diff options
-rw-r--r-- | krebs/3modules/default.nix | 2 | ||||
-rw-r--r-- | krebs/3modules/setuid.nix | 4 | ||||
-rw-r--r-- | krebs/5pkgs/simple/bling/default.nix | 56 | ||||
-rw-r--r-- | krebs/5pkgs/simple/git-hooks/default.nix | 40 | ||||
-rw-r--r-- | krebs/5pkgs/simple/krebs-pages/default.nix | 8 | ||||
-rw-r--r-- | krebs/5pkgs/simple/krebs-pages/fixtures/index.html | 42 | ||||
-rw-r--r-- | krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html | 133 | ||||
-rw-r--r-- | krebs/5pkgs/simple/urlwatch/default.nix | 8 | ||||
-rw-r--r-- | krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 36 | ||||
-rw-r--r-- | lass/2configs/buildbot-standalone.nix | 120 | ||||
-rw-r--r-- | lib/default.nix | 4 | ||||
-rw-r--r-- | lib/shell.nix | 2 | ||||
-rw-r--r-- | lib/types.nix | 22 | ||||
-rw-r--r-- | tv/1systems/xu.nix | 14 | ||||
-rw-r--r-- | tv/2configs/default.nix | 8 | ||||
-rw-r--r-- | tv/2configs/gitrepos.nix | 23 | ||||
-rw-r--r-- | tv/dummy_secrets/default.nix | 8 | ||||
-rw-r--r-- | tv/dummy_secrets/repos.nix | 1 | ||||
-rw-r--r-- | tv/dummy_secrets/ssh.id_ed25519 | 3 | ||||
-rw-r--r-- | tv/dummy_secrets/ssh.id_rsa | 3 |
20 files changed, 374 insertions, 163 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 227eb209b..081724cfe 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -186,7 +186,7 @@ let makefu tv ]; - ciko.mail = "wieczorek.stefan@gmail.com"; + ciko.mail = "ciko@slash16.net"; in { "anmeldung@eloop.org" = eloop-ml; "cfp@eloop.org" = eloop-ml; diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index c9677fd24..a17ec0883 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -47,9 +47,7 @@ let type = mkOptionType { # TODO admit symbolic mode name = "octal mode"; - check = x: - isString x && - match "[0-7][0-7][0-7][0-7]" x != null; + check = test "[0-7][0-7][0-7][0-7]"; merge = mergeOneOption; }; }; diff --git a/krebs/5pkgs/simple/bling/default.nix b/krebs/5pkgs/simple/bling/default.nix new file mode 100644 index 000000000..8d6207f65 --- /dev/null +++ b/krebs/5pkgs/simple/bling/default.nix @@ -0,0 +1,56 @@ +{ imagemagick, runCommand, ... }: + +with import <stockholm/lib>; + +let + krebs-v2 = [ + " " + " " + " x x x x" + "xx x xx xx xx x" + "xx x xx xx xx x" + " xxx x x xxx" + " xxx xxxxx xxx" + " x xxxxxxx x " + " xxxxxxxxxxxxx " + " xxxxxxx " + " xxxxxxxxxxx " + " x xxx x " + " x x x x x x " + " x x x x x x " + " x xx x x xx x " + " " + ]; + + chars-per-pixel = 1; + colors = 2; + columns = foldl' max 0 (map stringLength krebs-v2); + rows = length krebs-v2; + + png-geometry = "1692x1692"; + + txt = concatMapStrings (s: "${s}\n") krebs-v2; + + xpm = '' + static char *krebs_v2[] = { + ${toC (toString [columns rows colors chars-per-pixel])}, + " c None", + "x c #E4002B", + ${concatMapStringsSep ",\n " toC krebs-v2} + }; + ''; +in + +runCommand "bling" + { + inherit xpm; + passAsFile = ["xpm"]; + } + '' + mkdir -p $out + cd $out + + cp $xpmPath krebs-v2.xpm + ${imagemagick}/bin/convert krebs-v2.xpm krebs-v2.ico + ${imagemagick}/bin/convert krebs-v2.xpm -scale ${png-geometry} krebs-v2.png + '' diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 4017b873b..1930c7f14 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -5,7 +5,15 @@ with import <stockholm/lib>; { # TODO irc-announce should return a derivation # but it cannot because krebs.git.repos.*.hooks :: attrsOf str - irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: '' + irc-announce = + { branches ? [] + , cgit_endpoint ? "http://cgit.${nick}.r" + , channel + , nick + , port ? 6667 + , server + , verbose ? false + }: /* sh */ '' #! /bin/sh set -euf @@ -34,7 +42,6 @@ with import <stockholm/lib>; port=${toString port} host=$nick - cgit_endpoint=http://cgit.