From 241b943c3216073023b312b1a1297dc66dceb7af Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2017 00:19:57 +0200 Subject: [PATCH 01/17] l iso: use networking.firewall --- lass/1systems/iso.nix | 44 +++++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 820ef74b8..4431a702c 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -151,25 +151,41 @@ with import ; systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; } { - krebs.iptables = { + networking.firewall = { enable = true; - tables = { - filter.INPUT.policy = "DROP"; - filter.FORWARD.policy = "DROP"; - filter.INPUT.rules = [ - { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } - { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } - { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } - { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } - { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } - { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } - ]; - }; + allowedTCPPorts = [ 22 ]; }; } { krebs.hidden-ssh.enable = true; } + { + services.xserver = { + enable = true; + #videoDrivers = mkForce [ "ati_unfree" ]; + + desktopManager.xterm.enable = false; + desktopManager.default = "none"; + displayManager.lightdm.enable = true; + displayManager.lightdm.autoLogin = { + enable = true; + user = "lass"; + }; + windowManager.default = "xmonad"; + windowManager.session = [{ + name = "xmonad"; + start = '' + ${pkgs.xorg.xhost}/bin/xhost +LOCAL: + ${pkgs.xmonad-lass}/bin/xmonad & + waitPID=$! + ''; + }]; + + layout = "us"; + xkbModel = "evdev"; + xkbVariant = "altgr-intl"; + xkbOptions = "caps:backspace"; + }; + } ]; } From 2d87eb19092dd5c77e22f07d60c8ffc9dec438e1 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jul 2017 20:00:44 +0200 Subject: [PATCH 02/17] tv nix.vim: add yaml syntax --- tv/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 7849b6f2d..f0b1cf520 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -230,6 +230,7 @@ let { ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*"[^"]*"'' ''[a-z]*Phase[ \t\r\n]*='' ]; + yaml = {}; vim.extraStart = ''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; xdefaults = {}; From 297065f98cc6f40cdb3d4eef75f347cf270ce9e4 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jul 2017 22:25:46 +0200 Subject: [PATCH 03/17] tv caxi: RIP --- tv/1systems/caxi/config.nix | 25 ------------------------- tv/1systems/caxi/source.nix | 3 --- 2 files changed, 28 deletions(-) delete mode 100644 tv/1systems/caxi/config.nix delete mode 100644 tv/1systems/caxi/source.nix diff --git a/tv/1systems/caxi/config.nix b/tv/1systems/caxi/config.nix deleted file mode 100644 index b136d1ade..000000000 --- a/tv/1systems/caxi/config.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: - -with import ; - -{ - krebs.build.host = config.krebs.hosts.caxi; - - imports = [ - - - - - ]; - - networking = let - inherit (config.krebs.build.host.nets.internet) ip4; - in { - interfaces.enp2s1.ip4 = singleton { - address = ip4.addr; - prefixLength = fromJSON (head (match ".*/([0-9]+)" ip4.prefix)); - }; - defaultGateway = head (match "([^/]*)\.0/[0-9]+" ip4.prefix) + ".1"; - nameservers = ["8.8.8.8"]; - }; -} diff --git a/tv/1systems/caxi/source.nix b/tv/1systems/caxi/source.nix deleted file mode 100644 index bc875b768..000000000 --- a/tv/1systems/caxi/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "caxi"; -} From 29ae8b026ccd92807e84c1c7c492167f9a97ff3c Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jul 2017 23:34:47 +0200 Subject: [PATCH 04/17] lib.eval-source: sanitize source --- lib/eval-source.