summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/default.nix2
-rw-r--r--krebs/3modules/setuid.nix4
-rw-r--r--krebs/5pkgs/simple/bling/default.nix56
-rw-r--r--krebs/5pkgs/simple/git-hooks/default.nix40
-rw-r--r--krebs/5pkgs/simple/krebs-pages/default.nix8
-rw-r--r--krebs/5pkgs/simple/krebs-pages/fixtures/index.html42
-rw-r--r--krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html133
-rw-r--r--krebs/5pkgs/simple/urlwatch/default.nix8
-rw-r--r--krebs/5pkgs/simple/whatsupnix/whatsupnix.bash36
-rw-r--r--lass/2configs/buildbot-standalone.nix120
-rw-r--r--lib/default.nix4
-rw-r--r--lib/shell.nix2
-rw-r--r--lib/types.nix22
-rw-r--r--tv/1systems/xu.nix14
-rw-r--r--tv/2configs/default.nix8
-rw-r--r--tv/2configs/gitrepos.nix23
-rw-r--r--tv/dummy_secrets/default.nix8
-rw-r--r--tv/dummy_secrets/repos.nix1
-rw-r--r--tv/dummy_secrets/ssh.id_ed255193
-rw-r--r--tv/dummy_secrets/ssh.id_rsa3
20 files changed, 374 insertions, 163 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 227eb209b..081724cfe 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -186,7 +186,7 @@ let
makefu
tv
];
- ciko.mail = "wieczorek.stefan@gmail.com";
+ ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"cfp@eloop.org" = eloop-ml;
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index c9677fd24..a17ec0883 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -47,9 +47,7 @@ let
type = mkOptionType {
# TODO admit symbolic mode
name = "octal mode";
- check = x:
- isString x &&
- match "[0-7][0-7][0-7][0-7]" x != null;
+ check = test "[0-7][0-7][0-7][0-7]";
merge = mergeOneOption;
};
};
diff --git a/krebs/5pkgs/simple/bling/default.nix b/krebs/5pkgs/simple/bling/default.nix
new file mode 100644
index 000000000..8d6207f65
--- /dev/null
+++ b/krebs/5pkgs/simple/bling/default.nix
@@ -0,0 +1,56 @@
+{ imagemagick, runCommand, ... }:
+
+with import <stockholm/lib>;
+
+let
+ krebs-v2 = [
+ " "
+ " "
+ " x x x x"
+ "xx x xx xx xx x"
+ "xx x xx xx xx x"
+ " xxx x x xxx"
+ " xxx xxxxx xxx"
+ " x xxxxxxx x "
+ " xxxxxxxxxxxxx "
+ " xxxxxxx "
+ " xxxxxxxxxxx "
+ " x xxx x "
+ " x x x x x x "
+ " x x x x x x "
+ " x xx x x xx x "
+ " "
+ ];
+
+ chars-per-pixel = 1;
+ colors = 2;
+ columns = foldl' max 0 (map stringLength krebs-v2);
+ rows = length krebs-v2;
+
+ png-geometry = "1692x1692";
+
+ txt = concatMapStrings (s: "${s}\n") krebs-v2;
+
+ xpm = ''
+ static char *krebs_v2[] = {
+ ${toC (toString [columns rows colors chars-per-pixel])},
+ " c None",
+ "x c #E4002B",
+ ${concatMapStringsSep ",\n " toC krebs-v2}
+ };
+ '';
+in
+
+runCommand "bling"
+ {
+ inherit xpm;
+ passAsFile = ["xpm"];
+ }
+ ''
+ mkdir -p $out
+ cd $out
+
+ cp $xpmPath krebs-v2.xpm
+ ${imagemagick}/bin/convert krebs-v2.xpm krebs-v2.ico
+ ${imagemagick}/bin/convert krebs-v2.xpm -scale ${png-geometry} krebs-v2.png
+ ''
diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix
index 4017b873b..1930c7f14 100644
--- a/krebs/5pkgs/simple/git-hooks/default.nix
+++ b/krebs/5pkgs/simple/git-hooks/default.nix
@@ -5,7 +5,15 @@ with import <stockholm/lib>;
{
# TODO irc-announce should return a derivation
# but it cannot because krebs.git.repos.*.hooks :: attrsOf str
- irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
+ irc-announce =
+ { branches ? []
+ , cgit_endpoint ? "http://cgit.${nick}.r"
+ , channel
+ , nick
+ , port ? 6667
+ , server
+ , verbose ? false
+ }: /* sh */ ''
#! /bin/sh
set -euf
@@ -34,7 +42,6 @@ with import <stockholm/lib>;
port=${toString port}
host=$nick
- cgit_endpoint=http://cgit.$host.r
empty=0000000000000000000000000000000000000000
@@ -66,22 +73,27 @@ with import <stockholm/lib>;
if [ $newrev = $empty ]; then id=$empty_tree; fi
