From b66cefc6b3c8aafd4737605c5bb07eb8ea9d9dc7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 28 Aug 2015 17:33:03 +0200 Subject: lass 2 chromium-patched: remove unneeded test code --- lass/2configs/chromium-patched.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lass/2configs/chromium-patched.nix b/lass/2configs/chromium-patched.nix index 71518177..d9d7760d 100644 --- a/lass/2configs/chromium-patched.nix +++ b/lass/2configs/chromium-patched.nix @@ -37,12 +37,12 @@ let in { environment.etc."chromium/policies/managed/master.json".source = pkgs.lib.mkForce masterPolicy; - environment.systemPackages = [ - #pkgs.chromium - (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { - buildCommand = attrs.buildCommand + '' - touch $out/TEST123 - ''; - })) - ]; + #environment.systemPackages = [ + # #pkgs.chromium + # (pkgs.lib.overrideDerivation pkgs.chromium (attrs: { + # buildCommand = attrs.buildCommand + '' + # touch $out/TEST123 + # ''; + # })) + #]; } -- cgit v1.2.3 From b82fd9ba290c988e03e34c51fc3b1976be11739d Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 4 Sep 2015 01:29:32 +0200 Subject: krebs tv hosts: add xu --- krebs/3modules/default.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 140045b9..077a0e06 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -683,6 +683,31 @@ let }; secure = true; }; + xu = { + cores = 4; + # TODO xu is mobile, so dc means "home data center" + dc = "tv"; #dc = "gg23"; + nets = { + retiolum = { + addrs4 = ["10.243.13.38"]; + addrs6 = ["42:0:0:0:0:0:0:1338"]; + aliases = [ + "xu.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ + uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX + 8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw + mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj + 4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63 + 4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + }; }; users = addNames { mv = { -- cgit v1.2.3 From c2c528926cb0fcf25a2ae4ca718e3ada89afcada Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 4 Sep 2015 01:51:40 +0200 Subject: krebs types net.tinc: s/apply/default/ --- krebs/4lib/types.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 4e123e72..f6b4bd8b 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -67,7 +67,7 @@ types // rec { options = { config = mkOption { type = str; - apply = _: '' + default = '' ${optionalString (net-config.via != null) (concatMapStringsSep "\n" (a: "Address = ${a}") net-config.via.addrs)} ${concatMapStringsSep "\n" (a: "Subnet = ${a}") net-config.addrs} -- cgit v1.2.3 From 66a2f7a231599ffc182bcf6a5b4ccf24548861f3 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 4 Sep 2015 01:52:50 +0200 Subject: krebs Zhosts: add xu --- krebs/Zhosts/xu | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 krebs/Zhosts/xu diff --git a/krebs/Zhosts/xu b/krebs/Zhosts/xu new file mode 100644 index 00000000..688e4a34 --- /dev/null +++ b/krebs/Zhosts/xu @@ -0,0 +1,13 @@ + +Subnet = 10.243.13.38 +Subnet = 42:0:0:0:0:0:0:1338 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEAl3l7IWbfbkVgaJFM3s9g2UCh2rmqoTba16Of7NNWMj05L/hIkUsQ +uc43/QzidWh/4gEaq5MQ7JpLyzVBQYRJkNlPRF/Z07KdLBskAZCjDYdYue9BrziX +8s2Irs2+FNbCK2LqtrPhbcXQJvixsk6vjl2OBpWTDUcDEsk+D1YQilxdtyUzCUkw +mmRo/mzNsLZsYlSgZ6El/ZLkRdtexAzGxJ0DrukpDR0uqXXkp7jUaxRCZ+Cwanvj +4I1Hu5aHzWB7KJ1SIvpX3a4f+mun1gh3TPqWP5PUqJok1PSuScz6P2UGaLZZyH63 +4o+9nGJPuzb9bpMVRaVGtKXd39jwY7mbqwIDAQAB +-----END RSA PUBLIC KEY----- + + -- cgit v1.2.3 From 29c5c4913157445c467cd9b6d525830bdbb15116 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Sep 2015 11:56:49 +0200 Subject: lass 2 steam: move config to new firewall --- lass/2configs/steam.nix | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/lass/2configs/steam.nix