diff options
author | lassulus <lass@aidsballs.de> | 2016-07-18 12:15:50 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2016-07-18 12:15:50 +0200 |
commit | af1959e3bdaabc004663c2dc2120148c18aa6b7c (patch) | |
tree | e9f5237e90903a3a1fede41dc2300cffd405e817 /krebs/3modules | |
parent | a71a9ed33a92ba901f7c605506bb2c3ee506e6c7 (diff) | |
parent | 33c96a89c5c72218a1c9f16bcea5909cd5135768 (diff) |
Merge remote-tracking branch 'gum/master' into new-populate
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/build.nix | 162 | ||||
-rw-r--r-- | krebs/3modules/tv/default.nix | 27 |
2 files changed, 39 insertions, 150 deletions
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 9cd095622..4848748cd 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,165 +1,27 @@ -{ config, lib, ... }: +{ config, ... }: with config.krebs.lib; -let - out = { +{ + options.krebs.build = { # TODO deprecate krebs.build.host - options.krebs.build.host = mkOption { + host = mkOption { type = types.host; }; - # TODO make krebs.build.profile shell safe - options.krebs.build.profile = mkOption { - type = types.str; + profile = mkOption { + type = types.absolute-path; default = "/nix/var/nix/profiles/system"; }; - # TODO deprecate krebs.build.user - options.krebs.build.user = mkOption { - type = types.user; - }; - - options.krebs.build.source = mkOption { - type = with types; attrsOf (either str (submodule { - options = { - url = str; - rev = str; - }; - })); + source = mkOption { + type = types.attrsOf types.source; default = {}; }; - options.krebs.build.populate = mkOption { - type = types.str; - default = let - target-user = maybeEnv "target_user" "root"; - target-host = maybeEnv "target_host" config.krebs.build.host.name; - target-port = maybeEnv "target_port" "22"; - target-path = maybeEnv "target_path" "/var/src"; - out = '' - #! /bin/sh - set -eu - - ssh=''${ssh-ssh} - - verbose() { - printf '%s%s\n' "$PS5$(printf ' %q' "$@")" >&2 - "$@" - } - - { printf 'PS5=%q%q\n' @ "$PS5" - echo ${shell.escape git-script} - } | verbose $ssh -p ${shell.escape target-port} \ - ${shell.escape "${target-user}@${target-host}"} -T - - unset tmpdir - trap ' - rm -f "$tmpdir"/* - rmdir "$tmpdir" - trap - EXIT INT QUIT - ' EXIT INT QUIT - tmpdir=$(mktemp -dt stockholm.XXXXXXXX) - chmod 0755 "$tmpdir" - - ${concatStringsSep "\n" (mapAttrsToList (name: symlink: '' - verbose ln -s ${shell.escape symlink.target} \ - "$tmpdir"/${shell.escape name} - '') source-by-method.symlink)} - - verbose proot \ - -b "$tmpdir":${shell.escape target-path} \ - ${concatStringsSep " \\\n " (mapAttrsToList (name: file: - "-b ${shell.escape "${file.path}:${target-path}/${name}"}" - ) source-by-method.file)} \ - rsync \ - -f ${shell.escape "P /*"} \ - ${concatMapStringsSep " \\\n " (name: - "-f ${shell.escape "R /${name}"}" - ) (attrNames source-by-method.file)} \ - --delete \ - -vFrlptD \ - -e "$ssh -p ${shell.escape target-port}" \ - ${shell.escape target-path}/ \ - ${shell.escape "${target-user}@${target-host}:${target-path}"} - ''; - - git-script = '' - #! /bin/sh - set -efu - - export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt - - verbose() { - printf '%s%s\n' "$PS5$(printf ' %q' "$@")" >&2 - "$@" - } - - fetch_git() {( - dst_dir=$1 - src_url=$2 - src_ref=$3 - - if ! test -e "$dst_dir"; then - git clone "$src_url" "$dst_dir" - fi - - cd "$dst_dir" - - if ! url=$(git config remote.origin.url); then - git remote add origin "$src_url" - elif test "$url" != "$src_url"; then - git remote set-url origin "$src_url" - fi - - # TODO resolve src_ref to commit hash - hash=$src_ref - - if ! test "$(git log --format=%H -1)" = "$hash"; then - git fetch origin - git checkout "$hash" -- "$dst_dir" - git checkout -f "$hash" - fi - - git clean -dxf - )} - - ${concatStringsSep "\n" (mapAttrsToList (name: git: '' - verbose fetch_git ${concatMapStringsSep " " shell.escape [ - "${target-path}/${name}" - git.url - git.rev - ]} - '') source-by-method.git)} - ''; - in out; + # TODO deprecate krebs.build.user + user = mkOption { + type = types.user; }; - - }; - - source-by-method = let - known-methods = ["git" "file" "symlink"]; - in genAttrs known-methods (const {}) // recursiveUpdate source-by-scheme { - git = source-by-scheme.http or {} // - source-by-scheme.https or {}; }; - - source-by-scheme = foldl' (out: { k, v }: recursiveUpdate out { - ${v.scheme}.${k} = v; - }) {} (mapAttrsToList (k: v: { inherit k v; }) normalized-source); - - normalized-source = mapAttrs (name: let f = x: getAttr (typeOf x) { - path = f (toString x); - string = f { - url = if substring 0 1 x == "/" then "file://${x}" else x; - }; - set = let scheme = head (splitString ":" x.url); in recursiveUpdate x { - inherit scheme; - } // { - symlink.target = removePrefix "symlink:" x.url; - file.path = # TODO file://host/... - assert hasPrefix "file:///" x.url; - removePrefix "file://" x.url; - }.${scheme} or {}; - }; in f) config.krebs.build.source; -in out +} diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 075066961..d04f1cab2 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -7,6 +7,30 @@ with config.krebs.lib; "viljetic.de" = "regfish"; }; hosts = mapAttrs (_: setAttr "owner" config.krebs.users.tv) { + alnus = { + cores = 2; + nets = { + retiolum = { + ip4.addr = "10.243.21.1"; + ip6.addr = "42:0:0:0:0:0:0:2101"; + aliases = [ + "alnus.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAyDGucukxY1xFSkqDaicpiCXZe3NX1Max7N+E9PKXO2yE0EFoGdUP + /4hZFO9IbteDwlsTd/RQIhhUWF818TLWzwasUxgmqBFN4d23IIDLHJxgRZ8cPzAs + gmBWwnVWRetDETc6HZK6m2rLU6PG53rRLvheZHW/B9nSfUp7n+puehJdGLnBQ8W+ + q5d/yUmN8hqS6h62yfAZEJSr7Gh/AW6Irmf3gjKRJlRmD2z28hR5tFH+Q/ulxJXQ + rNVzusASjRBO9VYOSWnNWI3Zl9vaUtbtEnvyl3PaV9N3gcHzB2HHlyDIotjqXvxU + cPLMN0lWOZeDae/9SDT62l/YuETYQo6TxwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_rsa>; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; + }; caxi = { cores = 2; extraZones = { @@ -391,6 +415,9 @@ with config.krebs.lib; }; }; users = { + dv = { + mail = "dv@alnus.r"; + }; mv = { mail = "mv@cd.r"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; |