From 29746aec06b7d42d3c87245f6f14f048234251e4 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 6 Feb 2016 18:54:01 +0100 Subject: krebs.{backup.plans,hosts,users}.*.name: add default value --- krebs/3modules/backup.nix | 3 ++- krebs/3modules/lass/default.nix | 4 ++-- krebs/3modules/makefu/default.nix | 4 ++-- krebs/3modules/mv/default.nix | 4 ++-- krebs/3modules/shared/default.nix | 4 ++-- krebs/3modules/tv/default.nix | 4 ++-- 6 files changed, 12 insertions(+), 11 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index a1f33590..17d8a3c9 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -12,7 +12,7 @@ let enable = mkEnableOption "krebs.backup" // { default = true; }; plans = mkOption { default = {}; - type = types.attrsOf (types.submodule ({ + type = types.attrsOf (types.submodule ({ config, ... }: { # TODO enable = mkEnableOption "TODO" // { default = true; }; options = { method = mkOption { @@ -20,6 +20,7 @@ let }; name = mkOption { type = types.str; + default = config._module.args.name; }; src = mkOption { type = types.krebs.file-location; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 26b0947b..c880ea78 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -3,7 +3,7 @@ with lib; { - hosts = addNames { + hosts = { echelon = { cores = 2; dc = "lass"; #dc = "cac"; @@ -214,7 +214,7 @@ with lib; }; }; - users = addNames { + users = { lass = { pubkey = readFile ../../Zpubkeys/lass.ssh.pub; mail = "lass@mors.retiolum"; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 38e773b5..693a954a 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -3,7 +3,7 @@ with lib; { - hosts = addNames { + hosts = { pnp = { cores = 1; dc = "makefu"; #vm on 'omo' @@ -364,7 +364,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; }; - users = addNames rec { + users = rec { makefu = { mail = "makefu@pornocauster.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index 6da2abc8..70417157 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -3,7 +3,7 @@ with lib; { - hosts = addNames { + hosts = { stro = { cores = 4; dc = "mv"; @@ -31,7 +31,7 @@ with lib; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+7Qa51l0NSkBiaK2s8vQEoeObV3UPZyEzMxfUK/ZAO root@stro"; }; }; - users = addNames { + users = { mv_stro = { mail = "mv@stro.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro"; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 91d92857..52aa4de4 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -32,7 +32,7 @@ let }; }); in { - hosts = addNames { + hosts = { wolf = { dc = "shack"; nets = { @@ -68,7 +68,7 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR"; }; } // testHosts; - users = addNames { + users = { shared = { mail = "spam@krebsco.de"; pubkey = "lol"; # TODO krebs.users.shared.pubkey should be unnecessary diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 9adb0ce1..ca07acd1 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -6,7 +6,7 @@ with lib; dns.providers = { de.viljetic = "regfish"; }; - hosts = addNames { + hosts = { cd = rec { cores = 2; dc = "tv"; #dc = "cac"; @@ -351,7 +351,7 @@ with lib; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; }; - users = addNames rec { + users = rec { mv = { mail = "mv@cd.retiolum"; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod"; -- cgit v1.2.3 From 01dbc54c3207b44e4adaaae92fffc8a34bda6f18 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 05:09:56 +0100 Subject: krebs.backup: determine fastest address --- krebs/3modules/backup.nix | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 17d8a3c9..0f85b487 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -145,9 +145,11 @@ let set -efu identity=${shell.escape plan.src.host.ssh.privkey.path} src=${shell.escape plan.src.path} - dst_target=${shell.escape "root@${getFQDN plan.dst.host}"} + dst_user=root + dst_host=$(${fastest-address plan.dst.host}) + dst_port=$(${network-ssh-port plan.dst.host "$dst_host"}) dst_path=${shell.escape plan.dst.path} - dst=$dst_target:$dst_path + dst=$dst_user@$dst_host:$dst_path # Export NOW so runtime of rsync doesn't influence snapshot naming. export NOW @@ -156,7 +158,7 @@ let echo >&2 "update snapshot: current; $src -> $dst" rsync >&2 \ -aAXF --delete \ - -e "ssh -F /dev/null -i $identity" \ + -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \ --rsync-path ${shell.escape "mkdir -m 0700 -p ${shell.escape plan.dst.path} && rsync"} \ --link-dest="$dst_path/current" \ @@ -165,10 +167,10 @@ let exec ssh -F /dev/null \ -i "$identity" \ - "$dst_target" \ + ''${dst_port:+-p $dst_port} \ + "$dst_user@$dst_host" \ -T \ env NOW="$NOW" /bin/sh < ${remote-snapshot} - EOF ''; remote-snapshot = writeDash "backup.${plan.name}.push.remote-snapshot" '' @@ -205,7 +207,11 @@ let # TODO check if there is a previous set -efu identity=${shell.escape plan.dst.host.ssh.privkey.path} - src=${shell.escape "root@${getFQDN plan.src.host}:${plan.src.path}"} + src_user=root + src_host=$(${fastest-address plan.src.host}) + src_port=$(${network-ssh-port plan.src.host "$src_host"}) + src_path=${shell.escape plan.src.path} + src=$src_user@$src_host:$src_path dst=${shell.escape plan.dst.path} # Export NOW so runtime of rsync doesn't influence snapshot naming. @@ -216,7 +222,7 @@ let mkdir -m 0700 -p ${shell.escape plan.dst.path} rsync >&2 \ -aAXF --delete \ - -e "ssh -F /dev/null -i $identity" \ + -e "ssh -F /dev/null -i $identity ''${src_port:+-p $src_port}" \ --link-dest="$dst/current" \ "$src/" \ "$dst/.partial" @@ -274,9 +280,6 @@ let plan.snapshots)} ''; - # TODO getFQDN: admit hosts in other domains - getFQDN = host: "${host.name}.