diff options
34 files changed, 754 insertions, 362 deletions
@@ -1,7 +1,8 @@ # # usage: -# make system=foo -# make systems='foo bar' +# make infest system=foo [target=bar] +# make [deploy] system=foo [target=bar] +# make [deploy] systems='foo bar' # make eval get=tv.wu.config.time.timeZone [filter=json] # @@ -11,6 +12,7 @@ ifdef systems $(systems): @ + unset target parallel \ --line-buffer \ -j0 \ @@ -20,7 +22,7 @@ $(systems): else ifdef system .PHONY: deploy infest deploy infest:;@ - export get=$$LOGNAME.${system}.config.krebs.build.scripts.$@ + export get=krebs.$@ export filter=json make -s eval | sh @@ -39,8 +41,11 @@ endif --eval \ -A "$$get" \ '<stockholm>' \ - --argstr user-name "$$LOGNAME" \ - --argstr host-name "$$HOSTNAME" \ + --argstr current-date "$$(date -Is)" \ + --argstr current-host-name "$$HOSTNAME" \ + --argstr current-user-name "$$LOGNAME" \ + $${system+--argstr system "$$system"} \ + $${target+--argstr target "$$target"} \ | filter else $(error unbound variable: system[s]) diff --git a/default.nix b/default.nix index 64c69a2f4..c6a635c29 100644 --- a/default.nix +++ b/default.nix @@ -1,35 +1,34 @@ -{ user-name, host-name }: +{ current-date +, current-host-name +, current-user-name +}: let lib = import <nixpkgs/lib>; krebs-modules-path = ./krebs/3modules; krebs-pkgs-path = ./krebs/5pkgs; - user-modules-path = ./. + "/${user-name}/3modules"; - user-pkgs-path = ./. + "/${user-name}/5pkgs"; + user-modules-path = ./. + "/${current-user-name}/3modules"; + user-pkgs-path = ./. + "/${current-user-name}/5pkgs"; out = - (lib.mapAttrs (k: v: mk-namespace (./. + "/${k}")) - (lib.filterAttrs - (k: v: !lib.hasPrefix "." k && v == "directory") - (builtins.readDir ./.))); + lib.mapAttrs (_: builtins.getAttr "main") + (lib.filterAttrs (_: builtins.hasAttr "main") + (lib.mapAttrs + (k: v: + if lib.hasPrefix "." k || v != "directory" then + {} + else if builtins.pathExists (./. + "/${k}/default.nix") then + { main = import (./. + "/${k}"); } + else if builtins.pathExists (./. + "/${k}/1systems") then + { main = mk-namespace (./. + "/${k}"); } + else + {}) + (builtins.readDir ./.))); eval = path: import <nixpkgs/nixos/lib/eval-config.nix> { system = builtins.currentSystem; modules = [ - ({ config, ... }: - with import ./krebs/4lib { inherit lib; }; - { - options.krebs.exec.host = mkOption { - type = types.host; - default = config.krebs.hosts.${host-name}; - }; - options.krebs.exec.user = mkOption { - type = types.user; - default = config.krebs.users.${user-name}; - }; - } - ) path krebs-modules-path user-modules-path diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix new file mode 100644 index 000000000..57495ea69 --- /dev/null +++ b/krebs/3modules/build.nix @@ -0,0 +1,72 @@ +{ config, lib, ... }: + +with import ../4lib { inherit lib; }; + +let + target = config.krebs.build // { user.name = "root"; }; + + out = { + # TODO deprecate krebs.build.host + options.krebs.build.host = mkOption { + type = types.host; + }; + + # TODO make krebs.build.profile shell safe + options.krebs.build.profile = mkOption { + type = types.str; + default = "/nix/var/nix/profiles/system"; + }; + + # TODO make krebs.build.target.host :: host + options.krebs.build.target = mkOption { + type = with types; nullOr str; + default = null; + }; + + # TODO deprecate krebs.build.user + options.krebs.build.user = mkOption { + type = types.user; + }; + + options.krebs.build.source.dir = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + host = mkOption { + type = types.host; + }; + path = mkOption { + type = types.str; + }; + target-path = mkOption { + type = types.str; + default = "/root/${config._module.args.name}"; + }; + url = mkOption { + type = types.str; + default = "file://${config.host.name}${config.path}"; + }; + }; + })); + default = {}; + }; + + options.krebs.build.source.git = mkOption { + type = with types; attrsOf (submodule ({ config, ... }: { + options = { + url = mkOption { + type = types.str; # TODO must be shell safe + }; + rev = mkOption { + type = types.str; + }; + target-path = mkOption { + type = types.str; + default = "/root/${config._module.args.name}"; + }; + }; + })); + default = {}; + }; + }; + +in out diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix deleted file mode 100644 index 4d2f36a02..000000000 --- a/krebs/3modules/build/default.nix +++ /dev/null @@ -1,269 +0,0 @@ -{ config, lib, ... }: - -with import ../../4lib { inherit lib; }; - -let - target = config.krebs.build // { user.name = "root"; }; - - out = { - # TODO deprecate krebs.build.host - options.krebs.build.host = mkOption { - type = types.host; - }; - - # TODO make krebs.build.profile shell safe - options.krebs.build.profile = mkOption { - type = types.str; - default = "/nix/var/nix/profiles/system"; - }; - - # TODO