summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-09-27 20:08:36 +0200
committerlassulus <lass@aidsballs.de>2015-09-27 20:08:36 +0200
commita9f6f7ac7b8e70633164d10980d1d041f34be3ac (patch)
tree13a8bdfafd994c999c5eeae3ff5e2537a4d96f0f /krebs
parentb6383dba83a2e9ec6ada40fb780c15a56c8d715e (diff)
parentbc2bd6e2f6e9295b14e641b82bff62b40641988d (diff)
Merge branch 'makefu'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/build/default.nix269
-rw-r--r--krebs/3modules/build/infest/finalize.sh (renamed from krebs/4lib/infest/4finalize)2
-rw-r--r--krebs/3modules/build/infest/install-nix.sh (renamed from krebs/4lib/infest/2install-nix)8
-rw-r--r--krebs/3modules/build/infest/prepare.sh (renamed from krebs/4lib/infest/1prepare)0
-rw-r--r--krebs/3modules/default.nix296
-rw-r--r--krebs/3modules/github-hosts-sync.nix2
-rw-r--r--krebs/3modules/retiolum.nix2
-rw-r--r--krebs/4lib/infest/3install-nix-tools9
-rw-r--r--krebs/4lib/types.nix10
-rw-r--r--krebs/5pkgs/cac/default.nix6
-rw-r--r--krebs/5pkgs/get/default.nix6
11 files changed, 352 insertions, 258 deletions
diff --git a/krebs/3modules/build/default.nix b/krebs/3modules/build/default.nix
new file mode 100644
index 000000000..4d2f36a02
--- /dev/null
+++ b/krebs/3modules/build/default.nix
@@ -0,0 +1,269 @@
+{ config, lib, ... }:
+
+with import ../../4lib { inherit lib; };
+
+let
+ target = config.krebs.build // { user.name = "root"; };
+
+ out = {
+ # TODO deprecate krebs.build.host
+ options.krebs.build.host = mkOption {
+ type = types.host;
+ };
+
+ # TODO make krebs.build.profile shell safe
+ options.krebs.build.profile = mkOption {
+ type = types.str;
+ default = "/nix/var/nix/profiles/system";
+ };
+
+ # TODO make krebs.build.target.host :: host
+ options.krebs.build.target = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ };
+
+ # TODO deprecate krebs.build.user
+ options.krebs.build.user = mkOption {
+ type = types.user;
+ };
+
+ options.krebs.build.scripts.deploy = lib.mkOption {
+ type = lib.types.str;
+ default = ''
+ set -efu
+ (${config.krebs.build.scripts._source})
+ ${ssh-target ''
+ ${config.krebs.build.scripts._nix-env}
+ ${config.krebs.build.profile}/bin/switch-to-configuration switch
+ ''}
+ echo OK
+ '';
+ };
+
+ options.krebs.build.scripts.infest = lib.mkOption {
+ type = lib.types.str;
+ default = ''
+ set -efu
+
+ export RSYNC_RSH; RSYNC_RSH="$(type -p ssh) \
+ -o 'HostName ${target.host.infest.addr}' \
+ -o 'Port ${toString target.host.infest.port}' \
+ "
+ ssh() {
+ eval "$RSYNC_RSH \"\$@\""
+ }
+
+ ${ssh-target ''
+ ${readFile ./infest/prepare.sh}
+ ${readFile ./infest/install-nix.sh}
+ ''}
+
+ (${config.krebs.build.scripts._source})
+
+ ${ssh-target ''
+ export PATH; PATH=/root/.nix-profile/bin:$PATH
+
+ src=$(type -p nixos-install)
+ cat_src() {
+ sed < "$src" "$(
+ sed < "$src" -n '
+ /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/=
+ /^nixpkgs=/=
+ /^NIX_PATH=/,/^$/{/./=}
+ ' \
+ | sed 's:$:s/^/#krebs#/:'
+ )"
+ }
+
+ # Location to insert config.krebs.build.scripts._nix-env
+ i=$(sed -n '/^echo "building the system configuration/=' "$src")
+
+ {
+ cat_src | sed -n "1,$i{p}"
+ cat ${doc config.krebs.build.scripts._nix-env}
+ cat_src | sed -n "$i,\''${$i!p}"
+ } > nixos-install
+ chmod +x nixos-install
+
+ # Wrap inserted config.krebs.build.scripts._nix-env into chroot.
