diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/2configs/ircd.nix | 4 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 1 | ||||
| -rw-r--r-- | krebs/3modules/nin/default.nix | 8 | ||||
| -rw-r--r-- | krebs/3modules/tv/default.nix | 1 | ||||
| -rw-r--r-- | krebs/4lib/infest/prepare.sh | 87 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/internetarchive/default.nix | 2 |
6 files changed, 71 insertions, 32 deletions
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index b534f9ad4..962dbf49c 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -12,10 +12,10 @@ ''; config = '' serverinfo { - name = "${config.krebs.build.host.name}.irc.retiolum"; + name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; description = "miep!"; - network_name = "irc.retiolum"; + network_name = "irc.r"; hub = yes; vhost = "0.0.0.0"; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 9f1842b88..56e5c6b82 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -541,6 +541,7 @@ with import <stockholm/lib>; graph IN A ${nets.internet.ip4.addr} ghook IN A ${nets.internet.ip4.addr} dockerhub IN A ${nets.internet.ip4.addr} + photostore IN A ${nets.internet.ip4.addr} io IN NS gum.krebsco.de. ''; }; diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix index 1a0999b8d..1531a2c89 100644 --- a/krebs/3modules/nin/default.nix +++ b/krebs/3modules/nin/default.nix @@ -14,7 +14,6 @@ with import <stockholm/lib>; ip4.addr = "10.243.132.96"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; aliases = [ - "hiawatha.retiolum" "hiawatha.r" ]; tinc.pubkey = '' @@ -39,7 +38,6 @@ with import <stockholm/lib>; ip4.addr = "10.243.134.66"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; aliases = [ - "axon.retiolum" "axon.r" ]; tinc.pubkey = '' @@ -80,10 +78,8 @@ with import <stockholm/lib>; ip4.addr = "10.243.132.55"; ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; aliases = [ - "onondaga.retiolum" "onondaga.r" "cgit.onondaga.r" - "cgit.onondaga.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -104,11 +100,11 @@ with import <stockholm/lib>; }; users = { nin = { - mail = "nin@axon.retiolum"; + mail = "nin@axon.r"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; }; nin_h = { - mail = "nin@hiawatha.retiolum"; + mail = "nin@hiawatha.r"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; }; }; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index ce01be5f3..cc09313f7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -122,6 +122,7 @@ with import <stockholm/lib>; cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} krebsco.de. 60 IN MX 5 ni + krebsco.de. 60 IN TXT v=spf1 mx -all ''; }; nets = { diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index ccfc4f49b..78c1c6ec1 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -21,6 +21,10 @@ prepare() {( esac ;; debian) + if grep -Fq Hetzner /etc/motd; then + prepare_hetzner_rescue "$@" + exit + fi case $VERSION_ID in 7) prepare_debian "$@" @@ -72,7 +76,7 @@ prepare_debian() { type bzip2 2>/dev/null || apt-get install bzip2 type git 2>/dev/null || apt-get install git type rsync 2>/dev/null || apt-get install rsync - type curl 2>/dev/null || apt-get install curl + type curl 2>/dev/null || apt-get install curl prepare_common } @@ -90,10 +94,33 @@ prepare_nixos_iso() { mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } +prepare_hetzner_rescue() { + _which() ( + which "$1" + ) + mountpoint /mnt + + type bzip2 2>/dev/null || apt-get install bzip2 + type git 2>/dev/null || apt-get install git + type rsync 2>/dev/null || apt-get install rsync + type curl 2>/dev/null || apt-get install curl + + mkdir -p /mnt/"$target_path" + mkdir -p "$target_path" + + if ! mountpoint "$target_path"; then + mount --rbind /mnt/"$target_path" "$target_path" + fi + + _prepare_nix_users + _prepare_nix + _prepare_nixos_install +} + get_nixos_install() { echo "installing nixos-install" 2>&1 c=$(mktemp) @@ -107,24 +134,13 @@ EOF nix-env -i -A config.system.build.nixos-install -f "<nixpkgs/nixos>" rm -v $c } + prepare_common() {( + _which() ( + type -p "$1" + ) - if ! getent group nixbld >/dev/null; then - groupadd -g 30000 -r nixbld - fi - for i in `seq 1 10`; do - if ! getent passwd nixbld$i 2>/dev/null; then - useradd \ - -d /var/empty \ - -g 30000 \ - -G 30000 \ - -l \ - -M \ - -s /sbin/nologin \ - -u $(expr 30000 + $i) \ - nixbld$i - fi - done + _prepare_nix_users # # mount install directory @@ -173,10 +189,12 @@ prepare_common() {( mount --bind /nix /mnt/nix fi - # - # install nix - # + _prepare_nix + _prepare_nixos_install +)} + +_prepare_nix() { # install nix on host (cf. https://nixos.org/nix/install) if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then ( @@ -201,17 +219,40 @@ prepare_common() {( if ! mountpoint "$target_path"; then mount --rbind /mnt/"$target_path" "$target_path" fi +} +_prepare_nix_users() { + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + fi + done +} + + +_prepare_nixos_install() { get_nixos_install + mkdir -p bin rm -f bin/nixos-install - cp "$(type -p nixos-install)" bin/nixos-install + cp "$(_which nixos-install)" bin/nixos-install sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install if ! grep -q '^PATH.*#krebs' .bashrc; then echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc fi -)} +} prepare "$@" diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix index 2f55e6f42..3c83093be 100644 --- a/krebs/5pkgs/simple/internetarchive/default.nix +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -1,4 +1,4 @@ -{ stdenv, pkgs, fetchPypi, ... }: +{ stdenv, pkgs, ... }: with pkgs.python3Packages; buildPythonPackage rec { pname = "internetarchive"; |