From f16742895c26b0f3df71ca8503afc5f4cb97a9ae Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 30 Dec 2015 17:14:31 +0100 Subject: l: add new host dishfire --- krebs/3modules/lass/default.nix | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 26b0947bb..592ed475d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -4,6 +4,38 @@ with lib; { hosts = addNames { + dishfire = { + cores = 4; + dc = "lass"; #dc = "cac"; + nets = rec { + internet = { + addrs4 = ["144.76.172.188"]; + aliases = [ + "dishfire.internet" + ]; + }; + retiolum = { + via = internet; + addrs4 = ["10.243.133.99"]; + addrs6 = ["42:0000:0000:0000:0000:0000:d15f:1233"]; + aliases = [ + "dishfire.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + #ssh.privkey.path = ; + #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; + }; echelon = { cores = 2; dc = "lass"; #dc = "cac"; -- cgit v1.2.3 From eba696c5d2d8e25f1cd4a00007c3c1521fcc6e6f Mon Sep 17 00:00:00 2001 From: miefda Date: Wed, 30 Dec 2015 18:15:11 +0100 Subject: miefda: init with bobby --- krebs/3modules/default.nix | 1 + krebs/3modules/miefda/default.nix | 40 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 krebs/3modules/miefda/default.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 740ba67b8..dddb2df50 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -81,6 +81,7 @@ let imp = mkMerge [ { krebs = import ./lass { inherit lib; }; } { krebs = import ./makefu { inherit lib; }; } + { krebs = import ./miefda { inherit lib; }; } { krebs = import ./mv { inherit lib; }; } { krebs = import ./shared { inherit lib; }; } { krebs = import ./tv { inherit lib; }; } diff --git a/krebs/3modules/miefda/default.nix b/krebs/3modules/miefda/default.nix new file mode 100644 index 000000000..8ecf898c5 --- /dev/null +++ b/krebs/3modules/miefda/default.nix @@ -0,0 +1,40 @@ +{ lib, ... }: + +with lib; + +{ + hosts = addNames { + bobby = { + cores = 4; + dc = "miefda"; + nets = { + retiolum = { + addrs4 = ["10.243.111.112"]; + addrs6 = ["42:0:0:0:0:0:111:112"]; + aliases = [ + "bobby.retiolum" + "cgit.bobby.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA+AScnIqFdzGl+iRZTNZ7r91n/r1H4GzDsrAupUvJ4mi7nDN4eP8s + uLvKtJp22RxfuF3Kf4KhHb8LHQ8bLLN/KDaNDXrCNBc69d7vvLsjoY+wfGLJNu4Y + Ad/8J4r3rdb83mTA3IHb47T/70MERPBr2gF84YiG6ZoQrPQuTk4lHxaI83SOhjny + 0F0ucS/rBV6Vv9y5/756TKi1cFPSpY4X+qeWc8xWrBGJcJiiqYb8ZX2o/lkAJ5c+ + jI/VdybGFVGY9+bp4Jw5xBIo5KGuFnm8+blRmSDDl3joRneKQSx9FAu7RUwoajBu + cEbi1529NReQzIFT6Vt22ymbHftxOiuh4QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + #ssh.privkey.path = ; + #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; + }; + }; + users = addNames { + miefda = { + mail = "miefda@miefda.de"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVdNCks6mrItKHYIwgW3s+NINFhHqZtLPj3l6TJUWd93ZSuuI6P+Z/0m0G9Z4tWWaXWsOCnzMA2WOKcitBbLcaQxVypJfvmfoA5CVlh4/nf8NfvbMFkVIYPehxR7YoejfKOxPOCNC3248RiD8kqa4/5IF8qdqE+mRQUIZJXvN0jZZ+rGnYo5Z544O9JqsV+VjjOgK0Fchpxf/lC8dnBucIce7gUwi5npwsGQZgSDmRobBRFVDZag1abLFNZN2faI8uqzSlU6KRRapYV266Of7j3kmDokMan4szjP1EexmTWm+arwRiz9p0M5oKs6zofez0mOyF5ux02NB3XIhbJc8CfMjeA7PmSg4ZhghjlSjIOR+1mMIDiDVi6PNLw5atzvpyfYtpf5sWpdIpXCS0lyzIgasqW4gbAiWoFPv5A0mw0QI6UqlxQ8Pdm6R7P6yQxyknrxnvFGMQPiqgl21ssSNA9A+YRd4j0nATntzOeD1bxTZkyU4FtW++0hg3Ph6HiHLfPd9w70wPr7b0RITVnBcN2ZqIO+5NIqQYU801FCNXsTuBh0ueTsVTGJYySUGkmkHyH5spLYdr1Z5w+4W+HgbxPk40pyZJ18S0umL49igxR9NsniucFy1/jqqi0TiDIsHx6vsawFT1F2rq9ZtGaRcJL6Yfz0p+uZC5rc/nI+mMlQ== miefda@nixos"; + }; + }; +} -- cgit v1.2.3 From 873d00042bf825b1efb856a33d55d23a3ad22649 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:41:18 +0100 Subject: k 3 l: remove dead hosts --- krebs/3modules/lass/default.nix | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 592ed475d..3926b48be 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -228,22 +228,6 @@ with lib; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; - schnabel-ap = { - nets = { - gg23 = { - addrs4 = ["10.23.1.20"]; - aliases = ["schnabel-ap.gg23"]; - }; - }; - }; - Reichsfunk-ap = { - nets = { - gg23 = { - addrs4 = ["10.23.1.10"]; - aliases = ["Reichsfunk-ap.gg23"]; - }; - }; - }; }; users = addNames { -- cgit v1.2.3 From 8b5523b7f4efb462f4865e0032541d691d176e64 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:44:01 +0100 Subject: k 3 l: declare pubkeys inline --- krebs/3modules/lass/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3926b48be..b99ebf01d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -232,11 +232,11 @@ with lib; }; users = addNames { lass = { - pubkey = readFile ../../Zpubkeys/lass.ssh.pub; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp83zynhIueJJsWlSEykVSBrrgBFKq38+vT8bRfa+csqyjZBl2SQFuCPo+Qbh49mwchpZRshBa9jQEIGqmXxv/PYdfBFQuOFgyUq9ZcTZUXqeynicg/SyOYFW86iiqYralIAkuGPfQ4howLPVyjTZtWeEeeEttom6p6LMY5Aumjz2em0FG0n9rRFY2fBzrdYAgk9C0N6ojCs/Gzknk9SGntA96MDqHJ1HXWFMfmwOLCnxtE5TY30MqSmkrJb7Fsejwjoqoe9Y/mCaR0LpG2cStC1+37GbHJNH0caCMaQCX8qdfgMVbWTVeFWtV6aWOaRgwLrPDYn4cHWQJqTfhtPrNQ== lass@mors"; mail = "lass@mors.retiolum"; }; - uriel = { - pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; + lass_uriel = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; mail = "lass@uriel.retiolum"; }; }; -- cgit v1.2.3 From 55b99a6c056b28be7601d7f56fab5a08a181ea29 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 15:55:41 +0100 Subject: l: add helios as new system --- krebs/3modules/lass/default.nix | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index b99ebf01d..49ff50e8c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -228,6 +228,33 @@ with lib; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINAMPlIG+6u75GJ3kvsPF6OoIZsU+u8ZQ+rdviv5fNMD"; }; + helios = { + cores = 2; + dc = "lass"; + nets = { + retiolum = { + addrs4 = ["10.243.0.3"]; + addrs6 = ["42:0:0:0:0:0:0:7105"]; + aliases = [ + "helios.retiolum" + "cgit.helios.