From b3a481e0b9462bdb4ed92bfc27b2cbf723a8ec30 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 1 Feb 2016 17:30:38 +0100 Subject: krebs lib.ne: init --- krebs/4lib/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index dfc51bbe4..4d7e0b549 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -6,6 +6,7 @@ with lib; let out = rec { eq = x: y: x == y; + ne = x: y: x != y; mod = x: y: x - y * (x / y); -- cgit v1.2.3 From 2497533b90ce901a39d6642923738b2a337ad9aa Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 01:53:38 +0100 Subject: krebs/populate.nix -> krebs/v2 populate --- krebs/populate.nix | 116 ------------------------------------------------- krebs/v2/default.nix | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+), 116 deletions(-) delete mode 100644 krebs/populate.nix create mode 100644 krebs/v2/default.nix (limited to 'krebs') diff --git a/krebs/populate.nix b/krebs/populate.nix deleted file mode 100644 index 13270c8a7..000000000 --- a/krebs/populate.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ source -, target-user ? "root" -, target-host -, target-path ? "/var/src" -}: -with import ; -with import ~/stockholm/krebs/4lib { - lib = import ; -}; -with builtins; -let - out = '' - #! /bin/sh - set -efu - - echo ${shell.escape git-script} \ - | ssh ${shell.escape "${target-user}@${target-host}"} -T - - tmpdir=$(mktemp -dt stockholm.XXXXXXXX) - trap ' - set +f - rm "$tmpdir"/* - rmdir "$tmpdir" - trap - EXIT INT QUIT - ' EXIT INT QUIT - chmod 0755 "$tmpdir" - ${concatStringsSep "\n" - (mapAttrsToList - (name: spec: let dst = removePrefix "symlink:" (get-url spec); in - "ln -s ${shell.escape dst} $tmpdir/${shell.escape name}") - symlink-specs)} - - proot \ - -b $tmpdir:${shell.escape target-path} \ - ${concatStringsSep " \\\n " - (mapAttrsToList - (name: spec: - "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}") - file-specs)} \ - rsync \ - -f ${shell.escape "P /*"} \ - ${concatMapStringsSep " \\\n " - (name: "-f ${shell.escape "R /${name}"}") - (attrNames file-specs)} \ - --delete \ - -vFrlptD \ - ${shell.escape target-path}/ \ - ${shell.escape "${target-user}@${target-host}:${target-path}"} - ''; - - get-schema = uri: - if substring 0 1 uri == "/" - then "file" - else head (splitString ":" uri); - - has-schema = schema: uri: get-schema uri == schema; - - get-url = spec: { - string = spec; - path = toString spec; - set = get-url spec.url; - }.${typeOf spec}; - - git-specs = - filterAttrs (_: spec: has-schema "https" (get-url spec)) source // - filterAttrs (_: spec: has-schema "http" (get-url spec)) source // - filterAttrs (_: spec: has-schema "git" (get-url spec)) source; - - file-specs = - filterAttrs (_: spec: has-schema "file" (get-url spec)) source; - - symlink-specs = - filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source; - - git-script = '' - fetch_git() {( - dst_dir=$1 - src_url=$2 - src_ref=$3 - - if ! test -e "$dst_dir"; then - git clone "$src_url" "$dst_dir" - fi - - cd "$dst_dir" - - if ! url=$(git config remote.origin.url); then - git remote add origin "$src_url" - elif test "$url" != "$src_url"; then - git remote set-url origin "$src_url" - fi - - # TODO resolve src_ref to commit hash - hash=$src_ref - - if ! test "$(git log --format=%H -1)" = "$hash"; then - git fetch origin - git checkout "$hash" -- "$dst_dir" - git checkout "$hash" - fi - - git clean -dxf - )} - - ${concatStringsSep "\n" - (mapAttrsToList - (name: spec: toString (map shell.escape [ - "fetch_git" - "${target-path}/${name}" - spec.url - spec.rev - ])) - git-specs)} - ''; - -in out diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix new file mode 100644 index 000000000..7eb60103f --- /dev/null +++ b/krebs/v2/default.nix @@ -0,0 +1,120 @@ +{ source +, target-user ? "root" +, target-host +, target-path ? "/var/src" +}: +with import ; +with import ~/stockholm/krebs/4lib { + lib = import ; +}; +with builtins; +let + out = { + inherit populate; + }; + + populate = '' + #! /bin/sh + set -efu + + echo ${shell.escape git-script} \ + | ssh ${shell.escape "${target-user}@${target-host}"} -T + + tmpdir=$(mktemp -dt stockholm.XXXXXXXX) + trap ' + set +f + rm "$tmpdir"/* + rmdir "$tmpdir" + trap - EXIT INT QUIT + ' EXIT INT QUIT + chmod 0755 "$tmpdir" + ${concatStringsSep "\n" + (mapAttrsToList + (name: spec: let dst = removePrefix "symlink:" (get-url spec); in + "ln -s ${shell.escape dst} $tmpdir/${shell.escape name}") + symlink-specs)} + + proot \ + -b $tmpdir:${shell.escape target-path} \ + ${concatStringsSep " \\\n " + (mapAttrsToList + (name: spec: + "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}") + file-specs)} \ + rsync \ + -f ${shell.escape "P /*"} \ + ${concatMapStringsSep " \\\n " + (name: "-f ${shell.escape "R /${name}"}") + (attrNames file-specs)} \ + --delete \ + -vFrlptD \ + ${shell.escape target-path}/ \ + ${shell.escape "${target-user}@${target-host}:${target-path}"} + ''; + + get-schema = uri: + if substring 0 1 uri == "/" + then "file" + else head (splitString ":" uri); + + has-schema = schema: uri: get-schema uri == schema; + + get-url = spec: { + string = spec; + path = toString spec; + set = get-url spec.url; + }.${typeOf spec}; + + git-specs = + filterAttrs (_: spec: has-schema "https" (get-url spec)) source // + filterAttrs (_: spec: has-schema "http" (get-url spec)) source // + filterAttrs (_: spec: has-schema "git" (get-url spec)) source; + + file-specs = + filterAttrs (_: spec: has-schema "file" (get-url spec)) source; + + symlink-specs = + filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source; + + git-script = '' + fetch_git() {( + dst_dir=$1 + src_url=$2 + src_ref=$3 + + if ! test -e "$dst_dir"; then + git clone "$src_url" "$dst_dir" + fi + + cd "$dst_dir" + + if ! url=$(git config remote.origin.url); then + git remote add origin "$src_url" + elif test "$url" != "$src_url"; then + git remote set-url origin "$src_url" + fi + + # TODO resolve src_ref to commit hash + hash=$src_ref + + if ! test "$(git log --format=%H -1)" = "$hash"; then + git fetch origin + git checkout "$hash" -- "$dst_dir" + git checkout "$hash" + fi + + git clean -dxf + )} + + ${concatStringsSep "\n" + (mapAttrsToList + (name: spec: toString (map shell.escape [ + "fetch_git" + "${target-path}/${name}" + spec.url + spec.rev + ])) + git-specs)} + ''; + +in out -- cgit v1.2.3 From 8e219cd0a2446e8f141e0f2403413a9bd3f0b061 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 03:20:29 +0100 Subject: Makefile,krebs/v2: verbosity++ --- krebs/v2/default.nix | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix index 7eb60103f..78e990d1c 100644 --- a/krebs/v2/default.nix +++ b/krebs/v2/default.nix @@ -15,26 +15,34 @@ let populate = '' #! /bin/sh - set -efu + set -eu + + verbose() { + printf '+' >&2 + printf ' %q' "$@" >&2 + printf '\n' + "$@" + } echo ${shell.escape git-script} \ | ssh ${shell.escape "${target-user}@${target-host}"} -T - tmpdir=$(mktemp -dt stockholm.XXXXXXXX) + unset tmpdir trap ' - set +f rm "$tmpdir"/* rmdir "$tmpdir" trap - EXIT INT QUIT ' EXIT INT QUIT + tmpdir=$(mktemp -dt stockholm.XXXXXXXX) chmod 0755 "$tmpdir" + ${concatStringsSep "\n" (mapAttrsToList (name: spec: let dst = removePrefix "symlink:" (get-url spec); in - "ln -s ${shell.escape dst} $tmpdir/${shell.escape name}") + "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}") symlink-specs)} - proot \ + verbose proot \ -b $tmpdir:${shell.escape target-path} \ ${concatStringsSep " \\\n " (mapAttrsToList @@ -77,6 +85,15 @@ let filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source; git-script = '' + #! /bin/sh + set -efu + + verbose() { + printf '+' >&2 + printf ' %q' "$@" >&2 + printf '\n' + } + fetch_git() {( dst_dir=$1 src_url=$2 @@ -109,6 +126,7 @@ let ${concatStringsSep "\n" (mapAttrsToList (name: spec: toString (map shell.escape [ + "verbose" "fetch_git" "${target-path}/${name}" spec.url -- cgit v1.2.3 From 1b67c62f15e1c92aa1ccdf392fcdfe85488e3f48 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 03:29:42 +0100 Subject: make populate: define and pass lib to krebs/v2 --- krebs/v2/default.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix index 78e990d1c..ac1c13e72 100644 --- a/krebs/v2/default.nix +++ b/krebs/v2/default.nix @@ -1,13 +1,10 @@ -{ source +{ lib +, source , target-user ? "root" , target-host , target-path ? "/var/src" }: -with import ; -with import ~/stockholm/krebs/4lib { - lib = import ; -}; -with builtins; +with lib; let out = { inherit populate; -- cgit v1.2.3 From 74120066f0387339bc4b3c02b30ed303a90de5da Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 03:57:32 +0100 Subject: krebs/v2: simplify verbose --- krebs/v2/default.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix index ac1c13e72..cba7a75ff 100644 --- a/krebs/v2/default.nix +++ b/krebs/v2/default.nix @@ -15,9 +15,7 @@ let set -eu verbose() { - printf '+' >&2 - printf ' %q' "$@" >&2 - printf '\n' + printf '+%s\n' "$(printf ' %q' "$@")" >&2 "$@" } @@ -86,9 +84,8 @@ let set -efu verbose() { - printf '+' >&2 - printf ' %q' "$@" >&2 - printf '\n' + printf '+%s\n' "$(printf ' %q' "$@")" >&2 + "$@" } fetch_git() {( -- cgit v1.2.3 From 11371608c1c6b5fc661d1c0a1f825226dfd9f599 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 2 Feb 2016 15:29:40 +0100 Subject: with-tmpdir: init at 1 --- krebs/5pkgs/with-tmpdir/default.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 krebs/5pkgs/with-tmpdir/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/with-tmpdir/default.nix b/krebs/5pkgs/with-tmpdir/default.nix new file mode 100644 index 000000000..517e46310 --- /dev/null +++ b/krebs/5pkgs/with-tmpdir/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchgit, coreutils, dash, ... }: + +stdenv.mkDerivation { + name = "with-tmpdir-1"; + + src = fetchgit { + url = http://cgit.cd.krebsco.de/with-tmpdir; + rev = "3243c02ed8cd27a04c080bd39560204980f6c16a"; + sha256 = "80ee6cafb2c337999ddcd1e41747d6256b7cfcea605358c2046eb7e3729555c6"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = '' + mkdir -p $out/bin + + { echo '#! ${dash}/bin/dash' + echo 'OLDPATH=$PATH' + echo 'PATH=${coreutils}/bin' + sed '$s/^/#/' ./with-tmpdir + echo '(PATH=$OLDPATH; exec "$@")' + } > $out/bin/with-tmpdir + + chmod +x $out/bin/with-tmpdir + ''; +} -- cgit v1.2.3 From 68655d1ddf078eb1bb3a48ba7e6e9376d913985e Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 3 Feb 2016 11:32:58 +0100 Subject: krebs.git: remove trailing spaces --- krebs/3modules/git.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index e6267d7e6..0fa6b240b 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -27,7 +27,7 @@ let description = '' Enable cgit. Cgit is an attempt to create a fast web interface for the git version - control system, using a built in cache to decrease pressure on the + control system, using a built in cache to decrease pressure on the git server. cgit in this module is being served via fastcgi nginx.This module deploys a http://cgit. nginx configuration and enables nginx @@ -127,7 +127,7 @@ let git-imp = { system.activationScripts.git-init = "${init-script}"; - + # TODO maybe put all scripts here and then use PATH? environment.etc."