Merge branch 'staging/source'

This commit is contained in:
lassulus 2017-07-12 19:11:29 +02:00
commit b19ebc2abd
64 changed files with 401 additions and 280 deletions

View file

@ -12,7 +12,7 @@ export STOCKHOLM_VERSION ?= $(shell \
system ?= $(HOSTNAME) system ?= $(HOSTNAME)
$(if $(system),,$(error unbound variable: system)) $(if $(system),,$(error unbound variable: system))
nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system)/config.nix
ifneq ($(words $(wildcard $(nixos-config))),1) ifneq ($(words $(wildcard $(nixos-config))),1)
$(error bad nixos-config: $(nixos-config)) $(error bad nixos-config: $(nixos-config))
endif endif

View file

@ -14,16 +14,9 @@ with import <stockholm/lib>;
default = "/nix/var/nix/profiles/system"; default = "/nix/var/nix/profiles/system";
}; };
source = mkOption {
type = types.attrsOf types.source;
default = {};
};
# TODO deprecate krebs.build.user # TODO deprecate krebs.build.user
user = mkOption { user = mkOption {
type = types.user; type = types.user;
}; };
}; };
config.krebs.build.source.stockholm.file = mkDefault (toString <stockholm>);
} }

View file

@ -14,15 +14,30 @@
# #
# 1 Usage error; arguments couldn't be parsed. # 1 Usage error; arguments couldn't be parsed.
# #
# 2 Build error; at least one failed derivation could be found. # 2 Nix error; input looks like Nix failed.
#
# 3 Build error; at least one failed derivation could be found.
# #
failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX) tmpdir=$(mktemp -d --tmpdir whatsupnix.XXXXXXXX)
trap 'rm -f -- "$failed_drvs"' EXIT failed_drvs=$tmpdir/failed_drvs; touch "$failed_drvs"
nix_errors=$tmpdir/nix_errors; touch "$nix_errors"
cleanup() {
rm "$failed_drvs"
rm "$nix_errors"
rmdir "$tmpdir"
}
trap cleanup EXIT
exec >&2 exec >&2
gawk -v failed_drvs="$failed_drvs" ' gawk \
-v failed_drvs="$failed_drvs" \
-v nix_errors="$nix_errors" \
'
/^(\033\[31;1m)?error:/ {
print $0 >> nix_errors
}
match($0, /^builder for (\/nix\/store\/[^]+\.drv) failed/, m) { match($0, /^builder for (\/nix\/store\/[^]+\.drv) failed/, m) {
print m[1] >> failed_drvs print m[1] >> failed_drvs
} }
@ -73,8 +88,10 @@ while read -r drv; do
echo echo
done < "$failed_drvs" done < "$failed_drvs"
if test -s "$failed_drvs"; then if test -s "$nix_errors"; then
exit 2 exit 2
elif test -s "$failed_drvs"; then
exit 3
else else
exit 0 exit 0
fi fi

View file

@ -1,18 +1,17 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
ip = config.krebs.build.host.nets.internet.ip4.addr; ip = config.krebs.build.host.nets.internet.ip4.addr;
in { in {
imports = [ imports = [
../. <stockholm/lass>
../2configs/retiolum.nix <stockholm/lass/2configs/retiolum.nix>
../2configs/os-templates/CAC-CentOS-7-64bit.nix <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
../2configs/exim-retiolum.nix <stockholm/lass/2configs/exim-retiolum.nix>
../2configs/git.nix <stockholm/lass/2configs/git.nix>
../2configs/realwallpaper.nix <stockholm/lass/2configs/realwallpaper.nix>
../2configs/privoxy-retiolum.nix <stockholm/lass/2configs/privoxy-retiolum.nix>
{ {
networking.interfaces.enp2s1.ip4 = [ networking.interfaces.enp2s1.ip4 = [
{ {

View file

@ -0,0 +1,3 @@
import <stockholm/lass/source.nix> {
name = "cloudkrebs";
}

View file

@ -2,11 +2,10 @@
{ {
imports = [ imports = [
../. <stockholm/lass>
../2configs/retiolum.nix <stockholm/lass/2configs/retiolum.nix>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
#../2configs/exim-retiolum.nix <stockholm/lass/2configs/git.nix>
../2configs/git.nix
{ {
boot.loader.grub = { boot.loader.grub = {
device = "/dev/vda"; device = "/dev/vda";
@ -56,7 +55,7 @@
} }
{ {
imports = [ imports = [
../2configs/websites/fritz.nix <stockholm/lass/2configs/websites/fritz.nix>
]; ];
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; } { predicate = "-p tcp --dport http"; target = "ACCEPT"; }