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/eval-source.nix b/lib/eval-source.nix index 468fc92d1..ff853185b 100644 --- a/lib/eval-source.nix +++ b/lib/eval-source.nix @@ -10,6 +10,12 @@ let }; }; }; + sanitize = x: getAttr (typeOf x) { + set = mapAttrs + (const sanitize) + (filterAttrs (name: value: name != "_module" && value != null) x); + string = x; + }; in # This function's return value can be used as pkgs.populate input. - _file: source: (eval _file source).config.source + _file: source: sanitize (eval _file source).config.source From a942b33f04f2dc6a10023f86a3a1775eda9186c9 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Jul 2017 23:44:23 +0200 Subject: [PATCH 05/17] shell: add get-source command --- shell.nix | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/shell.nix b/shell.nix index 5ea9ff3b7..58b956c04 100644 --- a/shell.nix +++ b/shell.nix @@ -2,6 +2,10 @@ let lib = import ./lib; pkgs = import { overlays = [(import ./krebs/5pkgs)]; }; + # + # high level commands + # + # usage: deploy [--user=USER] --system=SYSTEM [--target=TARGET] cmds.deploy = pkgs.writeDash "cmds.deploy" '' set -efu @@ -29,6 +33,22 @@ let exec ${utils.build} config.system.build.toplevel ''; + # + # low level commands + # + + # usage: get-source SOURCE_FILE + cmds.get-source = pkgs.writeDash "cmds.get-source" '' + set -efu + exec ${pkgs.nix}/bin/nix-instantiate \ + --eval \ + --json \ + --readonly-mode \ + --show-trace \ + --strict \ + "$1" + ''; + init.args = pkgs.writeText "init.args" /* sh */ '' args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ -o s:t:u: \ @@ -90,13 +110,7 @@ let }; populate = pkgs.writeDash "init.env.populate" '' set -efu - _source=$(${pkgs.nix}/bin/nix-instantiate \ - --eval \ - --json \ - --readonly-mode \ - --show-trace \ - --strict \ - "$source") + _source=$(get-source "$source") echo $_source | ${pkgs.populate}/bin/populate \ "$target_user@$target_host:$target_port$target_path" \ From 854311b004c947ec825f04df9f5fb8fda777e5dc Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 00:04:54 +0200 Subject: [PATCH 06/17] shell: add parse-target command --- shell.nix | 40 +++++++++++++++++++--------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/shell.nix b/shell.nix index 58b956c04..0a8d8dde2 100644 --- a/shell.nix +++ b/shell.nix @@ -49,6 +49,24 @@ let "$1" ''; + # usage: parse-target [USER@]HOST[:PORT][/PATH] + cmds.parse-target = pkgs.writeDash "cmds.parse-target" '' + set -efu + script=${pkgs.writeText "cmds.parse-target.jq" '' + def when(c; f): if c then f else . end; + def capturesDef(i; v): .captures[i].string | when(. == null; v); + $target | match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { + user: capturesDef(0; "root"), + host: capturesDef(1; env.system), + port: capturesDef(2; "22"), + path: capturesDef(3; "/var/src"), + } | . + { + local: (.user == env.LOGNAME and .host == env.HOSTNAME), + } + ''} + exec ${pkgs.jq}/bin/jq -enrf "$script" --arg target "$1" \ + ''; + init.args = pkgs.writeText "init.args" /* sh */ '' args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ -o s:t:u: \ @@ -74,7 +92,7 @@ let export target export user - export target_object="$(${init.env.parsetarget} $target)" + export target_object="$(parse-target "$target")" export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" @@ -88,26 +106,6 @@ let fi fi '' // { - parsetarget = pkgs.writeDash "init.env.parsetarget" '' - set -efu - exec ${pkgs.jq}/bin/jq \ - -enr \ - --arg target "$1" \ - -f ${init.env.parsetarget.jq} - '' // { - jq = pkgs.writeText "init.env.parsetarget.jq" '' - def when(c; f): if c then f else . end; - def capturesDef(i; v): .captures[i].string | when(. == null; v); - $target | match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { - user: capturesDef(0; "root"), - host: capturesDef(1; env.system), - port: capturesDef(2; "22"), - path: capturesDef(3; "/var/src"), - } | . + { - local: (.user == env.LOGNAME and .host == env.HOSTNAME), - } - ''; - }; populate = pkgs.writeDash "init.env.populate" '' set -efu _source=$(get-source "$source") From 4b894507b2fef23e68097bd2b758acf151ab7993 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 00:28:35 +0200 Subject: [PATCH 07/17] shell: add support for --pure --- shell.