Merge remote-tracking branch 'tv/master'
This commit is contained in:
commit
8cefb46636
|
@ -21,6 +21,7 @@ let
|
||||||
./git.nix
|
./git.nix
|
||||||
./go.nix
|
./go.nix
|
||||||
./iptables.nix
|
./iptables.nix
|
||||||
|
./kapacitor.nix
|
||||||
./newsbot-js.nix
|
./newsbot-js.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./nixpkgs.nix
|
./nixpkgs.nix
|
||||||
|
|
173
krebs/3modules/kapacitor.nix
Normal file
173
krebs/3modules/kapacitor.nix
Normal file
|
@ -0,0 +1,173 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with builtins;
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.krebs.kapacitor;
|
||||||
|
|
||||||
|
out = {
|
||||||
|
options.krebs.kapacitor = api;
|
||||||
|
config = mkIf cfg.enable imp;
|
||||||
|
};
|
||||||
|
|
||||||
|
configOptions = recursiveUpdate {
|
||||||
|
hostname = "localhost";
|
||||||
|
data_dir = cfg.dataDir;
|
||||||
|
http = {
|
||||||
|
bind-address = ":9092";
|
||||||
|
auth-enabled = false;
|
||||||
|
log-enabled = false;
|
||||||
|
gtgwrite-tracing = false;
|
||||||
|
pprof-enabled = false;
|
||||||
|
https-enabled = false;
|
||||||
|
https-certificate = "/etc/ssl/kapacitor.pem";
|
||||||
|
shutdown-timeout = "10s";
|
||||||
|
shared-secret = "";
|
||||||
|
};
|
||||||
|
|
||||||
|
replay ={
|
||||||
|
dir = "${cfg.dataDir}/replay";
|
||||||
|
};
|
||||||
|
|
||||||
|
storage = {
|
||||||
|
boltdb = "${cfg.dataDir}/kapacitor.db";
|
||||||
|
};
|
||||||
|
|
||||||
|
task = {
|
||||||
|
dir = "${cfg.dataDir}/tasks";
|
||||||
|
snapshot-interval = "1m0s";
|
||||||
|
};
|
||||||
|
|
||||||
|
influxdb = [{
|
||||||
|
enabled = true;
|
||||||
|
name = "default";
|
||||||
|
default = false;
|
||||||
|
urls = ["http://localhost:8086"];
|
||||||
|
username = "";
|
||||||
|
password = "";
|
||||||
|
ssl-ca = "";
|
||||||
|
ssl-cert = "";
|
||||||
|
ssl-key = "";
|
||||||
|
insecure-skip-verify = false;
|
||||||
|
timeout = "0s";
|
||||||
|
disable-subscriptions = false;
|
||||||
|
subscription-protocol = "http";
|
||||||
|
udp-bind = "";
|
||||||
|
udp-buffer = 1000;
|
||||||
|
udp-read-buffer = 0;
|
||||||
|
startup-timeout = "5m0s";
|
||||||
|
subscriptions-sync-interval = "1m0s";
|
||||||
|
influxdb.excluded-subscriptions = {
|
||||||
|
_kapacitor = ["autogen"];
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
|
||||||
|
logging = {
|
||||||
|
file = "STDERR";
|
||||||
|
level = "INFO";
|
||||||
|
};
|
||||||
|
|
||||||
|
deadman = {
|
||||||
|
interval = "10s";
|
||||||
|
id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'";
|
||||||
|
message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL.";
|
||||||
|
global = false;
|
||||||
|
};
|
||||||
|
} cfg.extraConfig;
|
||||||
|
|
||||||
|
api = {
|
||||||
|
enable = mkEnableOption "kapacitor";
|
||||||
|
dataDir = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/lib/kapacitor";
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = types.user;
|
||||||
|
default = {
|
||||||
|
name = "kapacitor";
|
||||||
|
home = cfg.dataDir;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
group = mkOption {
|
||||||
|
type = types.group;
|
||||||
|
default = {
|
||||||
|
name = "kapacitor";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraConfig = mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
|
alarms = mkOption {
|
||||||
|
type = with types; attrsOf (submodule {
|
||||||
|
options = {
|
||||||
|
database = mkOption {
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
text = mkOption {
|
||||||
|
type = str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
configFile = pkgs.runCommand "kapacitor.toml" {} ''
|
||||||
|
${pkgs.remarshal}/bin/remarshal -if json -of toml \
|
||||||
|
< ${pkgs.writeText "kapacitor.json" (builtins.toJSON configOptions)} \
|
||||||
|
> $out
|
||||||
|
'';
|
||||||
|
|
||||||
|
imp = {
|
||||||
|
users = {
|
||||||
|
groups.${cfg.group.name} = {
|
||||||
|
inherit (cfg.group) name gid;
|
||||||
|
};
|
||||||
|
users.${cfg.user.name} = {
|
||||||
|
inherit (cfg.user) home name uid;
|
||||||
|
createHome = true;
|
||||||
|
group = cfg.group.name;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.kapacitor = {
|
||||||
|
description = "kapacitor";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
restartIfChanged = true;
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = "always";
|
||||||
|
User = cfg.user.name;
|
||||||
|
ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.kapacitor-alarms = {
|
||||||
|
description = "kapacitor-alarms";
|
||||||
|
after = [ "kapacitor.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
restartIfChanged = true;
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
User = cfg.user.name;
|
||||||
|
ExecStart = pkgs.writeDash "add_alarms" ''
|
||||||
|
${pkgs.kapacitor}/bin/kapacitor delete tasks \*
|
||||||
|
${concatStrings (mapAttrsToList (name: alarm: ''
|
||||||
|
${pkgs.kapacitor}/bin/kapacitor define ${name} \
|
||||||
|
-type batch \
|
||||||
|
-tick ${pkgs.writeText "${name}.tick" alarm.text} \
|
||||||
|
-dbrp ${alarm.database}.default
|
||||||
|
${pkgs.kapacitor}/bin/kapacitor enable ${name}
|
||||||
|
'') cfg.alarms)}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
in out
|
|
@ -302,7 +302,9 @@ with import <stockholm/lib>;
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
|
||||||
};
|
};
|
||||||
|
iso = {
|
||||||
|
cores = 1;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
lass = {
|
lass = {
|
||||||
|
|
|
@ -118,7 +118,7 @@ rec {
|
||||||
};
|
};
|
||||||
|
|
||||||
url-title = (buildSimpleReaktorPlugin "url-title" {
|
url-title = (buildSimpleReaktorPlugin "url-title" {
|
||||||
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)$$";
|
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
|
||||||
path = with pkgs; [ curl perl ];
|
path = with pkgs; [ curl perl ];
|
||||||
script = pkgs.writeDash "lambda-pl" ''
|
script = pkgs.writeDash "lambda-pl" ''
|
||||||
if [ "$#" -gt 0 ]; then
|
if [ "$#" -gt 0 ]; then
|
||||||
|
|
|
@ -1,293 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
with import <stockholm/lib>;
|
|
||||||
rec {
|
|
||||||
execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let
|
|
||||||
in writeC name { inherit destination; } /* c */ ''
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
static char *const filename = ${toC filename};
|
|
||||||
|
|
||||||
${if argv == null
|
|
||||||
then /* Propagate arguments */ /* c */ ''
|
|
||||||
#define MAIN_ARGS int argc, char **argv
|
|
||||||
''
|
|
||||||
else /* Provide fixed arguments */ /* c */ ''
|
|
||||||
#define MAIN_ARGS void
|
|
||||||
static char *const argv[] = ${toC (argv ++ [null])};
|
|
||||||
''}
|
|
||||||
|
|
||||||
static char *const envp[] = ${toC (
|
|
||||||
mapAttrsToList (k: v: "${k}=${v}") envp ++ [null]
|
|
||||||
)};
|
|
||||||
|
|
||||||
int main (MAIN_ARGS) {
|
|
||||||
execve(filename, argv, envp);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
|
|
||||||
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
|
|
||||||
|
|
||||||
makeScriptWriter = interpreter: name: text:
|
|
||||||
assert (with types; either absolute-pathname filename).check name;
|
|
||||||
pkgs.writeOut (baseNameOf name) {
|
|
||||||
${optionalString (types.absolute-pathname.check name) name} = {
|
|
||||||
executable = true;
|
|
||||||
text = "#! ${interpreter}\n${text}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
writeBash = name: text:
|
|
||||||
assert (with types; either absolute-pathname filename).check name;
|
|
||||||
pkgs.writeOut (baseNameOf name) {
|
|
||||||
${optionalString (types.absolute-pathname.check name) name} = {
|
|
||||||
check = pkgs.writeDash "shellcheck.sh" ''
|
|
||||||
${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || :
|
|
||||||
'';
|
|
||||||
executable = true;
|
|
||||||
text = "#! ${pkgs.bash}/bin/bash\n${text}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
writeBashBin = name:
|
|
||||||
assert types.filename.check name;
|
|
||||||
pkgs.writeBash "/bin/${name}";
|
|
||||||
|
|
||||||
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} /* sh */ ''
|
|
||||||
PATH=${makeBinPath (with pkgs; [
|
|
||||||
binutils
|
|
||||||
coreutils
|
|
||||||
gcc
|
|
||||||
])}
|
|
||||||
src=${pkgs.writeText "${name}.c" src}
|
|
||||||
exe=$out${destination}
|
|
||||||
mkdir -p "$(dirname "$exe")"
|
|
||||||
gcc -O -Wall -o "$exe" $src
|
|
||||||
strip --strip-unneeded "$exe"
|
|
||||||
'';
|
|
||||||
|
|
||||||
writeDash = makeScriptWriter "${pkgs.dash}/bin/dash";
|
|
||||||
|
|
||||||
writeDashBin = name:
|
|
||||||
assert types.filename.check name;
|
|
||||||
pkgs.writeDash "/bin/${name}";
|
|
||||||
|
|
||||||
writeEximConfig = name: text: pkgs.runCommand name {
|
|
||||||
inherit text;
|
|
||||||
passAsFile = [ "text" ];
|
|
||||||
} /* sh */ ''
|
|
||||||
# TODO validate exim config even with config.nix.useChroot == true
|
|
||||||
# currently doing so will fail because "user exim was not found"
|