${etc-base}".source = scriptFarm "git-ssh-authorizers" { @@ -136,7 +136,7 @@ let (map getName (ensureList repo)) (map getName perm.allow-commands) ]) cfg.rules); - + authorize-push = makeAuthorizeScript (map ({ repo, user, perm }: [ (map getName (ensureList user)) (map getName (ensureList repo)) @@ -144,7 +144,7 @@ let (map getName perm.allow-receive-modes) ]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules)); }; - + users.extraUsers = singleton rec { description = "Git repository hosting user"; name = "git"; -- cgit v1.2.3 From cdb590be5072712c9552a98f8979aa94288dcbc8 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 3 Feb 2016 13:36:54 +0100 Subject: krebs.git.rules: specify type --- krebs/3modules/git.nix | 193 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 140 insertions(+), 53 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 0fa6b240b..7b28ffca8 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -44,48 +44,8 @@ let default = "/etc/git"; }; repos = mkOption { - type = types.attrsOf (types.submodule ({ - options = { - desc = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Repository description. - ''; - }; - section = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Repository section. - ''; - }; - name = mkOption { - type = types.str; - description = '' - Repository name. - ''; - }; - hooks = mkOption { - type = types.attrsOf types.str; - default = {}; - description = '' - Repository-specific hooks. - ''; - }; - public = mkOption { - type = types.bool; - default = false; - description = '' - Allow everybody to read the repository via HTTP if cgit enabled. - ''; - # TODO allow every configured user to fetch the repository via SSH. - }; - }; - })); - + type = types.attrsOf subtypes.repo; default = {}; - example = literalExample '' { testing = { @@ -99,7 +59,6 @@ let testing2 = { name = "testing2"; }; } ''; - description = '' Repositories. ''; @@ -121,28 +80,156 @@ let ''; }; rules = mkOption { - type = types.unspecified; + type = types.listOf subtypes.rule; + default = []; + example = literalExample '' + singleton { + user = [ config.krebs.users.tv ]; + repo = [ testing ]; # see literal example of repos + perm = push "refs/*" (with lib.git; [ + non-fast-forward create delete merge + ]); + } + ''; + description = '' + Rules. + ''; }; }; + # TODO put into krebs/4lib/types.nix? + subtypes = { + repo = types.submodule ({ + options = { + collaborators = mkOption { + type = types.listOf types.user; + default = []; + description = '' + List of users that should be able to fetch from this repo. + + This option is currently not used by krebs.git but instead can be + used to create rules. See e.g. for + an example. + ''; + }; + desc = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Repository description. + ''; + }; + section = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Repository section. + ''; + }; + name = mkOption { + type = types.str; + description = '' + Repository name. + ''; + }; + hooks = mkOption { + type = types.attrsOf types.str; + default = {}; + description = '' + Repository-specific hooks. + ''; + }; + public = mkOption { + type = types.bool; + default = false; + description = '' + Allow everybody to read the repository via HTTP if cgit enabled. + ''; + # TODO allow every configured user to fetch the repository via SSH. + }; + }; + }); + rule = types.submodule ({ config, ... }: { + options = { + user = mkOption { + type = types.listOf types.user; + description = '' + List of users this rule should apply to. + Checked by authorize-command. + ''; + }; + repo = mkOption { + type = types.listOf subtypes.repo; + description = '' + List of repos this rule should apply to. + Checked by authorize-command. + ''; + }; + perm = mkOption { + type = types.submodule { + # TODO generate enum argument from krebs/4lib/git.nix + options = { + allow-commands = mkOption { + type = types.listOf (types.enum (with git; [ + git-receive-pack + git-upload-pack + ])); + default = []; + description = '' + List of commands the rule's users are allowed to execute. + Checked by authorize-command. + ''; + }; + allow-receive-ref = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Ref that can receive objects. + Checked by authorize-push. + ''; + }; + allow-receive-modes = mkOption { + type = types.listOf (types.enum (with git; [ + fast-forward + non-fast-forward + create + delete + merge + ])); + default = []; + description = '' + List of allowed receive modes. + Checked by pre-receive hook. + ''; + }; + }; + }; + description = '' + Permissions granted. + ''; + }; + }; + }); + }; + git-imp = { system.activationScripts.git-init = "${init-script}"; # TODO maybe put all scripts here and then use PATH? environment.etc."${etc-base}".source = scriptFarm "git-ssh-authorizers" { - authorize-command = makeAuthorizeScript (map ({ repo, user, perm }: [ - (map getName (ensureList user)) - (map getName (ensureList repo)) - (map getName perm.allow-commands) + authorize-command = makeAuthorizeScript (map (rule: [ + (map getName (ensureList rule.user)) + (map getName (ensureList rule.repo)) + (map getName rule.perm.allow-commands) ]) cfg.rules); - authorize-push = makeAuthorizeScript (map ({ repo, user, perm }: [ - (map getName (ensureList user)) - (map getName (ensureList repo)) - (ensureList perm.allow-receive-ref) - (map getName perm.allow-receive-modes) - ]) (filter (x: hasAttr "allow-receive-ref" x.perm) cfg.rules)); + authorize-push = makeAuthorizeScript (map (rule: [ + (map getName (ensureList rule.user)) + (map getName (ensureList rule.repo)) + (ensureList rule.perm.allow-receive-ref) + (map getName rule.perm.allow-receive-modes) + ]) (filter (rule: rule.perm.allow-receive-ref != null) cfg.rules)); }; users.extraUsers = singleton rec { -- cgit v1.2.3 From 5bc7523bb54e960f5ac00492b16519b1bce21007 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 3 Feb 2016 19:39:00 +0100 Subject: cac-1.0.3 -> cac-api-1.1.0 --- krebs/5pkgs/cac-api/default.nix | 37 +++++++++++++++++++++++ krebs/5pkgs/cac/default.nix | 39 ------------------------- krebs/5pkgs/test/infest-cac-centos7/default.nix | 4 +-- krebs/5pkgs/test/infest-cac-centos7/notes | 32 ++++++++++---------- 4 files changed, 55 insertions(+), 57 deletions(-) create mode 100644 krebs/5pkgs/cac-api/default.nix delete mode 100644 krebs/5pkgs/cac/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix new file mode 100644 index 000000000..2a32bb096 --- /dev/null +++ b/krebs/5pkgs/cac-api/default.nix @@ -0,0 +1,37 @@ +{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }: + +stdenv.mkDerivation { + name = "cac-api-1.1.0"; + + src = fetchgit { + url = http://cgit.cd.krebsco.de/cac-api; + rev = "0809fae379239687ed1170e04311dc2880ef0aba"; + sha256 = "357ced27c9ed88028967c934178a1d230bf38617a7494cd4632fabdd2a04fcdd"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = + let + path = stdenv.lib.makeSearchPath "bin" [ + bc + coreutils + curl + gnused + inotifyTools + jq + ncurses + sshpass + ]; + in + '' + mkdir -p $out/bin + cp cac-api $out/bin/cac-api + sed -i ' + s;^_cac_cli_main .*;PATH=${path}''${PATH+:$PATH} &; + ' $out/bin/cac-api + ''; +} diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix deleted file mode 100644 index 4d39ce2fb..000000000 --- a/krebs/5pkgs/cac/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }: - -stdenv.mkDerivation { - name = "cac-1.0.3"; - - src = fetchgit { - url = http://cgit.cd.retiolum/cac; - rev = "22acc1b990ac7d97c16344fbcbc2621e24cdf915"; - sha256 = "135b740617c983b3f46a1983d4744be17340d5146a0a0de0dff4bb7a53688f2f"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - installPhase = - let - path = stdenv.lib.makeSearchPath "bin" [ - bc - coreutils - curl - gnused - inotifyTools - jq - ncurses - sshpass - ]; - in - '' - mkdir -p $out/bin - - sed < ./cac > $out/bin/cac ' - s;^_cac_main .*;PATH=${path}''${PATH+:$PATH} &; - ' - - chmod +x $out/bin/cac - ''; -} diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index 7f2e3f231..ebea5ae1c 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -1,4 +1,4 @@ -{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }: +{ stdenv, coreutils,makeWrapper, cac-api, cacpanel, gnumake, gnused, jq, openssh, ... }: stdenv.mkDerivation rec { name = "${shortname}-${version}"; @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { path = stdenv.lib.makeSearchPath "bin" [ coreutils - cac + cac-api cacpanel gnumake gnused diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes index 6bfb6906e..7b9cbb46f 100755 --- a/krebs/5pkgs/test/infest-cac-centos7/notes +++ b/krebs/5pkgs/test/infest-cac-centos7/notes @@ -1,6 +1,6 @@ #! /bin/sh -# nix-shell -p gnumake jq openssh cac cacpanel +# nix-shell -p gnumake jq openssh cac-api cacpanel set -eufx # 2 secrets are required: @@ -47,15 +47,15 @@ export cac_secrets=$sec_file cac-cli --config $krebs_cred panel add-api-ip # test login: -cac update -cac servers +cac-api update +cac-api servers # preserve old trap old_trapstr=$(clear_defer) while true;do # Template 26: CentOS7 - # TODO: use cac templates to determine the real Centos7 template in case it changes - out=$(cac build cpu=1 ram=512 storage=10 os=26 2>&1) + # TODO: use cac-api templates to determine the real Centos7 template in case it changes + out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1) if name=$(echo "$out" | jq -r .servername);then id=servername:$name echo "got a working machine, id=$id" @@ -67,15 +67,15 @@ while true;do fi clear_defer >/dev/null - defer "cac delete $id" + defer "cac-api delete $id" # TODO: timeout? wait_login_cac(){ # we wait for 30 minutes for t in `seq 180`;do - # now we have a working cac server - if cac ssh $1 -o ConnectTimeout=10 \ + # now we have a working cac-api server + if cac-api ssh $1 -o ConnectTimeout=10 \ cat /etc/redhat-release | \ grep CentOS ;then return 0 @@ -87,7 +87,7 @@ while true;do # die on timeout if ! wait_login_cac $id;then echo "unable to boot a working system within time frame, retrying..." >&2 - echo "Cleaning up old image,last status: $(cac update;cac getserver $id | jq -r .status)" + echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)" eval "$(clear_defer | sed 's/;exit//')" sleep 15 else @@ -96,17 +96,17 @@ while true;do fi done clear_defer >/dev/null -defer "cac delete $id;$old_trapstr" +defer "cac-api delete $id;$old_trapstr" mkdir -p shared/2configs/temp -cac generatenetworking $id > \ +cac-api generatenetworking $id > \ shared/2configs/temp/networking.nix # new temporary ssh key we will use to log in after infest ssh-keygen -f $krebs_ssh -N "" cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv # we override the directories for secrets and stockholm # additionally we set the ssh key we generated -ip=$(cac getserver $id | jq -r .ip) +ip=$(cac-api getserver $id | jq -r .ip) cat > shared/2configs/temp/dirs.nix < $krebs_secrets/infest sh -x $krebs_secrets/infest # TODO: generate secrets directory $krebs_secrets for nix import -cac powerop $id reset +cac-api powerop $id reset wait_login(){ # timeout for t in `seq 90`;do - # now we have a working cac server + # now we have a working cac-api server if ssh -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ -i $krebs_ssh \ -- cgit v1.2.3 From a350db5ce9e3fcf27678a2b9bb6685358b63742a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 3 Feb 2016 21:17:46 +0100 Subject: cacpanel 0.2.3 -> cac-panel 0.4.4 --- krebs/5pkgs/cac-panel/default.nix | 18 ++++++++++++++++++ krebs/5pkgs/cacpanel/default.nix | 18 ------------------ 2 files changed, 18 insertions(+), 18 deletions(-) create mode 100644 krebs/5pkgs/cac-panel/default.nix delete mode 100644 krebs/5pkgs/cacpanel/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/cac-panel/default.nix b/krebs/5pkgs/cac-panel/default.nix new file mode 100644 index 000000000..fd4799535 --- /dev/null +++ b/krebs/5pkgs/cac-panel/default.nix @@ -0,0 +1,18 @@ +{pkgs, python3Packages, ...