diff options
-rw-r--r-- | ci.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/ci.nix | 25 | ||||
-rw-r--r-- | krebs/5pkgs/simple/ejabberd/default.nix | 122 | ||||
-rw-r--r-- | krebs/5pkgs/simple/ejabberd/ejabberdctl.patch | 32 | ||||
-rw-r--r-- | lass/1systems/archprism/config.nix | 1 | ||||
-rw-r--r-- | lass/1systems/mors/config.nix | 1 | ||||
-rw-r--r-- | lass/1systems/skynet/config.nix | 28 | ||||
-rw-r--r-- | lass/1systems/skynet/physical.nix | 21 | ||||
-rw-r--r-- | lass/2configs/blue-host.nix | 26 | ||||
-rw-r--r-- | lass/2configs/monitoring/prometheus-server.nix | 3 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 7 | ||||
-rw-r--r-- | lass/3modules/ejabberd/config.nix | 1 | ||||
-rw-r--r-- | lass/krops.nix | 8 | ||||
m--------- | submodules/krops | 0 | ||||
-rw-r--r-- | tv/2configs/gitrepos.nix | 1 | ||||
-rw-r--r-- | tv/2configs/vim.nix | 33 | ||||
-rw-r--r-- | tv/3modules/ejabberd/config.nix | 1 | ||||
-rw-r--r-- | tv/5pkgs/simple/hc.nix | 37 |
18 files changed, 166 insertions, 183 deletions
@@ -1,4 +1,4 @@ -# usage: nix-instantiate --eval --strict --json ./ci.nix +# usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq . with import ./lib; let pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; }; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 16c6d4315..4cfe598d6 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -30,6 +30,8 @@ let nix-instantiate --quiet -Q --eval --strict --json ./ci.nix ''; + profileRoot = "/nix/var/nix/profiles/ci"; + imp = { krebs.buildbot.master = { slaves = { @@ -98,9 +100,16 @@ let self.addBuildSteps([steps.ShellCommand( name=str(new_step), command=[ - new_steps[new_step] + "${pkgs.writeDash "build-stepper.sh" '' + set -efu + profile=${shell.escape profileRoot}/$build_name + result=$("$build_script") + ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + ''}" ], env={ + "build_name": new_step, + "build_script": new_steps[new_step], "NIX_REMOTE": "daemon", "NIX_PATH": "secrets=/var/src/stockholm/null:/var/src", }, @@ -163,6 +172,20 @@ let password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ]; }; + + system.activationScripts.buildbots-nix-profile = '' + ${pkgs.coreutils}/bin/mkdir -p ${shell.escape profileRoot} + ${pkgs.coreutils}/bin/chmod 0770 ${shell.escape profileRoot} + ${pkgs.coreutils}/bin/chgrp buildbots ${shell.escape profileRoot} + ''; + + users = { + groups.buildbots.gid = genid "buildbots"; + users = { + buildbotMaster.extraGroups = [ "buildbots" ]; + buildbotSlave.extraGroups = [ "buildbots" ]; + }; + }; }; in out diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix deleted file mode 100644 index b4ab13b43..000000000 --- a/krebs/5pkgs/simple/ejabberd/default.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ stdenv, writeScriptBin, lib, fetchurl, git, cacert -, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd -, withMysql ? false -, withPgsql ? false -, withSqlite ? false, sqlite -, withPam ? false, pam -, withZlib ? true, zlib -, withRiak ? false -, withElixir ? false, elixir -, withIconv ? true -, withTools ? false -, withRedis ? false -}: - -let - fakegit = writeScriptBin "git" '' - #! ${stdenv.shell} -e - if [ "$1" = "describe" ]; then - [ -r .rev ] && cat .rev || true - fi - ''; - - ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ]; - -in stdenv.mkDerivation rec { - version = "18.01"; - name = "ejabberd-${version}"; - - src = fetchurl { - url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz"; - sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6"; - }; - - nativeBuildInputs = [ fakegit ]; - - buildInputs = [ erlang openssl expat libyaml gd ] - ++ lib.optional withSqlite sqlite - ++ lib.optional withPam pam - ++ lib.optional withZlib zlib - ++ lib.optional withElixir elixir - ; - - # Apparently needed for Elixir - LANG = "en_US.UTF-8"; - - deps = stdenv.mkDerivation { - name = "ejabberd-deps-${version}"; - - inherit src; - - configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ]; - - nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ]; - - GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; - - makeFlags = [ "deps" ]; - - phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ]; - - installPhase = '' - for i in deps/*; do - ( cd $i - git reset --hard - git clean -ffdx - git describe --always --tags > .rev - rm -rf .git - ) - done - rm deps/.got - - cp -r deps $out - ''; - - outputHashMode = "recursive"; - outputHashAlgo = "sha256"; - outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk"; - }; - - configureFlags = - [ (lib.enableFeature withMysql "mysql") - (lib.enableFeature withPgsql "pgsql") - (lib.enableFeature withSqlite "sqlite") - (lib.enableFeature withPam "pam") - (lib.enableFeature withZlib "zlib") - (lib.enableFeature withRiak "riak") - (lib.enableFeature withElixir "elixir") - (lib.enableFeature withIconv "iconv") - (lib.enableFeature withTools "tools") - (lib.enableFeature withRedis "redis") - ] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}"; - - enableParallelBuilding = true; - - patches = [ - ./ejabberdctl.patch - ]; - - preBuild = '' - cp -r $deps deps - chmod -R +w deps - patchShebangs deps - ''; - - postInstall = '' - sed -i \ - -e '2iexport PATH=${ctlpath}:$PATH' \ - -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \ - -e 's,\(^ *JOT=\).*,\1,' \ - -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ - $out/sbin/ejabberdctl - ''; - - meta = with stdenv.lib; { - description = "Open-source XMPP application server written in Erlang"; - license = licenses.gpl2; - homepage = http://www.ejabberd.im; - platforms = platforms.linux; - maintainers = with maintainers; [ sander abbradar ]; - broken = withElixir; - }; -} diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch deleted file mode 100644 index f7c842b7b..000000000 --- a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100 -+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200 -@@ -42,19 +42,18 @@ - esac - - # parse command line parameters --for arg; do -- case $arg in -- -n|--node) ERLANG_NODE_ARG=$2; shift;; -- -s|--spool) SPOOL_DIR=$2; shift;; -- -l|--logs) LOGS_DIR=$2; shift;; -- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;; -- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;; -- -d|--config-dir) ETC_DIR=$2; shift;; -- -t|--no-timeout) NO_TIMEOUT="--no-timeout";; -- --) :;; -+while test $# -gt 0; do -+ case $1 in -+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;; -+ -s|--spool) SPOOL_DIR=$2; shift 2;; -+ -l|--logs) LOGS_DIR=$2; shift 2;; -+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;; -+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;; -+ -d|--config-dir) ETC_DIR=$2; shift 2;; -+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;; -+ # --) :;; what is this for? - *) break;; - esac -- shift - done - - # define ejabberd variables if not already defined from the command line diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 6706914b5..bed8961b8 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -110,7 +110,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/iodined.nix> <stockholm/lass/2configs/paste.nix> <stockholm/lass/2configs/syncthing.nix> - <stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> <stockholm/lass/2configs/monitoring/prometheus-server.nix> diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 6d65b58c2..cac13be2b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -33,6 +33,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/rtl-sdr.nix> <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/print.nix> + <stockholm/lass/2configs/blue-host.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index b6c08f797..08aa18b76 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -5,42 +5,34 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> - #<stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/fetchWallpaper.nix> { - # discordius config services.xserver.enable = true; + services.xserver.desktopManager.xfce.enable = true; + users.users.discordius = { - uid = genid "discordius"; - home = "/home/discordius"; - group = "users"; - createHome = true; + uid = genid "diskordius"; + isNormalUser = true; extraGroups = [ "audio" "networkmanager" ]; - useDefaultShell = true; - }; - networking.networkmanager.enable = true; - networking.wireless.enable = mkForce false; - hardware.pulseaudio = { - enable = true; - systemWide = true; }; environment.systemPackages = with pkgs; [ - pavucontrol - firefox - hexchat - networkmanagerapplet + google-chrome ]; - services.xserver.desktopManager.gnome3 = { + hardware.pulseaudio = { enable = true; + systemWide = true; }; } ]; krebs.build.host = config.krebs.hosts.skynet; + networking.wireless.enable = false; + networking.networkmanager.enable = true; + services.logind.extraConfig = '' HandleLidSwitch=ignore ''; diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix index 358e1f511..e3451293f 100644 --- a/lass/1systems/skynet/physical.nix +++ b/lass/1systems/skynet/physical.nix @@ -1,10 +1,27 @@ { imports = [ ./config.nix - <stockholm/lass/2configs/hw/x220.nix> - <stockholm/lass/2configs/boot/stock-x220.nix> + <stockholm/krebs/2configs/hw/x220.nix> ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = true; + boot.loader.grub.device = "nodev"; + + networking.hostId = "06442b9a"; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0876-B308"; + fsType = "vfat"; + }; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0" diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 83c235f3e..2302c70ec 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -8,16 +8,38 @@ with import <stockholm/lib>; systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { - environment.systemPackages = [ pkgs.git ]; + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + environment.systemPackages = [ + (pkgs.writeDashBin "start-blue" '' + set -ef + if ping -c1 blue.r; then + echo 'blue is already running. bailing out' + exit 23 + fi + if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then + ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue + fi + nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src switch + '') + (pkgs.writeDashBin "stop-blue" '' + set -ef + nixos-container stop