View file

@ -0,0 +1,3 @@
import <stockholm/lass/source.nix> {
name = "dishfire";
}

View file

@ -1,22 +1,20 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; inherit (import <stockholm/lass/4lib> { inherit pkgs lib; }) getDefaultGateway;
ip = config.krebs.build.host.nets.internet.ip4.addr; ip = config.krebs.build.host.nets.internet.ip4.addr;
in { in {
imports = [ imports = [
../. <stockholm/lass>
../2configs/retiolum.nix <stockholm/lass/2configs/retiolum.nix>
../2configs/os-templates/CAC-CentOS-7-64bit.nix <stockholm/lass/2configs/os-templates/CAC-CentOS-7-64bit.nix>
../2configs/exim-retiolum.nix <stockholm/lass/2configs/exim-retiolum.nix>
../2configs/realwallpaper.nix <stockholm/lass/2configs/realwallpaper.nix>
../2configs/privoxy-retiolum.nix <stockholm/lass/2configs/privoxy-retiolum.nix>
../2configs/git.nix <stockholm/lass/2configs/git.nix>
#../2configs/redis.nix <stockholm/lass/2configs/go.nix>
../2configs/go.nix <stockholm/lass/2configs/ircd.nix>
../2configs/ircd.nix <stockholm/lass/2configs/newsbot-js.nix>
../2configs/newsbot-js.nix
{ {
networking.interfaces.enp2s1.ip4 = [ networking.interfaces.enp2s1.ip4 = [
{ {
@ -34,9 +32,6 @@ in {
sound.enable = false; sound.enable = false;
} }
{ {
imports = [
../3modules/dnsmasq.nix
];
lass.dnsmasq = { lass.dnsmasq = {
enable = true; enable = true;
config = '' config = ''

View file

@ -0,0 +1,3 @@
import <stockholm/lass/source.nix> {
name = "echelon";
}

View file

@ -1,19 +1,18 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with import <stockholm/lib>;
{ {
imports = [ imports = [
../. <stockholm/lass>
../2configs/retiolum.nix <stockholm/lass/2configs/retiolum.nix>
../2configs/hw/tp-x220.nix <stockholm/lass/2configs/hw/tp-x220.nix>
../2configs/git.nix <stockholm/lass/2configs/git.nix>
../2configs/exim-retiolum.nix <stockholm/lass/2configs/exim-retiolum.nix>
../2configs/baseX.nix <stockholm/lass/2configs/baseX.nix>
../2configs/browsers.nix <stockholm/lass/2configs/browsers.nix>
../2configs/programs.nix <stockholm/lass/2configs/programs.nix>
../2configs/fetchWallpaper.nix <stockholm/lass/2configs/fetchWallpaper.nix>
../2configs/backups.nix <stockholm/lass/2configs/backups.nix>
../2configs/games.nix <stockholm/lass/2configs/games.nix>
]; ];
krebs.build.host = config.krebs.hosts.icarus; krebs.build.host = config.krebs.hosts.icarus;

View file

@ -0,0 +1,4 @@
import <stockholm/lass/source.nix> {
name = "icarus";
secure = true;
}

View file

@ -4,12 +4,11 @@ with import <stockholm/lib>;
{ {
imports = [ imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
../../krebs <stockholm/krebs>
../3modules <stockholm/lass/3modules>
../5pkgs <stockholm/lass/5pkgs>
../2configs/mc.nix <stockholm/lass/2configs/mc.nix>
../2configs/nixpkgs.nix <stockholm/lass/2configs/vim.nix>
../2configs/vim.nix
{ {
# /dev/stderr doesn't work. I don't know why # /dev/stderr doesn't work. I don't know why
# /proc/self doesn't seem to work correctly # /proc/self doesn't seem to work correctly