make krebs.build.target.host :: host - options.krebs.build.target = mkOption { - type = with types; nullOr str; - default = null; - }; - - # TODO deprecate krebs.build.user - options.krebs.build.user = mkOption { - type = types.user; - }; - - options.krebs.build.scripts.deploy = lib.mkOption { - type = lib.types.str; - default = '' - set -efu - (${config.krebs.build.scripts._source}) - ${ssh-target '' - ${config.krebs.build.scripts._nix-env} - ${config.krebs.build.profile}/bin/switch-to-configuration switch - ''} - echo OK - ''; - }; - - options.krebs.build.scripts.infest = lib.mkOption { - type = lib.types.str; - default = '' - set -efu - - export RSYNC_RSH; RSYNC_RSH="$(type -p ssh) \ - -o 'HostName ${target.host.infest.addr}' \ - -o 'Port ${toString target.host.infest.port}' \ - " - ssh() { - eval "$RSYNC_RSH \"\$@\"" - } - - ${ssh-target '' - ${readFile ./infest/prepare.sh} - ${readFile ./infest/install-nix.sh} - ''} - - (${config.krebs.build.scripts._source}) - - ${ssh-target '' - export PATH; PATH=/root/.nix-profile/bin:$PATH - - src=$(type -p nixos-install) - cat_src() { - sed < "$src" "$( - sed < "$src" -n ' - /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/= - /^nixpkgs=/= - /^NIX_PATH=/,/^$/{/./=} - ' \ - | sed 's:$:s/^/#krebs#/:' - )" - } - - # Location to insert config.krebs.build.scripts._nix-env - i=$(sed -n '/^echo "building the system configuration/=' "$src") - - { - cat_src | sed -n "1,$i{p}" - cat ${doc config.krebs.build.scripts._nix-env} - cat_src | sed -n "$i,\''${$i!p}" - } > nixos-install - chmod +x nixos-install - - # Wrap inserted config.krebs.build.scripts._nix-env into chroot. - nix_env=$(cat_src | sed -n ' - s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q - ') - echo nix-env is $nix_env - sed -i ' - s:^nix-env:chroot $mountPoint '"$nix_env"': - ' nixos-install - - ./nixos-install - - ${readFile ./infest/finalize.sh} - ''} - ''; - }; - - options.krebs.build.scripts._nix-env = lib.mkOption { - type = lib.types.str; - default = '' - set -efu - NIX_PATH=${config.krebs.build.source.NIX_PATH} \ - nix-env \ - -f '<stockholm>' \ - -Q \ - --argstr user-name ${config.krebs.exec.user.name} \ - --argstr host-name ${target.host.name} \ - --profile ${config.krebs.build.profile} \ - --set \ - -A ${lib.escapeShellArg (lib.concatStringsSep "." [ - config.krebs.build.user.name - config.krebs.build.host.name - "system" - ])} - ''; - }; - - options.krebs.build.scripts._source = lib.mkOption { - type = lib.types.str; - default = '' - set -efu - ${ - lib.concatStringsSep "\n" - (lib.mapAttrsToList - (name: { scripts, url, ... }: "(${scripts._source})") - (config.krebs.build.source.dir // - config.krebs.build.source.git)) - } - ''; - }; - - options.krebs.build.source.NIX_PATH = mkOption { - type = types.str; - default = - lib.concatStringsSep ":" - (lib.mapAttrsToList (name: _: "${name}=/root/${name}") - (config.krebs.build.source.dir // - config.krebs.build.source.git)); - }; - - options.krebs.build.source.dir = mkOption { - type = - let - exec = config.krebs.exec; - in - types.attrsOf (types.submodule ({ config, ... }: - let - url = "file://${config.host.name}${config.path}"; - - can-link = config.host.name == target.host.name; - can-push = config.host.name == exec.host.name; - - push-method = '' - rsync \ - --exclude .git \ - --exclude .graveyard \ - --exclude old \ - --exclude tmp \ - --rsync-path='mkdir -p ${config.target-path} && rsync' \ - --delete-excluded \ - -vrLptgoD \ - ${config.path}/ \ - ${target.user.name}@${target.host.name}:${config.target-path} - ''; - in - { - options = { - host = mkOption { - type = types.host; - description = '' - define the host where the directory is stored on. - XXX: currently it is just used to check if rsync is working, - becomes part of url - ''; - }; - path = mkOption { - type = types.str; - }; - scripts._source = mkOption { - type = types.str; - default = - #if can-link then link-method else - if can-push then push-method else - throw "cannot source ${url}"; - }; - target-path = mkOption { - type = types.str; - default = "/root/${config._module.args.name}"; - }; - url = mkOption { - type = types.str; - default = "file://${config.host.name}${config.path}"; - }; - }; - } - )); - default = {}; - }; - - options.krebs.build.source.git = mkOption { - type = - let - target = config.krebs.build // { user.name = "root"; }; - in - with types; attrsOf (submodule ({ config, ... }: - { - options = { - url = mkOption { - type = types.str; # TODO must be shell safe - }; - rev = mkOption { - type = types.str; - }; - scripts._source = mkOption { - type = types.str; - default = ssh-target '' - mkdir -p ${config.target-path} - cd ${config.target-path} - if ! test -e .git; then - git init - fi - if ! cur_url=$(git config remote.origin.url 