summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitlab-ci.yml14
-rw-r--r--jeschli/2configs/git.nix8
-rw-r--r--jeschli/krops.nix40
-rw-r--r--krebs/0tests/data/secrets/konsens.id_ed255190
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/1systems/wolf/config.nix3
-rw-r--r--krebs/2configs/buildbot-stockholm.nix35
-rw-r--r--krebs/2configs/repo-sync.nix172
-rw-r--r--krebs/2configs/shack/mobile.mpd.nix32
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/git.nix11
-rw-r--r--krebs/3modules/konsens.nix80
-rw-r--r--krebs/3modules/lass/default.nix64
-rw-r--r--krebs/3modules/lass/ssh/android.rsa2
-rw-r--r--krebs/3modules/retiolum-bootstrap.nix5
-rw-r--r--krebs/5pkgs/simple/buildbot-classic/default.nix4
-rw-r--r--krebs/5pkgs/simple/cgit-clear-cache.nix8
-rw-r--r--krebs/5pkgs/simple/git-hooks/default.nix15
-rw-r--r--krebs/5pkgs/simple/krops.nix4
-rw-r--r--krebs/krops.nix7
-rw-r--r--krebs/nixpkgs.json7
-rwxr-xr-xkrebs/update-channel.sh9
-rw-r--r--lass/1systems/daedalus/config.nix3
-rw-r--r--lass/1systems/dishfire/config.nix63
-rw-r--r--lass/1systems/dishfire/physical.nix39
-rw-r--r--lass/1systems/dishfire/source.nix3
-rw-r--r--lass/1systems/helios/config.nix43
-rw-r--r--lass/1systems/mors/config.nix3
-rw-r--r--lass/1systems/prism/config.nix4
-rw-r--r--lass/2configs/exim-smarthost.nix2
-rw-r--r--lass/2configs/git.nix17
-rw-r--r--lass/2configs/reaktor-coders.nix6
-rw-r--r--lass/2configs/repo-sync.nix6
-rw-r--r--lass/krops.nix16
-rw-r--r--makefu/1systems/cake/source.nix2
-rw-r--r--makefu/1systems/darth/source.nix2
-rw-r--r--makefu/1systems/drop/config.nix2
-rw-r--r--makefu/1systems/drop/source.nix2
-rw-r--r--makefu/1systems/fileleech/config.nix4
-rw-r--r--makefu/1systems/fileleech/source.nix2
-rw-r--r--makefu/1systems/filepimp/source.nix2
-rw-r--r--makefu/1systems/full/source.nix5
-rw-r--r--makefu/1systems/gum/config.nix10
-rw-r--r--makefu/1systems/gum/source.nix2
-rw-r--r--makefu/1systems/iso/source.nix2
-rw-r--r--makefu/1systems/kexec/source.nix2
-rw-r--r--makefu/1systems/latte/config.nix1
-rw-r--r--makefu/1systems/latte/source.nix2
-rw-r--r--makefu/1systems/nextgum/config.nix13
-rw-r--r--makefu/1systems/nextgum/source.nix2
-rw-r--r--makefu/1systems/omo/config.nix71
-rw-r--r--makefu/1systems/omo/source.nix2
-rw-r--r--makefu/1systems/pnp/source.nix2
-rw-r--r--makefu/1systems/repunit/source.nix2
-rw-r--r--makefu/1systems/sdev/source.nix2
-rw-r--r--makefu/1systems/shack-autoinstall/source.nix3
-rw-r--r--makefu/1systems/shoney/config.nix2
-rw-r--r--makefu/1systems/shoney/source.nix2
-rw-r--r--makefu/1systems/studio/config.nix1
-rw-r--r--makefu/1systems/studio/source.nix2
-rw-r--r--makefu/1systems/tsp/source.nix4
-rw-r--r--makefu/1systems/vbob/source.nix2
-rw-r--r--makefu/1systems/wbob/config.nix2
-rw-r--r--makefu/1systems/wbob/source.nix2
-rw-r--r--makefu/1systems/wry/config.nix2
-rw-r--r--makefu/1systems/wry/source.nix2
-rw-r--r--makefu/1systems/x/config.nix15
-rw-r--r--makefu/1systems/x/source.nix3
-rw-r--r--makefu/2configs/bitlbee.nix8
-rw-r--r--makefu/2configs/default.nix11
-rw-r--r--makefu/2configs/deployment/events-publisher/default.nix9
-rw-r--r--makefu/2configs/editor/vim.nix33
-rw-r--r--makefu/2configs/editor/vimrc98
-rw-r--r--makefu/2configs/gui/xpra.nix3
