Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
e1e16e0d5d
|
@ -5,7 +5,7 @@ let
|
|||
|
||||
out = {
|
||||
options.krebs.setuid = api;
|
||||
config = imp;
|
||||
config = mkIf (cfg != {}) imp;
|
||||
};
|
||||
|
||||
api = mkOption {
|
||||
|
|
|
@ -43,6 +43,13 @@ prepare() {(
|
|||
exit
|
||||
esac
|
||||
;;
|
||||
stockholm)
|
||||
case $(cat /proc/cmdline) in
|
||||
*' root=LABEL=NIXOS_ISO '*)
|
||||
prepare_nixos_iso "$@"
|
||||
exit
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
elif test -e /etc/centos-release; then
|
||||
case $(cat /etc/centos-release) in
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{ pass, writeOut, writeDash, ... }:
|
||||
|
||||
writeOut "brain" {
|
||||
"/bin/brain-pass".link = writeDash "brain-pass" ''
|
||||
"/bin/brain".link = writeDash "brain" ''
|
||||
PASSWORD_STORE_DIR=$HOME/brain \
|
||||
exec ${pass}/bin/pass $@
|
||||
'';
|
||||
"/bin/brain-passmenu".link = writeDash "brain-passmenu" ''
|
||||
"/bin/brainmenu".link = writeDash "brainmenu" ''
|
||||
PASSWORD_STORE_DIR=$HOME/brain \
|
||||
exec ${pass}/bin/passmenu $@
|
||||
'';
|
||||
|
|
|
@ -21,7 +21,6 @@ with import <stockholm/lib>;
|
|||
coreutils = pkgs.symlinkJoin {
|
||||
name = "coreutils-hack";
|
||||
paths = [
|
||||
pkgs.coreutils
|
||||
(pkgs.writeDashBin "tee" ''
|
||||
if test "$1" = /dev/stderr; then
|
||||
while read -r line; do
|
||||
|
@ -32,6 +31,7 @@ with import <stockholm/lib>;
|
|||
${super.coreutils}/bin/tee "$@"
|
||||
fi
|
||||
'')
|
||||
pkgs.coreutils
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -17,7 +17,7 @@ with import <stockholm/lib>;
|
|||
../2configs/steam.nix
|
||||
../2configs/wine.nix
|
||||
../2configs/git.nix
|
||||
../2configs/libvirt.nix
|
||||
../2configs/virtualbox.nix
|
||||
../2configs/fetchWallpaper.nix
|
||||
#../2configs/c-base.nix
|
||||
../2configs/mail.nix
|
||||
|
@ -156,15 +156,6 @@ with import <stockholm/lib>;
|
|||
#activationScripts
|
||||
#split up and move into base
|
||||
system.activationScripts.powertopTunables = ''
|
||||
#Enable Audio codec power management
|
||||
echo '1' > '/sys/module/snd_hda_intel/parameters/power_save'
|
||||
#VM writeback timeout
|
||||
echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs'
|
||||
#Autosuspend for USB device Broadcom Bluetooth Device [Broadcom Corp]
|
||||
#echo 'auto' > '/sys/bus/usb/devices/1-1.4/power/control'
|
||||
#Autosuspend for USB device Biometric Coprocessor
|
||||
#echo 'auto' > '/sys/bus/usb/devices/1-1.3/power/control'
|
||||
|
||||
#Runtime PMs
|
||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:02.0/power/control'
|
||||
echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control'
|
||||
|
@ -183,6 +174,7 @@ with import <stockholm/lib>;
|
|||
|
||||
environment.systemPackages = with pkgs; [
|
||||
acronym
|
||||
brain
|
||||
cac-api
|
||||
sshpass
|
||||
get
|
||||
|
|
|
@ -46,6 +46,10 @@ in {
|
|||
../2configs/paste.nix
|
||||
../2configs/syncthing.nix
|
||||
../2configs/coders-irc.nix
|
||||
../2configs/ciko.nix
|
||||
{
|
||||
lass.pyload.enable = true;
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
../2configs/bepasty.nix
|
||||
|
|
|
@ -32,7 +32,7 @@ in {
|
|||
stockholm_repo,
|
||||
workdir='stockholm-poller', branches=True,
|
||||
project='stockholm',
|
||||
pollinterval=120
|
||||
pollinterval=10
|
||||
)
|
||||
)
|
||||
'';
|
||||
|
@ -44,7 +44,7 @@ in {
|
|||
change_filter=util.ChangeFilter(branch_re=".*"),
|
||||
treeStableTimer=10,
|
||||
name="build-all-branches",
|
||||
builderNames=["build-hosts", "build-pkgs"]
|
||||
builderNames=["build-hosts"]
|
||||
)
|
||||
)
|
||||
'';
|
||||
|
@ -77,6 +77,11 @@ in {
