mv: the future is now!

2017-08-29 21:00:46 +02:00 · 2017-08-29 21:00:46 +02:00 · 48c75276c5
commit 48c75276c5
parent d6aee94277
3 changed files with 31 additions and 18 deletions
--- a/mv/1systems/stro/config.nix
+++ b/mv/1systems/stro/config.nix
@ -8,18 +8,6 @@ with import <stockholm/lib>;
    build = {
      user = config.krebs.users.mv;
      host = config.krebs.hosts.stro;
-      source = let
-        HOME = getEnv "HOME";
-        host = config.krebs.build.host;
-      in {
-        nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
-        secrets.file = "${HOME}/secrets/${host.name}";
-        stockholm.file = "${HOME}/stockholm";
-        nixpkgs.git = {
-          url = https://github.com/NixOS/nixpkgs;
-          ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
-        };
-      };
    };
  };

@ -27,7 +15,7 @@ with import <stockholm/lib>;
    <secrets>
    <stockholm/krebs>
    <stockholm/tv/2configs/audit.nix>
-    <stockholm/tv/2configs/bash.nix>
+    <stockholm/tv/2configs/bash>
    <stockholm/tv/2configs/exim-retiolum.nix>
    <stockholm/tv/2configs/hw/x220.nix>
    <stockholm/tv/2configs/im.nix>
@ -40,7 +28,6 @@ with import <stockholm/lib>;
    <stockholm/tv/2configs/xdg.nix>
    <stockholm/tv/2configs/xserver>
    <stockholm/tv/3modules>
-    <stockholm/tv/5pkgs>
  ];

  boot.kernel.sysctl = {
@ -124,13 +111,13 @@ with import <stockholm/lib>;

  nix = {
    binaryCaches = ["https://cache.nixos.org"];
-    # TODO check if both are required:
-    chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
    requireSignedBinaryCaches = true;
-    useChroot = true;
+    # TODO check if both are required:
+    sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+    useSandbox = true;
  };

-  nixpkgs.config.allowUnfree = false;
+  nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;

  users = {
    defaultUserShell = "/run/current-system/sw/bin/bash";
--- a/mv/1systems/stro/source.nix
+++ b/mv/1systems/stro/source.nix
@ -0,0 +1,3 @@
+import <stockholm/mv/source.nix> {
+  name = "stro";
+}
--- a/mv/source.nix
+++ b/mv/source.nix
@ -0,0 +1,23 @@
+with import <stockholm/lib>;
+host@{ name, override ? {} }: let
+  builder = if getEnv "dummy_secrets" == "true"
+              then "buildbot"
+              else "mv";
+  _file = <stockholm> + "/mv/1systems/${name}/source.nix";
+in
+  evalSource (toString _file) [
+    {
+      nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
+      nixpkgs.git = {
+        # nixos-17.03
+        ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
+        url = https://github.com/NixOS/nixpkgs;
+      };
+      secrets.file = getAttr builder {
+        buildbot = toString <stockholm/mv/dummy_secrets>;
+        mv = "/home/mv/secrets/${name}";
+      };
+      stockholm.file = toString <stockholm>;
+    }
+    override
+  ]