Merge remote-tracking branch 'cd/master'

default.nix

@@ -8,6 +8,12 @@ let
       "${user-name}/1systems/${system-name}.nix"
       "${user-name}/3modules"
       "krebs/3modules"
+    ] ++ [
+      ({ lib, pkgs, ... }: {
+       _module.args.pkgs =
+         (import ./krebs/5pkgs { inherit lib pkgs; }) //
+         (import (./. + "/${user-name}/5pkgs") { inherit lib pkgs; });
+      })
     ];
   };
 

krebs/3modules/default.nix

@@ -272,6 +272,7 @@ let
             '';
           };
         };
+        secure = true;
       };
       mors = {
         cores = 2;
@@ -302,12 +303,12 @@ let
     };
     users = addNames {
       lass = {
-        pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
+        pubkey = readFile ../Zpubkeys/lass.ssh.pub;
         mail = "lass@mors.retiolum";
       };
       uriel = {
-        pubkey = readFile ../../Zpubkeys/uriel.ssh.pub;
-        mail = "uriel@mors.retiolum";
+        pubkey = readFile ../Zpubkeys/uriel.ssh.pub;
+        mail = "lass@uriel.retiolum";
       };
     };
   };
@@ -513,7 +514,7 @@ let
     users = addNames {
       makefu = {
         mail = "makefu@pornocauster.retiolum";
-        pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
+        pubkey = readFile ../Zpubkeys/makefu_arch.ssh.pub;
       };
     };
   };
@@ -684,11 +685,11 @@ let
     users = addNames {
       mv = {
         mail = "mv@cd.retiolum";
-        pubkey = readFile ../../Zpubkeys/mv_vod.ssh.pub;
+        pubkey = readFile ../Zpubkeys/mv_vod.ssh.pub;
       };
       tv = {
         mail = "tv@wu.retiolum";
-        pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub;
+        pubkey = readFile ../Zpubkeys/tv_wu.ssh.pub;
       };
     };
   };

krebs/3modules/github-hosts-sync.nix

@@ -61,9 +61,9 @@ let
             ${cfg.ssh-identity-file} \
             "$ssh_identity_file_target"
 
-          ln -snf ${kpkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts
+          ln -snf ${pkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts
         '';
-        ExecStart = "${kpkgs.github-hosts-sync}/bin/github-hosts-sync";
+        ExecStart = "${pkgs.github-hosts-sync}/bin/github-hosts-sync";
       };
     };
 
@@ -77,7 +77,5 @@ let
     name = "github-hosts-sync";
     uid = 3220554646; # genid github-hosts-sync
   };
-
-  kpkgs = import ../../krebs/5pkgs { inherit pkgs; };
 in
 out

krebs/3modules/retiolum.nix

@@ -58,7 +58,7 @@ let
 
     hosts = mkOption {
       type = with types; either package path;
-      default = ../../Zhosts;
+      default = ../Zhosts;
       description = ''
         If a path is given, then it will be used to generate an ad-hoc package.
       '';

krebs/4lib/default.nix

@@ -14,5 +14,12 @@ builtins // lib // rec {
 
   dns = import ./dns.nix { inherit lib; };
   listset = import ./listset.nix { inherit lib; };
+  shell = import ./shell.nix { inherit lib; };
   tree = import ./tree.nix { inherit lib; };
+
+  toC = x: {
+    list = "{ ${concatStringsSep ", " (map toC x)} }";
+    null = "NULL";
+    string = toJSON x; # close enough
+  }.${typeOf x};
 }

krebs/4lib/shell.nix

@@ -0,0 +1,22 @@
+{ lib, ... }:
+
+with builtins;
+with lib;
+
+rec {
+  escape =
+    let
+      isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null;
+    in
+    stringAsChars (c:
+      if isSafeChar c then c
+      else if c == "\n" then "'\n'"
+      else "\\${c}");
+
+  #
+  # shell script generators
+  #
+
+  # example: "${cat (toJSON { foo = "bar"; })} | jq -r .foo"
+  cat = s: "printf '%s' ${escape s}";
+}

krebs/5pkgs/default.nix

@@ -1,16 +1,52 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
+
+with import ../4lib { inherit lib; };
 
