summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--jeschli/krops.nix2
-rw-r--r--krebs/3modules/external/default.nix14
-rw-r--r--krebs/3modules/lass/pgp/yubikey.pgp102
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs-unstable.sh2
-rwxr-xr-xkrebs/update-nixpkgs.sh2
-rw-r--r--lass/2configs/green-host.nix109
-rw-r--r--lass/krops.nix3
-rw-r--r--makefu/krops.nix2
10 files changed, 139 insertions, 113 deletions
diff --git a/jeschli/krops.nix b/jeschli/krops.nix
index 59edd4273..242f1f7bb 100644
--- a/jeschli/krops.nix
+++ b/jeschli/krops.nix
@@ -10,7 +10,7 @@
{
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs-unstable.git = {
- url = "https://github.com/nixos/nixpkgs-channels";
+ url = "https://github.com/nixos/nixpkgs";
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
};
secrets = if test then {
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index e1667cb68..4a48a3393 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -18,12 +18,15 @@ with import <stockholm/lib>;
in {
hosts = mapAttrs hostDefaults {
- catullus = {
+ toum = {
owner = config.krebs.users.kmein;
nets = {
retiolum = {
ip4.addr = "10.243.2.3";
- aliases = [ "catullus.r" ];
+ aliases = [
+ "toum.r"
+ "toum.kmein.r"
+ ];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2tRtskPP6391+ZX9xzsx
@@ -48,7 +51,10 @@ in {
nets = {
retiolum = {
ip4.addr = "10.243.2.4";
- aliases = [ "wilde.r" ];
+ aliases = [
+ "wilde.r"
+ "wilde.kmein.r"
+ ];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtz/MY5OSxJqrEMv6Iwjk
@@ -100,6 +106,7 @@ in {
ip4.addr = "10.243.2.1";
aliases = [
"homeros.r"
+ "homeros.kmein.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
@@ -228,6 +235,7 @@ in {
ip4.addr = "10.243.2.2";
aliases = [
"scardanelli.r"
+ "scardanelli.kmein.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
diff --git a/krebs/3modules/lass/pgp/yubikey.pgp b/krebs/3modules/lass/pgp/yubikey.pgp
index 0c7791ce8..d7b3c29c5 100644
--- a/krebs/3modules/lass/pgp/yubikey.pgp
+++ b/krebs/3modules/lass/pgp/yubikey.pgp
@@ -35,30 +35,30 @@ N6p/mTAfwLHrgKEDY+YLLqaogdZ0O7wL+jgrL6fuKqALuIJqO/6FBVXfyR5rvUGs