b/lass/2configs/steam.nix index 7d088fc6..bd895e15 100644 --- a/lass/2configs/steam.nix +++ b/lass/2configs/steam.nix @@ -16,15 +16,14 @@ environment.systemPackages = with pkgs; [ steam ]; - networking.firewall = { - allowedUDPPorts = [ - 27031 - 27036 - ]; - allowedTCPPorts = [ - 27036 - 27037 - ]; + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 27031"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 27036"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27031"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27036"; target = "ACCEPT"; } + ]; + }; }; - } -- cgit v1.2.3 From e30f5b1f94201f4fce6c3c387ae8102f75bc650c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Sep 2015 11:57:10 +0200 Subject: lass 2 virtualbox: remove enable --- lass/2configs/virtualbox.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index ad7ac142..9769cd68 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -4,7 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - virtualisation.virtualbox.host.enable = true; users.extraUsers = { virtual = { -- cgit v1.2.3 From 9dcea815c6d840abee2009c2cb56695039dbc8c8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Sep 2015 12:12:21 +0200 Subject: krebs 3: make rsync work on retarted systems --- krebs/3modules/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 65ebad7b..ab78bcd2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -58,8 +58,6 @@ let --exclude .graveyard \ --exclude old \ --rsync-path="mkdir -p \"$2\" && rsync" \ - --usermap=\*:0 \ - --groupmap=\*:0 \ --delete-excluded \ -vrLptgoD \ "$src" "$dst" -- cgit v1.2.3 From 0253b3f073d10f49335ad091d272f97bfcce80e8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Sep 2015 12:13:14 +0200 Subject: lass 2 browsers: add browser-select --- lass/2configs/browsers.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 9849c829..2aaeda63 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -26,8 +26,17 @@ let ]; }; + #TODO: abstract this + in { + environment.systemPackages = [ + (simpleScript "browser-select" '' + BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu) + $BROWSER $@ + '') + ]; + imports = [ ../3modules/per-user.nix ] ++ [ -- cgit v1.2.3 From 9eff022e421307723084159cb93b020cff7bc139 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Sep 2015 12:14:16 +0200 Subject: move pubkey imports to krebs/Zpubkeys --- lass/1systems/uriel.nix | 2 +- lass/2configs/base.nix | 4 ++-- lass/2configs/retiolum.nix | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index 7c3d0812..bb98975e 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -16,7 +16,7 @@ with builtins; users.extraUsers = { root = { openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/uriel.ssh.pub + ../../krebs/Zpubkeys/uriel.ssh.pub ]; }; }; diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index d44a19c1..b29d028d 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -14,7 +14,7 @@ with lib; users.extraUsers = { root = { openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/lass.ssh.pub + ../../krebs/Zpubkeys/lass.ssh.pub ]; }; mainUser = { @@ -29,7 +29,7 @@ with lib; "wheel" ]; openssh.authorizedKeys.keys = map readFile [ - ../../Zpubkeys/lass.ssh.pub + ../../krebs/Zpubkeys/lass.ssh.pub ]; }; }; diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index 7c7f2b4d..17cd1d82 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -17,7 +17,7 @@ krebs.retiolum = { enable = true; - hosts = ../../Zhosts; + hosts = ../../krebs/Zhosts; connectTo = [ "fastpoke" "cloudkrebs" -- cgit v1.2.3 From 74137b8884b507e061985123e942a3c4ea7248fa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Sep 2015 12:14:38 +0200 Subject: lass 5: use autoimport ok pkgs --- lass/5pkgs/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index c776262f..6df35b90 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -2,10 +2,8 @@ let inherit (pkgs) callPackage; - kpkgs = import ../../krebs/5pkgs { inherit pkgs; }; in -kpkgs // rec { bitlbee-dev = callPackage ./bitlbee-dev.nix {}; bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; }; -- cgit v1.2.3 From f3c1727659c59ff638b1adead8e30ee2f79f39de Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Sep 2015 12:15:31 +0200 Subject: lass: add echelon --- krebs/3modules/default.nix | 31 +++++++++++++++++++++++++++++++ lass/1systems/echelon.