 let
   inherit (pkgs) callPackage;
 in
 
-pkgs //
-{
-  cac = callPackage ./cac.nix {};
-  dic = callPackage ./dic.nix {};
-  genid = callPackage ./genid.nix {};
-  github-hosts-sync = callPackage ./github-hosts-sync.nix {};
-  github-known_hosts = callPackage ./github-known_hosts.nix {};
-  hashPassword = callPackage ./hashPassword.nix {};
-  posix-array = callPackage ./posix-array.nix {};
+rec {
+  cac = callPackage ./cac {};
+  charybdis = callPackage ./charybdis {};
+  dic = callPackage ./dic {};
+  genid = callPackage ./genid {};
+  github-hosts-sync = callPackage ./github-hosts-sync {};
+  github-known_hosts = callPackage ./github-known_hosts {};
+  hashPassword = callPackage ./hashPassword {};
+  lentil = callPackage ./lentil {};
+  much = callPackage ./much {};
+  nq = callPackage ./nq {};
+  posix-array = callPackage ./posix-array {};
+  pssh = callPackage ./pssh {};
+  youtube-tools = callPackage ./youtube-tools {};
+
+  execve = name: { filename, argv, envp ? {}, destination ? "" }:
+    writeC name { inherit destination; } ''
+      #include <unistd.h>
+      int main () {
+        const char *filename = ${toC filename};
+        char *const argv[] = ${toC (argv ++ [null])};
+        char *const envp[] = ${toC (
+          mapAttrsToList (k: v: "${k}=${v}") envp ++ [null]
+        )};
+        execve(filename, argv, envp);
+        return -1;
+      }
+    '';
+
+  execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
+
+  writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
+    PATH=${lib.makeSearchPath "bin" (with pkgs; [
+      binutils
+      coreutils
+      gcc
+    ])}
+    src=${pkgs.writeText "${name}.c" src}
+    exe=$out${destination}
+    mkdir -p "$(dirname "$exe")"
+    gcc -O -Wall -o "$exe" $src
+    strip --strip-unneeded "$exe"
+  '';
 }

krebs/5pkgs/github-known_hosts/default.nix

@@ -4,7 +4,7 @@ with builtins;
 with lib;
 
 let
-  github-pubkey = removeSuffix "\n" (readFile ../../Zpubkeys/github.ssh.pub);
+  github-pubkey = removeSuffix "\n" (readFile ./github.ssh.pub);
 in
 
 toFile "github-known_hosts"

krebs/5pkgs/nq/default.nix

@@ -0,0 +1,16 @@
+{ fetchgit, stdenv }:
+
+stdenv.mkDerivation rec {
+  name = "nq-${rev}";
+  rev = "0eae839cb1";
+
+  src = fetchgit {
+    url = https://github.com/chneukirchen/nq;
+    inherit rev;
+    sha256 = "1150274750cde934932d65bd6053d7a0ba2404a59eadfb87fc6bd8a4fb70febb";
+  };
+
+  configurePhase = ''
+    sed -i "s:^PREFIX=.*:PREFIX=$out:" Makefile
+  '';
+}

krebs/5pkgs/pssh/default.nix

@@ -0,0 +1,37 @@
+{ writeScriptBin }:
+
+writeScriptBin "pssh" ''
+  #! /bin/sh
+  set -efu
+  case ''${1-} in
+
+  # TODO create plog with -o json | jq ... | map date
+
+  # usage: pssh {-j,--journal} host...
+  # Follow journal at each host.
+  -j|--journal)
+    shift
+    "$0" journalctl -n0 -ocat --follow --all ::: "$@" \
+      | while read line; do
+          printf '%s %s\n' "$(date --rfc-3339=s)" "$line"
+        done
+    ;;
+
+  -*)
+    echo $0: unknown option: $1 >&2
+    exit 1
+    ;;
+
+  # usage: pssh command [arg...] ::: host...
+  # Run command at each host.
+  *)
+    exec parallel \
+      --line-buffer \
+      -j0 \
+      --no-notice \
+      --tagstring {} \
+      ssh -T {} "$@"
+    ;;
+
+  esac
+''

krebs/5pkgs/youtube-tools/default.nix

@@ -0,0 +1,21 @@
+{ stdenv, fetchgit, ... }:
+
+stdenv.mkDerivation {
+  name = "youtube-tools";
+
+  src = fetchgit {
+    url = https://github.com/Lassulus/the_playlist;
+    rev = "9218b163f2d8bc965b853ed9fc9e13d15a703456";
+    sha256 = "ae5db4be652d015a518e57e4ed2de34b9127e77d9272af3049832bb134e96e4d";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp bin/* $out/bin/
+  '';
+}

krebs/Zhosts/flap

@@ -1,4 +1,5 @@
 Subnet = 10.243.211.172
+Subnet = 10.243.211.172 53
 Subnet = 42:472a:3d01:bbe4:4425:567e:592b:065d
 
 -----BEGIN RSA PUBLIC KEY-----

krebs/Zhosts/gum

@@ -1,4 +1,5 @@
 Address= 195.154.108.70
+Address= 195.154.108.70 53
 Subnet = 10.243.0.211
 Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
 Aliases = paste