if [ $oldrev = $empty ]; then id2=$empty_tree; fi
- case $receive_mode in
- create)
- link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h"
- ;;
- delete)
- link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)"
- ;;
- fast-forward|non-fast-forward)
- link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
- ;;
- esac
+ ${if cgit_endpoint != null then /* sh */ ''
+ cgit_endpoint=${escapeShellArg cgit_endpoint}
+ case $receive_mode in
+ create)
+ link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h"
+ ;;
+ delete)
+ link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)"
+ ;;
+ fast-forward|non-fast-forward)
+ link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
+ ;;
+ esac
+ '' else /* sh */ ''
+ link="$GIT_SSH_REPO $h"
+ ''}
#$host $GIT_SSH_REPO $ref $link
add_message $(pink push) $link $(gray "($receive_mode)")
- ${optionalString verbose ''
+ ${optionalString verbose /* sh */ ''
add_message "$(
git log \
--format="$(orange %h) %s $(gray '(%ar)')" \
diff --git a/krebs/5pkgs/simple/krebs-pages/default.nix b/krebs/5pkgs/simple/krebs-pages/default.nix
new file mode 100644
index 000000000..c4ecb2603
--- /dev/null
+++ b/krebs/5pkgs/simple/krebs-pages/default.nix
@@ -0,0 +1,8 @@
+{ bling, runCommand, ... }:
+
+runCommand "krebs-pages-0" {} ''
+ mkdir $out
+ cp ${./fixtures}/* $out/
+ ln -s ${bling}/krebs-v2.ico $out/favicon.ico
+ ln -s ${bling}/krebs-v2.png $out/
+''
diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
new file mode 100644
index 000000000..e6b7034b3
--- /dev/null
+++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html
@@ -0,0 +1,42 @@
+<!doctype html>
+<title>krebscode</title>
+<style>
+ html {
+ background: black url(krebs-v2.png) fixed no-repeat 50% 0%;
+ background-size: 423px;
+ }
+ a:visited {
+ color: white;
+ }
+ a:link {
+ color: lightgrey;
+ }
+</style>
+<script>
+ var html;
+ window.onload = function () {
+ html = document.getElementsByTagName('html')[0];
+ window.onresize();
+ }
+ window.onresize = function () {
+ html.style.backgroundSize =
+ Math.min(document.height - 23, document.width - 23) + 'px';
+ }
+</script>
+<body>
+ <p>
+ <a href="http://krebscode.github.io/minikrebs/linuxtag">
+ Linuxtag Heckenkrebs Presentation
+ </a>
+ </p>
+ <p>
+ <a href="http://krebscode.github.io/writeups">
+ CTF Writeups
+ </a>
+ </p>
+ <p>
+ <a href="thesauron.html">
+ Thesauron
+ </a>
+ </p>
+</body>
diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html
new file mode 100644
index 000000000..bcf1c5d48
--- /dev/null
+++ b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html
@@ -0,0 +1,133 @@
+<p>Cholerab n.
+[de]
+- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass
+ Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert.
+- Teamwork-Plattform für Krebscode.</p>
+
+<p>eigentlich adv.
+[de]
+- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt,
+ die nicht der Fall ist.
+Antonym: tatsaechlich</p>
+
+<p>ghost n.
+[de]
+- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen
+ Festplatten) aber wohl nie wieder kommen wird.
+Siehe: Wiederbelebung</p>
+
+<p>KD;RP abbr. (pronounciation: kah-derp)
+[en]
+- Short for Krebs Darknet / Retiolum Prefix.</p>
+
+<p>krebs
+[de]
+- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste
+ Softwareprojekt im Shack und viel verteilte infrastruktur.</p>
+
+<p>kremium
+[en]
+- coinage derived from the words premium and krebs
+see: broken
+usage: Reaktor ircbot has unfixed broken behavior since ever-&gt;&#8220;Kremium Software&#8221;</p>
+
+<p>KRI abbr. (pronounciation: [en] cry)
+[en]
+- Short for Krebs Request for Implementation.
+ Derived from Scheme Requests for Implementation (SRFI).</p>
+
+<p>litterate programming n.