2>/dev/null); then - git remote add origin ${config.url} - elif test "$cur_url" != ${config.url}; then - git remote set-url origin ${config.url} - fi - if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then - git fetch origin - git checkout ${config.rev} -- . - git checkout -q ${config.rev} - git submodule init - git submodule update - fi - git clean -dxf - ''; - }; - target-path = mkOption { - type = types.str; - default = "/root/${config._module.args.name}"; - }; - }; - } - )); - default = {}; - }; - }; - - doc = s: - let b = "EOF${hashString "sha256" s}"; in - '' - <<\${b} - ${s} - ${b} - ''; - - ssh-target = script: - "ssh root@${target.host.name} -T ${doc '' - set -efu - ${script} - ''}"; - -in out diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index dc30b9c50..2d3b7b077 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -6,7 +6,7 @@ let out = { imports = [ - ./build + ./build.nix ./exim-retiolum.nix ./exim-smarthost.nix ./github-hosts-sync.nix @@ -84,13 +84,16 @@ let mapAttrsToList (hostname: host: mapAttrsToList (netname: net: let - aliases = toString (unique (longs ++ shorts)); + aliases = longs ++ shorts; providers = dns.split-by-provider net.aliases cfg.dns.providers; longs = providers.hosts; - shorts = map (removeSuffix ".${cfg.search-domain}") longs; + shorts = + map (removeSuffix ".${cfg.search-domain}") + (filter (hasSuffix ".${cfg.search-domain}") + longs); in - map (addr: "${addr} ${aliases}") net.addrs - ) host.nets + map (addr: "${addr} ${toString aliases}") net.addrs + ) (filterAttrs (name: host: host.aliases != []) host.nets) ) cfg.hosts )); @@ -100,6 +103,36 @@ let ([cfg.zone-head-config] ++ combined-hosts) ; combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones; + + services.openssh.hostKeys = + let inherit (config.krebs.build.host.ssh) privkey; in + mkIf (privkey != null) (mkForce [privkey]); + + services.openssh.knownHosts = + mapAttrs + (name: host: { + hostNames = + concatLists + (mapAttrsToList + (net-name: net: + let + aliases = shorts ++ longs; + longs = net.aliases; + shorts = + map (removeSuffix ".${cfg.search-domain}") + (filter (hasSuffix ".${cfg.search-domain}") + longs); + add-port = a: + if net.ssh.port != null + then "[${a}]:${toString net.ssh.port}" + else a; + in + aliases ++ map add-port net.addrs) + host.nets); + + publicKey = host.ssh.pubkey; + }) + (filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts); } ]; @@ -110,7 +143,7 @@ let dc = "lass"; #dc = "cac"; nets = rec { internet = { - addrs4 = ["162.248.8.63"]; + addrs4 = ["104.233.84.57"]; aliases = [ "echelon.internet" ]; @@ -125,12 +158,42 @@ let ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78 - DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A - IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K - N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t - cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq - UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB + MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ + oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX + MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f + 4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA + n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p + do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + fastpoke = { + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["193.22.164.36"]; + aliases = [ + "fastpoke.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.253.152"]; + addrs6 = ["42:422a:194f:ff3b:e196:2f82:5cf5:bc00"]; + aliases = [ + "fastpoke.retiolum" + "cgit.fastpoke.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAs4p5xsQYx06v+OkUbc09K6voFAbkvO66QdFoM71E10XyCeLP6iuq + DaIOFN4GrPR36pgyjqtJ+62G9uR+WsB/y14eio1p1ivDWgcpt5soOZAH5zVRRD9O + FBDlgVNwIJ6stMHy6OenEKWsfEiZRN3XstnqAqyykzjddglth1tJntn6kbZehzNQ + ezfIyN4XgaX2fhSu+UnAyLcV8wWnF9cMABjz7eKcSmRJgtG4ZiuDkbgiiEew7+pB + EPqOVQ80lJvzQKgO4PmVoAjD9A+AHnmLJNPDQQi8nIVilGCT60IX+XT1rt85Zpdy + rEaeriw/qsVJnberAhDAdQYYuM1ai2H5swIDAQAB -----END RSA PUBLIC KEY----- ''; }; @@ -501,6 +564,7 @@ let "cgit.cd.viljetic.de" "cd.krebsco.de" ]; + ssh.port = 11423; }; retiolum = { via = internet; @@ -527,6 +591,8 @@ let ''; }; }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; }; mkdir = rec { cores = 1; @@ -534,7 +600,7 @@ let infest.addr = head nets.internet.addrs4; nets = rec { internet = { - addrs4 = ["104.233.84.102"]; + addrs4 = ["104.233.84.215"]; aliases = [ "mkdir.internet" ]; @@ -559,6 +625,35 @@ let ''; }; }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw"; + }; + ire = { + nets = { + internet = { + addrs4 = ["198.147.22.115"]; + ssh.port = 11423; + }; + retiolum = { + addrs4 = ["10.243.231.66"]; + addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"]; + aliases = [ + "ire.