blue + fusermount -u /var/lib/containers/blue + '') + ]; } diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index aef671636..b7083c776 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -177,7 +177,8 @@ addr = "0.0.0.0"; domain = "grafana.example.com"; rootUrl = "https://grafana.example.com/"; - security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""} + auth.anonymous.enable = true; + auth.anonymous.org_role = "Admin"; }; }; services.logstash = { diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 828cab95f..4935268a4 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -139,6 +139,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.xanf = { + uid = genid_uint31 "xanf"; + home = "/home/xanf"; + useDefaultShell = true; + createHome = true; + }; + users.users.domsen = { uid = genid_uint31 "domsen"; description = "maintenance acc for domsen"; diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index e7288313a..4630f25c1 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -87,7 +87,6 @@ in /* yaml */ '' mod_configure: {} mod_disco: {} mod_echo: {} - mod_irc: {} mod_bosh: {} mod_last: {} mod_offline: diff --git a/lass/krops.nix b/lass/krops.nix index a898164c3..758c2a7d4 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -21,12 +21,20 @@ ]; in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" { source = source { test = false; }; inherit target; }; + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate) + populate = { target, force ? false }: pkgs.populate { + inherit force; + source = source { test = false; }; + target = lib.mkTarget target; + }; + # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test) test = { target }: pkgs.krops.writeTest "${name}-test" { force = true; diff --git a/submodules/krops b/submodules/krops -Subproject e2b29654251367545700154ffbac806705dd04c +Subproject ce37b2a9c2a438b7278e8e8ab045df34f00ad38 diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 62c90d4e9..a89d1302c 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -76,6 +76,7 @@ let { }; } // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) { blessings = {}; + hc = {}; mime = {}; quipper = {}; scanner = {}; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 2ac7f7518..a5641f094 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -14,8 +14,25 @@ let { }; extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + # cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg + (pkgs.vimUtils.buildVimPlugin { + name = "fzf-2018-11-14"; + src = pkgs.fetchgit { + url = https://github.com/junegunn/fzf.vim; + rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc"; + sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m"; + }; + }) + pkgs.vimPlugins.fzfWrapper pkgs.vimPlugins.undotree - pkgs.vimPlugins.vim-elixir + (pkgs.vimUtils.buildVimPlugin { + name = "vim-elixir-2018-08-17"; + src = pkgs.fetchgit { + url = https://github.com/elixir-editors/vim-elixir; + rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b"; + sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04"; + }; + }) (pkgs.vimUtils.buildVimPlugin { name = "vim-syntax-jq"; src = pkgs.fetchgit { @@ -309,6 +326,11 @@ let { paths = [ (pkgs.writeDashBin "vim" '' set -efu + export FZF_DEFAULT_COMMAND='${pkgs.ripgrep}/bin/rg --files' + export PATH=$PATH:${makeBinPath [ + pkgs.fzf + pkgs.ripgrep + ]} (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString need-dirs}) exec ${pkgs.vim}/bin/vim "$@" '') @@ -333,6 +355,7 @@ let { set shortmess+=I set showcmd set showmatch + set timeoutlen=0 set ttimeoutlen=0 set undodir=${dirs.undodir} set undofile @@ -385,5 +408,13 @@ let { noremap <esc>[c <nop> | noremap! <esc>[c <nop> noremap <esc>[d <nop> | noremap! <esc>[d <nop> vnoremap u <nop> + + " fzf + nnoremap <esc>q :Files<cr> + nnoremap <esc>w :Rg<cr> + + " edit alternate buffer + " For some reason neither putting <ctrl>6 nor <ctrl>^ works here... + nnoremap <esc>a ''; } diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix index 68bcfa340..a0631e226 100644 --- a/tv/3modules/ejabberd/config.nix +++ b/tv/3modules/ejabberd/config.nix @@ -87,7 +87,6 @@ in /* yaml */ '' mod_configure: {} mod_disco: {} mod_echo: {} - mod_irc: {} mod_bosh: {} mod_last: {} mod_offline: diff --git a/tv/5pkgs/simple/hc.nix b/tv/5pkgs/simple/hc.nix new file mode 100644 index 000000000..4d325e16c --- /dev/null +++ b/tv/5pkgs/simple/hc.nix @@ -0,0 +1,37 @@ +{ coreutils, fetchgit, findutils, gawk, gnugrep, makeWrapper, qrencode, stdenv, texlive, utillinux, zbar }: + +stdenv.mkDerivation rec { + name = "hc-${meta.version}"; + + src = fetchgit { + url = "https://cgit.krebsco.de/hc"; + rev = "refs/tags/v${meta.version}"; + sha256 = "09349gja22p0j3xs082kp0fnaaada14bafszn4r3q7rg1id2slfb"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildPhase = null; + + installPhase = '' + mkdir -p $out/bin + + cp $src/bin/hc $out/bin/hc + + wrapProgram $out/bin/hc \ + --prefix PATH : ${stdenv.lib.makeBinPath [ + coreutils + findutils + gawk + gnugrep + qrencode + texlive.combined.scheme-full + utillinux + zbar + ]} + ''; + + meta = { + version = "1.0.0"; + }; +} |