summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci.nix2
-rw-r--r--krebs/3modules/ci.nix25
-rw-r--r--krebs/5pkgs/simple/ejabberd/default.nix122
-rw-r--r--krebs/5pkgs/simple/ejabberd/ejabberdctl.patch32
-rw-r--r--lass/1systems/archprism/config.nix1
-rw-r--r--lass/1systems/mors/config.nix1
-rw-r--r--lass/1systems/skynet/config.nix28
-rw-r--r--lass/1systems/skynet/physical.nix21
-rw-r--r--lass/2configs/blue-host.nix26
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix3
-rw-r--r--lass/2configs/websites/domsen.nix7
-rw-r--r--lass/3modules/ejabberd/config.nix1
-rw-r--r--lass/krops.nix8
m---------submodules/krops0
-rw-r--r--tv/2configs/gitrepos.nix1
-rw-r--r--tv/2configs/vim.nix33
-rw-r--r--tv/3modules/ejabberd/config.nix1
-rw-r--r--tv/5pkgs/simple/hc.nix37
18 files changed, 166 insertions, 183 deletions
diff --git a/ci.nix b/ci.nix
index 6f4b89b08..631c3dc41 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,4 +1,4 @@
-# usage: nix-instantiate --eval --strict --json ./ci.nix
+# usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq .
with import ./lib;
let
pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; };
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index 16c6d4315..4cfe598d6 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -30,6 +30,8 @@ let
nix-instantiate --quiet -Q --eval --strict --json ./ci.nix
'';
+ profileRoot = "/nix/var/nix/profiles/ci";
+
imp = {
krebs.buildbot.master = {
slaves = {
@@ -98,9 +100,16 @@ let
self.addBuildSteps([steps.ShellCommand(
name=str(new_step),
command=[
- new_steps[new_step]
+ "${pkgs.writeDash "build-stepper.sh" ''
+ set -efu
+ profile=${shell.escape profileRoot}/$build_name
+ result=$("$build_script")
+ ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
+ ''}"
],
env={
+ "build_name": new_step,
+ "build_script": new_steps[new_step],
"NIX_REMOTE": "daemon",
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
},
@@ -163,6 +172,20 @@ let
password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate gnutar lzma gzip ];
};
+
+ system.activationScripts.buildbots-nix-profile = ''
+ ${pkgs.coreutils}/bin/mkdir -p ${shell.escape profileRoot}
+ ${pkgs.coreutils}/bin/chmod 0770 ${shell.escape profileRoot}
+ ${pkgs.coreutils}/bin/chgrp buildbots ${shell.escape profileRoot}
+ '';
+
+ users = {
+ groups.buildbots.gid = genid "buildbots";
+ users = {
+ buildbotMaster.extraGroups = [ "buildbots" ];
+ buildbotSlave.extraGroups = [ "buildbots" ];
+ };
+ };
};
in out
diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix
deleted file mode 100644
index b4ab13b43..000000000
--- a/krebs/5pkgs/simple/ejabberd/default.nix
+++ /dev/null
@@ -1,122 +0,0 @@
-{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
-, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
-, withMysql ? false
-, withPgsql ? false
-, withSqlite ? false, sqlite
-, withPam ? false, pam
-, withZlib ? true, zlib
-, withRiak ? false
-, withElixir ? false, elixir
-, withIconv ? true
-, withTools ? false
-, withRedis ? false
-}:
-
-let
- fakegit = writeScriptBin "git" ''
- #! ${stdenv.shell} -e
- if [ "$1" = "describe" ]; then
- [ -r .rev ] && cat .rev || true
- fi
- '';
-
- ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ];
-
-in stdenv.mkDerivation rec {
- version = "18.01";
- name = "ejabberd-${version}";
-
- src = fetchurl {
- url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
- sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6";
- };
-
- nativeBuildInputs = [ fakegit ];
-
- buildInputs = [ erlang openssl expat libyaml gd ]
- ++ lib.optional withSqlite sqlite
- ++ lib.optional withPam pam
- ++ lib.optional withZlib zlib
- ++ lib.optional withElixir elixir
- ;
-
- # Apparently needed for Elixir
- LANG = "en_US.UTF-8";
-
- deps = stdenv.mkDerivation {
- name = "ejabberd-deps-${version}";
-
- inherit src;
-
- configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ];
-
- nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
-
- GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