8R9rdy39x0NkWdyt+I0kXf50cWVi/tSi47HGYJpc1JSjFOfLjpQihij+nWlMnaF4
bpeJBUYx5FZlIou4a7+aRsPQC7P58tcMSFR7gKlomBacBQoVkf8iZ6ml0aWRTZnr
s2XOGn7h6A4AoeLr1i4U8XkJGHatunhvhXJTPHk0QZvgfq92gQc3IdUAEQEAAYkE
-cgQYAQoAJhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJdok2SAhsCBQkB4TOAAkAJ
-EGZXvoqNHugHwXQgBBkBCgAdFiEEVAotn4qIhqe83vdsfheGip18nM8FAl2iTZIA
-CgkQfheGip18nM9DVxAAuqX7iztddbttkIfN65R5XJPjz7NRg0AI8G+1qnkvF3c2
-ufNjL++BJSvlbi/2ov92S+0CPF08E4kDsHjA/JM782D6lDfSZltW4YBBqkJZdtiP
-ElcIqIhM6EX7fs3Ag/RjUVPb4tYkH20xcNhyl+0RdBuSvR0+KOXXBfoNmsyQM4/h
-UKiWW3vGOZOBmYPNcvAQcMs+p4D5JHQcOyxgtXyiXU/VxvUWI7cH6I7daRDTFR3L
-4zXoIrRwqEgxIqof2Zm4smoHDLfXxGQrcjj6eKkn/gt/T7qYxnhcG5guS2DwIay5
-c7xV1xuB7pDgM1On56heD21DI4vtXXnTkjo7/6hsw2e6TBcn295fEekvBupYVwaz
-efBSlr2f3xxlDvd35D5tWZRVGspzxO15DcTaTglOeNtRnYGRwHwE/tiJ0G0uwGfv
-aI0xeexuhnTfvEkpJ4SJ/iMl+FpOw7I35H7mz8MrRNMjtR+Es8gzuw7hNErmbh0S
-LZvddoPnqt9kF8ayA1iz1X9KiBkkj3EbvI99jYjdDDm5lsxCZKLSX4r9Mp236K6D
-MGlifRN2AfdXziXhPABQkKE5m7kcn1gALn9Mcg5HgeXTdxan6QP35ygDtmNldJGE
-P+AWAZ4RwaFK8P3/oqQ/8XhnkwH5n2SPd8WQqnldvrtajUzUegvJUstLS5B1TFQl
-Ug/9EV4nuVrGU0uFQLFKLzCXAxWGQPwFwJW4XI4SfhHzyXm8nuJLAKJunxxYni9z
-7bIe297hNCMLh8VwW6WkGCz4v9BfURE1jUEPeuu0biCHxa+U8vd1l/CIgAYbNTgj
-8eNsN6hV4X9fpGaW0YjDtGSkl1FMC+4YLXm8xRHzdM0RpZpRMaUKSuAYJzi21LGa
-QyhdrTn77RvbkeFu0I3b8If5QLTFxLTkAM2IwfyHd7ytlhl6vxHaUwh8djop9jjc
-Ty+bSyEjEIZyR+buj3CVUiheQXWw6rGFdR/TLGERWMf6rYF/fuXp5s6jmRCPmB0d
-7iX3WkZ6XvjW6wuM9TaBhK3PixPHcHss8uwhtg7+WeVqRAr4VWTFxTIy60vacDvL
-5Sskqas4JWnYxfuFpm60IDnBS2kkHM07O+PY2x4S5o+7S0qT9RPtcvqVtAp8eont
-2ovc9fXn4UpbeENFeytwed65QrFYDLGlNtq66iO2kp2mX/sFk634TUZ04vyz6nut
-senoOofrZefND2uhzJ8pyJkYWTWBsmGitn0JPSBxbIil7PSDBbqEdHE/fD6QnOdw
-dmDrFJUdcDzwdBDlmn80VOmooyR8pfrH5u6wKfNZ9xBjVsh1z6lWQbuBgXtltTtE
-5rJJvZ7Pawt8nmb+UW0WxCL3TsWCG3sq1MV8ryU/9l0hTEK5Ag0EXaJN1gEQANML
+cgQYAQoAJgIbAhYhBNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY99AkDB
+dCAEGQEKAB0WIQRUCi2fioiGp7ze92x+F4aKnXyczwUCXaJNkgAKCRB+F4aKnXyc
+z0NXEAC6pfuLO111u22Qh83rlHlck+PPs1GDQAjwb7WqeS8Xdza582Mv74ElK+Vu
+L/ai/3ZL7QI8XTwTiQOweMD8kzvzYPqUN9JmW1bhgEGqQll22I8SVwioiEzoRft+
+zcCD9GNRU9vi1iQfbTFw2HKX7RF0G5K9HT4o5dcF+g2azJAzj+FQqJZbe8Y5k4GZ