|
||||||
#${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null
|
|
||||||
mv "$textPath" $out
|
|
||||||
'';
|
|
||||||
|
|
||||||
writeOut = name: specs0:
|
|
||||||
let
|
|
||||||
writers.link =
|
|
||||||
{ path
|
|
||||||
, link
|
|
||||||
}:
|
|
||||||
assert path == "" || types.absolute-pathname.check path;
|
|
||||||
assert types.package.check link;
|
|
||||||
{
|
|
||||||
install = /* sh */ ''
|
|
||||||
${optionalString (dirOf path != "/") /* sh */ ''
|
|
||||||
${pkgs.coreutils}/bin/mkdir -p $out${dirOf path}
|
|
||||||
''}
|
|
||||||
${pkgs.coreutils}/bin/ln -s ${link} $out${path}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
writers.text =
|
|
||||||
{ path
|
|
||||||
, check ? null
|
|
||||||
, executable ? false
|
|
||||||
, mode ? if executable then "0755" else "0644"
|
|
||||||
, text
|
|
||||||
}:
|
|
||||||
assert path == "" || types.absolute-pathname.check path;
|
|
||||||
assert types.bool.check executable;
|
|
||||||
assert types.file-mode.check mode;
|
|
||||||
rec {
|
|
||||||
var = "file_${hashString "sha1" path}";
|
|
||||||
val = text;
|
|
||||||
install = /* sh */ ''
|
|
||||||
${optionalString (check != null) /* sh */ ''
|
|
||||||
${check} ''$${var}Path
|
|
||||||
''}
|
|
||||||
${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
write = spec: writers.${spec.type} (removeAttrs spec ["type"]);
|
|
||||||
|
|
||||||
specs =
|
|
||||||
mapAttrsToList
|
|
||||||
(path: spec: let
|
|
||||||
known-types = [ "link" "text" ];
|
|
||||||
found-types = attrNames (getAttrs known-types spec);
|
|
||||||
type = assert length found-types == 1; head found-types;
|
|
||||||
in spec // { inherit path type; })
|
|
||||||
specs0;
|
|
||||||
|
|
||||||
files = map write specs;
|
|
||||||
|
|
||||||
filevars = genAttrs' (filter (hasAttr "var") files)
|
|
||||||
(spec: nameValuePair spec.var spec.val);
|
|
||||||
|
|
||||||
env = filevars // { passAsFile = attrNames filevars; };
|
|
||||||
in
|
|
||||||
pkgs.runCommand name env /* sh */ ''
|
|
||||||
set -efu
|
|
||||||
${concatMapStringsSep "\n" (getAttr "install") files}
|
|
||||||
'';
|
|
||||||
|
|
||||||
writeHaskell =
|
|
||||||
k:
|
|
||||||
let
|
|
||||||
k' = parseDrvName k;
|
|
||||||
name = k'.name;
|
|
||||||
version = if k'.version != "" then k'.version else "0";
|
|
||||||
in
|
|
||||||
{ base-depends ? ["base"]
|
|
||||||
, executables ? {}
|
|
||||||
, ghc-options ? ["-Wall" "-O3" "-threaded" "-rtsopts"]
|
|
||||||
, haskellPackages ? pkgs.haskellPackages
|
|
||||||
, library ? null
|
|
||||||
, license ? "WTFPL"
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
isExecutable = executables != {};
|
|
||||||
isLibrary = library != null;
|
|
||||||
|
|
||||||
cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ ''
|
|
||||||
build-type: Simple
|
|
||||||
cabal-version: >= 1.2
|
|
||||||
name: ${name}
|
|
||||||
version: ${version}
|
|
||||||
${concatStringsSep "\n" (mapAttrsToList exe-section executables)}
|
|
||||||
${optionalString isLibrary (lib-section library)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
exe-install =
|
|
||||||
exe-name:
|
|
||||||
{ file ? pkgs.writeText "${name}-${exe-name}.hs" text
|
|
||||||
, relpath ? "${exe-name}.hs"
|
|
||||||
, text
|
|
||||||
, ... }:
|
|
||||||
if types.filename.check exe-name
|
|
||||||
then /* sh */ "install -D ${file} $out/${relpath}"
|
|
||||||
else throw "argument ‘exe-name’ is not a ${types.filename.name}";
|
|
||||||
|
|
||||||
exe-section =
|
|
||||||
exe-name:
|
|
||||||
{ build-depends ? base-depends ++ extra-depends
|
|
||||||
, extra-depends ? []
|
|
||||||
, file ? pkgs.writeText "${name}-${exe-name}.hs" text
|
|
||||||
, relpath ? "${exe-name}.hs"
|
|
||||||
, text
|
|
||||||
, ... }: /* cabal */ ''
|
|
||||||
executable ${exe-name}
|
|
||||||
build-depends: ${concatStringsSep "," build-depends}
|
|
||||||
ghc-options: ${toString ghc-options}
|
|
||||||
main-is: ${relpath}
|
|
||||||
'';
|
|
||||||
|
|
||||||
get-depends =
|
|
||||||
{ build-depends ? base-depends ++ extra-depends
|
|
||||||
, extra-depends ? []
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
build-depends;
|
|
||||||
|
|
||||||
lib-install =
|
|
||||||
{ exposed-modules
|
|
||||||
, ... }:
|
|
||||||
concatStringsSep "\n" (mapAttrsToList mod-install exposed-modules);
|
|
||||||
|
|
||||||
lib-section =
|
|
||||||
{ build-depends ? base-depends ++ extra-depends
|
|
||||||
, extra-depends ? []
|
|
||||||
, exposed-modules
|
|
||||||
, ... }: /* cabal */ ''
|
|
||||||
library
|
|
||||||
build-depends: ${concatStringsSep "," build-depends}
|
|
||||||
ghc-options: ${toString ghc-options}
|
|
||||||
exposed-modules: ${concatStringsSep "," (attrNames exposed-modules)}
|
|
||||||
'';
|
|
||||||
|
|
||||||
mod-install =
|
|
||||||
mod-name:
|
|
||||||
{ file ? pkgs.writeText "${name}-${mod-name}.hs" text
|
|
||||||
, relpath ? "${replaceStrings ["."] ["/"] mod-name}.hs"
|
|
||||||
, text
|
|
||||||
, ... }:
|
|
||||||
if types.haskell.modid.check mod-name
|
|
||||||
then /* sh */ "install -D ${file} $out/${relpath}"
|
|
||||||
else throw "argument ‘mod-name’ is not a ${types.haskell.modid.name}";
|
|
||||||
in
|
|
||||||
haskellPackages.mkDerivation {
|
|
||||||
inherit isExecutable isLibrary license version;
|
|
||||||
executableHaskellDepends =
|
|
||||||
attrVals
|
|
||||||
(concatMap get-depends (attrValues executables))
|
|
||||||
haskellPackages;
|
|
||||||
libraryHaskellDepends =
|
|
||||||
attrVals
|
|
||||||
(optionals isLibrary (get-depends library))
|
|
||||||
haskellPackages;
|
|
||||||
pname = name;
|
|
||||||
src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ ''
|
|
||||||
install -D ${cabal-file} $out/${cabal-file.name}
|
|
||||||
${optionalString isLibrary (lib-install library)}
|
|
||||||
${concatStringsSep "\n" (mapAttrsToList exe-install executables)}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
writeJq = name: src: pkgs.runCommand name {} /* sh */ ''
|
|
||||||
name=${assert types.filename.check name; name}
|
|
||||||
src=${shell.escape src}
|
|
||||||
|
|
||||||
# syntax check
|
|
||||||
printf '%s' "$src" > src.jq
|
|
||||||
${pkgs.jq}/bin/jq -f src.jq < /dev/null
|
|
||||||
|
|
||||||
cp src.jq "$out"
|
|
||||||
'';
|
|
||||||
|
|
||||||
writeJSON = name: value: pkgs.writeText name (toJSON value);
|
|
||||||
|
|
||||||
writeNixFromCabal =
|
|
||||||
trace (toString [
|
|
||||||
"The function `writeNixFromCabal` has been deprecated in favour of"
|
|
||||||
"`writeHaskell`."
|
|
||||||
])
|
|
||||||
(name: path: pkgs.runCommand name {} /* sh */ ''
|
|
||||||
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
|
|
||||||
'');
|
|
||||||
|
|
||||||
writePython2 = name: src: pkgs.runCommand name {} /* sh */ ''
|
|
||||||
name=${assert types.filename.check name; name}
|
|
||||||
src=${shell.escape src}
|
|
||||||
|
|
||||||
# syntax check
|
|
||||||
printf '%s' "$src" > src.py
|
|
||||||
${pkgs.python2}/bin/python -m py_compile src.py
|
|
||||||
|
|
||||||
cp src.py "$out"
|
|
||||||
'';
|
|
||||||
|
|
||||||
writePython3 = name: src: pkgs.runCommand name {} /* sh */ ''
|
|
||||||
name=${assert types.filename.check name; name}
|
|
||||||
src=${shell.escape src}
|
|
||||||
|
|
||||||
# syntax check
|
|
||||||
printf '%s' "$src" > src.py
|
|
||||||
${pkgs.python3}/bin/python -m py_compile src.py
|
|
||||||
|
|
||||||
cp src.py "$out"
|
|
||||||
'';
|
|
||||||
|
|
||||||
writeSed = makeScriptWriter "${pkgs.gnused}/bin/sed -f";
|
|
||||||
}
|
|
|
@ -1,13 +1,16 @@
|
||||||
{ config, lib, pkgs, ... }@args:
|
{ config, lib, pkgs, ... }@args:
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
nixpkgs.config.packageOverrides = pkgs: let
|
imports = [
|
||||||
|
./writers.nix
|
||||||
|
];
|
||||||
|
nixpkgs.config.packageOverrides = oldpkgs: let
|
||||||
|
|
||||||
# This callPackage will try to detect obsolete overrides.
|
# This callPackage will try to detect obsolete overrides.
|
||||||
callPackage = path: args: let
|
callPackage = path: args: let
|
||||||
override = pkgs.callPackage path args;
|
override = pkgs.callPackage path args;
|
||||||
upstream = optionalAttrs (override ? "name")
|
upstream = optionalAttrs (override ? "name")
|
||||||
(pkgs.${(parseDrvName override.name).name} or {});
|
(oldpkgs.${(parseDrvName override.name).name} or {});
|
||||||
in if upstream ? "name" &&
|
in if upstream ? "name" &&
|
||||||
override ? "name" &&
|
override ? "name" &&
|
||||||
compareVersions upstream.name override.name != -1
|
compareVersions upstream.name override.name != -1
|
||||||
|
@ -15,14 +18,13 @@ with import <stockholm/lib>;
|
||||||
else override;
|
else override;
|
||||||
|
|
||||||
in {}
|
in {}
|
||||||
// import ./builders.nix args
|
|
||||||
// mapAttrs (_: flip callPackage {})
|
// mapAttrs (_: flip callPackage {})
|
||||||
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
|
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
|
||||||
(subdirsOf ./.))
|
(subdirsOf ./.))