}: + +python3Packages.buildPythonPackage rec { + name = "cac-panel-${version}"; + version = "0.4.4"; + + src = pkgs.fetchurl { + url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz"; + sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8"; + }; + + propagatedBuildInputs = with python3Packages; [ + docopt + requests2 + beautifulsoup4 + ]; +} + diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix deleted file mode 100644 index 3df4dffed..000000000 --- a/krebs/5pkgs/cacpanel/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, python3Packages, ...}: - -python3Packages.buildPythonPackage rec { - name = "cacpanel-${version}"; - version = "0.2.3"; - - src = pkgs.fetchurl { - url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz"; - sha256 = "1fib7416qqv8yzrj75kxra7ccpz9abqh58b6gkaavws2fa6m3mm8"; - }; - - propagatedBuildInputs = with python3Packages; [ - docopt - requests2 - beautifulsoup4 - ]; -} - -- cgit v1.2.3 From fdc4fa5c98aaabfb31be7e7f219ca2b134172cf9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 3 Feb 2016 21:17:46 +0100 Subject: cacpanel 0.2.3 -> cac-panel 0.4.4 --- krebs/5pkgs/cac-panel/default.nix | 18 ++++++++++++++++++ krebs/5pkgs/cacpanel/default.nix | 18 ------------------ 2 files changed, 18 insertions(+), 18 deletions(-) create mode 100644 krebs/5pkgs/cac-panel/default.nix delete mode 100644 krebs/5pkgs/cacpanel/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/cac-panel/default.nix b/krebs/5pkgs/cac-panel/default.nix new file mode 100644 index 000000000..fd4799535 --- /dev/null +++ b/krebs/5pkgs/cac-panel/default.nix @@ -0,0 +1,18 @@ +{pkgs, python3Packages, ...}: + +python3Packages.buildPythonPackage rec { + name = "cac-panel-${version}"; + version = "0.4.4"; + + src = pkgs.fetchurl { + url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz"; + sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8"; + }; + + propagatedBuildInputs = with python3Packages; [ + docopt + requests2 + beautifulsoup4 + ]; +} + diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix deleted file mode 100644 index 3df4dffed..000000000 --- a/krebs/5pkgs/cacpanel/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, python3Packages, ...}: - -python3Packages.buildPythonPackage rec { - name = "cacpanel-${version}"; - version = "0.2.3"; - - src = pkgs.fetchurl { - url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz"; - sha256 = "1fib7416qqv8yzrj75kxra7ccpz9abqh58b6gkaavws2fa6m3mm8"; - }; - - propagatedBuildInputs = with python3Packages; [ - docopt - requests2 - beautifulsoup4 - ]; -} - -- cgit v1.2.3 From 48381bd8dd9607d54a936c644964ab5bac90e4a9 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 01:20:03 +0100 Subject: cac-api: don't GET broken listtasks + use complete cert --- krebs/5pkgs/cac-api/cac.pem | 88 +++++++++++++++++++++++++++++++++++++++++ krebs/5pkgs/cac-api/default.nix | 47 ++++++++++++---------- 2 files changed, 114 insertions(+), 21 deletions(-) create mode 100644 krebs/5pkgs/cac-api/cac.pem (limited to 'krebs') diff --git a/krebs/5pkgs/cac-api/cac.pem b/krebs/5pkgs/cac-api/cac.pem new file mode 100644 index 000000000..9d02b6bcf --- /dev/null +++ b/krebs/5pkgs/cac-api/cac.pem @@ -0,0 +1,88 @@ +-----BEGIN CERTIFICATE----- +MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk +YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x +ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM +IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB +Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida +LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q +YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P +6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G +A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg +lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov +L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov +L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB +LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv +bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB +hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C +D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt +HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8 +LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA +DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7 +dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1 +1VE7rIcEbw== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp +b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh +oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM +IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg +llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh +7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c +RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx +PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC +AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD +VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv +bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB +AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy +dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN +AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx +3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI +tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo +ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js +9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa +kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm +GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc +QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje +3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx +AeKCINT+b72x +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn +dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ +FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ +5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG +x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX +2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL +OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 +sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C +GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 +WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt +rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ +nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg +tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW +sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp +pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA +zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq +ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 +7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I +LaZRfyHBNVOFBkpdn627G190 +-----END CERTIFICATE----- diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix index 2a32bb096..331b0853f 100644 --- a/krebs/5pkgs/cac-api/default.nix +++ b/krebs/5pkgs/cac-api/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }: +{ stdenv, fetchgit, bc, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }: stdenv.mkDerivation { name = "cac-api-1.1.0"; @@ -14,24 +14,29 @@ stdenv.mkDerivation { "installPhase" ]; - installPhase = - let - path = stdenv.lib.makeSearchPath "bin" [ - bc - coreutils - curl - gnused - inotifyTools - jq - ncurses - sshpass - ]; - in - '' - mkdir -p $out/bin - cp cac-api $out/bin/cac-api - sed -i ' - s;^_cac_cli_main .*;PATH=${path}''${PATH+:$PATH} &; - ' $out/bin/cac-api - ''; + installPhase = '' + mkdir -p $out/bin + { cat <<\EOF + #! ${dash}/bin/dash + export PATH=${stdenv.lib.makeSearchPath "bin" [ + bc + coreutils + curl + gnused + inotifyTools + jq + ncurses + openssh + sshpass + ]} + EOF + # [1]: Disable fetching tasks; listtasks is currently broken: + # Unknown column 'iod.apitask.cid' in 'field list' + sed ' + /^\s*tasks \\$/d; # [1] + s|\<_cac_exec curl|<${./cac.pem} & --cacert /dev/stdin| + ' cac-api + } > $out/bin/cac-api + chmod +x $out/bin/cac-api + ''; } -- cgit v1.2.3 From bbfef6bd25b4647d9587f891f9b7cb358fabfc87 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 01:32:38 +0100 Subject: Reaktor: use upstream lentil --- krebs/5pkgs/Reaktor/plugins.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix index 7490be4ca..0f61688e3 100644 --- a/krebs/5pkgs/Reaktor/plugins.nix +++ b/krebs/5pkgs/Reaktor/plugins.nix @@ -82,7 +82,7 @@ rec { }; stockholm-issue = buildSimpleReaktorPlugin "stockholm-issue" { script = ./scripts/random-issue.sh; - path = with pkgs; [ git gnused lentil ]; + path = with pkgs; [ git gnused haskellPackages.lentil ]; env = { "origin" = "http://cgit.gum/stockholm"; }; }; -- cgit v1.2.3 From f095b0267a94e7b8b5ff9acbf54ce11df4a40d8f Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 01:59:40 +0100 Subject: test: cacpanel -> cac-panel --- krebs/5pkgs/test/infest-cac-centos7/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index f7b2a5a08..7adb09ca9 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -1,4 +1,4 @@ -{ stdenv, coreutils,makeWrapper, cac-api, cacpanel, gnumake, gnused, jq, openssh, ... }: +{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }: stdenv.mkDerivation rec { name = "${shortname}-${version}"; @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { path = stdenv.lib.makeSearchPath "bin" [ coreutils cac-api - cacpanel + cac-panel gnumake gnused jq -- cgit v1.2.3 From 1745d3efa0be1687d482077c75942cf9d6a5ecc2 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 01:55:59 +0100 Subject: cac-cert: init --- krebs/5pkgs/cac-api/cac.pem | 88 ---------------------- krebs/5pkgs/cac-api/default.nix | 4 +- krebs/5pkgs/cac-cert/cac.pem | 88 ++++++++++++++++++++++ krebs/5pkgs/test/infest-cac-centos7/default.nix | 22 +++--- .../infest-cac-centos7/panel.cloudatcost.com.crt | 88 ---------------------- 5 files changed, 101 insertions(+), 189 