mv: the future is now!
This commit is contained in:
parent
d6aee94277
commit
48c75276c5
@ -8,18 +8,6 @@ with import <stockholm/lib>;
|
|||||||
build = {
|
build = {
|
||||||
user = config.krebs.users.mv;
|
user = config.krebs.users.mv;
|
||||||
host = config.krebs.hosts.stro;
|
host = config.krebs.hosts.stro;
|
||||||
source = let
|
|
||||||
HOME = getEnv "HOME";
|
|
||||||
host = config.krebs.build.host;
|
|
||||||
in {
|
|
||||||
nixos-config.symlink = "stockholm/mv/1systems/${host.name}.nix";
|
|
||||||
secrets.file = "${HOME}/secrets/${host.name}";
|
|
||||||
stockholm.file = "${HOME}/stockholm";
|
|
||||||
nixpkgs.git = {
|
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
|
||||||
ref = "8bf31d7d27cae435d7c1e9e0ccb0a320b424066f";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -27,7 +15,7 @@ with import <stockholm/lib>;
|
|||||||
<secrets>
|
<secrets>
|
||||||
<stockholm/krebs>
|
<stockholm/krebs>
|
||||||
<stockholm/tv/2configs/audit.nix>
|
<stockholm/tv/2configs/audit.nix>
|
||||||
<stockholm/tv/2configs/bash.nix>
|
<stockholm/tv/2configs/bash>
|
||||||
<stockholm/tv/2configs/exim-retiolum.nix>
|
<stockholm/tv/2configs/exim-retiolum.nix>
|
||||||
<stockholm/tv/2configs/hw/x220.nix>
|
<stockholm/tv/2configs/hw/x220.nix>
|
||||||
<stockholm/tv/2configs/im.nix>
|
<stockholm/tv/2configs/im.nix>
|
||||||
@ -40,7 +28,6 @@ with import <stockholm/lib>;
|
|||||||
<stockholm/tv/2configs/xdg.nix>
|
<stockholm/tv/2configs/xdg.nix>
|
||||||
<stockholm/tv/2configs/xserver>
|
<stockholm/tv/2configs/xserver>
|
||||||
<stockholm/tv/3modules>
|
<stockholm/tv/3modules>
|
||||||
<stockholm/tv/5pkgs>
|
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl = {
|
||||||
@ -124,13 +111,13 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
binaryCaches = ["https://cache.nixos.org"];
|
binaryCaches = ["https://cache.nixos.org"];
|
||||||
# TODO check if both are required:
|
|
||||||
chrootDirs = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
|
||||||
requireSignedBinaryCaches = true;
|
requireSignedBinaryCaches = true;
|
||||||
useChroot = true;
|
# TODO check if both are required:
|
||||||
|
sandboxPaths = [ "/etc/protocols" pkgs.iana_etc.outPath ];
|
||||||
|
useSandbox = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = false;
|
nixpkgs.config.packageOverrides = import <stockholm/tv/5pkgs> pkgs;
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
defaultUserShell = "/run/current-system/sw/bin/bash";
|
defaultUserShell = "/run/current-system/sw/bin/bash";
|
3
mv/1systems/stro/source.nix
Normal file
3
mv/1systems/stro/source.nix
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
import <stockholm/mv/source.nix> {
|
||||||
|
name = "stro";
|
||||||
|
}
|
23
mv/source.nix
Normal file
23
mv/source.nix
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
with import <stockholm/lib>;
|
||||||
|
host@{ name, override ? {} }: let
|
||||||
|
builder = if getEnv "dummy_secrets" == "true"
|
||||||
|
then "buildbot"
|
||||||
|
else "mv";
|
||||||
|
_file = <stockholm> + "/mv/1systems/${name}/source.nix";
|
||||||
|
in
|
||||||
|
evalSource (toString _file) [
|
||||||
|
{
|
||||||
|
nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
|
||||||
|
nixpkgs.git = {
|
||||||
|
# nixos-17.03
|
||||||
|
ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
|
||||||
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
|
};
|
||||||
|
secrets.file = getAttr builder {
|
||||||
|
buildbot = toString <stockholm/mv/dummy_secrets>;
|
||||||
|
mv = "/home/mv/secrets/${name}";
|
||||||
|
};
|
||||||
|
stockholm.file = toString <stockholm>;
|
||||||
|
}
|
||||||
|
override
|
||||||
|
]
|
Loading…
Reference in New Issue
Block a user