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA9SItL2mhQpTl95gjSWRstrDajUnI5YbrVCuaDKfw9gRwMyPNiO/y + Xwv/w4Ri8NCJZLZGkj2vG3X0EfJFBEPTJPTCbF9fP7PqqVs38BD41txLp+NrFxEq + 5fmFk65/eg8ujrNQoOSUGmky/BKqQhWjvxdAWuwjN933wJCcNCxyaUwljHLYEK/I + oIJX+spnFmPwmhW9hsOj8K06eHixT13+0W48GG/ZNcV3x5vWxcKUvZ4Qtzz2iMNB + hud5kae7xMUfFAzCeKF/zsjuyt2d/xQg1WgR8MXGNgYhNJFSXz94r/bivNO6H4vP + Pfjndnh8cD46ADo8woS1nQ19WId+sMbipwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWlIxkX41V55Yker8n4gErx2xcKpXFNKthhbP3+bTJ7"; + }; }; users = addNames { @@ -239,5 +266,9 @@ with lib; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDExWuRcltGM2FqXO695nm6/QY3wU3r1bDTyCpMrLfUSym7TxcXDSmZSWcueexPXV6GENuUfjJPZswOdWqIo5u2AXw9t0aGvwEDmI6uJ7K5nzQOsXIneGMdYuoOaAzWI8pxZ4N+lIP1HsOYttIPDp8RwU6kyG+Ud8mnVHWSTO13C7xC9vePnDP6b+44nHS691Zj3X/Cq35Ls0ISC3EM17jreucdP62L3TKk2R4NCm3Sjqj+OYEv0LAqIpgqSw5FypTYQgNByxRcIcNDlri63Q1yVftUP1338UiUfxtraUu6cqa2CdsHQmtX5mTNWEluVWO3uUKTz9zla3rShC+d3qvr lass@uriel"; mail = "lass@uriel.retiolum"; }; + lass_helios = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBOnMtgy5GH6R6tHp2ugy5QTe3gAGxh2CKsstSNSNAJwvWGiaWJkbNmgM8KlCWeq1GJBGa95kU4I2BDO5fJd7J9vqyrTGF1+sx0Nwj/ELKSNVxDoKVYiU09pTqSB3pi46i+E8N49y4/8aRhu4/7O2dSTH7OS3YoZpt2Soas+cYJYhQdZtYQAgPX5LOkTfQvPhGR8AzrrTvOUrHyTWaSBEELVZ088LrFT6ibXHcPhwXX7A5+YMS8LLr3KRstySWzJEmfVOJxuMhQJSH1Xiq4bLilVn9V4AK5pCOnlALSYf48SexsCqzBUKgISuncurIBbXtW9EkNTMX3jSKlSQ7WniGRlmzrBAJCh4VXJUZgXDf8hAaPckIRbLosbTnEAauWcfnIXLfvI+bYkURhfYKsWelM+MS6ihk+P2yr8rNT9w5iUVJGVypOXUp45PrFuPn6ayCpNRJzqPwCCPE7fFagzLs7wibIXlrhCnRALT5HHyExFFcQoGvIq/8o+Oia8mrTimb55IDLwkiYrG6I5DPXFPKsTC0hium9T3I8dC+M7n9GbwnLTUK2kWnoklD3HTab21xJTtbF98nQ94df7doqPFxL/jongeZCGMB+PJ+BdQTtHr7tCY0kN2GXpoHxz/2w8YEWTKHhWIUsD+Utf8pDkKQfCqlm7iR7byxL51gHL9Z3Q== lass@helios"; + mail = "lass@helios.retiolum"; + }; }; } -- cgit v1.2.3 From 0cd9c450f0ddcd41f95608f20d193fbf6b062c2f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 16:18:17 +0100 Subject: k 3 l: add ssh host key for dishfire --- krebs/3modules/lass/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 49ff50e8c..9f22018a8 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -33,8 +33,8 @@ with lib; ''; }; }; - #ssh.privkey.path = ; - #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL21QDOEFdODFh6WAfNp6odrXo15pEsDQuGJfMu/cKzK"; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; }; echelon = { cores = 2; -- cgit v1.2.3 From d739448ab940da4ed5bdf9be5398f6b93b854412 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 4 Feb 2016 12:46:09 +0100 Subject: krebs.build.populate: cleanup (less) harder --- krebs/3modules/build.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 00142acdd..0da5dd38a 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -74,7 +74,7 @@ let unset tmpdir trap ' - rm "$tmpdir"/* + rm -f "$tmpdir"/* rmdir "$tmpdir" trap - EXIT INT QUIT ' EXIT INT QUIT -- cgit v1.2.3 From 23c7c10f5a5ed83dca001d7382e5b89981277f8c Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 15:11:30 +0100 Subject: krebs.retiolum.hosts: change type to attrsOf host --- krebs/3modules/retiolum.nix | 46 ++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index e0e2692a8..08ac96461 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -1,6 +1,4 @@ { config, pkgs, lib, ... }: - -with builtins; with lib; let cfg = config.krebs.retiolum; @@ -40,7 +38,7 @@ let ''; }; - network = mkOption { + netname = mkOption { type = types.str; default = "retiolum"; description = '' @@ -65,10 +63,13 @@ let }; hosts = mkOption { - type = with types; either package path; - default = ../Zhosts; + type = with types; attrsOf host; + default = + filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts; description = '' - If a path is given, then it will be used to generate an ad-hoc package. + Hosts which should be part of the tinc configuration. + Note that these hosts must have a correspondingly named network + configured, see config.krebs.retiolum.netname. ''; }; @@ -104,7 +105,7 @@ let }; imp = { - environment.systemPackages = [ tinc hosts iproute ]; + environment.systemPackages = [ tinc iproute ]; networking.extraHosts = retiolumExtraHosts; @@ -140,17 +141,16 @@ let tinc = cfg.tincPackage; - hosts = getAttr (typeOf cfg.hosts) { - package = cfg.hosts; - path = pkgs.stdenv.mkDerivation { - name = "custom-retiolum-hosts"; - src = cfg.hosts; - installPhase = '' - mkdir $out - find . -name .git -prune -o -type f -print0 \ - | xargs -0 cp --target-directory $out - ''; - }; + tinc-hosts = pkgs.stdenv.mkDerivation { + name = "${cfg.netname}-tinc-hosts"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir $out + ${concatStrings (mapAttrsToList (_: host: '' + echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \ + > $out/${shell.escape host.name} + '') cfg.hosts)} + ''; }; iproute = cfg.iproutePackage; @@ -159,7 +159,7 @@ let { } '' generate() { - (cd ${hosts} + (cd ${tinc-hosts} printf \'\' for i in `ls`; do names=$(hostnames $i) @@ -180,11 +180,11 @@ let generate ;; long) - hostnames() { echo "$1.${cfg.network}"; } + hostnames() { echo "$1.${cfg.netname}"; } generate ;; both) - hostnames() { echo "$1.