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 lass/1systems/echelon.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ab78bcd2..78907960 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -216,6 +216,37 @@ let lass-imp = { hosts = addNames { + echelon = { + cores = 4; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["162.248.167.198"]; + aliases = [ + "echelon.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.206.103"]; + addrs6 = ["42:941e:2816:35f4:5c5e:206b:3f0b:f763"]; + aliases = [ + "echelon.retiolum" + "cgit.echelon.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78 + DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A + IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K + N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t + cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq + UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; cloudkrebs = { cores = 1; dc = "lass"; #dc = "cac"; diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix new file mode 100644 index 00000000..12765a10 --- /dev/null +++ b/lass/1systems/echelon.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../../tv/2configs/CAC-Developer-2.nix + ../../tv/2configs/CAC-CentOS-7-64bit.nix + ../2configs/base.nix + ../2configs/retiolum.nix + ../2configs/fastpoke-pages.nix + ../2configs/new-repos.nix + { + networking.interfaces.enp2s1.ip4 = [ + { + address = "162.248.167.198"; + prefixLength = 24; + } + ]; + networking.defaultGateway = "162.248.167.1"; + networking.nameservers = [ + "8.8.8.8" + ]; + + } + ]; + + krebs.build = { + user = config.krebs.users.lass; + target = "root@162.248.167.198"; + host = config.krebs.hosts.echelon; + deps = { + secrets = { + url = "/home/lass/secrets/${config.krebs.build.host.name}"; + }; + stockholm = { + url = toString ../..; + }; + }; + }; + + networking.hostName = "cloudkrebs"; + +} -- cgit v1.2.3 From 5e5241c4fd3a4ab10db6e6194002b86cad1668a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 Sep 2015 16:33:43 +0200 Subject: lass 2 desktop-base: bind backspace to capslock --- lass/2configs/desktop-base.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/desktop-base.nix b/lass/2configs/desktop-base.nix index 9b98e4a8..52c29d7e 100644 --- a/lass/2configs/desktop-base.nix +++ b/lass/2configs/desktop-base.nix @@ -58,6 +58,7 @@ in { layout = "us"; xkbModel = "evdev"; xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; }; } -- cgit v1.2.3 From d3af0f72cd2b5fd391bdd70a2a8001d5f9557984 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 Sep 2015 16:37:00 +0200 Subject: lass 2 base: bump nixpkgs rev --- lass/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index b29d028d..bd829c64 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -42,7 +42,7 @@ with lib; exim-retiolum.enable = true; build.deps.nixpkgs = { url = https://github.com/Lassulus/nixpkgs; - rev = "58a82ff50b8605b88a8f66481d8c85bf8ab53be3"; + rev = "e74d0e7ff83c16846a81e1173543f180ad565076"; }; }; -- cgit v1.2.3 From e863eae0eadf2b57076121264d7798177640a194 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 13 Sep 2015 16:37:11 +0200 Subject: lass 2 base: dont get a ipv4ll address --- lass/2configs/base.