+g81y8BBwyz6ngPkkdBw7LGC1fKJdT9XG9RYjtwfojt1pENMVHcvjNegitHCoSDEi
+qh/ZmbiyagcMt9fEZCtyOPp4qSf+C39PupjGeFwbmC5LYPAhrLlzvFXXG4HukOAz
+U6fnqF4PbUMji+1dedOSOjv/qGzDZ7pMFyfb3l8R6S8G6lhXBrN58FKWvZ/fHGUO
+93fkPm1ZlFUaynPE7XkNxNpOCU5421GdgZHAfAT+2InQbS7AZ+9ojTF57G6GdN+8
+SSknhIn+IyX4Wk7DsjfkfubPwytE0yO1H4SzyDO7DuE0SuZuHRItm912g+eq32QX
+xrIDWLPVf0qIGSSPcRu8j32NiN0MObmWzEJkotJfiv0ynbforoMwaWJ9E3YB91fO
+JeE8AFCQoTmbuRyfWAAuf0xyDkeB5dN3FqfpA/fnKAO2Y2V0kYQ/4BYBnhHBoUrw
+/f+ipD/xeGeTAfmfZI93xZCqeV2+u1qNTNR6C8lSy0tLkHVMVAkQZle+io0e6Afj
+AQ/+Lzh1018ILwq/IvV57GrjsYp2lBlcp2n/jZ5KlCVpVPsYjkGT+e2XYvcloPBK
+IXzkHr88/U4iyJGJeIC+a/pYJ6RpR6EzPb1kDB2i0kGbZinoxZwix0b4wvkMoSbT
+KDMkZYEIe0/v6CEU3mCbE9gnNWhPSF+XwXYxNyFNfMqaSqx4mjC6LAuFZA4AgqHB
+uGudBgeIQ+sP8zJTSHKtePgK1JgAMYPGUHgfJHE3tcMDxMgKr2x3PN1Z6/YH/ifZ
+wq1oUFPbB0LGZhkwrSDzgIya5FBoBfnawAwbh562LRuphHdqk+wBYigfFBztbmQx
+MqtA6pmH+k8vNUq6QY/CbZfvcpkRAAR1ib2QaZYXTlq7jqb+nLM9EbACxj9651SQ
+D7u4ShvPtxqFf+mv/4eHYx2akBIIUQYAf5OYGnE3E0kqiuK4qHKgt1NI5z1mSd9D
+duWIuoRbBUrApTKsHgwtMxNrNVioGIE1dTRuu56drhwY2ZPyzVtSb7q/hRU/a3UZ
+5S6EsrmDGIIlAHrgKfKfuerESE5VzN1Nn3QHpfjwX+gq51cosTqlRiu4oMesPk31
+ZmPcuG6H/m7nGagX9+l00sDsqISqMG4lZCJAFa020OS/g6V3q6LCqggky6+4sQTG
+5HB8jGba2tXMSQfBQEtDFve6agiRTw8z1V8s1gPCMmPhsLi5Ag0EXaJN1gEQANML
yxoeknGlTtkG640UP5ZkUEojwXxlni3v2dpWEaEJO9yqvkELCWum5pRz+iDzoDFS
lUPnP3YKVFkLbAlk56abIAQ6VK7wkOSHCw1F7LlCY830bRkgGJ8/b8us9KpET6Am
ei7OGYVtqNBUodEJi6XkH5q9RLQeVR+7ynt0LTAxO/mMFYc3nhccrhadubhh5rTd
@@ -69,19 +69,19 @@ qfwnT2M6m8P4OS1sAHv5vDDYXezB0WrJNstYvhtHhi4ctuolBuwOb7nyIBlZovhk
5/6IAFmoUprfGHOuttEcPTRDGv737cR1cYaz5QMuz2svNU3ivI/tYfIQwMAjv84A
ZN2wl63QkghYo/dm9a5Ex78CNwZD/z7HOE3zD+Rd0C9/hXLpVVhN0mKmDzgJHPUo
VDk//P3YgzM+dtUWWPJ1FfaTz2543V9MwVWUJQj0DIgl4noLHX3wkd/d4gYGAhlW
-kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYWIQTb
-zXV4RgabOS6pQB1mV76KjR7oBwUCXaJN1gIbDAUJAeEzgAAKCRBmV76KjR7oB4ke
-D/94TykloLIX2yjqUgsIbzPNH4Q+wzXYAUwhPaY9WlRsnwMJdoWxLVvMDF44JxKj
-nzUi5UctaeI2GylLv5G2na5/trRnvIAQq0IyMCz7+mQwSDcZL1UgWpoljRnKbPYs
-dYSS1t7LLjP9So4YXeHlAu6tKfF5XkUvB8yfcpupPF+mhfIGPMDRPMBuO3GovpNk
