From ce731718eda4266bf09d45434d98418f5efd195a Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Mon, 28 Sep 2015 01:10:35 +0200
Subject: [PATCH 01/10] irc-announce: optimize diff --stat renderer
---
tv/4lib/git.nix | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/tv/4lib/git.nix b/tv/4lib/git.nix
index fe6401728..6f3654356 100644
--- a/tv/4lib/git.nix
+++ b/tv/4lib/git.nix
@@ -178,10 +178,7 @@ let
$id2..$id
git diff --stat $id2..$id \
- | sed '
- $!s/+/'$(green '&')'/g
- $!s/-/'$(red '&')'/g
- '
+ | sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/'
)
done
From ffa024c95025862d4498faed453ae34ca02b7582 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Mon, 28 Sep 2015 01:18:44 +0200
Subject: [PATCH 02/10] irc-announce: omit $GIT_SSH_USER
---
tv/4lib/git.nix | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/tv/4lib/git.nix b/tv/4lib/git.nix
index 6f3654356..f99bcc967 100644
--- a/tv/4lib/git.nix
+++ b/tv/4lib/git.nix
@@ -114,6 +114,12 @@ let
gnused
])}
+ green() { printf '\x0303,99%s\x0F' "$1"; }
+ red() { printf '\x0304,99%s\x0F' "$1"; }
+ orange() { printf '\x0307,99%s\x0F' "$1"; }
+ pink() { printf '\x0313,99%s\x0F' "$1"; }
+ gray() { printf '\x0314,99%s\x0F' "$1"; }
+
nick=${escapeShellArg nick}
channel=${escapeShellArg channel}
server=${escapeShellArg server}
@@ -163,15 +169,10 @@ let
#$host $GIT_SSH_REPO $ref $link
message="''${message+$message
- }$GIT_SSH_USER $receive_mode $link"
+ }$(pink push) $link $(gray "($receive_mode)")"
message=''${message+$message
}$(
- green() { printf '\x0303,99%s\x0F' "$1"; }
- red() { printf '\x0304,99%s\x0F' "$1"; }
- orange() { printf '\x0307,99%s\x0F' "$1"; }
- gray() { printf '\x0314,99%s\x0F' "$1"; }
-
git log \
--format="$(orange %h) %s $(gray '(%ar)')" \
--reverse \
From ac49bcab3d7776b2e17475fbaaa927b1a7d1c279 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Mon, 28 Sep 2015 01:29:36 +0200
Subject: [PATCH 03/10] irc-announce: add add_message
---
tv/4lib/git.nix | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/tv/4lib/git.nix b/tv/4lib/git.nix
index f99bcc967..748b77269 100644
--- a/tv/4lib/git.nix
+++ b/tv/4lib/git.nix
@@ -120,6 +120,12 @@ let
pink() { printf '\x0313,99%s\x0F' "$1"; }
gray() { printf '\x0314,99%s\x0F' "$1"; }
+ unset message
+ add_message() {
+ message="''${message+$message
+ }$*"
+ }
+
nick=${escapeShellArg nick}
channel=${escapeShellArg channel}
server=${escapeShellArg server}
@@ -130,7 +136,6 @@ let
empty=0000000000000000000000000000000000000000
- unset message
while read oldrev newrev ref; do
if [ $oldrev = $empty ]; then
@@ -168,11 +173,9 @@ let
esac
#$host $GIT_SSH_REPO $ref $link
- message="''${message+$message
- }$(pink push) $link $(gray "($receive_mode)")"
+ add_message $(pink push) $link $(gray "($receive_mode)")
- message=''${message+$message
- }$(
+ add_message "$(
git log \
--format="$(orange %h) %s $(gray '(%ar)')" \
--reverse \
@@ -180,7 +183,7 @@ let
git diff --stat $id2..$id \
| sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/'
- )
+ )"
done
From 60be21be0a06687b22af02d0bbce606860d00638 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 1 Oct 2015 01:44:59 +0200
Subject: [PATCH 04/10] get: 1.1.1 -> 1.2.0
---