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index bd829c64..18acd15a 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -147,4 +147,8 @@ with lib; }; }; + networking.dhcpcd.extraConfig = '' + noipv4ll + ''; + } -- cgit v1.2.3 From b35fd2bb734e0d857ba6d673e924affafe1475e6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Sep 2015 02:59:37 +0200 Subject: krebs 5 cac: add inotifyTools as dependency --- krebs/5pkgs/cac/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix index eff52304..838eddd2 100644 --- a/krebs/5pkgs/cac/default.nix +++ b/krebs/5pkgs/cac/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, coreutils, curl, gnused, jq, ncurses, sshpass, ... }: +{ stdenv, fetchgit, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }: stdenv.mkDerivation { name = "cac"; @@ -20,6 +20,7 @@ stdenv.mkDerivation { coreutils curl gnused + inotifyTools jq ncurses sshpass -- cgit v1.2.3 From 79f0abfdfc996882306d65cc1b815286c2c92648 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Sep 2015 03:00:29 +0200 Subject: lass 4: add getDefaultGateway helper function --- lass/4lib/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 21a083d1..2e493177 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -17,4 +17,8 @@ krebs // rec { ln -s ${pkgs.writeScript name content} $out/bin/${name} ''; }; + + getDefaultGateway = ip: + concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); + } -- cgit v1.2.3 From 5182561a19f0e1b4852a08d5b377de959af8421d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Sep 2015 03:01:52 +0200 Subject: lass 1 echelon: get ip from krebs --- lass/1systems/echelon.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 12765a10..31a5ed06 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -1,21 +1,24 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: -{ +let + inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway; + inherit (lib) head; + + ip = (head config.krebs.hosts.echelon.nets.internet.addrs4); +in { imports = [ ../../tv/2configs/CAC-Developer-2.nix ../../tv/2configs/CAC-CentOS-7-64bit.nix ../2configs/base.nix ../2configs/retiolum.nix - ../2configs/fastpoke-pages.nix - ../2configs/new-repos.nix { networking.interfaces.enp2s1.ip4 = [ { - address = "162.248.167.198"; + address = ip; prefixLength = 24; } ]; - networking.defaultGateway = "162.248.167.1"; + networking.defaultGateway = getDefaultGateway ip; networking.nameservers = [ "8.8.8.8" ]; @@ -25,7 +28,7 @@ krebs.build = { user = config.krebs.users.lass; - target = "root@162.248.167.198"; + target = "root@${ip}"; host = config.krebs.hosts.echelon; deps = { secrets = { -- cgit v1.2.3 From 317d756c59b2b95d5e48cda4a27f8effdbb67095 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Sep 2015 03:02:22 +0200 Subject: lass 1 echelon: use correct hostname --- lass/1systems/echelon.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix index 31a5ed06..92976366 100644 --- a/lass/1systems/echelon.nix +++ b/lass/1systems/echelon.nix @@ -40,6 +40,6 @@ in { }; }; - networking.hostName = "cloudkrebs"; + networking.hostName = "echelon"; } -- cgit v1.2.3 From a43004cbd8584d6ad92963691583a1c59ab9e0fb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Sep 2015 03:03:16 +0200 Subject: lass 1 mors: install cac pkg --- lass/1systems/mors.