$host.r empty=0000000000000000000000000000000000000000 @@ -66,22 +73,27 @@ with import <stockholm/lib>; if [ $newrev = $empty ]; then id=$empty_tree; fi if [ $oldrev = $empty ]; then id2=$empty_tree; fi - case $receive_mode in - create) - link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h" - ;; - delete) - link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" - ;; - fast-forward|non-fast-forward) - link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" - ;; - esac + ${if cgit_endpoint != null then /* sh */ '' + cgit_endpoint=${escapeShellArg cgit_endpoint} + case $receive_mode in + create) + link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h" + ;; + delete) + link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" + ;; + fast-forward|non-fast-forward) + link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" + ;; + esac + '' else /* sh */ '' + link="$GIT_SSH_REPO $h" + ''} #$host $GIT_SSH_REPO $ref $link add_message $(pink push) $link $(gray "($receive_mode)") - ${optionalString verbose '' + ${optionalString verbose /* sh */ '' add_message "$( git log \ --format="$(orange %h) %s $(gray '(%ar)')" \ diff --git a/krebs/5pkgs/simple/krebs-pages/default.nix b/krebs/5pkgs/simple/krebs-pages/default.nix new file mode 100644 index 000000000..c4ecb2603 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/default.nix @@ -0,0 +1,8 @@ +{ bling, runCommand, ... }: + +runCommand "krebs-pages-0" {} '' + mkdir $out + cp ${./fixtures}/* $out/ + ln -s ${bling}/krebs-v2.ico $out/favicon.ico + ln -s ${bling}/krebs-v2.png $out/ +'' diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html new file mode 100644 index 000000000..e6b7034b3 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html @@ -0,0 +1,42 @@ +<!doctype html> +<title>krebscode</title> +<style> + html { + background: black url(krebs-v2.png) fixed no-repeat 50% 0%; + background-size: 423px; + } + a:visited { + color: white; + } + a:link { + color: lightgrey; + } +</style> +<script> + var html; + window.onload = function () { + html = document.getElementsByTagName('html')[0]; + window.onresize(); + } + window.onresize = function () { + html.style.backgroundSize = + Math.min(document.height - 23, document.width - 23) + 'px'; + } +</script> +<body> + <p> + <a href="http://krebscode.github.io/minikrebs/linuxtag"> + Linuxtag Heckenkrebs Presentation + </a> + </p> + <p> + <a href="http://krebscode.github.io/writeups"> + CTF Writeups + </a> + </p> + <p> + <a href="thesauron.html"> + Thesauron + </a> + </p> +</body> diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html new file mode 100644 index 000000000..bcf1c5d48 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html @@ -0,0 +1,133 @@ +<p>Cholerab n. +[de] +- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass + Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert. +- Teamwork-Plattform für Krebscode.</p> + +<p>eigentlich adv. +[de] +- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt, + die nicht der Fall ist. +Antonym: tatsaechlich</p> + +<p>ghost n. +[de] +- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen + Festplatten) aber wohl nie wieder kommen wird. +Siehe: Wiederbelebung</p> + +<p>KD;RP abbr. (pronounciation: kah-derp) +[en] +- Short for Krebs Darknet / Retiolum Prefix.</p> + +<p>krebs +[de] +- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste + Softwareprojekt im Shack und viel verteilte infrastruktur.</p> + +<p>kremium +[en] +- coinage derived from the words premium and krebs +see: broken +usage: Reaktor ircbot has unfixed broken behavior since ever->“Kremium Software”</p> + +<p>KRI abbr. (pronounciation: [en] cry) +[en] +- Short for Krebs Request for Implementation. + Derived from Scheme Requests for Implementation (SRFI).</p> + +<p>litterate programming n. +[en] +- any code that has not been proved mathematically.