-Gutgrzo3dttRr5b4lwFv6uZBw906b5dgKf82nC3zhvJ0q45VFPmBvriCMHdCzR+E
-i6Lv06/xSe/ksY2m2Ma16M5n/cvPdl0NFMSwPz/VctEbWV+HoIJs/swW3l5xSV1f
-06GQ9h+kaTlF7UUaXWqgiKaOBpvjgVhg88AUwxbpkH/BN1MJ3ww3XAk8gyI7AW0P
-60Xzj0q8zlKxYWxaDWCrBc0yCfC0ulChetVGGaJ9WWRVu2ZjPLwHoZmwEpevSrNc
-0UmO4jtB/5ojCzTI+l5lLHDLYjAZFDvA2qaLfgs5roQvEaGxW9MDpuz10AclrUfV
-u6UikxdivbYssVA0/ytdiIDmITONY6kNL3PLSA7Ki/N3oz4s5WpPFUOBL3wPmpW/
-MXq/d/GvzbgjXHHWdPKrC3sz12/R+PUzr+dTQeJR72eW+6QQqAEmEhS8xfffjsvQ
-z3unfvv/4c/mVInpnGBuQXNFYbZxgEsFxbzVavnwppvAirkCDQRdok4KARAAyG97
+kBxkbQPJ4NT7EKBFk44fa6DVuGOGatBAxKQq1GftABEBAAGJAjwEGAEKACYCGwwW
+IQTbzXV4RgabOS6pQB1mV76KjR7oBwUCX4l2DwUJBamPOQAKCRBmV76KjR7oB/Ds
+D/96TGfHa6BW1v2kUyHUKmpdk62UhZz49nTsOu1JeMI2cDMLkKaPyeKLsRpzV2qc
+OoG1dal7dgjtzKsWdz0HxrrbEs0rBJO4xOmg12Sv9fttTocTt2bQMe3d20Vihbi+
+NDEx2PeyncYulDd8PNfDkh8vWUJQoThqimXoVARwKNuH2oDytGceIp+BZLOH8HRz
+0ESH9nCAGw3gVX6vQPtjbMgoIXHAnAJkIe2boyyUHu2ZmD6CGjxGSSICMzShcDvN
+kcyPKG5BbOGRpbehaMcOOiGH0NsudUPOsyxQt90bP/U+WHPhvOTGk0PqGaOf8QDE
+saGlChd3wVK+uCGl60szcxQsbgzlEQVUG3tTW4QGfzL3XK5bHvuGj03Vb45005Y4
+6UCUP4ZkEYDsw1Hrn5bkPOP/Pc8Sz1MQt+nw1U3QXbHLxLb8fB82B6oDMakHPgaw
+73HxYwbaXDswBb6BVTc86RmXRH1+StObDiJp+h16EqdsSyp15tSM80GRf1KaNKxc
+MA4N7/i7j9M/z2fKWT7vTAGdcg8vhZH0MDQ9vRmYsuQZtoNieZVXnyQ/ILAgPhiL
+pdyPffQV0BpWKd68C8kEhoMP0D3h6Uj88ZOuapyOCvsrBvR7SQOVh+L+KMjh1Xgx
+WvPJuoU4Jox4og85/Gz0Ui8EROYyHg5yqPqsBBmz6h8F7rkCDQRdok4KARAAyG97
rjKhP8Uie1i/16SekDo+GkpodBmvhrZiZdwg75YxriHhgioe2AKKmQItOdZOY+mV
qMA63FmByDlPodHmQnrIAn/gr7p5V3lM+l0oVTI8maPO39iT7Nh6W/rv4ni8eMBk
L6P2cPPaTpcv76qWl/WcMiEflPNSAFaxyIapq04rafthcIILWmOBbQ+liMn9YT7a
@@ -92,18 +92,18 @@ pKuIRv+sBcDY0jJ799CHB2c8eiAYoTRm64rKyYS8RIilqTCmIHnpoSIq3n1wOlMV
X4sB4N4CfAZRAbI9LZfx1QEYn0dst9+mCDRJ/ALBxocKz0wRTpwU5nwP1Zz9TZVh
81wn1Ypj+mFb3aBggpwMLxbifmbsZmd1MwW9k3p2WTs8M1dLFM2ZNA9QmkgRSVFN
6GTTpAyDOs+ZSGYM7MisG9/EvFbNx2BPg6qZH7JeMnlOZXXOg8K5VcLkiGuL1brO
-Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJhYhBNvN
-dXhGBps5LqlAHWZXvoqNHugHBQJdok4KAhsgBQkB4TOAAAoJEGZXvoqNHugHSVkP
-/iEIS7oVZuXBRYCv6GSfrS7b8h5NH8TFiu89sl3B0aRjRXhcsCgutFHVa4ztJqjF
-rzuzmZ/6dlZ2F/LGu1Qzgu8Vd3VNFTuxanUE5W82mFqTcYij1G2HjN0gBoOhscl3
