diff options
author | makefu <github@syntax-fehler.de> | 2019-04-17 21:48:16 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2019-04-17 21:48:16 +0200 |
commit | 12f77bbed628e4071ac300af77857815be97a344 (patch) | |
tree | 4f8233712a96ac5a38a386e1cc9df24de8a2b31a /lass/2configs/green-host.nix | |
parent | e9743b162d51c4eb04d7939f8445e1acaa2d723d (diff) | |
parent | d0d3fcb2d2b9ed82dd1ff2864b9fbbd88aa65ff4 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/2configs/green-host.nix')
-rw-r--r-- | lass/2configs/green-host.nix | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix new file mode 100644 index 000000000..860d7c113 --- /dev/null +++ b/lass/2configs/green-host.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: +with import <stockholm/lib>; + +{ + imports = [ + <stockholm/lass/2configs/container-networking.nix> + <stockholm/lass/2configs/syncthing.nix> + { #hack for already defined + systemd.services."container@green".reloadIfChanged = mkForce false; + systemd.services."container@green".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green ' + ''; + systemd.services."container@green".postStop = '' + set -x + ${pkgs.umount}/bin/umount /var/lib/containers/green + ls -la /dev/mapper/control + ${pkgs.devicemapper}/bin/dmsetup ls + ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img + ''; + } + ]; + + lass.ensure-permissions = [ + { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; } + ]; + + krebs.syncthing.folders = [ + { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; } + ]; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + + containers.green = { + config = { ... }: { + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.15"; + localAddress = "10.233.2.16"; + }; + + environment.systemPackages = [ + (pkgs.writeDashBin "start-green" '' + set -fu + CONTAINER='green' + IMAGE='/var/lib/sync-containers/green.img' + + ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null + if [ "$?" -ne 0 ]; then + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER" + fi + + mkdir -p /var/lib/containers/"$CONTAINER" + + ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" " + if [ "$?" -ne 0 ]; then + ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER" + fi + + STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER") + if [ "$STATE" = 'down' ]; then + ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER" + fi + ping -c1 green.r + if [ "$?" -ne 0 ]; then + ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch + fi + + '') + ]; +} |