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwofjmP/XBf5pwsJlWklkSzI+Bo0I0B9ONc7/j+zpbmMRkwbWk4X7 + rVLt1cWvTY15ujg2u8l0o6OgEbIkc6rslkD603fv1sEAd0KOv7iKLgRpE9qfSvAt + 6YpiSv+mxEMTpH0g36OmBfOJ10uT+iHDB/FfxmgGJx//jdJADzLjjWC6ID+iGkGU + 1Sf+yHXF7HRmQ29Yak8LYVCJpGC5bQfWIMSL5lujLq4NchY2d+NZDkuvh42Ayr0K + LPflnPBQ3XnKHKtSsnFR2vaP6q+d3Opsq/kzBnAkjL26jEuFK1v7P/HhNhJoPzwu + nKKWj/W/k448ce374k5ycjvKm0c6baAC/wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + ssh.port = 11423; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY"; }; nomic = { cores = 2; @@ -584,6 +679,7 @@ let }; }; secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09"; }; rmdir = rec { cores = 1; @@ -616,6 +712,8 @@ let ''; }; }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLuhLRmt8M5s2Edwwl9XY0KAAivzmPCEweesH5/KhR4"; }; wu = { cores = 4; @@ -641,6 +739,7 @@ let }; }; secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; xu = { cores = 4; @@ -666,6 +765,7 @@ let }; }; secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw"; }; }; users = addNames { diff --git a/krebs/3modules/build/infest/finalize.sh b/krebs/4lib/infest/finalize.sh index ced5a4d4d..ced5a4d4d 100644 --- a/krebs/3modules/build/infest/finalize.sh +++ b/krebs/4lib/infest/finalize.sh diff --git a/krebs/3modules/build/infest/install-nix.sh b/krebs/4lib/infest/install-nix.sh index 88c8c3e1e..88c8c3e1e 100644 --- a/krebs/3modules/build/infest/install-nix.sh +++ b/krebs/4lib/infest/install-nix.sh diff --git a/krebs/3modules/build/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index 07c00c3a5..07c00c3a5 100644 --- a/krebs/3modules/build/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh diff --git a/krebs/4lib/shell.nix b/krebs/4lib/shell.nix index 2a6da5c16..5910adacc 100644 --- a/krebs/4lib/shell.nix +++ b/krebs/4lib/shell.nix @@ -6,7 +6,7 @@ with lib; rec { escape = let - isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null; + isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null; in stringAsChars (c: if isSafeChar c then c diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index dbffdf850..0aa594fb1 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -1,11 +1,12 @@ { lib, ... }: +with builtins; with lib; with types; types // rec { - host = submodule { + host = submodule ({ config, ... }: { options = { name = mkOption { type = label; @@ -46,8 +47,39 @@ types // rec { TODO define minimum requirements for secure hosts ''; }; + + ssh.pubkey = mkOption { + type = nullOr str; + default = null; + apply = x: + if x != null + then x + else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null; + }; + ssh.privkey = mkOption { + type = nullOr (submodule { + options = { + bits = mkOption { + type = nullOr (enum ["4096"]); + default = null; + }; + path = mkOption { + type = either path str; + apply = x: { + path = toString x; + string = x; + }.${typeOf x}; + }; + type = mkOption { + type = enum ["rsa" "ed25519"]; + default = "ed25519"; + }; + }; + }); + default = null; + }; }; - }; + }); net = submodule ({ config, ... }: { options = { @@ -71,6 +103,18 @@ types // rec { aliases = mkOption { # TODO nonEmptyListOf hostname type = listOf hostname; + default = []; + }; + ssh = mkOption { + type = submodule { + options = { + port = mkOption { + type = nullOr int; + default = null; + }; + }; + }; + default = {}; }; tinc = mkOption { type = let net-config = config; in nullOr (submodule ({ config, ... }: { diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix index e2591db73..20bbfd014 100644 --- a/krebs/5pkgs/get/default.nix +++ b/krebs/5pkgs/get/default.nix @@ -1,12 +1,12 @@ { coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }: stdenv.mkDerivation { - name = "get-1.1.1"; + name = "get-1.3.0"; src = fetchgit { url = http://cgit.cd.retiolum/get; - rev = "e64826a4f5f74cbaa895e538b97d0e523e9709f9"; - sha256 = "4d1aa07bba52f697cf7aa7ad1b02b9ff41598dfea83c578e77b8d81e3e8830d2"; + rev = "fbe8f8d12ede9762fceb15b9944b69a4ee6331eb"; + sha256 = "bcdf036f8b5d1467285d0998aeac7e48280adfb9e1278f9f424c9c8b5e6ed8fa"; }; phases = [ diff --git a/krebs/Zhosts/cloudkrebs b/krebs/Zhosts/cloudkrebs index ed46a36bd..3886371ff 100644 --- a/krebs/Zhosts/cloudkrebs +++ b/krebs/Zhosts/cloudkrebs @@ -1,4 +1,4 @@ -Address = 167.88.34.190 +Address = 104.167.113.104 Subnet = 10.243.206.102 Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f762 diff --git a/krebs/Zhosts/echelon b/krebs/Zhosts/echelon index 9d1c324fd..de4366875 100644 --- a/krebs/Zhosts/echelon +++ b/krebs/Zhosts/echelon @@ -1,12 +1,12 @@ -Address = 168.235.156.81 +Address = 104.233.84.57 Subnet = 10.243.206.103 Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f763 -----BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78 -DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A -IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K -N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t -cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq -UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB +MIIBCgKCAQEAuscWOYdHu0bpWacvwTNd6bcmrAQ0YFxJWHZF8kPZr+bMKIhnXLkJ +oJheENIM6CA9lQQQFUxh2P2pxZavW5rgVlJxIKeiB+MB4v6ZO60LmZgpCsWGD/dX +MipM2tLtQxYhvLJIJxEBWn3rxIgeEnCtZsH1KLWyLczb+QpvTjMJ4TNh1nEBPE/f +4LUH1JHaGhcaHl2dLemR9wnnDIjmSj0ENJp2al+hWnIggcA/Zp0e4b86Oqbbs5wA +n++n5j971cTrBdA89nJDYOEtepisglScVRbgLqJG81lDA+n24RWFynn+U3oD/L8p +do+kxlwZUEDRbPU4AO5L+UeIbimsuIfXiQIDAQAB -----END RSA PUBLIC KEY----- diff --git a/krebs/Zhosts/ire b/krebs/Zhosts/ire index 724158cb0..db4f9808c 100644 --- a/krebs/Zhosts/ire +++ b/krebs/Zhosts/ire @@ -1,4 +1,4 @@ -Address = 198.147.23.143 +Address = 198.147.22.115 Subnet = 10.243.231.66 Subnet = 42:b912:0f42:a82d:0d27:8610:e89b:490c diff --git a/krebs/default.nix b/krebs/default.nix new file mode 100644 index 000000000..0ec4c6079 --- /dev/null +++ b/krebs/default.nix @@ -0,0 +1,263 @@ +{ current-date +, current-host-name +, current-user-name +}@current: rec { + + deploy = + { system ? current-host-name + , target ? system + }@args: let + config = lib.get-config system; + in '' + #! /bin/sh + # ${current-date} ${current-user-name}@${current-host-name} + # krebs.deploy + set -efu + (${lib.populate args}) + ${lib.rootssh target '' + ${lib.install args} + ${config.krebs.build.profile}/bin/switch-to-configuration switch + ''} + echo OK + ''; + + infest = + { system ? current-host-name + , target ? system + }@args: let + in '' + #! /bin/sh + # ${current-date} ${current-user-name}@${current-host-name} + # krebs.infest + set -efu + + # XXX type -p is non-standard + #export RSYNC_RSH; RSYNC_RSH="$(type -p ssh) \ + # -o 'HostName $ {target.host.infest.addr}' \ + # -o 'Port $ {toString target.host.infest.port}' \ + #" + #ssh() { + # eval "$RSYNC_RSH \"\$@\"" + #} + + ${lib.rootssh target '' + ${builtins.readFile ./4lib/infest/prepare.sh} + ${builtins.readFile ./4lib/infest/install-nix.sh} + ''} + + (${lib.populate args}) + + ${lib.rootssh target '' + export PATH; PATH=/root/.nix-profile/bin:$PATH + + src=$(type -p nixos-install) + cat_src() { + sed < "$src" "$( + { sed < "$src" -n ' + /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/= + /^nixpkgs=/= + /^NIX_PATH=/,/^$/{/./=} + + # Disable: Copy the NixOS/Nixpkgs sources to the target as + # the initial contents of the NixOS channel. + /^srcs=/,/^ln -sfn /= + ' + } | sed 's:$:s/^/#krebs#/:' + )" + } + + # Location to insert lib.install + i=$(sed -n '/^echo "building the system configuration/=' "$src") + + { + cat_src | sed -n "1,$i{p}" + cat ${lib.doc (lib.install args)} + cat_src | sed -n "$i,\''${$i!p}" + } > nixos-install + chmod +x nixos-install + + ## Wrap inserted lib.install into chroot. + #nix_env=$(cat_src | sed -n ' + # s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q + #') + #echo nix-env is $nix_env + #sed -i ' + # s:^nix-env:chroot $mountPoint '"$nix_env"': + #' nixos-install + + ./nixos-install + + ${builtins.readFile ./4lib/infest/finalize.sh} + ''} + ''; + + init = + { system ? current-host-name + }@args: let + config = lib.get-config system; + in '' + #! /bin/sh + # ${current-date} ${current-user-name}@${current-host-name} + # krebs.init + set -efu + + system=${lib.shell.escape system} + secrets_dir=${config.krebs.build.source.dir.secrets.path} + key_type=ed25519 + key_file=$secrets_dir/ssh.id_$key_type + key_comment=$system + + if test -e "$key_file"; then + echo "Warning: privkey already exists: $key_file" >&2 + else + ssh-keygen \ + -C "$key_comment" \ + -t "$key_type" \ + -f "$key_file" \ + -N "" + rm "$key_file.pub" + fi + + pubkey=$(ssh-keygen -y -f "$key_file") + + cat<<EOF + # put following into config.krebs.hosts.$system: + ssh.pubkey = $(echo $pubkey | jq -R .); + EOF + ''; + + lib = import ./4lib { lib = import <nixpkgs/lib>; } // rec { + + stockholm = import ../. current; + + get-config = system: + stockholm.${current-user-name}.${system}.config + or (abort "unknown system: ${system}"); + + doc = s: + let b = "EOF${builtins.hashString "sha256" s}"; in + '' + <<\${b} + ${s} + ${b} + ''; + + rootssh = target: script: + "ssh root@${target} -T ${lib.doc '' + set -efu + ${script} + ''}"; + + install = + { system ? current-host-name + , target ? system + }: + let + stockholm = import ../. { + inherit current-date; + inherit current-host-name; + inherit current-user-name; + }; + + config = stockholm.${current-user-name}.