deletions(-) delete mode 100644 krebs/5pkgs/cac-api/cac.pem create mode 100644 krebs/5pkgs/cac-cert/cac.pem delete mode 100644 krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt (limited to 'krebs') diff --git a/krebs/5pkgs/cac-api/cac.pem b/krebs/5pkgs/cac-api/cac.pem deleted file mode 100644 index 9d02b6bcf..000000000 --- a/krebs/5pkgs/cac-api/cac.pem +++ /dev/null @@ -1,88 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk -YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x -ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM -IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB -Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida -LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q -YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P -6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G -A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg -lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov -L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov -L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB -LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv -bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB -hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C -D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt -HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8 -LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA -DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7 -dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1 -1VE7rIcEbw== ------END CERTIFICATE----- - ------BEGIN CERTIFICATE----- -MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp -b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh -oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM -IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg -llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh -7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c -RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx -PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC -AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD -VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv -bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB -AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy -dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN -AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx -3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI -tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo -ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js -9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa -kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm -GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc -QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje -3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx -AeKCINT+b72x ------END CERTIFICATE----- - ------BEGIN CERTIFICATE----- -MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn -dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ -FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ -5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG -x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX -2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL -OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 -sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C -GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 -WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E -FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt -rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ -nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg -tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW -sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp -pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA -zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq -ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 -7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I -LaZRfyHBNVOFBkpdn627G190 ------END CERTIFICATE----- diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix index 331b0853f..9ab6ac8b2 100644 --- a/krebs/5pkgs/cac-api/default.nix +++ b/krebs/5pkgs/cac-api/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, bc, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }: +{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }: stdenv.mkDerivation { name = "cac-api-1.1.0"; @@ -34,7 +34,7 @@ stdenv.mkDerivation { # Unknown column 'iod.apitask.cid' in 'field list' sed ' /^\s*tasks \\$/d; # [1] - s|\<_cac_exec curl|<${./cac.pem} & --cacert /dev/stdin| + s|\<_cac_exec curl|<${cac-cert} & --cacert /dev/stdin| ' cac-api } > $out/bin/cac-api chmod +x $out/bin/cac-api diff --git a/krebs/5pkgs/cac-cert/cac.pem b/krebs/5pkgs/cac-cert/cac.pem new file mode 100644 index 000000000..9d02b6bcf --- /dev/null +++ b/krebs/5pkgs/cac-cert/cac.pem @@ -0,0 +1,88 @@ +-----BEGIN CERTIFICATE----- +MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk +YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x +ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM +IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB +Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida +LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q +YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P +6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G +A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg +lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov +L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov +L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB +LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv +bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB +hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C +D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt +HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8 +LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA +DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7 +dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1 +1VE7rIcEbw== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp +b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh +oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM +IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg +llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh +7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c +RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx +PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC +AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD +VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv +bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB +AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy +dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN +AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx +3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI +tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo +ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js +9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa +kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm +GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc +QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje +3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx +AeKCINT+b72x +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn +dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ +FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ +5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG +x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX +2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL +OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 +sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C +GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 +WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt +rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ +nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg +tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW +sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp +pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA +zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq +ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 +7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I +LaZRfyHBNVOFBkpdn627G190 +-----END CERTIFICATE----- diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index 7adb09ca9..3be4b1c41 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -1,4 +1,4 @@ -{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }: +{ stdenv, coreutils,makeWrapper, cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, ... }: stdenv.mkDerivation rec { name = "${shortname}-${version}"; @@ -10,6 +10,7 @@ stdenv.mkDerivation rec { phases = [ "installPhase" ]; + buildInputs = [ makeWrapper ]; path = stdenv.lib.makeSearchPath "bin" [ @@ -22,16 +23,15 @@ stdenv.mkDerivation rec { openssh ]; - installPhase = - '' - mkdir -p $out/bin - cp ${src} $out/bin/${shortname} - chmod +x $out/bin/${shortname} - wrapProgram $out/bin/${shortname} \ - --prefix PATH : ${path} \ - --set SSL_CERT_FILE ${./panel.cloudatcost.com.crt} \ - --set REQUESTS_CA_BUNDLE ${./panel.cloudatcost.com.crt} - ''; + installPhase = '' + mkdir -p $out/bin + cp ${src} $out/bin/${shortname} + chmod +x $out/bin/${shortname} + wrapProgram $out/bin/${shortname} \ + --prefix PATH : ${path} \ + --set REQUESTS_CA_BUNDLE ${cac-cert} \ + --set SSL_CERT_FILE ${cac-cert} + ''; meta = with stdenv.lib; { homepage = http://krebsco.de; description = "Krebs CI Scripts"; diff --git a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt b/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt deleted file mode 100644 index 9d02b6bcf..000000000 --- a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt +++ /dev/null @@ -1,88 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk -YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x -ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM -IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB -Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida -LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q -YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P -6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G -A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg -lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov -L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov -L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB -LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv -bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB -hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C -D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt -HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8 -LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA -DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7 -dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1 -1VE7rIcEbw== ------END CERTIFICATE----- - ------BEGIN CERTIFICATE----- -MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp -b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh -oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM -IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg -llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh -7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c -RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx -PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC -AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD -VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv -bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB -AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy -dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN -AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx -3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI -tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo -ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js -9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa -kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm -GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc -QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje -3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx -AeKCINT+b72x ------END CERTIFICATE----- - ------BEGIN CERTIFICATE----- -MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn -dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ -FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ -5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG -x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX -2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL -OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 -sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C -GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 -WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E -FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt -rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ -nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg -tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW -sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp -pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA -zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq -ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 -7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I -LaZRfyHBNVOFBkpdn627G190 ------END CERTIFICATE----- -- cgit v1.2.3 From f7d979b21fc0a705105adbbc708645f94af6629c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Feb 2016 02:48:28 +0100 Subject: s 1 wolf: provide cgit mirror --- krebs/3modules/shared/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 518e46587..91d92857b 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -50,6 +50,7 @@ in { addrs6 = ["42:0:0:0:0:0:77:1"]; aliases = [ "wolf.retiolum" + "cgit.wolf.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From cc1a230fd2742b6ccadd0837d9cf569f246375aa Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Feb 2016 02:55:28 +0100 Subject: k 5 test: cac -> cac-api, cacpanel -> cac-panel --- krebs/5pkgs/test/infest-cac-centos7/default.nix | 6 +++--- krebs/5pkgs/test/infest-cac-centos7/notes | 26 ++++++++++++------------- 2 files changed, 16 insertions(+), 16 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index 886e250e2..7adb09ca9 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -1,4 +1,4 @@ -{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }: +{ stdenv, coreutils,makeWrapper, cac-api, cac-panel, gnumake, gnused, jq, openssh, ... }: stdenv.mkDerivation rec { name = "${shortname}-${version}"; @@ -14,8 +14,8 @@ stdenv.mkDerivation rec { path = stdenv.lib.makeSearchPath "bin" [ coreutils - cac - cacpanel + cac-api + cac-panel gnumake gnused jq diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes index 6bfb6906e..793ef3560 100755 --- a/krebs/5pkgs/test/infest-cac-centos7/notes +++ b/krebs/5pkgs/test/infest-cac-centos7/notes @@ -1,6 +1,6 @@ #! /bin/sh -# nix-shell -p gnumake jq openssh cac cacpanel +# nix-shell -p gnumake jq openssh cac-api cac-panel set -eufx # 2 secrets are required: @@ -40,22 +40,22 @@ defer "rm -r $krebs_secrets" cat > $sec_file <&1) + out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1) if name=$(echo "$out" | jq -r .servername);then id=servername:$name echo "got a working machine, id=$id" @@ -87,7 +87,7 @@ while true;do # die on timeout if ! wait_login_cac $id;then echo "unable to boot a working system within time frame, retrying..." >&2 - echo "Cleaning up old image,last status: $(cac update;cac getserver $id | jq -r .status)" + echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)" eval "$(clear_defer | sed 's/;exit//')" sleep 15 else @@ -96,17 +96,17 @@ while true;do fi done clear_defer >/dev/null -defer "cac delete $id;$old_trapstr" +defer "cac-api delete $id;$old_trapstr" mkdir -p shared/2configs/temp -cac generatenetworking $id > \ +cac-api generatenetworking $id > \ shared/2configs/temp/networking.nix # new temporary ssh key we will use to log in after infest ssh-keygen -f $krebs_ssh -N "" cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv # we override the directories for secrets and stockholm # additionally we set the ssh key we generated -ip=$(cac getserver $id | jq -r .ip) +ip=$(cac-api getserver $id | jq -r .ip) cat > shared/2configs/temp/dirs.nix < $krebs_secrets/infest sh -x $krebs_secrets/infest # TODO: generate secrets directory $krebs_secrets for nix import -cac powerop $id reset +cac-api powerop $id reset wait_login(){ # timeout -- cgit v1.2.3 From db0e7dfe82fbed065afb16f41b46900767d69a96 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 04:23:10 +0100 Subject: cac-cert: add default.nix --- krebs/5pkgs/cac-cert/default.nix | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 krebs/5pkgs/cac-cert/default.nix (limited to 'krebs') diff --git a/krebs/5pkgs/cac-cert/default.nix b/krebs/5pkgs/cac-cert/default.nix new file mode 100644 index 000000000..d99019dca --- /dev/null +++ b/krebs/5pkgs/cac-cert/default.nix @@ -0,0 +1,2 @@ +{ writeText, ... }: +writeText "cac.pem" (builtins.readFile ./cac.pem) -- cgit v1.2.3 From 65977c6108d9517d58a6bd6ce8676c6a7b97615e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 04:44:26 +0100 Subject: RIP current-date --- krebs/default.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'krebs') diff --git a/krebs/default.nix b/krebs/default.nix index df2d95483..e9ee71b34 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,5 +1,4 @@ -{ current-date -, current-host-name +{ current-host-name , current-user-name , lib , stockholm @@ -21,7 +20,6 @@ let out = { config = get-config system; in '' #! /bin/sh - # ${current-date} ${current-user-name}@${current-host-name} # krebs.deploy set -efu (${populate args}) @@ -39,7 +37,6 @@ let out = { config = get-config system; in '' #! /bin/sh - # ${current-date} ${current-user-name}@${current-host-name} # krebs.infest set -efu @@ -64,7 +61,6 @@ let out = { config = get-config system; in '' #! /bin/sh - # ${current-date} ${current-user-name}@${current-host-name} # krebs.init set -efu @@ -100,7 +96,6 @@ let out = { }@args: let in '' #! /bin/sh - # ${current-date} ${current-user-name}@${current-host-name} # krebs.nixos-install (${populate (args // { root = "/mnt"; })}) @@ -196,7 +191,6 @@ let out = { nix-env \ --show-trace \ -f '' \ - --argstr current-date ${lib.shell.escape current-date} \ --argstr current-host-name ${lib.shell.escape current-host-name} \ --argstr current-user-name ${lib.shell.escape current-user-name} \ --profile ${lib.shell.escape config.krebs.build.profile} \ @@ -216,7 +210,6 @@ let out = { }@args: let out = '' #! /bin/sh - # ${current-date} ${current-user-name}@${current-host-name} set -efu ${lib.concatStringsSep "\n" (lib.concatMap -- cgit v1.2.3 From b857a48632128be0324c68be95bee16fb0f1b15f Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 05:40:26 +0100 Subject: krebs.build.populate: init and drop support for v1 --- krebs/3modules/build.nix | 218 ++++++++++++++++++++++++++++++++--------------- krebs/default.nix | 95 +-------------------- krebs/v2/default.nix | 132 ---------------------------- 3 files changed, 150 insertions(+), 295 deletions(-) delete mode 100644 krebs/v2/default.nix (limited to 'krebs') diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 0f8aec89d..00142acdd 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -28,81 +28,157 @@ let type = types.user; }; - options.krebs.build.source-version = mkOption { - type = types.enum [ 1 2 ]; - default = 1; + options.krebs.build.source = let + raw = types.either types.str types.path; + url = types.submodule { + options = { + url = mkOption { + type = types.str; + }; + rev = mkOption { + type = types.str; + }; + dev = mkOption { + type = types.str; + }; + }; + }; + in mkOption { + type = types.attrsOf (types.either types.str url); + apply = let f = mapAttrs (_: value: { + string = value; + path = toString value; + set = f value; + }.${typeOf value}); in f; + default = {}; }; - options.krebs.build.source = getAttr "v${toString config.krebs.build.source-version}" { - v1 = { - dir = mkOption { - type = let - default-host = config.krebs.current.host; - in types.attrsOf (types.submodule ({ config, ... }: { - options = { - host = mkOption { - type = types.host; - default = default-host; - }; - path = mkOption { - type = types.str; - }; - target-path = mkOption { - type = types.str; - default = "/root/${config._module.args.name}"; - }; - url = mkOption { - type = types.str; - default = "file://${config.host.name}${config.path}"; - }; - }; - })); - default = {}; - }; + options.krebs.build.populate = mkOption { + type = types.str; + default = let + source = config.krebs.build.source; + target-user = maybeEnv "target_user" "root"; + target-host = maybeEnv "target_host" config.krebs.build.host.name; + target-path = maybeEnv "target_path" "/var/src"; + out = '' + #! /bin/sh + set -eu - git = mkOption { - type = with types; attrsOf (submodule ({ config, ... }: { - options = { - url = mkOption { - type = types.str; # TODO must be shell safe - }; - rev = mkOption { - type = types.str; - }; - target-path = mkOption { - type = types.str; - default = "/root/${config._module.args.name}"; - }; - }; - })); - default = {}; - }; - }; + verbose() { + printf '+%s\n' "$(printf ' %q' "$@")" >&2 + "$@" + } - v2 = let - raw = types.either types.str types.path; - url = types.submodule { - options = { - url = mkOption { - type = types.str; - }; - rev = mkOption { - type = types.str; - }; - dev = mkOption { - type = types.str; - }; - }; - }; - in mkOption { - type = types.attrsOf (types.either types.str url); - apply = let f = mapAttrs (_: value: { - string = value; - path = toString value; - set = f value; - }.