- makeFlags = [ "deps" ];
-
- phases = [ "unpackPhase" "configurePhase" "buildPhase" "installPhase" ];
-
- installPhase = ''
- for i in deps/*; do
- ( cd $i
- git reset --hard
- git clean -ffdx
- git describe --always --tags > .rev
- rm -rf .git
- )
- done
- rm deps/.got
-
- cp -r deps $out
- '';
-
- outputHashMode = "recursive";
- outputHashAlgo = "sha256";
- outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk";
- };
-
- configureFlags =
- [ (lib.enableFeature withMysql "mysql")
- (lib.enableFeature withPgsql "pgsql")
- (lib.enableFeature withSqlite "sqlite")
- (lib.enableFeature withPam "pam")
- (lib.enableFeature withZlib "zlib")
- (lib.enableFeature withRiak "riak")
- (lib.enableFeature withElixir "elixir")
- (lib.enableFeature withIconv "iconv")
- (lib.enableFeature withTools "tools")
- (lib.enableFeature withRedis "redis")
- ] ++ lib.optional withSqlite "--with-sqlite3=${sqlite.dev}";
-
- enableParallelBuilding = true;
-
- patches = [
- ./ejabberdctl.patch
- ];
-
- preBuild = ''
- cp -r $deps deps
- chmod -R +w deps
- patchShebangs deps
- '';
-
- postInstall = ''
- sed -i \
- -e '2iexport PATH=${ctlpath}:$PATH' \
- -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
- -e 's,\(^ *JOT=\).*,\1,' \
- -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
- $out/sbin/ejabberdctl
- '';
-
- meta = with stdenv.lib; {
- description = "Open-source XMPP application server written in Erlang";
- license = licenses.gpl2;
- homepage = http://www.ejabberd.im;
- platforms = platforms.linux;
- maintainers = with maintainers; [ sander abbradar ];
- broken = withElixir;
- };
-}
diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
deleted file mode 100644
index f7c842b7b..000000000
--- a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
+++ /dev/null
@@ -1,32 +0,0 @@
---- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100
-+++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200
-@@ -42,19 +42,18 @@
- esac
-
- # parse command line parameters
--for arg; do
-- case $arg in
-- -n|--node) ERLANG_NODE_ARG=$2; shift;;
-- -s|--spool) SPOOL_DIR=$2; shift;;
-- -l|--logs) LOGS_DIR=$2; shift;;
-- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;;
-- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;;
-- -d|--config-dir) ETC_DIR=$2; shift;;
-- -t|--no-timeout) NO_TIMEOUT="--no-timeout";;
-- --) :;;
-+while test $# -gt 0; do
-+ case $1 in
-+ -n|--node) ERLANG_NODE_ARG=$2; shift 2;;
-+ -s|--spool) SPOOL_DIR=$2; shift 2;;
-+ -l|--logs) LOGS_DIR=$2; shift 2;;
-+ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;;
-+ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;;
-+ -d|--config-dir) ETC_DIR=$2; shift 2;;
-+ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;;
-+ # --) :;; what is this for?
- *) break;;
- esac
-- shift
- done
-
- # define ejabberd variables if not already defined from the command line
diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix
index 6706914b5..bed8961b8 100644
--- a/lass/1systems/archprism/config.nix
+++ b/lass/1systems/archprism/config.nix
@@ -110,7 +110,6 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/iodined.nix>
<stockholm/lass/2configs/paste.nix>
<stockholm/lass/2configs/syncthing.nix>
- <stockholm/lass/2configs/reaktor-coders.nix>
<stockholm/lass/2configs/ciko.nix>
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/monitoring/prometheus-server.nix>
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 6d65b58c2..cac13be2b 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -33,6 +33,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/rtl-sdr.nix>
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/print.nix>
+ <stockholm/lass/2configs/blue-host.nix>
{
krebs.iptables.tables.filter.INPUT.rules = [
#risk of rain
diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix
index b6c08f797..08aa18b76 100644
--- a/lass/1systems/skynet/config.nix
+++ b/lass/1systems/skynet/config.nix
@@ -5,42 +5,34 @@ with import <stockholm/lib>;
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