|
||||||
// {
|
// {
|
||||||
empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out";
|
empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out";
|
||||||
|
|
||||||
haskellPackages = pkgs.haskellPackages.override {
|
haskellPackages = oldpkgs.haskellPackages.override {
|
||||||
overrides = self: super:
|
overrides = self: super:
|
||||||
mapAttrs (name: path: self.callPackage path {})
|
mapAttrs (name: path: self.callPackage path {})
|
||||||
(mapAttrs'
|
(mapAttrs'
|
||||||
|
@ -45,17 +47,15 @@ with import <stockholm/lib>;
|
||||||
buildbot-worker = callPackage ./buildbot/worker.nix {};
|
buildbot-worker = callPackage ./buildbot/worker.nix {};
|
||||||
|
|
||||||
# https://github.com/proot-me/PRoot/issues/106
|
# https://github.com/proot-me/PRoot/issues/106
|
||||||
proot = overrideDerivation pkgs.proot (oldAttrs: {
|
proot = pkgs.writeDashBin "proot" ''
|
||||||
patches = singleton (pkgs.fetchurl {
|
export PROOT_NO_SECCOMP=1
|
||||||
url = https://github.com/openmole/PRoot/commit/10119a1f1fd7dea012464ae176c2b5fc3eb18928.diff;
|
exec ${oldpkgs.proot}/bin/proot "$@"
|
||||||
sha256 = "0cmd95mz8p5ifjvfvi4g9zzyxqddbscxin2j3a9zbmbjl2wi458g";
|
'';
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
|
||||||
symlinkJoin = { name, paths, ... }@args: let
|
symlinkJoin = { name, paths, ... }@args: let
|
||||||
x = pkgs.symlinkJoin args;
|
x = oldpkgs.symlinkJoin args;
|
||||||
in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths;
|
in if typeOf x != "lambda" then x else oldpkgs.symlinkJoin name paths;
|
||||||
|
|
||||||
test = {
|
test = {
|
||||||
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
|
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
|
{ stdenv, lib, fetchurl, gnome3, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
|
||||||
makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
|
makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "forticlientsslvpn";
|
name = "forticlientsslvpn";
|
||||||
|
@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
|
||||||
];
|
];
|
||||||
|
|
||||||
guiLibPath = lib.makeLibraryPath [
|
guiLibPath = lib.makeLibraryPath [
|
||||||
gtk
|
gnome3.gtk
|
||||||
glib
|
glib
|
||||||
libSM
|
libSM
|
||||||
gdk_pixbuf
|
gdk_pixbuf
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
{ stdenv, lib, fetchFromGitHub, buildGoPackage }:
|
|
||||||
|
|
||||||
buildGoPackage rec {
|
|
||||||
name = "kapacitor-${version}";
|
|
||||||
version = "1.0.0";
|
|
||||||
|
|
||||||
goPackagePath = "github.com/influxdata/kapacitor";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "influxdata";
|
|
||||||
repo = "kapacitor";
|
|
||||||
rev = "v${version}";
|
|
||||||
sha256 = "14l9bhj6qdif79s4dyqqbnjgj3m4iarvw0ckld1wdhpdgvl8w9qh";
|
|
||||||
};
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "Open source framework for processing, monitoring, and alerting on time series data";
|
|
||||||
license = licenses.mit;
|
|
||||||
homepage = https://influxdata.com/time-series-platform/kapacitor/;
|
|
||||||
maintainers = with maintainers; [offline];
|
|
||||||
platforms = with platforms; linux;
|
|
||||||
};
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,27 +0,0 @@
|
||||||
{ lib, buildGoPackage, fetchFromGitHub }:
|
|
||||||
|
|
||||||
buildGoPackage rec {
|
|
||||||
name = "telegraf-${version}";
|
|
||||||
version = "1.1.2";
|
|
||||||
|
|
||||||
goPackagePath = "github.com/influxdata/telegraf";
|
|
||||||
|
|
||||||
excludedPackages = "test";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "influxdata";
|
|
||||||
repo = "telegraf";
|
|
||||||
rev = "${version}";
|
|
||||||
sha256 = "0dgrbdyz261j28wcq636125ha4xmfgh4y9shlg8m1y6jqdqd2zf2";
|
|
||||||
};
|
|
||||||
|
|
||||||
goDeps = ./. + builtins.toPath "/deps-${version}.nix";
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "The plugin-driven server agent for collecting & reporting metrics.";
|
|
||||||
license = licenses.mit;
|
|
||||||
homepage = https://www.influxdata.com/time-series-platform/telegraf/;
|
|
||||||
maintainers = with maintainers; [ mic92 roblabla ];
|
|
||||||
platforms = platforms.linux;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,588 +0,0 @@
|
||||||
# This file was generated by go2nix.
|
|
||||||
[
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/Shopify/sarama";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/Shopify/sarama";
|
|
||||||
rev = "8aadb476e66ca998f2f6bb3c993e9a2daa3666b9";
|
|
||||||
sha256 = "1ndaddqcll9r22jg9x36acanxv5ds3xwahrm4b6nmmg06670gksv";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/Sirupsen/logrus";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/Sirupsen/logrus";
|
|
||||||
rev = "219c8cb75c258c552e999735be6df753ffc7afdc";
|
|
||||||
sha256 = "04v55846v1535dplldyjhr0yqxl6n1mr4kiy2vz3ragv92xpshr6";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/aerospike/aerospike-client-go";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/aerospike/aerospike-client-go";
|
|
||||||
rev = "7f3a312c3b2a60ac083ec6da296091c52c795c63";
|
|
||||||
sha256 = "05ancqplckvni9xp6xd4bv2pgkfa4v23svfcg27m8xinzi4ry219";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/amir/raidman";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/amir/raidman";
|
|
||||||
rev = "53c1b967405155bfc8758557863bf2e14f814687";
|
|
||||||
sha256 = "08a6zz4akkm7lk02w53vfhkxdf0ikv32x41rc4jyi2qaf0wyw6b4";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/aws/aws-sdk-go";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/aws/aws-sdk-go";
|
|
||||||
rev = "13a12060f716145019378a10e2806c174356b857";
|
|
||||||
sha256 = "09yl85kk2y4ayk44af5rbnkq4vy82vbh2z5ac4vpl2vgv7zyh46h";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/beorn7/perks";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/beorn7/perks";
|
|
||||||
rev = "3ac7bf7a47d159a033b107610db8a1b6575507a4";
|
|
||||||
sha256 = "1qc3l4r818xpvrhshh1sisc5lvl9479qspcfcdbivdyh0apah83r";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/cenkalti/backoff";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/cenkalti/backoff";
|
|
||||||
rev = "4dc77674aceaabba2c7e3da25d4c823edfb73f99";
|
|
||||||
sha256 = "0icf4vrgzksr0g8h6y00rd92h1mym6waf3mbqpf890bkw60gnm0w";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/couchbase/go-couchbase";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/couchbase/go-couchbase";
|
|
||||||
rev = "cb664315a324d87d19c879d9cc67fda6be8c2ac1";
|
|
||||||
sha256 = "1dfw1apwrlfwl7bahb6dy5g9z2vs431l4lpaj3k9bnm13p0awivr";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/couchbase/gomemcached";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/couchbase/gomemcached";
|
|
||||||
rev = "a5ea6356f648fec6ab89add00edd09151455b4b2";
|
|
||||||
sha256 = "00x57qqdv9ciyxiw2y6p4s65sfgi4cs6zi39qlqlw90nh133xnwi";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/couchbase/goutils";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/couchbase/goutils";
|
|
||||||
rev = "5823a0cbaaa9008406021dc5daf80125ea30bba6";
|
|
||||||
sha256 = "15v5ps2i2y2hczwxs2ci4c2w4p3pn3bl7vc5wlaqnc7i14f9285c";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/dancannon/gorethink";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/dancannon/gorethink";
|
|
||||||
rev = "e7cac92ea2bc52638791a021f212145acfedb1fc";
|
|
||||||
sha256 = "0f9gwsqf93qzvfpdwgam7vcfzrrkcj2s9ms4p056kcyxv9snwq3g";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/davecgh/go-spew";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/davecgh/go-spew";
|
|
||||||
rev = "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d";
|
|
||||||
sha256 = "15h9kl73rdbzlfmsdxp13jja5gs7sknvqkpq2qizq3qv3nr1x8dk";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/docker/engine-api";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/docker/engine-api";
|
|
||||||
rev = "8924d6900370b4c7e7984be5adc61f50a80d7537";
|
|
||||||
sha256 = "1klimc3d1a2vfgl14a7js20ricpghq5jzvh8l46kf87ycjwc0q4n";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/docker/go-connections";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/docker/go-connections";
|
|
||||||
rev = "f549a9393d05688dff0992ef3efd8bbe6c628aeb";
|
|
||||||
sha256 = "0k1yf4bimmwxc0qiz997nagfmddbm8nwb0c1q16387m8lgw1gbwg";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/docker/go-units";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/docker/go-units";
|
|
||||||
rev = "5d2041e26a699eaca682e2ea41c8f891e1060444";
|
|
||||||
sha256 = "0hn8xdbaykp046inc4d2mwig5ir89ighma8hk18dfkm8rh1vvr8i";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/eapache/go-resiliency";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/eapache/go-resiliency";
|
|
||||||
rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3";
|
|
||||||
sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/eapache/queue";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/eapache/queue";
|
|
||||||
rev = "ded5959c0d4e360646dc9e9908cff48666781367";
|
|
||||||
sha256 = "0inclypw0kln8hsn34c5ww34h0qa9fcqwak93lac5dp59rz5430n";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/eclipse/paho.mqtt.golang";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/eclipse/paho.mqtt.golang";
|
|
||||||
rev = "0f7a459f04f13a41b7ed752d47944528d4bf9a86";
|
|
||||||
sha256 = "13l6mrx9z859r4r7kpa9rsbf4ni7dn6xgz8iyv2xnz53pqffanjh";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/go-sql-driver/mysql";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/go-sql-driver/mysql";
|
|
||||||
rev = "1fca743146605a172a266e1654e01e5cd5669bee";
|
|
||||||
sha256 = "02vbq8j4r3skg3fmiv1wvjqh1542dr515w8f3d42b5lpwc1fsn38";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/gobwas/glob";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/gobwas/glob";
|
|
||||||
rev = "49571a1557cd20e6a2410adc6421f85b66c730b5";
|
|
||||||
sha256 = "16j7pdxajqrl20a737p7kgsngr2f7gkkpgqxxmfkrmgckgkc8cvk";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/golang/protobuf";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/golang/protobuf";
|
|
||||||
rev = "552c7b9542c194800fd493123b3798ef0a832032";
|
|
||||||
sha256 = "1zaw1xxnvgsvfcrv5xkn1f7p87vyh9i6mc44csl11fgc2hvqp6xm";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/golang/snappy";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/golang/snappy";
|
|
||||||
rev = "d9eb7a3d35ec988b8585d4a0068e462c27d28380";
|
|
||||||
sha256 = "0wynarlr1y8sm9y9l29pm9dgflxriiialpwn01066snzjxnpmbyn";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/gonuts/go-shellquote";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/gonuts/go-shellquote";
|
|
||||||
rev = "e842a11b24c6abfb3dd27af69a17f482e4b483c2";
|
|
||||||
sha256 = "19lbz7wl241bsyzsv2ai40b2vnj8c9nl107b6jf9gid3i6h0xydg";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/gorilla/context";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/gorilla/context";