+ nix_env=$(cat_src | sed -n '
+ s:.*\(/nix/store/[a-z0-9]*-nix-[0-9.]\+/bin/nix-env\).*:\1:p;T;q
+ ')
+ echo nix-env is $nix_env
+ sed -i '
+ s:^nix-env:chroot $mountPoint '"$nix_env"':
+ ' nixos-install
+
+ ./nixos-install
+
+ ${readFile ./infest/finalize.sh}
+ ''}
+ '';
+ };
+
+ options.krebs.build.scripts._nix-env = lib.mkOption {
+ type = lib.types.str;
+ default = ''
+ set -efu
+ NIX_PATH=${config.krebs.build.source.NIX_PATH} \
+ nix-env \
+ -f '<stockholm>' \
+ -Q \
+ --argstr user-name ${config.krebs.exec.user.name} \
+ --argstr host-name ${target.host.name} \
+ --profile ${config.krebs.build.profile} \
+ --set \
+ -A ${lib.escapeShellArg (lib.concatStringsSep "." [
+ config.krebs.build.user.name
+ config.krebs.build.host.name
+ "system"
+ ])}
+ '';
+ };
+
+ options.krebs.build.scripts._source = lib.mkOption {
+ type = lib.types.str;
+ default = ''
+ set -efu
+ ${
+ lib.concatStringsSep "\n"
+ (lib.mapAttrsToList
+ (name: { scripts, url, ... }: "(${scripts._source})")
+ (config.krebs.build.source.dir //
+ config.krebs.build.source.git))
+ }
+ '';
+ };
+
+ options.krebs.build.source.NIX_PATH = mkOption {
+ type = types.str;
+ default =
+ lib.concatStringsSep ":"
+ (lib.mapAttrsToList (name: _: "${name}=/root/${name}")
+ (config.krebs.build.source.dir //
+ config.krebs.build.source.git));
+ };
+
+ options.krebs.build.source.dir = mkOption {
+ type =
+ let
+ exec = config.krebs.exec;
+ in
+ types.attrsOf (types.submodule ({ config, ... }:
+ let
+ url = "file://${config.host.name}${config.path}";
+
+ can-link = config.host.name == target.host.name;
+ can-push = config.host.name == exec.host.name;
+
+ push-method = ''
+ rsync \
+ --exclude .git \
+ --exclude .graveyard \
+ --exclude old \
+ --exclude tmp \
+ --rsync-path='mkdir -p ${config.target-path} && rsync' \
+ --delete-excluded \
+ -vrLptgoD \
+ ${config.path}/ \
+ ${target.user.name}@${target.host.name}:${config.target-path}
+ '';
+ in
+ {
+ options = {
+ host = mkOption {
+ type = types.host;
+ description = ''
+ define the host where the directory is stored on.