View file

@ -3,28 +3,27 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
imports = [ imports = [
../. <stockholm/lass>
../2configs/retiolum.nix <stockholm/lass/2configs/retiolum.nix>
../2configs/hw/tp-x220.nix <stockholm/lass/2configs/hw/tp-x220.nix>
../2configs/baseX.nix <stockholm/lass/2configs/baseX.nix>
../2configs/exim-retiolum.nix <stockholm/lass/2configs/exim-retiolum.nix>
../2configs/programs.nix <stockholm/lass/2configs/programs.nix>
../2configs/bitcoin.nix <stockholm/lass/2configs/bitcoin.nix>
../2configs/browsers.nix <stockholm/lass/2configs/browsers.nix>
../2configs/games.nix <stockholm/lass/2configs/games.nix>
../2configs/pass.nix <stockholm/lass/2configs/pass.nix>
../2configs/elster.nix <stockholm/lass/2configs/elster.nix>
../2configs/steam.nix <stockholm/lass/2configs/steam.nix>
../2configs/wine.nix <stockholm/lass/2configs/wine.nix>
../2configs/git.nix <stockholm/lass/2configs/git.nix>
../2configs/virtualbox.nix <stockholm/lass/2configs/virtualbox.nix>
../2configs/fetchWallpaper.nix <stockholm/lass/2configs/fetchWallpaper.nix>
#../2configs/c-base.nix <stockholm/lass/2configs/mail.nix>
../2configs/mail.nix <stockholm/lass/2configs/repo-sync.nix>
../2configs/repo-sync.nix <stockholm/lass/2configs/ircd.nix>
../2configs/ircd.nix <stockholm/lass/2configs/logf.nix>
../2configs/logf.nix <stockholm/lass/2configs/syncthing.nix>
../2configs/syncthing.nix
{ {
#risk of rain port #risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [

View file

@ -0,0 +1,4 @@
import <stockholm/lass/source.nix> {
name = "mors";
secure = true;
}

View file

@ -4,13 +4,9 @@ with import <stockholm/lib>;
let let
ip = config.krebs.build.host.nets.internet.ip4.addr; ip = config.krebs.build.host.nets.internet.ip4.addr;
inherit (import <stockholm/lass/2configs/websites/util.nix> {inherit lib pkgs;})
manageCerts
;
in { in {
imports = [ imports = [
../. <stockholm/lass>
{ {
networking.interfaces.et0.ip4 = [ networking.interfaces.et0.ip4 = [
{ {
@ -26,33 +22,33 @@ in {
SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0"
''; '';
} }
../2configs/retiolum.nix <stockholm/lass/2configs/retiolum.nix>
../2configs/exim-smarthost.nix <stockholm/lass/2configs/exim-smarthost.nix>
../2configs/downloading.nix <stockholm/lass/2configs/downloading.nix>
../2configs/ts3.nix <stockholm/lass/2configs/ts3.nix>
../2configs/bitlbee.nix <stockholm/lass/2configs/bitlbee.nix>
../2configs/weechat.nix <stockholm/lass/2configs/weechat.nix>
../2configs/privoxy-retiolum.nix <stockholm/lass/2configs/privoxy-retiolum.nix>
../2configs/radio.nix <stockholm/lass/2configs/radio.nix>
../2configs/buildbot-standalone.nix <stockholm/lass/2configs/buildbot-standalone.nix>
../2configs/repo-sync.nix <stockholm/lass/2configs/repo-sync.nix>
../2configs/binary-cache/server.nix <stockholm/lass/2configs/binary-cache/server.nix>
../2configs/iodined.nix <stockholm/lass/2configs/iodined.nix>
../2configs/libvirt.nix <stockholm/lass/2configs/libvirt.nix>
../2configs/hfos.nix <stockholm/lass/2configs/hfos.nix>
../2configs/makefu-sip.nix <stockholm/lass/2configs/makefu-sip.nix>
../2configs/monitoring/server.nix <stockholm/lass/2configs/monitoring/server.nix>
../2configs/monitoring/monit-alarms.nix <stockholm/lass/2configs/monitoring/monit-alarms.nix>
../2configs/paste.nix <stockholm/lass/2configs/paste.nix>
../2configs/syncthing.nix <stockholm/lass/2configs/syncthing.nix>
../2configs/coders-irc.nix <stockholm/lass/2configs/coders-irc.nix>
../2configs/ciko.nix <stockholm/lass/2configs/ciko.nix>
{ {
lass.pyload.enable = true; lass.pyload.enable = true;
} }
{ {
imports = [ imports = [
../2configs/bepasty.nix <stockholm/lass/2configs/bepasty.nix>
]; ];
krebs.bepasty.servers."paste.r".nginx.extraConfig = '' krebs.bepasty.servers."paste.r".nginx.extraConfig = ''
if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) {
@ -170,8 +166,8 @@ in {
} }
{ {
imports = [ imports = [
../2configs/websites/domsen.nix <stockholm/lass/2configs/websites/domsen.nix>
../2configs/websites/lassulus.nix <stockholm/lass/2configs/websites/lassulus.nix>
]; ];
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; } { predicate = "-p tcp --dport http"; target = "ACCEPT"; }
@ -195,7 +191,7 @@ in {
} }
{ {
imports = [ imports = [
../2configs/realwallpaper.nix <stockholm/lass/2configs/realwallpaper.nix>
]; ];
services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = ''
alias /var/realwallpaper/realwallpaper.png; alias /var/realwallpaper/realwallpaper.png;