${typeOf value}); in f; - default = {}; - }; + echo ${shell.escape git-script} \ + | ssh ${shell.escape "${target-user}@${target-host}"} -T + + unset tmpdir + trap ' + rm "$tmpdir"/* + rmdir "$tmpdir" + trap - EXIT INT QUIT + ' EXIT INT QUIT + tmpdir=$(mktemp -dt stockholm.XXXXXXXX) + chmod 0755 "$tmpdir" + + ${concatStringsSep "\n" + (mapAttrsToList + (name: spec: let dst = removePrefix "symlink:" (get-url spec); in + "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}") + symlink-specs)} + + verbose proot \ + -b $tmpdir:${shell.escape target-path} \ + ${concatStringsSep " \\\n " + (mapAttrsToList + (name: spec: + "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}") + file-specs)} \ + rsync \ + -f ${shell.escape "P /*"} \ + ${concatMapStringsSep " \\\n " + (name: "-f ${shell.escape "R /${name}"}") + (attrNames file-specs)} \ + --delete \ + -vFrlptD \ + ${shell.escape target-path}/ \ + ${shell.escape "${target-user}@${target-host}:${target-path}"} + ''; + + get-schema = uri: + if substring 0 1 uri == "/" + then "file" + else head (splitString ":" uri); + + has-schema = schema: uri: get-schema uri == schema; + + get-url = spec: { + string = spec; + path = toString spec; + set = get-url spec.url; + }.${typeOf spec}; + + git-specs = + filterAttrs (_: spec: has-schema "https" (get-url spec)) source // + filterAttrs (_: spec: has-schema "http" (get-url spec)) source // + filterAttrs (_: spec: has-schema "git" (get-url spec)) source; + + file-specs = + filterAttrs (_: spec: has-schema "file" (get-url spec)) source; + + symlink-specs = + filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source; + + git-script = '' + #! /bin/sh + set -efu + + verbose() { + printf '+%s\n' "$(printf ' %q' "$@")" >&2 + "$@" + } + + fetch_git() {( + dst_dir=$1 + src_url=$2 + src_ref=$3 + + if ! test -e "$dst_dir"; then + git clone "$src_url" "$dst_dir" + fi + + cd "$dst_dir" + + if ! url=$(git config remote.origin.url); then + git remote add origin "$src_url" + elif test "$url" != "$src_url"; then + git remote set-url origin "$src_url" + fi + + # TODO resolve src_ref to commit hash + hash=$src_ref + + if ! test "$(git log --format=%H -1)" = "$hash"; then + git fetch origin + git checkout "$hash" -- "$dst_dir" + git checkout "$hash" + fi + + git clean -dxf + )} + + ${concatStringsSep "\n" + (mapAttrsToList + (name: spec: toString (map shell.escape [ + "verbose" + "fetch_git" + "${target-path}/${name}" + spec.url + spec.rev + ])) + git-specs)} + ''; + in out; }; }; diff --git a/krebs/default.nix b/krebs/default.nix index e9ee71b34..17c035896 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,3 +1,5 @@ +assert false; + { current-host-name , current-user-name , lib @@ -6,30 +8,11 @@ }: let out = { - inherit deploy; inherit infest; inherit init; inherit nixos-install; - inherit populate; }; - deploy = - { system ? current-host-name - , target ? system - }@args: let - config = get-config system; - in '' - #! /bin/sh - # krebs.deploy - set -efu - (${populate args}) - ${rootssh target '' - ${nix-install args} - ${config.krebs.build.profile}/bin/switch-to-configuration switch - ''} - echo OK - ''; - infest = { system ? current-host-name , target ? system @@ -45,9 +28,6 @@ let out = { ${builtins.readFile ./4lib/infest/install-nix.sh} ''} - # Prepare target source via bind-mounting - - (${nixos-install args}) ${rootssh target '' @@ -169,9 +149,7 @@ let out = { get-config = system: let config = stockholm.users.${current-user-name}.${system}.config or (abort "unknown system: ${system}, user: ${current-user-name}"); - in - assert config.krebs.build.source-version == 1; - config; + in config; nix-install = { system ? current-host-name @@ -203,73 +181,6 @@ let out = { ])} ''; - populate = - { system ? current-host-name - , target ? system - , root ? "" - }@args: - let out = '' - #! /bin/sh - set -efu - ${lib.concatStringsSep "\n" - (lib.concatMap - (type: lib.mapAttrsToList (_: methods.${type}) - config.krebs.build.source.${type}) - ["dir" "git"])} - ''; - - - config = get-config system; - - current-host = config.krebs.hosts.${current-host-name}; - current-user = config.krebs.users.${current-user-name}; - - methods.dir = config: - let - can-push = config.host.name == current-host.name; - target-path = root + config.target-path; - push-method = '' - rsync \ - --exclude .git \ - --exclude .graveyard \ - --exclude old \ - --exclude tmp \ - --rsync-path='mkdir -p ${target-path} && rsync' \ - --delete-excluded \ - -vrlptD \ - ${config.path}/ \ - root@${target}:${target-path} - ''; - in - if can-push then push-method else - let dir = "file://${config.host.name}${config.path}"; in - # /!\ revise this message when using more than just push-method - throw "No way to push ${dir} from ${current-host.name} to ${target}"; - - methods.git = config: - let target-path = root + config.target-path; - in rootssh target '' - mkdir -p ${target-path} - cd ${target-path} - if ! test -e .git; then - git init - fi - if ! cur_url=$(git config remote.origin.url 2>/dev/null); then - git remote add origin ${config.url} - elif test "$cur_url" != ${config.url}; then - git remote set-url origin ${config.url} - fi - if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then - git fetch origin - git checkout ${config.rev} -- . - git checkout -q ${config.rev} - git submodule init - git submodule update - fi - git clean -dxf - ''; - in out; - rootssh = target: script: let flags = "-o StrictHostKeyChecking=${StrictHostKeyChecking}"; diff --git a/krebs/v2/default.nix b/krebs/v2/default.nix deleted file mode 100644 index cba7a75ff..000000000 --- a/krebs/v2/default.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ lib -, source -, target-user ? "root" -, target-host -, target-path ? "/var/src" -}: -with lib; -let - out = { - inherit populate; - }; - - populate = '' - #! /bin/sh - set -eu - - verbose() { - printf '+%s\n' "$(printf ' %q' "$@")" >&2 - "$@" - } - - echo ${shell.escape git-script} \ - | ssh ${shell.escape "${target-user}@${target-host}"} -T - - unset tmpdir - trap ' - rm "$tmpdir"/* - rmdir "$tmpdir" - trap - EXIT INT QUIT - ' EXIT INT QUIT - tmpdir=$(mktemp -dt stockholm.XXXXXXXX) - chmod 0755 "$tmpdir" - - ${concatStringsSep "\n" - (mapAttrsToList - (name: spec: let dst = removePrefix "symlink:" (get-url spec); in - "verbose ln -s ${shell.escape dst} $tmpdir/${shell.escape name}") - symlink-specs)} - - verbose proot \ - -b $tmpdir:${shell.escape target-path} \ - ${concatStringsSep " \\\n " - (mapAttrsToList - (name: spec: - "-b ${shell.escape "${get-url spec}:${target-path}/${name}"}") - file-specs)} \ - rsync \ - -f ${shell.escape "P /*"} \ - ${concatMapStringsSep " \\\n " - (name: "-f ${shell.escape "R /${name}"}") - (attrNames file-specs)} \ - --delete \ - -vFrlptD \ - ${shell.escape target-path}/ \ - ${shell.escape "${target-user}@${target-host}:${target-path}"} - ''; - - get-schema = uri: - if substring 0 1 uri == "/" - then "file" - else head (splitString ":" uri); - - has-schema = schema: uri: get-schema uri == schema; - - get-url = spec: { - string = spec; - path = toString spec; - set = get-url spec.url; - }.${typeOf spec}; - - git-specs = - filterAttrs (_: spec: has-schema "https" (get-url spec)) source // - filterAttrs (_: spec: has-schema "http" (get-url spec)) source // - filterAttrs (_: spec: has-schema "git" (get-url spec)) source; - - file-specs = - filterAttrs (_: spec: has-schema "file" (get-url spec)) source; - - symlink-specs = - filterAttrs (_: spec: has-schema "symlink" (get-url spec)) source; - - git-script = '' - #! /bin/sh - set -efu - - verbose() { - printf '+%s\n' "$(printf ' %q' "$@")" >&2 - "$@" - } - - fetch_git() {( - dst_dir=$1 - src_url=$2 - src_ref=$3 - - if ! test -e "$dst_dir"; then - git clone "$src_url" "$dst_dir" - fi - - cd "$dst_dir" - - if ! url=$(git config remote.origin.url); then - git remote add origin "$src_url" - elif test "$url" != "$src_url"; then - git remote set-url origin "$src_url" - fi - - # TODO resolve src_ref to commit hash - hash=$src_ref - - if ! test "$(git log --format=%H -1)" = "$hash"; then - git fetch origin - git checkout "$hash" -- "$dst_dir" - git checkout "$hash" - fi - - git clean -dxf - )} - - ${concatStringsSep "\n" - (mapAttrsToList - (name: spec: toString (map shell.escape [ - "verbose" - "fetch_git" - "${target-path}/${name}" - spec.url - spec.rev - ])) - git-specs)} - ''; - -in out -- cgit v1.2.3 From d739448ab940da4ed5bdf9be5398f6b93b854412 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 12:46:09 +0100 Subject: krebs.build.populate: cleanup (less) harder --- krebs/3modules/build.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 00142acdd..0da5dd38a 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -74,7 +74,7 @@ let unset tmpdir trap ' - rm "$tmpdir"/* + rm -f "$tmpdir"/* rmdir "$tmpdir" trap - EXIT INT QUIT ' EXIT INT QUIT -- cgit v1.2.3 From e402c8ce1d2786abafc1efdc64adca84d174a756 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 4 Feb 2016 13:07:47 +0100 Subject: k 3 git.nix: flesh out rules description --- krebs/3modules/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 7b28ffca8..11cf21b5f 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -92,7 +92,7 @@ let } ''; description = '' - Rules. + access and permission rules for git repositories. ''; }; }; -- cgit v1.2.3 From cb264dfb9119de4fb6d081171473e4276cdbb9d5 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 5 Feb 2016 15:11:22 +0100 Subject: urlwatch: 2.0 -> 2.1 --- krebs/5pkgs/urlwatch/default.nix | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/urlwatch/default.nix b/krebs/5pkgs/urlwatch/default.nix index d9b595314..780ad24f5 100644 --- a/krebs/5pkgs/urlwatch/default.nix +++ b/krebs/5pkgs/urlwatch/default.nix @@ -1,29 +1,18 @@ { stdenv, fetchurl, python3Packages }: python3Packages.buildPythonPackage rec { - name = "urlwatch-2.0"; + name = "urlwatch-2.1"; src = fetchurl { url = "https://thp.io/2008/urlwatch/${name}.tar.gz"; - sha256 = "0j38qzw4jxw41vnnpi6j851hqpv8d6p1cbni6cv8r2vqf5307s3b"; + sha256 = "0xn435cml9wjwk39117p1diqmvw3jbmv9ccr7230iaf7z59vf9v6"; }; propagatedBuildInputs = with python3Packages; [ - pyyaml keyring - (python3Packages.buildPythonPackage rec { - name = "minidb-2.0.1"; - src = fetchurl { - url = "https://thp.io/2010/minidb/${name}.tar.gz"; - sha256 = "1x958zr9jc26vaqij451qb9m2l7apcpz34ir9fwfjg4fwv24z2dy"; - }; - meta = { - description = "A simple SQLite3-based store for Python objects"; - homepage = https://thp.io/2010/minidb/; - license = stdenv.lib.licenses.isc; - maintainers = [ stdenv.lib.maintainers.tv ]; - }; - }) + minidb + pyyaml + requests2 ]; postFixup = '' @@ -36,4 +25,4 @@ python3Packages.buildPythonPackage rec { license = stdenv.lib.licenses.bsd3; maintainers = [ stdenv.lib.maintainers.tv ]; }; -}# +} -- cgit v1.2.3 From 23c7c10f5a5ed83dca001d7382e5b89981277f8c Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 15:11:30 +0100 Subject: krebs.retiolum.hosts: change type to attrsOf host --- krebs/3modules/retiolum.nix | 46 +++++++++++++++++----------------- krebs/4lib/types.nix | 16 ++++++------ krebs/Zhosts/Styx | 10 -------- krebs/Zhosts/ThinkArmageddon | 9 ------- krebs/Zhosts/TriBot | 11 -------- krebs/Zhosts/ach | 11 -------- krebs/Zhosts/air | 11 -------- krebs/Zhosts/alarmpi | 11 -------- krebs/Zhosts/albi10 | 11 -------- krebs/Zhosts/albi7 | 10 -------- krebs/Zhosts/almoehi | 11 -------- krebs/Zhosts/alphalabs | 10 -------- krebs/Zhosts/apfull | 11 -------- krebs/Zhosts/bitchctl | 11 -------- krebs/Zhosts/bitchextend | 11 -------- krebs/Zhosts/bitchtop | 11 -------- krebs/Zhosts/bobby | 11 -------- krebs/Zhosts/box | 10 -------- krebs/Zhosts/bridge | 12 --------- krebs/Zhosts/c2ft | 10 -------- krebs/Zhosts/c2fthome | 10 -------- krebs/Zhosts/casino | 11 -------- krebs/Zhosts/cat1 | 11 -------- krebs/Zhosts/cband | 11 -------- krebs/Zhosts/cd | 17 ------------- krebs/Zhosts/cloudkrebs | 12 --------- krebs/Zhosts/darth | 12 --------- krebs/Zhosts/dei | 11 -------- krebs/Zhosts/destroy | 11 -------- krebs/Zhosts/devstar | 11 -------- krebs/Zhosts/echelon | 12 --------- krebs/Zhosts/eigenserv | 11 -------- krebs/Zhosts/elvis | 12 --------- krebs/Zhosts/eulerwalk | 11 -------- krebs/Zhosts/exile | 9 ------- krebs/Zhosts/exitium_mobilis | 10 -------- krebs/Zhosts/falk | 11 -------- krebs/Zhosts/fastpoke | 12 --------- krebs/Zhosts/filebitch | 11 -------- krebs/Zhosts/filepimp | 11 -------- krebs/Zhosts/flap | 12 --------- krebs/Zhosts/foobar | 11 -------- krebs/Zhosts/fuerkrebs | 10 -------- krebs/Zhosts/gum | 15 ----------- krebs/Zhosts/heidi | 11 -------- krebs/Zhosts/horisa | 12 --------- krebs/Zhosts/horreum_magnus | 15 ----------- krebs/Zhosts/incept | 13 ---------- krebs/Zhosts/ire | 12 --------- krebs/Zhosts/ire2 | 9 ------- krebs/Zhosts/irkel | 12 --------- krebs/Zhosts/juhulian | 11 -------- krebs/Zhosts/k2 | 28 --------------------- krebs/Zhosts/kabinett | 11 -------- krebs/Zhosts/kaepsele | 11 -------- krebs/Zhosts/kalle | 11 -------- krebs/Zhosts/karthus | 10 -------- krebs/Zhosts/kebsco | 11 -------- krebs/Zhosts/khackplug | 11 -------- krebs/Zhosts/kheurop | 12 --------- krebs/Zhosts/kiosk | 12 --------- krebs/Zhosts/krebsplug | 10 -------- krebs/Zhosts/kvasir | 11 -------- krebs/Zhosts/laqueus | 11 -------- krebs/Zhosts/linuxatom | 11 -------- krebs/Zhosts/luminos | 11 -------- krebs/Zhosts/machine | 11 -------- krebs/Zhosts/makalu | 11 -------- krebs/Zhosts/mako | 11 -------- krebs/Zhosts/miefda0 | 10 -------- krebs/Zhosts/minikrebs | 10 -------- krebs/Zhosts/mkdir | 11 -------- krebs/Zhosts/monitor | 11 -------- krebs/Zhosts/mors | 10 -------- krebs/Zhosts/motor | 12 --------- krebs/Zhosts/mu | 10 -------- krebs/Zhosts/muhbaasu | 13 ---------- krebs/Zhosts/nomic | 10 -------- krebs/Zhosts/nomic2 | 10 -------- krebs/Zhosts/nukular | 11 -------- krebs/Zhosts/omo | 9 ------- krebs/Zhosts/pic | 11 -------- krebs/Zhosts/pigstarter | 13 ---------- krebs/Zhosts/pike | 11 -------- krebs/Zhosts/pnp | 11 -------- krebs/Zhosts/pornocauster | 10 -------- krebs/Zhosts/prism | 12 --------- krebs/Zhosts/radiotuxmini | 11 -------- krebs/Zhosts/random | 10 -------- krebs/Zhosts/raspafari | 11 -------- krebs/Zhosts/reimae | 12 --------- krebs/Zhosts/rmdir | 11 -------- krebs/Zhosts/robchina | 11 -------- krebs/Zhosts/rockit | 11 -------- krebs/Zhosts/rtjure_debian_oder_so | 11 -------- krebs/Zhosts/rtjure_ras | 11 -------- krebs/Zhosts/rtjure_rdrlab_linkstation | 11 -------- krebs/Zhosts/rubus | 9 ------- krebs/Zhosts/senderechner | 10 -------- krebs/Zhosts/serenity | 11 -------- krebs/Zhosts/seruundroid | 12 --------- krebs/Zhosts/sir_krebs_a_lot | 11 -------- krebs/Zhosts/skirfir | 11 -------- krebs/Zhosts/sleipnir | 12 --------- krebs/Zhosts/smove | 9 ------- krebs/Zhosts/sokrates | 11 -------- krebs/Zhosts/sokrateslaptop | 11 -------- krebs/Zhosts/soundflower | 10 -------- krebs/Zhosts/steve | 10 -------- krebs/Zhosts/stro | 10 -------- krebs/Zhosts/tahoe | 12 --------- krebs/Zhosts/taschenkrebs | 11 -------- krebs/Zhosts/terrapi | 11 -------- krebs/Zhosts/thomasDOTde | 9 ------- krebs/Zhosts/tincdroid | 9 ------- krebs/Zhosts/tmpd | 11 -------- krebs/Zhosts/tpsw | 11 -------- krebs/Zhosts/tsp | 16 ------------ krebs/Zhosts/ufo | 11 -------- krebs/Zhosts/uriel | 11 -------- krebs/Zhosts/vault | 10 -------- krebs/Zhosts/vbob | 9 ------- krebs/Zhosts/voyager | 17 ------------- krebs/Zhosts/wbob | 10 -------- krebs/Zhosts/wolf | 10 -------- krebs/Zhosts/wooktop | 11 -------- krebs/Zhosts/wry | 16 ------------ krebs/Zhosts/wu | 10 -------- krebs/Zhosts/xu | 13 ---------- krebs/Zhosts/ytart | 9 ------- krebs/Zhosts/zombiecancer | 11 -------- 131 files changed, 32 insertions(+), 1476 deletions(-) delete mode 100644 krebs/Zhosts/Styx delete mode 100644 krebs/Zhosts/ThinkArmageddon delete mode 100644 krebs/Zhosts/TriBot delete mode 100644 krebs/Zhosts/ach delete mode 100644 krebs/Zhosts/air delete mode 100644 krebs/Zhosts/alarmpi delete mode 100644 krebs/Zhosts/albi10 delete mode 100644 krebs/Zhosts/albi7 delete mode 100644 krebs/Zhosts/almoehi delete mode 100644 krebs/Zhosts/alphalabs delete mode 100644 krebs/Zhosts/apfull delete mode 100644 krebs/Zhosts/bitchctl delete mode 100644 krebs/Zhosts/bitchextend delete mode 100644 krebs/Zhosts/bitchtop delete mode 100644 krebs/Zhosts/bobby delete mode 100644 krebs/Zhosts/box delete mode 100644 krebs/Zhosts/bridge delete mode 100644 krebs/Zhosts/c2ft delete mode 100644 krebs/Zhosts/c2fthome delete mode 100644 krebs/Zhosts/casino delete mode 100644 krebs/Zhosts/cat1 delete mode 100644 krebs/Zhosts/cband delete mode 100644 krebs/Zhosts/cd delete mode 100644 krebs/Zhosts/cloudkrebs delete mode 100644 krebs/Zhosts/darth delete mode 100644 krebs/Zhosts/dei delete mode 100644 krebs/Zhosts/destroy delete mode 100644 krebs/Zhosts/devstar delete mode 100644 krebs/Zhosts/echelon delete mode 100644 krebs/Zhosts/eigenserv delete mode 100644 krebs/Zhosts/elvis delete mode 100644 krebs/Zhosts/eulerwalk delete mode 100644 krebs/Zhosts/exile delete mode 100644 krebs/Zhosts/exitium_mobilis delete mode 100644 krebs/Zhosts/falk delete mode 100644 krebs/Zhosts/fastpoke delete mode 100644 krebs/Zhosts/filebitch delete mode 100644 krebs/Zhosts/filepimp delete mode 100644 krebs/Zhosts/flap delete mode 100644 krebs/Zhosts/foobar delete mode 100644 krebs/Zhosts/fuerkrebs delete mode 100644 krebs/Zhosts/gum delete mode 100644 krebs/Zhosts/heidi delete mode 100644 krebs/Zhosts/horisa delete mode 100644 krebs/Zhosts/horreum_magnus delete mode 100644 krebs/Zhosts/incept delete mode 100644 krebs/Zhosts/ire delete mode 100644 krebs/Zhosts/ire2 delete mode 100644 krebs/Zhosts/irkel delete mode 100644 krebs/Zhosts/juhulian delete mode 100644 krebs/Zhosts/k2 delete mode 100644 krebs/Zhosts/kabinett delete mode 100644 krebs/Zhosts/kaepsele delete mode 100644 krebs/Zhosts/kalle delete mode 100644 krebs/Zhosts/karthus delete mode 100644 krebs/Zhosts/kebsco delete mode 100644 krebs/Zhosts/khackplug delete mode 100644 krebs/Zhosts/kheurop delete mode 100644 krebs/Zhosts/kiosk delete mode 100644 krebs/Zhosts/krebsplug delete mode 100644 krebs/Zhosts/kvasir delete mode 100644 krebs/Zhosts/laqueus delete mode 100644 krebs/Zhosts/linuxatom delete mode 100644 krebs/Zhosts/luminos delete mode 100644 krebs/Zhosts/machine delete mode 100644 krebs/Zhosts/makalu delete mode 100644 krebs/Zhosts/mako delete mode 100644 krebs/Zhosts/miefda0 delete mode 100644 krebs/Zhosts/minikrebs delete mode 100644 krebs/Zhosts/mkdir delete mode 100644 krebs/Zhosts/monitor delete mode 100644 krebs/Zhosts/mors delete mode 100644 krebs/Zhosts/motor delete mode 100644 krebs/Zhosts/mu delete mode 100644 krebs/Zhosts/muhbaasu delete mode 100644 krebs/Zhosts/nomic delete mode 100644 krebs/Zhosts/nomic2 delete mode 100644 krebs/Zhosts/nukular delete mode 100644 krebs/Zhosts/omo delete mode 100644 krebs/Zhosts/pic delete mode 100644 krebs/Zhosts/pigstarter delete mode 100644 krebs/Zhosts/pike delete mode 100644 krebs/Zhosts/pnp delete mode 100644 krebs/Zhosts/pornocauster delete mode 100644 krebs/Zhosts/prism delete mode 100644 krebs/Zhosts/radiotuxmini delete mode 100644 krebs/Zhosts/random delete mode 100644 krebs/Zhosts/raspafari delete mode 100644 krebs/Zhosts/reimae delete mode 100644 krebs/Zhosts/rmdir delete mode 100644 krebs/Zhosts/robchina delete mode 100644 krebs/Zhosts/rockit delete mode 100644 krebs/Zhosts/rtjure_debian_oder_so delete mode 100644 krebs/Zhosts/rtjure_ras delete mode 100644 krebs/Zhosts/rtjure_rdrlab_linkstation delete mode 100644 krebs/Zhosts/rubus delete mode 100644 krebs/Zhosts/senderechner delete mode 100644 krebs/Zhosts/serenity delete mode 100644 krebs/Zhosts/seruundroid delete mode 100644 krebs/Zhosts/sir_krebs_a_lot delete mode 100644 krebs/Zhosts/skirfir delete mode 100644 krebs/Zhosts/sleipnir delete mode 100644 krebs/Zhosts/smove delete mode 100644 krebs/Zhosts/sokrates delete mode 100644 krebs/Zhosts/sokrateslaptop delete mode 100644 krebs/Zhosts/soundflower delete mode 100644 krebs/Zhosts/steve delete mode 100644 krebs/Zhosts/stro delete mode 100644 krebs/Zhosts/tahoe delete mode 100644 krebs/Zhosts/taschenkrebs delete mode 100644 krebs/Zhosts/terrapi delete mode 100644 krebs/Zhosts/thomasDOTde delete mode 100644 krebs/Zhosts/tincdroid delete mode 100644 krebs/Zhosts/tmpd delete mode 100644 krebs/Zhosts/tpsw delete mode 100644 krebs/Zhosts/tsp delete mode 100644 krebs/Zhosts/ufo delete mode 100644 krebs/Zhosts/uriel delete mode 100644 krebs/Zhosts/vault delete mode 100644 krebs/Zhosts/vbob delete mode 100644 krebs/Zhosts/voyager delete mode 100644 krebs/Zhosts/wbob delete mode 100644 krebs/Zhosts/wolf delete mode 100644 krebs/Zhosts/wooktop delete mode 100644 krebs/Zhosts/wry delete mode 100644 krebs/Zhosts/wu delete mode 100644 krebs/Zhosts/xu delete mode 100644 krebs/Zhosts/ytart delete mode 100644 krebs/Zhosts/zombiecancer (limited to 'krebs') diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index e0e2692a8..08ac96461 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -1,6 +1,4 @@ { config, pkgs, lib, ... }: - -with builtins; with lib; let cfg = config.krebs.retiolum; @@ -40,7 +38,7 @@ let ''; }; - network = mkOption { + netname = mkOption { type = types.str; default = "retiolum"; description = '' @@ -65,10 +63,13 @@ let }; hosts = mkOption { - type = with types; either package path; - default = ../Zhosts; + type = with types; attrsOf host; + default = + filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts; description = '' - If a path is given, then it will be used to generate an ad-hoc package. + Hosts which should be part of the tinc configuration. + Note that these hosts must have a correspondingly named network + configured, see config.krebs.retiolum.netname. ''; }; @@ -104,7 +105,7 @@ let }; imp = { - environment.systemPackages = [ tinc hosts iproute ]; + environment.systemPackages = [ tinc iproute ]; networking.extraHosts = retiolumExtraHosts; @@ -140,17 +141,16 @@ let tinc = cfg.tincPackage; - hosts = getAttr (typeOf cfg.hosts) { - package = cfg.hosts; - path = pkgs.stdenv.mkDerivation { - name = "custom-retiolum-hosts"; - src = cfg.hosts; - installPhase = '' - mkdir $out - find . -name .git -prune -o -type f -print0 \ - | xargs -0 cp --target-directory $out - ''; - }; + tinc-hosts = pkgs.stdenv.mkDerivation { + name = "${cfg.netname}-tinc-hosts"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir $out + ${concatStrings (mapAttrsToList (_: host: '' + echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \ + > $out/${shell.escape host.name} + '') cfg.hosts)} + ''; }; iproute = cfg.iproutePackage; @@ -159,7 +159,7 @@ let { } '' generate() { - (cd ${hosts} + (cd ${tinc-hosts} printf \'\' for i in `ls`; do names=$(hostnames $i) @@ -180,11 +180,11 @@ let generate ;; long) - hostnames() { echo "$1.