-Oy5zsYfP4gyB3pypPujcqhKfFxxW4V7HK8CvspQ6Anh8TrrAobM7b5gREm3BUvl+
-VH7ErYLy13XkH2dNhUeAY2lNLLBbftwBE3RDFtaT9on/e4FZycgtfOM9fXOqdNXk
-EQW4fXBoazWWYXXcVMro0+KTpITjXdX9F613C9xwLEATS8OVIDxQZFuyrl1r/Dty
-keEn2OKi1RVdZhW7aV09ckKKeH1X/89850WDQatrsREjLXfJBJU94XKwekFC0wsw
-uUJkyf5tb/FbAQg8fTMLhVv1D+IqkEISSwr3JmRZXqDEAYqCZHHWqnRrB8mm6eoB
-vI93yMV1bkxb2/aI4xBtGKhPzfLIiiV5PevmnDOq08htU/Jr6VGhW+Wm1/qnHmPw
-JE1J+yH8NHJQ6NemztSomK8K9J23zgJfgb24Eztc8zIBcNb2CWJ9BgkSYy1BLFy4
-gsfSx3i91GdfsjMpBL7o4/rjdlJGbt76k18dSyWJEdtwYYKwGYvNes21GwbZ/aOx
-z8vpeBc06aBx5UOb4Y22HNfG9hDfuuDhGP7Kl0b0LIqq
-=U2Jf
+Hlg94Axha8ffMmqjsde6XOAgvSl5P9k47SWOcZkAEQEAAYkCPAQYAQoAJgIbIBYh
+BNvNdXhGBps5LqlAHWZXvoqNHugHBQJfiXYPBQkFqY8FAAoJEGZXvoqNHugHuLUP
++gJ01mSEs3+0jriWqg7V+Q59rulMVrUdV2mjBtzz3gvF9PLiEnVEl7EgGdLpVIr/
+Wr9QIiUnS1NNrDz8oeDf54Q+OXtQOiczGClK+yWSm/CM02+HATFws66umAl4GQ4X
+qAJwdSDDKIHCP1/0VqXNQUOWW0GCCGCAdn55u4pf+B1rmkA3cWhN51SvAriA/YcG
+qmyJZgXO+qZOPWNHxNUdgq9lVEO132dhDzH1b9ufnvQMDxF2V681fQ7E3zWEJZZb
+YLRB4jrSz8oxipGRGKgDLiR7lyQ/xRU161jSawblBTcIRXK9c4hv178xQWAInMjt
+Hst4YCpvclG26ypZLCzvw6swfnXf3A6Q4A8pZQVvogWZ01dlgofwHm8qlYxT7wSq
+eicOu3FkSHD8vNwkXnMLqxwkFr4BcSefzCiXulyMcb3h67ZfXAYAFGrrR581vGEt
+Xy+xfXK5PqBX7CWEl3Vs2an9whEncZuv1I9iyXDUmGP7Y373JjqNtpS2GMMPA73k
+nB7eI/zpVS5qoxUlqw35Pldvt+L4E3hvrvE7iZE3w4lB9WUyY1OnSRDU10l2rqWt
+Ptyk3LE2ed5hz5I+gy8/RsXrAooMBXIGV/GJrhye45wf5F/XQqPulnj38sKhmrQC
+QTubPgJwG/kTpNdrA3YukE3E7T5ejaGTT2n5nKat6bj7
+=h9fX
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 35e74c3b1..dba4a7150 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
- "url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
- "date": "2020-08-20T19:08:02+02:00",
- "sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v",
+ "url": "https://github.com/NixOS/nixpkgs",
+ "rev": "24c9b05ac53e422f1af81a156f1fd58499eb27fb",
+ "date": "2020-10-11T16:18:20+02:00",
+ "sha256": "1aw5zxd91rzvvzqk8zi5qrnkjsgf4nv77pa3jbpsymhpwr0gj5i3",
"fetchSubmodules": false
}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 363d68583..56e9e8792 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
- "url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "42674051d12540d4a996504990c6ea3619505953",