krebs/5pkgs/get/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix
index e2591db73..313c1bbb5 100644
--- a/krebs/5pkgs/get/default.nix
+++ b/krebs/5pkgs/get/default.nix
@@ -1,12 +1,12 @@
{ coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }:
stdenv.mkDerivation {
- name = "get-1.1.1";
+ name = "get-1.2.0";
src = fetchgit {
url = http://cgit.cd.retiolum/get;
- rev = "e64826a4f5f74cbaa895e538b97d0e523e9709f9";
- sha256 = "4d1aa07bba52f697cf7aa7ad1b02b9ff41598dfea83c578e77b8d81e3e8830d2";
+ rev = "9801ebe6f527b9505799ff423c427c03694d85de";
+ sha256 = "278dee0b873907650b97cc95a60c26f027ed59d75d9c4c23e9667a352ea60eea";
};
phases = [
From bfe0723728ae2d995b99f22fe9783a34889b1828 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 1 Oct 2015 01:48:15 +0200
Subject: [PATCH 05/10] move config scripts to krebs
---
Makefile | 15 +-
default.nix | 31 +-
krebs/3modules/build.nix | 72 +++++
krebs/3modules/build/default.nix | 304 ------------------
krebs/3modules/default.nix | 2 +-
.../build => 4lib}/infest/finalize.sh | 0
.../build => 4lib}/infest/install-nix.sh | 0
.../build => 4lib}/infest/prepare.sh | 0
krebs/default.nix | 263 +++++++++++++++
9 files changed, 358 insertions(+), 329 deletions(-)
create mode 100644 krebs/3modules/build.nix
delete mode 100644 krebs/3modules/build/default.nix
rename krebs/{3modules/build => 4lib}/infest/finalize.sh (100%)
rename krebs/{3modules/build => 4lib}/infest/install-nix.sh (100%)
rename krebs/{3modules/build => 4lib}/infest/prepare.sh (100%)
create mode 100644 krebs/default.nix
diff --git a/Makefile b/Makefile
index 3727793e8..552e6e0fd 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,8 @@
#
# usage:
-# make system=foo
-# make systems='foo bar'
+# make infest system=foo [target=bar]
+# make [deploy] system=foo [target=bar]
+# make [deploy] systems='foo bar'
# make eval get=tv.wu.config.time.timeZone [filter=json]
#
@@ -11,6 +12,7 @@
ifdef systems
$(systems):
@
+ unset target
parallel \
--line-buffer \
-j0 \
@@ -20,7 +22,7 @@ $(systems):
else ifdef system
.PHONY: deploy infest
deploy infest:;@
- export get=$$LOGNAME.${system}.config.krebs.build.scripts.$@
+ export get=krebs.$@
export filter=json
make -s eval | sh
@@ -39,8 +41,11 @@ endif
--eval \
-A "$$get" \
'<stockholm>' \
- --argstr user-name "$$LOGNAME" \
- --argstr host-name "$$HOSTNAME" \
+ --argstr current-date "$$(date -Is)" \
+ --argstr current-host-name "$$HOSTNAME" \
+ --argstr current-user-name "$$LOGNAME" \
+ $${system+--argstr system "$$system"} \
+ $${target+--argstr target "$$target"} \
| filter
else
$(error unbound variable: system[s])
diff --git a/default.nix b/default.nix
index 1c3341ba7..7f3f621b8 100644
--- a/default.nix
+++ b/default.nix
@@ -1,36 +1,29 @@
-{ user-name, host-name }:
+{ current-date
+, current-host-name
+, current-user-name
+}:
let
lib = import <nixpkgs/lib>;
krebs-modules-path = ./krebs/3modules;
krebs-pkgs-path = ./krebs/5pkgs;
- user-modules-path = ./. + "/${user-name}/3modules";
- user-pkgs-path = ./. + "/${user-name}/5pkgs";
+ user-modules-path = ./. + "/${current-user-name}/3modules";
+ user-pkgs-path = ./. + "/${current-user-name}/5pkgs";
out =
- (lib.mapAttrs (k: v: mk-namespace (./. + "/${k}"))
+ (lib.mapAttrs
+ (k: v:
+ if builtins.pathExists (./. + "/${k}/1systems")