+[en]
+- any code that has not been proved mathematically.</p>
+
+<p>Nahziel n.
+[de]
+- Ziel mit höchst möglicher Priorität.</p>
+
+<p>Nahzielerfahrung n.
+[de]
+- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl
+ nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).</p>
+
+<p>parentheses of fear
+[en]
+- unnecessary parentheses, usually used when order of precedence is unknown.
+ - Examples: 1 + (2 * 3)</p>
+
+<p>Protip n.
+[en]
+- (Probably vague) description how a task can be solved.
+ - Antonym: Spoiler
+ - Example:
+ - To defeat the Cyberdaemon, shoot at it until it dies.
+ - RTFM</p>
+
+<p>Punching Lemma n.
+[de]
+- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht
+ von Krebs</p>
+
+<p>ref, n.
+[en]
+- A reference like an URI, ISBN, name of a person, etc.</p>
+
+<p>reftrace, n.
+[en]
+- A stacktrace-like representation of refs that lead to some (any kind of)
+ conclusion. Usually generated by a human. The conclusion can be either on
+ the top or on the bottom of the stack. If the order is ambiguous, then it
+ should be communicated explicitly.
+ - Example: (conclusion first)
+ - http://en.wikipedia.org/wiki/Stack_trace
+ - google &#8220;stacktrace&#8221; (first entry / 2014&#8211;12&#8211;05T12:13:58Z)
+ - think about some example [this could be omitted, as it&#8217;s obvious&#8230;]</p>
+
+<p>Retiolum n.
+[en]
+- The official darknet of Krebs which utilizes the Retiolum Prefix to
+ address individual nodes.</p>
+
+<p>Retiolum Prefix n.
+[en]
+- The universally accepted IPv6-prefix, 42::/16. Anyone can has a
+ /128-subnet and, if require, anything larger.</p>
+
+<p>Retiolum Realtime Map n.
+[en]
+- The network map of the public visible part of Retiolum.</p>
+
+<p>RRM [abbr.][en]
+- Short for Retiolum Retiolum Map.</p>
+
+<p>Sanatorium n.
+[en]
+- The Krebs Control and Command Center.
+- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather
+ and lurk for relevant input.</p>
+
+<p>Spoiler n.
+[en]
+- A subset of walkthrough, i.e. any individual steps may be omitted.
+ - Antonym: Protip</p>
+
+<p>tatsaechlich, adv.
+[de]
+- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht.
+Antonym: eigentlich</p>
+
+<p>Verkrebsung n.
+[de]
+- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs
+ Komponente) auf einem beliebigem System.</p>
+
+<p>Walkthrough n.
+[en]
+- Description of the individual steps to complete a task.
+ - Examples:
+ - program code
+ - small-step semantics</p>
+
+<p>Wiederbelebung n.
+[de]
+- Ein ghost wird im Darknet wieder erreichbar
+Siehe: ghost</p>
diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix
index 7ffbd8870..509555669 100644
--- a/krebs/5pkgs/simple/urlwatch/default.nix
+++ b/krebs/5pkgs/simple/urlwatch/default.nix
@@ -1,16 +1,17 @@
{ stdenv, fetchurl, python3Packages }:
python3Packages.buildPythonPackage rec {
- name = "urlwatch-2.5";
+ name = "urlwatch-${meta.version}";
src = fetchurl {
- url = "https://thp.io/2008/urlwatch/${name}.tar.gz";
- sha256 = "0qirpymdmpsx0klmhbx3icmiwpm6fx4wjma646gl9m90pifs8430";
+ url = "https://github.com/thp/urlwatch/archive/${meta.version}.tar.gz";
+ sha256 = "09bn31gn03swi7yr3s1ql8x07hx96gap1ka77kk44kk0lvfxn55b";
};
propagatedBuildInputs = with python3Packages; [
keyring
minidb
+ pycodestyle
pyyaml
requests2
];
@@ -20,5 +21,6 @@ python3Packages.buildPythonPackage rec {
homepage = https://thp.io/2008/urlwatch/;
license = stdenv.lib.licenses.bsd3;
maintainers = [ stdenv.lib.maintainers.tv ];
+ version = "2.6";
};
}
diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
index eba44be1c..042763048 100644
--- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
+++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
@@ -1,26 +1,33 @@
#!/usr/bin/env bash
-
+#
# Prints build logs for failed derivations in quiet build mode (-Q).
# See https://github.com/NixOS/nix/issues/443
#
# Usage:
#
-# set -o pipefail
-# nix-build ... -Q ... | whatsupnix [user@target[:port]]
+# nix-build ... -Q ... 2>&1 | whatsupnix [user@target[:port]]
+#
+# Exit Codes:
+#
+# 0 No failed derivations could be found. This either means there where
+# no build errors, or stdin wasn't nix-build output.
