec9fbb6f --- /dev/null +++ b/shared/source.nix @@ -0,0 +1,19 @@ +with import <stockholm/lib>; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "shared"; + _file = <stockholm> + "/shared/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/shared/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString <stockholm/shared/6tests/data/secrets>; + lass = "${getEnv "HOME"}/secrets/krebs/${host.name}"; + }; + stockholm.file = toString <stockholm>; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17 + }; + } @@ -43,9 +43,11 @@ let ''; init.env = pkgs.writeText "init.env" /* sh */ '' - config=''${config-$LOGNAME/1systems/$system.nix} + config=''${config-$LOGNAME/1systems/$system/config.nix} + source=''${source-$LOGNAME/1systems/$system/source.nix} export config + export source export system export target @@ -85,18 +87,19 @@ let }; populate = pkgs.writeDash "init.env.populate" '' set -efu - ${pkgs.nix}/bin/nix-instantiate \ + _source=$(${pkgs.nix}/bin/nix-instantiate \ --eval \ --json \ --readonly-mode \ --show-trace \ --strict \ -I nixos-config="$config" \ - -E 'with import <stockholm>; config.krebs.build.source' \ - | + "$source") + echo $_source | ${pkgs.populate}/bin/populate \ "$target_user@$target_host:$target_port$target_path" \ >&2 + unset _source ''; proxy = pkgs.writeDash "init.env.proxy" '' set -efu @@ -109,7 +112,7 @@ let NIX_PATH=$(q "$target_path") \ STOCKHOLM_VERSION=$STOCKHOLM_VERSION \ nix-shell \ - --command $(q \ + --run $(q \ config=$config \ system=$system \ target=$target \ diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus/config.nix index ef2a0500f..dd9e594fc 100644 --- a/tv/1systems/alnus.nix +++ b/tv/1systems/alnus/config.nix @@ -4,10 +4,10 @@ with import <stockholm/lib>; { imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/retiolum.nix + <stockholm/tv> + <stockholm/tv/2configs/hw/x220.nix> + <stockholm/tv/2configs/exim-retiolum.nix> + <stockholm/tv/2configs/retiolum.nix> ]; # TODO remove non-hardware stuff from ../2configs/hw/x220.nix @@ -58,7 +58,6 @@ with import <stockholm/lib>; krebs.build = { host = config.krebs.hosts.alnus; user = mkForce config.krebs.users.dv; - source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; }; networking.networkmanager.enable = true; diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix new file mode 100644 index 000000000..c3ed4dcfb --- /dev/null +++ b/tv/1systems/alnus/source.nix @@ -0,0 +1,4 @@ +import <stockholm/tv/source.nix> { + name = "alnus"; + override.nixpkgs.git.ref = "9b948ea439ddbaa26740ce35543e7e35d2aa6d18"; +} diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi/config.nix index 59f3cd63a..b136d1ade 100644 --- a/tv/1systems/caxi.nix +++ b/tv/1systems/caxi/config.nix @@ -6,10 +6,10 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.caxi; imports = [ - ../. - ../2configs/hw/CAC-Developer-1.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/retiolum.nix + <stockholm/tv> + <stockholm/tv/2configs/hw/CAC-Developer-1.nix> + <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix> + <stockholm/tv/2configs/retiolum.nix> ]; networking = let diff --git a/tv/1systems/caxi/source.nix b/tv/1systems/caxi/source.nix new file mode 100644 index 000000000..bc875b768 --- /dev/null +++ b/tv/1systems/caxi/source.nix @@ -0,0 +1,3 @@ +import <stockholm/tv/source.nix> { + name = "caxi"; +} diff --git a/tv/1systems/cd.nix b/tv/1systems/cd/config.nix index 9f2cec574..f78bcafeb 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd/config.nix @@ -6,11 +6,11 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.cd; imports = [ - ../. - ../2configs/hw/CAC-Developer-2.