- "date": "2020-09-06T21:21:08-04:00",
- "sha256": "1hz1n1hghilgzk4zlya498xm5lvhsf0r5b49yii7q86h3616fhwy",
+ "url": "https://github.com/NixOS/nixpkgs",
+ "rev": "ff6fda61600cc60404bab5cb6b18b8636785b7bc",
+ "date": "2020-10-11T12:38:59+02:00",
+ "sha256": "0kwx0pbgi5nlfb055r2swzp56wpjncabpcpc1djxphi2vlcdy6f3",
"fetchSubmodules": false
}
diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh
index 592023f20..ab04914c1 100755
--- a/krebs/update-nixpkgs-unstable.sh
+++ b/krebs/update-nixpkgs-unstable.sh
@@ -2,7 +2,7 @@
dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
- --url https://github.com/NixOS/nixpkgs-channels \
+ --url https://github.com/NixOS/nixpkgs \
--rev refs/heads/nixos-unstable' \
> $dir/nixpkgs-unstable.json
newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index bb4b54793..b0ffb6adc 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -2,7 +2,7 @@
dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
- --url https://github.com/NixOS/nixpkgs-channels \
+ --url https://github.com/NixOS/nixpkgs \
--rev refs/heads/nixos-20.03' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 0cccbc30e..6cccab4b3 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -1,38 +1,44 @@
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
-{
+let
+
+ cname = "green";
+ cryfs = pkgs.cryfs.overrideAttrs (old: {
+ patches = [
+ (pkgs.writeText "file_mode.patch" ''
+ --- a/src/cryfs/filesystem/CryNode.cpp
+ +++ b/src/cryfs/filesystem/CryNode.cpp
+ @@ -171,7 +171,7 @@ CryNode::stat_info CryNode::stat() const {
+ result.uid = fspp::uid_t(getuid());
+ result.gid = fspp::gid_t(getgid());
+ #endif
+ - result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag();
+ + result.mode = fspp::mode_t().addDirFlag().addUserReadFlag().addUserWriteFlag().addUserExecFlag().addGroupReadFlag().addGroupExecFlag().addOtherReadFlag().addOtherExecFlag();;
+ result.size = fsblobstore::DirBlob::DIR_LSTAT_SIZE;
+ //TODO If possible without performance loss, then for a directory, st_nlink should return number of dir entries (including "." and "..")
