summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--default.nix92
-rw-r--r--krebs/3modules/build.nix2
-rw-r--r--krebs/3modules/current.nix26
-rw-r--r--krebs/3modules/default.nix8
-rw-r--r--krebs/3modules/git.nix2
-rw-r--r--krebs/3modules/github-hosts-sync.nix3
-rw-r--r--krebs/3modules/lass/default.nix62
-rw-r--r--krebs/3modules/makefu/default.nix3
-rw-r--r--krebs/3modules/shared/default.nix42
-rw-r--r--krebs/3modules/tinc_graphs.nix7
-rw-r--r--krebs/3modules/tv/default.nix5
-rw-r--r--krebs/3modules/urlwatch.nix9
-rw-r--r--krebs/4lib/default.nix2
-rw-r--r--krebs/4lib/infest/finalize.sh2
-rw-r--r--krebs/4lib/infest/prepare.sh7
-rw-r--r--krebs/5pkgs/default.nix9
-rw-r--r--krebs/5pkgs/tinc_graphs/default.nix (renamed from makefu/5pkgs/tinc_graphs/default.nix)4
-rw-r--r--krebs/Zhosts/wolf10
-rw-r--r--krebs/default.nix149
-rw-r--r--lass/1systems/cloudkrebs.nix23
-rw-r--r--lass/1systems/echelon.nix33
-rw-r--r--lass/1systems/mors.nix37
-rw-r--r--lass/1systems/test-arch.nix36
-rw-r--r--lass/1systems/test-centos6.nix30
-rw-r--r--lass/1systems/test-centos7.nix31
-rw-r--r--lass/1systems/uriel.nix31
-rw-r--r--lass/2configs/base.nix31
-rw-r--r--lass/2configs/baseX.nix (renamed from lass/2configs/desktop-base.nix)2
-rw-r--r--lass/2configs/newsbot-js.nix203
-rw-r--r--lass/2configs/os-templates/CAC-CentOS-6.5-64bit.nix47
-rw-r--r--lass/2configs/sshkeys.nix11
-rw-r--r--lass/3modules/default.nix8
-rw-r--r--lass/3modules/dnsmasq.nix55
-rw-r--r--lass/3modules/newsbot-js.nix87
-rw-r--r--lass/3modules/sshkeys.nix26
-rw-r--r--lass/4lib/default.nix8
-rw-r--r--lass/5pkgs/newsbot-js/default.nix4
-rw-r--r--makefu/1systems/pnp.nix2
-rw-r--r--makefu/1systems/wry.nix2
-rw-r--r--makefu/2configs/urlwatch.nix2
-rw-r--r--makefu/5pkgs/default.nix1
-rw-r--r--shared/1systems/wolf.nix106
-rw-r--r--shared/3modules/default.nix5
-rw-r--r--shared/5pkgs/default.nix5
-rw-r--r--tv/1systems/cd.nix1
-rw-r--r--tv/1systems/mkdir.nix1
-rw-r--r--tv/1systems/nomic.nix13
-rw-r--r--tv/1systems/rmdir.nix1
-rw-r--r--tv/1systems/wu.nix12
-rw-r--r--tv/2configs/base.nix13
-rw-r--r--tv/2configs/synaptics.nix14
-rw-r--r--tv/2configs/test.nix31
-rw-r--r--tv/2configs/urlwatch.nix8
-rw-r--r--tv/2configs/xserver.nix41
-rw-r--r--tv/2configs/xserver/Xresources.nix215
-rw-r--r--tv/2configs/xserver/default.nix154
-rw-r--r--tv/2configs/xserver/xmonad/.gitignore1
-rw-r--r--tv/2configs/xserver/xmonad/Main.hs261
-rw-r--r--tv/2configs/xserver/xmonad/Util/Debunk.hs16
-rw-r--r--tv/2configs/xserver/xmonad/Util/Font.hs123
-rw-r--r--tv/2configs/xserver/xmonad/Util/Pager.hs172
-rw-r--r--tv/2configs/xserver/xmonad/Util/Rhombus.hs370
-rw-r--r--tv/2configs/xserver/xmonad/Util/Shutdown.hs53
-rw-r--r--tv/2configs/xserver/xmonad/Util/Submap.hs31
-rw-r--r--tv/2configs/xserver/xmonad/Util/XUtils.hs47
-rw-r--r--tv/2configs/xserver/xmonad/xmonad.cabal18
-rw-r--r--tv/2configs/xserver/xserver.conf.nix40
-rw-r--r--tv/3modules/consul.nix2
-rw-r--r--tv/4lib/default.nix14
-rw-r--r--tv/5pkgs/default.nix7
-rw-r--r--tv/5pkgs/ff/default.nix8
71 files changed, 2499 insertions, 438 deletions
diff --git a/default.nix b/default.nix
index 11bae7d98..472d7597d 100644
--- a/default.nix
+++ b/default.nix
@@ -1,93 +1,61 @@
-# Welcome to the top-level default.nix of stockholm.