+ XXX: currently it is just used to check if rsync is working,
+ becomes part of url
+ '';
+ };
+ path = mkOption {
+ type = types.str;
+ };
+ scripts._source = mkOption {
+ type = types.str;
+ default =
+ #if can-link then link-method else
+ if can-push then push-method else
+ throw "cannot source ${url}";
+ };
+ target-path = mkOption {
+ type = types.str;
+ default = "/root/${config._module.args.name}";
+ };
+ url = mkOption {
+ type = types.str;
+ default = "file://${config.host.name}${config.path}";
+ };
+ };
+ }
+ ));
+ default = {};
+ };
+
+ options.krebs.build.source.git = mkOption {
+ type =
+ let
+ target = config.krebs.build // { user.name = "root"; };
+ in
+ with types; attrsOf (submodule ({ config, ... }:
+ {
+ options = {
+ url = mkOption {
+ type = types.str; # TODO must be shell safe
+ };
+ rev = mkOption {
+ type = types.str;
+ };
+ scripts._source = mkOption {
+ type = types.str;
+ default = ssh-target ''
+ mkdir -p ${config.target-path}
+ cd ${config.target-path}
+ if ! test -e .git; then
+ git init
+ fi
+ if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
+ git remote add origin ${config.url}
+ elif test "$cur_url" != ${config.url}; then
+ git remote set-url origin ${config.url}
+ fi
+ if test "$(git rev-parse --verify HEAD 2>/dev/null)" != ${config.rev}; then
+ git fetch origin
+ git checkout ${config.rev} -- .
+ git checkout -q ${config.rev}
+ git submodule init
+ git submodule update
+ fi
+ git clean -dxf
+ '';
+ };
+ target-path = mkOption {
+ type = types.str;
+ default = "/root/${config._module.args.name}";
+ };
+ };
+ }
+ ));
+ default = {};
+ };
+ };
+
+ doc = s:
+ let b = "EOF${hashString "sha256" s}"; in
+ ''
+ <<\${b}
+ ${s}
+ ${b}
+ '';
+
+ ssh-target = script:
+ "ssh root@${target.host.name} -T ${doc ''
+ set -efu
+ ${script}
+ ''}";
+
+in out
diff --git a/krebs/4lib/infest/4finalize b/krebs/3modules/build/infest/finalize.sh
index d095fa31b..ced5a4d4d 100644
--- a/krebs/4lib/infest/4finalize
+++ b/krebs/3modules/build/infest/finalize.sh
@@ -7,7 +7,7 @@ set -eux
umount /mnt || [ $? -eq 32 ]
umount /boot || [ $? -eq 32 ]
- PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
+ PATH=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
export PATH
mkdir /oldshit
diff --git a/krebs/4lib/infest/2install-nix b/krebs/3modules/build/infest/install-nix.sh
index 3021c1143..88c8c3e1e 100644
--- a/krebs/4lib/infest/2install-nix
+++ b/krebs/3modules/build/infest/install-nix.sh
@@ -2,9 +2,9 @@
set -efu
nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2
-nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4"
+nix_sha256=504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4
-install-nix() {(
+install_nix() {(
# install nix on host (cf. https://nixos.org/nix/install)
if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
@@ -23,7 +23,7 @@ install-nix() {(
$nix_src_dir/install
fi
- #TODO: make this general or move to 1prepare
+ #TODO: make this general or move to prepare
if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then
mkdir -p /mnt/nix
mount --bind /nix /mnt/nix
@@ -54,4 +54,4 @@ install-nix() {(
fi
)}
-install-nix "$@"
+install_nix "$@"
diff --git a/krebs/4lib/infest/1prepare b/krebs/3modules/build/infest/prepare.sh
index 07c00c3a5..07c00c3a5 100644
--- a/krebs/4lib/infest/1prepare
+++ b/krebs/3modules/build/infest/prepare.sh
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 0ffdec5f8..dc30b9c50 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,6 +6,7 @@ let
out = {
imports = [
+ ./build
./exim-retiolum.nix
./exim-smarthost.nix
./github-hosts-sync.nix
@@ -22,225 +23,6 @@ let
api = {
enable = mkEnableOption "krebs";
- build = mkOption {
- type = types.submodule ({ config, ... }: {
- options = {
- target = mkOption {
- type = with types; nullOr str;
- default = null;
- };
- deps = mkOption {
- type = with types; attrsOf (submodule {
- options = {
- url = mkOption {
- type = str;
- };
- rev = mkOption {
- type = nullOr str;
- default = null;
- };
- };
- });
- default = {};
- };
- script = mkOption {
- type = types.str;
- default = ''
- #! /bin/sh
- set -efux
-
- target=${escapeShellArg cfg.build.target}
-
- push(){(
- src=$1/
- dst=$target:$2
- rsync \
- --exclude .git \
- --exclude .graveyard \
- --exclude old \
- --rsync-path="mkdir -p \"$2\" && rsync" \
- --delete-excluded \
- -vrLptgoD \
- "$src" "$dst"
- )}
-
- ${concatStrings (mapAttrsToList (name: { url, rev, ... }:
- optionalString (rev == null) ''
- push ${toString (map escapeShellArg [
- "${url}"
- "/root/src/${name}"
- ])}
- '') config.deps)}
-
- exec ssh -S none "$target" /bin/sh <<\EOF
- set -efux
- fetch(){(
- url=$1
- rev=$2
- dst=$3
- mkdir -p "$dst"
- cd "$dst"
- if ! test -e .git; then
- git init
- fi
- if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
- git remote add origin "$url"
- elif test "$cur_url" != "$url"; then
- git remote set-url origin "$url"
- fi
- if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then
- git fetch origin
- git checkout "$rev" -- .
