diff options
| author | makefu <github@syntax-fehler.de> | 2018-09-13 16:41:25 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2018-09-13 16:41:25 +0200 |
| commit | b830d7476a8f19f968513a219d53c0e091d4a03f (patch) | |
| tree | 261db8acf25fe0d372a2d8d49bf512425fc8ad2f | |
| parent | b658de054d724064a3531de2d4a53a7a28cdc6ac (diff) | |
| parent | d580af7fd9c210f584603aa32318761b4eb3a877 (diff) | |
Merge remote-tracking branch 'lass/master'
55 files changed, 65 insertions, 755 deletions
diff --git a/default.nix b/default.nix index cab55d40a..5ae8e399e 100644 --- a/default.nix +++ b/default.nix @@ -13,10 +13,7 @@ import <nixpkgs/nixos/lib/eval-config.nix> { (attrNames (filterAttrs (_: eq "directory") (readDir (<stockholm> + "/${ns}/1systems")))) (name: let config = import (<stockholm> + "/${ns}/1systems/${name}/config.nix"); - source = import (<stockholm> + "/${ns}/1systems/${name}/source.nix"); in import <nixpkgs/nixos/lib/eval-config.nix> { modules = [ config ]; - } // { - inherit source; }); } diff --git a/jeschli/1systems/bln/source.nix b/jeschli/1systems/bln/source.nix deleted file mode 100644 index 0864fd90c..000000000 --- a/jeschli/1systems/bln/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/jeschli/source.nix> { - name = "bln"; - secure = true; -} diff --git a/jeschli/1systems/bolide/source.nix b/jeschli/1systems/bolide/source.nix deleted file mode 100644 index 0bd7af50f..000000000 --- a/jeschli/1systems/bolide/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/jeschli/source.nix> { - name = "bolide"; - secure = true; -} diff --git a/jeschli/1systems/brauerei/source.nix b/jeschli/1systems/brauerei/source.nix deleted file mode 100644 index 61978768e..000000000 --- a/jeschli/1systems/brauerei/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/jeschli/source.nix> { - name = "brauerei"; - secure = true; -} diff --git a/jeschli/1systems/enklave/source.nix b/jeschli/1systems/enklave/source.nix deleted file mode 100644 index 4f9f37be7..000000000 --- a/jeschli/1systems/enklave/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/jeschli/source.nix> { - name = "enklave"; -} diff --git a/jeschli/1systems/reagenzglas/.source.nix.swp b/jeschli/1systems/reagenzglas/.source.nix.swp Binary files differdeleted file mode 100644 index 8c1a75f39..000000000 --- a/jeschli/1systems/reagenzglas/.source.nix.swp +++ /dev/null diff --git a/jeschli/1systems/reagenzglas/source.nix b/jeschli/1systems/reagenzglas/source.nix deleted file mode 100644 index 7543de6b9..000000000 --- a/jeschli/1systems/reagenzglas/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/jeschli/source.nix> { - name = "reagenzglas"; - secure = true; -} diff --git a/jeschli/source.nix b/jeschli/source.nix deleted file mode 100644 index fc1413ee4..000000000 --- a/jeschli/source.nix +++ /dev/null @@ -1,26 +0,0 @@ -with import <stockholm/lib>; -host@{ name, secure ? false, override ? {} }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "jeschli"; - _file = <stockholm> + "/jeschli/1systems/${name}/source.nix"; - pkgs = import <nixpkgs> { - overlays = map import [ - <stockholm/krebs/5pkgs> - <stockholm/submodules/nix-writers/pkgs> - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; - nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs; - secrets.file = getAttr builder { - buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>; - jeschli = "${getEnv "HOME"}/secrets/${name}"; - }; - stockholm.file = toString <stockholm>; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - } - override - ] diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix index d96963500..5fae60ecc 100644 --- a/krebs/0tests/deploy.nix +++ b/krebs/0tests/deploy.nix @@ -44,11 +44,6 @@ let exec >&2 source=${pkgs.writeJSON "source.json" populate-source} LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" - # TODO: make deploy work - #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ - # --force-populate \ - # --source=${./data/test-source.nix} \ - # --system=server \ ''; minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> { modules = [ diff --git a/krebs/1systems/hotdog/source.nix b/krebs/1systems/hotdog/source.nix deleted file mode 100644 index 0fa61b20f..000000000 --- a/krebs/1systems/hotdog/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "hotdog"; -} diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix deleted file mode 100644 index 91a998de7..000000000 --- a/krebs/1systems/onebutton/source.nix +++ /dev/null @@ -1,13 +0,0 @@ -with import <stockholm/lib>; -let - pkgs = import <nixpkgs> {}; - nixpkgs = builtins.fetchTarball { - url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz; - }; -in import <stockholm/krebs/source.nix> { - name = "onebutton"; - override.nixpkgs = mkForce { - file = toString nixpkgs; - }; - -} diff --git a/krebs/1systems/puyak/source.nix b/krebs/1systems/puyak/source.nix deleted file mode 100644 index a21651899..000000000 --- a/krebs/1systems/puyak/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "puyak"; -} diff --git a/krebs/1systems/test-all-krebs-modules/source.nix b/krebs/1systems/test-all-krebs-modules/source.nix deleted file mode 100644 index 66fdaa773..000000000 --- a/krebs/1systems/test-all-krebs-modules/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-all-krebs-modules"; -} diff --git a/krebs/1systems/test-arch/source.nix b/krebs/1systems/test-arch/source.nix deleted file mode 100644 index bff9d4325..000000000 --- a/krebs/1systems/test-arch/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-arch"; -} diff --git a/krebs/1systems/test-centos6/source.nix b/krebs/1systems/test-centos6/source.nix deleted file mode 100644 index 3693bbb29..000000000 --- a/krebs/1systems/test-centos6/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-centos6"; -} diff --git a/krebs/1systems/test-centos7/source.nix b/krebs/1systems/test-centos7/source.nix deleted file mode 100644 index 44230f08d..000000000 --- a/krebs/1systems/test-centos7/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-centos7"; -} diff --git a/krebs/1systems/test-failing/source.nix b/krebs/1systems/test-failing/source.nix deleted file mode 100644 index 60b77a0a0..000000000 --- a/krebs/1systems/test-failing/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-failing"; -} diff --git a/krebs/1systems/test-minimal-deploy/source.nix b/krebs/1systems/test-minimal-deploy/source.nix deleted file mode 100644 index 032ab12bb..000000000 --- a/krebs/1systems/test-minimal-deploy/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "test-minimal-deploy"; -} diff --git a/krebs/1systems/wolf/source.nix b/krebs/1systems/wolf/source.nix deleted file mode 100644 index c292bfa62..000000000 --- a/krebs/1systems/wolf/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/krebs/source.nix> { - name = "wolf"; -} diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 0aa9288ec..0ee91ae34 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -1,47 +1,11 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; +{ config, ... }: with import <stockholm/lib>; -let - - hostname = config.networking.hostName; - - sourceRepos = [ - "http://cgit.enklave.r/stockholm" - "http://cgit.gum.r/stockholm" - "http://cgit.hotdog.r/stockholm" - "http://cgit.ni.r/stockholm" - "http://cgit.prism.r/stockholm" - ]; - - # usage: build USER HOST - # This executable is meant to be run with <stockholm> as working directory. - # USER is expected to be a subdirectory of the working directory. - build = pkgs.writeDash "build" '' - set -efu - - user=$1 - host=$2 - - result=$(nix-build \ - --argstr name "$host" \ - --argstr target "$HOME"/stockholm-build \ - --attr test \ - --no-build-output \ - --no-out-link \ - --show-trace \ - "$user"/krops.nix \ - ) - - exec "$result" - ''; - - -in { networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; virtualHosts.build = { - serverAliases = [ "build.