${system}.config + or (abort "unknown system: ${system}"); + + nix-path = + lib.concatStringsSep ":" + (lib.mapAttrsToList (name: _: "${name}=/root/${name}") + (config.krebs.build.source.dir // + config.krebs.build.source.git)); + in '' + set -efu + NIX_PATH=${lib.shell.escape nix-path} \ + nix-env \ + --show-trace \ + -f '<stockholm>' \ + -Q \ + --argstr current-date ${lib.shell.escape current-date} \ + --argstr current-host-name ${lib.shell.escape current-host-name} \ + --argstr current-user-name ${lib.shell.escape current-user-name} \ + --profile ${lib.shell.escape config.krebs.build.profile} \ + --set \ + -A ${lib.escapeShellArg (lib.concatStringsSep "." [ + config.krebs.build.user.name + config.krebs.build.host.name + "system" + ])} + ''; + + populate = + { system ? current-host-name + , target ? system + }@args: + let out = '' + #! /bin/sh + # ${current-date} ${current-user-name}@${current-host-name} + set -efu + ${lib.concatStringsSep "\n" + (lib.concatMap + (type: lib.mapAttrsToList (_: methods.${type}) + config.krebs.build.source.${type}) + ["dir" "git"])} + ''; + + stockholm = import ../. { + inherit current-date; + inherit current-host-name; + inherit current-user-name; + }; + + config = stockholm.${current-user-name}.${system}.config + or (abort "unknown system: ${system}"); + + current-host = config.krebs.hosts.${current-host-name}; + current-user = config.krebs.users.${current-user-name}; + + target-host = config.krebs.hosts.${system}; + + methods.dir = config: + let + can-link = config.host.name == target-host.name; + can-push = config.host.name == current-host.name; + push-method = '' + rsync \ + --exclude .git \ + --exclude .graveyard \ + --exclude old \ + --exclude tmp \ + --rsync-path='mkdir -p ${config.target-path} && rsync' \ + --delete-excluded \ + -vrLptgoD \ + ${config.path}/ \ + root@${target}:${config.target-path} + ''; + url = "file://${config.host.name}${config.path}"; + in + #if can-link then link-method else + if can-push then push-method else + throw "cannot source ${url}"; + + methods.git = config: + lib.rootssh target '' + mkdir -p ${config.target-path} + cd ${config.target-path} + if ! test -e .git; then + git init + fi + if ! cur_url=$(git config remote.origin.url 2>/dev/null); then + git remote add origin ${config.url} + elif test "$cur_url" != ${config.url}; then + git remote set-url origin ${config.url} + fi + if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then + git fetch origin + git checkout ${config.rev} -- . + git checkout -q ${config.rev} + git submodule init + git submodule update + fi + git clean -dxf + ''; + in out; + }; +} diff --git a/lass/1systems/cloudkrebs.nix b/lass/1systems/cloudkrebs.nix index 7c95e0f87..5235c25e5 100644 --- a/lass/1systems/cloudkrebs.nix +++ b/lass/1systems/cloudkrebs.nix @@ -25,14 +25,15 @@ krebs.build = { user = config.krebs.users.lass; - target = "root@cloudkrebs"; host = config.krebs.hosts.cloudkrebs; - deps = { - secrets = { - url = "/home/lass/secrets/${config.krebs.build.host.name}"; + source = { + dir.secrets = { + host = config.krebs.hosts.mors; + path = "/home/lass/secrets/${config.krebs.build.host.name}"; }; - stockholm = { - url = toString ../..; + dir.stockholm = { + host = config.krebs.hosts.mors; + path = "/home/lass/dev/stockholm"; }; }; }; diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 92976366f..d1a3f34f7 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -28,14 +28,15 @@ in { krebs.build = { user = config.krebs.users.lass; - target = "root@${ip}"; host = config.krebs.hosts.echelon; - deps = { - secrets = { - url = "/home/lass/secrets/${config.krebs.build.host.name}"; + source = { + dir.secrets = { + host = config.krebs.hosts.mors; + path = "/home/lass/secrets/${config.krebs.build.host.name}"; }; - stockholm = { - url = toString ../..; + dir.stockholm = { + host = config.krebs.hosts.mors; + path = "/home/lass/dev/stockholm"; }; }; }; diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 4724fd3e3..b7291a8f2 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -22,18 +22,20 @@ ../2configs/retiolum.nix ../2configs/wordpress.nix ../2configs/bitlbee.nix + ../2configs/firefoxPatched.nix ]; krebs.build = { user = config.krebs.users.lass; - target = "root@mors"; host = config.krebs.hosts.mors; - deps = { - secrets = { - url = "/home/lass/secrets/${config.krebs.build.host.name}"; + source = { + dir.secrets = { + host = config.krebs.hosts.mors; + path = "/home/lass/secrets/${config.krebs.build.host.name}"; }; - stockholm = { - url = toString ../..; + dir.stockholm = { + host = config.krebs.hosts.mors; + path = "/home/lass/dev/stockholm"; }; }; }; @@ -172,6 +174,7 @@ environment.systemPackages = with pkgs; [ cac + get ]; #TODO: fix this shit diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index bb98975e4..9d96e7814 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -27,12 +27,14 @@ with builtins; user = config.krebs.users.lass; target = "root@uriel"; host = config.krebs.hosts.uriel; - deps = { - secrets = { - url = "/home/lass/secrets/${config.krebs.build.host.name}"; + source = { + dir.secrets = { + host = config.krebs.hosts.mors; + path = "/home/lass/secrets/${config.krebs.build.host.name}"; }; - stockholm = { - url = toString ../..; + dir.stockholm = { + host = config.krebs.hosts.mors; + path = "/home/lass/dev/stockholm"; }; }; }; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 7c4835461..46435649b 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -42,9 +42,11 @@ with lib; enable = true; search-domain = "retiolum"; exim-retiolum.enable = true; - build.deps.nixpkgs = { - url = https://github.com/Lassulus/nixpkgs; - rev = "e74d0e7ff83c16846a81e1173543f180ad565076"; + build.source = { + git.nixpkgs = { + url = https://github.com/Lassulus/nixpkgs; + rev = "68bd8e4a9dc247726ae89cc8739574261718e328"; + }; }; }; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 4fe06b729..f37dace2c 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -62,7 +62,7 @@ in { imports = [ ../3modules/per-user.nix ] ++ [ - ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) + ( createFirefoxUser "ff" [ "audio" ] [ ] ) ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix index 52c29d7e8..8ae768ca9 100644 --- a/lass/2configs/desktop-base.nix +++ b/lass/2configs/desktop-base.nix @@ -61,4 +61,8 @@ in { xkbOptions = "caps:backspace"; }; + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + } diff --git a/lass/2configs/firefoxPatched.nix b/lass/2configs/firefoxPatched.nix new file mode 100644 index 000000000..daf8a28be --- /dev/null +++ b/lass/2configs/firefoxPatched.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +let + lpkgs = import ../5pkgs { inherit pkgs; }; + + inherit (lib) + concatMapStrings + ; + + plugins = with lpkgs.firefoxPlugins; [ + noscript + ublock + vimperator + ]; + + copyXpi = plugin: + "cp ${plugin}/*.xpi $out/usr/lib/firefox-*/browser/extensions/"; + + preferences = pkgs.writeText "autoload.js" '' + pref('general.config.filename', 'firefox.cfg'); + pref('general.config.obscure_value', 0); + ''; + + config = pkgs.writeText "firefox.cfg" '' + // + lockPref("app.update.enabled", false); + lockPref("extensions.update.enabled", false); + lockPref("autoadmin.global_config_url", ""); + lockPref("extensions.checkUpdateSecurity", false); + lockPref("services.sync.enabled", false); + lockPref("browser.shell.checkDefaultBrowser", false); + lockPref("layout.spellcheckDefault", 0); + lockPref("app.update.auto", false); + lockPref("browser.newtabpage.enabled", false); + lockPref("noscript.firstRunRedirection", false); + lockPref("noscript.hoverUI", false); + lockPref("noscript.notify", false); + defaultPref("extensions.newAddons", false); + defaultPref("extensions.autoDisableScopes", 0); + defaultPref("plugin.scan.plid.all", false); + ''; + +in { + environment.systemPackages = [ + (pkgs.lib.overrideDerivation pkgs.firefox-bin (original : { + installPhase = '' + ${original.installPhase} + find $out/usr/lib + ${concatMapStrings copyXpi plugins} + cd $out/usr/lib/firefox-*/ + mkdir -p browser/defaults/preferences + cp ${preferences} browser/defaults/preferences/autoload.js + cp ${config} ./firefox.cfg + ''; + })) + ]; +} + diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix index 41d241bac..e4840383f 100644 --- a/lass/2configs/programs.nix +++ b/lass/2configs/programs.nix @@ -7,7 +7,6 @@ gnupg1compat htop i3lock - mc mosh mpv pass diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 17cd1d822..d7df15027 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -21,6 +21,7 @@ connectTo = [ "fastpoke" "cloudkrebs" + "echelon" "pigstarter" "gum" "flap" diff --git a/lass/2configs/texlive.nix b/lass/2configs/texlive.nix index 18d72297d..fa20ef81f 100644 --- a/lass/2configs/texlive.nix +++ b/lass/2configs/texlive.nix @@ -2,6 +2,11 @@ { environment.systemPackages = with pkgs; [ - texLive + (texLiveAggregationFun { paths = [ + texLive + texLiveExtra + texLiveCMSuper + texLiveModerncv + ];}) ]; } diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix index 646e816fd..64aa45823 100644 --- a/lass/2configs/zsh.nix +++ b/lass/2configs/zsh.nix @@ -57,7 +57,7 @@ #exports export EDITOR='vim' export MANPAGER='most' - export PAGER='vim -' + export PAGER='vim -R -' # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -' #beautiful colors @@ -103,23 +103,21 @@ case $UID in 0) - username='%F{red}root%f' + username='%F{red}root%f ' ;; 1337) username="" ;; *) - username='%F{blue}%n%f' + username='%F{blue}%n%f ' ;; esac if test -n "$SSH_CLIENT"; then PROMPT="$error$username@%F{magenta}%M%f %~ " else - PROMPT="$error$username %~ " + PROMPT="$error$username%~ " fi - - ''; }; users.defaultUserShell = "/run/current-system/sw/bin/zsh"; diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 