+ then mk-namespace (./. + "/${k}")
+ else import (./. + "/${k}"))
(lib.filterAttrs
- (k: v: !lib.hasPrefix "." k && v == "directory" &&
- builtins.pathExists (./. + "/${k}/1systems"))
+ (k: v: !lib.hasPrefix "." k && v == "directory")
(builtins.readDir ./.)));
eval = path: import <nixpkgs/nixos/lib/eval-config.nix> {
system = builtins.currentSystem;
modules = [
- ({ config, ... }:
- with import ./krebs/4lib { inherit lib; };
- {
- options.krebs.exec.host = mkOption {
- type = types.host;
- default = config.krebs.hosts.${host-name};
- };
- options.krebs.exec.user = mkOption {
- type = types.user;
- default = config.krebs.users.${user-name};
- };
- }
- )
path
krebs-modules-path
user-modules-path
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
new file mode 100644
index 000000000..57495ea69
--- /dev/null
+++ b/krebs/3modules/build.nix
@@ -0,0 +1,72 @@
+{ config, lib, ... }:
+
+with import ../4lib { inherit lib; };
+
+let
+ target = config.krebs.build // { user.name = "root"; };
+
+ out = {
+ # TODO deprecate krebs.build.host
+ options.krebs.build.host = mkOption {
+ type = types.host;
+ };
+
+ # TODO make krebs.build.profile shell safe
+ options.krebs.build.profile = mkOption {
+ type = types.str;
+ default = "/nix/var/nix/profiles/system";
+ };
+
+ # TODO make krebs.build.target.host :: host
+ options.krebs.build.target = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ };
+
+ # TODO deprecate krebs.build.user
+ options.krebs.build.user = mkOption {
+ type = types.user;
+ };
+
+ options.krebs.build.source.dir = mkOption {
+ type = types.attrsOf (types.submodule ({ config, ... }: {
+ options = {
+ host = mkOption {
+ type = types.host;
+ };
+ path = mkOption {
+ type = types.str;
+ };
+ target-path = mkOption {
+ type = types.str;
+ default = "/root/${config._module.args.name}";
+ };
+ url = mkOption {
+ type = types.str;
+ default = "file://${config.host.name}${config.path}";
+ };
+ };
+ }));
+ default = {};
+ };
+
+ options.krebs.build.source.git = mkOption {
+ type = with types; attrsOf (submodule ({ config, ... }: {
+ options = {
+ url = mkOption {
+ type = types.str; # TODO must be shell safe
+ };
+ rev = mkOption {
+ type = types.str;
+ };
+ target-path = mkOption {
+ type = types.str;
+ default = "/root/${config._module.args.name}";
+ };
+ };
+ }));
+ default = {};
+ };
+ };
+
+in out
diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix
deleted file mode 100644
index 23bd8c8fd..000000000
--- a/krebs/3modules/build/default.nix
+++ /dev/null
@@ -1,304 +0,0 @@
-{ config, lib, ... }:
-
-with import ../../4lib { inherit lib; };
-
-let
- target = config.krebs.build // { user.name = "root"; };
-
- out = {
- # TODO deprecate krebs.build.host
- options.krebs.build.host = mkOption {
- type = types.host;
- };
-
- # TODO make krebs.build.profile shell safe
- options.krebs.build.profile = mkOption {
- type = types.str;
- default = "/nix/var/nix/profiles/system";
- };
-
- # TODO make krebs.build.target.host :: host
- options.krebs.build.target = mkOption {
- type = with types; nullOr str;
- default = null;
- };
-
- # TODO deprecate krebs.build.user
- options.krebs.build.user = mkOption {
- type = types.user;
- };
-
- options.krebs.build.scripts.init = lib.mkOption {