${cfg.network} $1"; } + hostnames() { echo "$1.${cfg.netname} $1"; } generate ;; *) @@ -203,12 +203,12 @@ let mkdir -p $out - ln -s ${hosts} $out/hosts + ln -s ${tinc-hosts} $out/hosts cat > $out/tinc.conf < Date: Sat, 6 Feb 2016 15:43:24 +0100 Subject: krebs.retiolum: don't generate extraHosts --- krebs/3modules/default.nix | 1 - krebs/3modules/retiolum.nix | 54 ++------------------------------------------- 2 files changed, 2 insertions(+), 53 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index ba1f425d9..7418434ea 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -96,7 +96,6 @@ let retiolum = "hosts"; }; - # XXX This overlaps with krebs.retiolum networking.extraHosts = concatStringsSep "\n" (flatten ( mapAttrsToList (hostname: host: mapAttrsToList (netname: net: diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 08ac96461..2bf8aa5db 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -29,22 +29,13 @@ let ''; }; - generateEtcHosts = mkOption { - type = types.str; - default = "both"; - description = '' - If set to short, long, or both, - then generate entries in /etc/hosts from subnets. - ''; - }; - netname = mkOption { type = types.str; default = "retiolum"; description = '' The tinc network name. - It is used to generate long host entries, - and name the TUN device. + It is used to name the TUN device and to generate the default value for + config.krebs.retiolum.hosts. ''; }; @@ -107,8 +98,6 @@ let imp = { environment.systemPackages = [ tinc iproute ]; - networking.extraHosts = retiolumExtraHosts; - systemd.services.retiolum = { description = "Tinc daemon for Retiolum"; after = [ "network.target" ]; @@ -155,45 +144,6 @@ let iproute = cfg.iproutePackage; - retiolumExtraHosts = import (pkgs.runCommand "retiolum-etc-hosts" - { } - '' - generate() { - (cd ${tinc-hosts} - printf \'\' - for i in `ls`; do - names=$(hostnames $i) - for j in `sed -En 's|^ *Aliases *= *(.+)|\1|p' $i`; do - names="$names $(hostnames $j)" - done - sed -En ' - s|^ *Subnet *= *([^ /]*)(/[0-9]*)? *$|\1 '"$names"'|p - ' $i - done | sort - printf \'\' - ) - } - - case ${cfg.generateEtcHosts} in - short) - hostnames() { echo "$1"; } - generate - ;; - long) - hostnames() { echo "$1.${cfg.netname}"; } - generate - ;; - both) - hostnames() { echo "$1.${cfg.netname} $1"; } - generate - ;; - *) - echo '""' - ;; - esac > $out - ''); - - confDir = pkgs.runCommand "retiolum" { # TODO text executable = true; -- cgit v1.2.3 From a1f7f5e510ddc7a35bebe4ec7698e19d83d57c3f Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 15:57:43 +0100 Subject: krebs: DRY up shorts of the networking.extraHosts generator --- krebs/3modules/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 7418434ea..20eb944e2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -103,10 +103,8 @@ let aliases = longs ++ shorts; providers = dns.split-by-provider net.aliases cfg.dns.providers; longs = providers.hosts; - shorts = - map (removeSuffix ".${cfg.search-domain}") - (filter (hasSuffix ".${cfg.search-domain}") - longs); + shorts = let s = ".${cfg.search-domain}"; in + map (removeSuffix s) (filter (hasSuffix s) longs); in map (addr: "${addr} ${toString aliases}") net.addrs ) (filterAttrs (name: host: host.aliases != []) host.nets) -- cgit v1.2.3 From 171df3acbe8ebe97d690bfb386fbf15bc14984cd Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:15:25 +0100 Subject: tv: adopt kaepsele --- krebs/3modules/tv/default.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 31c1a375a..5f70f8489 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -130,6 +130,35 @@ with lib; }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY"; }; + kaepsele = { + nets = { + internet = { + addrs4 = ["92.222.10.169"]; + aliases = [ + "kaepsele.internet" + # TODO "kaepsele.org" + ]; + }; + retiolum = { + addrs4 = ["10.243.166.2"]; + addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"]; + aliases = [ + "kaepsele.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/ + Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo + rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y + y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu + yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5 + FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; + }; nomic = { cores = 2; dc = "tv"; #dc = "gg23"; -- cgit v1.2.3 From c4655c3baad28525550e7c1d0fb9589e06663a2b Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:21:30 +0100 Subject: krebs.dns.providers: add i and r --- krebs/3modules/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 20eb944e2..529506905 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -92,7 +92,9 @@ let de.krebsco = "zones"; gg23 = "hosts"; shack = "hosts"; + i = "hosts"; internet = "hosts"; + r = "hosts"; retiolum = "hosts"; }; -- cgit v1.2.3 From b16bfb9c99e6f1f063c5b7358003149db42b70e3 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:18:52 +0100 Subject: tv: add .i and .r TLDs --- krebs/3modules/tv/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 5f70f8489..7db5c532e 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -24,6 +24,7 @@ with lib; internet = { addrs4 = ["162.219.7.216"]; aliases = [ + "cd.i" "cd.internet" "cd.krebsco.de" "cgit.cd.krebsco.de" @@ -37,6 +38,7 @@ with lib; addrs4 = ["10.243.113.222"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af3"]; aliases = [ + "cd.r" "cd.retiolum" "cgit.cd.retiolum" ]; @@ -67,6 +69,7 @@ with lib; internet = { addrs4 = ["104.167.114.142"]; aliases = [ + "mkdir.i" "mkdir.internet" ]; }; @@ -75,6 +78,7 @@ with lib; addrs4 = ["10.243.113.223"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af4"]; aliases = [ + "mkdir.r" "mkdir.retiolum" "cgit.mkdir.retiolum" ]; @@ -104,6 +108,7 @@ with lib; internet = { addrs4 = ["198.147.22.115"]; aliases = [ + "ire.i" "ire.internet" "ire.krebsco.de" ]; @@ -113,6 +118,7 @@ with lib; addrs4 = ["10.243.231.66"]; addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"]; aliases = [ + "ire.r" "ire.retiolum" ]; tinc.pubkey = '' @@ -135,6 +141,7 @@ with lib; internet = { addrs4 = ["92.222.10.169"]; aliases = [ + "kaepsele.i" "kaepsele.internet" # TODO "kaepsele.org" ]; @@ -143,6 +150,7 @@ with lib; addrs4 = ["10.243.166.2"]; addrs6 = ["42:0b9d:6660:d07c:2bb7:4e91:1a01:2e7d"]; aliases = [ + "kaepsele.r" "kaepsele.retiolum" ]; tinc.pubkey = '' @@ -171,6 +179,7 @@ with lib; addrs4 = ["10.243.0.110"]; addrs6 = ["42:02d5:733f:d6da:c0f5:2bb7:2b18:09ec"]; aliases = [ + "nomic.r" "nomic.retiolum" "cgit.nomic.retiolum" ]; @@ -205,6 +214,7 @@ with lib; internet = { addrs4 = ["167.88.34.182"]; aliases = [ + "rmdir.i" "rmdir.internet" ]; }; @@ -213,6 +223,7 @@ with lib; addrs4 = ["10.243.113.224"]; addrs6 = ["42:4522:25f8:36bb:8ccb:0150:231a:2af5"]; aliases = [ + "rmdir.r" "rmdir.retiolum" "cgit.rmdir.retiolum" ]; @@ -260,6 +271,7 @@ with lib; addrs4 = ["10.243.13.37"]; addrs6 = ["42:0:0:0:0:0:0:1337"]; aliases = [ + "wu.r" "wu.retiolum" "cgit.wu.retiolum" ]; @@ -292,6 +304,7 @@ with lib; addrs4 = ["10.243.13.38"]; addrs6 = ["42:0:0:0:0:0:0:1338"]; aliases = [ + "xu.r" "xu.retiolum" ]; tinc.pubkey = '' -- cgit v1.2.3 From 9742953ee932b96cafb390f7b61edd68499cec82 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 16:53:35 +0100 Subject: tv: add cgit.*.r aliases --- krebs/3modules/tv/default.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 7db5c532e..b7fd1c54c 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -40,6 +40,7 @@ with lib; aliases = [ "cd.r" "cd.retiolum" + "cgit.cd.r" "cgit.cd.retiolum" ]; tinc.pubkey = '' @@ -80,6 +81,7 @@ with lib; aliases = [ "mkdir.r" "mkdir.retiolum" + "cgit.mkdir.r" "cgit.mkdir.retiolum" ]; tinc.pubkey = '' @@ -181,6 +183,7 @@ with lib; aliases = [ "nomic.r" "nomic.retiolum" + "cgit.nomic.r" "cgit.nomic.retiolum" ]; tinc.pubkey = '' @@ -225,6 +228,7 @@ with lib; aliases = [ "rmdir.r" "rmdir.retiolum" + "cgit.rmdir.r" "cgit.rmdir.retiolum" ]; tinc.pubkey = '' @@ -273,6 +277,7 @@ with lib; aliases = [ "wu.r" "wu.retiolum" + "cgit.wu.r" "cgit.wu.retiolum" ]; tinc.pubkey = '' -- cgit v1.2.3 From c784d271c5dc8783e5e6308baf4f6dd26430bfca Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 18:38:51 +0100 Subject: tv: adopt mu --- krebs/3modules/tv/default.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index b7fd1c54c..9adb0ce11 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -169,6 +169,28 @@ with lib; }; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; }; + mu = { + nets = { + retiolum = { + addrs4 = ["10.243.20.01"]; + addrs6 = ["42:0:0:0:0:0:0:2001"]; + aliases = [ + "mu.r" + "mu.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEApXErmPSn2CO4V25lqxanCGCFgxEAjdzFUiTCCu0IvELEuCc3PqVA + g4ecf8gGwPCbzMW/1txjlgbsQcm87U5enaCwzSv/pa7P9/memV74OhqEVOypFlDE + XeZczqQfNbjoLYl4cKZpTsSZmOgASXaMDrH2N37f50q35C0MQw0HRzaQM5VLrzb4 + o87MClS+yPqpvp34QjW+1lqnOKvMkr6mDrmtcAjCOs9Ma16txyfjGVFi8KmYqIs1 + QEJmyC9Uocz5zuoSLUghgVRn9yl4+MEw6++akFDwKt/eMkcSq0GPB+3Rz/WLDiBs + FK6BsssQWdwiEWpv6xIl1Fi+s7F0riq2cwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; nomic = { cores = 2; dc = "tv"; #dc = "gg23"; -- cgit v1.2.3 From 29746aec06b7d42d3c87245f6f14f048234251e4 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 18:54:01 +0100 Subject: krebs.{backup.plans,hosts,users}.*.name: add default value --- krebs/3modules/backup.nix | 3 ++- krebs/3modules/lass/default.nix | 4 ++-- krebs/3modules/makefu/default.nix | 4 ++-- krebs/3modules/mv/default.nix | 4 ++-- krebs/3modules/shared/default.nix | 4 ++-- krebs/3modules/tv/default.nix | 4 ++-- 6 files changed, 12 insertions(+), 11 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index a1f335905..17d8a3c98 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -12,7 +12,7 @@ let enable = mkEnableOption "krebs.backup" // { default = true; }; plans = mkOption { default = {}; - type = types.attrsOf (types.submodule ({ + type = types.attrsOf (types.submodule ({ config, ... }: { # TODO enable = mkEnableOption "TODO" // { default = true; }; options = { method = mkOption { @@ -20,6 +20,7 @@ let }; name = mkOption { type = types.str; + default = config._module.args.name; }; src = mkOption { type = types.krebs.file-location; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 26b0947bb..c880ea788 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -3,7 +3,7 @@ with lib; { - hosts = addNames { + hosts = { echelon = { cores = 2; dc = "lass"; #dc = "cac"; @@ -214,7 +214,7 @@ with lib; }; }; - users = addNames { + users = { lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; mail = "lass@mors.retiolum"; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 38e773b53..693a954ab 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -3,7 +3,7 @@ with lib; { - hosts = addNames { + hosts = { pnp = { cores = 1; dc = "makefu"; #vm on 'omo' @@ -364,7 +364,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; }; - users = addNames rec { + users = rec { makefu = { mail = "makefu@pornocauster.