From 47ef169276fcb500a3764c050dbeca1f7fc4a18b Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 19 Feb 2016 16:18:28 +0100 Subject: krebs.hosts.*: set owner --- krebs/4lib/types.nix | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'krebs/4lib') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index d0a53746..d63080b9 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -20,6 +20,15 @@ types // rec { default = {}; }; + owner = mkOption { + type = user; + # TODO proper user + default = { + name = "krebs"; + mail = "spam@krebsco.de"; + }; + }; + extraZones = mkOption { default = {}; # TODO: string is either MX, NS, A or AAAA -- cgit v1.2.3 From dbe2ece8ad962d654bc34f3a7c4802768df71ebb Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 19 Feb 2016 16:18:50 +0100 Subject: krebs.hosts.*.infest: RIP --- krebs/4lib/types.nix | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'krebs/4lib') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index d63080b9..7fb20692 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -35,19 +35,6 @@ types // rec { type = with types; attrsOf string; }; - infest = { - addr = mkOption { - type = str; - apply = trace "Obsolete option `krebs.hosts.${config.name}.infest.addr' is used. It was replaced by the `target' argument to `make` or `get`. See Makefile for more information."; - }; - port = mkOption { - type = int; - default = 22; - # TODO replacement: allow target with port, SSH-style: [lol]:666 - apply = trace "Obsolete option `krebs.hosts.${config.name}.infest.port' is used. It's gone without replacement."; - }; - }; - secure = mkOption { type = bool; default = false; -- cgit v1.2.3 From d8d39f5c4a9925f2098e58dc80e36920ece6ac71 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 19 Feb 2016 19:37:00 +0100 Subject: prepare_common: simplify nixos-install installation --- krebs/4lib/infest/prepare.sh | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) (limited to 'krebs/4lib') diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index b3824c7d..a217e7be 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -184,26 +184,21 @@ prepare_common() {( . /root/.nix-profile/etc/profile.d/nix.sh - for i in \ - bash \ - coreutils \ - # This line intentionally left blank. - do - if ! nix-env -q $i | grep -q .; then - nix-env -iA nixpkgs.pkgs.$i - fi - done + mkdir -p /mnt/"$target_path" + mkdir -p "$target_path" + + if ! mountpoint "$target_path"; then + mount --rbind /mnt/"$target_path" "$target_path" + fi + + mkdir -p bin + rm -f bin/nixos-install + cp "$(type -p nixos-install)" bin/nixos-install + sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install - # install nixos-install - if ! type nixos-install 2>/dev/null; then - nixpkgs_expr='import { system = builtins.currentSystem; }' - nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d) - nix-env \ - --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ - --arg pkgs "$nixpkgs_expr" \ - --arg modulesPath 'throw "no modulesPath"' \ - -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ - -iA config.system.build.nixos-install + if ! grep -q '^PATH.*#krebs' .bashrc; then + echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc + echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc fi )} -- cgit v1.2.3 From b5fbca3a365b1188c1274e3288ba39a88ecad2e3 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 05:27:37 +0100 Subject: krebs.secret: init --- krebs/4lib/types.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'krebs/4lib') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 7fb20692..55301add 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -143,6 +143,19 @@ types // rec { merge = mergeOneOption; }; + secret-file = submodule ({ config, ... }: { + options = { + path = mkOption { type = str; }; + mode = mkOption { type = str; default = "0400"; }; + owner-name = mkOption { type = str; default = "root"; }; + group-name = mkOption { type = str; default = "root"; }; + source-path = mkOption { + type = str; + default = toString + "/${config._module.args.name}"; + }; + }; + }); + suffixed-str = suffs: mkOptionType { name = "string suffixed by ${concatStringsSep ", " suffs}"; -- cgit v1.2.3 From e4d427602c229a782297a74b50b2f67524e9e0d6 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 06:38:09 +0100 Subject: krebs.types.user: add home :: absolute-pathname --- krebs/4lib/types.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'krebs/4lib') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 55301add..41af1cd4 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -165,6 +165,10 @@ types // rec { user = submodule ({ config, ... }: { options = { + home = mkOption { + type = absolute-pathname; + default = "/home/${config.name}"; + }; mail = mkOption { type = str; # TODO retiolum mail address }; @@ -226,6 +230,21 @@ types // rec { merge = mergeOneOption; }; + # POSIX.1‐2013, 3.2 Absolute Pathname + # TODO normalize slashes + # TODO two slashes + absolute-pathname = mkOptionType { + name = "POSIX absolute pathname"; + check = s: pathname.check s && substring 0 1 s == "/"; + }; + + # POSIX.1‐2013, 3.267 Pathname + # TODO normalize slashes + pathname = mkOptionType { + name = "POSIX pathname"; + check = s: isString s && all filename.check (splitString "/" s); + }; + # POSIX.1-2013, 3.431 User Name username = mkOptionType { name = "POSIX