${config.krebs.search-domain}"; - writeDash = name: text: pkgs.writeScript name '' #! ${pkgs.dash}/bin/dash ${text} @@ -292,6 +295,26 @@ let ''; }; + # XXX Is one ping enough to determine fastest address? + # Note that we're using net.addrs4 instead of net.aliases because we define + # ports only for addresses. See krebs/3modules/default.nix + fastest-address = host: '' + { ${pkgs.fping}/bin/fping Date: Sun, 7 Feb 2016 05:14:37 +0100 Subject: tv: define config.krebs.hosts.*.nets.gg23.ssh.port --- krebs/3modules/tv/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index ca07acd1..b9a6c516 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -198,6 +198,7 @@ with lib; gg23 = { addrs4 = ["10.23.1.110"]; aliases = ["nomic.gg23"]; + ssh.port = 11423; }; retiolum = { addrs4 = ["10.243.0.110"]; @@ -292,6 +293,7 @@ with lib; gg23 = { addrs4 = ["10.23.1.37"]; aliases = ["wu.gg23"]; + ssh.port = 11423; }; retiolum = { addrs4 = ["10.243.13.37"]; @@ -326,6 +328,7 @@ with lib; gg23 = { addrs4 = ["10.23.1.38"]; aliases = ["xu.gg23"]; + ssh.port = 11423; }; retiolum = { addrs4 = ["10.243.13.38"]; -- cgit v1.2.3 From 949f466cf78ba2e76002012715172e5d5d394006 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 05:17:07 +0100 Subject: tv: s/_/-/g in usernames --- krebs/3modules/mv/default.nix | 2 +- krebs/3modules/tv/default.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index 70417157..7245c143 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -32,7 +32,7 @@ with lib; }; }; users = { - mv_stro = { + mv-stro = { mail = "mv@stro.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxM34g1GUm5EtU00DAOlGSx8MsCWunhGTrozurj460QT7EdUbZvj0AcrQC0lP9kaZyhX+KueTjmLC+ICsnlHYeg4zoSEnSAUkccuyZxfgynVc4wrpfNAc1nHjDhDb/ulnC+8wNxvxUpI0XlBgu/Y7AbbChZj3ofv6uGGHJKfG3uSyCkt9VTCi1KwydHpe9P252N8NbopnbnkT0EMkRHruh7ICEKr4/ivmUL/IUrbFicEeCy4SeRAl8+00x4WqqvbBPzgdXn0AIjKLvus3dBoQubJNpUoXnyXJbElnit5a7QcgZJNLMbV0kf9zzCGduxkADzHkAFB9D4PuSMYt62iy12QlGbm80A9ncuwaSyJf7hPTvNbU8VyCblyfRz/SCaudUrfk5Xbxxu26FHi4hZqr3IUQt4T8pD8JWYGl4n2ZKnD8hHz/jrmNBK8h9d+VFafU9t1hRxlFsW1AhMEM+kfWClyhfTcKBKbml2a657lgUEVmlZt+18kwwsivM1QhHNTgxn5urRXRkh1VQ40UQroVuV1OUmvAngyAthF441VPGc5z7kEI+D4qjmUjSy6k4dvEy/RGfsAgJCf63zilRuUbL68f2OpxE8aeZZUXPvgdLml284pry7+C5sjlnCDoJfCj/yhdVx6mU9pWUd/Q97CLQewbsYhMzsqlBlIkXuipkDQ== mv@stro"; }; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index b9a6c516..b6d77998 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -363,11 +363,11 @@ with lib; mail = "tv@wu.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu"; }; - tv_nomic = { + tv-nomic = { inherit (tv) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2"; }; - tv_xu = { + tv-xu = { inherit (tv) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu"; }; -- cgit v1.2.3 From 02ad327081f2315b9ab15733319b167f64180a0d Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 05:32:03 +0100 Subject: krebs.backup writeDash* -> pkgs --- krebs/3modules/backup.nix | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 0f85b487..ae766fa9 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -128,11 +128,11 @@ let }; push = plan: let - # We use writeDashBin and return the absolute path so systemd will produce - # nice names in the log, i.e. without the Nix store hash. + # We use pkgs.writeDashBin and return the absolute path so systemd will + # produce nice names in the log, i.e. without the Nix store hash. out = "${main}/bin/${main.name}"; - main = writeDashBin "backup.${plan.name}.push" '' + main = pkgs.writeDashBin "backup.${plan.name}.push" '' set -efu dst=${shell.escape plan.dst.path} @@ -140,7 +140,7 @@ let exec flock -n "$dst" ${critical-section} ''; - critical-section = writeDash "backup.${plan.name}.push.critical-section" '' + critical-section = pkgs.writeDash "backup.${plan.name}.push.critical-section" '' # TODO check if there is a previous set -efu identity=${shell.escape plan.src.host.ssh.privkey.path} @@ -173,7 +173,7 @@ let env NOW="$NOW" /bin/sh < ${remote-snapshot} ''; - remote-snapshot = writeDash "backup.${plan.name}.push.remote-snapshot" '' + remote-snapshot = pkgs.writeDash "backup.${plan.name}.push.remote-snapshot" '' set -efu dst=${shell.escape plan.dst.path} @@ -191,11 +191,11 @@ let # TODO admit plan.dst.user and its ssh identity pull = plan: let - # We use writeDashBin and return the absolute path so systemd will produce - # nice names in the log, i.e. without the Nix store hash. + # We use pkgs.writeDashBin and return the absolute path so systemd will + # produce nice names in the log, i.e. without the Nix store hash. out = "${main}/bin/${main.name}"; - main = writeDashBin "backup.${plan.name}.pull" '' + main = pkgs.writeDashBin "backup.${plan.name}.pull" '' set -efu dst=${shell.escape plan.dst.path} @@ -203,7 +203,7 @@ let exec flock -n "$dst" ${critical-section} ''; - critical-section = writeDash "backup.${plan.name}.pull.critical-section" '' + critical-section = pkgs.writeDash "backup.${plan.name}.pull.critical-section" '' # TODO check if there is a previous set -efu identity=${shell.escape plan.dst.host.ssh.privkey.path} @@ -235,7 +235,7 @@ let ''; in out; - take-snapshots = plan: writeDash "backup.${plan.name}.take-snapshots" '' + take-snapshots = plan: pkgs.writeDash "backup.${plan.name}.take-snapshots" '' set -efu NOW=''${NOW-$(date +%s)} dst=${shell.escape plan.dst.path} @@ -280,21 +280,6 @@ let plan.snapshots)} ''; - writeDash = name: text: pkgs.writeScript name '' - #! ${pkgs.dash}/bin/dash - ${text} - ''; - - writeDashBin = name: text: pkgs.writeTextFile { - executable = true; - destination = "/bin/${name}"; - name = name; - text = '' - #! ${pkgs.dash}/bin/dash - ${text} - ''; - }; - # XXX Is one ping enough to determine fastest address? # Note that we're using net.addrs4 instead of net.aliases because we define # ports only for addresses. See krebs/3modules/default.nix -- cgit v1.2.3 From 076f93bc02897b01e3ed997fb2f9a543eb6547c9 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 05:38:27 +0100 Subject: mu: 10.243.20.01 -> 10.243.20.1 --- krebs/3modules/tv/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index b6d77998..abcc6793 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -172,7 +172,7 @@ with lib; mu = { nets = { retiolum = { - addrs4 = ["10.243.20.01"]; + addrs4 = ["10.243.20.1"]; addrs6 = ["42:0:0:0:0:0:0:2001"]; aliases = [ "mu.r" -- cgit v1.2.3 From b746dd09361b0cfb14abd3995afe10536c8fcad8 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 06:22:56 +0100 Subject: krebs.backup: ensure link dest exists --- krebs/3modules/backup.