${hostname}.r" ]; + serverAliases = [ "build.${config.networking.hostName}.r" ]; locations."/".extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -49,155 +13,16 @@ in ''; }; }; - - krebs.buildbot.master = { - slaves = { - testslave = "lasspass"; - }; - change_source.stockholm = concatMapStrings (repo: '' - cs.append( - changes.GitPoller( - "${repo}", - workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True, - project='stockholm', - pollinterval=10 - ) - ) - '') sourceRepos; - scheduler = { - auto-scheduler = '' - sched.append( - schedulers.SingleBranchScheduler( - change_filter=util.ChangeFilter(branch_re=".*"), - treeStableTimer=60, - name="build-all-branches", - builderNames=[ - "hosts", - ] - ) - ) - ''; - force-scheduler = '' - sched.append( - schedulers.ForceScheduler( - name="hosts", - builderNames=[ - "hosts", - ] - ) - ) - ''; - }; - builder_pre = '' - # prepare grab_repo step for stockholm - grab_repo = steps.Git( - repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'), - mode='full', - submodules=True, - ) - ''; - builder = { - hosts = '' - from buildbot import interfaces - from buildbot.steps.shell import ShellCommand - - class StepToStartMoreSteps(ShellCommand): - def __init__(self, **kwargs): - ShellCommand.__init__(self, **kwargs) - - def addBuildSteps(self, steps_factories): - for sf in steps_factories: - step = interfaces.IBuildStepFactory(sf).buildStep() - step.setBuild(self.build) - step.setBuildSlave(self.build.slavebuilder.slave) - step_status = self.build.build_status.addStepWithName(step.name) - step.setStepStatus(step_status) - self.build.steps.append(step) - - def start(self): - props = self.build.getProperties() - hosts = json.loads(props.getProperty('hosts_json')) - for host in hosts: - user = hosts[host]['owner'] - - self.addBuildSteps([steps.ShellCommand( - name=str(host), - env={ - "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", - "NIX_REMOTE": "daemon", - }, - command=[ - "${build}", user, host - ], - timeout=90001, - workdir='build', # TODO figure out why we need this? - )]) - - ShellCommand.start(self) - - - f = util.BuildFactory() - f.addStep(grab_repo) - - f.addStep(steps.SetPropertyFromCommand( - env={ - "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", - "NIX_REMOTE": "daemon", - }, - name="get_hosts", - command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """ - with import <nixpkgs> {}; - let - eval-config = cfg: - import <nixpkgs/nixos/lib/eval-config.nix> { - modules = [ - (import cfg) - ]; - } - ; - - system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here - - ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts; - - filtered-attrs = lib.mapAttrs ( n: v: { - owner = v.owner.name; - }) ci-systems; - - in filtered-attrs - """], - property="hosts_json" - )) - f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here - - bu.append( - util.BuilderConfig( - name="hosts", - slavenames=slavenames, - factory=f - ) - ) - ''; - }; + krebs.ci = { enable = true; - web.enable = true; - irc = { - enable = true; - nick = "build|${hostname}"; - server = "irc.r"; - channels = [ "noise" "xxx" ]; - allowForce = true; + repos = { + stockholm.urls = [ + "http://cgit.enklave.r/stockholm" + "http://cgit.gum.r/stockholm" + "http://cgit.hotdog.r/stockholm" + "http://cgit.ni.r/stockholm" + "http://cgit.prism.r/stockholm" + ]; }; - extraConfig = '' - c['buildbotURL'] = "http://build.