-rw-r--r--makefu/2configs/hw/smartcard.nix18
-rw-r--r--makefu/2configs/nginx/rompr.nix76
-rw-r--r--makefu/2configs/pyload.nix10
-rw-r--r--makefu/2configs/share/gum-client.nix23
-rw-r--r--makefu/2configs/share/gum.nix2
-rw-r--r--makefu/2configs/tools/extra-gui.nix1
-rw-r--r--makefu/2configs/tools/mic92.nix9
-rw-r--r--makefu/2configs/vim.nix136
-rw-r--r--makefu/3modules/default.nix1
-rw-r--r--makefu/3modules/state.nix9
-rw-r--r--makefu/5pkgs/arduino-user-env/default.nix35
-rw-r--r--makefu/5pkgs/beef/Gemfile56
-rw-r--r--makefu/5pkgs/beef/Gemfile.lock101
-rw-r--r--makefu/5pkgs/beef/db-in-homedir.patch39
-rw-r--r--makefu/5pkgs/beef/default.nix22
-rw-r--r--makefu/5pkgs/beef/gemset.nix238
-rw-r--r--makefu/5pkgs/bento4/default.nix30
-rw-r--r--makefu/5pkgs/cozy-audiobooks/default.nix99
-rw-r--r--makefu/5pkgs/default.nix10
-rw-r--r--makefu/5pkgs/drozer/default.nix9
-rw-r--r--makefu/5pkgs/ifdnfc/default.nix45
-rw-r--r--makefu/5pkgs/nur.nix7
-rw-r--r--makefu/krops.nix88
-rw-r--r--makefu/nixpkgs.json7
-rwxr-xr-xmakefu/update-channel.sh9
-rw-r--r--nin/krops.nix40
m---------submodules/nix-writers0
-rw-r--r--tv/2configs/gitrepos.nix27
102 files changed, 1569 insertions, 643 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3f2f28d65..1946f269e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,19 @@
+before_script:
+ - mkdir -p ~/.ssh
+ - echo "$deploy_privkey" > deploy.key
+ - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key"
+ - chmod 600 deploy.key
+ - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
nix-shell test:
script:
- env
- nix-shell --pure --command 'true' -p stdenv && echo success
- nix-shell --pure --command 'false' -p stdenv || echo success
+nur-packages makefu:
+ script:
+ - git reset --hard origin/master
+ - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
+ - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git
+ - git push --force deploy HEAD:master
+after_script:
+ - rm -f deploy.key
diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix
index e07af1bc0..a26022789 100644
--- a/jeschli/2configs/git.nix
+++ b/jeschli/2configs/git.nix
@@ -45,11 +45,13 @@ let
public = true;
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
- nick = config.krebs.build.host.name;
channel = "#xxx";
+ nick = config.krebs.build.host.name;
+ refs = [
+ "refs/heads/master"
+ ];
server = "irc.r";
- verbose = true;
- branches = [ "master" ];
+ verbose = true;
};
};
};
diff --git a/jeschli/krops.nix b/jeschli/krops.nix
new file mode 100644
index 000000000..e55f207d3
--- /dev/null
+++ b/jeschli/krops.nix
@@ -0,0 +1,40 @@
+{ name }: let
+ inherit (import ../krebs/krops.nix { inherit name; })
+ krebs-source
+ lib
+ pkgs
+ ;
+
+ source = { test }: lib.evalSource [
+ krebs-source
+ {
+ nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
+ secrets = if test then {
+ file = toString ./2configs/tests/dummy-secrets;
+ } else {
+ pass = {
+ dir = "${lib.getEnv "HOME"}/.password-store";
+ name = "hosts/${name}";
+ };
+ };
+ }
+ ];
+
+in {
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
+ deploy = pkgs.krops.writeDeploy "${name}-deploy" {
+ source = source { test = false; };
+ target = "root@${name}/var/src";
+ };
+
+ # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
+ test = pkgs.krops.writeTest "${name}-test" {
+ source = source { test = true; };
+ target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test";
+ };
+
+ ci = pkgs.krops.writeTest "${name}-test" {
+ source = source { test = true; };
+ target = "${lib.getEnv "HOME"}/stockholm-build";
+ };
+}
diff --git a/krebs/0tests/data/secrets/konsens.id_ed25519 b/krebs/0tests/data/secrets/konsens.id_ed25519
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/krebs/0tests/data/secrets/konsens.id_ed25519
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 18b751a7e..0a848426c 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -15,6 +15,7 @@
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
+ <stockholm/krebs/2configs/repo-sync.nix>
];
krebs.build.host = config.krebs.hosts.hotdog;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 6addb0818..914b38051 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -25,6 +25,7 @@ in
<stockholm/krebs/2configs/shack/muell_caller.nix>
<stockholm/krebs/2configs/shack/radioactive.nix>
<stockholm/krebs/2configs/shack/share.nix>
+ <stockholm/krebs/2configs/shack/mobile.mpd.nix>
{
systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate
systemd.services.telegraf.environment = {
@@ -114,7 +115,7 @@ in
networking = {
firewall.enable = false;
firewall.allowedTCPPorts = [ 8088 8086 8083 ];
- interfaces."${ext-if}".ip4 = [{
+ interfaces."${ext-if}".ipv4.addresses = [{
address = shack-ip;
prefixLength = 20;
}];
diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix
index 62a5f9ab5..8537ce40c 100644
--- a/krebs/2configs/buildbot-stockholm.nix
+++ b/krebs/2configs/buildbot-stockholm.nix
@@ -4,6 +4,22 @@ let
hostname = config.networking.hostName;
+ sourceRepos = [
+ "http://cgit.enklave.r/stockholm"
+ "http://cgit.gum.r/stockholm"
+ "http://cgit.hotdog.r/stockholm"
+ "http://cgit.ni.r/stockholm"
+ "http://cgit.prism.r/stockholm"
+ ];
+
+ build = pkgs.writeDash "build" ''
+ set -eu
+ export USER="$1"
+ export SYSTEM="$2"
+ $(nix-build $USER/krops.nix --no-out-link --argstr name "$SYSTEM" --argstr target "$HOME/stockholm-build" -A ci)
+ '';
+
+
in
{
networking.firewall.allowedTCPPorts = [ 80 ];
@@ -23,17 +39,16 @@ in
slaves = {
testslave = "lasspass";
};
- change_source.stockholm = ''
- stockholm_repo = 'http://cgit.prism.r/stockholm'
+ change_source.stockholm = concatMapStrings (repo: ''
cs.append(
changes.GitPoller(
- stockholm_repo,
- workdir='stockholm-poller', branches=True,
+ "${repo}",
+ workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True,
project='stockholm',
pollinterval=10
)
)
- '';
+ '') sourceRepos;
scheduler = {
auto-scheduler = ''
sched.append(
@@ -61,7 +76,7 @@ in
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(
- repourl=stockholm_repo,
+ repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'),
mode='full',
submodules=True,
)
@@ -95,15 +110,9 @@ in
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
"NIX_REMOTE": "daemon",
- "dummy_secrets": "true",
},
command=[
- "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
- "--user={}".format(user),
- "--system={}".format(host),
- "--force-populate",
- "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),<