View file

@ -0,0 +1,3 @@
import <stockholm/lass/source.nix> {
name = "prism";
}

View file

@ -3,17 +3,17 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
imports = [ imports = [
../. <stockholm/lass>
../2configs/retiolum.nix <stockholm/lass/2configs/retiolum.nix>
../2configs/hw/tp-x220.nix <stockholm/lass/2configs/hw/tp-x220.nix>
../2configs/baseX.nix <stockholm/lass/2configs/baseX.nix>
../2configs/git.nix <stockholm/lass/2configs/git.nix>
../2configs/exim-retiolum.nix <stockholm/lass/2configs/exim-retiolum.nix>
../2configs/browsers.nix <stockholm/lass/2configs/browsers.nix>
../2configs/programs.nix <stockholm/lass/2configs/programs.nix>
../2configs/fetchWallpaper.nix <stockholm/lass/2configs/fetchWallpaper.nix>
../2configs/backups.nix <stockholm/lass/2configs/backups.nix>
../2configs/wine.nix <stockholm/lass/2configs/wine.nix>
#{ #{
# users.extraUsers = { # users.extraUsers = {
# root = { # root = {

View file

@ -0,0 +1,3 @@
import <stockholm/lass/source.nix> {
name = "shodan";
}

View file

@ -4,9 +4,9 @@ with builtins;
with import <stockholm/lib>; with import <stockholm/lib>;
{ {
imports = [ imports = [
../. <stockholm/lass>
../2configs/retiolum.nix <stockholm/lass/2configs/retiolum.nix>
../2configs/exim-retiolum.nix <stockholm/lass/2configs/exim-retiolum.nix>
{ {
# locke config # locke config
i18n.defaultLocale ="de_DE.UTF-8"; i18n.defaultLocale ="de_DE.UTF-8";

View file

@ -0,0 +1,3 @@
import <stockholm/lass/source.nix> {
name = "uriel";
}

View file

@ -6,7 +6,6 @@ with import <stockholm/lib>;
../2configs/binary-cache/client.nix ../2configs/binary-cache/client.nix
../2configs/gc.nix ../2configs/gc.nix
../2configs/mc.nix ../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/vim.nix ../2configs/vim.nix
../2configs/monitoring/client.nix ../2configs/monitoring/client.nix
./htop.nix ./htop.nix
@ -72,16 +71,7 @@ with import <stockholm/lib>;
krebs = { krebs = {
enable = true; enable = true;
search-domain = "r"; search-domain = "r";
build = { build.user = config.krebs.users.lass;
user = config.krebs.users.lass;
source = let inherit (config.krebs.build) host; in {
nixos-config.symlink = "stockholm/lass/1systems/${host.name}.nix";
secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/lass/2configs/tests/dummy-secrets>
else "/home/lass/secrets/${host.name}";
};
};
}; };
nix.useSandbox = true; nix.useSandbox = true;

View file

@ -1,8 +0,0 @@
{ ... }:
{
krebs.build.source.nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
ref = "d72efac";
};
}

View file

@ -1,6 +1,7 @@
_: _:
{ {
imports = [ imports = [
./dnsmasq.nix
./ejabberd ./ejabberd
./folderPerms.nix ./folderPerms.nix
./hosts.nix ./hosts.nix

24
lass/source.nix Normal file
View file

@ -0,0 +1,24 @@
with import <stockholm/lib>;
host@{ name, secure ? false }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "lass";
_file = <stockholm> + "/lass/1systems/${name}/source.nix";
in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
secrets.file = getAttr builder {
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;
lass = "/home/lass/secrets/${name}";
};
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://cgit.lassul.us/nixpkgs;
# nixos-17.03
# + copytoram:
# 87a4615 & 334ac4f
# + acme permissions for groups
# fd7a8f1
ref = "0aac3fc";
};
}

View file

@ -1,6 +1,9 @@
let let
nixpkgs-lib = import <nixpkgs/lib>; nixpkgs-lib = import <nixpkgs/lib>;
lib = with lib; nixpkgs-lib // builtins // { lib = with lib; nixpkgs-lib // builtins // {
evalSource = import ./eval-source.nix;
git = import ./git.nix { inherit lib; }; git = import ./git.nix { inherit lib; };
shell = import ./shell.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; };
types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; };