${cfg.network}"; } + hostnames() { echo "$1.${cfg.netname}"; } generate ;; both) - hostnames() { echo "$1.${cfg.network} $1"; } + hostnames() { echo "$1.${cfg.netname} $1"; } generate ;; *) @@ -203,12 +203,12 @@ let mkdir -p $out - ln -s ${hosts} $out/hosts + ln -s ${tinc-hosts} $out/hosts cat > $out/tinc.conf < Date: Sat, 6 Feb 2016 15:43:24 +0100 Subject: krebs.retiolum: don't generate extraHosts --- krebs/3modules/default.nix | 1 - krebs/3modules/retiolum.nix | 54 ++------------------------------------------- 2 files changed, 2 insertions(+), 53 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ba1f425d9..7418434ea 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -96,7 +96,6 @@ let retiolum = "hosts"; }; - # XXX This overlaps with krebs.retiolum networking.extraHosts = concatStringsSep "\n" (flatten ( mapAttrsToList (hostname: host: mapAttrsToList (netname: net: diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 08ac96461..2bf8aa5db 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -29,22 +29,13 @@ let ''; }; - generateEtcHosts = mkOption { - type = types.str; - default = "both"; - description = '' - If set to short, long, or both, - then generate entries in /etc/hosts from subnets. - ''; - }; - netname = mkOption { type = types.str; default = "retiolum"; description = '' The tinc network name. - It is used to generate long host entries, - and name the TUN device. + It is used to name the TUN device and to generate the default value for + config.krebs.retiolum.hosts. ''; }; @@ -107,8 +98,6 @@ let imp = { environment.systemPackages = [ tinc iproute ]; - networking.extraHosts = retiolumExtraHosts; - systemd.services.retiolum = { description = "Tinc daemon for Retiolum"; after = [ "network.target" ]; @@ -155,45 +144,6 @@ let iproute = cfg.iproutePackage; - retiolumExtraHosts = import (pkgs.runCommand "retiolum-etc-hosts" - { } - '' - generate() { - (cd ${tinc-hosts} - printf \'\' - for i in `ls`; do - names=$(hostnames $i) - for j in `sed -En 's|^ *Aliases *= *(.+)|\1|p' $i`; do - names="$names $(hostnames $j)" - done - sed -En ' - s|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1 '"$names"'|p - ' $i - done | sort - printf \'\' - ) - } - - case ${cfg.generateEtcHosts} in - short) - hostnames() { echo "$1"; } - generate - ;; - long) - hostnames() { echo "$1.${cfg.netname}"; } - generate - ;; - both) - hostnames() { echo "$1.${cfg.netname} $1"; } - generate - ;; - *) - echo '""' - ;; - esac > $out - ''); - - confDir = pkgs.runCommand "retiolum" { # TODO text executable = true; -- cgit v1.2.3 From a1f7f5e510ddc7a35bebe4ec7698e19d83d57c3f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 15:57:43 +0100 Subject: krebs: DRY up shorts of the networking.extraHosts generator --- krebs/3modules/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7418434ea..20eb944e2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -103,10 +103,8 @@ let aliases = longs ++ shorts; providers = dns.split-by-provider net.aliases cfg.dns.providers; longs = providers.hosts; - shorts = - map (removeSuffix ".${cfg.search-domain}") - (filter (hasSuffix ".${cfg.search-domain}") - longs); + shorts = let s = ".${cfg.search-domain}"; in + map (removeSuffix s) (filter (hasSuffix s) longs); in map (addr: "${addr} ${toString aliases}") net.addrs ) (filterAttrs (name: host: host.aliases != []) host.nets) -- cgit v1.2.3 From 171df3acbe8ebe97d690bfb386fbf15bc14984cd Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:15:25 +0100 Subject: tv: adopt kaepsele --- krebs/3modules/tv/default.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 31c1a375a..5f70f8489 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -130,6 +130,35 @@ with lib; }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY"; }; + kaepsele = { + nets = { + internet = { + addrs4 = ["92.222.10.169"]; + aliases = [ + "kaepsele.internet" + # TODO "kaepsele.org" + ]; + }; + retiolum = { + addrs4 = ["10.243.166.2"]; + addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"]; + aliases = [ + "kaepsele.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/ + Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo + rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y + y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu + yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5 + FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; + }; nomic = { cores = 2; dc = "tv"; #dc = "gg23"; -- cgit v1.2.3 From c4655c3baad28525550e7c1d0fb9589e06663a2b Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:21:30 +0100 Subject: krebs.dns.providers: add i and r --- krebs/3modules/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 20eb944e2..529506905 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -92,7 +92,9 @@ let de.krebsco = "zones"; gg23 = "hosts"; shack = "hosts"; + i = "hosts"; internet = "hosts"; + r = "hosts"; retiolum = "hosts"; }; -- cgit v1.2.3 From b16bfb9c99e6f1f063c5b7358003149db42b70e3 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:18:52 +0100 Subject: tv: add .i and .r TLDs --- krebs/3modules/tv/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 5f70f8489..7db5c532e 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -24,6 +24,7 @@ with lib; internet = { addrs4 = ["162.219.7.216"]; aliases = [ + "cd.i" "cd.internet" "cd.krebsco.de" "cgit.cd.krebsco.de" @@ -37,6 +38,7 @@ with lib; addrs4 = ["10.243.113.222"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"]; aliases = [ + "cd.r" "cd.retiolum" "cgit.cd.retiolum" ]; @@ -67,6 +69,7 @@ with lib; internet = { addrs4 = ["104.167.114.142"]; aliases = [ + "mkdir.i" "mkdir.internet" ]; }; @@ -75,6 +78,7 @@ with lib; addrs4 = ["10.243.113.223"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"]; aliases = [ + "mkdir.r" "mkdir.retiolum" "cgit.mkdir.retiolum" ]; @@ -104,6 +108,7 @@ with lib; internet = { addrs4 = ["198.147.22.115"]; aliases = [ + "ire.i" "ire.internet" "ire.krebsco.de" ]; @@ -113,6 +118,7 @@ with lib; addrs4 = ["10.243.231.66"]; addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"]; aliases = [ + "ire.r" "ire.retiolum" ]; tinc.pubkey = '' @@ -135,6 +141,7 @@ with lib; internet = { addrs4 = ["92.222.10.169"]; aliases = [ + "kaepsele.i" "kaepsele.internet" # TODO "kaepsele.org" ]; @@ -143,6 +150,7 @@ with lib; addrs4 = ["10.243.166.2"]; addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"]; aliases = [ + "kaepsele.r" "kaepsele.retiolum" ]; tinc.pubkey = '' @@ -171,6 +179,7 @@ with lib; addrs4 = ["10.243.0.110"]; addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"]; aliases = [ + "nomic.r" "nomic.retiolum" "cgit.nomic.retiolum" ]; @@ -205,6 +214,7 @@ with lib; internet = { addrs4 = ["167.88.34.182"]; aliases = [ + "rmdir.i" "rmdir.internet" ]; }; @@ -213,6 +223,7 @@ with lib; addrs4 = ["10.243.113.224"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"]; aliases = [ + "rmdir.r" "rmdir.retiolum" "cgit.rmdir.retiolum" ]; @@ -260,6 +271,7 @@ with lib; addrs4 = ["10.243.13.37"]; addrs6 = ["42:0:0:0:0:0:0:1337"]; aliases = [ + "wu.r" "wu.retiolum" "cgit.wu.retiolum" ]; @@ -292,6 +304,7 @@ with lib; addrs4 = ["10.243.13.38"]; addrs6 = ["42:0:0:0:0:0:0:1338"]; aliases = [ + "xu.r" "xu.retiolum" ]; tinc.pubkey = '' -- cgit v1.2.3 From 18784b439d6c58eb4102068a5a31e0e46794ee73 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:30:56 +0100 Subject: tv: remove stale krebs/Zpubkeys --- krebs/Zpubkeys/deploy_wu.ssh.pub | 1 - krebs/Zpubkeys/mv_vod.ssh.pub | 1 - 2 files changed, 2 deletions(-) delete mode 100644 krebs/Zpubkeys/deploy_wu.ssh.pub delete mode 100644 krebs/Zpubkeys/mv_vod.ssh.pub (limited to 'krebs') diff --git a/krebs/Zpubkeys/deploy_wu.ssh.pub b/krebs/Zpubkeys/deploy_wu.ssh.pub deleted file mode 100644 index a54a1ca37..000000000 --- a/krebs/Zpubkeys/deploy_wu.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEieAihh+o208aeCA14fAtjzyZN/nrpOJt2vZ5VYZp69 deploy@wu diff --git a/krebs/Zpubkeys/mv_vod.ssh.pub b/krebs/Zpubkeys/mv_vod.ssh.pub deleted file mode 100644 index 7b7d2e260..000000000 --- a/krebs/Zpubkeys/mv_vod.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod -- cgit v1.2.3 From 9742953ee932b96cafb390f7b61edd68499cec82 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:53:35 +0100 Subject: tv: add cgit.*.r aliases --- krebs/3modules/tv/default.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 7db5c532e..b7fd1c54c 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -40,6 +40,7 @@ with lib; aliases = [ "cd.r" "cd.retiolum" + "cgit.cd.r" "cgit.cd.retiolum" ]; tinc.pubkey = '' @@ -80,6 +81,7 @@ with lib; aliases = [ "mkdir.r" "mkdir.retiolum" + "cgit.mkdir.r" "cgit.mkdir.retiolum" ]; tinc.pubkey = '' @@ -181,6 +183,7 @@ with lib; aliases = [ "nomic.r" "nomic.retiolum" + "cgit.nomic.r" "cgit.nomic.retiolum" ]; tinc.pubkey = '' @@ -225,6 +228,7 @@ with lib; aliases = [ "rmdir.r" "rmdir.retiolum" + "cgit.rmdir.r" "cgit.rmdir.retiolum" ]; tinc.pubkey = '' @@ -273,6 +277,7 @@ with lib; aliases = [ "wu.r" "wu.retiolum" + "cgit.wu.r" "cgit.wu.retiolum" ]; tinc.pubkey = '' -- cgit v1.2.3 From c784d271c5dc8783e5e6308baf4f6dd26430bfca Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 18:38:51 +0100 Subject: tv: adopt mu --- krebs/3modules/tv/default.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index b7fd1c54c..9adb0ce11 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -169,6 +169,28 @@ with lib; }; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; }; + mu = { + nets = { + retiolum = { + addrs4 = ["10.243.20.01"]; + addrs6 = ["42:0:0:0:0:0:0:2001"]; + aliases = [ + "mu.r" + "mu.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA + g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE + XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4 + o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1 + QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs + FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; nomic = { cores = 2; dc = "tv"; #dc = "gg23"; -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/10200000.lock: No such file or directory (2)