+ result.nlink = 1;
+ '')
+ ] ++ old.patches;
+ });
+
+in {
imports = [
<stockholm/lass/2configs/container-networking.nix>
<stockholm/lass/2configs/syncthing.nix>
- { #hack for already defined
- systemd.services."container@green".reloadIfChanged = mkForce false;
- systemd.services."container@green".preStart = ''
- ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green '
- '';
- systemd.services."container@green".postStop = ''
- set -x
- ${pkgs.umount}/bin/umount /var/lib/containers/green
- ls -la /dev/mapper/control
- ${pkgs.devicemapper}/bin/dmsetup ls
- ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img
- '';
- }
];
- services.syncthing.declarative.folders."/var/lib/sync-containers".devices = [ "icarus" "skynet" "littleT" "shodan" ];
- krebs.permown."/var/lib/sync-containers" = {
- owner = "root";
- group = "syncthing";
- umask = "0007";
- };
+ programs.fuse.userAllowOther = true;
- system.activationScripts.containerPermissions = ''
- mkdir -p /var/lib/containers
- chmod 711 /var/lib/containers
- '';
+ services.syncthing.declarative.folders."/var/lib/sync-containers/${cname}".devices = [ "icarus" "skynet" "littleT" "shodan" ];
+ # krebs.permown."/var/lib/sync-containers/${cname}" = {
+ # owner = "root";
+ # group = "syncthing";
+ # umask = "0007";
+ # };
- containers.green = {
+ systemd.services."container@green".reloadIfChanged = mkForce false;
+ containers.${cname} = {
config = { ... }: {
environment.systemPackages = [
pkgs.git
@@ -42,41 +48,52 @@ with import <stockholm/lib>;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
+ system.activationScripts.fuse = {
+ text = ''
+ ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229
+ '';
+ deps = [];
+ };
};
+ allowedDevices = [
+ { modifier = "rwm"; node = "/dev/fuse"; }
+ ];
autoStart = false;
enableTun = true;
privateNetwork = true;
- hostAddress = "10.233.2.15";
- localAddress = "10.233.2.16";
+ hostAddress = "10.233.2.15"; # TODO find way to automatically calculate IPs
+ localAddress = "10.233.2.16"; # TODO find way to automatically calculate IPs
};
environment.systemPackages = [
- (pkgs.writeDashBin "start-green" ''
- set -fu
- CONTAINER='green'
- IMAGE='/var/lib/sync-containers/green.img'
-
- ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null
- if [ "$?" -ne 0 ]; then
- ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER"
- fi
-
- mkdir -p /var/lib/containers/"$CONTAINER"
+ (pkgs.writeDashBin "start-${cname}" ''
+ set -euf
- ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" "
- if [ "$?" -ne 0 ]; then
- ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER"
+ mkdir -p /var/lib/containers/${cname}/var/state
+ chown ${config.services.syncthing.user}: /var/lib/containers/${cname}/var/state
+ if ! ${pkgs.mount}/bin/mount | grep -q '^cryfs@/var/lib/sync-containers/${cname} on /var/lib/containers/${cname}/var/state '; then
+ /run/wrappers/bin/sudo -u "${config.services.syncthing.user}" \
+ ${cryfs}/bin/cryfs /var/lib/sync-containers/${cname} /var/lib/containers/${cname}/var/state -o allow_other -o default_permissions
fi
- STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER")
+ STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${cname})
if [ "$STATE" = 'down' ]; then
- ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER"
+ ${pkgs.nixos-container}/bin/nixos-container start ${cname}
fi
- ping -c1 green.r
- if [ "$?" -ne 0 ]; then
- ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch
+
+ if ! ping -c1 -q -w5 ${cname}.r && [ -d /var/lib/containers/${cname}/var/src ]; then
+ ${pkgs.nixos-container}/bin/nixos-container run ${cname} -- ${pkgs.writeDash "deploy-${cname}" ''
+ mkdir -p /var/state/var_src
+ ln -sf state/var_Src /var/src
+ nixos-rebuild -I /var/src switch
+ ''}
fi
+ '')
+ (pkgs.writeDashBin "stop-${cname}" ''
+ set -euf
+ ${pkgs.nixos-container}/bin/nixos-container stop ${cname}
+ ${cryfs}/bin/cryfs-unmount /var/lib/containers/${cname}/var/state
'')
];
}
diff --git a/lass/krops.nix b/lass/krops.nix
index 5927b0062..128c9ee04 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -11,8 +11,9 @@
{
nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix";
nixpkgs-unstable.git = {
- url = "https://github.com/nixos/nixpkgs-channels";
+ url = "https://github.com/nixos/nixpkgs";
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
+ shallow = true;
};
secrets = if test then {
file = toString ./2configs/tests/dummy-secrets;
diff --git a/makefu/krops.nix b/makefu/krops.nix
index bf2a7a19a..213af0497 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -48,7 +48,7 @@
}
(lib.mkIf (host-src.unstable) {
nixpkgs-unstable.git = {
- url = "https://github.com/nixos/nixpkgs-channels";
+ url = "https://github.com/nixos/nixpkgs";
ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev;
};
})
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 02:38:07 +0000