+#
+# 1 Usage error; arguments couldn't be parsed.
+#
+# 2 Build error; at least one failed derivation could be found.
#
-
GAWK=${GAWK:-gawk}
NIX_STORE=${NIX_STORE:-nix-store}
-broken=$(mktemp)
-trap 'rm -f -- "$broken"' EXIT
+failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX)
+trap 'rm -f -- "$failed_drvs"' EXIT
exec >&2
-$GAWK -v broken="$broken" '
+$GAWK -v failed_drvs="$failed_drvs" '
match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) {
- print m[1] >> broken
+ print m[1] >> failed_drvs
}
{ print $0 }
'
@@ -28,7 +35,7 @@ $GAWK -v broken="$broken" '
case $# in
0)
print_log() {
- $NIX_STORE -l "$1"
+ NIX_PAGER= $NIX_STORE -l "$1"
}
;;
1)
@@ -47,7 +54,7 @@ case $# in
remote_host=$1
print_log() {
ssh "$remote_user@$remote_host" -p "$remote_port" \
- nix-store -l "$1"
+ env NIX_PAGER= nix-store -l "$1"
}
;;
*)
@@ -55,7 +62,6 @@ case $# in
exit 1
esac
-export NIX_PAGER='' # for nix-store
while read -r drv; do
title="** FAILED $drv LOG **"
frame=${title//?/*}
@@ -68,6 +74,10 @@ while read -r drv; do
print_log "$drv"
echo
-done < "$broken"
+done < "$failed_drvs"
-exit 0
+if test -s "$failed_drvs"; then
+ exit 2
+else
+ exit 0
+fi
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 5edd1075d..e765ddbb4 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -32,7 +32,7 @@ in {
stockholm_repo,
workdir='stockholm-poller', branches=True,
project='stockholm',
- pollinterval=120
+ pollinterval=10
)
)
'';
@@ -44,7 +44,7 @@ in {
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=10,
name="build-all-branches",
- builderNames=["build-hosts", "build-pkgs"]
+ builderNames=["build-hosts"]
)
)
'';
@@ -77,6 +77,11 @@ in {
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
}
+ env_tv = {
+ "LOGNAME": "tv",
+ "NIX_REMOTE": "daemon",
+ "dummy_secrets": "true",
+ }
# prepare nix-shell
# the dependencies which are used by the test script
@@ -91,6 +96,7 @@ in {
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = [
"nix-shell",
+ "-I", "/var/src",
"-I", "stockholm=.",
"-p"
] + deps + [ "--run" ]
@@ -103,45 +109,31 @@ in {
build-hosts = ''
f = util.BuildFactory()
f.addStep(grab_repo)
- for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
- addShell(f,name="build-{}".format(i),env=env_shared,
- command=nixshell + \
- ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
- make NIX_PATH=$HOME/$LOGNAME test method=build \
- target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
- system={}".format(i)
- ]
+
+ def build_host(env, host):
+ addShell(f,name="build-{}".format(i),env=env,
+ command=nixshell + ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
+ echo $HOME; echo $LOGNAME; \
+ test -e $HOME/$LOGNAME/nixpkgs || cp -r /var/src/nixpkgs $HOME/$LOGNAME/; \
+ make NIX_PATH=$HOME/$LOGNAME:secrets=/var/src/stockholm/null test method=build \
+ target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
+ system={}".format(host)]
)
+ for i in [ "alnus", "mu", "nomic", "wu", "xu", "zu" ]:
+ build_host(env_tv, i)
+
for i in [ "mors", "uriel", "shodan", "icarus", "cloudkrebs", "echelon", "dishfire", "prism" ]:
- addShell(f,name="build-{}".format(i),env=env_lass,
- command=nixshell + \
- ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
- make NIX_PATH=$HOME/$LOGNAME test method=build \
- target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
- system={}".format(i)
- ]
- )
+ build_host(env_lass, i)
for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
- addShell(f,name="build-{}".format(i),env=env_makefu,
- command=nixshell + \
- ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
- make NIX_PATH=$HOME/$LOGNAME test method=build \
- target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
- system={}".format(i)
- ]
- )
+ build_host(env_makefu, i)
for i in [ "hiawatha", "onondaga" ]:
- addShell(f,name="build-{}".format(i),env=env_nin,
- command=nixshell + \
- ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
- make NIX_PATH=$HOME/$LOGNAME test method=build \