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index 6da2abc85..70417157f 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -3,7 +3,7 @@ with lib; { - hosts = addNames { + hosts = { stro = { cores = 4; dc = "mv"; @@ -31,7 +31,7 @@ with lib; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; }; }; - users = addNames { + users = { mv_stro = { mail = "mv@stro.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro"; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 91d92857b..52aa4de41 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -32,7 +32,7 @@ let }; }); in { - hosts = addNames { + hosts = { wolf = { dc = "shack"; nets = { @@ -68,7 +68,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; }; } // testHosts; - users = addNames { + users = { shared = { mail = "spam@krebsco.de"; pubkey = "lol"; # TODO krebs.users.shared.pubkey should be unnecessary diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 9adb0ce11..ca07acd17 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -6,7 +6,7 @@ with lib; dns.providers = { de.viljetic = "regfish"; }; - hosts = addNames { + hosts = { cd = rec { cores = 2; dc = "tv"; #dc = "cac"; @@ -351,7 +351,7 @@ with lib; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; }; - users = addNames rec { + users = rec { mv = { mail = "mv@cd.retiolum"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; -- cgit v1.2.3 From 01dbc54c3207b44e4adaaae92fffc8a34bda6f18 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 05:09:56 +0100 Subject: krebs.backup: determine fastest address --- krebs/3modules/backup.nix | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 17d8a3c98..0f85b4879 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -145,9 +145,11 @@ let set -efu identity=${shell.escape plan.src.host.ssh.privkey.path} src=${shell.escape plan.src.path} - dst_target=${shell.escape "root@${getFQDN plan.dst.host}"} + dst_user=root + dst_host=$(${fastest-address plan.dst.host}) + dst_port=$(${network-ssh-port plan.dst.host "$dst_host"}) dst_path=${shell.escape plan.dst.path} - dst=$dst_target:$dst_path + dst=$dst_user@$dst_host:$dst_path # Export NOW so runtime of rsync doesn't influence snapshot naming. export NOW @@ -156,7 +158,7 @@ let echo >&2 "update snapshot: current; $src -> $dst" rsync >&2 \ -aAXF --delete \ - -e "ssh -F /dev/null -i $identity" \ + -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \ --rsync-path ${shell.escape "mkdir -m 0700 -p ${shell.escape plan.dst.path} && rsync"} \ --link-dest="$dst_path/current" \ @@ -165,10 +167,10 @@ let exec ssh -F /dev/null \ -i "$identity" \ - "$dst_target" \ + ''${dst_port:+-p $dst_port} \ + "$dst_user@$dst_host" \ -T \ env NOW="$NOW" /bin/sh < ${remote-snapshot} - EOF ''; remote-snapshot = writeDash "backup.${plan.name}.push.remote-snapshot" '' @@ -205,7 +207,11 @@ let # TODO check if there is a previous set -efu identity=${shell.escape plan.dst.host.ssh.privkey.path} - src=${shell.escape "root@${getFQDN plan.src.host}:${plan.src.path}"} + src_user=root + src_host=$(${fastest-address plan.src.host}) + src_port=$(${network-ssh-port plan.src.host "$src_host"}) + src_path=${shell.escape plan.src.path} + src=$src_user@$src_host:$src_path dst=${shell.escape plan.dst.path} # Export NOW so runtime of rsync doesn't influence snapshot naming. @@ -216,7 +222,7 @@ let mkdir -m 0700 -p ${shell.escape plan.dst.path} rsync >&2 \ -aAXF --delete \ - -e "ssh -F /dev/null -i $identity" \ + -e "ssh -F /dev/null -i $identity ''${src_port:+-p $src_port}" \ --link-dest="$dst/current" \ "$src/" \ "$dst/.partial" @@ -274,9 +280,6 @@ let plan.snapshots)} ''; - # TODO getFQDN: admit hosts in other domains - getFQDN = host: "${host.name}.${config.krebs.search-domain}"; - writeDash = name: text: pkgs.writeScript name '' #! ${pkgs.dash}/bin/dash ${text} @@ -292,6 +295,26 @@ let ''; }; + # XXX Is one ping enough to determine fastest address? + # Note that we're using net.addrs4 instead of net.aliases because we define + # ports only for addresses. See krebs/3modules/default.nix + fastest-address = host: '' + { ${pkgs.fping}/bin/fping Date: Sun, 7 Feb 2016 05:14:37 +0100 Subject: tv: define config.krebs.hosts.*.nets.gg23.ssh.port --- krebs/3modules/tv/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index ca07acd17..b9a6c5163 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -198,6 +198,7 @@ with lib; gg23 = { addrs4 = ["10.23.1.110"]; aliases = ["nomic.gg23"]; + ssh.port = 11423; }; retiolum = { addrs4 = ["10.243.0.110"]; @@ -292,6 +293,7 @@ with lib; gg23 = { addrs4 = ["10.23.1.37"]; aliases = ["wu.gg23"]; + ssh.port = 11423; }; retiolum = { addrs4 = ["10.243.13.37"]; @@ -326,6 +328,7 @@ with lib; gg23 = { addrs4 = ["10.23.1.38"]; aliases = ["xu.gg23"]; + ssh.port = 11423; }; retiolum = { addrs4 = ["10.243.13.38"]; -- cgit v1.2.3 From 949f466cf78ba2e76002012715172e5d5d394006 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 05:17:07 +0100 Subject: tv: s/_/-/g in usernames --- krebs/3modules/mv/default.nix | 2 +- krebs/3modules/tv/default.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index 70417157f..7245c143d 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -32,7 +32,7 @@ with lib; }; }; users = { - mv_stro = { + mv-stro = { mail = "mv@stro.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro"; }; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index b9a6c5163..b6d779981 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -363,11 +363,11 @@ with lib; mail = "tv@wu.