15
lib/eval-source.nix Normal file
View file

@ -0,0 +1,15 @@
with import <stockholm/lib>;
let
eval = _file: source: evalModules {
modules = singleton {
inherit _file;
imports = map (source: { inherit source; }) (toList source);
options.source = mkOption {
type = types.attrsOf types.source;
default = {};
};
};
};
in
# This function's return value can be used as pkgs.populate input.
_file: source: (eval _file source).config.source

View file

@ -3,7 +3,7 @@ let
en = { enable = true;}; en = { enable = true;};
in { in {
imports = [ imports = [
../. <stockholm/shared>
]; ];
krebs = { krebs = {
enable = true; enable = true;

View file

@ -0,0 +1,3 @@
import <stockholm/shared/source.nix> {
name = "test-all-krebs-modules";
}

View file

@ -2,7 +2,7 @@
{ {
imports = [ imports = [
../. <stockholm/shared>
{ {
boot.loader.grub = { boot.loader.grub = {
device = "/dev/sda"; device = "/dev/sda";

View file

@ -0,0 +1,3 @@
import <stockholm/shared/source.nix> {
name = "test-arch";
}

View file

@ -7,8 +7,8 @@ let
gw = "168.235.148.1"; gw = "168.235.148.1";
in { in {
imports = [ imports = [
../. <stockholm/shared>
../2configs/os-templates/CAC-CentOS-6.5-64bit.nix <stockholm/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix>
{ {
networking.interfaces.enp11s0.ip4 = [ networking.interfaces.enp11s0.ip4 = [
{ {

View file

@ -0,0 +1,3 @@
import <stockholm/shared/source.nix> {
name = "test-centos6";
}

View file

@ -1,16 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) head;
in {
imports = [
../.
../2configs/os-templates/CAC-CentOS-7-64bit.nix
../2configs/temp/networking.nix
../2configs/temp/dirs.nix
];
sound.enable = false;
krebs.build.host = config.krebs.hosts.test-centos7;
}

View file

@ -0,0 +1,16 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) head;
in {
imports = [
<stockholm/shared>
<stockholm/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix>
<stockholm/shared/2configs/temp/networking.nix>
<stockholm/shared/2configs/temp/dirs.nix>
];
sound.enable = false;
krebs.build.host = config.krebs.hosts.test-centos7;
}

View file

@ -0,0 +1,3 @@
import <stockholm/shared/source.nix> {
name = "test-centos7";
}

View file

@ -2,7 +2,7 @@
{ {
imports = [ imports = [
../. <stockholm/shared>
]; ];
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
programs.ssh.startAgent = false; programs.ssh.startAgent = false;

View file

@ -0,0 +1,3 @@
import <stockholm/shared/source.nix> {
name = "test-failing";
}

View file

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [
../. <stockholm/shared>
]; ];
krebs = { krebs = {
enable = true; enable = true;

View file

@ -0,0 +1,3 @@
import <stockholm/shared/source.nix> {
name = "test-minimal-deploy";
}

View file

@ -4,24 +4,24 @@ let
in in
{ {
imports = [ imports = [
../. <stockholm/shared>
<nixpkgs/nixos/modules/profiles/qemu-guest.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/collectd-base.nix <stockholm/shared/2configs/collectd-base.nix>
../2configs/central-stats-client.nix <stockholm/shared/2configs/central-stats-client.nix>
../2configs/save-diskspace.nix <stockholm/shared/2configs/save-diskspace.nix>
../2configs/cgit-mirror.nix <stockholm/shared/2configs/cgit-mirror.nix>
../2configs/graphite.nix <stockholm/shared/2configs/graphite.nix>
../2configs/repo-sync.nix <stockholm/shared/2configs/repo-sync.nix>
../2configs/shared-buildbot.nix <stockholm/shared/2configs/shared-buildbot.nix>
../2configs/shack/worlddomination.nix <stockholm/shared/2configs/shack/worlddomination.nix>
../2configs/shack/drivedroid.nix <stockholm/shared/2configs/shack/drivedroid.nix>
# ../2configs/shack/nix-cacher.nix # <stockholm/shared/2configs/shack/nix-cacher.nix>
../2configs/shack/mqtt_sub.nix <stockholm/shared/2configs/shack/mqtt_sub.nix>
../2configs/shack/muell_caller.nix <stockholm/shared/2configs/shack/muell_caller.nix>
../2configs/shack/radioactive.nix <stockholm/shared/2configs/shack/radioactive.nix>
../2configs/shack/share.nix <stockholm/shared/2configs/shack/share.nix>
]; ];
# use your own binary cache, fallback use cache.nixos.org (which is used by # use your own binary cache, fallback use cache.nixos.org (which is used by
@ -43,6 +43,7 @@ in
}; };
nix = { nix = {
# use the up to date prism cache
binaryCaches = [ binaryCaches = [
"http://cache.prism.r" "http://cache.prism.r"
"https://cache.nixos.org/" "https://cache.nixos.org/"