6df35b905..7427cb620 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -8,4 +8,9 @@ rec { bitlbee-dev = callPackage ./bitlbee-dev.nix {}; bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; }; bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; }; + firefoxPlugins = { + noscript = callPackage ./firefoxPlugins/noscript.nix {}; + ublock = callPackage ./firefoxPlugins/ublock.nix {}; + vimperator = callPackage ./firefoxPlugins/vimperator.nix {}; + }; } diff --git a/lass/5pkgs/firefoxPlugins/noscript.nix b/lass/5pkgs/firefoxPlugins/noscript.nix new file mode 100644 index 000000000..67a00a1b2 --- /dev/null +++ b/lass/5pkgs/firefoxPlugins/noscript.nix @@ -0,0 +1,28 @@ +{ fetchgit, stdenv, bash, zip }: + +stdenv.mkDerivation rec { + name = "noscript"; + id = "{73a6fe31-595d-460b-a920-fcc0f8843232}"; + + src = fetchgit { + url = "https://github.com/avian2/noscript"; + rev = "c900a079793868bb080ab1e23522d29dc121b4c6"; + sha256 = "1y06gh5a622yrsx0h7v92qnvdi97i54ln09zc1lvk8x430z5bdly"; + }; + + buildInputs = [ zip ]; + + patchPhase = '' + substituteInPlace "version.sh" \ + --replace "/bin/bash" "${bash}/bin/bash" + ''; + + buildPhase = '' + ./makexpi.sh + ''; + + installPhase = '' + mkdir -p $out/ + cp *.xpi $out/${id}.xpi + ''; +} diff --git a/lass/5pkgs/firefoxPlugins/result b/lass/5pkgs/firefoxPlugins/result new file mode 120000 index 000000000..aa5334414 --- /dev/null +++ b/lass/5pkgs/firefoxPlugins/result @@ -0,0 +1 @@ +/nix/store/gxr152p1bbgqcd839b0rckdd1h5cr886-vimperator
\ No newline at end of file diff --git a/lass/5pkgs/firefoxPlugins/ublock.nix b/lass/5pkgs/firefoxPlugins/ublock.nix new file mode 100644 index 000000000..29ef250e8 --- /dev/null +++ b/lass/5pkgs/firefoxPlugins/ublock.nix @@ -0,0 +1,31 @@ +{ fetchgit, stdenv, bash, python, zip }: + +stdenv.mkDerivation rec { + name = "ublock"; + id = "{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}"; + + src = fetchgit { + url = "https://github.com/chrisaljoudi/uBlock"; + rev = "a70a50052a7914cbf86d46a725812b98434d8c70"; + sha256 = "1qfzy79f8x01i33x0m95k833z1jgxjwb8wvlr6fj6id1kxfvzh77"; + }; + + buildInputs = [ + zip + python + ]; + + patchPhase = '' + substituteInPlace "tools/make-firefox.sh" \ + --replace "/bin/bash" "${bash}/bin/bash" + ''; + + buildPhase = '' + tools/make-firefox.sh all + ''; + + installPhase = '' + mkdir -p $out/ + cp dist/build/uBlock.firefox.xpi $out/${id}.xpi + ''; +} diff --git a/lass/5pkgs/firefoxPlugins/vimperator.nix b/lass/5pkgs/firefoxPlugins/vimperator.nix new file mode 100644 index 000000000..dabef3d20 --- /dev/null +++ b/lass/5pkgs/firefoxPlugins/vimperator.nix @@ -0,0 +1,19 @@ +{ fetchgit, stdenv, zip }: + +stdenv.mkDerivation rec { + name = "vimperator"; + id = "vimperator@mozdev.org"; + + src = fetchgit { + url = "https://github.com/vimperator/vimperator-labs.git"; + rev = "ba7d8e72516fdc22246748c8183d7bc90f6fb073"; + sha256 = "0drz67qm5hxxzw699rswlpjkg4p2lfipx119pk1nyixrqblcsvq2"; + }; + + buildInputs = [ zip ]; + + installPhase = '' + mkdir -p $out/ + cp downloads/vimperator*.xpi $out/${id}.xpi + ''; +} diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 17394df25..e54aed056 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -11,7 +11,7 @@ with lib; krebs.build.source = { git.nixpkgs = { url = https://github.com/NixOS/nixpkgs; - rev = "bd84ebaa1e0359f41350e053ed24592b169b5714"; + rev = "e916273209560b302ab231606babf5ce1c481f08"; }; dir.secrets = { host = config.krebs.hosts.wu; diff --git a/tv/4lib/git.nix b/tv/4lib/git.nix index 2b25debdc..748b77269 100644 --- a/tv/4lib/git.nix +++ b/tv/4lib/git.nix @@ -114,6 +114,18 @@ let gnused ])} + green() { printf '\x0303,99%s\x0F' "$1"; } + red() { printf '\x0304,99%s\x0F' "$1"; } + orange() { printf '\x0307,99%s\x0F' "$1"; } + pink() { printf '\x0313,99%s\x0F' "$1"; } + gray() { printf '\x0314,99%s\x0F' "$1"; } + + unset message + add_message() { + message="''${message+$message + }$*" + } + nick=${escapeShellArg nick} channel=${escapeShellArg channel} server=${escapeShellArg server} @@ -124,7 +136,6 @@ let empty=0000000000000000000000000000000000000000 - unset message while read oldrev newrev ref; do if [ $oldrev = $empty ]; then @@ -157,14 +168,23 @@ let link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" ;; fast-forward|non-fast-forward) - #git diff --stat $id..$id2 link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" ;; esac #$host $GIT_SSH_REPO $ref $link - message="''${message+$message - }$GIT_SSH_USER $receive_mode $link" + add_message $(pink push) $link $(gray "($receive_mode)") + + add_message "$( + git log \ + --format="$(orange %h) %s $(gray '(%ar)')" \ + --reverse \ + $id2..$id + + git diff --stat $id2..$id \ + | sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/' + )" + done if test -n "''${message-}"; then |