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d07fe14d..4724fd3e 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -171,6 +171,7 @@ }; environment.systemPackages = with pkgs; [ + cac ]; #TODO: fix this shit -- cgit v1.2.3 From 03263a58d870229b61430c80f21cb178ee251cc6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Sep 2015 03:04:13 +0200 Subject: krebs Zhosts: add echelon --- krebs/Zhosts/echelon | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 krebs/Zhosts/echelon diff --git a/krebs/Zhosts/echelon b/krebs/Zhosts/echelon new file mode 100644 index 00000000..9d1c324f --- /dev/null +++ b/krebs/Zhosts/echelon @@ -0,0 +1,12 @@ +Address = 168.235.156.81 +Subnet = 10.243.206.103 +Subnet = 42:941e:2816:35f4:5c5e:206b:3f0b:f763 + +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA92ybhDahtGybpAkUNlG5Elxw05MVY4Pg7yK0dQugB4nVq+pnmi78 +DOMeIciecMHmJM8n9UlUU0eWZVCgHeVd23d6J0hTHCv24p24uHEGGy7XlO/dPJ6A +IjROYU0l8c03pipdJ3cDBx6riArSglwmZJ7xH/Iw0BUhRZrPqbtijY7EcG2wc+8K +N9N9mBofVMl4EcBiDR/eecK+ro8OkeOmYPtYgFJLvxTYXiPIhOxMAlkOY2fpin/t +cgFLUFuN4ag751XjjcNpVovVq95vdg+VhKrrNVWZjJt03owW81BzoryY6CD2kIPq +UxK89zEdeYOUT7AxaT/5V5v41IvGFZxCzwIDAQAB +-----END RSA PUBLIC KEY----- -- cgit v1.2.3 From ab946ab7c12a5f25c62c0abfea5fa38189411e7b Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Sep 2015 03:04:39 +0200 Subject: add "make infest" --- Makefile | 4 ++ krebs/3modules/default.nix | 106 +++++++++++++++++++++++++++++++++++ krebs/4lib/infest/1prepare | 74 ++++++++++++++++++++++++ krebs/4lib/infest/2install-nix | 57 +++++++++++++++++++ krebs/4lib/infest/3install-nix-tools | 9 +++ krebs/4lib/infest/4finalize | 65 +++++++++++++++++++++ 6 files changed, 315 insertions(+) create mode 100644 krebs/4lib/infest/1prepare create mode 100644 krebs/4lib/infest/2install-nix create mode 100644 krebs/4lib/infest/3install-nix-tools create mode 100644 krebs/4lib/infest/4finalize diff --git a/Makefile b/Makefile index 54656e9e..b34278ce 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,10 @@ else ifdef system deploy:;@ make eval system=$(system) get=config.krebs.build.script filter=json | sh +.PHONY: infest +infest:;@ + make eval system=$(system) get=config.krebs.build.infest filter=json | sh + .PHONY: eval eval: @ diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a6b5a190..2db9feda 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -121,6 +121,112 @@ let exec "$profile"/bin/switch-to-configuration switch EOF + + ''; + }; + infest = mkOption { + type = types.str; + default = '' + #! /bin/sh + set -efux + + target=${escapeShellArg cfg.build.target} + + push(){( + src=$1/ + dst=$target:/mnt$2 + rsync \ + --exclude .git \ + --exclude .graveyard \ + --exclude old \ + --rsync-path="mkdir -p \"/mnt$2\" && rsync" \ + --delete-excluded \ + -vrLptgoD \ + "$src" "$dst" + )} + + cat krebs/4lib/infest/1prepare | ssh "$target" + cat krebs/4lib/infest/2install-nix | ssh "$target" + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev == null) '' + push ${toString (map escapeShellArg [ + "${url}" + "/root/src/${name}" + ])} + '') config.deps)} + + ssh -S none "$target" /bin/sh <<\EOF + set -efux + + fetch(){( + url=$1 + rev=$2 + dst=$3 + mkdir -p "$dst" + cd "$dst" + if ! test -e .git; then + git init + fi + if ! cur_url=$(git config remote.origin.url 2>/dev/null); then + git remote add origin "$url" + elif test "$cur_url" != "$url"; then + git remote set-url origin "$url" + fi + if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then + git fetch origin + git checkout "$rev" -- . + git checkout -q "$rev" + git submodule init + git submodule update + fi + git clean -dxf + )} + + ${concatStrings (mapAttrsToList (name: { url, rev, ... }: + optionalString (rev != null) '' + fetch ${toString (map escapeShellArg [ + url + rev + "/mnt/root/src/${name}" + ])} + '') config.deps)} + + export PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:$PATH + + sed < "$(type -p nixos-install)" > nixos-install ' + /^echo "building the system configuration..."/,/--set -A system/{ + s/.*/# &/ + s@.*--set -A system.*@&\n${concatStringsSep " " [ + "NIX_PATH=/mnt/root/src/" + "nix-env" + "-Q" + "-p /nix/var/nix/profiles/system" + "-f \"\"" + "--set" + "-A system" + "--argstr user-name ${escapeShellArg cfg.build.user.name}" + "--argstr system-name ${escapeShellArg cfg.build.host.name}" + ]}@ + } + ' + + sed -i 's/^nixpkgs=.