- type = lib.types.str;
- default =
- let
- inherit (config.krebs.build) host;
- in
- ''
- #! /bin/sh
- set -efu
-
- hostname=${host.name}
- secrets_dir=${config.krebs.build.source.dir.secrets.path}
- key_type=ed25519
- key_file=$secrets_dir/ssh.id_$key_type
- key_comment=$hostname
-
- if test -e "$key_file"; then
- echo "Warning: privkey already exists: $key_file" >&2
- else
- ssh-keygen \
- -C "$key_comment" \
- -t "$key_type" \
- -f "$key_file" \
- -N ""
- rm "$key_file.pub"
- fi
-
- pubkey=$(ssh-keygen -y -f "$key_file")
-
- cat<<EOF
- # put following into config.krebs.hosts.$hostname:
- ssh.pubkey = $(echo $pubkey | jq -R .);
- EOF
- '';
- };
-
- options.krebs.build.scripts.deploy = lib.mkOption {
- type = lib.types.str;
- default = ''
- set -efu
- (${config.krebs.build.scripts._source})
- ${ssh-target ''
- ${config.krebs.build.scripts._nix-env}
- ${config.krebs.build.profile}/bin/switch-to-configuration switch
- ''}
- echo OK
- '';
- };
-
- options.krebs.build.scripts.infest = lib.mkOption {
- type = lib.types.str;
- default = ''
- set -efu
-
- export RSYNC_RSH; RSYNC_RSH="$(type -p ssh) \
- -o 'HostName ${target.host.infest.addr}' \
- -o 'Port ${toString target.host.infest.port}' \
- "
- ssh() {
- eval "$RSYNC_RSH \"\$@\""
- }
-
- ${ssh-target ''
- ${readFile ./infest/prepare.sh}
- ${readFile ./infest/install-nix.sh}
- ''}
-
- (${config.krebs.build.scripts._source})
-
- ${ssh-target ''
- export PATH; PATH=/root/.nix-profile/bin:$PATH
-
- src=$(type -p nixos-install)
- cat_src() {
- sed < "$src" "$(
- { sed < "$src" -n '
- /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/=
- /^nixpkgs=/=
- /^NIX_PATH=/,/^$/{/./=}
-
- # Disable: Copy the NixOS/Nixpkgs sources to the target as
- # the initial contents of the NixOS channel.
- /^srcs=/,/^ln -sfn /=
- '
- } | sed 's:$:s/^/#krebs#/:'
- )"
- }
-
- # Location to insert config.krebs.build.scripts._nix-env
- i=$(sed -n '/^echo "building the system configuration/=' "$src")
-
- {
- cat_src | sed -n "1,$i{p}"
- cat ${doc config.krebs.build.scripts._nix-env}
- cat_src | sed -n "$i,\''${$i!p}"
- } > nixos-install
- chmod +x nixos-install
-
- # Wrap inserted config.krebs.build.scripts._nix-env into chroot.
- nix_env=$(cat_src | sed -n '
- s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q
- ')
- echo nix-env is $nix_env
- sed -i '
- s:^nix-env:chroot $mountPoint '"$nix_env"':
- ' nixos-install
-
- ./nixos-install
-
- ${readFile ./infest/finalize.sh}
- ''}
- '';
- };
-
- options.krebs.build.scripts._nix-env = lib.mkOption {
- type = lib.types.str;
- default = ''
- set -efu
- NIX_PATH=${config.krebs.build.source.NIX_PATH} \
- nix-env \
- -f '<stockholm>' \
- -Q \
- --argstr user-name ${config.krebs.exec.user.name} \
- --argstr host-name ${target.host.name} \
- --profile ${config.krebs.build.profile} \
- --set \
- -A ${lib.escapeShellArg (lib.concatStringsSep "." [
- config.krebs.build.user.name
- config.krebs.build.host.name
- "system"
- ])}
- '';
- };
-
- options.krebs.build.scripts._source = lib.mkOption {
- type = lib.types.str;
- default = ''
- set -efu
- ${
- lib.concatStringsSep "\n"
- (lib.mapAttrsToList
- (name: { scripts, url, ... }: "(${scripts._source})")
- (config.krebs.build.source.dir //