username"; -- cgit v1.2.3 From 05be525be6d0896b155da7305b2cee950fb3530e Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 06:56:57 +0100 Subject: krebs.types.user: add uid :: int --- krebs/4lib/default.nix | 2 +- krebs/4lib/types.nix | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'krebs/4lib') diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index d5b6d03a..8e5cab71 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -15,7 +15,7 @@ let out = rec { addNames = mapAttrs addName; - types = import ./types.nix { inherit lib; }; + types = import ./types.nix { lib = lib // { inherit genid; }; }; dir.has-default-nix = path: pathExists (path + "/default.nix"); diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 41af1cd4..42262729 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -179,6 +179,10 @@ types // rec { pubkey = mkOption { type = str; }; + uid = mkOption { + type = int; + default = genid config.name; + }; }; }); -- cgit v1.2.3 From e3ddf995e92985ee14dab5735ac55045c166aaaf Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 07:18:13 +0100 Subject: krebs types.secret-file: owner-name -> owner :: user --- krebs/4lib/types.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'krebs/4lib') diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 42262729..7792b31d 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -147,8 +147,14 @@ types // rec { options = { path = mkOption { type = str; }; mode = mkOption { type = str; default = "0400"; }; - owner-name = mkOption { type = str; default = "root"; }; - group-name = mkOption { type = str; default = "root"; }; + owner = mkOption { + type = user; + default = config.krebs.users.root; + }; + group-name = mkOption { + type = str; + default = "root"; + }; source-path = mkOption { type = str; default = toString + "/${config._module.args.name}"; -- cgit v1.2.3 From 67e5fddc0bfe624c6b53b673582e92a28cf530f9 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 07:39:24 +0100 Subject: krebs.users.krebs: init --- krebs/4lib/default.nix | 7 +++++-- krebs/4lib/types.nix | 11 ++++------- 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'krebs/4lib') diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 8e5cab71..e23e42b1 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: with builtins; with lib; @@ -15,7 +15,10 @@ let out = rec { addNames = mapAttrs addName; - types = import ./types.nix { lib = lib // { inherit genid; }; }; + types = import ./types.nix { + inherit config; + lib = lib // { inherit genid; }; + }; dir.has-default-nix = path: pathExists (path + "/default.nix"); diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 7792b31d..fcb6ff3d 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: with builtins; with lib; @@ -22,11 +22,7 @@ types // rec { owner = mkOption { type = user; - # TODO proper user - default = { - name = "krebs"; - mail = "spam@krebsco.de"; - }; + default = config.krebs.users.krebs; }; extraZones = mkOption { @@ -183,7 +179,8 @@ types // rec { default = config._module.args.name; }; pubkey = mkOption { - type = str; + type = nullOr str; + default = null; }; uid = mkOption { type = int; -- cgit v1.2.3 From de5de37a12771db395f7bc1954be52f51f54b9e2 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 21 Feb 2016 20:04:45 +0100 Subject: krebs.dns.providers: attrsOf unspecified -> attrsOf str --- krebs/4lib/default.nix | 2 -- krebs/4lib/dns.nix | 31 ------------------------------- krebs/4lib/listset.nix | 11 ----------- 3 files changed, 44 deletions(-) delete mode 100644 krebs/4lib/dns.nix delete mode 100644 krebs/4lib/listset.nix (limited to 'krebs/4lib') diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index e23e42b1..deac02bb 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -22,10 +22,8 @@ let out = rec { dir.has-default-nix = path: pathExists (path + "/default.nix"); - dns = import ./dns.nix { inherit lib; }; genid = import ./genid.nix { lib = lib // out; }; git = import ./git.nix { lib = lib // out; }; - listset = import ./listset.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; diff --git a/krebs/4lib/dns.nix b/krebs/4lib/dns.nix deleted file mode 100644 index b2cf3c24..00000000 --- a/krebs/4lib/dns.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, ... }: - -let - listset = import ./listset.nix { inherit lib; }; -in - -with builtins; -with lib; - -rec { - # label = string - - # TODO does it make sense to have alias = list label? - - # split-by-provider : - # [[label]] -> tree label provider -> listset provider alias - split-by-provider = as: providers: - foldl (m: a: listset.insert (provider-of a providers) a m) {} as; - - # provider-of : alias -> tree label provider -> provider - # Note that we cannot use tree.get here, because path can be longer - # than the tree depth. - provider-of = a: - let - go = path: tree: - if typeOf tree == "string" - then tree - else go (tail path) tree.${head path}; - in - go (reverseList (splitString "." a)); -} diff --git a/krebs/4lib/listset.nix b/krebs/4lib/listset.nix deleted file mode 100644 index 3aae22f2..00000000 --- a/krebs/4lib/listset.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, ... }: - -with lib; - -rec { - # listset k v = set k [v] - - # insert : k -> v -> listset k v -> listset k v - insert = name: value: set: - set // { ${name} = set.${name} or [] ++ [value]; }; -} -- cgit v1.2.3