- #<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
{
- # discordius config
services.xserver.enable = true;
+ services.xserver.desktopManager.xfce.enable = true;
+
users.users.discordius = {
- uid = genid "discordius";
- home = "/home/discordius";
- group = "users";
- createHome = true;
+ uid = genid "diskordius";
+ isNormalUser = true;
extraGroups = [
"audio"
"networkmanager"
];
- useDefaultShell = true;
- };
- networking.networkmanager.enable = true;
- networking.wireless.enable = mkForce false;
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
};
environment.systemPackages = with pkgs; [
- pavucontrol
- firefox
- hexchat
- networkmanagerapplet
+ google-chrome
];
- services.xserver.desktopManager.gnome3 = {
+ hardware.pulseaudio = {
enable = true;
+ systemWide = true;
};
}
];
krebs.build.host = config.krebs.hosts.skynet;
+ networking.wireless.enable = false;
+ networking.networkmanager.enable = true;
+
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
diff --git a/lass/1systems/skynet/physical.nix b/lass/1systems/skynet/physical.nix
index 358e1f511..e3451293f 100644
--- a/lass/1systems/skynet/physical.nix
+++ b/lass/1systems/skynet/physical.nix
@@ -1,10 +1,27 @@
{
imports = [
./config.nix
- <stockholm/lass/2configs/hw/x220.nix>
- <stockholm/lass/2configs/boot/stock-x220.nix>
+ <stockholm/krebs/2configs/hw/x220.nix>
];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.efiInstallAsRemovable = true;
+ boot.loader.grub.device = "nodev";
+
+ networking.hostId = "06442b9a";
+
+ fileSystems."/" =
+ { device = "rpool/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/0876-B308";
+ fsType = "vfat";
+ };
+
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="10:0b:a9:a6:44:04", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:d1:90:fc", NAME="et0"
diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix
index 83c235f3e..2302c70ec 100644
--- a/lass/2configs/blue-host.nix
+++ b/lass/2configs/blue-host.nix
@@ -8,16 +8,38 @@ with import <stockholm/lib>;
systemd.services."container@blue".reloadIfChanged = mkForce false;
containers.blue = {
config = { ... }: {
- environment.systemPackages = [ pkgs.git ];
+ environment.systemPackages = [
+ pkgs.git
+ pkgs.rxvt_unicode.terminfo
+ ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
- autoStart = true;
+ autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.9";
localAddress = "10.233.2.10";
};
+ environment.systemPackages = [
+ (pkgs.writeDashBin "start-blue" ''
+ set -ef
+ if ping -c1 blue.r; then
+ echo 'blue is already running. bailing out'
+ exit 23
+ fi
+ if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then
+ ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue
+ fi
+ nixos-container start blue
+ nixos-container run blue -- nixos-rebuild -I /var/src switch
+ '')
+ (pkgs.writeDashBin "stop-blue" ''
+ set -ef
+ nixos-container stop blue
+ fusermount -u /var/lib/containers/blue
+ '')
+ ];
}
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
index aef671636..b7083c776 100644
--- a/lass/2configs/monitoring/prometheus-server.nix
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -177,7 +177,8 @@
addr = "0.0.0.0";
domain = "grafana.example.com";
rootUrl = "https://grafana.example.com/";
- security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ auth.anonymous.enable = true;
+ auth.anonymous.org_role = "Admin";
};
};
services.logstash = {
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 828cab95f..4935268a4 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -139,6 +139,13 @@ in {
ssl_key = "/var/lib/acme/lassul.us/key.pem";
};
+ users.users.xanf = {
+ uid = genid_uint31 "xanf";
+ home = "/home/xanf";
+ useDefaultShell = true;
+ createHome = true;
+ };
+
users.users.domsen = {
uid = genid_uint31 "domsen";
description = "maintenance acc for domsen";
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
index e7288313a..4630f25c1 100644
--- a/lass/3modules/ejabberd/config.nix
+++ b/lass/3modules/ejabberd/config.nix
@@ -87,7 +87,6 @@ in /* yaml */ ''