- config.krebs.build.source.git))
- }
- '';
- };
-
- options.krebs.build.source.NIX_PATH = mkOption {
- type = types.str;
- default =
- lib.concatStringsSep ":"
- (lib.mapAttrsToList (name: _: "${name}=/root/${name}")
- (config.krebs.build.source.dir //
- config.krebs.build.source.git));
- };
-
- options.krebs.build.source.dir = mkOption {
- type =
- let
- exec = config.krebs.exec;
- in
- types.attrsOf (types.submodule ({ config, ... }:
- let
- url = "file://${config.host.name}${config.path}";
-
- can-link = config.host.name == target.host.name;
- can-push = config.host.name == exec.host.name;
-
- push-method = ''
- rsync \
- --exclude .git \
- --exclude .graveyard \
- --exclude old \
- --exclude tmp \
- --rsync-path='mkdir -p ${config.target-path} && rsync' \
- --delete-excluded \
- -vrLptgoD \
- ${config.path}/ \
- ${target.user.name}@${target.host.name}:${config.target-path}
- '';
- in
- {
- options = {
- host = mkOption {
- type = types.host;
- };
- path = mkOption {
- type = types.str;
- };
- scripts._source = mkOption {
- type = types.str;
- default =
- #if can-link then link-method else
- if can-push then push-method else
- throw "cannot source ${url}";
- };
- target-path = mkOption {
- type = types.str;
- default = "/root/${config._module.args.name}";
- };
- url = mkOption {
- type = types.str;
- default = "file://${config.host.name}${config.path}";
- };
- };
- }
- ));
- default = {};
- };
-
- options.krebs.build.source.git = mkOption {
- type =
- let
- target = config.krebs.build // { user.name = "root"; };
- in
- with types; attrsOf (submodule ({ config, ... }:
- {
- options = {
- url = mkOption {
- type = types.str; # TODO must be shell safe
- };
- rev = mkOption {
- type = types.str;
- };
- scripts._source = mkOption {
- type = types.str;
- default = ssh-target ''
- mkdir -p ${config.target-path}
- cd ${config.target-path}
- if ! test -e .git; then
- git init
- fi
- if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
- git remote add origin ${config.url}
- elif test "$cur_url" != ${config.url}; then
- git remote set-url origin ${config.url}
- fi
- if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then
- git fetch origin
- git checkout ${config.rev} -- .
- git checkout -q ${config.rev}
- git submodule init
- git submodule update
- fi
- git clean -dxf
- '';
- };
- target-path = mkOption {
- type = types.str;
- default = "/root/${config._module.args.name}";
- };
- };
- }
- ));
- default = {};
- };
- };
-
- doc = s:
- let b = "EOF${hashString "sha256" s}"; in
- ''
- <<\${b}
- ${s}
- ${b}
- '';
-
- ssh-target = script:
- "ssh root@${target.host.name} -T ${doc ''
- set -efu
- ${script}
- ''}";
-
-in out
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2b4a13c42..d3481505b 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,7 +6,7 @@ let
out = {
imports = [
- ./build
+ ./build.nix
./exim-retiolum.nix
./exim-smarthost.nix
./github-hosts-sync.nix
diff --git a/krebs/3modules/build/infest/finalize.sh b/krebs/4lib/infest/finalize.sh
similarity index 100%
rename from krebs/3modules/build/infest/finalize.sh
rename to krebs/4lib/infest/finalize.sh
diff --git a/krebs/3modules/build/infest/install-nix.sh b/krebs/4lib/infest/install-nix.sh