</p> + +<p>Nahziel n. +[de] +- Ziel mit höchst möglicher Priorität.</p> + +<p>Nahzielerfahrung n. +[de] +- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl + nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).</p> + +<p>parentheses of fear +[en] +- unnecessary parentheses, usually used when order of precedence is unknown. + - Examples: 1 + (2 * 3)</p> + +<p>Protip n. +[en] +- (Probably vague) description how a task can be solved. + - Antonym: Spoiler + - Example: + - To defeat the Cyberdaemon, shoot at it until it dies. + - RTFM</p> + +<p>Punching Lemma n. +[de] +- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht + von Krebs</p> + +<p>ref, n. +[en] +- A reference like an URI, ISBN, name of a person, etc.</p> + +<p>reftrace, n. +[en] +- A stacktrace-like representation of refs that lead to some (any kind of) + conclusion. Usually generated by a human. The conclusion can be either on + the top or on the bottom of the stack. If the order is ambiguous, then it + should be communicated explicitly. + - Example: (conclusion first) + - http://en.wikipedia.org/wiki/Stack_trace + - google “stacktrace” (first entry / 2014–12–05T12:13:58Z) + - think about some example [this could be omitted, as it’s obvious…]</p> + +<p>Retiolum n. +[en] +- The official darknet of Krebs which utilizes the Retiolum Prefix to + address individual nodes.</p> + +<p>Retiolum Prefix n. +[en] +- The universally accepted IPv6-prefix, 42::/16. Anyone can has a + /128-subnet and, if require, anything larger.</p> + +<p>Retiolum Realtime Map n. +[en] +- The network map of the public visible part of Retiolum.</p> + +<p>RRM [abbr.][en] +- Short for Retiolum Retiolum Map.</p> + +<p>Sanatorium n. +[en] +- The Krebs Control and Command Center. +- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather + and lurk for relevant input.</p> + +<p>Spoiler n. +[en] +- A subset of walkthrough, i.e. any individual steps may be omitted. + - Antonym: Protip</p> + +<p>tatsaechlich, adv. +[de] +- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht. +Antonym: eigentlich</p> + +<p>Verkrebsung n. +[de] +- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs + Komponente) auf einem beliebigem System.</p> + +<p>Walkthrough n. +[en] +- Description of the individual steps to complete a task. + - Examples: + - program code + - small-step semantics</p> + +<p>Wiederbelebung n. +[de] +- Ein ghost wird im Darknet wieder erreichbar +Siehe: ghost</p> diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix index 7ffbd8870..509555669 100644 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ b/krebs/5pkgs/simple/urlwatch/default.nix @@ -1,16 +1,17 @@ { stdenv, fetchurl, python3Packages }: python3Packages.buildPythonPackage rec { - name = "urlwatch-2.5"; + name = "urlwatch-${meta.version}"; src = fetchurl { - url = "https://thp.io/2008/urlwatch/${name}.tar.gz"; - sha256 = "0qirpymdmpsx0klmhbx3icmiwpm6fx4wjma646gl9m90pifs8430"; + url = "https://github.com/thp/urlwatch/archive/${meta.version}.tar.gz"; + sha256 = "09bn31gn03swi7yr3s1ql8x07hx96gap1ka77kk44kk0lvfxn55b"; }; propagatedBuildInputs = with python3Packages; [ keyring minidb + pycodestyle pyyaml requests2 ]; @@ -20,5 +21,6 @@ python3Packages.buildPythonPackage rec { homepage = https://thp.io/2008/urlwatch/; license = stdenv.lib.licenses.bsd3; maintainers = [ stdenv.lib.maintainers.tv ]; + version = "2.6"; }; } diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index eba44be1c..042763048 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -1,26 +1,33 @@ #!/usr/bin/env bash - +# # Prints build logs for failed derivations in quiet build mode (-Q). # See https://github.com/NixOS/nix/issues/443 # # Usage: # -# set -o pipefail -# nix-build ... -Q ... | whatsupnix [user@target[:port]] +# nix-build ... -Q ... 