|
|
||||||
rev = "1ea25387ff6f684839d82767c1733ff4d4d15d0a";
|
|
||||||
sha256 = "1nh1nzxcsgd215x4xn59wc4cbqfa8zvhvnnx5p8fkrn4bj1cgak4";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/gorilla/mux";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/gorilla/mux";
|
|
||||||
rev = "c9e326e2bdec29039a3761c07bece13133863e1e";
|
|
||||||
sha256 = "1bplp6v14isjdfpf8328k8bvkn35n451axkxlm822d9h5ccg47g6";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/hailocab/go-hostpool";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/hailocab/go-hostpool";
|
|
||||||
rev = "e80d13ce29ede4452c43dea11e79b9bc8a15b478";
|
|
||||||
sha256 = "05ld4wp3illkbgl043yf8jq9y1ld0zzvrcg8jdij129j50xgfxny";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/hashicorp/consul";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/hashicorp/consul";
|
|
||||||
rev = "5aa90455ce78d4d41578bafc86305e6e6b28d7d2";
|
|
||||||
sha256 = "1xas814kkhwnjg5ghhlkgygcgi5p7h6dczmpbrzzh3yygbfdzxgw";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/hpcloud/tail";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/hpcloud/tail";
|
|
||||||
rev = "b2940955ab8b26e19d43a43c4da0475dd81bdb56";
|
|
||||||
sha256 = "1x266pdfvcymsbdrdsns06qq5qfjb62z6h4512ylhakbm64qkn4s";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/influxdata/config";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/influxdata/config";
|
|
||||||
rev = "b79f6829346b8d6e78ba73544b1e1038f1f1c9da";
|
|
||||||
sha256 = "0k4iywy83n3kq2f58a41rjinj03wp1di67aacpf04p25qmf46c4z";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/influxdata/influxdb";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/influxdata/influxdb";
|
|
||||||
rev = "fc57c0f7c635df3873f3d64f0ed2100ddc94d5ae";
|
|
||||||
sha256 = "07cv1gryp4a84a2acgc8k8alr7jw4jwphf12cby8jjy1br35jrbq";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/influxdata/toml";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/influxdata/toml";
|
|
||||||
rev = "af4df43894b16e3fd2b788d01bd27ad0776ef2d0";
|
|
||||||
sha256 = "1faf51s89sk1z41qfsazmddgwll7jq9xna67k3h3vry86c4vs2j4";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/influxdata/wlog";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/influxdata/wlog";
|
|
||||||
rev = "7c63b0a71ef8300adc255344d275e10e5c3a71ec";
|
|
||||||
sha256 = "04kw4kivxvr3kkmghj3427b1xyhzbhnfr971qfn3lv2vvhs8kpfl";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/kardianos/osext";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/kardianos/osext";
|
|
||||||
rev = "29ae4ffbc9a6fe9fb2bc5029050ce6996ea1d3bc";
|
|
||||||
sha256 = "1mawalaz84i16njkz6f9fd5jxhcbxkbsjnav3cmqq2dncv2hyv8a";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/kardianos/service";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/kardianos/service";
|
|
||||||
rev = "5e335590050d6d00f3aa270217d288dda1c94d0a";
|
|
||||||
sha256 = "1g10qisgywfqj135yyiq63pnbjgr201gz929ydlgyzqq6yk3bn3h";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/klauspost/crc32";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/klauspost/crc32";
|
|
||||||
rev = "19b0b332c9e4516a6370a0456e6182c3b5036720";
|
|
||||||
sha256 = "0fcnsf1m0bzplgp28dz8skza6l7rc65s180x85rzbdl9l3zzi43r";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/lib/pq";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/lib/pq";
|
|
||||||
rev = "e182dc4027e2ded4b19396d638610f2653295f36";
|
|
||||||
sha256 = "1636v3snixapjf7rbjq0xn1sbym7hwckqfla0dm5cr4a5q4fw5cj";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/matttproud/golang_protobuf_extensions";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/matttproud/golang_protobuf_extensions";
|
|
||||||
rev = "d0c3fe89de86839aecf2e0579c40ba3bb336a453";
|
|
||||||
sha256 = "0jkjgpi1s8l9bdbf14fh8050757jqy36kn1l1hxxlb2fjn1pcg0r";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/miekg/dns";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/miekg/dns";
|
|
||||||
rev = "cce6c130cdb92c752850880fd285bea1d64439dd";
|
|
||||||
sha256 = "098gadhfjiijlgq497gbccvf26xrmjvln1fws56m0ljcgszq3jdx";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/mreiferson/go-snappystream";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/mreiferson/go-snappystream";
|
|
||||||
rev = "028eae7ab5c4c9e2d1cb4c4ca1e53259bbe7e504";
|
|
||||||
sha256 = "0jdd5whp74nvg35d9hzydsi3shnb1vrnd7shi9qz4wxap7gcrid6";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/naoina/go-stringutil";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/naoina/go-stringutil";
|
|
||||||
rev = "6b638e95a32d0c1131db0e7fe83775cbea4a0d0b";
|
|
||||||
sha256 = "00831p1wn3rimybk1z8l30787kn1akv5jax5wx743nn76qcmkmc6";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/nats-io/nats";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/nats-io/nats";
|
|
||||||
rev = "ea8b4fd12ebb823073c0004b9f09ac8748f4f165";
|
|
||||||
sha256 = "0i5f6n9k0d2vzdy20sqygmss5j45y72irxsi80grjsh7qkxa6vn1";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/nats-io/nuid";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/nats-io/nuid";
|
|
||||||
rev = "a5152d67cf63cbfb5d992a395458722a45194715";
|
|
||||||
sha256 = "0fphar5bz735wwa7549j31nxnm5a9dyw472gs9zafz0cv7g8np40";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/nsqio/go-nsq";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/nsqio/go-nsq";
|
|
||||||
rev = "0b80d6f05e15ca1930e0c5e1d540ed627e299980";
|
|
||||||
sha256 = "1zi9jazjfzilp2g0xy30dlx9nd9g47cjqrnqxallly97mz9n01xr";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/opencontainers/runc";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/opencontainers/runc";
|
|
||||||
rev = "89ab7f2ccc1e45ddf6485eaa802c35dcf321dfc8";
|
|
||||||
sha256 = "1rnaqcsww7plr430r4ksv9si4l91l25li0bwa1b03g3sn2shirk1";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/prometheus/client_golang";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/prometheus/client_golang";
|
|
||||||
rev = "18acf9993a863f4c4b40612e19cdd243e7c86831";
|
|
||||||
sha256 = "1gyjvwnvgyl0fs4hd2vp5hj1dsafhwb2h55w8zgzdpshvhwrpmhv";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/prometheus/client_model";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/prometheus/client_model";
|
|
||||||
rev = "fa8ad6fec33561be4280a8f0514318c79d7f6cb6";
|
|
||||||
sha256 = "11a7v1fjzhhwsl128znjcf5v7v6129xjgkdpym2lial4lac1dhm9";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/prometheus/common";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/prometheus/common";
|
|
||||||
rev = "e8eabff8812b05acf522b45fdcd725a785188e37";
|
|
||||||
sha256 = "08magd2aw7dqaa8bbv85404zvy120ify61msfpy75az5rdl5anxq";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/prometheus/procfs";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/prometheus/procfs";
|
|
||||||
rev = "406e5b7bfd8201a36e2bb5f7bdae0b03380c2ce8";
|
|
||||||
sha256 = "0yla9hz15pg63394ygs9iiwzsqyv29labl8p424hijwsc9z9nka8";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/samuel/go-zookeeper";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/samuel/go-zookeeper";
|
|
||||||
rev = "218e9c81c0dd8b3b18172b2bbfad92cc7d6db55f";
|
|
||||||
sha256 = "1v0m6wn83v4pbqz6hs7z1h5hbjk7k6npkpl7icvcxdcjd7rmyjp2";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/shirou/gopsutil";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/shirou/gopsutil";
|
|
||||||
rev = "4d0c402af66c78735c5ccf820dc2ca7de5e4ff08";
|
|
||||||
sha256 = "1wkp7chzpz6brq2y0k2mvsf0iaknns279wfsjn5gm6gvih49lqni";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/soniah/gosnmp";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/soniah/gosnmp";
|
|
||||||
rev = "3fe3beb30fa9700988893c56a63b1df8e1b68c26";
|
|
||||||
sha256 = "0a0vlxx1plqj9fi863wd8ajbzl705wgma4qk75v949azgn1yx9ib";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/streadway/amqp";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/streadway/amqp";
|
|
||||||
rev = "b4f3ceab0337f013208d31348b578d83c0064744";
|
|
||||||
sha256 = "1whcg2l6w2q7xrkk8q5y95i90ckq72bpgksii9ibrpyixbx7p5xp";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/stretchr/testify";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/stretchr/testify";
|
|
||||||
rev = "1f4a1643a57e798696635ea4c126e9127adb7d3c";
|
|
||||||
sha256 = "0nam9d68rn8ha8ldif22kkgv6k6ph3y88fp26159wdrs63ca3bzl";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/vjeantet/grok";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/vjeantet/grok";
|
|
||||||
rev = "83bfdfdfd1a8146795b28e547a8e3c8b28a466c2";
|
|
||||||
sha256 = "03zdcg9gy482gbasa7sw4cpw1k1n3dr2q06q80qnkqn268p7hp80";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/wvanbergen/kafka";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/wvanbergen/kafka";
|
|
||||||
rev = "46f9a1cf3f670edec492029fadded9c2d9e18866";
|
|
||||||
sha256 = "1czmbilprffdbwnrq4wcllaqknbq91l6p0ni6b55fkaggnwck694";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/wvanbergen/kazoo-go";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/wvanbergen/kazoo-go";
|
|
||||||
rev = "0f768712ae6f76454f987c3356177e138df258f8";
|
|
||||||
sha256 = "1paaayg03nknbnl3kdl0ybqv4llz7iwry7f29i0bh9srb6c87x16";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/yuin/gopher-lua";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/yuin/gopher-lua";
|
|
||||||
rev = "bf3808abd44b1e55143a2d7f08571aaa80db1808";
|
|
||||||
sha256 = "02m7ly5yzc3snvxlfl9j4ggwd7v0kpvy3pqgqbfr7scdjxdap4nm";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "github.com/zensqlmonitor/go-mssqldb";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://github.com/zensqlmonitor/go-mssqldb";
|
|
||||||
rev = "ffe5510c6fa5e15e6d983210ab501c815b56b363";
|
|
||||||
sha256 = "079x8ms8lv5p6253ppaxva37k6w04xnd38y8763rr2giswxqzlkl";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "golang.org/x/crypto";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://go.googlesource.com/crypto";
|
|
||||||
rev = "c197bcf24cde29d3f73c7b4ac6fd41f4384e8af6";
|
|
||||||
sha256 = "1y2bbghi594m8p4pcm9pwrzql06179xj6zvhaghwcc6y0l48rbgp";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "golang.org/x/net";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://go.googlesource.com/net";
|
|
||||||
rev = "6acef71eb69611914f7a30939ea9f6e194c78172";
|
|
||||||
sha256 = "1fcsv50sbq0lpzrhx3m9jw51wa255fsbqjwsx9iszq4d0gysnnvc";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "golang.org/x/text";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://go.googlesource.com/text";
|
|
||||||
rev = "a71fd10341b064c10f4a81ceac72bcf70f26ea34";
|
|
||||||
sha256 = "1igxqrgnnb6983fl0yck0xal2hwnkcgbslr7cxyrg7a65vawd0q1";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "gopkg.in/dancannon/gorethink.v1";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://gopkg.in/dancannon/gorethink.v1";