-#
-# You can discover the whole thing easily using the `get` utility,
-# which can be found at http://cgit.cd.krebsco.de/get/tree/get
-# To install `get` on any Nix-enabled system, use:
-#
-# nix-env -f /path/to/stockholm -iA pkgs.get
-#
-# The "current" arguments are used to provide information about the user who's
-# evaluating this file. This information is used to determine which user
-# namespace is to be used. Of course there's nothing trying to prevent you
-# from forging this information. E.g. you could try to generate the deployment
-# script for some random user's system, targeting some random host:
-#
-# LOGNAME=tv get krebs.deploy system=nomic target=8.8.8.8
-#
{ current-date ? abort "current-date not defined"
, current-host-name ? abort "current-host-name not defined"
, current-user-name ? builtins.getEnv "LOGNAME"
-}@current:
+, StrictHostKeyChecking ? "yes"
+}@args:
let stockholm = {
- # The generated scripts to deploy (or infest) systems can be found in the
- # `krebs` attribute. There's also an init script, but it's in its early
- # stages, not well integrated and mostly useless at the moment. :)
- #
- # You'll also find lib here, which is nixpkgs/lib + krebs lib, but nobody
- # is really accessing this directly, as this lib gets reexported below.
inherit krebs;
-
- # All systems of all users can be found here.
- #
- # /!\ Please note that `get users.${user-name}.${host-name}.system` is a
- # bad idea because it will produce vast amounts of output. These are the
- # actual and complete system derivations that can be installed on the
- # respective host.
- #
- # Another thing to notice here is that other user's systems might not be
- # evaluable because of missing secrets. If you _are_ able to evaluate
- # another user's system, then you probably share a similar naming scheme
- # for your secret files! :)
inherit users;
-
- # Additionally, output lib and pkgs for easy access from the shell.
- # Notice how we're evaluating just the base module to obtain pkgs.
inherit lib;
- inherit (eval {}) pkgs;
+ inherit pkgs;
};
- krebs = import ./krebs (current // { inherit stockholm; });
- inherit (krebs) lib;
+ krebs = import ./krebs (args // { inherit lib stockholm; });
+
+ lib =
+ let
+ lib = import <nixpkgs/lib>;
+ klib = import ./krebs/4lib { inherit lib; };
+ #ulib = import (./. + "/${current-user-name}/4lib") { lib = lib // klib; };
+ ulib = {}; # TODO
+ in
+ builtins // lib // klib // ulib // rec {
+ # TODO move this stuff
+ stockholm-path = ./.;
+ nspath = ns: p: stockholm-path + "/${ns}/${p}";
+ };
+
+ inherit (eval {}) pkgs;
- # Path resolvers for common and individual files.
- # Example: `upath "3modules"` produces the current user's 3modules directory
kpath = lib.nspath "krebs";
upath = lib.nspath current-user-name;
- # This is the base module. Its purpose is to provide modules and
- # packages, both common ones, found in krebs/ as well as the current user's,
- # found in the user's namespace.
- base-module = {
+ base-module = { config, ... }: {
imports = map (f: f "3modules") [ kpath upath ];
+ krebs.current.enable = true;
+ krebs.current.host = config.krebs.hosts.${current-host-name};
+ krebs.current.user = config.krebs.users.${current-user-name};
+
nixpkgs.config.packageOverrides = pkgs:
let
- # Notice the ordering. Krebs packages can only depend on Nixpkgs,
- # whereas user packages additionally can depend on krebs packages.
- kpkgs = import (kpath "5pkgs") { inherit pkgs; };
- upkgs = import (upath "5pkgs") { pkgs = pkgs // kpkgs; };
+ kpkgs = import (kpath "5pkgs") { inherit lib pkgs; };
+ upkgs = import (upath "5pkgs") { inherit lib; pkgs = pkgs // kpkgs; };
in
kpkgs // upkgs;
};
- # The above base module is used together with a NixOS configuration to
- # produce a system. Notice how stockholm really just provides additional
- # packages and modules on top of NixOS. Some of this stuff might become
- # useful to a broader audience, at which point it should probably be merged
- # and pull-requested for inclusion into NixOS/nixpkgs.