similarity index 100%
rename from krebs/3modules/build/infest/install-nix.sh
rename to krebs/4lib/infest/install-nix.sh
diff --git a/krebs/3modules/build/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
similarity index 100%
rename from krebs/3modules/build/infest/prepare.sh
rename to krebs/4lib/infest/prepare.sh
diff --git a/krebs/default.nix b/krebs/default.nix
new file mode 100644
index 000000000..0ec4c6079
--- /dev/null
+++ b/krebs/default.nix
@@ -0,0 +1,263 @@
+{ current-date
+, current-host-name
+, current-user-name
+}@current: rec {
+
+ deploy =
+ { system ? current-host-name
+ , target ? system
+ }@args: let
+ config = lib.get-config system;
+ in ''
+ #! /bin/sh
+ # ${current-date} ${current-user-name}@${current-host-name}
+ # krebs.deploy
+ set -efu
+ (${lib.populate args})
+ ${lib.rootssh target ''
+ ${lib.install args}
+ ${config.krebs.build.profile}/bin/switch-to-configuration switch
+ ''}
+ echo OK
+ '';
+
+ infest =
+ { system ? current-host-name
+ , target ? system
+ }@args: let
+ in ''
+ #! /bin/sh
+ # ${current-date} ${current-user-name}@${current-host-name}
+ # krebs.infest
+ set -efu
+
+ # XXX type -p is non-standard
+ #export RSYNC_RSH; RSYNC_RSH="$(type -p ssh) \
+ # -o 'HostName $ {target.host.infest.addr}' \
+ # -o 'Port $ {toString target.host.infest.port}' \
+ #"
+ #ssh() {
+ # eval "$RSYNC_RSH \"\$@\""
+ #}
+
+ ${lib.rootssh target ''
+ ${builtins.readFile ./4lib/infest/prepare.sh}
+ ${builtins.readFile ./4lib/infest/install-nix.sh}
+ ''}
+
+ (${lib.populate args})
+
+ ${lib.rootssh target ''
+ export PATH; PATH=/root/.nix-profile/bin:$PATH
+
+ src=$(type -p nixos-install)
+ cat_src() {
+ sed < "$src" "$(
+ { sed < "$src" -n '
+ /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/=
+ /^nixpkgs=/=
+ /^NIX_PATH=/,/^$/{/./=}
+
+ # Disable: Copy the NixOS/Nixpkgs sources to the target as
+ # the initial contents of the NixOS channel.
+ /^srcs=/,/^ln -sfn /=
+ '
+ } | sed 's:$:s/^/#krebs#/:'
+ )"
+ }
+
+ # Location to insert lib.install
+ i=$(sed -n '/^echo "building the system configuration/=' "$src")
+
+ {
+ cat_src | sed -n "1,$i{p}"
+ cat ${lib.doc (lib.install args)}
+ cat_src | sed -n "$i,\''${$i!p}"
+ } > nixos-install
+ chmod +x nixos-install
+
+ ## Wrap inserted lib.install into chroot.
+ #nix_env=$(cat_src | sed -n '
+ # s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q
+ #')
+ #echo nix-env is $nix_env
+ #sed -i '
+ # s:^nix-env:chroot $mountPoint '"$nix_env"':
+ #' nixos-install
+
+ ./nixos-install
+
+ ${builtins.readFile ./4lib/infest/finalize.sh}
+ ''}
+ '';
+
+ init =
+ { system ? current-host-name
+ }@args: let
+ config = lib.get-config system;
+ in ''
+ #! /bin/sh
+ # ${current-date} ${current-user-name}@${current-host-name}
+ # krebs.init
+ set -efu
+
+ system=${lib.shell.escape system}
+ secrets_dir=${config.krebs.build.source.dir.secrets.path}
+ key_type=ed25519
+ key_file=$secrets_dir/ssh.id_$key_type
+ key_comment=$system
+
+ if test -e "$key_file"; then
+ echo "Warning: privkey already exists: $key_file" >&2
+ else
+ ssh-keygen \
+ -C "$key_comment" \
+ -t "$key_type" \
+ -f "$key_file" \
+ -N ""
+ rm "$key_file.pub"
+ fi
+
+ pubkey=$(ssh-keygen -y -f "$key_file")
+
+ cat<<EOF
+ # put following into config.krebs.hosts.$system:
+ ssh.pubkey = $(echo $pubkey | jq -R .);
+ EOF
+ '';
+
+ lib = import ./4lib { lib = import <nixpkgs/lib>; } // rec {
+
+ stockholm = import ../. current;
+
+ get-config = system:
+ stockholm.${current-user-name}.${system}.config
+ or (abort "unknown system: ${system}");
+
+ doc = s:
+ let b = "EOF${builtins.hashString "sha256" s}"; in
+ ''
+ <<\${b}
+ ${s}
+ ${b}
+ '';
+
+ rootssh = target: script:
+ "ssh root@${target} -T ${lib.doc ''
+ set -efu
+ ${script}
+ ''}";
+
+ install =
+ { system ? current-host-name
+ , target ? system
+ }:
+ let
+ stockholm = import ../. {
+ inherit current-date;
+ inherit current-host-name;
+ inherit current-user-name;
+ };
+
+ config = stockholm.${current-user-name}.${system}.config
+ or (abort "unknown system: ${system}");
+
+ nix-path =
+ lib.concatStringsSep ":"
+ (lib.mapAttrsToList (name: _: "${name}=/root/${name}")
+ (config.krebs.build.source.dir //
+ config.krebs.build.source.git));
+ in ''
+ set -efu
+ NIX_PATH=${lib.shell.escape nix-path} \
+ nix-env \
+ --show-trace \
+ -f '<stockholm>' \
+ -Q \
+ --argstr current-date ${lib.shell.escape current-date} \
+ --argstr current-host-name ${lib.shell.escape current-host-name} \
+ --argstr current-user-name ${lib.shell.escape current-user-name} \
+ --profile ${lib.shell.escape config.krebs.build.profile} \
+ --set \
+ -A ${lib.escapeShellArg (lib.concatStringsSep "." [
+ config.krebs.build.user.name
+ config.krebs.build.host.name
+ "system"
+ ])}
+ '';
+
+ populate =
+ { system ? current-host-name
+ , target ? system
+ }@args:
+ let out = ''
+ #! /bin/sh
+ # ${current-date} ${current-user-name}@${current-host-name}
+ set -efu
+ ${lib.concatStringsSep "\n"
+ (lib.concatMap
+ (type: lib.mapAttrsToList (_: methods.${type})
+ config.krebs.build.source.${type})
+ ["dir" "git"])}
+ '';
+
+ stockholm = import ../. {
+ inherit current-date;
+ inherit current-host-name;
+ inherit current-user-name;
+ };
+
+ config = stockholm.${current-user-name}.${system}.config
+ or (abort "unknown system: ${system}");
+
+ current-host = config.krebs.hosts.${current-host-name};
+ current-user = config.krebs.users.${current-user-name};
+
+ target-host = config.krebs.hosts.${system};
+
+ methods.dir = config:
+ let
+ can-link = config.host.name == target-host.name;
+ can-push = config.host.name == current-host.name;
+ push-method = ''
+ rsync \
+ --exclude .git \
+ --exclude .graveyard \
+ --exclude old \
+ --exclude tmp \
+ --rsync-path='mkdir -p ${config.target-path} && rsync' \
+ --delete-excluded \
+ -vrLptgoD \
+ ${config.path}/ \
+ root@${target}:${config.target-path}
+ '';
+ url = "file://${config.host.name}${config.path}";
+ in
+ #if can-link then link-method else
+ if can-push then push-method else
+ throw "cannot source ${url}";
+
+ methods.git = config:
+ lib.rootssh target ''
+ mkdir -p ${config.target-path}
+ cd ${config.target-path}
+ if ! test -e .git; then
+ git init
+ fi
+ if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
+ git remote add origin ${config.url}
+ elif test "$cur_url" != ${config.url}; then
+ git remote set-url origin ${config.url}
+ fi
+ if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then
+ git fetch origin
+ git checkout ${config.rev} -- .