|
|
||||||
rev = "7d1af5be49cb5ecc7b177bf387d232050299d6ef";
|
|
||||||
sha256 = "0036hcadshka19bcqmq4mm9ssl9qhsx1n96lj1y24mh9g1api8fi";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "gopkg.in/fatih/pool.v2";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://gopkg.in/fatih/pool.v2";
|
|
||||||
rev = "cba550ebf9bce999a02e963296d4bc7a486cb715";
|
|
||||||
sha256 = "1jlrakgnpvhi2ny87yrsj1gyrcncfzdhypa9i2mlvvzqlj4r0dn0";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "gopkg.in/mgo.v2";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://gopkg.in/mgo.v2";
|
|
||||||
rev = "d90005c5262a3463800497ea5a89aed5fe22c886";
|
|
||||||
sha256 = "1z81k6mnfk07hkrkw31l16qycyiwa6wzyhysmywgkh58sm5dc9m7";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
goPackagePath = "gopkg.in/yaml.v2";
|
|
||||||
fetch = {
|
|
||||||
type = "git";
|
|
||||||
url = "https://gopkg.in/yaml.v2";
|
|
||||||
rev = "a83829b6f1293c91addabc89d0571c246397bbf4";
|
|
||||||
sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
]
|
|
301
krebs/5pkgs/writers.nix
Normal file
301
krebs/5pkgs/writers.nix
Normal file
|
@ -0,0 +1,301 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
{
|
||||||
|
nixpkgs.config.packageOverrides = _: {
|
||||||
|
execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let
|
||||||
|
in pkgs.writeC name { inherit destination; } /* c */ ''
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
static char *const filename = ${toC filename};
|
||||||
|
|
||||||
|
${if argv == null
|
||||||
|
then /* Propagate arguments */ /* c */ ''
|
||||||
|
#define MAIN_ARGS int argc, char **argv
|
||||||
|
''
|
||||||
|
else /* Provide fixed arguments */ /* c */ ''
|
||||||
|
#define MAIN_ARGS void
|
||||||
|
static char *const argv[] = ${toC (argv ++ [null])};
|
||||||
|
''}
|
||||||
|
|
||||||
|
static char *const envp[] = ${toC (
|
||||||
|
mapAttrsToList (k: v: "${k}=${v}") envp ++ [null]
|
||||||
|
)};
|
||||||
|
|
||||||
|
int main (MAIN_ARGS) {
|
||||||
|
execve(filename, argv, envp);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
|
execveBin = name: cfg:
|
||||||
|
pkgs.execve name (cfg // { destination = "/bin/${name}"; });
|
||||||
|
|
||||||
|
makeScriptWriter = interpreter: name: text:
|
||||||
|
assert (with types; either absolute-pathname filename).check name;
|
||||||
|
pkgs.writeOut (baseNameOf name) {
|
||||||
|
${optionalString (types.absolute-pathname.check name) name} = {
|
||||||
|
executable = true;
|
||||||
|
text = "#! ${interpreter}\n${text}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
writeBash = name: text:
|
||||||
|
assert (with types; either absolute-pathname filename).check name;
|
||||||
|
pkgs.writeOut (baseNameOf name) {
|
||||||
|
${optionalString (types.absolute-pathname.check name) name} = {
|
||||||
|
check = pkgs.writeDash "shellcheck.sh" ''
|
||||||
|
${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || :
|
||||||
|
'';
|
||||||
|
executable = true;
|
||||||
|
text = "#! ${pkgs.bash}/bin/bash\n${text}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
writeBashBin = name:
|
||||||
|
assert types.filename.check name;
|
||||||
|
pkgs.writeBash "/bin/${name}";
|
||||||
|
|
||||||
|
writeC = name: { destination ? "" }: text: pkgs.runCommand name {
|
||||||
|
inherit text;
|
||||||
|
passAsFile = [ "text" ];
|
||||||
|
} /* sh */ ''
|
||||||
|
PATH=${makeBinPath (with pkgs; [
|
||||||
|
binutils
|
||||||
|
coreutils
|
||||||
|
gcc
|
||||||
|
])}
|
||||||
|
exe=$out${destination}
|
||||||
|
mkdir -p "$(dirname "$exe")"
|
||||||
|
gcc -O -Wall -o "$exe" -x c "$textPath"
|
||||||
|
strip --strip-unneeded "$exe"
|
||||||
|
'';
|
||||||
|
|
||||||
|
writeDash = pkgs.makeScriptWriter "${pkgs.dash}/bin/dash";
|
||||||
|
|
||||||
|
writeDashBin = name:
|
||||||
|
assert types.filename.check name;
|
||||||
|
pkgs.writeDash "/bin/${name}";
|
||||||
|
|
||||||
|
writeEximConfig = name: text: pkgs.runCommand name {
|
||||||
|
inherit text;
|
||||||
|
passAsFile = [ "text" ];
|
||||||
|
} /* sh */ ''
|
||||||
|
# TODO validate exim config even with config.nix.useChroot == true
|
||||||
|
# currently doing so will fail because "user exim was not found"
|
||||||
|
#${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null
|
||||||
|
mv "$textPath" $out
|
||||||
|
'';
|
||||||
|
|
||||||
|
writeOut = name: specs0:
|
||||||
|
let
|
||||||
|
writers.link =
|
||||||
|
{ path
|
||||||
|
, link
|
||||||
|
}:
|
||||||
|
assert path == "" || types.absolute-pathname.check path;
|
||||||
|
assert types.package.check link;
|
||||||
|
{
|
||||||
|
install = /* sh */ ''
|
||||||
|
${optionalString (dirOf path != "/") /* sh */ ''
|
||||||
|
${pkgs.coreutils}/bin/mkdir -p $out${dirOf path}
|
||||||
|
''}
|
||||||
|
${pkgs.coreutils}/bin/ln -s ${link} $out${path}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
writers.text =
|
||||||
|
{ path
|
||||||
|
, check ? null
|
||||||
|
, executable ? false
|
||||||
|
, mode ? if executable then "0755" else "0644"
|
||||||
|
, text
|
||||||
|
}:
|
||||||
|
assert path == "" || types.absolute-pathname.check path;
|
||||||
|
assert types.bool.check executable;
|
||||||
|
assert types.file-mode.check mode;
|
||||||
|
rec {
|
||||||
|
var = "file_${hashString "sha1" path}";
|
||||||
|
val = text;
|
||||||
|
install = /* sh */ ''
|
||||||
|
${optionalString (check != null) /* sh */ ''
|
||||||
|
${check} ''$${var}Path
|
||||||
|
''}
|
||||||
|
${pkgs.coreutils}/bin/install \
|
||||||
|
-m ${mode} \
|
||||||
|
-D \
|
||||||
|
''$${var}Path $out${path}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
write = spec: writers.${spec.type} (removeAttrs spec ["type"]);
|
||||||
|
|
||||||
|
specs =
|
||||||
|
mapAttrsToList
|
||||||
|
(path: spec: let
|
||||||
|
known-types = [ "link" "text" ];
|
||||||
|
found-types = attrNames (getAttrs known-types spec);
|
||||||
|
type = assert length found-types == 1; head found-types;
|
||||||
|
in spec // { inherit path type; })
|
||||||
|
specs0;
|
||||||
|
|
||||||
|
files = map write specs;
|
||||||
|
|
||||||
|
filevars = genAttrs' (filter (hasAttr "var") files)
|
||||||
|
(spec: nameValuePair spec.var spec.val);
|
||||||
|
|
||||||
|
env = filevars // { passAsFile = attrNames filevars; };
|
||||||
|
in
|
||||||
|
pkgs.runCommand name env /* sh */ ''
|
||||||
|
set -efu
|
||||||
|
${concatMapStringsSep "\n" (getAttr "install") files}
|
||||||
|
'';
|
||||||
|
|
||||||
|
writeHaskell =
|
||||||
|
k:
|
||||||
|
let
|
||||||
|
k' = parseDrvName k;
|
||||||
|
name = k'.name;
|
||||||
|
version = if k'.version != "" then k'.version else "0";
|
||||||
|
in
|
||||||
|
{ base-depends ? ["base"]
|
||||||
|
, executables ? {}
|
||||||
|
, ghc-options ? ["-Wall" "-O3" "-threaded" "-rtsopts"]
|
||||||
|
, haskellPackages ? pkgs.haskellPackages
|
||||||
|
, library ? null
|
||||||
|
, license ? "WTFPL"
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
isExecutable = executables != {};
|
||||||
|
isLibrary = library != null;
|
||||||
|
|
||||||
|
cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ ''
|
||||||
|
build-type: Simple
|
||||||
|
cabal-version: >= 1.2
|
||||||
|
name: ${name}
|
||||||
|
version: ${version}
|
||||||
|
${concatStringsSep "\n" (mapAttrsToList exe-section executables)}
|
||||||
|
${optionalString isLibrary (lib-section library)}
|
||||||
|
'';
|
||||||
|
|
||||||
|
exe-install =
|
||||||
|
exe-name:
|
||||||
|
{ file ? pkgs.writeText "${name}-${exe-name}.hs" text
|
||||||
|
, relpath ? "${exe-name}.hs"
|
||||||
|
, text
|
||||||
|
, ... }:
|
||||||
|
if types.filename.check exe-name
|
||||||
|
then /* sh */ "install -D ${file} $out/${relpath}"
|
||||||
|
else throw "argument ‘exe-name’ is not a ${types.filename.name}";
|
||||||
|
|
||||||
|
exe-section =
|
||||||
|
exe-name:
|
||||||
|
{ build-depends ? base-depends ++ extra-depends
|
||||||
|
, extra-depends ? []
|
||||||
|
, file ? pkgs.writeText "${name}-${exe-name}.hs" text
|
||||||
|
, relpath ? "${exe-name}.hs"
|
||||||
|
, text
|
||||||
|
, ... }: /* cabal */ ''
|
||||||
|
executable ${exe-name}
|
||||||
|
build-depends: ${concatStringsSep "," build-depends}
|
||||||
|
ghc-options: ${toString ghc-options}
|
||||||
|
main-is: ${relpath}
|
||||||
|
'';
|
||||||
|
|
||||||
|
get-depends =
|
||||||
|
{ build-depends ? base-depends ++ extra-depends
|
||||||
|
, extra-depends ? []
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
build-depends;
|
||||||
|
|
||||||
|
lib-install =
|
||||||
|
{ exposed-modules
|
||||||
|
, ... }:
|
||||||
|
concatStringsSep "\n" (mapAttrsToList mod-install exposed-modules);
|
||||||
|
|
||||||
|
lib-section =
|
||||||
|
{ build-depends ? base-depends ++ extra-depends
|
||||||
|
, extra-depends ? []
|
||||||
|
, exposed-modules
|
||||||
|
, ... }: /* cabal */ ''
|
||||||
|
library
|
||||||
|
build-depends: ${concatStringsSep "," build-depends}
|
||||||
|
ghc-options: ${toString ghc-options}
|
||||||
|
exposed-modules: ${concatStringsSep "," (attrNames exposed-modules)}
|
||||||
|
'';
|
||||||
|
|
||||||
|
mod-install =
|
||||||
|
mod-name:
|
||||||
|
{ file ? pkgs.writeText "${name}-${mod-name}.hs" text
|
||||||
|
, relpath ? "${replaceStrings ["."] ["/"] mod-name}.hs"
|
||||||
|
, text
|
||||||
|
, ... }:
|
||||||
|
if types.haskell.modid.check mod-name
|
||||||
|
then /* sh */ "install -D ${file} $out/${relpath}"
|
||||||
|
else throw "argument ‘mod-name’ is not a ${types.haskell.modid.name}";
|
||||||
|
in
|
||||||
|
haskellPackages.mkDerivation {
|
||||||
|
inherit isExecutable isLibrary license version;
|
||||||
|
executableHaskellDepends =
|
||||||
|
attrVals
|
||||||
|
(concatMap get-depends (attrValues executables))
|
||||||
|
haskellPackages;
|
||||||
|
libraryHaskellDepends =
|
||||||
|
attrVals
|
||||||
|
(optionals isLibrary (get-depends library))
|
||||||
|
haskellPackages;
|
||||||
|
pname = name;
|
||||||
|
src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ ''
|
||||||
|
install -D ${cabal-file} $out/${cabal-file.name}
|
||||||
|
${optionalString isLibrary (lib-install library)}
|
||||||
|
${concatStringsSep "\n" (mapAttrsToList exe-install executables)}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
writeJq = name: text:
|
||||||
|
assert (with types; either absolute-pathname filename).check name;
|
||||||
|
pkgs.writeOut (baseNameOf name) {
|
||||||
|
${optionalString (types.absolute-pathname.check name) name} = {
|
||||||
|
check = pkgs.writeDash "jqcheck.sh" ''
|
||||||
|
exec ${pkgs.jq}/bin/jq -f "$1" -n
|
||||||
|
'';
|
||||||
|
inherit text;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
writeJSON = name: value: pkgs.writeText name (toJSON value);
|
||||||
|
|
||||||
|
writeNixFromCabal =
|
||||||
|
trace (toString [
|
||||||
|
"The function `writeNixFromCabal` has been deprecated in favour of"
|
||||||
|
"`writeHaskell`."