- git checkout -q "$rev"
- git submodule init
- git submodule update
- fi
- git clean -dxf
- )}
-
- ${concatStrings (mapAttrsToList (name: { url, rev, ... }:
- optionalString (rev != null) ''
- fetch ${toString (map escapeShellArg [
- url
- rev
- "/root/src/${name}"
- ])}
- '') config.deps)}
-
- echo build system...
- profile=/nix/var/nix/profiles/system
- NIX_PATH=/root/src \
- nix-env \
- -Q \
- -p "$profile" \
- -f '<stockholm>' \
- --set \
- -A system \
- --argstr user-name ${escapeShellArg cfg.build.user.name} \
- --argstr system-name ${escapeShellArg cfg.build.host.name}
-
- exec "$profile"/bin/switch-to-configuration switch
- EOF
-
- '';
- };
- infest = mkOption {
- type = types.str;
- default = ''
- #! /bin/sh
- set -efux
-
- target=${escapeShellArg cfg.build.target}
-
- push(){(
- src=$1/
- dst=$target:/mnt$2
- rsync \
- --exclude .git \
- --exclude .graveyard \
- --exclude old \
- --rsync-path="mkdir -p \"/mnt$2\" && rsync" \
- --delete-excluded \
- -vrLptgoD \
- "$src" "$dst"
- )}
-
- cat krebs/4lib/infest/1prepare | ssh "$target"
- cat krebs/4lib/infest/2install-nix | ssh "$target"
-
- ${concatStrings (mapAttrsToList (name: { url, rev, ... }:
- optionalString (rev == null) ''
- push ${toString (map escapeShellArg [
- "${url}"
- "/root/src/${name}"
- ])}
- '') config.deps)}
-
- ssh -S none "$target" /bin/sh <<\EOF
- set -efux
-
- fetch(){(
- url=$1
- rev=$2
- dst=$3
- mkdir -p "$dst"
- cd "$dst"
- if ! test -e .git; then
- git init
- fi
- if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
- git remote add origin "$url"
- elif test "$cur_url" != "$url"; then
- git remote set-url origin "$url"
- fi
- if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then
- git fetch origin
- git checkout "$rev" -- .
- git checkout -q "$rev"
- git submodule init
- git submodule update
- fi
- git clean -dxf
- )}
-
- ${concatStrings (mapAttrsToList (name: { url, rev, ... }:
- optionalString (rev != null) ''
- fetch ${toString (map escapeShellArg [
- url
- rev
- "/mnt/root/src/${name}"
- ])}
- '') config.deps)}
-
- export PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:$PATH
-
- sed < "$(type -p nixos-install)" > nixos-install '
- /^echo "building the system configuration..."/,/--set -A system/{
- s/.*/# &/
- s@.*--set -A system.*@&\n${concatStringsSep " " [
- "NIX_PATH=/mnt/root/src/"
- "nix-env"
- "-Q"
- "-p /nix/var/nix/profiles/system"
- "-f \"<stockholm>\""
- "--set"
- "-A system"
- "--argstr user-name ${escapeShellArg cfg.build.user.name}"
- "--argstr system-name ${escapeShellArg cfg.build.host.name}"
- ]}@
- }
- '
-
- sed -i 's/^nixpkgs=.*$/#&/' nixos-install
-
-
- chmod +x nixos-install
-
- echo {} > /root/dummy.nix
-
- echo build system...