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shell.nix b/shell.nix index 0a8d8dde2..deca2ca3a 100644 --- a/shell.nix +++ b/shell.nix @@ -174,7 +174,8 @@ let in pkgs.stdenv.mkDerivation { name = "stockholm"; shellHook = /* sh */ '' - export NIX_PATH="stockholm=$PWD''${NIX_PATH+:$NIX_PATH}" + export NIX_PATH=stockholm=$PWD:nixpkgs=${toString } + export NIX_REMOTE=daemon export PATH=${lib.makeBinPath [ shell.cmdspkg ]} From dc0ca967cb3399fd66e8d759ee6fc1211c1403de Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 01:03:53 +0200 Subject: [PATCH 08/17] shell: add quote command --- shell.nix | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/shell.nix b/shell.nix index deca2ca3a..d40f65902 100644 --- a/shell.nix +++ b/shell.nix @@ -67,6 +67,18 @@ let exec ${pkgs.jq}/bin/jq -enrf "$script" --arg target "$1" \ ''; + # usage: quote [ARGS...] + cmds.quote = pkgs.writeDash "cmds.quote" '' + set -efu + prefix= + for x; do + y=$(${pkgs.jq}/bin/jq -nr --arg x "$x" '$x | @sh "\(.)"') + echo -n "$prefix$y" + prefix=' ' + done + echo + ''; + init.args = pkgs.writeText "init.args" /* sh */ '' args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ -o s:t:u: \ @@ -117,21 +129,17 @@ let ''; proxy = pkgs.writeDash "init.env.proxy" '' set -efu - q() { - ${pkgs.jq}/bin/jq -nr --arg x "$*" '$x | @sh "\(.)"' - } exec ${pkgs.openssh}/bin/ssh \ "$target_user@$target_host" -p "$target_port" \ cd "$target_path/stockholm" \; \ - NIX_PATH=$(q "$target_path") \ - STOCKHOLM_VERSION=$STOCKHOLM_VERSION \ - nix-shell \ - --run $(q \ - system=$system \ - target=$target \ - using_proxy=true \ - "$*" - ) + NIX_PATH=$(quote "$target_path") \ + STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \ + nix-shell --run "$(quote " + system=$(quote "$system") \ + target=$(quote "$target") \ + using_proxy=true \ + $(quote "$@") + ")" ''; }; From 13d1fe582d2c9e74c0755f0c3e7c05b6e5041a31 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 01:33:58 +0200 Subject: [PATCH 09/17] shell: add --default=TARGET option to parse-target --- shell.nix | 49 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 15 deletions(-) diff --git a/shell.nix b/shell.nix index d40f65902..2973d4c51 100644 --- a/shell.nix +++ b/shell.nix @@ -49,22 +49,39 @@ let "$1" ''; - # usage: parse-target [USER@]HOST[:PORT][/PATH] + # usage: parse-target [--default=TARGET] TARGET + # TARGET = [USER@]HOST[:PORT][/PATH] cmds.parse-target = pkgs.writeDash "cmds.parse-target" '' set -efu - script=${pkgs.writeText "cmds.parse-target.jq" '' - def when(c; f): if c then f else . end; - def capturesDef(i; v): .captures[i].string | when(. == null; v); - $target | match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { - user: capturesDef(0; "root"), - host: capturesDef(1; env.system), - port: capturesDef(2; "22"), - path: capturesDef(3; "/var/src"), - } | . + { - local: (.user == env.LOGNAME and .host == env.HOSTNAME), - } - ''} - exec ${pkgs.jq}/bin/jq -enrf "$script" --arg target "$1" \ + args=$(${pkgs.utillinux}/bin/getopt -n "$0" -s sh \ + -o d: \ + -l default: \ + -- "$@") + if \test $? != 0; then exit 1; fi + eval set -- "$args" + default_target= + while :; do case $1 in + -d|--default) default_target=$2; shift 2;; + --) shift; break;; + esac; done + target=$1; shift + for arg; do echo "$0: bad argument: $arg" >&2; done + if \test $# != 0; then exit 2; fi + exec ${pkgs.jq}/bin/jq \ + -enr \ + --arg default_target "$default_target" \ + --arg target "$target" \ + -f ${pkgs.writeText "cmds.parse-target.jq" '' + def parse: match("^(?:([^@]+)@)?