- # TODO provide krebs lib, so modules don't have to import it awkwardly
eval = config: import <nixpkgs/nixos/lib/eval-config.nix> {
+ specialArgs = {
+ inherit lib;
+ };
modules = [
base-module
config
];
};
- # Any top-level directory other than krebs/ is considered to be a user
- # namespace, configuring a bunch of systems.
- # Have a look at the definition of install in krebs/default.nix to see how
- # nix-env is using this attribute set to obtain the system to be installed.
# TODO move user namespaces' to users/, so no exception for krebs/ is needed
users =
lib.mapAttrs
@@ -96,8 +64,6 @@ let stockholm = {
(n: t: !lib.hasPrefix "." n && t == "directory" && n != "krebs")
(builtins.readDir ./.));
- # Given a path to a user namespace, provide an attribute of evaluated
- # system configurations, keyed by system names (AKA host names).
eval-all-systems = path:
lib.mapAttrs'
(n: _: (lib.nameValuePair (lib.removeSuffix ".nix" n)
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 57495ea69..1205e192b 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -1,6 +1,6 @@
{ config, lib, ... }:
-with import ../4lib { inherit lib; };
+with lib;
let
target = config.krebs.build // { user.name = "root"; };
diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix
new file mode 100644
index 000000000..41941e289
--- /dev/null
+++ b/krebs/3modules/current.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+ cfg = config.krebs.current;
+
+ out = {
+ options.krebs.current = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "krebs.current";
+ host = mkOption {
+ type = types.host;
+ };
+ user = mkOption {
+ type = types.user;
+ };
+ };
+
+ imp = {
+ };
+
+in out
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 075db1826..fd9d56ed2 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -1,6 +1,6 @@
{ config, lib, ... }:
-with import ../4lib { inherit lib; };
+with lib;
let
cfg = config.krebs;
@@ -8,6 +8,7 @@ let
imports = [
./bepasty-server.nix
./build.nix
+ ./current.nix
./exim-retiolum.nix
./exim-smarthost.nix
./github-hosts-sync.nix
@@ -76,6 +77,7 @@ let
imp = mkMerge [
{ krebs = import ./lass { inherit lib; }; }
{ krebs = import ./makefu { inherit lib; }; }
+ { krebs = import ./shared { inherit lib; }; }
{ krebs = import ./tv { inherit lib; }; }
{
krebs.dns.providers = {
@@ -105,8 +107,8 @@ let
# Implements environment.etc."zones/<zone-name>"
environment.etc = let
- stripEmptyLines = s: concatStringsSep "\n"
- (remove "\n" (remove "" (splitString "\n" s)));
+ stripEmptyLines = s: (concatStringsSep "\n"
+ (remove "\n" (remove "" (splitString "\n" s)))) + "\n";
all-zones = foldAttrs (sum: current: sum + "\n" +current ) ""
([cfg.zone-head-config] ++ combined-hosts);
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 64b7820b2..234129497 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -6,7 +6,7 @@
# TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow)
-with import ../4lib { inherit lib; };
+with lib;
let
cfg = config.krebs.git;
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 2a1df9e03..5503ee8d6 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }:
-with builtins;
-with import ../4lib { inherit lib; };
+with lib;
let
cfg = config.krebs.github-hosts-sync;
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index afedf95f2..498282b03 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -1,8 +1,36 @@
{ lib, ... }:
-with import ../../4lib { inherit lib; };
+with lib;
-{
+let
+ testHosts = lib.genAttrs [
+ "test-arch"
+ "test-centos6"
+ "test-centos7"
+ ] (name: {
+ inherit name;
+ cores = 1;
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.111.111"];
+ addrs6 = ["42:0:0:0:0:0:0:7357"];
+ aliases = [
+ "test.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
+ mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
+ TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
+ K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
+ QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
+ VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ });
+in {
hosts = addNames {
echelon = {
cores = 4;
@@ -104,7 +132,11 @@ with import ../../4lib { inherit lib; };
uriel = {
cores = 1;
dc = "lass";
- nets = rec {
+ nets = {
+ gg23 = {
+ addrs4 = ["10.23.1.12"];
+ aliases = ["uriel.gg23"];
+ };
retiolum = {
addrs4 = ["10.243.81.176"];
addrs6 = ["42:dc25:60cf:94ef:759b:d2b6:98a9:2e56"];