2>&1 | whatsupnix [user@target[:port]] +# +# Exit Codes: +# +# 0 No failed derivations could be found. This either means there where +# no build errors, or stdin wasn't nix-build output. +# +# 1 Usage error; arguments couldn't be parsed. +# +# 2 Build error; at least one failed derivation could be found. # - GAWK=${GAWK:-gawk} NIX_STORE=${NIX_STORE:-nix-store} -broken=$(mktemp) -trap 'rm -f -- "$broken"' EXIT +failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX) +trap 'rm -f -- "$failed_drvs"' EXIT exec >&2 -$GAWK -v broken="$broken" ' +$GAWK -v failed_drvs="$failed_drvs" ' match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { - print m[1] >> broken + print m[1] >> failed_drvs } { print $0 } ' @@ -28,7 +35,7 @@ $GAWK -v broken="$broken" ' case $# in 0) print_log() { - $NIX_STORE -l "$1" + NIX_PAGER= $NIX_STORE -l "$1" } ;; 1) @@ -47,7 +54,7 @@ case $# in remote_host=$1 print_log() { ssh "$remote_user@$remote_host" -p "$remote_port" \ - nix-store -l "$1" + env NIX_PAGER= nix-store -l "$1" } ;; *) @@ -55,7 +62,6 @@ case $# in exit 1 esac -export NIX_PAGER='' # for nix-store while read -r drv; do title="** FAILED $drv LOG **" frame=${title//?/*} @@ -68,6 +74,10 @@ while read -r drv; do print_log "$drv" echo -done < "$broken" +done < "$failed_drvs" -exit 0 +if test -s "$failed_drvs"; then + exit 2 +else + exit 0 +fi diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 5edd1075d..e765ddbb4 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -32,7 +32,7 @@ in { stockholm_repo, workdir='stockholm-poller', branches=True, project='stockholm', - pollinterval=120 + pollinterval=10 ) ) ''; @@ -44,7 +44,7 @@ in { change_filter=util.ChangeFilter(branch_re=".*"), treeStableTimer=10, name="build-all-branches", - builderNames=["build-hosts", "build-pkgs"] + builderNames=["build-hosts"] ) ) ''; @@ -77,6 +77,11 @@ in { "NIX_REMOTE": "daemon", "dummy_secrets": "true", } + env_tv = { + "LOGNAME": "tv", + "NIX_REMOTE": "daemon", + "dummy_secrets": "true", + } # prepare nix-shell # the dependencies which are used by the test script @@ -91,6 +96,7 @@ in { # SSL_CERT_FILE,LOGNAME,NIX_REMOTE nixshell = [ "nix-shell", + "-I", "/var/src", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] @@ -103,45 +109,31 @@ in { build-hosts = '' f = util.BuildFactory() f.addStep(grab_repo) - for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: - addShell(f,name="build-{}".format(i),env=env_shared, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make NIX_PATH=$HOME/$LOGNAME test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(i) - ] + + def build_host(env, host): + addShell(f,name="build-{}".format(i),env=env, + command=nixshell + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ + echo $HOME; echo $LOGNAME; \ + test -e $HOME/$LOGNAME/nixpkgs || cp -r /var/src/nixpkgs $HOME/$LOGNAME/; \ + make NIX_PATH=$HOME/$LOGNAME:secrets=/var/src/stockholm/null test method=build \ + target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ + system={}".format(host)] ) + for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]: + build_host(env_tv, i) + for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]: - addShell(f,name="build-{}".format(i),env=env_lass, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make NIX_PATH=$HOME/$LOGNAME test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(i) - ] - ) + build_host(env_lass, i) for i in [ "x", "wry", "vbob", "wbob", "shoney" ]: - addShell(f,name="build-{}".format(i),env=env_makefu, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make NIX_PATH=$HOME/$LOGNAME test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(i) - ] - ) + build_host(env_makefu, i) for i in [ "hiawatha", "onondaga" ]: - addShell(f,name="build-{}".format(i),env=env_nin, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make