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index ae766fa9..d5062807 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -160,7 +160,7 @@ let -aAXF --delete \ -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \ --rsync-path ${shell.escape - "mkdir -m 0700 -p ${shell.escape plan.dst.path} && rsync"} \ + "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current && rsync"} \ --link-dest="$dst_path/current" \ "$src/" \ "$dst/.partial" -- cgit v1.2.3 From f1ebd4e4e1bdc76bfca894ace336064b81cc98a1 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 06:43:26 +0100 Subject: krebs knownHosts: add-port everywhere --- krebs/3modules/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 52950690..e11d40a0 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -179,7 +179,6 @@ let (mapAttrsToList (net-name: net: let - aliases = shorts ++ longs; longs = net.aliases; shorts = map (removeSuffix ".${cfg.search-domain}") @@ -190,7 +189,7 @@ let then "[${a}]:${toString net.ssh.port}" else a; in - aliases ++ map add-port net.addrs) + map add-port (shorts ++ longs ++ net.addrs)) host.nets); publicKey = host.ssh.pubkey; -- cgit v1.2.3 From 4c40eba8161d4afaa85984737c6f03adf861be7a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 15:58:49 +0100 Subject: krebs: add localhost to knownHosts --- krebs/3modules/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index e11d40a0..e4e5642c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -155,7 +155,16 @@ let let inherit (config.krebs.build.host.ssh) privkey; in mkIf (privkey != null) (mkForce [privkey]); + # TODO use imports for merging services.openssh.knownHosts = + (let inherit (config.krebs.build.host.ssh) pubkey; in + optionalAttrs (pubkey != null) { + localhost = { + hostNames = ["localhost" "127.0.0.1" "::1"]; + publicKey = pubkey; + }; + }) + // # GitHub's IPv4 address range is 192.30.252.0/22 # Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) -- cgit v1.2.3 From 00525dc0ef2b73e6d883eb6e7358a616b8c15b69 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 16:08:07 +0100 Subject: krebs.backup.plans.*.startAt: null disables timer --- krebs/3modules/backup.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index d5062807..881e126f 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -30,7 +30,7 @@ let }; startAt = mkOption { default = "hourly"; - type = types.str; # TODO systemd.time(7)'s calendar event + type = with types; nullOr str; # TODO systemd.time(7)'s calendar event }; snapshots = mkOption { default = { @@ -115,7 +115,8 @@ let ExecStart = push plan; Type = "oneshot"; }; - startAt = plan.startAt; + } // optionalAttrs (plan.startAt != null) { + inherit (plan) startAt; }; makePullService = plan: assert isPullDst plan; { @@ -124,7 +125,8 @@ let ExecStart = pull plan; Type = "oneshot"; }; - startAt = plan.startAt; + } // optionalAttrs (plan.startAt != null) { + inherit (plan) startAt; }; push = plan: let -- cgit v1.2.3 From d01c6f9dbcd2d1d7ccccff5fc8c41ffb53d04a42 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 16:09:46 +0100 Subject: krebs.backup: don't append .{pull,push} to service name --- krebs/3modules/backup.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 881e126f..935370d9 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -72,12 +72,12 @@ let ; systemd.services = flip mapAttrs' (filterAttrs (_:isPullDst) cfg.plans) (name: plan: { - name = "backup.${name}.pull"; + name = "backup.${name}"; value = makePullService plan; }) // flip mapAttrs' (filterAttrs (_:isPushSrc) cfg.plans) (name: plan: { - name = "backup.${name}.push"; + name = "backup.${name}"; value = makePushService plan; }) ; -- cgit v1.2.3 From 071194c3946b325103311f5c6528fba30580f125 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 16:21:58 +0100 Subject: krebs.backup: DRY up push and pull --- krebs/3modules/backup.nix | 333 +++++++++++++++++----------------------------- 1 file changed, 125 insertions(+), 208 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 935370d9..fa5b0cfd 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -58,228 +58,145 @@ let }; imp = { - users.groups.backup.gid = genid "backup"; - users.users = {} - // { - root.openssh.authorizedKeys.keys = - map (plan: plan.dst.host.ssh.pubkey) - (filter isPullSrc (attrValues cfg.plans)) - ++ - map (plan: plan.src.host.ssh.pubkey) - (filter isPushDst (attrValues cfg.plans)) - ; - } - ; systemd.services = - flip mapAttrs' (filterAttrs (_:isPullDst) cfg.plans) (name: plan: { - name = "backup.${name}"; - value = makePullService plan; - }) - // - flip mapAttrs' (filterAttrs (_:isPushSrc) cfg.plans) (name: plan: { - name = "backup.