${hostname}.r/" - ''; - }; - - krebs.buildbot.slave = { - enable = true; - masterhost = "localhost"; - username = "testslave"; - password = "lasspass"; - packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ]; }; } diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 7b970923d..fafcd72c3 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -49,6 +49,7 @@ with import <stockholm/lib>; users.mutableUsers = false; users.extraUsers.root.openssh.authorizedKeys.keys = [ # TODO + config.krebs.users.jeschli-brauerei.pubkey config.krebs.users.lass.pubkey config.krebs.users.lass-mors.pubkey config.krebs.users.makefu.pubkey diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index cf82401d3..33afb2c0a 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -141,7 +141,7 @@ let enable = true; nick = "build|${hostname}"; server = "irc.r"; - channels = [ "noise" ]; + channels = [ "xxx" "noise" ]; allowForce = true; }; extraConfig = '' diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index 700f9b40d..92a270ef3 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -160,7 +160,7 @@ rec { task-list = buildSimpleReaktorPlugin "task-list" { pattern = "^task-list"; script = pkgs.writeDash "task-list" '' - ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} minimal + ${pkgs.taskwarrior}/bin/task rc:${taskrcFile} export | ${pkgs.jq}/bin/jq -r '.[] | select(.id != 0) | "\(.id) \(.description)"' ''; }; diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix deleted file mode 100644 index c973386d6..000000000 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ /dev/null @@ -1,230 +0,0 @@ -{ pkgs }: let - - stockholm-dir = ../../../..; - - lib = import (stockholm-dir + "/lib"); - - # - # high level commands - # - - cmds.deploy = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target.default = /* sh */ "$system"; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "stockholm.deploy" '' - set -efu - - . ${init.env} - . ${init.proxy "deploy" opts} - - # Use system's nixos-rebuild, which is not self-contained - export PATH=/run/current-system/sw/bin - exec ${utils.with-whatsupnix} \ - nixos-rebuild switch \ - --show-trace \ - -I "$target_path" - ''); - - cmds.get-version = pkgs.writeDash "get-version" '' - set -efu - hostname=''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)} - version=git.$(${pkgs.git}/bin/git describe --always --dirty) - case $version in (*-dirty) - version=$version@$hostname - esac - date=$(${pkgs.coreutils}/bin/date +%y.%m) - echo "$date.$version" - ''; - - cmds.install = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeBash "stockholm.install" '' - set -efu - - . ${init.env} - - if \test "''${using_proxy-}" != true; then - ${pkgs.openssh}/bin/ssh \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null \ - "$target_user@$target_host" -p "$target_port" \ - env target_path=$(${pkgs.quote}/bin/quote "$target_path") \ - sh -s prepare \ - < ${stockholm-dir + "/krebs/4lib/infest/prepare.sh"} - # TODO inline prepare.sh? - fi - - . ${init.proxy "install" opts} - - # these variables get defined by nix-shell (i.e. nix-build) from - # XDG_RUNTIME_DIR and reference the wrong directory (/run/user/0), - # which only exists on / and not at /mnt. - export NIX_BUILD_TOP=/tmp - export TEMPDIR=/tmp - export TEMP=/tmp - export TMPDIR=/tmp - export TMP=/tmp - export XDG_RUNTIME_DIR=/tmp - - export NIXOS_CONFIG="$target_path/nixos-config" - - cd - exec nixos-install - ''); - - cmds.test = pkgs.withGetopt { - force-populate = { default = /* sh */ "false"; switch = true; }; - quiet = { default = /* sh */ "false"; switch = true; }; - source_file = { - default = /* sh */ "$user/1systems/$system/source.nix"; - long = "source"; - }; - system = {}; - target = {}; - user.default = /* sh */ "$LOGNAME"; - } (opts: pkgs.writeDash "stockholm.test" /* sh */ '' - set -efu - - export dummy_secrets=true - - . ${init.env} - . ${init.proxy "test" opts} - - exec ${utils.build} config.system.build.toplevel - ''); - - # - # low level commands - # - - # usage: get-source SOURCE_FILE - cmds.get-source = pkgs.writeDash "stockholm.get-source" '' - set -efu - exec ${pkgs.nix}/bin/nix-instantiate \ - --eval \ - --json \ - --readonly-mode \ - --show-trace \ - --strict \ - "$1" - ''; - - # usage: parse-target [--default=TARGET] TARGET - # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.withGetopt { - default_target = { - long = "default"; - short = "d"; - }; - } (opts: pkgs.writeDash "stockholm.parse-target" '' - set -efu - target=$1; shift - for arg; do echo "$0: bad argument: $arg" >&2; done - if \test $# != 0; then exit 2; fi - exec ${pkgs.jq}/bin/jq \ - -enr \ - --arg default_target "$default_target" \ - --arg target "$target" \ - -f ${pkgs.writeText "stockholm.parse-target.jq" '' - def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { - user: .captures[0].string, - host: .captures[1].string, - port: .captures[2].string, - path: .captures[3].string, - }; - def sanitize: with_entries(select(.value != null)); - ($default_target | parse) + ($target | parse | sanitize) | - . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } - ''} - ''); - - init.env = pkgs.writeText "init.env" /* sh */ '' - - export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - - export quiet - export system - export target - export user - - default_target=root@$system:22/var/src - - export target_object="$( - ${cmds.parse-target} "$target" -d "$default_target" - )" - export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" - export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" - export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" - export target_path="$(echo $target_object | ${pkgs.jq}/bin/jq -r .path)" - export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" - ''; - - init.proxy = command: opts: pkgs.writeText "init.proxy" /* sh */ '' - if \test "''${using_proxy-}" != true; then - - source=$(${cmds.get-source} "$source_file") - qualified_target=$target_user@$target_host:$target_port$target_path - if \test "$force_populate" = true; then - echo "$source" | ${pkgs.populate}/bin/populate --force "$qualified_target" - else - echo "$source" | ${pkgs.populate}/bin/populate "$qualified_target" - fi - - if \test "$target_local" != true; then - exec ${pkgs.openssh}/bin/ssh \ - "$target_user@$target_host" -p "$target_port" \ - cd "$target_path/stockholm" \; \ - NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ - nix-shell --run "$(${pkgs.quote}/bin/quote " - ${lib.concatStringsSep " " (lib.mapAttrsToList - (name: opt: /* sh */ - "${opt.varname}=\$(${pkgs.quote}/bin/quote ${opt.ref})") - opts - )} \ - using_proxy=true \ - ${lib.shell.escape command} \ - $WITHGETOPT_ORIG_ARGS \ - ")" - fi - fi - ''; - - utils.build = pkgs.writeDash "utils.build" '' - set -efu - ${utils.with-whatsupnix} \ - ${pkgs.nix}/bin/nix-build \ - --no-out-link \ - --show-trace \ - -E "with import <stockholm>; $1" \ - -I "$target_path" \ - ''; - - utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' - set -efu - if \test "$quiet" = true; then - "$@" -Q 2>&1 | ${pkgs.whatsupnix}/bin/whatsupnix - else - exec "$@" - fi - ''; - -in - - pkgs.write "stockholm" (lib.mapAttrs' (name: link: - lib.nameValuePair "/bin/${name}" { inherit link; } - ) cmds) diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix new file mode 100644 index 000000000..9533800fd --- /dev/null +++ b/krebs/5pkgs/simple/syncthing-device-id.nix @@ -0,0 +1,49 @@ +{ openssl, writePython2Bin }: + +writePython2Bin "syncthing-device-id" { + flakeIgnore = [ + "E226" + "E302" + "E305" + "E501" + "F401" + ]; +} /* python */ '' + import base64 + import hashlib + import subprocess + import sys + + B32ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' + + def luhn_checksum(data, alphabet=B32ALPHABET): + n = len(alphabet) + number = tuple(alphabet.index(i) for i in reversed(data)) + result = (sum(number[::2]) + + sum(sum(divmod(i * 2, n)) for i in number[1::2])) % n + return alphabet[-result] + + def main(incert): + der_data = subprocess.check_output([ + '${openssl}/bin/openssl', + 'x509', + '-outform', + 'DER', + ], stdin=incert) + data_hash = hashlib.sha256(der_data) + b32_hash = base64.b32encode(data_hash.digest()).decode('ascii') + + result = b32_hash.upper().rstrip('=') + blocks = [result[pos:pos+13] for