View file

@ -0,0 +1,3 @@
import <stockholm/shared/source.nix> {
name = "wolf";
}

View file

@ -7,18 +7,6 @@ with import <stockholm/lib>;
# TODO rename shared user to "krebs" # TODO rename shared user to "krebs"
krebs.build.user = mkDefault config.krebs.users.shared; krebs.build.user = mkDefault config.krebs.users.shared;
krebs.build.source = let inherit (config.krebs.build) host user; in {
nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17
};
secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/shared/6tests/data/secrets>
else "${getEnv "HOME"}/secrets/krebs/${host.name}";
stockholm.file = getEnv "PWD";
};
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;

19
shared/source.nix Normal file
View file

@ -0,0 +1,19 @@
with import <stockholm/lib>;
host@{ name, secure ? false }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "shared";
_file = <stockholm> + "/shared/1systems/${name}/source.nix";
in
evalSource (toString _file) {
nixos-config.symlink = "stockholm/shared/1systems/${name}/config.nix";
secrets.file = getAttr builder {
buildbot = toString <stockholm/shared/6tests/data/secrets>;
lass = "${getEnv "HOME"}/secrets/krebs/${host.name}";
};
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "72c9ed78d0b1d9d5f531805ddf5bf06bfd447614"; # nixos-17.03 @ 2017-06-17
};
}

View file

@ -43,9 +43,11 @@ let
''; '';
init.env = pkgs.writeText "init.env" /* sh */ '' init.env = pkgs.writeText "init.env" /* sh */ ''
config=''${config-$LOGNAME/1systems/$system.nix} config=''${config-$LOGNAME/1systems/$system/config.nix}
source=''${source-$LOGNAME/1systems/$system/source.nix}
export config export config
export source
export system export system
export target export target
@ -85,18 +87,19 @@ let
}; };
populate = pkgs.writeDash "init.env.populate" '' populate = pkgs.writeDash "init.env.populate" ''
set -efu set -efu
${pkgs.nix}/bin/nix-instantiate \ _source=$(${pkgs.nix}/bin/nix-instantiate \
--eval \ --eval \
--json \ --json \
--readonly-mode \ --readonly-mode \
--show-trace \ --show-trace \
--strict \ --strict \
-I nixos-config="$config" \ -I nixos-config="$config" \
-E 'with import <stockholm>; config.krebs.build.source' \ "$source")
| echo $_source |
${pkgs.populate}/bin/populate \ ${pkgs.populate}/bin/populate \
"$target_user@$target_host:$target_port$target_path" \ "$target_user@$target_host:$target_port$target_path" \
>&2 >&2
unset _source
''; '';
proxy = pkgs.writeDash "init.env.proxy" '' proxy = pkgs.writeDash "init.env.proxy" ''
set -efu set -efu
@ -109,7 +112,7 @@ let
NIX_PATH=$(q "$target_path") \ NIX_PATH=$(q "$target_path") \
STOCKHOLM_VERSION=$STOCKHOLM_VERSION \ STOCKHOLM_VERSION=$STOCKHOLM_VERSION \
nix-shell \ nix-shell \
--command $(q \ --run $(q \
config=$config \ config=$config \
system=$system \ system=$system \
target=$target \ target=$target \

View file

@ -4,10 +4,10 @@ with import <stockholm/lib>;
{ {
imports = [ imports = [
../. <stockholm/tv>
../2configs/hw/x220.nix <stockholm/tv/2configs/hw/x220.nix>
../2configs/exim-retiolum.nix <stockholm/tv/2configs/exim-retiolum.nix>
../2configs/retiolum.nix <stockholm/tv/2configs/retiolum.nix>
]; ];
# TODO remove non-hardware stuff from ../2configs/hw/x220.nix # TODO remove non-hardware stuff from ../2configs/hw/x220.nix
@ -58,7 +58,6 @@ with import <stockholm/lib>;
krebs.build = { krebs.build = {
host = config.krebs.hosts.alnus; host = config.krebs.hosts.alnus;
user = mkForce config.krebs.users.dv; user = mkForce config.krebs.users.dv;
source.nixpkgs.git.ref = mkForce "9b948ea439ddbaa26740ce35543e7e35d2aa6d18";
}; };
networking.networkmanager.enable = true; networking.networkmanager.enable = true;