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"; }; - tv_nomic = { + tv-nomic = { inherit (tv) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2"; }; - tv_xu = { + tv-xu = { inherit (tv) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu"; }; -- cgit v1.2.3 From 02ad327081f2315b9ab15733319b167f64180a0d Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 05:32:03 +0100 Subject: krebs.backup writeDash* -> pkgs --- krebs/3modules/backup.nix | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 0f85b4879..ae766fa9d 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -128,11 +128,11 @@ let }; push = plan: let - # We use writeDashBin and return the absolute path so systemd will produce - # nice names in the log, i.e. without the Nix store hash. + # We use pkgs.writeDashBin and return the absolute path so systemd will + # produce nice names in the log, i.e. without the Nix store hash. out = "${main}/bin/${main.name}"; - main = writeDashBin "backup.${plan.name}.push" '' + main = pkgs.writeDashBin "backup.${plan.name}.push" '' set -efu dst=${shell.escape plan.dst.path} @@ -140,7 +140,7 @@ let exec flock -n "$dst" ${critical-section} ''; - critical-section = writeDash "backup.${plan.name}.push.critical-section" '' + critical-section = pkgs.writeDash "backup.${plan.name}.push.critical-section" '' # TODO check if there is a previous set -efu identity=${shell.escape plan.src.host.ssh.privkey.path} @@ -173,7 +173,7 @@ let env NOW="$NOW" /bin/sh < ${remote-snapshot} ''; - remote-snapshot = writeDash "backup.${plan.name}.push.remote-snapshot" '' + remote-snapshot = pkgs.writeDash "backup.${plan.name}.push.remote-snapshot" '' set -efu dst=${shell.escape plan.dst.path} @@ -191,11 +191,11 @@ let # TODO admit plan.dst.user and its ssh identity pull = plan: let - # We use writeDashBin and return the absolute path so systemd will produce - # nice names in the log, i.e. without the Nix store hash. + # We use pkgs.writeDashBin and return the absolute path so systemd will + # produce nice names in the log, i.e. without the Nix store hash. out = "${main}/bin/${main.name}"; - main = writeDashBin "backup.${plan.name}.pull" '' + main = pkgs.writeDashBin "backup.${plan.name}.pull" '' set -efu dst=${shell.escape plan.dst.path} @@ -203,7 +203,7 @@ let exec flock -n "$dst" ${critical-section} ''; - critical-section = writeDash "backup.${plan.name}.pull.critical-section" '' + critical-section = pkgs.writeDash "backup.${plan.name}.pull.critical-section" '' # TODO check if there is a previous set -efu identity=${shell.escape plan.dst.host.ssh.privkey.path} @@ -235,7 +235,7 @@ let ''; in out; - take-snapshots = plan: writeDash "backup.${plan.name}.take-snapshots" '' + take-snapshots = plan: pkgs.writeDash "backup.${plan.name}.take-snapshots" '' set -efu NOW=''${NOW-$(date +%s)} dst=${shell.escape plan.dst.path} @@ -280,21 +280,6 @@ let plan.snapshots)} ''; - writeDash = name: text: pkgs.writeScript name '' - #! ${pkgs.dash}/bin/dash - ${text} - ''; - - writeDashBin = name: text: pkgs.writeTextFile { - executable = true; - destination = "/bin/${name}"; - name = name; - text = '' - #! ${pkgs.dash}/bin/dash - ${text} - ''; - }; - # XXX Is one ping enough to determine fastest address? # Note that we're using net.addrs4 instead of net.aliases because we define # ports only for addresses. See krebs/3modules/default.nix -- cgit v1.2.3 From 076f93bc02897b01e3ed997fb2f9a543eb6547c9 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 05:38:27 +0100 Subject: mu: 10.243.20.01 -> 10.243.20.1 --- krebs/3modules/tv/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index b6d779981..abcc67933 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -172,7 +172,7 @@ with lib; mu = { nets = { retiolum = { - addrs4 = ["10.243.20.01"]; + addrs4 = ["10.243.20.1"]; addrs6 = ["42:0:0:0:0:0:0:2001"]; aliases = [ "mu.r" -- cgit v1.2.3 From b746dd09361b0cfb14abd3995afe10536c8fcad8 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 06:22:56 +0100 Subject: krebs.backup: ensure link dest exists --- krebs/3modules/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index ae766fa9d..d50628073 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -160,7 +160,7 @@ let -aAXF --delete \ -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \ --rsync-path ${shell.escape - "mkdir -m 0700 -p ${shell.escape plan.dst.path} && rsync"} \ + "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current && rsync"} \ --link-dest="$dst_path/current" \ "$src/" \ "$dst/.partial" -- cgit v1.2.3 From f1ebd4e4e1bdc76bfca894ace336064b81cc98a1 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 06:43:26 +0100 Subject: krebs knownHosts: add-port everywhere --- krebs/3modules/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 529506905..e11d40a05 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -179,7 +179,6 @@ let (mapAttrsToList (net-name: net: let - aliases = shorts ++ longs; longs = net.aliases; shorts = map (removeSuffix ".