([^:/]+)?(?::([0-9]+))?(/.*)?$") | { + user: .captures[0].string, + host: .captures[1].string, + port: .captures[2].string, + path: .captures[3].string, + }; + def sanitize: with_entries(select(.value != null)); + ($default_target | parse) + ($target | parse | sanitize) | + . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } + ''} ''; # usage: quote [ARGS...] @@ -104,7 +121,9 @@ let export target export user - export target_object="$(parse-target "$target")" + default_target=root@$system:22/var/src + + export target_object="$(parse-target "$target" -d "$default_target")" export target_user="$(echo $target_object | ${pkgs.jq}/bin/jq -r .user)" export target_host="$(echo $target_object | ${pkgs.jq}/bin/jq -r .host)" export target_port="$(echo $target_object | ${pkgs.jq}/bin/jq -r .port)" From dae4f8d5c072f645ad30100239383d1931d19a2b Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 02:01:35 +0200 Subject: [PATCH 10/17] make populate: use get-source --- Makefile | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/Makefile b/Makefile index f25830789..4258d9178 100644 --- a/Makefile +++ b/Makefile @@ -102,13 +102,7 @@ ifneq ($(ssh),) populate: populate-flags += --ssh=$(ssh) endif populate: - nix-instantiate \ - --eval \ - --json \ - --readonly-mode \ - --show-trace \ - --strict \ - $(LOGNAME)/1systems/$(system)/source.nix | \ + nix-shell --run 'get-source $(LOGNAME)/1systems/$(system)/source.nix' \ populate $(populate-target) $(populate-flags) # usage: make pkgs.populate From 5762d122657217f964f4898d9f178ec2f843176a Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 02:46:44 +0200 Subject: [PATCH 11/17] tv pkgs: mimic krebs' simple overlay --- tv/5pkgs/default.nix | 31 +++++++------------ tv/5pkgs/{ => simple}/djbdns/default.nix | 0 tv/5pkgs/{ => simple}/q/default.nix | 0 .../{ => simple}/viljetic-pages/default.nix | 0 .../{ => simple}/viljetic-pages/index.html | 0 tv/5pkgs/{ => simple}/viljetic-pages/logo.xpm | 0 tv/5pkgs/{ => simple}/xmonad-tv/default.nix | 0 7 files changed, 11 insertions(+), 20 deletions(-) rename tv/5pkgs/{ => simple}/djbdns/default.nix (100%) rename tv/5pkgs/{ => simple}/q/default.nix (100%) rename tv/5pkgs/{ => simple}/viljetic-pages/default.nix (100%) rename tv/5pkgs/{ => simple}/viljetic-pages/index.html (100%) rename tv/5pkgs/{ => simple}/viljetic-pages/logo.xpm (100%) rename tv/5pkgs/{ => simple}/xmonad-tv/default.nix (100%) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 02410e8e6..8a7a613ba 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,22 +1,18 @@ with import ; -self: super: let - # This callPackage will try to detect obsolete overrides. - callPackage = path: args: let - override = super.callPackage path args; - upstream = optionalAttrs (override ? "name") - (super.