pos in range(0, len(result), 13)] + result = '''.join(block + luhn_checksum(block) for block in blocks) + + blocks = [result[pos:pos+7] for pos in range(0, len(result), 7)] + print('-'.join(blocks)) + + if __name__ == '__main__': + import argparse + parser = argparse.ArgumentParser(description='Generate syncthing ID from certificate') + parser.add_argument('incert', type=argparse.FileType('rb'), help='Certificate path') + args = parser.parse_args() + main(**vars(args)) +'' diff --git a/krebs/krops.nix b/krebs/krops.nix index 5378d6fb0..e5013ad08 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -18,7 +18,7 @@ stockholm.file = toString ../.; stockholm-version.pipe = toString (pkgs.writeDash "${name}-version" '' set -efu - cd $HOME/stockholm + cd ${lib.escapeShellArg krebs-source.stockholm.file} V=$(${pkgs.coreutils}/bin/date +%y.%m) if test -d .git; then V=$V.git.$(${pkgs.git}/bin/git describe --always --dirty) diff --git a/krebs/source.nix b/krebs/source.nix deleted file mode 100644 index 5b86e89c6..000000000 --- a/krebs/source.nix +++ /dev/null @@ -1,29 +0,0 @@ -with import <stockholm/lib>; -host@{ name, secure ? false, override ? {} }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "krebs"; - _file = <stockholm> + "/krebs/1systems/${name}/source.nix"; - pkgs = import <nixpkgs> { - overlays = map import [ - <stockholm/krebs/5pkgs> - <stockholm/submodules/nix-writers/pkgs> - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; - secrets = getAttr builder { - buildbot.file = toString <stockholm/krebs/0tests/data/secrets>; - krebs.pass = { - dir = "${getEnv "HOME"}/brain"; - name = "krebs-secrets/${name}"; - }; - }; - stockholm.file = toString <stockholm>; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - nixpkgs = (import ./krops.nix { name = ""; }).krebs-source.nixpkgs; - } - override - ] diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix deleted file mode 100644 index d8b979812..000000000 --- a/lass/1systems/blue/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "blue"; - secure = true; -} diff --git a/lass/1systems/cabal/source.nix b/lass/1systems/cabal/source.nix deleted file mode 100644 index 5d9507f3d..000000000 --- a/lass/1systems/cabal/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "cabal"; - secure = true; -} diff --git a/lass/1systems/daedalus/source.nix b/lass/1systems/daedalus/source.nix deleted file mode 100644 index a15ac80c2..000000000 --- a/lass/1systems/daedalus/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "daedalus"; - secure = true; -} diff --git a/lass/1systems/icarus/source.nix b/lass/1systems/icarus/source.nix deleted file mode 100644 index 5b46a44f3..000000000 --- a/lass/1systems/icarus/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "icarus"; - secure = true; -} diff --git a/lass/1systems/littleT/source.nix b/lass/1systems/littleT/source.nix deleted file mode 100644 index a86b8fd10..000000000 --- a/lass/1systems/littleT/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "littleT"; - secure = true; -} diff --git a/lass/1systems/mors/source.nix b/lass/1systems/mors/source.nix deleted file mode 100644 index a9dfa2eb6..000000000 --- a/lass/1systems/mors/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "mors"; - secure = true; -} diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix deleted file mode 100644 index 3dbd6c52b..000000000 --- a/lass/1systems/prism/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -with import <stockholm/lib>; -import <stockholm/lass/source.nix> { - name = "prism"; -} diff --git a/lass/1systems/red/source.nix b/lass/1systems/red/source.nix deleted file mode 100644 index f2bad743c..000000000 --- a/lass/1systems/red/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "red"; - secure = true; -} diff --git a/lass/1systems/shodan/source.nix b/lass/1systems/shodan/source.nix deleted file mode 100644 index be24ae2d5..000000000 --- a/lass/1systems/shodan/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "shodan"; -} diff --git a/lass/1systems/skynet/source.nix b/lass/1systems/skynet/source.nix deleted file mode 100644 index 2aa627f5c..000000000 --- a/lass/1systems/skynet/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "skynet"; - secure = true; -} diff --git a/lass/1systems/uriel/source.nix b/lass/1systems/uriel/source.nix deleted file mode 100644 index 11d6e1c34..000000000 --- a/lass/1systems/uriel/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "uriel"; -} diff --git a/lass/1systems/xerxes/source.nix b/lass/1systems/xerxes/source.nix deleted file mode 100644 index d256b885b..000000000 --- a/lass/1systems/xerxes/source.nix +++ /dev/null @@ -1,5 +0,0 @@ -with import <stockholm/lib>; -import <stockholm/lass/source.nix> { - name = "xerxes"; - secure = true; -} diff --git a/lass/source.nix b/lass/source.nix deleted file mode 100644 index 49f919faf..000000000 --- a/lass/source.nix +++ /dev/null @@ -1,29 +0,0 @@ -with import <stockholm/lib>; -host@{ name, secure ? false, override ? {} }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "lass"; - _file = <stockholm> + "/lass/1systems/${name}/source.nix"; - pkgs = import <nixpkgs> { - overlays = map import [ - <stockholm/krebs/5pkgs> - <stockholm/submodules/nix-writers/pkgs> - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; - nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs; - secrets = getAttr builder { - buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>; - lass.pass = { - dir = "${getEnv "HOME"}/.password-store"; - name = "hosts/${name}"; - }; - }; - stockholm.file = toString <stockholm>; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - } - override - ] diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index b652241bd..0de65cceb 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -20,7 +20,6 @@ brain gen-oath-safe cdrtools - stockholm # nix related nix-repl nix-index diff --git a/makefu/source.nix b/makefu/source.nix index 82a41886b..c350fe72c 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -57,7 +57,7 @@ in stockholm.file = toString <stockholm>; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; + stockholm-version.pipe = "${pkgs.coreutils}/bin/echo derp"; } (mkIf ( musnix ) { musnix.git = { diff --git a/nin/1systems/axon/source.nix b/nin/1systems/axon/source.nix deleted file mode 100644 index 6a40296da..000000000 --- a/nin/1systems/axon/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/nin/source.nix> { - name = "axon"; - secure = true; -} diff --git a/nin/1systems/hiawatha/source.nix b/nin/1systems/hiawatha/source.nix deleted file mode 100644 index a4b366b9c..000000000 --- a/nin/1systems/hiawatha/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/nin/source.nix> { - name = "hiawatha"; - secure = true; -} diff --git a/nin/1systems/onondaga/source.nix b/nin/1systems/onondaga/source.nix deleted file mode 100644 index 60d020222..000000000 --- a/nin/1systems/onondaga/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/nin/source.nix> { - name = "onondaga"; - secure = true; -} diff --git a/nin/source.nix b/nin/source.nix deleted file mode 100644 index a4bf0a98c..000000000 --- a/nin/source.nix +++ /dev/null @@ -1,23 +0,0 @@ -with import <stockholm/lib>; -host@{ name, secure ? false }: let - builder = if getEnv "dummy_secrets" == "true" - then "buildbot" - else "nin"; - _file = <stockholm> + "/nin/1systems/${name}/source.nix"; - pkgs = import <nixpkgs> { - overlays = map import [ - <stockholm/krebs/5pkgs> - <stockholm/submodules/nix-writers/pkgs> - ]; - }; -in - evalSource (toString _file) { - nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; - secrets.file = getAttr builder { - buildbot = toString <stockholm/nin/0tests/dummysecrets>; - nin = "/home/nin/secrets/${name}"; - }; - stockholm.file = toString <stockholm>; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs; - } diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 3695ed3ac..000000000 --- a/shell.nix +++ /dev/null @@ -1,38 +0,0 @@ -let - lib = import ./lib; - pkgs = import <nixpkgs> { - overlays = [ - (import ./krebs/5pkgs) - (import ./submodules/nix-writers/pkgs) - ]; - }; - -in pkgs.stdenv.mkDerivation { - name = "stockholm"; - shellHook = /* sh */ '' - export NIX_PATH=stockholm=${toString ./.