From 48c75276c5a5ed8e7ea33ccb330f8ee6b7a6a927 Mon Sep 17 00:00:00 2001
From: mv <mv@ni.r>
Date: Tue, 29 Aug 2017 21:00:46 +0200
Subject: [PATCH] mv: the future is now!

---
 mv/1systems/{stro.nix => stro/config.nix} | 23 +++++------------------
 mv/1systems/stro/source.nix               |  3 +++
 mv/source.nix                             | 23 +++++++++++++++++++++++
 3 files changed, 31 insertions(+), 18 deletions(-)
 rename mv/1systems/{stro.nix => stro/config.nix} (84%)
 create mode 100644 mv/1systems/stro/source.nix
 create mode 100644 mv/source.nix

diff --git a/mv/1systems/stro.nix b/mv/1systems/stro/config.nix
similarity index 84%
rename from mv/1systems/stro.nix
rename to mv/1systems/stro/config.nix
index bb37aedda..669655eec 100644
--- a/mv/1systems/stro.nix
+++ b/mv/1systems/stro/config.nix
@@ -8,18 +8,6 @@ with import <stockholm/lib>;
     build = {
       user = config.krebs.users.mv;
       host = config.krebs.hosts.stro;
-      source = let
-        HOME = getEnv "HOME";
-        host = config.krebs.build.host;
-      in {
-        nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
-        secrets.file = "${HOME}/secrets/${host.name}";
-        stockholm.file = "${HOME}/stockholm";
-        nixpkgs.git = {
-          url = https://github.com/NixOS/nixpkgs;
-          ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
-        };
-      };
     };
   };
 
@@ -27,7 +15,7 @@ with import <stockholm/lib>;
     <secrets>
     <stockholm/krebs>
     <stockholm/tv/2configs/audit.nix>
-    <stockholm/tv/2configs/bash.nix>
+    <stockholm/tv/2configs/bash>
     <stockholm/tv/2configs/exim-retiolum.nix>
     <stockholm/tv/2configs/hw/x220.nix>
     <stockholm/tv/2configs/im.nix>
@@ -40,7 +28,6 @@ with import <stockholm/lib>;
     <stockholm/tv/2configs/xdg.nix>
     <stockholm/tv/2configs/xserver>
     <stockholm/tv/3modules>
-    <stockholm/tv/5pkgs>
   ];
 
   boot.kernel.sysctl = {
@@ -124,13 +111,13 @@ with import <stockholm/lib>;
 
   nix = {
     binaryCaches = ["https://cache.nixos.org"];
-    # TODO check if both are required:
-    chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
     requireSignedBinaryCaches = true;
-    useChroot = true;
+    # TODO check if both are required:
+    sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
+    useSandbox = true;
   };
 
-  nixpkgs.config.allowUnfree = false;
+  nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
 
   users = {
     defaultUserShell = "/run/current-system/sw/bin/bash";
diff --git a/mv/1systems/stro/source.nix b/mv/1systems/stro/source.nix
new file mode 100644
index 000000000..888d616c8
--- /dev/null
+++ b/mv/1systems/stro/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/mv/source.nix> {
+  name = "stro";
+}
diff --git a/mv/source.nix b/mv/source.nix
new file mode 100644
index 000000000..8b1563914
--- /dev/null
+++ b/mv/source.nix
@@ -0,0 +1,23 @@
+with import <stockholm/lib>;
+host@{ name, override ? {} }: let
+  builder = if getEnv "dummy_secrets" == "true"
+              then "buildbot"
+              else "mv";
+  _file = <stockholm> + "/mv/1systems/${name}/source.nix";
+in
+  evalSource (toString _file) [
+    {
+      nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
+      nixpkgs.git = {
+        # nixos-17.03
+        ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
+        url = https://github.com/NixOS/nixpkgs;
+      };
+      secrets.file = getAttr builder {
+        buildbot = toString <stockholm/mv/dummy_secrets>;
+        mv = "/home/mv/secrets/${name}";
+      };
+      stockholm.file = toString <stockholm>;
+    }
+    override
+  ]