- profile=/nix/var/nix/profiles/system
- NIXOS_CONFIG=/root/dummy.nix \
- ./nixos-install -I /root/src/
- #nl -bp nixos-install
-
- EOF
-
- cat krebs/4lib/infest/4finalize | ssh "$target"
- '';
- };
- host = mkOption {
- type = types.host;
- };
- user = mkOption {
- type = types.user;
- };
- };
- });
- # Define defaul value, so unset values of the submodule get reported.
- default = {};
- };
-
dns = {
providers = mkOption {
# TODO with types; tree dns.label dns.provider, so we can merge.
@@ -537,8 +319,8 @@ let
extraZones = {
"krebsco.de" = ''
- mediengewitter IN A ${elemAt nets.internet.addrs4 0}
- flap IN A ${elemAt nets.internet.addrs4 0}'';
+ mediengewitter IN A ${head nets.internet.addrs4}
+ flap IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {
@@ -575,14 +357,13 @@ let
IN MX 10 mx42
euer IN MX 1 aspmx.l.google.com.
io IN NS pigstarter.krebsco.de.
- euer IN A ${elemAt nets.internet.addrs4 0}
- pigstarter IN A ${elemAt nets.internet.addrs4 0}
- conf IN A ${elemAt nets.internet.addrs4 0}
- gold IN A ${elemAt nets.internet.addrs4 0}
- graph IN A ${elemAt nets.internet.addrs4 0}
- tinc IN A ${elemAt nets.internet.addrs4 0}
- boot IN A ${elemAt nets.internet.addrs4 0}
- mx42 IN A ${elemAt nets.internet.addrs4 0}'';
+ pigstarter IN A ${head nets.internet.addrs4}
+ conf IN A ${head nets.internet.addrs4}
+ gold IN A ${head nets.internet.addrs4}
+ graph IN A ${head nets.internet.addrs4}
+ tinc IN A ${head nets.internet.addrs4}
+ boot IN A ${head nets.internet.addrs4}
+ mx42 IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {
@@ -611,15 +392,56 @@ let
};
};
};
+ wry = rec {
+ cores = 1;
+ dc = "makefu"; #dc = "cac";
+ extraZones = {
+ "krebsco.de" = ''
+ wry IN A ${head nets.internet.addrs4}
+ '';
+ };
+ nets = rec {
+ internet = {
+ addrs4 = ["162.219.7.216"];
+ aliases = [
+ "wry.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.29.169"];
+ addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
+ aliases = [
+ "wry.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
+ rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
+ e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
+ sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
+ CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
+ PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
+ LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
+ DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
+ ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
+ jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
+ Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
gum = rec {
cores = 1;
dc = "online.net"; #root-server
extraZones = {
"krebsco.de" = ''
- omo IN A ${elemAt nets.internet.addrs4 0}
- gum IN A ${elemAt nets.internet.addrs4 0}
- paste IN A ${elemAt nets.internet.addrs4 0}'';
+ omo IN A ${head nets.internet.addrs4}
+ euer IN A ${head nets.internet.addrs4}
+ gum IN A ${head nets.internet.addrs4}
+ paste IN A ${head nets.internet.addrs4}'';
};
nets = {
internet = {
@@ -706,12 +528,13 @@ let
};
};
};
- mkdir = {
+ mkdir = rec {
cores = 1;
dc = "tv"; #dc = "cac";
+ infest.addr = head nets.internet.addrs4;
nets = rec {
internet = {
- addrs4 = ["162.248.167.241"];
+ addrs4 = ["104.233.84.102"];
aliases = [
"mkdir.internet"
];
@@ -762,12 +585,13 @@ let
};
secure = true;
};
- rmdir = {
+ rmdir = rec {
cores = 1;
dc = "tv"; #dc = "cac";
+ infest.addr = head nets.internet.addrs4;
nets = rec {
internet = {
- addrs4 = ["167.88.44.94"];
+ addrs4 = ["104.233.84.70"];
aliases = [
"rmdir.internet"
];
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index dbc0cc1de..f44fe3ad8 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -22,7 +22,7 @@ let
};
ssh-identity-file = mkOption {
type = types.str; # TODO must be named *.ssh.{id_rsa,id_ed25519}
- default = "/root/src/secrets/github-hosts-sync.ssh.id_rsa";
+ default = toString <secrets/github-hosts-sync.ssh.id_rsa>;
};
};
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 2617644d9..633642537 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -75,7 +75,7 @@ let