- target=buildbotworker@${config.krebs.build.host.name}$HOME/$LOGNAME \
- system={}".format(i)
- ]
- )
+ build_host(env_nin, i)
+
+ for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
+ build_host(env_shared, i)
bu.append(
util.BuilderConfig(
@@ -152,63 +144,6 @@ in {
)
'';
-
- build-pkgs = ''
- f = util.BuildFactory()
- f.addStep(grab_repo)
- for i in [
- "apt-cacher-ng",
- "bepasty-client-cli",
- "cac-api",
- "cac-cert",
- "cac-panel",
- "charybdis",
- "collectd-connect-time",
- "dic",
- "drivedroid-gen-repo",
- "exim",
- "fortclientsslvpn",
- "get",
- "git-hooks",
- "github-hosts-sync",
- "go",
- "hashPassword",
- "haskellPackages.blessings",
- "haskellPackages.email-header",
- "haskellPackages.scanner",
- "haskellPackages.xmonad-stockholm",
- "krebspaste",
- "logf",
- "much",
- "newsbot-js",
- "noVNC",
- "ovh-zone",
- "passwdqc-utils",
- "populate",
- "posix-array",
- "pssh",
- "push",
- "Reaktor",
- "realwallpaper",
- "repo-sync",
- "retiolum-bootstrap",
- "tarantool",
- "test",
- "tinc_graphs",
- "translate-shell",
- "urlwatch",
- "with-tmpdir",
- "youtube-tools",
- ]:
- addShell(f,name="build-{}".format(i),env=env_lass,
- command=nixshell + \
- ["mkdir -p $HOME/$LOGNAME && touch $HOME/$LOGNAME/.populate; \
- make system=prism pkgs.{}".format(i)])
-
- bu.append(util.BuilderConfig(name="build-pkgs",
- workernames=workernames,
- factory=f))
- '';
};
enable = true;
web.enable = true;
@@ -230,9 +165,6 @@ in {
username = "testworker";
password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate ];
- extraEnviron = {
- NIX_PATH="/var/src";
- };
};
config.krebs.iptables = {
tables = {
diff --git a/lib/default.nix b/lib/default.nix
index 9399a0107..803a614a1 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -29,6 +29,10 @@ let
setAttr = name: value: set: set // { ${name} = value; };
+ test = re: x: isString x && testString re x;
+
+ testString = re: x: match re x != null;
+
toC = x: let
type = typeOf x;
reject = throw "cannot convert ${type}";
diff --git a/lib/shell.nix b/lib/shell.nix
index a8ff5dbe0..f9779028e 100644
--- a/lib/shell.nix
+++ b/lib/shell.nix
@@ -5,7 +5,7 @@ with lib;
rec {
escape =
let
- isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null;
+ isSafeChar = testString "[-+./0-9:=A-Z_a-z]";
in
stringAsChars (c:
if isSafeChar c then c
diff --git a/lib/types.nix b/lib/types.nix
index 530cd1e69..f9ec7b1c3 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -2,10 +2,10 @@
let
inherit (lib)
- all any concatMapStringsSep concatStringsSep const filter flip genid
- hasSuffix head isInt isString length match mergeOneOption mkOption
+ all any concatMapStringsSep concatStringsSep const filter flip
+ genid hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString
- stringLength substring typeOf;
+ stringLength substring test typeOf;
inherit (lib.types)
attrsOf bool either enum int listOf nullOr path str string submodule;
in
@@ -338,7 +338,8 @@ rec {
check = let
IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
concatMapStringsSep "." (const d) (range 1 4);
- in x: isString x && match IPv4address x != null;
+ in
+ test IPv4address;
merge = mergeOneOption;
};
addr6 = mkOptionType {
@@ -346,7 +347,8 @@ rec {
check = let
# TODO check IPv6 address harder
IPv6address = "[0-9a-f.:]+";
- in x: isString x && match IPv6address x != null;
+ in
+ test IPv6address;
merge = mergeOneOption;
};
@@ -396,14 +398,13 @@ rec {
file-mode = mkOptionType {
name = "file mode";
- check = x: isString x && match "[0-7]{4}" x != null;
+ check = test "[0-7]{4}";
merge = mergeOneOption;
};
haskell.conid = mkOptionType {
name = "Haskell constructor identifier";
- check = x:
- isString x && match "[[:upper:]][[:lower:]_[:upper:]0-9']*" x != null;
+ check = test "[[:upper:]][[:lower:]_[:upper:]0-9']*";
merge = mergeOneOption;
};
@@ -425,15 +426,14 @@ rec {
label = mkOptionType {
name = "label";
# TODO case-insensitive labels
- check = x: isString x