${(parseDrvName override.name).name} or {}); - in if upstream ? "name" && - override ? "name" && - compareVersions upstream.name override.name != -1 - then - trace - "Upstream `${upstream.name}' gets overridden by `${override.name}'." - override - else override; +self: super: -in { +# Import files and subdirectories like they are overlays. +foldl' mergeAttrs {} + (map + (name: import (./. + "/${name}") self super) + (filter + (name: name != "default.nix" && !hasPrefix "." name) + (attrNames (readDir ./.)))) +// + +{ # TODO use XDG_RUNTIME_DIR? cr = self.writeDashBin "cr" '' set -efu @@ -42,9 +38,4 @@ in { sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; }) {}; in nixpkgs-1509.wvdial; - } - -// mapAttrs (_: flip callPackage {}) - (filterAttrs (_: dir: pathExists (dir + "/default.nix")) - (subdirsOf ./.)) diff --git a/tv/5pkgs/djbdns/default.nix b/tv/5pkgs/simple/djbdns/default.nix similarity index 100% rename from tv/5pkgs/djbdns/default.nix rename to tv/5pkgs/simple/djbdns/default.nix diff --git a/tv/5pkgs/q/default.nix b/tv/5pkgs/simple/q/default.nix similarity index 100% rename from tv/5pkgs/q/default.nix rename to tv/5pkgs/simple/q/default.nix diff --git a/tv/5pkgs/viljetic-pages/default.nix b/tv/5pkgs/simple/viljetic-pages/default.nix similarity index 100% rename from tv/5pkgs/viljetic-pages/default.nix rename to tv/5pkgs/simple/viljetic-pages/default.nix diff --git a/tv/5pkgs/viljetic-pages/index.html b/tv/5pkgs/simple/viljetic-pages/index.html similarity index 100% rename from tv/5pkgs/viljetic-pages/index.html rename to tv/5pkgs/simple/viljetic-pages/index.html diff --git a/tv/5pkgs/viljetic-pages/logo.xpm b/tv/5pkgs/simple/viljetic-pages/logo.xpm similarity index 100% rename from tv/5pkgs/viljetic-pages/logo.xpm rename to tv/5pkgs/simple/viljetic-pages/logo.xpm diff --git a/tv/5pkgs/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix similarity index 100% rename from tv/5pkgs/xmonad-tv/default.nix rename to tv/5pkgs/simple/xmonad-tv/default.nix From ccc7601a0e95d8adccf3a4a7db837aa9f1b3b3a6 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 09:11:14 +0200 Subject: [PATCH 12/17] writeJSON: pretty-print output --- krebs/5pkgs/writers.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index c4fb8cd83..49ca3557e 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -262,7 +262,12 @@ with import ; }; }; - writeJSON = name: value: pkgs.writeText name (toJSON value); + writeJSON = name: value: pkgs.runCommand name { + json = toJSON value; + passAsFile = [ "json" ]; + } /* sh */ '' + ${pkgs.jq}/bin/jq . "$jsonPath" > "$out" + ''; writeNixFromCabal = trace (toString [ From 2dc8f450f3cf2ac0a0246878d81dceeecf7c9012 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 12:50:36 +0200 Subject: [PATCH 13/17] tv nginx krebs-pages: init --- tv/2configs/nginx/krebs-pages.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 tv/2configs/nginx/krebs-pages.nix diff --git a/tv/2configs/nginx/krebs-pages.nix b/tv/2configs/nginx/krebs-pages.nix new file mode 100644 index 000000000..4dd643db7 --- /dev/null +++ b/tv/2configs/nginx/krebs-pages.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + services.nginx = { + virtualHosts.krebs-pages = { + serverAliases = [ + "krebs.${config.krebs.build.host.name}.r" + ]; + extraConfig = '' + root ${pkgs.krebs-pages}; + ''; + }; + }; +} From 3f3b04963a263bd8b0c0fe3eeb8884b5a02d30e3 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Jul 2017 13:33:03 +0200 Subject: [PATCH 14/17] tv pkgs simple: add missing default.nix --- tv/5pkgs/simple/default.nix | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 tv/5pkgs/simple/default.nix diff --git a/tv/5pkgs/simple/default.nix b/tv/5pkgs/simple/default.nix new file mode 100644 index 000000000..1b9d8c235 --- /dev/null +++ b/tv/5pkgs/simple/default.nix @@ -0,0 +1,24 @@ +with import ; + +self: super: + +let + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = self.callPackage path args; + upstream = optionalAttrs (override ? "name") + (super.