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/exim-smarthost.nix - ../2configs/retiolum.nix + <stockholm/tv> + <stockholm/tv/2configs/hw/CAC-Developer-2.nix> + <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix> + <stockholm/tv/2configs/exim-smarthost.nix> + <stockholm/tv/2configs/retiolum.nix> ]; networking = { diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix new file mode 100644 index 000000000..019e8bc22 --- /dev/null +++ b/tv/1systems/cd/source.nix @@ -0,0 +1,3 @@ +import <stockholm/tv/source.nix> { + name = "cd"; +} diff --git a/tv/1systems/mu.nix b/tv/1systems/mu/config.nix index 3f3b2c2f4..239f333b5 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu/config.nix @@ -4,11 +4,11 @@ with import <stockholm/lib>; { imports = [ - ../../krebs - ../2configs - ../3modules - ../2configs/exim-retiolum.nix - ../2configs/retiolum.nix + <stockholm/krebs> + <stockholm/tv/2configs> + <stockholm/tv/3modules> + <stockholm/tv/2configs/exim-retiolum.nix> + <stockholm/tv/2configs/retiolum.nix> ]; krebs.build.host = config.krebs.hosts.mu; diff --git a/tv/1systems/mu/source.nix b/tv/1systems/mu/source.nix new file mode 100644 index 000000000..7e148cf36 --- /dev/null +++ b/tv/1systems/mu/source.nix @@ -0,0 +1,3 @@ +import <stockholm/tv/source.nix> { + name = "mu"; +} diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic/config.nix index 9b9502254..d0144986b 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic/config.nix @@ -6,16 +6,16 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.nomic; imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/im.nix - ../2configs/mail-client.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver + <stockholm/tv> + <stockholm/tv/2configs/hw/x220.nix> + <stockholm/tv/2configs/exim-retiolum.nix> + <stockholm/tv/2configs/gitrepos.nix> + <stockholm/tv/2configs/im.nix> + <stockholm/tv/2configs/mail-client.nix> + <stockholm/tv/2configs/nginx/public_html.nix> + <stockholm/tv/2configs/pulse.nix> + <stockholm/tv/2configs/retiolum.nix> + <stockholm/tv/2configs/xserver> ]; boot.initrd.luks = { diff --git a/tv/1systems/nomic/source.nix b/tv/1systems/nomic/source.nix new file mode 100644 index 000000000..f173b65a6 --- /dev/null +++ b/tv/1systems/nomic/source.nix @@ -0,0 +1,4 @@ +import <stockholm/tv/source.nix> { + name = "nomic"; + secure = true; +} diff --git a/tv/1systems/test/source.nix b/tv/1systems/test/source.nix new file mode 100644 index 000000000..f756b8586 --- /dev/null +++ b/tv/1systems/test/source.nix @@ -0,0 +1,3 @@ +import <stockholm/tv/source.nix> { + name = "test"; +} diff --git a/tv/1systems/wu.nix b/tv/1systems/wu/config.nix index 4b3bf8538..5b2542acd 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu/config.nix @@ -6,17 +6,17 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.wu; imports = [ - ../. - ../2configs/hw/w110er.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/im.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver + <stockholm/tv> + <stockholm/tv/2configs/hw/w110er.nix> + <stockholm/tv/2configs/exim-retiolum.nix> + <stockholm/tv/2configs/gitrepos.nix> + <stockholm/tv/2configs/im.nix> + <stockholm/tv/2configs/mail-client.nix> + <stockholm/tv/2configs/man.nix> + <stockholm/tv/2configs/nginx/public_html.nix> + <stockholm/tv/2configs/pulse.nix> + <stockholm/tv/2configs/retiolum.nix> + <stockholm/tv/2configs/xserver> { environment.systemPackages = with pkgs; [ # root diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix new file mode 100644 index 000000000..2e9cdeb8a --- /dev/null +++ b/tv/1systems/wu/source.nix @@ -0,0 +1,4 @@ +import <stockholm/tv/source.nix> { + name = "wu"; + secure = true; +} diff --git a/tv/1systems/xu.nix b/tv/1systems/xu/config.nix index d82f45ac0..2bffdddb3 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu/config.nix @@ -6,18 +6,18 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.xu; imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitconfig.nix - ../2configs/gitrepos.