summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules/default.nix')
-rw-r--r--krebs/3modules/default.nix164
1 files changed, 162 insertions, 2 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 140045b93..0ffdec5f8 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -59,8 +59,6 @@ let
--exclude .graveyard \
--exclude old \
--rsync-path="mkdir -p \"$2\" && rsync" \
- --usermap=\*:0 \
- --groupmap=\*:0 \
--delete-excluded \
-vrLptgoD \
"$src" "$dst"
@@ -123,6 +121,112 @@ let
exec "$profile"/bin/switch-to-configuration switch
EOF
+
+ '';
+ };
+ infest = mkOption {
+ type = types.str;
+ default = ''
+ #! /bin/sh
+ set -efux
+
+ target=${escapeShellArg cfg.build.target}
+
+ push(){(
+ src=$1/
+ dst=$target:/mnt$2
+ rsync \
+ --exclude .git \
+ --exclude .graveyard \
+ --exclude old \
+ --rsync-path="mkdir -p \"/mnt$2\" && rsync" \
+ --delete-excluded \
+ -vrLptgoD \
+ "$src" "$dst"
+ )}
+
+ cat krebs/4lib/infest/1prepare | ssh "$target"
+ cat krebs/4lib/infest/2install-nix | ssh "$target"
+
+ ${concatStrings (mapAttrsToList (name: { url, rev, ... }:
+ optionalString (rev == null) ''
+ push ${toString (map escapeShellArg [
+ "${url}"
+ "/root/src/${name}"
+ ])}
+ '') config.deps)}
+
+ ssh -S none "$target" /bin/sh <<\EOF
+ set -efux
+
+ fetch(){(
+ url=$1
+ rev=$2
+ dst=$3
+ mkdir -p "$dst"
+ cd "$dst"
+ if ! test -e .git; then
+ git init
+ fi
+ if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
+ git remote add origin "$url"
+ elif test "$cur_url" != "$url"; then
+ git remote set-url origin "$url"
+ fi
+ if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then
+ git fetch origin
+ git checkout "$rev" -- .
+ git checkout -q "$rev"
+ git submodule init
+ git submodule update
+ fi
+ git clean -dxf
+ )}
+
+ ${concatStrings (mapAttrsToList (name: { url, rev, ... }:
+ optionalString (rev != null) ''
+ fetch ${toString (map escapeShellArg [
+ url
+ rev
+ "/mnt/root/src/${name}"
+ ])}
+ '') config.deps)}
+
+ export PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:$PATH
+
+ sed < "$(type -p nixos-install)" > nixos-install '
+ /^echo "building the system configuration..."/,/--set -A system/{
+ s/.*/# &/
+ s@.*--set -A system.*@&\n${concatStringsSep " " [
+ "NIX_PATH=/mnt/root/src/"
+ "nix-env"
+ "-Q"
+ "-p /nix/var/nix/profiles/system"
+ "-f \"<stockholm>\""
+ "--set"
+ "-A system"
+ "--argstr user-name ${escapeShellArg cfg.build.user.name}"
+ "--argstr system-name ${escapeShellArg cfg.build.host.name}"
+ ]}@
+ }
+ '
+
+ sed -i 's/^nixpkgs=.*$/#&/' nixos-install
+
+
+ chmod +x nixos-install
+
+ echo {} > /root/dummy.nix
+
+ echo build system...
+ profile=/nix/var/nix/profiles/system
+ NIXOS_CONFIG=/root/dummy.nix \
+ ./nixos-install -I /root/src/
+ #nl -bp nixos-install
+
+ EOF
+
+ cat krebs/4lib/infest/4finalize | ssh "$target"
'';
};
host = mkOption {
@@ -219,6 +323,37 @@ let
lass-imp = {
hosts = addNames {
+ echelon = {
+ cores = 4;
+ dc = "lass"; #dc = "cac";
+ nets = rec {
+ internet = {
+ addrs4 = ["162.248.8.63"];
+ aliases = [
+ "echelon.internet"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ addrs4 = ["10.243.206.103"];
+ addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"];
+ aliases = [
+ "echelon.retiolum"
+ "cgit.echelon.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78
+ DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A
+ IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K
+ N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t
+ cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq
+ UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
cloudkrebs = {
cores = 1;
dc = "lass"; #dc = "cac";
@@ -683,6 +818,31 @@ let
};
secure = true;
};
+ xu = {
+ cores = 4;
+ # TODO xu is mobile, so dc means "home data center"
+ dc = "tv"; #dc = "gg23";
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.13.38"];
+ addrs6 = ["42:0:0:0:0:0:0:1338"];
+ aliases = [
+ "xu.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ
+ uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX
+ 8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw
+ mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj
+ 4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63
+ 4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ };
};
users = addNames {
mv = {