|
||||||
|
])
|
||||||
|
(name: path: pkgs.runCommand name {} /* sh */ ''
|
||||||
|
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
|
||||||
|
'');
|
||||||
|
|
||||||
|
writePython2 = name: text:
|
||||||
|
assert (with types; either absolute-pathname filename).check name;
|
||||||
|
pkgs.writeOut (baseNameOf name) {
|
||||||
|
${optionalString (types.absolute-pathname.check name) name} = {
|
||||||
|
check = pkgs.writeDash "python2check.sh" ''
|
||||||
|
exec ${pkgs.python2}/bin/python -m py_compile "$1"
|
||||||
|
'';
|
||||||
|
inherit text;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
writePython3 = name: text:
|
||||||
|
assert (with types; either absolute-pathname filename).check name;
|
||||||
|
pkgs.writeOut (baseNameOf name) {
|
||||||
|
${optionalString (types.absolute-pathname.check name) name} = {
|
||||||
|
check = pkgs.writeDash "python3check.sh" ''
|
||||||
|
exec ${pkgs.python3}/bin/python -m py_compile "$textPath"
|
||||||
|
'';
|
||||||
|
inherit text;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f";
|
||||||
|
};
|
||||||
|
}
|
152
lass/1systems/iso.nix
Normal file
152
lass/1systems/iso.nix
Normal file
|
@ -0,0 +1,152 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
|
||||||
|
../../krebs
|
||||||
|
../3modules
|
||||||
|
../5pkgs
|
||||||
|
../2configs/binary-cache/client.nix
|
||||||
|
../2configs/mc.nix
|
||||||
|
../2configs/nixpkgs.nix
|
||||||
|
../2configs/vim.nix
|
||||||
|
{
|
||||||
|
krebs.enable = true;
|
||||||
|
krebs.build.user = config.krebs.users.lass;
|
||||||
|
krebs.build.host = config.krebs.hosts.iso;
|
||||||
|
krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
users.extraUsers = {
|
||||||
|
root = {
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
config.krebs.users.lass-shodan.pubkey
|
||||||
|
config.krebs.users.lass-icarus.pubkey
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
environment.extraInit = ''
|
||||||
|
EDITOR=vim
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
#stockholm
|
||||||
|
git
|
||||||
|
gnumake
|
||||||
|
jq
|
||||||
|
parallel
|
||||||
|
proot
|
||||||
|
populate
|
||||||
|
|
||||||
|
#style
|
||||||
|
most
|
||||||
|
rxvt_unicode.terminfo
|
||||||
|
|
||||||
|
#monitoring tools
|
||||||
|
htop
|
||||||
|
iotop
|
||||||
|
|
||||||
|
#network
|
||||||
|
iptables
|
||||||
|
iftop
|
||||||
|
|
||||||
|
#stuff for dl
|
||||||
|
aria2
|
||||||
|
|
||||||
|
#neat utils
|
||||||
|
krebspaste
|
||||||
|
pciutils
|
||||||
|
pop
|
||||||
|
psmisc
|
||||||
|
q
|
||||||
|
rs
|
||||||
|
tmux
|
||||||
|
untilport
|
||||||
|
usbutils
|
||||||
|
|
||||||
|
#unpack stuff
|
||||||
|
p7zip
|
||||||
|
unzip
|
||||||
|
unrar
|
||||||
|
|
||||||
|
#data recovery
|
||||||
|
ddrescue
|
||||||
|
ntfs3g
|
||||||
|
dosfstools
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
programs.bash = {
|
||||||
|
enableCompletion = true;
|
||||||
|
interactiveShellInit = ''
|
||||||
|
HISTCONTROL='erasedups:ignorespace'
|
||||||
|
HISTSIZE=65536
|
||||||
|
HISTFILESIZE=$HISTSIZE
|
||||||
|
|
||||||
|
shopt -s checkhash
|
||||||
|
shopt -s histappend histreedit histverify
|
||||||
|
shopt -s no_empty_cmd_completion
|
||||||
|
complete -d cd
|
||||||
|
'';
|
||||||
|
promptInit = ''
|
||||||
|
if test $UID = 0; then
|
||||||
|
PS1='\[\033[1;31m\]\w\[\033[0m\] '
|
||||||
|
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
|
||||||
|
elif test $UID = 1337; then
|
||||||
|
PS1='\[\033[1;32m\]\w\[\033[0m\] '
|
||||||
|
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
|
||||||
|
else
|
||||||
|
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
|
||||||
|
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
|
||||||
|
fi
|
||||||
|
if test -n "$SSH_CLIENT"; then
|
||||||
|
PS1='\[\033[35m\]\h'" $PS1"
|
||||||
|
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
hostKeys = [
|
||||||
|
# XXX bits here make no science
|
||||||
|
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
krebs.iptables = {
|
||||||
|
enable = true;
|
||||||
|
tables = {
|
||||||
|
nat.PREROUTING.rules = [
|
||||||
|
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
|
||||||
|
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
|
||||||
|
];
|
||||||
|
nat.OUTPUT.rules = [
|
||||||
|
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
|
||||||
|
];
|
||||||
|
filter.INPUT.policy = "DROP";
|
||||||
|
filter.FORWARD.policy = "DROP";
|
||||||
|
filter.INPUT.rules = [
|
||||||
|
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
|
||||||
|
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
|
||||||
|
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
|
||||||
|
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
|
||||||
|
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
|
||||||
|
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
|
||||||
|
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
|
@ -215,7 +215,8 @@ in {
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
krebs.repo-sync.timerConfig = {
|
krebs.repo-sync.timerConfig = {
|
||||||
OnCalendar = "*:0/5";
|
OnUnitInactiveSec = "5min";
|
||||||
|
RandomizedDelaySec = "2min";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
|
@ -66,7 +66,6 @@ in {
|
||||||
youtube-tools
|
youtube-tools
|
||||||
|
|
||||||
rxvt_unicode
|
rxvt_unicode
|
||||||
termite
|
|
||||||
#window manager stuff
|
#window manager stuff
|
||||||
#haskellPackages.xmobar
|
#haskellPackages.xmobar
|
||||||
#haskellPackages.yeganesh
|
#haskellPackages.yeganesh
|
||||||
|
|
|
@ -11,7 +11,7 @@ let
|
||||||
|
|
||||||
in {
|
in {
|
||||||
config.krebs.buildbot.master = let
|
config.krebs.buildbot.master = let
|
||||||
stockholm-mirror-url = http://cgit.prism/stockholm ;
|
stockholm-mirror-url = http://cgit.lassul.us/stockholm ;
|
||||||
in {
|
in {
|
||||||
workers = {
|
workers = {
|
||||||
testworker = "lasspass";
|
testworker = "lasspass";
|
||||||
|
|
|
@ -17,7 +17,7 @@ let
|
||||||
|
|
||||||
muttrc = pkgs.writeText "muttrc" ''
|
muttrc = pkgs.writeText "muttrc" ''
|
||||||
# gpg
|
# gpg
|
||||||
source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
|
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
|
||||||
set pgp_use_gpg_agent = yes
|
set pgp_use_gpg_agent = yes
|
||||||
set pgp_sign_as = 0x976A7E4D
|
set pgp_sign_as = 0x976A7E4D
|
||||||
set crypt_autosign = yes
|
set crypt_autosign = yes
|
||||||
|
@ -99,7 +99,7 @@ let
|
||||||
'';
|
'';
|
||||||
|
|
||||||
mutt = pkgs.writeDashBin "mutt" ''
|
mutt = pkgs.writeDashBin "mutt" ''
|
||||||
exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
|
exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
|
@ -1,94 +1,35 @@
|
||||||
{pkgs, config, ...}:
|
{pkgs, config, ...}:
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
lass.telegraf = {
|
services.telegraf = {
|
||||||
enable = true;
|
enable = true;
|
||||||
interval = "1s";
|
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
outputs = ''
|
agent.interval = "1s";
|
||||||
[outputs.influxdb]
|
outputs = {
|
||||||
urls = ["http://prism:8086"]
|
influxdb = {
|
||||||
database = "telegraf_db"
|
urls = ["http://prism:8086"];
|
||||||
user_agent = "telegraf"
|
database = "telegraf_db";
|
||||||
'';
|
user_agent = "telegraf";
|
||||||
inputs = [
|
};
|
||||||
''
|
};
|
||||||
[cpu]
|
inputs = {
|
||||||
percpu = false
|
cpu = {
|
||||||
totalcpu = true
|
percpu = false;
|
||||||
drop = ["cpu_time"]
|
totalcpu = true;
|
||||||
''
|
};
|
||||||
''
|
mem = {};
|
||||||
[[inputs.mem]]
|
net = {};
|
||||||
''
|
};
|
||||||
''
|
};
|
||||||
[[inputs.ping]]
|
|
||||||
urls = ["8.8.8.8"]
|
|
||||||
''
|
|
||||||
''
|
|
||||||
[[inputs.net]]
|
|
||||||
''
|
|
||||||
''
|
|
||||||
[[inputs.dns_query]]
|
|
||||||
servers = ["8.8.8.8"]
|
|
||||||
''
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
systemd.services.telegraf.path = with pkgs; [
|
|
||||||
iputils
|
|
||||||
lm_sensors
|
|
||||||
];
|
|
||||||
|
|
||||||
services.collectd = {
|
services.journalbeat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autoLoadPlugin = true;
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
Hostname ${config.krebs.build.host.name}
|
output.elasticsearch:
|
||||||
LoadPlugin load
|
hosts: ["prism:9200"]
|
||||||
LoadPlugin disk
|
template.enabled: false
|
||||||
LoadPlugin memory
|
|
||||||
Interval 30.0
|
|
||||||
|
|
||||||
LoadPlugin interface
|
|
||||||
<Plugin "interface">
|
|
||||||
Interface "*Link"
|
|
||||||
Interface "lo"
|
|
||||||
Interface "vboxnet*"
|
|
||||||
Interface "virbr*"
|
|
||||||
IgnoreSelected true
|
|
||||||
</Plugin>
|
|
||||||
|
|
||||||
LoadPlugin df
|
|
||||||
<Plugin "df">
|
|
||||||
MountPoint "/nix/store"
|
|
||||||
FSType "tmpfs"
|
|
||||||
FSType "binfmt_misc"
|
|
||||||
FSType "debugfs"
|
|
||||||
FSType "mqueue"
|
|
||||||
FSType "hugetlbfs"
|
|