}:nixpkgs=${toString <nixpkgs>} - if test -e /nix/var/nix/daemon-socket/socket; then - export NIX_REMOTE=daemon - fi - export PATH=${lib.makeBinPath [ - pkgs.stockholm - ]}''${PATH+:$PATH} - - eval "$(declare -F | ${pkgs.gnused}/bin/sed s/declare/unset/)" - shopt -u no_empty_cmd_completion - unalias -a - - enable -n \ - . [ alias bg bind break builtin caller cd command compgen complete \ - compopt continue dirs disown eval exec false fc fg getopts hash \ - help history jobs kill let local logout mapfile popd printf pushd \ - pwd read readarray readonly shift source suspend test times trap \ - true typeset ulimit umask unalias wait - - exitHandler() { - : - } - - PS1='\[\e[38;5;162m\]\w\[\e[0m\] ' - ''; -} diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix deleted file mode 100644 index 9fd2f668c..000000000 --- a/tv/1systems/alnus/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "alnus"; - override.nixpkgs.git.ref = "d0f0657ca06cc8cb239cb94f430b53bcdf755887"; -} diff --git a/tv/1systems/mu/source.nix b/tv/1systems/mu/source.nix deleted file mode 100644 index 7e148cf36..000000000 --- a/tv/1systems/mu/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "mu"; -} diff --git a/tv/1systems/nomic/source.nix b/tv/1systems/nomic/source.nix deleted file mode 100644 index f173b65a6..000000000 --- a/tv/1systems/nomic/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "nomic"; - secure = true; -} diff --git a/tv/1systems/querel/source.nix b/tv/1systems/querel/source.nix deleted file mode 100644 index 74eab51e4..000000000 --- a/tv/1systems/querel/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "querel"; -} diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix deleted file mode 100644 index 2e9cdeb8a..000000000 --- a/tv/1systems/wu/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "wu"; - secure = true; -} diff --git a/tv/1systems/xu/source.nix b/tv/1systems/xu/source.nix deleted file mode 100644 index 46e1aee90..000000000 --- a/tv/1systems/xu/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "xu"; - secure = true; -} diff --git a/tv/1systems/zu/source.nix b/tv/1systems/zu/source.nix deleted file mode 100644 index 7a5c4f523..000000000 --- a/tv/1systems/zu/source.nix +++ /dev/null @@ -1,4 +0,0 @@ -import <stockholm/tv/source.nix> { - name = "zu"; - secure = true; -} diff --git a/tv/source.nix b/tv/source.nix deleted file mode 100644 index c0df06567..000000000 --- a/tv/source.nix +++ /dev/null @@ -1,37 +0,0 @@ -with import <stockholm/lib>; -{ name -, dummy_secrets ? getEnv "dummy_secrets" == "true" -, override ? {} -, secure ? false -}@host: let - builder = if dummy_secrets then "buildbot" else "tv"; - _file = <stockholm> + "/tv/1systems/${name}/source.nix"; - pkgs = import <nixpkgs> { - overlays = map import [ - <stockholm/krebs/5pkgs> - <stockholm/submodules/nix-writers/pkgs> - ]; - }; -in - evalSource (toString _file) [ - { - nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; - nixpkgs.git = { - ref = mkDefault "7cbf6ca1c84dfc917c1a99524e082fb677501844"; - url = https://github.com/NixOS/nixpkgs; - }; - secrets.file = getAttr builder { - buildbot = toString <stockholm/tv/dummy_secrets>; - tv = "/home/tv/secrets/${name}"; - }; - stockholm.file = toString <stockholm>; - stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; - } - (mkIf (builder == "tv") { - secrets-common.file = "/home/tv/secrets/common"; - }) - (mkIf (builder == "tv" && secure) { - secrets-master.file = "/home/tv/secrets/master"; - }) - override - ] |