- && match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null;
+ check = test "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?";
merge = mergeOneOption;
};
# POSIX.1‐2013, 3.278 Portable Filename Character Set
filename = mkOptionType {
name = "POSIX filename";
- check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null;
+ check = test "([0-9A-Za-z._])[0-9A-Za-z._-]*";
merge = mergeOneOption;
};
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index bfd59531a..3add01748 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -28,6 +28,7 @@ with import <stockholm/lib>;
# tv
bc
bind # dig
+ brain
cac-api
dic
file
@@ -35,6 +36,7 @@ with import <stockholm/lib>;
haskellPackages.hledger
htop
jq
+ krebszones
mkpasswd
netcat
netcup
@@ -47,18 +49,6 @@ with import <stockholm/lib>;
texlive.combined.scheme-full
tmux
- (pkgs.writeDashBin "krebszones" ''
- set -efu
- export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf
- case $* in
- import)
- set -- import /etc/zones/krebsco.de krebsco.de
- echo "+ krebszones $*" >&2
- ;;
- esac
- exec ${pkgs.krebszones}/bin/ovh-zone "$@"
- '')
-
#ack
#apache-httpd
#ascii
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index b1d739ef3..4a1247ef5 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -9,12 +9,15 @@ with import <stockholm/lib>;
user = config.krebs.users.tv;
source = let inherit (config.krebs.build) host; in {
nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix";
- secrets.file = "/home/tv/secrets/${host.name}";
+ secrets.file =
+ if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/tv/dummy_secrets>
+ else "/home/tv/secrets/${host.name}";
secrets-common.file = "/home/tv/secrets/common";
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "99dfb6dce37edcd1db7cb85c2db97089d9d5f442"; # nixos-17.03
+ ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";
@@ -41,6 +44,7 @@ with import <stockholm/lib>;
gnumake
hashPassword
populate
+ whatsupnix
];
}
{
diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix
index 13b12986c..b6480f356 100644
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@@ -90,28 +90,33 @@ let {
{
brain = {
collaborators = with config.krebs.users; [ lass makefu ];
+ hooks.post-receive = irc-announce {
+ cgit_endpoint = null;
+ };
};
} //
# TODO don't put secrets/repos.nix into the store
import <secrets/repos.nix> { inherit config lib pkgs; }
);
+ irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate {
+ channel = "#retiolum";
+ # TODO make nick = config.krebs.build.host.name the default
+ nick = config.krebs.build.host.name;
+ server = "ni.r";
+ verbose = true;
+ } args);
+
make-public-repo = name: { cgit ? {}, ... }: {
inherit cgit name;
public = true;
hooks = optionalAttrs (config.krebs.build.host.name == "ni") {
- post-receive = pkgs.git-hooks.irc-announce {
- # TODO make nick = config.krebs.build.host.name the default
- nick = config.krebs.build.host.name;
- channel = "#retiolum";
- server = "ni.r";
- verbose = true;
- };
+ post-receive = irc-announce {};
};
};
- make-restricted-repo = name: { collaborators ? [], ... }: {
- inherit collaborators name;
+ make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: {
+ inherit collaborators hooks name;
public = false;
};
diff --git a/tv/dummy_secrets/default.nix b/tv/dummy_secrets/default.nix
new file mode 100644
index 000000000..ab90db55c
--- /dev/null
+++ b/tv/dummy_secrets/default.nix
@@ -0,0 +1,8 @@
+{ config, ... }:
+{
+ users.users.root = {
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.tv.pubkey
+ ];
+ };
+}
diff --git a/tv/dummy_secrets/repos.nix b/tv/dummy_secrets/repos.nix
new file mode 100644
index 000000000..eed712458
--- /dev/null
+++ b/tv/dummy_secrets/repos.nix
@@ -0,0 +1 @@
+_: {}
diff --git a/tv/dummy_secrets/ssh.id_ed25519 b/tv/dummy_secrets/ssh.id_ed25519
new file mode 100644
index 000000000..a7d2adab4
--- /dev/null
+++ b/tv/dummy_secrets/ssh.id_ed25519
@@ -0,0 +1,3 @@
+-----BE