*$/#&/' nixos-install + + + chmod +x nixos-install + + echo {} > /root/dummy.nix + + echo build system... + profile=/nix/var/nix/profiles/system + NIXOS_CONFIG=/root/dummy.nix \ + ./nixos-install -I /root/src/ + #nl -bp nixos-install + + EOF + + cat krebs/4lib/infest/4finalize | ssh "$target" ''; }; host = mkOption { diff --git a/krebs/4lib/infest/1prepare b/krebs/4lib/infest/1prepare new file mode 100644 index 00000000..07c00c3a --- /dev/null +++ b/krebs/4lib/infest/1prepare @@ -0,0 +1,74 @@ +#! /bin/sh +set -efu + +prepare() {( + if test -e /etc/os-release; then + . /etc/os-release + case $ID in + centos) + case $VERSION_ID in + 7) + prepare_centos7 "$@" + exit + ;; + esac + ;; + esac + fi + echo "$0 prepare: unknown OS" >&2 + exit -1 +)} + +prepare_centos7() { + type bzip2 2>/dev/null || yum install -y bzip2 + type git 2>/dev/null || yum install -y git + type rsync 2>/dev/null || yum install -y rsync + if ! getent group nixbld >/dev/null; then + groupadd -g 30000 -r nixbld + fi + for i in `seq 1 10`; do + if ! getent passwd nixbld$i 2>/dev/null; then + useradd \ + -c "CentOS Nix build user $i" \ + -d /var/empty \ + -g 30000 \ + -G 30000 \ + -l \ + -M \ + -s /sbin/nologin \ + -u $(expr 30000 + $i) \ + nixbld$i + rm -f /var/spool/mail/nixbld$i + fi + done + + # + # mount install directory + # + + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then + mkdir -p /newshit + mount --bind /newshit /mnt + fi + + if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then + mkdir -p /mnt/boot + mount /dev/sda1 /mnt/boot + fi + + mount | grep 'on /mnt\>' >&2 + + # + # prepare install directory + # + + mkdir -p /mnt/etc/nixos + mkdir -m 0555 -p /mnt/var/empty + + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then + mkdir -p /mnt/root + mount --bind /root /mnt/root + fi +} + +prepare "$@" diff --git a/krebs/4lib/infest/2install-nix b/krebs/4lib/infest/2install-nix new file mode 100644 index 00000000..3021c114 --- /dev/null +++ b/krebs/4lib/infest/2install-nix @@ -0,0 +1,57 @@ +#! /bin/sh +set -efu + +nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2 +nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4" + +install-nix() {( + + # install nix on host (cf. https://nixos.org/nix/install) + if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then + ( + verify() { + printf '%s %s\n' $nix_sha256 $(basename $nix_url) | sha256sum -c + } + if ! verify; then + curl -C - -O "$nix_url" + verify + fi + ) + nix_src_dir=$(basename $nix_url .tar.bz2) + tar jxf $nix_src_dir.tar.bz2 + mkdir -v -m 0755 -p /nix + $nix_src_dir/install + fi + + #TODO: make this general or move to 1prepare + if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then + mkdir -p /mnt/nix + mount --bind /nix /mnt/nix + fi + + . /root/.nix-profile/etc/profile.d/nix.sh + + for i in \ + bash \ + coreutils \ + # This line intentionally left blank. + do + if ! nix-env -q $i | grep -q .; then + nix-env -iA nixpkgs.pkgs.$i + fi + done + + # install nixos-install + if ! type nixos-install 2>/dev/null; then + nixpkgs_expr='import { system = builtins.currentSystem; }' + nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d) + nix-env \ + --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ + --arg pkgs "$nixpkgs_expr" \ + --arg modulesPath 'throw "no modulesPath"' \ + -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ + -iA config.system.build.nixos-install + fi +)} + +install-nix "$@" diff --git a/krebs/4lib/infest/3install-nix-tools b/krebs/4lib/infest/3install-nix-tools new file mode 100644 index 00000000..59fa6f14 --- /dev/null +++ b/krebs/4lib/infest/3install-nix-tools @@ -0,0 +1,9 @@ +#! /bin/sh +set -efu + +install-nix-tools() {( + + +)} + +install-nix-tools "$@" diff --git a/krebs/4lib/infest/4finalize b/krebs/4lib/infest/4finalize new file mode 100644 index 00000000..d095fa31 --- /dev/null +++ b/krebs/4lib/infest/4finalize @@ -0,0 +1,65 @@ +#! /bin/sh +set -eux +{ + umount /mnt/nix || [ $? -eq 32 ] + umount /mnt/boot || [ $? -eq 32 ] + umount /mnt/root || [ $? -eq 32 ] + umount /mnt || [ $? -eq 32 ] + umount /boot || [ $? -eq 32 ] + + PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i) + export PATH + + mkdir /oldshit + + mv /bin /oldshit/ + mv /newshit/bin / + + # TODO ensure /boot is empty + rmdir /newshit/boot + + # skip /dev + rmdir /newshit/dev + + mv /etc /oldshit/ + mv /newshit/etc / + + # skip /nix (it's already there) + rmdir /newshit/nix + + # skip /proc + rmdir /newshit/proc + + # skip /run + rmdir /newshit/run + + # skip /sys + rmdir /newshit/sys + + # skip /root + rmdir /newshit/root + + # skip /tmp + # TODO rmdir /newshit/tmp + + mv /home /oldshit/ + mv /newshit/home / + + mv /usr /oldshit/ + mv /newshit/usr / + + mv /var /oldshit/ + mv /newshit/var / + + mv /lib /oldshit/ + mv /lib64 /oldshit/ + mv /sbin /oldshit/ + mv /srv /oldshit/ + mv /opt /oldshit/ + + + mv /newshit /root/ # TODO this one shoult be empty + mv /oldshit /root/ + + sync +} -- cgit v1.2.3 From c20e49bd20554f2874aded7f29dd4958b3b78f38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 18 Sep 2015 03:07:13 +0200 Subject: krebs 3: update echelon ip --- krebs/3modules/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 2db9feda..3879ccdd 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -328,7 +328,7 @@ let dc = "lass"; #dc = "cac"; nets = rec { internet = { - addrs4 = ["162.248.167.198"]; + addrs4 = ["162.248.8.61"]; aliases = [ "echelon.internet" ]; -- cgit v1.2.3 From 1c6d6918d710dd106dd163ef271cad0bf83edeec Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 19 Sep 2015 23:40:25 +0200 Subject: krebs 3: update echelon ip --- krebs/3modules/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 3879ccdd..0ffdec5f 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -328,7 +328,7 @@ let dc = "lass"; #dc = "cac"; nets = rec { internet = { - addrs4 = ["162.248.8.61"]; + addrs4 = ["162.248.8.63"]; aliases = [ "echelon.internet" ]; -- cgit v1.2.3 From db75ef768b705fc6c4cbbd5ed29f817470c9952d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 19 Sep 2015 23:40:51 +0200 Subject: lass 2: use zsh as defaultShell --- lass/2configs/base.nix | 1 + lass/2configs/zsh.nix | 126 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 127 insertions(+) create mode 100644 lass/2configs/zsh.nix diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix index 18acd15a..6774845c 100644 --- a/lass/2configs/base.nix +++ b/lass/2configs/base.nix @@ -5,6 +5,7 @@ with lib; imports = [ ../3modules/iptables.nix ../2configs/vim.nix + ../2configs/zsh.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/zsh.nix b/lass/2configs/zsh.nix new file mode 100644 index 00000000..646e816f --- /dev/null +++ b/lass/2configs/zsh.nix @@ -0,0 +1,126 @@ +{ config, lib, pkgs, ... }: +{ + programs.zsh = { + enable = true; + shellInit = '' + #disable config wizard + zsh-newuser-install() { :; } + ''; + interactiveShellInit = '' + HISTFILE=~/.histfile + HISTSIZE=1000000 + SAVEHIST=100000 + #unsetopt nomatch + setopt autocd extendedglob + bindkey -e + zstyle :compinstall filename '/home/lass/.zshrc' + + #history magic + bindkey "" up-line-or-local-history + bindkey "" down-line-or-local-history + + up-line-or-local-history() { + zle set-local-history 1 + zle up-line-or-history + zle set-local-history 0 + } + zle -N up-line-or-local-history + down-line-or-local-history() { + zle set-local-history 1 + zle down-line-or-history + zle set-local-history 0 + } + zle -N down-line-or-local-history + + setopt share_history + setopt hist_ignore_dups + # setopt inc_append_history + bindkey '^R' history-incremental-search-backward + + #C-x C-e open line in editor + autoload -z edit-command-line + zle -N edit-command-line + bindkey "^X^E" edit-command-line + + #completion magic + fpath=(~/.zsh/completions $fpath) + autoload -Uz compinit + compinit + zstyle ':completion:*' menu select + + #enable automatic rehashing of $PATH + zstyle ':completion:*' rehash true + + + #eval $( dircolors -b ~/.LS_COLORS ) + + #exports + export EDITOR='vim' + export MANPAGER='most' + export PAGER='vim -' + # export MANPAGER='sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | vim -R -c "set ft=man nonu nomod nolist" -' + + #beautiful colors + alias ls='ls --color' + zstyle ':completion:*:default' list-colors ''${(s.:.)LS_COLORS} + + #emacs bindings + bindkey "[7~" beginning-of-line + bindkey "[8~" end-of-line + bindkey "Oc" emacs-forward-word + bindkey "Od" emacs-backward-word + + #aliases + alias ll='ls -l' + alias la='ls -la' + alias pinginet='ping 8.8.8.8' + alias du='du -hd1' + alias qiv="qiv -f -m" + alias zshres="source ~/.zshrc" + + #fancy window title magic + case $TERM in + (*xterm* | *rxvt*) + + # Write some info to terminal title. + # This is seen when the shell prompts for input. + function precmd { + print -Pn "\e]0;%(1j,%j job%(2j|s|); ,)%~\a" + } + # Write command and args to terminal title. + # This is seen while the shell waits for a command to complete. + function preexec { + printf "\033]0;%s\a" "$1" + } + ;; + esac + ''; + promptInit = '' + autoload -U promptinit + promptinit + + error='%(?..%F{red}%?%f )' + + case $UID in + 0) + username='%F{red}root%f' + ;; + 1337) + username="" + ;; + *) + username='%F{blue}%n%f' + ;; + esac + + if test -n "$SSH_CLIENT"; then + PROMPT="$error$username@%F{magenta}%M%f %~ " + else + PROMPT="$error$username %~ " + fi + + + ''; + }; + users.defaultUserShell = "/run/current-system/sw/bin/zsh"; +} -- cgit v1.2.3 From e3222a7e7096d155da507ef41bbb2002ff4aed89 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 19 Sep 2015 23:42:05 +0200 Subject: lass 2 browsers: add create{Firefox,Chromium}User --- lass/2configs/browsers.nix | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 2aaeda63..4fe06b72 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -4,7 +4,7 @@ let inherit (import ../4lib { inherit pkgs lib; }) simpleScript; mainUser = config.users.extraUsers.mainUser; - createBrowserUser = name: extraGroups: packages: + createChromiumUser = name: extraGroups: packages: { users.extraUsers = { ${name} = { @@ -26,6 +26,28 @@ let ]; }; + createFirefoxUser = name: extraGroups: packages: + { + users.extraUsers = { + ${name} = { + inherit name; + inherit extraGroups; + home = "/home/${name}"; + useDefaultShell = true; + createHome = true; + }; + }; + lass.per-user.${name}.packages = packages; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(${name}) NOPASSWD: ALL + ''; + environment.systemPackages = [ + (simpleScript name '' + sudo -u ${name} -i firefox $@ + '') + ]; + }; + #TODO: abstract this in { @@ -40,11 +62,11 @@ in { imports = [ ../3modules/per-user.nix ] ++ [ - ( createBrowserUser "ff" [ "audio" ] [ pkgs.firefox ] ) - ( createBrowserUser "cr" [ "audio" ] [ pkgs.chromium ] ) - ( createBrowserUser "fb" [ ] [ pkgs.chromium ] ) - ( createBrowserUser "gm" [ ] [ pkgs.chromium ] ) - ( createBrowserUser "flash" [ ] [ pkgs.flash ] ) + ( createFirefoxUser "ff" [ "audio" ] [ pkgs.firefox ] ) + ( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] ) + ( createChromiumUser "fb" [ ] [ pkgs.chromium ] ) + ( createChromiumUser "gm" [ ] [ pkgs.chromium ] ) + ( createChromiumUser "flash" [ ] [ pkgs.flash ] ) ]; nixpkgs.config.packageOverrides = pkgs : { -- cgit v1.2.3