summaryrefslogtreecommitdiffstats
path: root/lass/2configs/green-host.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2019-04-17 21:48:16 +0200
committermakefu <github@syntax-fehler.de>2019-04-17 21:48:16 +0200
commit12f77bbed628e4071ac300af77857815be97a344 (patch)
tree4f8233712a96ac5a38a386e1cc9df24de8a2b31a /lass/2configs/green-host.nix
parente9743b162d51c4eb04d7939f8445e1acaa2d723d (diff)
parentd0d3fcb2d2b9ed82dd1ff2864b9fbbd88aa65ff4 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/2configs/green-host.nix')
-rw-r--r--lass/2configs/green-host.nix83
1 files changed, 83 insertions, 0 deletions
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
new file mode 100644
index 000000000..860d7c113
--- /dev/null
+++ b/lass/2configs/green-host.nix
@@ -0,0 +1,83 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ imports = [
+ <stockholm/lass/2configs/container-networking.nix>
+ <stockholm/lass/2configs/syncthing.nix>
+ { #hack for already defined
+ systemd.services."container@green".reloadIfChanged = mkForce false;
+ systemd.services."container@green".preStart = ''
+ ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green '
+ '';
+ systemd.services."container@green".postStop = ''
+ set -x
+ ${pkgs.umount}/bin/umount /var/lib/containers/green
+ ls -la /dev/mapper/control
+ ${pkgs.devicemapper}/bin/dmsetup ls
+ ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img
+ '';
+ }
+ ];
+
+ lass.ensure-permissions = [
+ { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; }
+ ];
+
+ krebs.syncthing.folders = [
+ { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; }
+ ];
+
+ system.activationScripts.containerPermissions = ''
+ mkdir -p /var/lib/containers
+ chmod 711 /var/lib/containers
+ '';
+
+ containers.green = {
+ config = { ... }: {
+ environment.systemPackages = [
+ pkgs.git
+ pkgs.rxvt_unicode.terminfo
+ ];
+ services.openssh.enable = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+ autoStart = false;
+ enableTun = true;
+ privateNetwork = true;
+ hostAddress = "10.233.2.15";
+ localAddress = "10.233.2.16";
+ };
+
+ environment.systemPackages = [
+ (pkgs.writeDashBin "start-green" ''
+ set -fu
+ CONTAINER='green'
+ IMAGE='/var/lib/sync-containers/green.img'
+
+ ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null
+ if [ "$?" -ne 0 ]; then
+ ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER"
+ fi
+
+ mkdir -p /var/lib/containers/"$CONTAINER"
+
+ ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" "
+ if [ "$?" -ne 0 ]; then
+ ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER"
+ fi
+
+ STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER")
+ if [ "$STATE" = 'down' ]; then
+ ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER"
+ fi
+ ping -c1 green.r
+ if [ "$?" -ne 0 ]; then
+ ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch
+ fi
+
+ '')
+ ];
+}