${name}"; - value = makePushService plan; - }) - ; - }; - - isPushSrc = plan: - plan.method == "push" && - plan.src.host.name == config.krebs.build.host.name; - - isPullSrc = plan: - plan.method == "pull" && - plan.src.host.name == config.krebs.build.host.name; - - isPushDst = plan: - plan.method == "push" && - plan.dst.host.name == config.krebs.build.host.name; - - isPullDst = plan: - plan.method == "pull" && - plan.dst.host.name == config.krebs.build.host.name; - - # TODO push destination needs this in the dst.user's PATH - service-path = [ - pkgs.coreutils - pkgs.gnused - pkgs.openssh - pkgs.rsync - pkgs.utillinux - ]; - - # TODO if there is plan.user, then use its privkey - makePushService = plan: assert isPushSrc plan; { - path = service-path; - serviceConfig = { - ExecStart = push plan; - Type = "oneshot"; - }; - } // optionalAttrs (plan.startAt != null) { - inherit (plan) startAt; - }; + listToAttrs (map (plan: nameValuePair "backup.${plan.name}" { + # TODO if there is plan.user, then use its privkey + # TODO push destination users need a similar path + path = with pkgs; [ + coreutils + gnused + openssh + rsync + utillinux + ]; + serviceConfig = rec { + ExecStart = start plan; + SyslogIdentifier = ExecStart.name; + Type = "oneshot"; + }; + } // optionalAttrs (plan.startAt != null) { + inherit (plan) startAt; + }) (filter (plan: build-host-is "pull" "dst" plan || + build-host-is "push" "src" plan) + (attrValues cfg.plans))); - makePullService = plan: assert isPullDst plan; { - path = service-path; - serviceConfig = { - ExecStart = pull plan; - Type = "oneshot"; - }; - } // optionalAttrs (plan.startAt != null) { - inherit (plan) startAt; + users.groups.backup.gid = genid "backup"; + users.users.root.openssh.authorizedKeys.keys = + map (plan: getAttr plan.method { + push = plan.src.host.ssh.pubkey; + pull = plan.dst.host.ssh.pubkey; + }) (filter (plan: build-host-is "pull" "src" plan || + build-host-is "push" "dst" plan) + (attrValues cfg.plans)); }; - push = plan: let - # We use pkgs.writeDashBin and return the absolute path so systemd will - # produce nice names in the log, i.e. without the Nix store hash. - out = "${main}/bin/${main.name}"; - - main = pkgs.writeDashBin "backup.${plan.name}.push" '' - set -efu - dst=${shell.escape plan.dst.path} - - mkdir -m 0700 -p "$dst" - exec flock -n "$dst" ${critical-section} - ''; - - critical-section = pkgs.writeDash "backup.${plan.name}.push.critical-section" '' - # TODO check if there is a previous - set -efu - identity=${shell.escape plan.src.host.ssh.privkey.path} - src=${shell.escape plan.src.path} - dst_user=root - dst_host=$(${fastest-address plan.dst.host}) - dst_port=$(${network-ssh-port plan.dst.host "$dst_host"}) - dst_path=${shell.escape plan.dst.path} - dst=$dst_user@$dst_host:$dst_path - - # Export NOW so runtime of rsync doesn't influence snapshot naming. - export NOW - NOW=$(date +%s) - - echo >&2 "update snapshot: current; $src -> $dst" - rsync >&2 \ - -aAXF --delete \ - -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \ - --rsync-path ${shell.escape - "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current && rsync"} \ - --link-dest="$dst_path/current" \ - "$src/" \ - "$dst/.partial" + build-host-is = method: side: plan: + plan.method == method && + config.krebs.build.host.name == plan.${side}.host.name; - exec ssh -F /dev/null \ - -i "$identity" \ - ''${dst_port:+-p $dst_port} \ - "$dst_user@$dst_host" \ - -T \ - env NOW="$NOW" /bin/sh < ${remote-snapshot} - ''; - - remote-snapshot = pkgs.writeDash "backup.${plan.name}.push.remote-snapshot" '' - set -efu - dst=${shell.escape plan.dst.path} - - if test -e "$dst/current"; then - mv "$dst/current" "$dst/.previous" - fi - mv "$dst/.partial" "$dst/current" - rm -fR "$dst/.previous" - echo >&2 - - (${(take-snapshots plan).text}) - ''; - - in out; - - # TODO admit plan.dst.user and its ssh identity - pull = plan: let - # We use pkgs.writeDashBin and return the absolute path so systemd will - # produce nice names in the log, i.e. without the Nix store hash. - out = "${main}/bin/${main.name}"; - - main = pkgs.writeDashBin "backup.${plan.name}.pull" '' + start = plan: pkgs.writeDash "backup.${plan.name}" '' + set -efu + ${getAttr plan.method { + push = '' + identity=${shell.escape plan.src.host.ssh.privkey.path} + src_path=${shell.escape plan.src.path} + src=$src_path + dst_user=root + dst_host=$(${fastest-address plan.dst.host}) + dst_port=$(${network-ssh-port plan.dst.host "$dst_host"}) + dst_path=${shell.escape plan.dst.path} + dst=$dst_user@$dst_host:$dst_path + echo "update snapshot: current; $src -> $dst" >&2 + dst_shell() { + exec ssh -F /dev/null \ + -i "$identity" \ + ''${dst_port:+-p $dst_port} \ + "$dst_user@$dst_host" \ + -T "$with_dst_path_lock_script" + } + ''; + pull = '' + identity=${shell.escape plan.dst.host.ssh.privkey.path} + src_user=root + src_host=$(${fastest-address plan.src.host}) + src_port=$(${network-ssh-port plan.src.host "$src_host"}) + src_path=${shell.escape plan.src.path} + src=$src_user@$src_host:$src_path + dst_path=${shell.escape plan.dst.path} + dst=$dst_path + echo "update snapshot: current; $dst <- $src" >&2 + dst_shell() { + eval "$with_dst_path_lock_script" + } + ''; + }} + # Note that this only works because we trust date +%s to produce output + # that doesn't need quoting when used to generate a command string. + # TODO relax this requirement by selectively allowing to inject variables + # e.g.: ''${shell.quote "exec env NOW=''${shell.unquote "$NOW"} ..."} + with_dst_path_lock_script="exec env start_date=$(date +%s) "${shell.escape + "flock -n ${shell.escape plan.dst.path} /bin/sh" + } + rsync >&2 \ + -aAXF --delete \ + -e "ssh -F /dev/null -i $identity ''${dst_port:+-p $dst_port}" \ + --rsync-path ${shell.escape (concatStringsSep " && " [ + "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current" + "exec flock -n ${shell.escape plan.dst.path} rsync" + ])} \ + --link-dest="$dst_path/current" \ + "$src/" \ + "$dst/.partial" + dst_shell < ${toFile "backup.${plan.name}.take-snapshots" '' set -efu - dst=${shell.escape plan.dst.path} + : $start_date - mkdir -m 0700 -p "$dst" - exec flock -n "$dst" ${critical-section} - ''; - - critical-section = pkgs.writeDash "backup.