|
|||
"NIX_REMOTE": "daemon",
|
||||
"dummy_secrets": "true",
|
||||
}
|
||||
env_tv = {
|
||||
"LOGNAME": "tv",
|
||||
"NIX_REMOTE": "daemon",
|
||||
"dummy_secrets": "true",
|
||||
}
|
||||
|
||||
# prepare nix-shell
|
||||
# the dependencies which are used by the test script
|
||||
|
@ -91,6 +96,7 @@ in {
|
|||
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
|
||||
nixshell = [
|
||||
"nix-shell",
|
||||
"-I", "/var/src",
|
||||
"-I", "stockholm=.",
|
||||
"-p"
|
||||
] + deps + [ "--run" ]
|
||||
|
@ -103,45 +109,31 @@ in {
|
|||
build-hosts = ''
|
||||
f = util.BuildFactory()
|
||||
f.addStep(grab_repo)
|
||||
for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_shared,
|
||||
command=nixshell + \
|
||||
["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
|
||||
make NIX_PATH=$HOME/$LOGNAME test method=build \
|
||||
target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
|
||||
system={}".format(i)
|
||||
]
|
||||
|
||||
def build_host(env, host):
|
||||
addShell(f,name="build-{}".format(i),env=env,
|
||||
command=nixshell + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
|
||||
echo $HOME; echo $LOGNAME; \
|
||||
test -e $HOME/$LOGNAME/nixpkgs || cp -r /var/src/nixpkgs $HOME/$LOGNAME/; \
|
||||
make NIX_PATH=$HOME/$LOGNAME:secrets=/var/src/stockholm/null test method=build \
|
||||
target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
|
||||
system={}".format(host)]
|
||||
)
|
||||
|
||||
for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]:
|
||||
build_host(env_tv, i)
|
||||
|
||||
for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_lass,
|
||||
command=nixshell + \
|
||||
["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
|
||||
make NIX_PATH=$HOME/$LOGNAME test method=build \
|
||||
target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
|
||||
system={}".format(i)
|
||||
]
|
||||
)
|
||||
build_host(env_lass, i)
|
||||
|
||||
for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_makefu,
|
||||
command=nixshell + \
|
||||
["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
|
||||
make NIX_PATH=$HOME/$LOGNAME test method=build \
|
||||
target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
|
||||
system={}".format(i)
|
||||
]
|
||||
)
|
||||
build_host(env_makefu, i)
|
||||
|
||||
for i in [ "hiawatha", "onondaga" ]:
|
||||
addShell(f,name="build-{}".format(i),env=env_nin,
|
||||
command=nixshell + \
|
||||
["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
|
||||
make NIX_PATH=$HOME/$LOGNAME test method=build \
|
||||
target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
|
||||
system={}".format(i)
|
||||
]
|
||||
)
|
||||
build_host(env_nin, i)
|
||||
|
||||
for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
|
||||
build_host(env_shared, i)
|
||||
|
||||
bu.append(
|
||||
util.BuilderConfig(
|
||||
|
@ -152,63 +144,6 @@ in {
|
|||
)
|
||||
|
||||
'';
|
||||
|
||||
build-pkgs = ''
|
||||
f = util.BuildFactory()
|
||||
f.addStep(grab_repo)
|
||||
for i in [
|
||||
"apt-cacher-ng",
|
||||
"bepasty-client-cli",
|
||||
"cac-api",
|
||||
"cac-cert",
|
||||
"cac-panel",
|
||||
"charybdis",
|
||||
"collectd-connect-time",
|
||||
"dic",
|
||||
"drivedroid-gen-repo",
|
||||
"exim",
|
||||
"fortclientsslvpn",
|
||||
"get",
|
||||
"git-hooks",
|
||||
"github-hosts-sync",
|
||||
"go",
|
||||
"hashPassword",
|
||||
"haskellPackages.blessings",
|
||||
"haskellPackages.email-header",
|
||||
"haskellPackages.scanner",
|
||||
"haskellPackages.xmonad-stockholm",
|
||||
"krebspaste",
|
||||
"logf",
|
||||
"much",
|
||||
"newsbot-js",
|
||||
"noVNC",
|
||||
"ovh-zone",
|
||||
"passwdqc-utils",