||||||
FSType "systemd-1"
|
|
||||||
FSType "cgroup"
|
|
||||||
FSType "securityfs"
|
|
||||||
FSType "ramfs"
|
|
||||||
FSType "proc"
|
|
||||||
FSType "devpts"
|
|
||||||
FSType "devtmpfs"
|
|
||||||
MountPoint "/var/lib/docker/devicemapper"
|
|
||||||
IgnoreSelected true
|
|
||||||
</Plugin>
|
|
||||||
|
|
||||||
LoadPlugin cpu
|
|
||||||
<Plugin cpu>
|
|
||||||
ReportByCpu true
|
|
||||||
ReportByState true
|
|
||||||
ValuesPercentage true
|
|
||||||
</Plugin>
|
|
||||||
|
|
||||||
LoadPlugin network
|
|
||||||
<Plugin "network">
|
|
||||||
Server "prism" "25826"
|
|
||||||
</Plugin>
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,14 @@
|
||||||
{pkgs, config, ...}:
|
{pkgs, config, ...}:
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
services.influxdb = {
|
services.influxdb.enable = true;
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.influxdb.extraConfig = {
|
services.influxdb.extraConfig = {
|
||||||
meta.hostname = config.krebs.build.host.name;
|
meta.hostname = config.krebs.build.host.name;
|
||||||
# meta.logging-enabled = true;
|
# meta.logging-enabled = true;
|
||||||
http.bind-address = ":8086";
|
http.bind-address = ":8086";
|
||||||
admin.bind-address = ":8083";
|
admin.bind-address = ":8083";
|
||||||
|
http.log-enabled = false;
|
||||||
monitoring = {
|
monitoring = {
|
||||||
enabled = false;
|
enabled = false;
|
||||||
# write-interval = "24h";
|
# write-interval = "24h";
|
||||||
|
@ -22,45 +21,79 @@ with import <stockholm/lib>;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
lass.kapacitor =
|
krebs.kapacitor =
|
||||||
let
|
let
|
||||||
|
db = "telegraf_db";
|
||||||
echoToIrc = pkgs.writeDash "echo_irc" ''
|
echoToIrc = pkgs.writeDash "echo_irc" ''
|
||||||
set -euf
|
set -euf
|
||||||
data="$(${pkgs.jq}/bin/jq -r .message)"
|
data="$(${pkgs.jq}/bin/jq -r .message)"
|
||||||
export LOGNAME=prism-alarm
|
export LOGNAME=prism-alarm
|
||||||
${pkgs.irc-announce}/bin/irc-announce \
|
${pkgs.irc-announce}/bin/irc-announce \
|
||||||
irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
|
ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
alarms = {
|
alarms = {
|
||||||
test2 = ''
|
cpu = {
|
||||||
batch
|
database = db;
|
||||||
|
text = ''
|
||||||
|
var data = batch
|
||||||
|query(${"'''"}
|
|query(${"'''"}
|
||||||
SELECT mean("usage_user") AS mean
|
SELECT mean("usage_user") AS mean
|
||||||
FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
|
FROM "${db}"."default"."cpu"
|
||||||
${"'''"})
|
${"'''"})
|
||||||
.every(3m)
|
.period(10m)
|
||||||
.period(1m)
|
.every(1m)
|
||||||
.groupBy('host')
|
.groupBy('host')
|
||||||
|alert()
|
data |alert()
|
||||||
|
.crit(lambda: "mean" > 90)
|
||||||
|
.exec('${echoToIrc}')
|
||||||
|
data |deadman(1.0,5m)
|
||||||
|
.stateChangesOnly()
|
||||||
|
.exec('${echoToIrc}')
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
ram = {
|
||||||
|
database = db;
|
||||||
|
text = ''
|
||||||
|
var data = batch
|
||||||
|
|query(${"'''"}
|
||||||
|
SELECT mean("used_percent") AS mean
|
||||||
|
FROM "${db}"."default"."mem"
|
||||||
|
${"'''"})
|
||||||
|
.period(10m)
|
||||||
|
.every(1m)
|
||||||
|
.groupBy('host')
|
||||||
|
data |alert()
|
||||||
.crit(lambda: "mean" > 90)
|
.crit(lambda: "mean" > 90)
|
||||||
// Whenever we get an alert write it to a file.
|
|
||||||
.log('/tmp/alerts.log')
|
|
||||||
.exec('${echoToIrc}')
|
.exec('${echoToIrc}')
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
krebs.iptables.tables.filter.INPUT.rules = [
|
|
||||||
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
|
|
||||||
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
|
|
||||||
];
|
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
auth.anonymous.enable = true;
|
auth.anonymous.enable = true;
|
||||||
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.elasticsearch = {
|
||||||
|
enable = true;
|
||||||
|
listenAddress = "0.0.0.0";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.kibana = {
|
||||||
|
enable = true;
|
||||||
|
listenAddress = "0.0.0.0";
|
||||||
|
};
|
||||||
|
|
||||||
|
krebs.iptables.tables.filter.INPUT.rules = [
|
||||||
|
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp -i retiolum --dport 9200"; target = "ACCEPT"; }
|
||||||
|
{ predicate = "-p tcp -i retiolum --dport 5601"; target = "ACCEPT"; }
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,10 +10,6 @@ let
|
||||||
arbor|http://feeds2.feedburner.com/asert/|#news
|
arbor|http://feeds2.feedburner.com/asert/|#news
|
||||||
archlinux|http://www.archlinux.org/feeds/news/|#news
|
archlinux|http://www.archlinux.org/feeds/news/|#news
|
||||||
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
|
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
|
||||||
asiaone_asia|http://news.asiaone.com/rss/asia|#news
|
|
||||||
asiaone_business|http://business.asiaone.com/rss.xml|#news
|
|
||||||
asiaone_sci|http://news.asiaone.com/rss/science-and-tech|#news
|
|
||||||
asiaone_world|http://news.asiaone.com/rss/world|#news
|
|
||||||
augustl|http://augustl.com/atom.xml|#news
|
augustl|http://augustl.com/atom.xml|#news
|
||||||
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
|
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
|
||||||
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
|
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
|
||||||
|
@ -78,7 +74,6 @@ let
|
||||||
heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news
|
heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news
|
||||||
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
|
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
|
||||||
hindu|http://www.thehindu.com/?service=rss|#news
|
hindu|http://www.thehindu.com/?service=rss|#news
|
||||||
hintergrund|http://www.hintergrund.de/index.php?option=com_bca-rss-syndicator&feed_id=8|#news
|
|
||||||
ign|http://feeds.ign.com/ign/all|#news
|
ign|http://feeds.ign.com/ign/all|#news
|
||||||
independent|http://www.independent.com/rss/headlines/|#news
|
independent|http://www.independent.com/rss/headlines/|#news
|
||||||
indymedia|http://de.indymedia.org/RSS/newswire.xml|#news
|
indymedia|http://de.indymedia.org/RSS/newswire.xml|#news
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
{
|
{
|
||||||
krebs.build.source.nixpkgs.git = {
|
krebs.build.source.nixpkgs.git = {
|
||||||
url = https://github.com/nixos/nixpkgs;
|
url = https://github.com/nixos/nixpkgs;
|
||||||
ref = "5fff5a902594b34471b613eb2babcec923e1e1f1";
|
ref = "f7b7d8e";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -49,7 +49,7 @@ let
|
||||||
mirror.url = "${mirror}${name}";
|
mirror.url = "${mirror}${name}";
|
||||||
};
|
};
|
||||||
lassulus = {
|
lassulus = {
|
||||||
origin.url = "http://cgit.prism/${name}";
|
origin.url = "http://cgit.lassul.us/${name}";
|
||||||
mirror.url = "${mirror}${name}";
|
mirror.url = "${mirror}${name}";
|
||||||
};
|
};
|
||||||
"@latest" = {
|
"@latest" = {
|
||||||
|
@ -102,6 +102,7 @@ in {
|
||||||
(sync-retiolum "go")
|
(sync-retiolum "go")
|
||||||
(sync-retiolum "much")
|
(sync-retiolum "much")
|
||||||
(sync-retiolum "newsbot-js")
|
(sync-retiolum "newsbot-js")
|
||||||
|
(sync-retiolum "populate")
|
||||||
(sync-retiolum "stockholm")
|
(sync-retiolum "stockholm")
|
||||||
(sync-retiolum "wai-middleware-time")
|
(sync-retiolum "wai-middleware-time")
|
||||||
(sync-retiolum "web-routes-wai-custom")
|
(sync-retiolum "web-routes-wai-custom")
|
||||||
|
|
|
@ -118,8 +118,7 @@ in {
|
||||||
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
|
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
|
||||||
{ from = "jms@ubikmedia.eu"; to = "jms"; }
|
{ from = "jms@ubikmedia.eu"; to = "jms"; }
|
||||||
{ from = "ms@ubikmedia.eu"; to = "ms"; }
|
{ from = "ms@ubikmedia.eu"; to = "ms"; }
|
||||||
{ from = "nrg@ubikmedia.eu"; to = "nrg"; }
|
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
|
||||||
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; }
|
|
||||||
|
|
||||||
{ from = "testuser@lassul.us"; to = "testuser"; }
|
{ from = "testuser@lassul.us"; to = "testuser"; }
|
||||||
];
|
];
|
||||||
|
@ -161,13 +160,6 @@ in {
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.nrg = {
|
|
||||||
uid = genid_signed "nrg";
|
|
||||||
home = "/home/nrg";
|
|
||||||
useDefaultShell = true;
|
|
||||||
createHome = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.testuser = {
|
users.users.testuser = {
|
||||||
uid = genid_signed "testuser";
|
uid = genid_signed "testuser";
|
||||||
home = "/home/testuser";
|
home = "/home/testuser";
|
||||||
|
|
|
@ -6,10 +6,7 @@ _:
|
||||||
./hosts.nix
|
./hosts.nix
|
||||||
./mysql-backup.nix
|
./mysql-backup.nix
|
||||||
./umts.nix
|
./umts.nix
|
||||||
./urxvtd.nix
|
|
||||||
./usershadow.nix
|
./usershadow.nix
|
||||||
./xresources.nix
|