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override + else override; +in + + listToAttrs + (map + (name: nameValuePair (removeSuffix ".nix" name) + (callPackage (./. + "/${name}") {})) + (filter + (name: name != "default.nix" && !hasPrefix "." name) + (attrNames (readDir ./.)))) From 648c7ef0ba37c2a8ce8c22c740efff4dbbddc59e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2017 16:34:10 +0200 Subject: [PATCH 15/17] krebs hw: init x220.nix --- krebs/2configs/hw/x220.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 krebs/2configs/hw/x220.nix diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix new file mode 100644 index 000000000..c85bac0d4 --- /dev/null +++ b/krebs/2configs/hw/x220.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +with import ; +{ + networking.wireless.enable = lib.mkDefault true; + + hardware.enableRedistributableFirmware = true; + + hardware.cpu.intel.updateMicrocode = true; + + services.tlp.enable = true; + + boot = { + kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ]; + extraModulePackages = [ config.boot.kernelPackages.tp_smapi ]; + kernelParams = [ "acpi_backlight=none" ]; + }; + + hardware.opengl.extraPackages = [ + pkgs.vaapiIntel + pkgs.vaapiVdpau + ]; + + security.rngd.enable = true; + + services.xserver = { + videoDriver = "intel"; + }; +} From 6d7b053740b1753d3d099b4170ea4da872a883a3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2017 16:37:39 +0200 Subject: [PATCH 16/17] krebs puyak: use hw/x220 --- krebs/1systems/puyak/config.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 835d717b8..19ee2343d 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -5,6 +5,7 @@ + @@ -48,10 +49,6 @@ }; }; - hardware.enableAllFirmware = true; - networking.wireless.enable = true; - nixpkgs.config.allowUnfree = true; - services.logind.extraConfig = '' HandleLidSwitch=ignore ''; From 1bf9e1e1eea95ea9efeb72a48e19a6df11881a7f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2017 20:32:33 +0200 Subject: [PATCH 17/17] krebs: init hotdog --- krebs/1systems/hotdog/config.nix | 17 +++++++++++++++++ krebs/1systems/hotdog/source.nix | 3 +++ krebs/3modules/krebs/default.nix | 24 ++++++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 krebs/1systems/hotdog/config.nix create mode 100644 krebs/1systems/hotdog/source.nix diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix new file mode 100644 index 000000000..18c8a86cd --- /dev/null +++ b/krebs/1systems/hotdog/config.nix @@ -0,0 +1,17 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + ]; + + krebs.build.host = config.krebs.hosts.hotdog; + + boot.isContainer = true; + networking.useDHCP = false; +} diff --git a/krebs/1systems/hotdog/source.nix b/krebs/1systems/hotdog/source.nix new file mode 100644 index 000000000..0fa61b20f --- /dev/null +++ b/krebs/1systems/hotdog/source.nix @@ -0,0 +1,3 @@ +import { + name = "hotdog"; +} diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index f751b4f9f..07543489a 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -30,6 +30,30 @@ let }); in { hosts = { + hotdog = { + owner = config.krebs.users.krebs; + nets = { + retiolum = { + ip4.addr = "10.243.77.3"; + ip6.addr = "42:0:0:0:0:0:77:3"; + aliases = [ + "hotdog.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc + bZBrvxkIOyVs5oVtolPcaI0/nvtpIhSlmM6hg9qe1rZO6jXt53GVNvgdcUIfVHbX + mQmp4oVXOjPIeDqLn32Mc0O73Kp6i66zQGAXi8ejczuO0h6oSvAnjolT4wM9jugk + JBGCDlpl9mxAGDN5VOqbg2i0FxwtUk2UA9XghEaRcfBkVdsOrtW8sCwOg8YttQt9 + fs7JjezUtw7JBxN754ynaahSRODcjyJhwjE18tKx6P7wsNbgbmULFQz+7IxZ01/P + h5ZUzfd1r1pTzQ0nYD5aRtlDd7zP7y5tUwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICxFkBln23wUxt4RhIHE3GvdKeBpJbjn++6maupHqUHp"; + }; puyak = { owner = config.krebs.users.krebs; nets = {