|
||||
"populate",
|
||||
"posix-array",
|
||||
"pssh",
|
||||
"push",
|
||||
"Reaktor",
|
||||
"realwallpaper",
|
||||
"repo-sync",
|
||||
"retiolum-bootstrap",
|
||||
"tarantool",
|
||||
"test",
|
||||
"tinc_graphs",
|
||||
"translate-shell",
|
||||
"urlwatch",
|
||||
"with-tmpdir",
|
||||
"youtube-tools",
|
||||
]:
|
||||
addShell(f,name="build-{}".format(i),env=env_lass,
|
||||
command=nixshell + \
|
||||
["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
|
||||
make system=prism pkgs.{}".format(i)])
|
||||
|
||||
bu.append(util.BuilderConfig(name="build-pkgs",
|
||||
workernames=workernames,
|
||||
factory=f))
|
||||
'';
|
||||
};
|
||||
enable = true;
|
||||
web.enable = true;
|
||||
|
@ -230,9 +165,6 @@ in {
|
|||
username = "testworker";
|
||||
password = "lasspass";
|
||||
packages = with pkgs; [ gnumake jq nix populate ];
|
||||
extraEnviron = {
|
||||
NIX_PATH="/var/src";
|
||||
};
|
||||
};
|
||||
config.krebs.iptables = {
|
||||
tables = {
|
||||
|
|
23
lass/2configs/ciko.nix
Normal file
23
lass/2configs/ciko.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
users.users.ciko = {
|
||||
uid = genid_signed "ciko";
|
||||
description = "acc for ciko";
|
||||
home = "/home/ciko";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
|
||||
];
|
||||
};
|
||||
krebs.exim-smarthost = {
|
||||
internet-aliases = [
|
||||
{ from = "*@slash16.net"; to = "ciko"; }
|
||||
];
|
||||
sender_domains = [
|
||||
"slash16.net"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
@ -8,7 +8,6 @@ with import <stockholm/lib>;
|
|||
htop = pkgs.symlinkJoin {
|
||||
name = "htop";
|
||||
paths = [
|
||||
super.htop
|
||||
(pkgs.writeDashBin "htop" ''
|
||||
export HTOPRC=${pkgs.writeText "htoprc" ''
|
||||
fields=0 48 17 18 38 39 40 2 46 47 49 1
|
||||
|
@ -38,6 +37,7 @@ with import <stockholm/lib>;
|
|||
''}
|
||||
exec ${super.htop}/bin/htop "$@"
|
||||
'')
|
||||
super.htop
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -116,10 +116,10 @@ let
|
|||
mutt = pkgs.symlinkJoin {
|
||||
name = "mutt";
|
||||
paths = [
|
||||
pkgs.neomutt
|
||||
(pkgs.writeDashBin "mutt" ''
|
||||
exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
|
||||
'')
|
||||
pkgs.neomutt
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -325,7 +325,6 @@ in {
|
|||
(pkgs.symlinkJoin {
|
||||
name = "mc";
|
||||
paths = [
|
||||
pkgs.mc
|
||||
(pkgs.writeDashBin "mc" ''
|
||||
export MC_DATADIR=${pkgs.writeOut "mc-ext" {
|
||||
"/mc.ext".link = mcExt;
|
||||
|
@ -334,6 +333,7 @@ in {
|
|||
export TERM=xterm-256color
|
||||
exec ${pkgs.mc}/bin/mc -S xoria256 "$@"
|
||||
'')
|
||||
pkgs.mc
|
||||
];
|
||||
})
|
||||
];
|
||||
|
|
|
@ -10,10 +10,10 @@ let
|
|||
mpv = pkgs.symlinkJoin {
|
||||
name = "mpv";
|
||||
paths = [
|
||||
pkgs.mpv
|
||||
(pkgs.writeDashBin "mpv" ''
|
||||
exec ${pkgs.mpv}/bin/mpv --no-config --script=${scripts} "$@"
|
||||
'')
|
||||
pkgs.mpv
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
{
|
||||
krebs.build.source.nixpkgs.git = {
|
||||
url = https://cgit.lassul.us/nixpkgs;
|
||||
ref = "0a4db15";
|
||||
ref = "4847963";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -132,7 +132,10 @@ in {
|
|||
|
||||
krebs.Reaktor.playlist = {
|
||||
nickname = "the_playlist|r";
|
||||
channels = [ "#the_playlist" ];
|
||||
channels = [
|
||||
"#the_playlist"
|
||||
"#krebs"
|
||||
];
|
||||
extraEnviron = {
|
||||
REAKTOR_HOST = "irc.freenode.org";
|
||||
};
|
||||
|
|
|
@ -35,17 +35,16 @@ in {
|
|||
"apanowicz.de"
|
||||
"nirwanabluete.de"
|
||||
"aldonasiech.com"
|
||||
"360gradvideo.tv"
|
||||
"ubikmedia.eu"
|
||||
"facts.cloud"
|
||||
"youthtube.xyz"
|
||||
