summaryrefslogtreecommitdiffstats
path: root/mv
diff options
context:
space:
mode:
authormv <mv@ni.r>2017-08-29 21:00:46 +0200
committermv <mv@ni.r>2017-08-29 21:05:25 +0200
commit48c75276c5a5ed8e7ea33ccb330f8ee6b7a6a927 (patch)
treeb4663bb8a6f49a62ef3c9ab5362df4ba19e98daf /mv
parentd6aee94277e4329db12d0dfd78fbd6ab58fdeab7 (diff)
mv: the future is now!
Diffstat (limited to 'mv')
-rw-r--r--mv/1systems/stro/config.nix (renamed from mv/1systems/stro.nix)23
-rw-r--r--mv/1systems/stro/source.nix3
-rw-r--r--mv/source.nix23
3 files changed, 31 insertions, 18 deletions
diff --git a/mv/1systems/stro.nix b/mv/1systems/stro/config.nix
index bb37aedda..669655eec 100644
--- a/mv/1systems/stro.nix
+++ b/mv/1systems/stro/config.nix
@@ -8,18 +8,6 @@ with import <stockholm/lib>;
build = {
user = config.krebs.users.mv;
host = config.krebs.hosts.stro;
- source = let
- HOME = getEnv "HOME";
- host = config.krebs.build.host;
- in {
- nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
- secrets.file = "${HOME}/secrets/${host.name}";
- stockholm.file = "${HOME}/stockholm";
- nixpkgs.git = {
- url = https://github.com/NixOS/nixpkgs;
- ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
- };
- };
};
};
@@ -27,7 +15,7 @@ with import <stockholm/lib>;
<secrets>
<stockholm/krebs>
<stockholm/tv/2configs/audit.nix>
- <stockholm/tv/2configs/bash.nix>
+ <stockholm/tv/2configs/bash>
<stockholm/tv/2configs/exim-retiolum.nix>
<stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/im.nix>
@@ -40,7 +28,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/xdg.nix>
<stockholm/tv/2configs/xserver>
<stockholm/tv/3modules>
- <stockholm/tv/5pkgs>
];
boot.kernel.sysctl = {
@@ -124,13 +111,13 @@ with import <stockholm/lib>;
nix = {
binaryCaches = ["https://cache.nixos.org"];
- # TODO check if both are required:
- chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
requireSignedBinaryCaches = true;
- useChroot = true;
+ # TODO check if both are required:
+ sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+ useSandbox = true;
};
- nixpkgs.config.allowUnfree = false;
+ nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
users = {
defaultUserShell = "/run/current-system/sw/bin/bash";
diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix
new file mode 100644
index 000000000..888d616c8
--- /dev/null
+++ b/mv/1systems/stro/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/mv/source.nix> {
+ name = "stro";
+}
diff --git a/mv/source.nix b/mv/source.nix
new file mode 100644
index 000000000..8b1563914
--- /dev/null
+++ b/mv/source.nix
@@ -0,0 +1,23 @@
+with import <stockholm/lib>;
+host@{ name, override ? {} }: let
+ builder = if getEnv "dummy_secrets" == "true"
+ then "buildbot"
+ else "mv";
+ _file = <stockholm> + "/mv/1systems/${name}/source.nix";
+in
+ evalSource (toString _file) [
+ {
+ nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
+ nixpkgs.git = {
+ # nixos-17.03
+ ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
+ url = https://github.com/NixOS/nixpkgs;
+ };
+ secrets.file = getAttr builder {
+ buildbot = toString <stockholm/mv/dummy_secrets>;
+ mv = "/home/mv/secrets/${name}";
+ };
+ stockholm.file = toString <stockholm>;
+ }
+ override
+ ]