mod_configure: {}
mod_disco: {}
mod_echo: {}
- mod_irc: {}
mod_bosh: {}
mod_last: {}
mod_offline:
diff --git a/lass/krops.nix b/lass/krops.nix
index a898164c3..758c2a7d4 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -21,12 +21,20 @@
];
in {
+
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; };
inherit target;
};
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
+ populate = { target, force ? false }: pkgs.populate {
+ inherit force;
+ source = source { test = false; };
+ target = lib.mkTarget target;
+ };
+
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
test = { target }: pkgs.krops.writeTest "${name}-test" {
force = true;
diff --git a/submodules/krops b/submodules/krops
-Subproject e2b29654251367545700154ffbac806705dd04c
+Subproject ce37b2a9c2a438b7278e8e8ab045df34f00ad38
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 62c90d4e9..a89d1302c 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -76,6 +76,7 @@ let {
};
} // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) {
blessings = {};
+ hc = {};
mime = {};
quipper = {};
scanner = {};
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 2ac7f7518..a5641f094 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -14,8 +14,25 @@ let {
};
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
+ # cannot use pkgs.vimPlugins.fzf-vim as it's missing :Rg
+ (pkgs.vimUtils.buildVimPlugin {
+ name = "fzf-2018-11-14";
+ src = pkgs.fetchgit {
+ url = https://github.com/junegunn/fzf.vim;
+ rev = "ad1833ecbc9153b6e34a4292dc089a58c4bcb8dc";
+ sha256 = "1z2q71q6l9hq9fqfqpj1svhyk4yk1bzw1ljhksx4bnpz8gkfbx2m";
+ };
+ })
+ pkgs.vimPlugins.fzfWrapper
pkgs.vimPlugins.undotree
- pkgs.vimPlugins.vim-elixir
+ (pkgs.vimUtils.buildVimPlugin {
+ name = "vim-elixir-2018-08-17";
+ src = pkgs.fetchgit {
+ url = https://github.com/elixir-editors/vim-elixir;
+ rev = "0a847f0faed5ba2d94bb3d51f355c50f37ba025b";
+ sha256 = "1jl85wpgywhcvhgw02y8zpvqf0glr4i8522kxpvhsiacb1v1xh04";
+ };
+ })
(pkgs.vimUtils.buildVimPlugin {
name = "vim-syntax-jq";
src = pkgs.fetchgit {
@@ -309,6 +326,11 @@ let {
paths = [
(pkgs.writeDashBin "vim" ''
set -efu
+ export FZF_DEFAULT_COMMAND='${pkgs.ripgrep}/bin/rg --files'
+ export PATH=$PATH:${makeBinPath [
+ pkgs.fzf
+ pkgs.ripgrep
+ ]}
(umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString need-dirs})
exec ${pkgs.vim}/bin/vim "$@"
'')
@@ -333,6 +355,7 @@ let {
set shortmess+=I
set showcmd
set showmatch
+ set timeoutlen=0
set ttimeoutlen=0
set undodir=${dirs.undodir}
set undofile
@@ -385,5 +408,13 @@ let {
noremap <esc>[c <nop> | noremap! <esc>[c <nop>
noremap <esc>[d <nop> | noremap! <esc>[d <nop>
vnoremap u <nop>
+
+ " fzf
+ nnoremap <esc>q :Files<cr>
+ nnoremap <esc>w :Rg<cr>
+
+ " edit alternate buffer
+ " For some reason neither putting <ctrl>6 nor <ctrl>^ works here...
+ nnoremap <esc>a 
'';
}
diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix
index 68bcfa340..a0631e226 100644
--- a/tv/3modules/ejabberd/config.nix
+++ b/tv/3modules/ejabberd/config.nix
@@ -87,7 +87,6 @@ in /* yaml */ ''
mod_configure: {}
mod_disco: {}
mod_echo: {}
- mod_irc: {}
mod_bosh: {}
mod_last: {}
mod_offline:
diff --git a/tv/5pkgs/simple/hc.nix b/tv/5pkgs/simple/hc.nix
new file mode 100644
index 000000000..4d325e16c
--- /dev/null
+++ b/tv/5pkgs/simple/hc.nix
@@ -0,0 +1,37 @@
+{ coreutils, fetchgit, findutils, gawk, gnugrep, makeWrapper, qrencode, stdenv, texlive, utillinux, zbar }:
+
+stdenv.mkDerivation rec {
+ name = "hc-${meta.version}";
+
+ src = fetchgit {
+ url = "https://cgit.krebsco.de/hc";
+ rev = "refs/tags/v${meta.version}";
+ sha256 = "09349gja22p0j3xs082kp0fnaaada14bafszn4r3q7rg1id2slfb";
+ };
+
+ nativeBuildInputs = [ makeWrapper ];
+
+ buildPhase = null;
+
+ installPhase = ''
+ mkdir -p $out/bin
+
+ cp $src/bin/hc $out/bin/hc
+
+ wrapProgram $out/bin/hc \
+ --prefix PATH : ${stdenv.lib.makeBinPath [
+ coreutils
+ findutils
+ gawk
+ gnugrep
+ qrencode
+ texlive.combined.scheme-full
+ utillinux
+ zbar
+ ]}
+ '';
+
+ meta = {
+ version = "1.0.0";
+ };
+}