View file

@ -0,0 +1,4 @@
import <stockholm/tv/source.nix> {
name = "alnus";
override.nixpkgs.git.ref = "9b948ea439ddbaa26740ce35543e7e35d2aa6d18";
}

View file

@ -6,10 +6,10 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.caxi; krebs.build.host = config.krebs.hosts.caxi;
imports = [ imports = [
../. <stockholm/tv>
../2configs/hw/CAC-Developer-1.nix <stockholm/tv/2configs/hw/CAC-Developer-1.nix>
../2configs/fs/CAC-CentOS-7-64bit.nix <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix>
../2configs/retiolum.nix <stockholm/tv/2configs/retiolum.nix>
]; ];
networking = let networking = let

View file

@ -0,0 +1,3 @@
import <stockholm/tv/source.nix> {
name = "caxi";
}

View file

@ -6,11 +6,11 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.cd; krebs.build.host = config.krebs.hosts.cd;
imports = [ imports = [
../. <stockholm/tv>
../2configs/hw/CAC-Developer-2.nix <stockholm/tv/2configs/hw/CAC-Developer-2.nix>
../2configs/fs/CAC-CentOS-7-64bit.nix <stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix>
../2configs/exim-smarthost.nix <stockholm/tv/2configs/exim-smarthost.nix>
../2configs/retiolum.nix <stockholm/tv/2configs/retiolum.nix>
]; ];
networking = { networking = {

View file

@ -0,0 +1,3 @@
import <stockholm/tv/source.nix> {
name = "cd";
}

View file

@ -4,11 +4,11 @@ with import <stockholm/lib>;
{ {
imports = [ imports = [
../../krebs <stockholm/krebs>
../2configs <stockholm/tv/2configs>
../3modules <stockholm/tv/3modules>
../2configs/exim-retiolum.nix <stockholm/tv/2configs/exim-retiolum.nix>
../2configs/retiolum.nix <stockholm/tv/2configs/retiolum.nix>
]; ];
krebs.build.host = config.krebs.hosts.mu; krebs.build.host = config.krebs.hosts.mu;

View file

@ -0,0 +1,3 @@
import <stockholm/tv/source.nix> {
name = "mu";
}

View file

@ -6,16 +6,16 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.nomic; krebs.build.host = config.krebs.hosts.nomic;
imports = [ imports = [
../. <stockholm/tv>
../2configs/hw/x220.nix <stockholm/tv/2configs/hw/x220.nix>
../2configs/exim-retiolum.nix <stockholm/tv/2configs/exim-retiolum.nix>
../2configs/gitrepos.nix <stockholm/tv/2configs/gitrepos.nix>
../2configs/im.nix <stockholm/tv/2configs/im.nix>
../2configs/mail-client.nix <stockholm/tv/2configs/mail-client.nix>
../2configs/nginx/public_html.nix <stockholm/tv/2configs/nginx/public_html.nix>
../2configs/pulse.nix <stockholm/tv/2configs/pulse.nix>
../2configs/retiolum.nix <stockholm/tv/2configs/retiolum.nix>
../2configs/xserver <stockholm/tv/2configs/xserver>
]; ];
boot.initrd.luks = { boot.initrd.luks = {

View file

@ -0,0 +1,4 @@
import <stockholm/tv/source.nix> {
name = "nomic";
secure = true;
}

View file

@ -0,0 +1,3 @@
import <stockholm/tv/source.nix> {
name = "test";
}

View file

@ -6,17 +6,17 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.wu; krebs.build.host = config.krebs.hosts.wu;
imports = [ imports = [
../. <stockholm/tv>
../2configs/hw/w110er.nix <stockholm/tv/2configs/hw/w110er.nix>
../2configs/exim-retiolum.nix <stockholm/tv/2configs/exim-retiolum.nix>
../2configs/gitrepos.nix <stockholm/tv/2configs/gitrepos.nix>
../2configs/im.nix <stockholm/tv/2configs/im.nix>
../2configs/mail-client.nix <stockholm/tv/2configs/mail-client.nix>
../2configs/man.nix <stockholm/tv/2configs/man.nix>
../2configs/nginx/public_html.nix <stockholm/tv/2configs/nginx/public_html.nix>
../2configs/pulse.nix <stockholm/tv/2configs/pulse.nix>
../2configs/retiolum.nix <stockholm/tv/2configs/retiolum.nix>
../2configs/xserver <stockholm/tv/2configs/xserver>
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# root # root