${cfg.search-domain}") @@ -190,7 +189,7 @@ let then "[${a}]:${toString net.ssh.port}" else a; in - aliases ++ map add-port net.addrs) + map add-port (shorts ++ longs ++ net.addrs)) host.nets); publicKey = host.ssh.pubkey; -- cgit v1.2.3 From 4c40eba8161d4afaa85984737c6f03adf861be7a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 15:58:49 +0100 Subject: krebs: add localhost to knownHosts --- krebs/3modules/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e11d40a05..e4e5642ce 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -155,7 +155,16 @@ let let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) (mkForce [privkey]); + # TODO use imports for merging services.openssh.knownHosts = + (let inherit (config.krebs.build.host.ssh) pubkey; in + optionalAttrs (pubkey != null) { + localhost = { + hostNames = ["localhost" "127.0.0.1" "::1"]; + publicKey = pubkey; + }; + }) + // # GitHub's IPv4 address range is 192.30.252.0/22 # Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) -- cgit v1.2.3 From 00525dc0ef2b73e6d883eb6e7358a616b8c15b69 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 16:08:07 +0100 Subject: krebs.backup.plans.*.startAt: null disables timer --- krebs/3modules/backup.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index d50628073..881e126f6 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -30,7 +30,7 @@ let }; startAt = mkOption { default = "hourly"; - type = types.str; # TODO systemd.time(7)'s calendar event + type = with types; nullOr str; # TODO systemd.time(7)'s calendar event }; snapshots = mkOption { default = { @@ -115,7 +115,8 @@ let ExecStart = push plan; Type = "oneshot"; }; - startAt = plan.startAt; + } // optionalAttrs (plan.startAt != null) { + inherit (plan) startAt; }; makePullService = plan: assert isPullDst plan; { @@ -124,7 +125,8 @@ let ExecStart = pull plan; Type = "oneshot"; }; - startAt = plan.startAt; + } // optionalAttrs (plan.startAt != null) { + inherit (plan) startAt; }; push = plan: let -- cgit v1.2.3 From d01c6f9dbcd2d1d7ccccff5fc8c41ffb53d04a42 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 16:09:46 +0100 Subject: krebs.backup: don't append .{pull,push} to service name --- krebs/3modules/backup.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 881e126f6..935370d9c 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -72,12 +72,12 @@ let ; systemd.services = flip mapAttrs' (filterAttrs (_:isPullDst) cfg.plans) (name: plan: { - name = "backup.${name}.pull"; + name = "backup.${name}"; value = makePullService plan; }) // flip mapAttrs' (filterAttrs (_:isPushSrc) cfg.plans) (name: plan: { - name = "backup.${name}.push"; + name = "backup.${name}"; value = makePushService plan; }) ; -- cgit v1.2.3 From 071194c3946b325103311f5c6528fba30580f125 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 16:21:58 +0100 Subject: krebs.backup: DRY up push and pull --- krebs/3modules/backup.nix | 333 +++++++++++++++++----------------------------- 1 file changed, 125 insertions(+), 208 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 935370d9c..fa5b0cfd2 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -58,228 +58,145 @@ let }; imp = { - users.groups.backup.gid = genid "backup"; - users.users = {} - // { - root.openssh.authorizedKeys.keys = - map (plan: plan.dst.host.ssh.pubkey) - (filter isPullSrc (attrValues cfg.plans)) - ++ - map (plan: plan.src.host.ssh.pubkey) - (filter isPushDst (attrValues cfg.plans)) - ; - } - ; systemd.services = - flip mapAttrs' (filterAttrs (_:isPullDst) cfg.plans) (name: plan: { - name = "backup.${name}"; - value = makePullService plan; - }) - // - flip mapAttrs' (filterAttrs (_:isPushSrc) cfg.plans) (name: plan: { - name = "backup.${name}"; - value = makePushService plan; - }) - ; - }; - - isPushSrc = plan: - plan.method == "push" && - plan.src.host.name == config.krebs.build.host.name; - - isPullSrc = plan: - plan.method == "pull" && - plan.src.host.name == config.krebs.build.host.name; - - isPushDst = plan: - plan.method == "push" && - plan.dst.host.name == config.krebs.build.host.name; - - isPullDst = plan: - plan.method == "pull" && - plan.dst.host.name == config.krebs.build.host.name; - - # TODO push destination needs this in the dst.user's PATH - service-path = [ - pkgs.coreutils - pkgs.gnused - pkgs.openssh - pkgs.rsync - pkgs.utillinux - ]; - - # TODO if there is plan.user, then use its privkey - makePushService = plan: assert isPushSrc plan; { - path = service-path; - serviceConfig = { - ExecStart = push plan; - Type = "oneshot"; - }; - } // optionalAttrs (plan.startAt != null) { - inherit (plan) startAt; - }; + listToAttrs (map (plan: nameValuePair "backup.${plan.name}" { + # TODO if there is plan.user, then use its privkey + # TODO push destination users need a similar path + path = with pkgs; [ + coreutils + gnused + openssh + rsync + utillinux + ]; + serviceConfig = rec { + ExecStart = start plan; + SyslogIdentifier = ExecStart.name; + Type = "oneshot"; + }; + } // optionalAttrs (plan.startAt != null) { + inherit (plan) startAt; + }) (filter (plan: build-host-is "pull" "dst" plan || + build-host-is "push" "src" plan) + (attrValues cfg.plans))); - makePullService = plan: assert isPullDst plan; { - path = service-path; - serviceConfig = { - ExecStart = pull plan; - Type = "oneshot"; - }; - } // optionalAttrs (plan.startAt != null) { - inherit (plan) startAt; + users.groups.backup.gid = genid "backup"; + users.users.root.openssh.authorizedKeys.keys = + map (plan: getAttr plan.method { + push = plan.src.host.ssh.pubkey; + pull = plan.dst.host.ssh.pubkey; + }) (filter (plan: build-host-is "pull" "src" plan || + build-host-is "push" "dst" plan) + (attrValues cfg.plans)); }; - push = plan: let - # We use pkgs.writeDashBin and return the absolute path so systemd will - # produce nice names in the log, i.e. without the Nix store hash. - out = "${main}/bin/${main.name}"; - - main = pkgs.writeDashBin "backup.