diff options
Diffstat (limited to 'krebs/4lib')
| -rw-r--r-- | krebs/4lib/default.nix | 9 | ||||
| -rw-r--r-- | krebs/4lib/dns.nix | 31 | ||||
| -rw-r--r-- | krebs/4lib/infest/prepare.sh | 33 | ||||
| -rw-r--r-- | krebs/4lib/listset.nix | 11 | ||||
| -rw-r--r-- | krebs/4lib/types.nix | 70 |
5 files changed, 74 insertions, 80 deletions
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index d5b6d03a..deac02bb 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: with builtins; with lib; @@ -15,14 +15,15 @@ let out = rec { addNames = mapAttrs addName; - types = import ./types.nix { inherit lib; }; + types = import ./types.nix { + inherit config; + lib = lib // { inherit genid; }; + }; dir.has-default-nix = path: pathExists (path + "/default.nix"); - dns = import ./dns.nix { inherit lib; }; genid = import ./genid.nix { lib = lib // out; }; git = import ./git.nix { lib = lib // out; }; - listset = import ./listset.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; diff --git a/krebs/4lib/dns.nix b/krebs/4lib/dns.nix deleted file mode 100644 index b2cf3c24..00000000 --- a/krebs/4lib/dns.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, ... }: - -let - listset = import ./listset.nix { inherit lib; }; -in - -with builtins; -with lib; - -rec { - # label = string - - # TODO does it make sense to have alias = list label? - - # split-by-provider : - # [[label]] -> tree label provider -> listset provider alias - split-by-provider = as: providers: - foldl (m: a: listset.insert (provider-of a providers) a m) {} as; - - # provider-of : alias -> tree label provider -> provider - # Note that we cannot use tree.get here, because path can be longer - # than the tree depth. - provider-of = a: - let - go = path: tree: - if typeOf tree == "string" - then tree - else go (tail path) tree.${head path}; - in - go (reverseList (splitString "." a)); -} diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index b3824c7d..a217e7be 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -184,26 +184,21 @@ prepare_common() {( . /root/.nix-profile/etc/profile.d/nix.sh - for i in \ - bash \ - coreutils \ - # This line intentionally left blank. - do - if ! nix-env -q $i | grep -q .; then - nix-env -iA nixpkgs.pkgs.$i - fi - done + mkdir -p /mnt/"$target_path" + mkdir -p "$target_path" + + if ! mountpoint "$target_path"; then + mount --rbind /mnt/"$target_path" "$target_path" + fi + + mkdir -p bin + rm -f bin/nixos-install + cp "$(type -p nixos-install)" bin/nixos-install + sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install - # install nixos-install - if ! type nixos-install 2>/dev/null; then - nixpkgs_expr='import <nixpkgs> { system = builtins.currentSystem; }' - nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d) - nix-env \ - --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ - --arg pkgs "$nixpkgs_expr" \ - --arg modulesPath 'throw "no modulesPath"' \ - -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ - -iA config.system.build.nixos-install + if ! grep -q '^PATH.*#krebs' .bashrc; then + echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc + echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc fi )} diff --git a/krebs/4lib/listset.nix b/krebs/4lib/listset.nix deleted file mode 100644 index 3aae22f2..00000000 --- a/krebs/4lib/listset.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, ... }: - -with lib; - -rec { - # listset k v = set k [v] - - # insert : k -> v -> listset k v -> listset k v - insert = name: value: set: - set // { ${name} = set.${name} or [] ++ [value]; }; -} diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index d0a53746..839a1a92 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -1,9 +1,14 @@ -{ lib, ... }: +{ config, lib, ... }: with builtins; with lib; with types; +let + # Inherited attributes are used in submodules that have their own `config`. + inherit (config.krebs) users; +in + types // rec { host = submodule ({ config, ... }: { @@ -20,25 +25,17 @@ types // rec { default = {}; }; + owner = mkOption { + type = user; + default = users.krebs; + }; + extraZones = mkOption { default = {}; # TODO: string is either MX, NS, A or AAAA type = with types; attrsOf string; }; - infest = { - addr = mkOption { - type = str; - apply = trace "Obsolete option `krebs.hosts.${config.name}.infest.addr' is used. It was replaced by the `target' argument to `make` or `get`. See Makefile for more information."; - }; - port = mkOption { - type = int; - default = 22; - # TODO replacement: allow target with port, SSH-style: [lol]:666 - apply = trace "Obsolete option `krebs.hosts.${config.name}.infest.port' is used. It's gone without replacement."; - }; - }; - secure = mkOption { type = bool; default = false; @@ -147,6 +144,25 @@ types // rec { merge = mergeOneOption; }; + secret-file = submodule ({ config, ... }: { + options = { + path = mkOption { type = str; }; + mode = mkOption { type = str; default = "0400"; }; + owner = mkOption { + type = user; + default = config.krebs.users.root; + }; + group-name = mkOption { + type = str; + default = "root"; + }; + source-path = mkOption { + type = str; + default = toString <secrets> + "/${config._module.args.name}"; + }; + }; + }); + suffixed-str = suffs: mkOptionType { name = "string suffixed by ${concatStringsSep ", " suffs}"; @@ -156,6 +172,10 @@ types // rec { user = submodule ({ config, ... }: { options = { + home = mkOption { + type = absolute-pathname; + default = "/home/${config.name}"; + }; mail = mkOption { type = str; # TODO retiolum mail address }; @@ -164,7 +184,12 @@ types // rec { default = config._module.args.name; }; pubkey = mkOption { - type = str; + type = nullOr str; + default = null; + }; + uid = mkOption { + type = int; + default = genid config.name; }; }; }); @@ -217,6 +242,21 @@ types // rec { merge = mergeOneOption; }; + # POSIX.1‐2013, 3.2 Absolute Pathname + # TODO normalize slashes + # TODO two slashes + absolute-pathname = mkOptionType { + name = "POSIX absolute pathname"; + check = s: pathname.check s && substring 0 1 s == "/"; + }; + + # POSIX.1‐2013, 3.267 Pathname + # TODO normalize slashes + pathname = mkOptionType { + name = "POSIX pathname"; + check = s: isString s && all filename.check (splitString "/" s); + }; + # POSIX.1-2013, 3.431 User Name username = mkOptionType { name = "POSIX username"; |