View file

@ -0,0 +1,4 @@
import <stockholm/tv/source.nix> {
name = "wu";
secure = true;
}

View file

@ -6,18 +6,18 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.xu; krebs.build.host = config.krebs.hosts.xu;
imports = [ imports = [
../. <stockholm/tv>
../2configs/hw/x220.nix <stockholm/tv/2configs/hw/x220.nix>
../2configs/exim-retiolum.nix <stockholm/tv/2configs/exim-retiolum.nix>
../2configs/gitconfig.nix <stockholm/tv/2configs/gitconfig.nix>
../2configs/gitrepos.nix <stockholm/tv/2configs/gitrepos.nix>
../2configs/mail-client.nix <stockholm/tv/2configs/mail-client.nix>
../2configs/man.nix <stockholm/tv/2configs/man.nix>
../2configs/nginx/public_html.nix <stockholm/tv/2configs/nginx/public_html.nix>
../2configs/pulse.nix <stockholm/tv/2configs/pulse.nix>
../2configs/retiolum.nix <stockholm/tv/2configs/retiolum.nix>
../2configs/binary-cache <stockholm/tv/2configs/binary-cache>
../2configs/xserver <stockholm/tv/2configs/xserver>
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

View file

@ -0,0 +1,4 @@
import <stockholm/tv/source.nix> {
name = "xu";
secure = true;
}

View file

@ -12,16 +12,16 @@ with import <stockholm/lib>;
default = {}; default = {};
}; };
} }
../. <stockholm/tv>
../2configs/hw/x220.nix <stockholm/tv/2configs/hw/x220.nix>
../2configs/exim-retiolum.nix <stockholm/tv/2configs/exim-retiolum.nix>
../2configs/gitrepos.nix <stockholm/tv/2configs/gitrepos.nix>
../2configs/mail-client.nix <stockholm/tv/2configs/mail-client.nix>
../2configs/man.nix <stockholm/tv/2configs/man.nix>
../2configs/nginx/public_html.nix <stockholm/tv/2configs/nginx/public_html.nix>
../2configs/pulse.nix <stockholm/tv/2configs/pulse.nix>
../2configs/retiolum.nix <stockholm/tv/2configs/retiolum.nix>
../2configs/xserver <stockholm/tv/2configs/xserver>
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

View file

@ -0,0 +1,4 @@
import <stockholm/tv/source.nix> {
name = "zu";
secure = true;
}

View file

@ -6,23 +6,7 @@ with import <stockholm/lib>;
in { in {
krebs.enable = true; krebs.enable = true;
krebs.build = { krebs.build.user = config.krebs.users.tv;
user = config.krebs.users.tv;
source = let inherit (config.krebs.build) host; in {
nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix";
secrets.file = getAttr builder {
buildbot = toString <stockholm/tv/dummy_secrets>;
tv = "/home/tv/secrets/${host.name}";
};
secrets-common.file = "/home/tv/secrets/common";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "057f89b9344e5341796046f25ae4f269be6d4529"; # nixos-17.03
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";
};
};
networking.hostName = config.krebs.build.host.name; networking.hostName = config.krebs.build.host.name;

View file

@ -11,7 +11,7 @@
networking.wireless.enable = true; networking.wireless.enable = true;
# Required for Centrino. # Required for Centrino.
hardware.enableAllFirmware = true; hardware.enableRedistributableFirmware = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ]; hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];

27
tv/source.nix Normal file
View file

@ -0,0 +1,27 @@
with import <stockholm/lib>;
host@{ name, secure ? false, override ? {} }: let
builder = if getEnv "dummy_secrets" == "true"
then "buildbot"
else "tv";
_file = <stockholm> + "/tv/1systems/${name}/source.nix";
in
evalSource (toString _file) [
{
nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
nixpkgs.git = {
# nixos-17.03
ref = mkDefault "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102";
url = https://github.com/NixOS/nixpkgs;
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/tv/dummy_secrets>;
tv = "/home/tv/secrets/${name}";
};
secrets-common.file = "/home/tv/secrets/common";
stockholm.file = toString <stockholm>;
}
(mkIf secure {
secrets-master.file = "/home/tv/secrets/master";
})
override
]