@@ -131,7 +163,11 @@ with import ../../4lib { inherit lib; };
mors = {
cores = 2;
dc = "lass";
- nets = rec {
+ nets = {
+ gg23 = {
+ addrs4 = ["10.23.1.11"];
+ aliases = ["mors.gg23"];
+ };
retiolum = {
addrs4 = ["10.243.0.2"];
addrs6 = ["42:0:0:0:0:0:0:dea7"];
@@ -155,8 +191,24 @@ with import ../../4lib { inherit lib; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD";
};
+ schnabel-ap = {
+ nets = {
+ gg23 = {
+ addrs4 = ["10.23.1.20"];
+ aliases = ["schnabel-ap.gg23"];
+ };
+ };
+ };
+ Reichsfunk-ap = {
+ nets = {
+ gg23 = {
+ addrs4 = ["10.23.1.10"];
+ aliases = ["Reichsfunk-ap.gg23"];
+ };
+ };
+ };
- };
+ } // testHosts;
users = addNames {
lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index bc0d389f2..e36a083f2 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -1,6 +1,6 @@
{ lib, ... }:
-with import ../../4lib { inherit lib; };
+with lib;
{
hosts = addNames {
@@ -185,6 +185,7 @@ with import ../../4lib { inherit lib; };
addrs6 = ["42:6e1e:cc8a:7cef:827:f938:8c64:baad"];
aliases = [
"graphs.wry.retiolum"
+ "graphs.retiolum"
"paste.wry.retiolum"
"paste.retiolum"
"wry.retiolum"
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
new file mode 100644
index 000000000..24dd7b782
--- /dev/null
+++ b/krebs/3modules/shared/default.nix
@@ -0,0 +1,42 @@
+{ lib, ... }:
+
+with lib;
+
+{
+ hosts = addNames {
+ wolf = {
+ #dc = "shack";
+ nets = {
+ #shack = {
+ # addrs4 = [ TODO ];
+ # aliases = ["wolf.shack"];
+ #};
+ retiolum = {
+ addrs4 = ["10.243.77.1"];
+ addrs6 = ["42:0:0:0:0:0:77:1"];
+ aliases = [
+ "wolf.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb
+ HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7
+ apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg
+ 4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk
+ 7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH
+ 8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
+ };
+ };
+ users = addNames {
+ shared = {
+ mail = "spam@krebsco.de";
+ pubkey = "lol"; # TODO krebs.users.shared.pubkey should be unnecessary
+ };
+ };
+}
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index a6c628353..e415d20ab 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -95,8 +95,12 @@ let
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
#!/bin/sh
+ mkdir -p "${internal_dir}" "${external_dir}"
if ! test -e "${cfg.workingDir}/internal/index.html"; then
- cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/" "${internal_dir}"
+ cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
+ fi
+ if ! test -e "${cfg.workingDir}/external/index.html"; then
+ cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
fi
'';
@@ -118,7 +122,6 @@ let
users.extraUsers.tinc_graphs = {
uid = 3925439960; #genid tinc_graphs
home = "/var/spool/tinc_graphs";
- createHome = true;
};
krebs.nginx.servers = mkIf cfg.nginx.enable {
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 5d5fead8f..4c295dffe 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -1,6 +1,6 @@
{ lib, ... }:
-with import ../../4lib { inherit lib; };
+with lib;
{
dns.providers = {
@@ -65,7 +65,7 @@ with import ../../4lib { inherit lib; };
dc = "tv"; #dc = "cac";
nets = rec {
internet = {
- addrs4 = ["104.233.84.215"];
+ addrs4 = ["104.167.114.142"];
aliases = [
"mkdir.internet"
];
@@ -231,6 +231,7 @@ with import ../../4lib { inherit lib; };
addrs6 = ["42:0:0:0:0:0:0:1337"];
aliases = [
"wu.retiolum"
+ "cgit.wu.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index 80d9f5e93..206bc5697 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -56,6 +56,13 @@ let
https://nixos.org/channels/nixos-unstable/git-revision
];
};
+ verbose = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ verbose output of urlwatch
+ '';
+ };
};
urlsFile = toFile "urls" (concatStringsSep "\n" cfg.urls);
@@ -106,7 +113,7 @@ let
cd /tmp
- urlwatch -e --urls="$urlsFile" > changes 2>&1 || :
+ urlwatch -e ${optionalString cfg.verbose "-v"} --urls="$urlsFile" > changes || :
if test -s changes; then
date=$(date -R)
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index 0a6101314..396307c22 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -3,8 +3,6 @@
with builtins;
with lib;
-builtins //
-lib //
rec {
eq = x: y: x == y;
diff --git a/krebs/4lib/infest/finalize.sh b/krebs/4lib/infest/finalize.sh
index 0039960c5..94b13e0be 100644
--- a/krebs/4lib/infest/finalize.sh
+++ b/