./xresources.nix
|
||||||
./kapacitor.nix
|
|
||||||
./telegraf.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,143 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with builtins;
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.lass.kapacitor;
|
|
||||||
|
|
||||||
out = {
|
|
||||||
options.lass.kapacitor = api;
|
|
||||||
config = mkIf cfg.enable imp;
|
|
||||||
};
|
|
||||||
|
|
||||||
api = {
|
|
||||||
enable = mkEnableOption "kapacitor";
|
|
||||||
dataDir = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "/var/lib/kapacitor";
|
|
||||||
};
|
|
||||||
user = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "kapacitor";
|
|
||||||
};
|
|
||||||
logLevel = mkOption {
|
|
||||||
type = types.enum ["DEBUG" "INFO" "WARN" "ERROR" "OFF"];
|
|
||||||
default = "INFO";
|
|
||||||
};
|
|
||||||
alarms = mkOption {
|
|
||||||
type = with types; attrsOf str;
|
|
||||||
default = {};
|
|
||||||
};
|
|
||||||
check_db = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "all_data";
|
|
||||||
};
|
|
||||||
config = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
#TODO: find a good default
|
|
||||||
default = ''
|
|
||||||
hostname = "localhost"
|
|
||||||
data_dir = "${cfg.dataDir}"
|
|
||||||
|
|
||||||
[http]
|
|
||||||
bind-address = ":9092"
|
|
||||||
auth-enabled = false
|
|
||||||
log-enabled = true
|
|
||||||
write-tracing = false
|
|
||||||
pprof-enabled = false
|
|
||||||
https-enabled = false
|
|
||||||
https-certificate = "/etc/ssl/kapacitor.pem"
|
|
||||||
shutdown-timeout = "10s"
|
|
||||||
shared-secret = ""
|
|
||||||
|
|
||||||
[replay]
|
|
||||||
dir = "${cfg.dataDir}/replay"
|
|
||||||
|
|
||||||
[storage]
|
|
||||||
boltdb = "${cfg.dataDir}/kapacitor.db"
|
|
||||||
|
|
||||||
[task]
|
|
||||||
dir = "${cfg.dataDir}/tasks"
|
|
||||||
snapshot-interval = "1m0s"
|
|
||||||
|
|
||||||
[[influxdb]]
|
|
||||||
enabled = true
|
|
||||||
name = "default"
|
|
||||||
default = false
|
|
||||||
urls = ["http://localhost:8086"]
|
|
||||||
username = ""
|
|
||||||
password = ""
|
|
||||||
ssl-ca = ""
|
|
||||||
ssl-cert = ""
|
|
||||||
ssl-key = ""
|
|
||||||
insecure-skip-verify = false
|
|
||||||
timeout = "0s"
|
|
||||||
disable-subscriptions = false
|
|
||||||
subscription-protocol = "http"
|
|
||||||
udp-bind = ""
|
|
||||||
udp-buffer = 1000
|
|
||||||
udp-read-buffer = 0
|
|
||||||
startup-timeout = "5m0s"
|
|
||||||
subscriptions-sync-interval = "1m0s"
|
|
||||||
[influxdb.subscriptions]
|
|
||||||
[influxdb.excluded-subscriptions]
|
|
||||||
_kapacitor = ["autogen"]
|
|
||||||
|
|
||||||
[logging]
|
|
||||||
file = "STDERR"
|
|
||||||
level = "${cfg.logLevel}"
|
|
||||||
|
|
||||||
[deadman]
|
|
||||||
interval = "10s"
|
|
||||||
threshold = 0.0
|
|
||||||
id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
|
|
||||||
message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
|
|
||||||
global = false
|
|
||||||
'';
|
|
||||||
description = "configuration kapacitor is started with";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
configFile = pkgs.writeText "kapacitor.conf" cfg.config;
|
|
||||||
|
|
||||||
imp = {
|
|
||||||
|
|
||||||
systemd.services.kapacitor = {
|
|
||||||
description = "kapacitor";
|
|
||||||
after = [ "network.target" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
restartIfChanged = true;
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Restart = "always";
|
|
||||||
ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.kapacitor-alarms = {
|
|
||||||
description = "kapacitor-alarms";
|
|
||||||
after = [ "kapacitor.service" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
restartIfChanged = true;
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
ExecStart = pkgs.writeDash "add_alarms" ''
|
|
||||||
${pkgs.kapacitor}/bin/kapacitor delete tasks \*
|
|
||||||
${concatStrings (mapAttrsToList (name: alarm: ''
|
|
||||||
${pkgs.kapacitor}/bin/kapacitor define ${name} \
|
|
||||||
-type batch \
|
|
||||||
-tick ${pkgs.writeText "${name}.tick" alarm} \
|
|
||||||
-dbrp ${cfg.check_db}.default
|
|
||||||
${pkgs.kapacitor}/bin/kapacitor enable ${name}
|
|
||||||
'') cfg.alarms)}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
in out
|
|
|
@ -1,84 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with builtins;
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.lass.telegraf;
|
|
||||||
|
|
||||||
out = {
|
|
||||||
options.lass.telegraf = api;
|
|
||||||
config = mkIf cfg.enable imp;
|
|
||||||
};
|
|
||||||
|
|
||||||
api = {
|
|
||||||
enable = mkEnableOption "telegraf";
|
|
||||||
dataDir = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "/var/lib/telegraf";
|
|
||||||
};
|
|
||||||
user = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "telegraf";
|
|
||||||
};
|
|
||||||
outputs = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = ''
|
|
||||||
[outputs.influxdb]
|
|
||||||
urls = ["http://localhost:8086"]
|
|
||||||
database = "telegraf_db"
|
|
||||||
user_agent = "telegraf"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
inputs = mkOption {
|
|
||||||
type = with types; listOf str;
|
|
||||||
default = [
|
|
||||||
''
|
|
||||||
[cpu]
|
|
||||||
percpu = false
|
|
||||||
totalcpu = true
|
|
||||||
drop = ["cpu_time"]
|
|
||||||
''
|
|
||||||
];
|
|
||||||
};
|
|
||||||
interval = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "10s";
|
|
||||||
};
|
|
||||||
config = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
#TODO: find a good default
|
|
||||||
default = ''
|
|
||||||
[agent]
|
|
||||||
interval = "${cfg.interval}"
|
|
||||||
|
|
||||||
[outputs]
|
|
||||||
|
|
||||||
${cfg.outputs}
|
|
||||||
|
|
||||||
${concatStringsSep "\n" cfg.inputs}
|
|
||||||
|
|
||||||
'';
|
|
||||||
description = "configuration telegraf is started with";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
configFile = pkgs.writeText "telegraf.conf" cfg.config;
|
|
||||||
|
|
||||||
imp = {
|
|
||||||
|
|
||||||
systemd.services.telegraf = {
|
|
||||||
description = "telegraf";
|
|
||||||
after = [ "network.target" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
restartIfChanged = true;
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Restart = "always";
|
|
||||||
ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
in out
|
|
|
@ -1,55 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
in
|
|
||||||
|
|
||||||
with builtins;
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
|
||||||
options = {
|
|
||||||
services.urxvtd = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "Enable urxvtd per user";
|
|
||||||
};
|
|
||||||
users = mkOption {
|
|
||||||
type = types.listOf types.string;
|
|
||||||
default = [];
|
|
||||||
description = "users to run urxvtd for";
|
|
||||||
};
|
|
||||||
urxvtPackage = mkOption {
|
|
||||||
type = types.package;
|
|
||||||
default = pkgs.rxvt_unicode;
|
|
||||||
description = "urxvt package to use";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config =
|
|
||||||
let
|
|
||||||
cfg = config.services.urxvtd;
|
|
||||||
users = cfg.users;
|
|
||||||
urxvt = cfg.urxvtPackage;
|
|
||||||
mkService = user: {
|
|
||||||
description = "urxvt terminal daemon";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
restartIfChanged = false;
|
|
||||||
path = [ pkgs.xlibs.xrdb ];
|
|
||||||
environment = {
|
|
||||||
DISPLAY = ":0";
|
|
||||||
URXVT_PERL_LIB = "${urxvt}/lib/urxvt/perl";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
Restart = "always";
|
|
||||||
User = user;
|
|
||||||
ExecStart = "${urxvt}/bin/urxvtd";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
mkIf cfg.enable {
|
|
||||||
environment.systemPackages = [ urxvt ];
|
|
||||||
systemd.services = listToAttrs (map (u: { name = "${u}-urxvtd"; value = mkService u; }) users);
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -129,7 +129,6 @@ myKeyMap =
|
||||||
, ("M4-<Esc>", toggleWS)
|
, ("M4-<Esc>", toggleWS)
|
||||||
, ("M4-S-<Enter>", spawn urxvtcPath)
|
, ("M4-S-<Enter>", spawn urxvtcPath)
|
||||||
, ("M4-x", floatNext True >> spawn urxvtcPath)
|
, ("M4-x", floatNext True >> spawn urxvtcPath)
|
||||||
, ("M4-z", floatNext True >> spawn "${pkgs.termite}/bin/termite")
|
|
||||||
, ("M4-f", floatNext True)
|
, ("M4-f", floatNext True)
|
||||||
, ("M4-b", sendMessage ToggleStruts)
|
, ("M4-b", sendMessage ToggleStruts)
|
||||||
|
|
||||||
|
|
|
@ -143,7 +143,6 @@ with import <stockholm/lib>;
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
|
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
|
||||||
tinc = pkgs.tinc_pre;
|
tinc = pkgs.tinc_pre;
|
||||||
gnupg1compat = super.gnupg1compat.override { gnupg = self.gnupg21; };
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.cron.enable = false;
|
services.cron.enable = false;
|
||||||
|
|
Loading…
Reference in a new issue