diff options
-rw-r--r-- | krebs/3modules/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/tinc.nix (renamed from krebs/3modules/retiolum.nix) | 48 | ||||
-rw-r--r-- | krebs/5pkgs/whatsupnix/default.nix | 15 | ||||
-rw-r--r-- | krebs/5pkgs/whatsupnix/whatsupnix.bash | 44 | ||||
-rw-r--r-- | lass/2configs/retiolum.nix | 2 |
5 files changed, 89 insertions, 22 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index daa963bc8..227eb209b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -34,10 +34,10 @@ let ./Reaktor.nix ./realwallpaper.nix ./retiolum-bootstrap.nix - ./retiolum.nix ./rtorrent.nix ./secret.nix ./setuid.nix + ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix ./repo-sync.nix diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/tinc.nix index 0a3d7ed2f..8af15c13b 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/tinc.nix @@ -17,6 +17,27 @@ let in { enable = mkEnableOption "krebs.tinc.${netname}" // { default = true; }; + enableLegacy = mkEnableOption "/etc/tinc/${netname}"; + + confDir = mkOption { + type = types.package; + default = pkgs.linkFarm "${netname}-etc-tinc" + (mapAttrsToList (name: path: { inherit name path; }) { + "hosts" = tinc.config.hostsPackage; + "tinc.conf" = pkgs.writeText "${netname}-tinc.conf" '' + Name = ${tinc.config.host.name} + Interface = ${netname} + ${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo} + PrivateKeyFile = ${tinc.config.privkey.path} + Port = ${toString tinc.config.host.nets.${netname}.tinc.port} + ${tinc.config.extraConfig} + ''; + "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' + ${tinc.config.iproutePackage}/sbin/ip link set ${netname} up + ${tinc.config.tincUp} + ''; + }); + }; host = mkOption { type = types.host; @@ -175,29 +196,16 @@ let } ) config.krebs.tinc; + environment.etc = mapAttrs' (netname: cfg: + nameValuePair "tinc/${netname}" (mkIf cfg.enableLegacy { + source = cfg.confDir; + }) + ) config.krebs.tinc; + systemd.services = mapAttrs (netname: cfg: let tinc = cfg.tincPackage; iproute = cfg.iproutePackage; - - confDir = let - namePathPair = name: path: { inherit name path; }; - in pkgs.linkFarm "${netname}-etc-tinc" (mapAttrsToList namePathPair { - "hosts" = cfg.hostsPackage; - "tinc.conf" = pkgs.writeText "${cfg.netname}-tinc.conf" '' - Name = ${cfg.host.name} - Interface = ${netname} - ${concatStrings (map (c: "ConnectTo = ${c}\n") cfg.connectTo)} - PrivateKeyFile = ${cfg.privkey.path} - Port = ${toString cfg.host.nets.${cfg.netname}.tinc.port} - ${cfg.extraConfig} - ''; - "tinc-up" = pkgs.writeDash "${netname}-tinc-up" '' - ${iproute}/sbin/ip link set ${netname} up - ${cfg.tincUp} - ''; - } - ); in { description = "Tinc daemon for ${netname}"; after = [ "network.target" ]; @@ -206,7 +214,7 @@ let path = [ tinc iproute ]; serviceConfig = rec { Restart = "always"; - ExecStart = "${tinc}/sbin/tincd -c ${confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; + ExecStart = "${tinc}/sbin/tincd -c ${cfg.confDir} -d 0 -U ${cfg.user.name} -D --pidfile=/var/run/tinc.${SyslogIdentifier}.pid"; SyslogIdentifier = netname; }; } diff --git a/krebs/5pkgs/whatsupnix/default.nix b/krebs/5pkgs/whatsupnix/default.nix new file mode 100644 index 000000000..1a108c5e9 --- /dev/null +++ b/krebs/5pkgs/whatsupnix/default.nix @@ -0,0 +1,15 @@ +{ bash, coreutils, gawk, nix, makeWrapper, stdenv }: + +stdenv.mkDerivation { + name = "whatsupnix"; + phases = [ "installPhase" ]; + nativeBuildInputs = [ makeWrapper ]; + installPhase = '' + mkdir -p $out/bin + cat - ${./whatsupnix.bash} > $out/bin/whatsupnix <<\EOF + #! ${bash}/bin/bash + export PATH=${stdenv.lib.makeBinPath [ coreutils gawk nix ]} + EOF + chmod +x $out/bin/whatsupnix + ''; +} diff --git a/krebs/5pkgs/whatsupnix/whatsupnix.bash b/krebs/5pkgs/whatsupnix/whatsupnix.bash new file mode 100644 index 000000000..a19410055 --- /dev/null +++ b/krebs/5pkgs/whatsupnix/whatsupnix.bash @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +# Prints build logs for failed derivations in quiet build mode (-Q). +# See https://github.com/NixOS/nix/issues/443 +# +# Usage: +# +# set -o pipefail +# nix-build ... -Q ... | whatsupnix +# + + +GAWK=${GAWK:-gawk} +NIX_STORE=${NIX_STORE:-nix-store} + +broken=$(mktemp) +trap 'rm -f -- "$broken"' EXIT + +exec >&2 + +$GAWK -v broken="$broken" -f <(cat - <<- 'AWK' + match($0, /builder for .*(\/nix\/store\/.+\.drv).* failed/, m) { + print m[1] >> broken + } + { print $0 } +AWK +) + +export NIX_PAGER='' # for nix-store +while read -r drv; do + title="** FAILED $drv LOG **" + frame=${title//?/*} + + echo "$frame" + echo "$title" + echo "$frame" + echo + + $NIX_STORE -l "$drv" + + echo +done < "$broken" + +exit 0 diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7a7bf95be..7f1b36c96 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -5,7 +5,6 @@ krebs.iptables = { tables = { filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } ]; @@ -13,6 +12,7 @@ }; krebs.tinc.retiolum = { + enableLegacy = true; enable = true; connectTo = [ "prism" |