From f171c53dd883f57bd0acb6cc6bf0dd1b90ce83ef Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Nov 2015 19:52:49 +0100 Subject: k 3 l: use rsa keys in prism --- krebs/3modules/lass/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 0be16625..2ad4353b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -96,8 +96,8 @@ in { ''; }; }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKVjJrM7fHfHpvZXEA3hmX4JliHl6h6Q8AGOPcu+9fF"; + ssh.privkey.path = ; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; fastpoke = { dc = "lass"; -- cgit v1.2.3 From 1d8be110e1559e804d44dfdb3c5b584efa4561a8 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 7 Nov 2015 09:43:05 +0100 Subject: nomic: bump ssh key --- krebs/3modules/tv/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 6c943de8..56b4abe0 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -159,7 +159,7 @@ with lib; }; secure = true; ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx"; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; ok = { nets = { -- cgit v1.2.3 From d590cf26cd8fa33ed4140bef7a5d689c76455625 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 7 Nov 2015 09:45:43 +0100 Subject: xu: bump ssh key --- krebs/3modules/tv/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 56b4abe0..6fd1c422 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -277,7 +277,8 @@ with lib; }; }; secure = true; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw"; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; }; users = addNames rec { -- cgit v1.2.3 From 610a3ce59c2ba0e58205305a85e9cb86e680d481 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 8 Nov 2015 12:46:56 +0100 Subject: push: 1.1.0 -> 1.1.1 --- krebs/5pkgs/push/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'krebs') diff --git a/krebs/5pkgs/push/default.nix b/krebs/5pkgs/push/default.nix index 410b4346..bc5c030a 100644 --- a/krebs/5pkgs/push/default.nix +++ b/krebs/5pkgs/push/default.nix @@ -9,12 +9,12 @@ , ... }: stdenv.mkDerivation { - name = "push-1.1.0"; + name = "push-1.1.1"; src = fetchgit { url = http://cgit.cd.retiolum/push; - rev = "c5f4bda5bd00bad7778bbd5a9af8d476de0de920"; - sha256 = "d335b644b791214263cee5c6659538c8e45326531b0588e5e7eb3bd9ef969800"; + rev = "ea8b76569c6b226fe148e559477669b095408472"; + sha256 = "c305a1515d30603f6ed825d44487e863fdc7d90400620ceaf2c335a3b5d1e221"; }; phases = [ @@ -45,4 +45,3 @@ stdenv.mkDerivation { chmod +x $out/bin/push ''; } - -- cgit v1.2.3 From b0094ce0e498b9661de62e472121aaaf5b83c40d Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 9 Nov 2015 02:58:21 +0100 Subject: stockholm: check if default.nix exists before importing --- krebs/4lib/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'krebs') diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 396307c2..f907fe87 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -14,6 +14,8 @@ rec { types = import ./types.nix { inherit lib; }; + dir.has-default-nix = path: pathExists (path + "/default.nix"); + dns = import ./dns.nix { inherit lib; }; listset = import ./listset.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; -- cgit v1.2.3 From 604ce6bd59c74f59ac9f18e3e82fa26e8ace8462 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 9 Nov 2015 17:56:47 +0100 Subject: xmonad-stockholm: init at 1.0.0 --- krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix (limited to 'krebs') diff --git a/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix b/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix new file mode 100644 index 00000000..5c6f068e --- /dev/null +++ b/krebs/5pkgs/haskell-overrides/xmonad-stockholm.nix @@ -0,0 +1,16 @@ +{ mkDerivation, base, containers, fetchgit, stdenv, X11, X11-xshape +, xmonad, xmonad-contrib +}: +mkDerivation { + pname = "xmonad-stockholm"; + version = "1.0.0"; + src = fetchgit { + url = "http://cgit.cd/xmonad-stockholm"; + sha256 = "35dda5d16acc90af94ae2fae10ab5cc2d5b450c3f1ff2e7f515ac53877269abf"; + rev = "2dbefe42fc5cfe9093465bf3e22ba8f82feeef6e"; + }; + libraryHaskellDepends = [ + base containers X11 X11-xshape xmonad xmonad-contrib + ]; + license = stdenv.lib.licenses.mit; +} -- cgit v1.2.3 From 1f4d7ffa50483cde6024fe910fb16d0c8040e245 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 9 Nov 2015 18:34:02 +0100 Subject: tv git: move old stuff to the museum section --- krebs/4lib/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'krebs') diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index f907fe87..3f27ea89 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -30,4 +30,7 @@ rec { subdirsOf = path: mapAttrs (name: _: path + "/${name}") (filterAttrs (_: eq "directory") (readDir path)); + + mapAttrValues = f: mapAttrs (_: f); + setAttr = name: value: set: set // { ${name} = value; }; } -- cgit v1.2.3 From 193bb70e2ea95a56839fdd79985ed27f4962426d Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 9 Nov 2015 19:07:26 +0100 Subject: {tv => krebs} git lib & git hooks --- krebs/4lib/default.nix | 6 +- krebs/4lib/git.nix | 42 ++++++++++ krebs/5pkgs/git-hooks/default.nix | 168 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 214 insertions(+), 2 deletions(-) create mode 100644 krebs/4lib/git.nix create mode 100644 krebs/5pkgs/git-hooks/default.nix (limited to 'krebs') diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 3f27ea89..1cabeae2 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -3,7 +3,7 @@ with builtins; with lib; -rec { +let out = rec { eq = x: y: x == y; @@ -17,6 +17,7 @@ rec { dir.has-default-nix = path: pathExists (path + "/default.nix"); dns = import ./dns.nix { inherit lib; }; + git = import ./git.nix { lib = lib // out; }; listset = import ./listset.