${plan.name}.push" '' - set -efu - dst=${shell.escape plan.dst.path} - - mkdir -m 0700 -p "$dst" - exec flock -n "$dst" ${critical-section} - ''; - - critical-section = pkgs.writeDash "backup.${plan.name}.push.critical-section" '' - # TODO check if there is a previous - set -efu - identity=${shell.escape plan.src.host.ssh.privkey.path} - src=${shell.escape plan.src.path} - dst_user=root - dst_host=$(${fastest-address plan.dst.host}) - dst_port=$(${network-ssh-port plan.dst.host "$dst_host"}) - dst_path=${shell.escape plan.dst.path} - dst=$dst_user@$dst_host:$dst_path - - # Export NOW so runtime of rsync doesn't influence snapshot naming. - export NOW - NOW=$(date +%s) - - echo >&2 "update snapshot: current; $src -> $dst" - rsync >&2 \ - -aAXF --delete \ - -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \ - --rsync-path ${shell.escape - "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current && rsync"} \ - --link-dest="$dst_path/current" \ - "$src/" \ - "$dst/.partial" + build-host-is = method: side: plan: + plan.method == method && + config.krebs.build.host.name == plan.${side}.host.name; - exec ssh -F /dev/null \ - -i "$identity" \ - ''${dst_port:+-p $dst_port} \ - "$dst_user@$dst_host" \ - -T \ - env NOW="$NOW" /bin/sh < ${remote-snapshot} - ''; - - remote-snapshot = pkgs.writeDash "backup.${plan.name}.push.remote-snapshot" '' - set -efu - dst=${shell.escape plan.dst.path} - - if test -e "$dst/current"; then - mv "$dst/current" "$dst/.previous" - fi - mv "$dst/.partial" "$dst/current" - rm -fR "$dst/.previous" - echo >&2 - - (${(take-snapshots plan).text}) - ''; - - in out; - - # TODO admit plan.dst.user and its ssh identity - pull = plan: let - # We use pkgs.writeDashBin and return the absolute path so systemd will - # produce nice names in the log, i.e. without the Nix store hash. - out = "${main}/bin/${main.name}"; - - main = pkgs.writeDashBin "backup.${plan.name}.pull" '' + start = plan: pkgs.writeDash "backup.${plan.name}" '' + set -efu + ${getAttr plan.method { + push = '' + identity=${shell.escape plan.src.host.ssh.privkey.path} + src_path=${shell.escape plan.src.path} + src=$src_path + dst_user=root + dst_host=$(${fastest-address plan.dst.host}) + dst_port=$(${network-ssh-port plan.dst.host "$dst_host"}) + dst_path=${shell.escape plan.dst.path} + dst=$dst_user@$dst_host:$dst_path + echo "update snapshot: current; $src -> $dst" >&2 + dst_shell() { + exec ssh -F /dev/null \ + -i "$identity" \ + ''${dst_port:+-p $dst_port} \ + "$dst_user@$dst_host" \ + -T "$with_dst_path_lock_script" + } + ''; + pull = '' + identity=${shell.escape plan.dst.host.ssh.privkey.path} + src_user=root + src_host=$(${fastest-address plan.src.host}) + src_port=$(${network-ssh-port plan.src.host "$src_host"}) + src_path=${shell.escape plan.src.path} + src=$src_user@$src_host:$src_path + dst_path=${shell.escape plan.dst.path} + dst=$dst_path + echo "update snapshot: current; $dst <- $src" >&2 + dst_shell() { + eval "$with_dst_path_lock_script" + } + ''; + }} + # Note that this only works because we trust date +%s to produce output + # that doesn't need quoting when used to generate a command string. + # TODO relax this requirement by selectively allowing to inject variables + # e.g.: ''${shell.quote "exec env NOW=''${shell.unquote "$NOW"} ..."} + with_dst_path_lock_script="exec env start_date=$(date +%s) "${shell.escape + "flock -n ${shell.escape plan.dst.path} /bin/sh" + } + rsync >&2 \ + -aAXF --delete \ + -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \ + --rsync-path ${shell.escape (concatStringsSep " && " [ + "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current" + "exec flock -n ${shell.escape plan.dst.path} rsync" + ])} \ + --link-dest="$dst_path/current" \ + "$src/" \ + "$dst/.partial" + dst_shell < ${toFile "backup.${plan.name}.take-snapshots" '' set -efu - dst=${shell.escape plan.dst.path} + : $start_date - mkdir -m 0700 -p "$dst" - exec flock -n "$dst" ${critical-section} - ''; - - critical-section = pkgs.writeDash "backup.${plan.name}.pull.critical-section" '' - # TODO check if there is a previous - set -efu - identity=${shell.escape plan.dst.host.ssh.privkey.path} - src_user=root - src_host=$(${fastest-address plan.src.host}) - src_port=$(${network-ssh-port plan.src.host "$src_host"}) - src_path=${shell.escape plan.src.path} - src=$src_user@$src_host:$src_path dst=${shell.escape plan.dst.path} - # Export NOW so runtime of rsync doesn't influence snapshot naming. - export NOW - NOW=$(date +%s) - - echo >&2 "update snapshot: current; $dst <- $src" - mkdir -m 0700 -p ${shell.escape plan.dst.path} - rsync >&2 \ - -aAXF --delete \ - -e "ssh -F /dev/null -i $identity ''${src_port:+-p $src_port}" \ - --link-dest="$dst/current" \ - "$src/" \ - "$dst/.partial" mv "$dst/current" "$dst/.previous" mv "$dst/.partial" "$dst/current" rm -fR "$dst/.previous" echo >&2 - exec ${take-snapshots plan} - ''; - in out; - - take-snapshots = plan: pkgs.writeDash "backup.${plan.name}.take-snapshots" '' - set -efu - NOW=''${NOW-$(date +%s)} - dst=${shell.escape plan.dst.path} - - snapshot() {( - : $ns $format $retain - name=$(date --date="@$NOW" +"$format") - if ! test -e "$dst/$ns/$name"; then - echo >&2 "create snapshot: $ns/$name" - mkdir -m 0700 -p "$dst/$ns" - rsync >&2 \ - -aAXF --delete \ - --link-dest="$dst/current" \ - "$dst/current/" \ - "$dst/$ns/.partial.$name" - mv "$dst/$ns/.partial.$name" "$dst/$ns/$name" - echo >&2 - fi - case $retain in -