+ git checkout -q ${config.rev}
+ git submodule init
+ git submodule update
+ fi
+ git clean -dxf
+ '';
+ in out;
+ };
+}
From 3bb7ba2af9a1150a4861c3ab1138e2dd5d0ed2df Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 1 Oct 2015 02:42:57 +0200
Subject: [PATCH 06/10] get: 1.2.0 -> 1.3.0
---
krebs/5pkgs/get/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix
index 313c1bbb5..20bbfd014 100644
--- a/krebs/5pkgs/get/default.nix
+++ b/krebs/5pkgs/get/default.nix
@@ -1,12 +1,12 @@
{ coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }:
stdenv.mkDerivation {
- name = "get-1.2.0";
+ name = "get-1.3.0";
src = fetchgit {
url = http://cgit.cd.retiolum/get;
- rev = "9801ebe6f527b9505799ff423c427c03694d85de";
- sha256 = "278dee0b873907650b97cc95a60c26f027ed59d75d9c4c23e9667a352ea60eea";
+ rev = "fbe8f8d12ede9762fceb15b9944b69a4ee6331eb";
+ sha256 = "bcdf036f8b5d1467285d0998aeac7e48280adfb9e1278f9f424c9c8b5e6ed8fa";
};
phases = [
From 0a479349f975dce8e9832fb80416c4a631713cb2 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 1 Oct 2015 03:07:31 +0200
Subject: [PATCH 07/10] default out: filter unknown dirs
---
default.nix | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/default.nix b/default.nix
index 7f3f621b8..c6a635c29 100644
--- a/default.nix
+++ b/default.nix
@@ -12,14 +12,19 @@ let
user-pkgs-path = ./. + "/${current-user-name}/5pkgs";
out =
- (lib.mapAttrs
- (k: v:
- if builtins.pathExists (./. + "/${k}/1systems")
- then mk-namespace (./. + "/${k}")
- else import (./. + "/${k}"))
- (lib.filterAttrs
- (k: v: !lib.hasPrefix "." k && v == "directory")
- (builtins.readDir ./.)));
+ lib.mapAttrs (_: builtins.getAttr "main")
+ (lib.filterAttrs (_: builtins.hasAttr "main")
+ (lib.mapAttrs
+ (k: v:
+ if lib.hasPrefix "." k || v != "directory" then
+ {}
+ else if builtins.pathExists (./. + "/${k}/default.nix") then
+ { main = import (./. + "/${k}"); }
+ else if builtins.pathExists (./. + "/${k}/1systems") then
+ { main = mk-namespace (./. + "/${k}"); }
+ else
+ {})
+ (builtins.readDir ./.)));
eval = path: import <nixpkgs/nixos/lib/eval-config.nix> {
system = builtins.currentSystem;
From 3b3291ed7da3542ab2f0018a9a0fc6737eaf412c Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 1 Oct 2015 14:24:15 +0200
Subject: [PATCH 08/10] wu nixpkgs: bd84eba -> e916273
---
tv/1systems/wu.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 17394df25..e54aed056 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -11,7 +11,7 @@ with lib;
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "bd84ebaa1e0359f41350e053ed24592b169b5714";
+ rev = "e916273209560b302ab231606babf5ce1c481f08";
};
dir.secrets = {
host = config.krebs.hosts.wu;
From 2ef889b1c409ac8d83cabb8d12d564ae5a89d47d Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 1 Oct 2015 14:26:50 +0200
Subject: [PATCH 09/10] mkdir: 104.233.84.{174 -> 215}
---
krebs/3modules/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index d3481505b..5e8cdc639 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -530,7 +530,7 @@ let
infest.addr = head nets.internet.addrs4;
nets = rec {
internet = {
- addrs4 = ["104.233.84.173"];
+ addrs4 = ["104.233.84.215"];
aliases = [
"mkdir.internet"
];
From 3384dd0a5578cc3a26dd076669dd264f5ae9f008 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Thu, 1 Oct 2015 14:29:53 +0200
Subject: [PATCH 10/10] krebs lib.shell.escape: add safe chars: +:=
---
krebs/4lib/shell.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/4lib/shell.nix b/krebs/4lib/shell.nix
index 2a6da5c16..5910adacc 100644
--- a/krebs/4lib/shell.nix
+++ b/krebs/4lib/shell.nix
@@ -6,7 +6,7 @@ with lib;
rec {
escape =
let
- isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null;
+ isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null;
in
stringAsChars (c:
if isSafeChar c then c