${plan.name}.pull.critical-section" '' - # TODO check if there is a previous - set -efu - identity=${shell.escape plan.dst.host.ssh.privkey.path} - src_user=root - src_host=$(${fastest-address plan.src.host}) - src_port=$(${network-ssh-port plan.src.host "$src_host"}) - src_path=${shell.escape plan.src.path} - src=$src_user@$src_host:$src_path dst=${shell.escape plan.dst.path} - # Export NOW so runtime of rsync doesn't influence snapshot naming. - export NOW - NOW=$(date +%s) - - echo >&2 "update snapshot: current; $dst <- $src" - mkdir -m 0700 -p ${shell.escape plan.dst.path} - rsync >&2 \ - -aAXF --delete \ - -e "ssh -F /dev/null -i $identity ''${src_port:+-p $src_port}" \ - --link-dest="$dst/current" \ - "$src/" \ - "$dst/.partial" mv "$dst/current" "$dst/.previous" mv "$dst/.partial" "$dst/current" rm -fR "$dst/.previous" echo >&2 - exec ${take-snapshots plan} - ''; - in out; - - take-snapshots = plan: pkgs.writeDash "backup.${plan.name}.take-snapshots" '' - set -efu - NOW=''${NOW-$(date +%s)} - dst=${shell.escape plan.dst.path} - - snapshot() {( - : $ns $format $retain - name=$(date --date="@$NOW" +"$format") - if ! test -e "$dst/$ns/$name"; then - echo >&2 "create snapshot: $ns/$name" - mkdir -m 0700 -p "$dst/$ns" - rsync >&2 \ - -aAXF --delete \ - --link-dest="$dst/current" \ - "$dst/current/" \ - "$dst/$ns/.partial.$name" - mv "$dst/$ns/.partial.$name" "$dst/$ns/$name" - echo >&2 - fi - case $retain in - ([0-9]*) - delete_from=$(($retain + 1)) - ls -r "$dst/$ns" \ - | sed -n "$delete_from,\$p" \ - | while read old_name; do - echo >&2 "delete snapshot: $ns/$old_name" - rm -fR "$dst/$ns/$old_name" - done - ;; - (ALL) - : - ;; - esac - )} - - ${concatStringsSep "\n" (mapAttrsToList (ns: { format, retain ? null, ... }: - toString (map shell.escape [ - "ns=${ns}" - "format=${format}" - "retain=${if retain == null then "ALL" else toString retain}" - "snapshot" - ])) - plan.snapshots)} + snapshot() {( + : $ns $format $retain + name=$(date --date="@$start_date" +"$format") + if ! test -e "$dst/$ns/$name"; then + echo >&2 "create snapshot: $ns/$name" + mkdir -m 0700 -p "$dst/$ns" + rsync >&2 \ + -aAXF --delete \ + --link-dest="$dst/current" \ + "$dst/current/" \ + "$dst/$ns/.partial.$name" + mv "$dst/$ns/.partial.$name" "$dst/$ns/$name" + echo >&2 + fi + case $retain in + ([0-9]*) + delete_from=$(($retain + 1)) + ls -r "$dst/$ns" \ + | sed -n "$delete_from,\$p" \ + | while read old_name; do + echo >&2 "delete snapshot: $ns/$old_name" + rm -fR "$dst/$ns/$old_name" + done + ;; + (ALL) + : + ;; + esac + )} + + ${concatStringsSep "\n" (mapAttrsToList (ns: { format, retain, ... }: + toString (map shell.escape [ + "ns=${ns}" + "format=${format}" + "retain=${if retain == null then "ALL" else toString retain}" + "snapshot" + ])) + plan.snapshots)} + ''} ''; # XXX Is one ping enough to determine fastest address? -- cgit v1.2.3 From 8a1ddc5e9b8012b141c3b5e997d44acb70e1f17f Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 7 Feb 2016 23:48:34 +0100 Subject: krebs.backup.plans.*.enable.default = true --- krebs/3modules/backup.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index fa5b0cfd..6e9e9813 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -13,8 +13,10 @@ let plans = mkOption { default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { - # TODO enable = mkEnableOption "TODO" // { default = true; }; options = { + enable = mkEnableOption "krebs.backup.${config.name}" // { + default = true; + }; method = mkOption { type = types.enum ["pull" "push"]; }; @@ -78,7 +80,7 @@ let inherit (plan) startAt; }) (filter (plan: build-host-is "pull" "dst" plan || build-host-is "push" "src" plan) - (attrValues cfg.plans))); + enabled-plans)); users.groups.backup.gid = genid "backup"; users.users.root.openssh.authorizedKeys.keys = @@ -87,9 +89,11 @@ let pull = plan.dst.host.ssh.pubkey; }) (filter (plan: build-host-is "pull" "src" plan || build-host-is "push" "dst" plan) - (attrValues cfg.plans)); + enabled-plans); }; + enabled-plans = filter (getAttr "enable") (attrValues cfg.plans); + build-host-is = method: side: plan: plan.method == method && config.krebs.build.host.name == plan.${side}.host.name; -- cgit v1.2.3 From 14afbfef1251178b1599caaf9046c6aeeb97fb19 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Feb 2016 00:31:26 +0100 Subject: krebs.backup: use aliases instead of addrs4 --- krebs/3modules/backup.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 6e9e9813..86e2e72e 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -204,12 +204,10 @@ let ''; # XXX Is one ping enough to determine fastest address? - # Note that we're using net.addrs4 instead of net.aliases because we define - # ports only for addresses. See krebs/3modules/default.nix fastest-address = host: '' { ${pkgs.fping}/bin/fping Date: Mon, 8 Feb 2016 01:07:03 +0100 Subject: rm krebs.build.target --- krebs/3modules/build.nix | 8 -------- 1 file changed, 8 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 0da5dd38..3530fd59 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -3,8 +3,6 @@ with lib; let - target = config.krebs.build // { user.name = "root"; }; - out = { # TODO deprecate krebs.build.host options.krebs.build.host = mkOption { @@ -17,12 +15,6 @@ let default = "/nix/var/nix/profiles/system"; }; - # TODO make krebs.build.target.host :: host - options.krebs.build.target = mkOption { - type = with types; nullOr str; - default = null; - }; - # TODO deprecate krebs.build.user options.krebs.build.user = mkOption { type = types.user; -- cgit v1.2.3 From 7a9f130c1230faf9662000dbd9ba8f06170bf254 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Feb 2016 03:21:01 +0100 Subject: krebs: rm types.host.dc --- krebs/3modules/lass/default.nix | 6 ------ krebs/3modules/makefu/default.nix | 11 ----------- krebs/3modules/mv/default.nix | 1 - krebs/3modules/shared/default.nix | 1 - krebs/3modules/tv/default.nix | 8 -------- 5 files changed, 27 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c880ea78..2b3b285f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -6,7 +6,6 @@ with lib; hosts = { echelon = { cores = 2; - dc = "lass"; #dc = "cac"; nets = rec { internet = { addrs4 = ["162.252.241.33"]; @@ -40,7 +39,6 @@ with lib; }; prism = { cores = 4; - dc = "lass"; #dc = "cac"; nets = rec { internet = { addrs4 = ["213.239.205.240"]; @@ -72,7 +70,6 @@ with lib; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; fastpoke = { - dc = "lass"; nets = rec { internet = { addrs4 = ["193.22.164.36"]; @@ -103,7 +100,6 @@ with lib; }; cloudkrebs = { cores = 1; - dc = "lass"; #dc = "cac"; nets = rec { internet = { addrs4 = ["104.167.113.104"]; @@ -136,7 +132,6 @@ with lib; }; uriel = { cores = 1; - dc = "lass"; nets = { gg23 = { addrs4 = ["10.23.1.12"]; @@ -167,7 +162,6 @@ with lib; }; mors = { cores = 2; - dc = "lass"; nets = { gg23 = { addrs4 = ["10.23.1.11"]; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 693a954a..2811c0c5 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -6,7 +6,6 @@ with lib; hosts = { pnp = { cores = 1; - dc = "makefu"; #vm on 'omo' nets = { retiolum = { addrs4 = ["10.243.0.210"]; @@ -30,7 +29,6 @@ with lib; }; tsp = { cores = 1; - dc = "makefu"; #x200 nets = { retiolum = { addrs4 = ["10.243.0.212"]; @@ -58,7 +56,6 @@ with lib; }; pornocauster = { cores = 2; - dc = "makefu"; #x220 nets = { retiolum = { addrs4 = ["10.243.0.91"]; @@ -90,7 +87,6 @@ with lib; vbob = { cores = 2; - dc = "makefu"; #vm local nets = { retiolum = { addrs4 = ["10.243.1.91"]; @@ -116,7 +112,6 @@ with lib; }; flap = rec { cores = 1; - dc = "cac"; #vps extraZones = { "krebsco.de" = '' @@ -152,7 +147,6 @@ with lib; }; pigstarter = rec { cores = 1; - dc = "frontrange"; #vps extraZones = { "krebsco.de" = '' @@ -191,7 +185,6 @@ with lib; }; wry = rec { cores = 1; - dc = "makefu"; #dc = "cac"; extraZones = { "krebsco.de" = '' euer IN A ${head nets.internet.addrs4} @@ -248,7 +241,6 @@ with lib; }; filepimp = rec { cores = 1; - dc = "makefu"; #nas nets = { retiolum = { @@ -273,7 +265,6 @@ with lib; omo = rec { cores = 2; - dc = "makefu"; #AMD E350 nets = { retiolum = { @@ -299,7 +290,6 @@ with lib; }; wbob = rec { cores = 1; - dc = "none"; nets = { retiolm = { addrs4 = ["10.243.214.15/32"]; @@ -323,7 +313,6 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB gum = rec { cores = 1; - dc = "online.net"; #root-server extraZones = { "krebsco.de" = '' diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index 7245c143..8803cb24 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -6,7 +6,6 @@ with lib; hosts = { stro = { cores = 4; - dc = "mv"; nets = { retiolum = { addrs4 = ["10.243.111.111"]; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index 52aa4de4..df4c529b 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -34,7 +34,6 @@ let in { hosts = { wolf = { - dc = "shack"; nets = { shack = { addrs4 = [ "10.42.2.150" ]; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index abcc6793..9a0b9939 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -9,7 +9,6 @@ with lib; hosts = { cd = rec { cores = 2; - dc = "tv"; #dc = "cac"; extraZones = { # TODO generate krebsco.de zone from nets and don't use extraZones at all "krebsco.de" = '' @@ -65,7 +64,6 @@ with lib; }; mkdir = rec { cores = 1; - dc = "tv"; #dc = "cac"; nets = rec { internet = { addrs4 = ["104.167.114.142"]; @@ -193,7 +191,6 @@ with lib; }; nomic = { cores = 2; - dc = "tv"; #dc = "gg23"; nets = rec { gg23 = { addrs4 = ["10.23.1.110"]; @@ -235,7 +232,6 @@ with lib; }; rmdir = rec { cores = 1; - dc = "tv"; #dc = "cac"; nets = rec { internet = { addrs4 = ["167.88.34.182"]; @@ -287,8 +283,6 @@ with lib; }; wu = { cores = 4; - # TODO wu is mobile, so dc means "home data center" - dc = "tv"; #dc = "gg23"; nets = { gg23 = { addrs4 = ["10.23.1.37"]; @@ -322,8 +316,6 @@ with lib; }; xu = { cores = 4; - # TODO xu is mobile, so dc means "home data center" - dc = "tv"; #dc = "gg23"; nets = { gg23 = { addrs4 = ["10.23.1.38"]; -- cgit v1.2.3 From e6ea4875d467f1fbe6f39e1460352bd0d31feaea Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 8 Feb 2016 12:13:28 +0100 Subject: krebs.backup: admit plan.startAt --- krebs/3modules/backup.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 86e2e72e..66a325ed 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -76,8 +76,7 @@ let SyslogIdentifier = ExecStart.name; Type = "oneshot"; }; - } // optionalAttrs (plan.startAt != null) { - inherit (plan) startAt; + startAt = mkIf (plan.startAt != null) plan.startAt; }) (filter (plan: build-host-is "pull" "dst" plan || build-host-is "push" "src" plan) enabled-plans)); -- cgit v1.2.3 From 8b130a66287b829e7b6f9be0130df7231c7a6605 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 10 Feb 2016 19:06:32 +0100 Subject: krebs.nixpkgs.allowUnfreePredicate: init --- krebs/3modules/default.nix | 1 + krebs/3modules/nixpkgs.nix | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 krebs/3modules/nixpkgs.