# TODO if it's types.path then it gets copied to /nix/store with
# bad unsafe permissions...
type = types.str;
- default = "/root/src/secrets/retiolum.rsa_key.priv";
+ default = toString <secrets/retiolum.rsa_key.priv>;
description = ''
Generate file with <literal>tincd -K</literal>.
This file must exist on the local system. The default points to
diff --git a/krebs/4lib/infest/3install-nix-tools b/krebs/4lib/infest/3install-nix-tools
deleted file mode 100644
index 59fa6f14a..000000000
--- a/krebs/4lib/infest/3install-nix-tools
+++ /dev/null
@@ -1,9 +0,0 @@
-#! /bin/sh
-set -efu
-
-install-nix-tools() {(
-
-
-)}
-
-install-nix-tools "$@"
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index f6b4bd8b1..dbffdf850 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -27,6 +27,16 @@ types // rec {
type = with types; attrsOf string;
};
+ infest = {
+ addr = mkOption {
+ type = str;
+ };
+ port = mkOption {
+ type = int;
+ default = 22;
+ };
+ };
+
secure = mkOption {
type = bool;
default = false;
diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix
index 838eddd2f..e29f091e4 100644
--- a/krebs/5pkgs/cac/default.nix
+++ b/krebs/5pkgs/cac/default.nix
@@ -1,12 +1,12 @@
{ stdenv, fetchgit, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }:
stdenv.mkDerivation {
- name = "cac";
+ name = "cac-1.0.0";
src = fetchgit {
url = http://cgit.cd.retiolum/cac;
- rev = "f4589158572ab35969b9bccf801ea07e115705e1";
- sha256 = "9d761cd1d7ff68507392cbfd6c3f6000ddff9cc540293da2b3c4ee902321fb27";
+ rev = "14de1d3c78385e3f8b6d694f5d799eb1b613159e";
+ sha256 = "9b2a3d47345d6f8f27d9764c4f2f2acff17d3dde145dd0e674e4183e9312fec3";
};
phases = [
diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix
index 87e5808b9..e2591db73 100644
--- a/krebs/5pkgs/get/default.nix
+++ b/krebs/5pkgs/get/default.nix
@@ -1,12 +1,12 @@
{ coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }:
stdenv.mkDerivation {
- name = "get-1.1.0";
+ name = "get-1.1.1";
src = fetchgit {
url = http://cgit.cd.retiolum/get;
- rev = "e75084e39f0402107bb520b5c9d5434a9d7f5d64";
- sha256 = "5bafc9fa68cdb8ab76437a00354cbe4af4020cbbbbce848c325cae55863d9477";
+ rev = "e64826a4f5f74cbaa895e538b97d0e523e9709f9";
+ sha256 = "4d1aa07bba52f697cf7aa7ad1b02b9ff41598dfea83c578e77b8d81e3e8830d2";
};
phases = [