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/binary-cache - ../2configs/xserver + <stockholm/tv> + <stockholm/tv/2configs/hw/x220.nix> + <stockholm/tv/2configs/exim-retiolum.nix> + <stockholm/tv/2configs/gitconfig.nix> + <stockholm/tv/2configs/gitrepos.nix> + <stockholm/tv/2configs/mail-client.nix> + <stockholm/tv/2configs/man.nix> + <stockholm/tv/2configs/nginx/public_html.nix> + <stockholm/tv/2configs/pulse.nix> + <stockholm/tv/2configs/retiolum.nix> + <stockholm/tv/2configs/binary-cache> + <stockholm/tv/2configs/xserver> { environment.systemPackages = with pkgs; [ diff --git a/tv/1systems/xu/source.nix b/tv/1systems/xu/source.nix new file mode 100644 index 000000000..46e1aee90 --- /dev/null +++ b/tv/1systems/xu/source.nix @@ -0,0 +1,4 @@ +import <stockholm/tv/source.nix> { + name = "xu"; + secure = true; +} diff --git a/tv/1systems/zu.nix b/tv/1systems/zu/config.nix index 4fae3ca75..d2aab8c51 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu/config.nix @@ -12,16 +12,16 @@ with import <stockholm/lib>; default = {}; }; } - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver + <stockholm/tv> + <stockholm/tv/2configs/hw/x220.nix> + <stockholm/tv/2configs/exim-retiolum.nix> + <stockholm/tv/2configs/gitrepos.nix> + <stockholm/tv/2configs/mail-client.nix> + <stockholm/tv/2configs/man.nix> + <stockholm/tv/2configs/nginx/public_html.nix> + <stockholm/tv/2configs/pulse.nix> + <stockholm/tv/2configs/retiolum.nix> + <stockholm/tv/2configs/xserver> { environment.systemPackages = with pkgs; [ diff --git a/tv/1systems/zu/source.nix b/tv/1systems/zu/source.nix new file mode 100644 index 000000000..7a5c4f523 --- /dev/null +++ b/tv/1systems/zu/source.nix @@ -0,0 +1,4 @@ +import <stockholm/tv/source.nix> { + name = "zu"; + secure = true; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 3d95d6dee..07496fd1f 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -6,23 +6,7 @@ with import <stockholm/lib>; in { krebs.enable = true; - krebs.build = { - user = config.krebs.users.tv; - source = let inherit (config.krebs.build) host; in { - nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = getAttr builder { - buildbot = toString <stockholm/tv/dummy_secrets>; - tv = "/home/tv/secrets/${host.name}"; - }; - secrets-common.file = "/home/tv/secrets/common"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "057f89b9344e5341796046f25ae4f269be6d4529"; # nixos-17.03 - }; - } // optionalAttrs host.secure { - secrets-master.file = "/home/tv/secrets/master"; - }; - }; + krebs.build.user = config.krebs.users.tv; networking.hostName = config.krebs.build.host.name; diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 6cc295dc5..e0a04e214 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -11,7 +11,7 @@ networking.wireless.enable = true; # Required for Centrino. - hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; diff --git a/tv/source.nix b/tv/source.nix new file mode 100644 index 000000000..4ede976d3 --- /dev/null +++ b/tv/source.nix @@ -0,0 +1,27 @@ +with import <stockholm/lib>; +host@{ name, secure ? false, override ? {} }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "tv"; + _file = <stockholm> + "/tv/1systems/${name}/source.nix"; +in + evalSource (toString _file) [ + { + nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; + nixpkgs.git = { + # nixos-17.03 + ref = mkDefault "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; + url = https://github.com/NixOS/nixpkgs; + }; + secrets.file = getAttr builder { + buildbot = toString <stockholm/tv/dummy_secrets>; + tv = "/home/tv/secrets/${name}"; + }; + secrets-common.file = "/home/tv/secrets/common"; + stockholm.file = toString <stockholm>; + } + (mkIf secure { + secrets-master.file = "/home/tv/secrets/master"; + }) + override + ] |