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 62db9a5a..3d51076c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -21,6 +21,7 @@ let ./go.nix ./iptables.nix ./nginx.nix + ./nixpkgs.nix ./per-user.nix ./Reaktor.nix ./retiolum-bootstrap.nix diff --git a/krebs/3modules/nixpkgs.nix b/krebs/3modules/nixpkgs.nix new file mode 100644 index 00000000..4129f948 --- /dev/null +++ b/krebs/3modules/nixpkgs.nix @@ -0,0 +1,43 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.krebs.nixpkgs; + + out = { + options.krebs.nixpkgs = api; + config = mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "krebs.nixpkgs" // { default = true; }; + + allowUnfreePredicate = mkOption { + description = '' + This option is similar to `nixpkgs.config.allowUnfreePredicate' + but can be defined in several modules. An unfree package will be + allowed if any of the defined predicates returns true. + ''; + type = types.nullOr (mkOptionType { + name = "Predicate"; + check = isFunction; + merge = _locs: defs: pkg: let + evalPredicateDef = def: let + allow = def.value pkg; + in if cfg.verbose && allow + then trace "unfree ‘${pkg.name}’ allowed in ${def.file}" allow + else allow; + in any evalPredicateDef defs; + }); + default = null; + }; + + verbose = mkOption { + type = types.bool; + default = false; + }; + }; + + imp = mkIf (cfg.allowUnfreePredicate != null) { + nixpkgs.config.allowUnfreePredicate = cfg.allowUnfreePredicate; + }; +in out -- cgit v1.2.3 From a649befbfafaff80d1d1a10896bfc4343021797b Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 11 Feb 2016 11:04:19 +0100 Subject: k 3 fetchWallpaper: scrap predicate, use unitConfig --- krebs/3modules/fetchWallpaper.nix | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index f320c750..225f0080 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -12,10 +12,6 @@ let api = { enable = mkEnableOption "fetch wallpaper"; - predicate = mkOption { - type = with types; nullOr path; - default = null; - }; url = mkOption { type = types.str; }; @@ -33,16 +29,20 @@ let type = types.str; default = ":11"; }; + unitConfig = mkOption { + type = types.attrsOf types.str; + description = "Extra unit configuration for fetchWallpaper to define conditions and assertions for the unit"; + example = literalExample '' + # do not start when running on umts + { ConditionPathExists = "!/var/run/ppp0.pid"; } + ''; + default = {}; + }; }; fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" '' #! ${pkgs.bash}/bin/bash - ${optionalString (cfg.predicate != null) '' - if ! ${cfg.predicate}; then - echo "predicate failed - will not fetch from remote" - exit 0 - fi - ''} + mkdir -p ${shell.escape cfg.stateDir} curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url} feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper @@ -76,7 +76,6 @@ let URL = cfg.url; DISPLAY = cfg.display; }; - restartIfChanged = true; serviceConfig = { @@ -84,6 +83,8 @@ let ExecStart = fetchWallpaperScript; User = "fetchWallpaper"; }; + + unitConfig = cfg.unitConfig; }; }; in out -- cgit v1.2.3 From 6cbe21aac7680af7a6c6c2ea367ee0569d53bb21 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 11 Feb 2016 23:16:08 +0100 Subject: krebs.retiolum: make hostsPackage configurable --- krebs/3modules/retiolum.nix | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 2bf8aa5d..3ebb5e23 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -64,6 +64,21 @@ let ''; }; + hostsPackage = mkOption { + type = types.package; + default = pkgs.stdenv.mkDerivation { + name = "${cfg.netname}-tinc-hosts"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir $out + ${concatStrings (mapAttrsToList (_: host: '' + echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \ + > $out/${shell.escape host.name} + '') cfg.hosts)} + ''; + }; + }; + iproutePackage = mkOption { type = types.package; default = pkgs.iproute; @@ -130,18 +145,6 @@ let tinc = cfg.tincPackage; - tinc-hosts = pkgs.stdenv.mkDerivation { - name = "${cfg.netname}-tinc-hosts"; - phases = [ "installPhase" ]; - installPhase = '' - mkdir $out - ${concatStrings (mapAttrsToList (_: host: '' - echo ${shell.escape host.nets.${cfg.netname}.tinc.config} \ - > $out/${shell.escape host.name} - '') cfg.hosts)} - ''; - }; - iproute = cfg.iproutePackage; confDir = pkgs.runCommand "retiolum" { @@ -153,7 +156,7 @@ let mkdir -p $out - ln -s ${tinc-hosts} $out/hosts + ln -s ${cfg.hostsPackage} $out/hosts cat > $out/tinc.conf < Date: Thu, 11 Feb 2016 23:23:50 +0100 Subject: k 3 tinc_graphs: use new tinc-hosts --- krebs/3modules/tinc_graphs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 1f32c2e5..dc0484a8 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -85,7 +85,7 @@ let EXTERNAL_FOLDER = external_dir; INTERNAL_FOLDER = internal_dir; GEODB = cfg.geodbPath; - TINC_HOSTPATH=config.krebs.retiolum.hosts; + TINC_HOSTPATH = config.krebs.retiolum.hostsPackage; }; restartIfChanged = true; -- cgit v1.2.3 From 8c87356aee561fd8bc50dc2b7029ab30118f0d2c Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 11 Feb 2016 23:49:45 +0100 Subject: krebs.retiolum.hosts*: bump description --- krebs/3modules/retiolum.nix | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 3ebb5e23..40769527 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -58,9 +58,9 @@ let default = filterAttrs (_: h: hasAttr cfg.netname h.nets) config.krebs.hosts; description = '' - Hosts which should be part of the tinc configuration. - Note that these hosts must have a correspondingly named network - configured, see config.krebs.retiolum.netname. + Hosts to generate config.krebs.retiolum.hostsPackage. + Note that these hosts must have a network named + config.krebs.retiolum.netname. ''; }; @@ -77,6 +77,20 @@ let '') cfg.hosts)} ''; }; + description = '' + Package of tinc host configuration files. By default, a package will + be generated from config.krebs.retiolum.hosts. This + option's main purpose is to expose the generated hosts package to other + modules, like config.krebs.tinc_graphs. But it can + also be used to provide a custom hosts directory. + ''; + example = literalExample '' + (pkgs.stdenv.mkDerivation { + name = "my-tinc-hosts"; + src = /home/tv/my-tinc-hosts; + installPhase = "cp -R . $out"; + }) + ''; }; iproutePackage = mkOption { -- cgit v1.2.3 From 411aec6bf9d1b53813e693f22b77972a00ce9078 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Feb 2016 16:03:40 +0100 Subject: deploy,install,populate: admit target SSH port --- krebs/3modules/build.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 3530fd59..1569072d 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -51,6 +51,7 @@ let source = config.krebs.build.source; target-user = maybeEnv "target_user" "root"; target-host = maybeEnv "target_host" config.krebs.build.host.name; + target-port = maybeEnv "target_port" "22"; target-path = maybeEnv "target_path" "/var/src"; out = '' #! /bin/sh @@ -62,7 +63,8 @@ let } echo ${shell.escape git-script} \ - | ssh ${shell.escape "${target-user}@${target-host}"} -T + | ssh -p ${shell.escape target-port} \ + ${shell.escape "${target-user}@${target-host}"} -T unset tmpdir trap ' @@ -93,6 +95,7 @@ let (attrNames file-specs)} \ --delete \ -vFrlptD \ + -e ${shell.escape "ssh -p ${target-port}"} \ ${shell.escape target-path}/ \ ${shell.escape "${target-user}@${target-host}:${target-path}"} ''; -- cgit v1.2.3 From d38853027efe650e6de4b335014cd238624cd993 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Feb 2016 16:07:01 +0100 Subject: krebs.nginx: default locations = [] --- krebs/3modules/nginx.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 92177103..5bc0903e 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -34,6 +34,7 @@ let }; locations = mkOption { type = with types; listOf (attrsOf str); + default = []; }; extraConfig = mkOption { type = with types; string; @@ -76,8 +77,8 @@ let server { ${concatMapStringsSep "\n" (x: "listen ${x};") listen} server_name ${toString server-names}; - ${extraConfig} - ${indent (concatStrings (map to-location locations))} + ${indent extraConfig} + ${indent (concatMapStrings to-location locations)} } ''; -- cgit v1.2.3 From 0e35bc5c193916a5424689d04234978d3c57ecf5 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Feb 2016 19:43:02 +0100 Subject: wbob: fix addrs --- krebs/3modules/makefu/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 2811c0c5..d21c80e7 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -292,8 +292,8 @@ with lib; cores = 1; nets = { retiolm = { - addrs4 = ["10.243.214.15/32"]; - addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128"]; + addrs4 = ["10.243.214.15"]; + addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732"]; aliases = [ "wbob.retiolum" ]; -- cgit v1.2.3 From e890eb244af82ba678e894a84983db5057fbb60a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 14 Feb 2016 13:26:37 +0100 Subject: krebs.setuid: init --- krebs/3modules/default.nix | 1 + krebs/3modules/setuid.nix | 75 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 krebs/3modules/setuid.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 3d51076c..b2a02e9c 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -27,6 +27,7 @@ let ./retiolum-bootstrap.nix ./realwallpaper.nix ./retiolum.nix + ./setuid.nix ./tinc_graphs.nix ./urlwatch.nix ]; diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix new file mode 100644 index 00000000..22123c92 --- /dev/null +++ b/krebs/3modules/setuid.nix @@ -0,0 +1,75 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.krebs.setuid; + + out = { + options.krebs.setuid = api; + config = imp; + }; + + api = mkOption { + default = {}; + type = let + # TODO make wrapperDir configurable + inherit (config.security) wrapperDir; + inherit (config.users) groups users; + in types.attrsOf (types.submodule ({ config, ... }: { + options = { + name = mkOption { + type = types.filename; + default = config._module.args.name; + }; + filename = mkOption { + type = mkOptionType { + # TODO unyuck string and merge with toC + name = "derivation or string"; + check = x: + isDerivation x || + isString x; + }; + apply = toString; + }; + owner = mkOption { + default = "root"; + type = types.enum (attrNames users); + }; + group = mkOption { + default = "root"; + type = types.enum (attrNames groups); + }; + mode = mkOption { + default = "4710"; + type = mkOptionType { + # TODO admit symbolic mode + name = "octal mode"; + check = x: + isString x && + match "[0-7][0-7][0-7][0-7]" x != null; + }; + }; + activate = mkOption { + type = types.str; + visible = false; + readOnly = true; + }; + }; + config.activate = let + src = pkgs.execve config.name { + inherit (config) filename; + }; + dst = "${wrapperDir}/${config.name}"; + in '' + cp ${src} ${dst} + chown ${config.owner}.${config.group} ${dst} + chmod ${config.mode} ${dst} + ''; + })); + }; + + imp = { + system.activationScripts."krebs.setuid" = stringAfter [ "setuid" ] + (concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg)); + }; + +in out -- cgit v1.2.3 From 9f16d7ea71a2566b973ad0ac603c63ac3c6f4311 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 14 Feb 2016 13:38:47 +0100 Subject: krebs.lib: init --- krebs/3modules/default.nix | 1 + krebs/3modules/lib.nix | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 krebs/3modules/lib.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index b2a02e9c..69556219 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -20,6 +20,7 @@ let ./git.nix ./go.nix ./iptables.nix + ./lib.nix ./nginx.nix ./nixpkgs.nix ./per-user.nix diff --git a/krebs/3modules/lib.nix b/krebs/3modules/lib.nix new file mode 100644 index 00000000..31390a26 --- /dev/null +++ b/krebs/3modules/lib.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: +with lib; +let + out = { + options.krebs.lib = api; + }; + api = mkOption { + default = {}; + type = types.attrs; + }; +in out -- cgit v1.2.3 From 673853e092c211e26a08030f87f9c868c6442a71 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 14 Feb 2016 16:43:44 +0100 Subject: RIP specialArgs.lib -