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; @@ -33,4 +34,5 @@ rec { mapAttrValues = f: mapAttrs (_: f); setAttr = name: value: set: set // { ${name} = value; }; -} + +}; in out diff --git a/krebs/4lib/git.nix b/krebs/4lib/git.nix new file mode 100644 index 00000000..d50ba201 --- /dev/null +++ b/krebs/4lib/git.nix @@ -0,0 +1,42 @@ +{ lib, ... }: + +let + inherit (lib) addNames escapeShellArg makeSearchPath optionalString; + + commands = addNames { + git-receive-pack = {}; + git-upload-pack = {}; + }; + + receive-modes = addNames { + fast-forward = {}; + non-fast-forward = {}; + create = {}; + delete = {}; + merge = {}; # TODO implement in git.nix + }; + + permissions = { + fetch = { + allow-commands = [ + commands.git-upload-pack + ]; + }; + + push = ref: extra-modes: { + allow-commands = [ + commands.git-receive-pack + commands.git-upload-pack + ]; + allow-receive-ref = ref; + allow-receive-modes = [ receive-modes.fast-forward ] ++ extra-modes; + }; + }; + + refs = { + master = "refs/heads/master"; + all-heads = "refs/heads/*"; + }; + +in +commands // receive-modes // permissions // refs diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix new file mode 100644 index 00000000..5697c31b --- /dev/null +++ b/krebs/5pkgs/git-hooks/default.nix @@ -0,0 +1,168 @@ +{ lib, pkgs, ... }: + +with lib; + +let + out = { + inherit irc-announce; + }; + + # TODO irc-announce should return a derivation + irc-announce = { nick, channel, server, port ? 6667, verbose ? false }: '' + #! /bin/sh + set -euf + + export PATH=${makeSearchPath "bin" (with pkgs; [ + coreutils + git + gnused + ])} + + green() { printf '\x0303,99%s\x0F' "$1"; } + red() { printf '\x0304,99%s\x0F' "$1"; } + orange() { printf '\x0307,99%s\x0F' "$1"; } + pink() { printf '\x0313,99%s\x0F' "$1"; } + gray() { printf '\x0314,99%s\x0F' "$1"; } + + unset message + add_message() { + message="''${message+$message + }$*" + } + + nick=${escapeShellArg nick} + channel=${escapeShellArg channel} + server=${escapeShellArg server} + port=${toString port} + + host=$nick + cgit_endpoint=http://cgit.$host + + empty=0000000000000000000000000000000000000000 + + while read oldrev newrev ref; do + + if [ $oldrev = $empty ]; then + receive_mode=create + elif [ $newrev = $empty ]; then + receive_mode=delete + elif [ "$(git merge-base $oldrev $newrev)" = $oldrev ]; then + receive_mode=fast-forward + else + receive_mode=non-fast-forward + fi + + h=$(echo $ref | sed 's:^refs/heads/::') + + # empty_tree=$(git hash-object -t tree /dev/null) + empty_tree=4b825dc6 + + id=$(echo $newrev | cut -b-7) + id2=$(echo $oldrev | cut -b-7) + if [ $newrev = $empty ]; then id=$empty_tree; fi + if [ $oldrev = $empty ]; then id2=$empty_tree; fi + + case $receive_mode in + create) + link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h" + ;; + delete) + link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" + ;; + fast-forward|non-fast-forward) + link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" + ;; + esac + + #$host $GIT_SSH_REPO $ref $link + add_message $(pink push) $link $(gray "($receive_mode)") + + ${optionalString verbose '' + add_message "$( + git log \ + --format="$(orange %h) %s $(gray '(%ar)')" \ + --reverse \ + $id2..$id + + git diff --stat $id2..$id \ + | sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/' + )" + ''} + + done + + if test -n "''${message-}"; then + exec ${irc-announce-script} \ + "$server" \ + "$port" \ + "$nick" \ + "$channel" \ + "$message" + fi + ''; + + irc-announce-script = pkgs.writeScript "irc-announce-script" '' + #! /bin/sh + set -euf + + export PATH=${makeSearchPath "bin" (with pkgs; [ + coreutils + gawk + gnused + netcat + nettools + ])} + + IRC_SERVER=$1 + IRC_PORT=$2 + IRC_NICK=$3$$ + IRC_CHANNEL=$4 + message=$5 + + export IRC_CHANNEL # for privmsg_cat + + # echo2 and cat2 are used output to both, stdout and stderr + # This is used to see what we send to the irc server. (debug output) + echo2() { echo "$*"; echo "$*" >&2; } + cat2() { tee /dev/stderr; } + + # privmsg_cat transforms stdin to a privmsg + privmsg_cat() { awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + + # ircin is used to feed the output of netcat back to the "irc client" + # so we can implement expect-like behavior with sed^_^ + # XXX mkselfdestructingtmpfifo would be nice instead of this cruft + tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" + cd "$tmpdir" + mkfifo ircin + trap " + rm ircin + cd '$OLDPWD' + rmdir '$tmpdir' + trap - EXIT INT QUIT + " EXIT INT QUIT + + { + echo2 "USER $LOGNAME 0 * :$LOGNAME@$(hostname)" + echo2 "NICK $IRC_NICK" + + # wait for MODE message + sed -n '/^:[^ ]* MODE /q' + + echo2 "JOIN $IRC_CHANNEL" + + printf '%s' "$message" \ + | privmsg_cat \ + | cat2 + + echo2 "PART $IRC_CHANNEL" + + # wait for PART confirmation + sed -n '/:'"$IRC_NICK"'![^ ]* PART /q' + + echo2 'QUIT :Gone to have lunch' + } < ircin \ + | nc "$IRC_SERVER" "$IRC_PORT" | tee -a ircin + ''; + +in out -- cgit v1.2.3