Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2016-12-01 21:59:25 +01:00
commit 1e59996952
8 changed files with 111 additions and 73 deletions

View File

@ -155,14 +155,13 @@ let
to = concatMapStringsSep "," (getAttr "mail") (toList to);
};
in mapAttrsToList format (with config.krebs.users; let
eloop-ml = spam-ml ++ [ ciko Mic92 ];
eloop-ml = spam-ml ++ [ ciko ];
spam-ml = [
lass
makefu
tv
];
ciko.mail = "wieczorek.stefan@gmail.com";
Mic92.mail = "joerg@higgsboson.tk";
in {
"anmeldung@eloop.org" = eloop-ml;
"cfp@eloop.org" = eloop-ml;

View File

@ -29,9 +29,10 @@ let
tables = mkOption {
type = with types; attrsOf (attrsOf (submodule ({
options = {
#TODO: find out good defaults.
policy = mkOption {
type = str;
default = "-";
default = "ACCEPT";
};
rules = mkOption {
type = nullOr (listOf (submodule ({
@ -133,30 +134,9 @@ let
#=====
rules = iptables-version:
let
#TODO: find out good defaults.
tables-defaults = {
nat.PREROUTING.policy = "ACCEPT";
nat.INPUT.policy = "ACCEPT";
nat.OUTPUT.policy = "ACCEPT";
nat.POSTROUTING.policy = "ACCEPT";
filter.INPUT.policy = "ACCEPT";
filter.FORWARD.policy = "ACCEPT";
filter.OUTPUT.policy = "ACCEPT";
#if someone specifies any other rules on this chain, the default rules get lost.
#is this wanted beahiviour or a bug?
#TODO: implement abstraction of rules
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
];
};
tables = tables-defaults // cfg.tables;
in
pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
${buildTables iptables-version tables}
'';
pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
${buildTables iptables-version cfg.tables}
'';
startScript = pkgs.writeDash "krebs-iptables_start" ''
set -euf

View File

@ -36,6 +36,7 @@ in {
gitAndTools.qgit
lm_sensors
much
ncdu
nmap
pavucontrol
powertop

View File

@ -18,25 +18,34 @@ in {
};
change_source.stockholm = ''
stockholm_repo = '${stockholm-mirror-url}'
cs.append(changes.GitPoller(
cs.append(
changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=120))
pollinterval=120
)
)
'';
scheduler = {
build-scheduler = ''
# build all hosts
sched.append(schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=10,
name="build-all-branches",
builderNames=["build-all", "build-pkgs"]))
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=10,
name="build-all-branches",
builderNames=["build-hosts", "build-pkgs"]
)
)
'';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(repourl=stockholm_repo, mode='full')
grab_repo = steps.Git(
repourl=stockholm_repo,
mode='full'
)
# TODO: get nixpkgs/stockholm paths from krebs
env_lass = {
@ -57,45 +66,73 @@ in {
# prepare nix-shell
# the dependencies which are used by the test script
deps = [ "gnumake", "jq", "nix", "(import <stockholm>).pkgs.populate", "openssh" ]
deps = [
"gnumake",
"jq",
"nix",
"(import <stockholm>).pkgs.populate",
"openssh"
]
# TODO: --pure , prepare ENV in nix-shell command:
# SSL_CERT_FILE,LOGNAME,NIX_REMOTE
nixshell = ["nix-shell",
"-I", "stockholm=.",
"-I", "nixpkgs=/var/src/nixpkgs",
"-p" ] + deps + [ "--run" ]
nixshell = [
"nix-shell",
"-I", "stockholm=.",
"-I", "nixpkgs=/var/src/nixpkgs",
"-p"
] + deps + [ "--run" ]
# prepare addShell function
def addShell(factory,**kwargs):
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
build-all = ''
build-hosts = ''
f = util.BuildFactory()
f.addStep(grab_repo)
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
for i in [ "test-minimal-deploy", "test-all-krebs-modules", "wolf", "test-centos7" ]:
addShell(f,name="build-{}".format(i),env=env_shared,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
system={}".format(i)])
system={}".format(i)
]
)
for i in [ "mors", "uriel", "shodan", "helios", "cloudkrebs", "echelon", "dishfire", "prism" ]:
addShell(f,name="build-{}".format(i),env=env_lass,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
system={}".format(i)
]
)
for i in [ "x", "wry", "vbob", "wbob", "shoney" ]:
addShell(f,name="build-{}".format(i),env=env_makefu,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
addShell(f,name="build-{}".format(i),env=env_makefu,
command=nixshell + \
["mkdir -p /tmp/testbuild/$LOGNAME && touch /tmp/testbuild/$LOGNAME/.populate; \
make \
test \
target=$LOGNAME@${config.krebs.build.host.name}/tmp/testbuild/$LOGNAME \
method=build \
system={}".format(i)])
system={}".format(i)
]
)
bu.append(util.BuilderConfig(name="build-all",
workernames=workernames,
factory=f))
bu.append(
util.BuilderConfig(
name="build-hosts",
workernames=workernames,
factory=f
)
)
'';

View File

@ -2,10 +2,28 @@
let
mainUser = config.users.extraUsers.mainUser;
doom = pkgs.writeDash "doom" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${pkgs.zandronum}/bin/zandronum \
-file $DOOM_DIR/lib/brutalv20.pk3 \
-file $DOOM_DIR/lib/RebotStarcraftMarines.pk3 \
-fov 120 \
"$@"
'';
doom1 = pkgs.writeDashBin "doom1" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${doom} -iwad $DOOM_DIR/wads/stock/doom.wad "$@"
'';
doom2 = pkgs.writeDashBin "doom2" ''
DOOM_DIR=''${DOOM_DIR:-~/doom/}
${doom} -iwad $DOOM_DIR/wads/stock/doom2.wad "$@"
'';
in {
environment.systemPackages = with pkgs; [
dwarf_fortress
doom1
doom2
];
users.extraUsers = {

View File

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e";
ref = "e360c7205f84be180d80b97f3980fb809a951486";
};
}

View File

@ -5,25 +5,39 @@
{
imports =
[ # Include the results of the hardware scan.
[ # base
../.
../2configs/main-laptop.nix #< base-gui + zsh
../2configs/main-laptop.nix
../2configs/laptop-utils.nix
../2configs/laptop-backup.nix
# Krebs
#../2configs/disable_v6.nix
../2configs/rad1o.nix
# testing
#../2configs/elchos/search.nix
#../2configs/temp/share-samba.nix
# ../2configs/mediawiki.nix
# ../2configs/wordpress.nix
# ../2configs/nginx/public_html.nix
# ../2configs/nginx/icecult.nix
../2configs/laptop-backup.nix
#../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
../2configs/tinc/siem.nix
#../2configs/torrent.nix
# Krebs
../2configs/disable_v6.nix
../2configs/tinc/retiolum.nix
# applications
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
../2configs/printer.nix
../2configs/virtualization.nix
../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
../2configs/rad1o.nix
# services
../2configs/git/brain-retiolum.nix
@ -37,19 +51,8 @@
../2configs/hw/bcm4352.nix
# mount points
../2configs/fs/sda-crypto-root-home.nix
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
#../2configs/nginx/public_html.nix
../2configs/nginx/icecult.nix
../2configs/tinc/retiolum.nix
# temporary modules
../2configs/temp/share-samba.nix
../2configs/laptop-backup.nix
#../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
../2configs/tinc/siem.nix
#../2configs/torrent.nix
];
makefu.full-populate = true;