summaryrefslogtreecommitdiffstats
path: root/krebs/4lib
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/4lib')
-rw-r--r--krebs/4lib/infest/3install-nix-tools9
-rw-r--r--krebs/4lib/infest/finalize.sh (renamed from krebs/4lib/infest/4finalize)2
-rw-r--r--krebs/4lib/infest/install-nix.sh (renamed from krebs/4lib/infest/2install-nix)8
-rw-r--r--krebs/4lib/infest/prepare.sh (renamed from krebs/4lib/infest/1prepare)0
-rw-r--r--krebs/4lib/shell.nix2
-rw-r--r--krebs/4lib/types.nix61
6 files changed, 65 insertions, 17 deletions
diff --git a/krebs/4lib/infest/3install-nix-tools b/krebs/4lib/infest/3install-nix-tools
deleted file mode 100644
index 59fa6f14a..000000000
--- a/krebs/4lib/infest/3install-nix-tools
+++ /dev/null
@@ -1,9 +0,0 @@
-#! /bin/sh
-set -efu
-
-install-nix-tools() {(
-
-
-)}
-
-install-nix-tools "$@"
diff --git a/krebs/4lib/infest/4finalize b/krebs/4lib/infest/finalize.sh
index d095fa31b..ced5a4d4d 100644
--- a/krebs/4lib/infest/4finalize
+++ b/krebs/4lib/infest/finalize.sh
@@ -7,7 +7,7 @@ set -eux
umount /mnt || [ $? -eq 32 ]
umount /boot || [ $? -eq 32 ]
- PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
+ PATH=$(set +f; for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
export PATH
mkdir /oldshit
diff --git a/krebs/4lib/infest/2install-nix b/krebs/4lib/infest/install-nix.sh
index 3021c1143..88c8c3e1e 100644
--- a/krebs/4lib/infest/2install-nix
+++ b/krebs/4lib/infest/install-nix.sh
@@ -2,9 +2,9 @@
set -efu
nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2
-nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4"
+nix_sha256=504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4
-install-nix() {(
+install_nix() {(
# install nix on host (cf. https://nixos.org/nix/install)
if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
@@ -23,7 +23,7 @@ install-nix() {(
$nix_src_dir/install
fi
- #TODO: make this general or move to 1prepare
+ #TODO: make this general or move to prepare
if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then
mkdir -p /mnt/nix
mount --bind /nix /mnt/nix
@@ -54,4 +54,4 @@ install-nix() {(
fi
)}
-install-nix "$@"
+install_nix "$@"
diff --git a/krebs/4lib/infest/1prepare b/krebs/4lib/infest/prepare.sh
index 07c00c3a5..07c00c3a5 100644
--- a/krebs/4lib/infest/1prepare
+++ b/krebs/4lib/infest/prepare.sh
diff --git a/krebs/4lib/shell.nix b/krebs/4lib/shell.nix
index 2a6da5c16..5910adacc 100644
--- a/krebs/4lib/shell.nix
+++ b/krebs/4lib/shell.nix
@@ -6,7 +6,7 @@ with lib;
rec {
escape =
let
- isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null;
+ isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null;
in
stringAsChars (c:
if isSafeChar c then c
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index f6b4bd8b1..039f803ef 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -1,11 +1,12 @@
{ lib, ... }:
+with builtins;
with lib;
with types;
types // rec {
- host = submodule {
+ host = submodule ({ config, ... }: {
options = {
name = mkOption {
type = label;
@@ -27,6 +28,19 @@ types // rec {
type = with types; attrsOf string;
};
+ infest = {
+ addr = mkOption {
+ type = str;
+ apply = trace "Obsolete option `krebs.hosts.${config.name}.infest.addr' is used. It was replaced by the `target' argument to `make` or `get`. See Makefile for more information.";
+ };
+ port = mkOption {
+ type = int;
+ default = 22;
+ # TODO replacement: allow target with port, SSH-style: [lol]:666
+ apply = trace "Obsolete option `krebs.hosts.${config.name}.infest.port' is used. It's gone without replacement.";
+ };
+ };
+
secure = mkOption {
type = bool;
default = false;
@@ -36,8 +50,39 @@ types // rec {
TODO define minimum requirements for secure hosts
'';
};
+
+ ssh.pubkey = mkOption {
+ type = nullOr str;
+ default = null;
+ apply = x:
+ if x != null
+ then x
+ else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null;
+ };
+ ssh.privkey = mkOption {
+ type = nullOr (submodule {
+ options = {
+ bits = mkOption {
+ type = nullOr (enum ["4096"]);
+ default = null;
+ };
+ path = mkOption {
+ type = either path str;
+ apply = x: {
+ path = toString x;
+ string = x;
+ }.${typeOf x};
+ };
+ type = mkOption {
+ type = enum ["rsa" "ed25519"];
+ default = "ed25519";
+ };
+ };
+ });
+ default = null;
+ };
};
- };
+ });
net = submodule ({ config, ... }: {
options = {
@@ -61,6 +106,18 @@ types // rec {
aliases = mkOption {
# TODO nonEmptyListOf hostname
type = listOf hostname;
+ default = [];
+ };
+ ssh = mkOption {
+ type = submodule {
+ options = {
+ port = mkOption {
+ type = nullOr int;
+ default = null;
+ };
+ };
+ };
+ default = {};
};
tinc = mkOption {
type = let net-config = config; in nullOr (submodule ({ config, ... }: {