NIX_PATH=$HOME/$LOGNAME test method=build \ - target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \ - system={}".format(i) - ] - ) + build_host(env_nin, i) + + for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]: + build_host(env_shared, i) bu.append( util.BuilderConfig( @@ -152,63 +144,6 @@ in { ) ''; - - build-pkgs = '' - f = util.BuildFactory() - f.addStep(grab_repo) - for i in [ - "apt-cacher-ng", - "bepasty-client-cli", - "cac-api", - "cac-cert", - "cac-panel", - "charybdis", - "collectd-connect-time", - "dic", - "drivedroid-gen-repo", - "exim", - "fortclientsslvpn", - "get", - "git-hooks", - "github-hosts-sync", - "go", - "hashPassword", - "haskellPackages.blessings", - "haskellPackages.email-header", - "haskellPackages.scanner", - "haskellPackages.xmonad-stockholm", - "krebspaste", - "logf", - "much", - "newsbot-js", - "noVNC", - "ovh-zone", - "passwdqc-utils", - "populate", - "posix-array", - "pssh", - "push", - "Reaktor", - "realwallpaper", - "repo-sync", - "retiolum-bootstrap", - "tarantool", - "test", - "tinc_graphs", - "translate-shell", - "urlwatch", - "with-tmpdir", - "youtube-tools", - ]: - addShell(f,name="build-{}".format(i),env=env_lass, - command=nixshell + \ - ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \ - make system=prism pkgs.{}".format(i)]) - - bu.append(util.BuilderConfig(name="build-pkgs", - workernames=workernames, - factory=f)) - ''; }; enable = true; web.enable = true; @@ -230,9 +165,6 @@ in { username = "testworker"; password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate ]; - extraEnviron = { - NIX_PATH="/var/src"; - }; }; config.krebs.iptables = { tables = { diff --git a/lib/default.nix b/lib/default.nix index 9399a0107..803a614a1 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -29,6 +29,10 @@ let setAttr = name: value: set: set // { ${name} = value; }; + test = re: x: isString x && testString re x; + + testString = re: x: match re x != null; + toC = x: let type = typeOf x; reject = throw "cannot convert ${type}"; diff --git a/lib/shell.nix b/lib/shell.nix index a8ff5dbe0..f9779028e 100644 --- a/lib/shell.nix +++ b/lib/shell.nix @@ -5,7 +5,7 @@ with lib; rec { escape = let - isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null; + isSafeChar = testString "[-+./0-9:=A-Z_a-z]"; in stringAsChars (c: if isSafeChar c then c diff --git a/lib/types.nix b/lib/types.nix index 530cd1e69..f9ec7b1c3 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -2,10 +2,10 @@ let inherit (lib) - all any concatMapStringsSep concatStringsSep const filter flip genid - hasSuffix head isInt isString length match mergeOneOption mkOption + all any concatMapStringsSep concatStringsSep const filter flip + genid hasSuffix head isInt isString length mergeOneOption mkOption mkOptionType optional optionalAttrs optionals range splitString - stringLength substring typeOf; + stringLength substring test typeOf; inherit (lib.types) attrsOf bool either enum int listOf nullOr path str string submodule; in @@ -338,7 +338,8 @@ rec { check = let IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in concatMapStringsSep "." (const d) (range 1 4); - in x: isString x && match IPv4address x != null; + in + test IPv4address; merge = mergeOneOption; }; addr6 = mkOptionType { @@ -346,7 +347,8 @@ rec { check = let # TODO check IPv6 address harder IPv6address = "[0-9a-f.:]+"; - in x: isString x && match IPv6address x != null; + in + test IPv6address; merge = mergeOneOption; }; @@ -396,14 +398,13 @@ rec { file-mode = mkOptionType { name = "file mode"; - check = x: isString x && match "[0-7]{4}" x != null; + check = test "[0-7]{4}"; merge = mergeOneOption; }; haskell.conid = mkOptionType { name = "Haskell constructor identifier"; - check = x: - isString x && match "[[:upper:]][[:lower:]_[:upper:]0-9']*" x != null; + check = test "[[:upper:]][[:lower:]_[:upper:]0-9']*"; merge = mergeOneOption; }; @@ -425,15 +426,14 @@ rec { label = mkOptionType { name = "label"; # TODO case-insensitive labels - check = x: isString x - && match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null; + check = test "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?"; merge = mergeOneOption; }; # POSIX.1‐2013, 3.278 Portable Filename Character Set filename = mkOptionType { name = "POSIX filename"; - check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null; + check = test "([0-9A-Za-z._])[0-9A-Za-z._-]*"; merge = mergeOneOption; }; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index bfd59531a..3add01748 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -28,6 +28,7 @@ with import <stockholm/lib>; # tv bc bind # dig + brain cac-api dic file @@ -35,6 +36,7 @@ with import <stockholm/lib>; haskellPackages.hledger htop jq + krebszones mkpasswd netcat netcup @@ -47,18 +49,6 @@ with import <stockholm/lib>; texlive.combined.scheme-full tmux - (pkgs.writeDashBin "krebszones" '' - set -efu - export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf - case $* in - import) - set -- import /etc/zones/krebsco.de krebsco.de - echo "+ krebszones $*" >&2 - ;; - esac - exec ${pkgs.krebszones}/bin/ovh-zone "$@" - '') - #ack #apache-httpd #ascii diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b1d739ef3..4a1247ef5 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -9,12 +9,15 @@ with import <stockholm/lib>; user = config.krebs.users.tv; source = let inherit (config.krebs.build) host; in { nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = "/home/tv/secrets/${host.name}"; + secrets.file = + if getEnv "dummy_secrets" == "true" + then toString <stockholm/tv/dummy_secrets> + else "/home/tv/secrets/${host.name}"; secrets-common.file = "/home/tv/secrets/common"; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "99dfb6dce37edcd1db7cb85c2db97089d9d5f442"; # nixos-17.03 + ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; @@ -41,6 +44,7 @@ with import <stockholm/lib>; gnumake hashPassword populate + whatsupnix ]; } { diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 13b12986c..b6480f356 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -90,28 +90,33 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; + hooks.post-receive = irc-announce { + cgit_endpoint = null; + }; }; } // # TODO don't put secrets/repos.nix into the store import <secrets/repos.nix> { inherit config lib pkgs; } ); + irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate { + channel = "#retiolum"; + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + server = "ni.r"; + verbose = true; + } args); + make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; - verbose = true; - }; + post-receive = irc-announce {}; }; }; - make-restricted-repo = name: { collaborators ? [], ... }: { - inherit collaborators name; + make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { + inherit collaborators hooks name; public = false; }; diff --git a/tv/dummy_secrets/default.nix b/tv/dummy_secrets/default.nix new file mode 100644 index 000000000..ab90db55c --- /dev/null +++ b/tv/dummy_secrets/default.nix @@ -0,0 +1,8 @@ +{ config, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; +} diff --git a/tv/dummy_secrets/repos.nix b/tv/dummy_secrets/repos.nix new file mode 100644 index 000000000..eed712458 --- /dev/null +++ b/tv/dummy_secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/tv/dummy_secrets/ssh.id_ed25519 b/tv/dummy_secrets/ssh.id_ed25519 new file mode 100644 index 000000000..a7d2adab4 --- /dev/null +++ b/tv/dummy_secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BE |