"illucloud.eu"
|
||||
"illucloud.de"
|
||||
"illucloud.com"
|
||||
"joemisch.com"
|
||||
"www.apanowicz.de"
|
||||
"www.nirwanabluete.de"
|
||||
"www.aldonasiech.com"
|
||||
"www.360gradvideo.tv"
|
||||
"www.ubikmedia.eu"
|
||||
"www.facts.cloud"
|
||||
"www.youthtube.xyz"
|
||||
|
@ -62,7 +61,6 @@ in {
|
|||
"karlaskop.ubikmedia.de"
|
||||
"nb.ubikmedia.de"
|
||||
"youthtube.ubikmedia.de"
|
||||
"joemisch.com"
|
||||
])
|
||||
];
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ with import <stockholm/lib>;
|
|||
../2configs/rad1o.nix
|
||||
|
||||
# services
|
||||
#../2configs/git/brain-retiolum.nix
|
||||
../2configs/git/brain-retiolum.nix
|
||||
../2configs/tor.nix
|
||||
../2configs/steam.nix
|
||||
# ../2configs/buildbot-standalone.nix
|
||||
|
|
|
@ -22,7 +22,7 @@ with import <stockholm/lib>;
|
|||
user = config.krebs.users.makefu;
|
||||
source = let
|
||||
inherit (config.krebs.build) host user;
|
||||
ref = "a772c3a"; # unstable @ 2017-05-09 + graceful requests2
|
||||
ref = "7a7c39c"; # unstable @ 2017-05-09 + graceful requests2 + logstash5
|
||||
in {
|
||||
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
|
||||
{
|
||||
|
|
30
makefu/2configs/deployment/dirctator.nix
Normal file
30
makefu/2configs/deployment/dirctator.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
port = 18872;
|
||||
runit = pkgs.writeDash "runit" ''
|
||||
set -xeuf
|
||||
export PULSE_COOKIE=/var/run/pulse/.config/pulse/cookie
|
||||
echo "$@" | sed 's/^dirctator://' | ${pkgs.espeak}/bin/espeak -v mb-de7 2>&1 | tee -a /tmp/speak
|
||||
'';
|
||||
in {
|
||||
services.logstash = {
|
||||
package = pkgs.logstash5;
|
||||
enable = true;
|
||||
inputConfig = ''
|
||||
irc {
|
||||
channels => [ "#krebs", "#afra" ]
|
||||
host => "irc.freenode.net"
|
||||
nick => "dirctator"
|
||||
}
|
||||
'';
|
||||
filterConfig = ''
|
||||
'';
|
||||
outputConfig = ''
|
||||
stdout { codec => rubydebug }
|
||||
exec { command => "${runit} '%{message}" }
|
||||
'';
|
||||
plugins = [ ];
|
||||
};
|
||||
}
|
57
makefu/2configs/git/brain-retiolum.nix
Normal file
57
makefu/2configs/git/brain-retiolum.nix
Normal file
|
@ -0,0 +1,57 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
# TODO: remove tv lib :)
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
|
||||
repos = krebs-repos;
|
||||
rules = concatMap krebs-rules (attrValues krebs-repos);
|
||||
|
||||
krebs-repos = mapAttrs make-krebs-repo {
|
||||
brain = { };
|
||||
};
|
||||
|
||||
|
||||
make-krebs-repo = with git; name: { cgit ? {}, ... }: {
|
||||
inherit cgit name;
|
||||
public = false;
|
||||
hooks = {
|
||||
post-receive = pkgs.git-hooks.irc-announce {
|
||||
nick = config.networking.hostName;
|
||||
verbose = true;
|
||||
channel = "#retiolum";
|
||||
# TODO remove the hardcoded hostname
|
||||
server = "ni.r";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
# TODO: get the list of all krebsministers
|
||||
krebsminister = with config.krebs.users; [ lass tv ];
|
||||
krebs-rules = repo:
|
||||
set-owners repo [ config.krebs.users.makefu ] ++ set-ro-access repo krebsminister;
|
||||
|
||||
set-ro-access = with git; repo: user:
|
||||
optional repo.public {
|
||||
inherit user;
|
||||
repo = [ repo ];
|
||||
perm = fetch;
|
||||
};
|
||||
|
||||
set-owners = with git;repo: user:
|
||||
singleton {
|
||||
inherit user;
|
||||
repo = [ repo ];
|
||||
perm = push "refs/*" [ non-fast-forward create delete merge ];
|
||||
};
|
||||
|
||||
in {
|
||||
krebs.git = {
|
||||
enable = true;
|
||||
cgit = {
|
||||
enable = false;
|
||||
};
|
||||
inherit repos rules;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue