Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into HEAD

Browse Source
This commit is contained in:
jeschli 2018-03-13 18:52:07 +01:00
commit 6267aa4250
23 changed files with 289 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
jeschli/source.nix
View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot" then "buildbot"
else "jeschli"; else "jeschli";
_file = <stockholm> + "/jeschli/1systems/${name}/source.nix"; _file = <stockholm> + "/jeschli/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -17,6 +22,7 @@ in
jeschli = "${getEnv "HOME"}/secrets/${name}"; jeschli = "${getEnv "HOME"}/secrets/${name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
override override
] ]

6
krebs/3modules/os-release.nix
View File

@ -5,7 +5,11 @@ let
nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
nixos-pretty-name = "NixOS ${nixos-version}"; nixos-pretty-name = "NixOS ${nixos-version}";
stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown"; stockholm-version-id = let
eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>));
in
if eval.success then eval.value else "unknown";
stockholm-version = "${stockholm-version-id}"; stockholm-version = "${stockholm-version-id}";
stockholm-pretty-name = "stockholm ${stockholm-version}"; stockholm-pretty-name = "stockholm ${stockholm-version}";

6
krebs/3modules/repo-sync.nix
View File

@ -18,10 +18,10 @@ let
type = types.attrsOf (types.submodule ({ config, ... }: { type = types.attrsOf (types.submodule ({ config, ... }: {
options = { options = {
origin = mkOption { origin = mkOption {
type = types.git-source; type = types.source-types.git;
}; };
mirror = mkOption { mirror = mkOption {
type = types.git-source; type = types.source-types.git;
}; };
}; };
config = { config = {
@ -31,7 +31,7 @@ let
})); }));
}; };
latest = mkOption { latest = mkOption {
type = types.nullOr types.git-source; type = types.nullOr types.source-types.git;
default = null; default = null;
}; };
timerConfig = mkOption { timerConfig = mkOption {

4
krebs/5pkgs/simple/populate/default.nix
View File

@ -16,12 +16,12 @@ in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "populate"; name = "populate";
version = "2.1.0"; version = "2.3.0";
src = fetchgit { src = fetchgit {
url = http://cgit.ni.krebsco.de/populate; url = http://cgit.ni.krebsco.de/populate;
rev = "refs/tags/v${version}"; rev = "refs/tags/v${version}";
sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh"; sha256 = "05zr132k1s3a1cc879lvhb83hax7dbfmsbrnxmh7dxjcdg3yhxd7";
}; };
phases = [ phases = [

2
krebs/5pkgs/simple/stockholm/default.nix
View File

@ -216,7 +216,6 @@
init.env = pkgs.writeText "init.env" /* sh */ '' init.env = pkgs.writeText "init.env" /* sh */ ''
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}"
export quiet export quiet
export system export system
@ -251,7 +250,6 @@
"$target_user@$target_host" -p "$target_port" \ "$target_user@$target_host" -p "$target_port" \
cd "$target_path/stockholm" \; \ cd "$target_path/stockholm" \; \
NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \
STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \
nix-shell --run "$(${pkgs.quote}/bin/quote " nix-shell --run "$(${pkgs.quote}/bin/quote "
${lib.concatStringsSep " " (lib.mapAttrsToList ${lib.concatStringsSep " " (lib.mapAttrsToList
(name: opt: /* sh */ (name: opt: /* sh */

4
krebs/5pkgs/simple/urlwatch/default.nix
View File

@ -2,13 +2,13 @@
python3Packages.buildPythonApplication rec { python3Packages.buildPythonApplication rec {
name = "urlwatch-${version}"; name = "urlwatch-${version}";
version = "2.7"; version = "2.8";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "thp"; owner = "thp";
repo = "urlwatch"; repo = "urlwatch";
rev = version; rev = version;
sha256 = "0fx964z73yv08b1lpymmjsigf6929zx9ax5bp34rcf2c5gk11l5m"; sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
}; };
propagatedBuildInputs = with python3Packages; [ propagatedBuildInputs = with python3Packages; [

6
krebs/source.nix
View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot" then "buildbot"
else "krebs"; else "krebs";
_file = <stockholm> + "/krebs/1systems/${name}/source.nix"; _file = <stockholm> + "/krebs/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -16,6 +21,7 @@ in
}; };
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = { nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27 ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27

2
lass/1systems/mors/config.nix
View File

@ -182,7 +182,7 @@ with import <stockholm/lib>;
echo 'secrets are crypted' >&2 echo 'secrets are crypted' >&2
exit 23 exit 23
else else
exec nix-shell -I stockholm="$PWD" --run 'deploy --diff --system="$SYSTEM"' exec nix-shell -I stockholm="$PWD" --run 'deploy --system="$SYSTEM"'
fi fi
''; '';
predeploy = pkgs.writeDash "predeploy" '' predeploy = pkgs.writeDash "predeploy" ''

8
lass/2configs/baseX.nix
View File

@ -2,6 +2,7 @@
with import <stockholm/lib>; with import <stockholm/lib>;
let let
user = config.krebs.build.user; user = config.krebs.build.user;
xmonad-lass = pkgs.callPackage <stockholm/lass/5pkgs/custom/xmonad-lass> { inherit config; };
in { in {
imports = [ imports = [
./mpv.nix ./mpv.nix
@ -84,7 +85,6 @@ in {
powertop powertop
push push
rxvt_unicode_with-plugins rxvt_unicode_with-plugins
screengrab
slock slock
sxiv sxiv
timewarrior timewarrior
@ -99,6 +99,7 @@ in {
zathura zathura
cabal2nix cabal2nix
xephyrify
]; ];
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
@ -129,7 +130,6 @@ in {
}; };
systemd.user.services.xmonad = { systemd.user.services.xmonad = {
#wantedBy = [ "graphical-session.target" ];
environment = { environment = {
DISPLAY = ":${toString config.services.xserver.display}"; DISPLAY = ":${toString config.services.xserver.display}";
RXVT_SOCKET = "%t/urxvtd-socket"; RXVT_SOCKET = "%t/urxvtd-socket";
@ -137,8 +137,8 @@ in {
}; };
serviceConfig = { serviceConfig = {
SyslogIdentifier = "xmonad"; SyslogIdentifier = "xmonad";
ExecStart = "${pkgs.xmonad-lass}/bin/xmonad"; ExecStart = "${xmonad-lass}/bin/xmonad";
ExecStop = "${pkgs.xmonad-lass}/bin/xmonad --shutdown"; ExecStop = "${xmonad-lass}/bin/xmonad --shutdown";
}; };
restartIfChanged = false; restartIfChanged = false;
}; };

10
lass/2configs/exim-smarthost.nix
View File

@ -11,7 +11,6 @@ with import <stockholm/lib>;
primary_hostname = "lassul.us"; primary_hostname = "lassul.us";
sender_domains = [ sender_domains = [
"lassul.us" "lassul.us"
"aidsballs.de"
]; ];
relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [ relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors config.krebs.hosts.mors
@ -70,6 +69,15 @@ with import <stockholm/lib>;
{ from = "aws@lassul.us"; to = lass.mail; } { from = "aws@lassul.us"; to = lass.mail; }
{ from = "reddit@lassul.us"; to = lass.mail; } { from = "reddit@lassul.us"; to = lass.mail; }
{ from = "banggood@lassul.us"; to = lass.mail; } { from = "banggood@lassul.us"; to = lass.mail; }
{ from = "immoscout@lassul.us"; to = lass.mail; }
{ from = "gmail@lassul.us"; to = lass.mail; }
{ from = "amazon@lassul.us"; to = lass.mail; }
{ from = "humblebundle@lassul.us"; to = lass.mail; }
{ from = "meetup@lassul.us"; to = lass.mail; }
{ from = "gebfrei@lassul.us"; to = lass.mail; }
{ from = "github@lassul.us"; to = lass.mail; }
{ from = "ovh@lassul.us"; to = lass.mail; }
{ from = "hetzner@lassul.us"; to = lass.mail; }
]; ];
system-aliases = [ system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; } { from = "mailer-daemon"; to = "postmaster"; }

34
lass/2configs/mail.nix
View File

@ -22,20 +22,45 @@ let
mailboxes = { mailboxes = {
c-base = [ "to:c-base.org" ]; c-base = [ "to:c-base.org" ];
coins = [
"to:btce@lassul.us"
"to:coinbase@lassul.us"
"to:polo@lassul.us"
"to:bitwala@lassul.us"
"to:payeer@lassul.us"
"to:gatehub@lassul.us"
"to:bitfinex@lassul.us"
"to:binance@lassul.us"
"to:bitcoin.de@lassul.us"
"to:robinhood@lassul.us"
];
dezentrale = [ "to:dezentrale.space" ]; dezentrale = [ "to:dezentrale.space" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" ]; dhl = [ "to:dhl@lassul.us" ];
github = [ "to:github@lassul.us" ];
gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ];
kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ];
nix-devel = [ "to:nix-devel@googlegroups.com" ]; nix-devel = [ "to:nix-devel@googlegroups.com" ];
patreon = [ "to:patreon@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ];
security = [ "to:seclists.org" "to:security" "to:bugtraq" ]; paypal = [ "to:paypal@lassul.us" ];
ptl = [ "to:ptl@posttenebraslab.ch" ];
retiolum = [ "to:lass@mors.r" ];
security = [ "to:seclists.org" "to:bugtraq" "to:securityfocus@lassul.us" ];
shack = [ "to:shackspace.de" ]; shack = [ "to:shackspace.de" ];
steam = [ "to:steam@lassul.us" ];
tinc = [ "to:tinc@tinc-vpn.org" "to:tinc-devel@tinc-vpn.org" ];
wireguard = [ "to:wireguard@lists.zx2c4" ]; wireguard = [ "to:wireguard@lists.zx2c4" ];
zzz = [ "to:pizza@lassul.us" "to:spam@krebsco.de" ];
}; };
tag-mails = pkgs.writeDashBin "nm-init-tag" '' tag-new-mails = pkgs.writeDashBin "nm-tag-init" ''
${pkgs.notmuch}/bin/notmuch new ${pkgs.notmuch}/bin/notmuch new
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)} ${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox +${i.name} -- tag:inbox ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
''; '';
tag-old-mails = pkgs.writeDashBin "nm-tag-old" ''
${concatMapStringsSep "\n" (i: ''${pkgs.notmuch}/bin/notmuch tag -inbox -archive +${i.name} -- ${concatMapStringsSep " or " (f: "${f}") i.value}'') (mapAttrsToList nameValuePair mailboxes)}
'';
muttrc = pkgs.writeText "muttrc" '' muttrc = pkgs.writeText "muttrc" ''
# gpg # gpg
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
@ -170,6 +195,7 @@ in {
mutt mutt
pkgs.much pkgs.much
pkgs.notmuch pkgs.notmuch
tag-mails tag-new-mails
tag-old-mails
]; ];
} }

9
lass/5pkgs/xmonad-lass.nix → lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -143,12 +143,21 @@ myKeyMap =
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show") , ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
, ("M4-<F4>", spawn "${pkgs.writeDash "nm-dmenu" ''
export PATH=$PATH:${pkgs.dmenu}/bin:${pkgs.networkmanagerapplet}/bin
exec ${pkgs.networkmanager_dmenu}/bin/networkmanager_dmenu "$@"
''}")
, ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1") , ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
, ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10") , ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33") , ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100") , ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
, ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter") , ("<Pause>", spawn "${pkgs.xcalib}/bin/xcalib -invert -alter")
--, ("M4-w", screenWorkspace 0 >>= (windows . W.greedyView))
--, ("M4-e", screenWorkspace 1 >>= (windows . W.greedyView))
--, ("M4-r", screenWorkspace 2 >>= (windows . W.greedyView))
] ]
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()

63
lass/5pkgs/default.nix
View File

@ -1,40 +1,39 @@
{ config, pkgs, ... }@args: with import <stockholm/lib>;
self: super: let
{ # This callPackage will try to detect obsolete overrides.
nixpkgs.config.packageOverrides = rec { callPackage = path: args: let
acronym = pkgs.callPackage ./acronym/default.nix {}; override = super.callPackage path args;
dpass = pkgs.callPackage ./dpass {}; upstream = optionalAttrs (override ? "name")
firefoxPlugins = { (super.${(parseDrvName override.name).name} or {});
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {}; in if upstream ? "name" &&
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {}; override ? "name" &&
vimperator = pkgs.callPackage ./firefoxPlugins/vimperator.nix {}; compareVersions upstream.name override.name != -1
}; then
init = pkgs.callPackage ./init/default.nix args; trace
logify = pkgs.callPackage ./logify/default.nix {}; "Upstream `${upstream.name}' gets overridden by `${override.name}'."
mk_sql_pair = pkgs.callPackage ./mk_sql_pair/default.nix {}; override
mpv-poll = pkgs.callPackage ./mpv-poll/default.nix {}; else override;
pop = pkgs.callPackage ./pop/default.nix {};
q = pkgs.callPackage ./q {};
rs = pkgs.callPackage ./rs/default.nix {};
urban = pkgs.callPackage ./urban/default.nix {};
xml2json = pkgs.callPackage ./xml2json/default.nix {};
xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; };
yt-next = pkgs.callPackage ./yt-next/default.nix {};
bank = pkgs.writeDashBin "bank" '' subdirsOf = path:
mapAttrs (name: _: path + "/${name}")
(filterAttrs (_: eq "directory") (readDir path));
in {
bank = self.writeDashBin "bank" ''
tmp=$(mktemp) tmp=$(mktemp)
${pkgs.pass}/bin/pass show hledger > $tmp ${self.pass}/bin/pass show hledger > $tmp
${pkgs.hledger}/bin/hledger --file=$tmp "$@" ${self.hledger}/bin/hledger --file=$tmp "$@"
${pkgs.pass}/bin/pass show hledger | if ${pkgs.diffutils}/bin/diff $tmp -; then ${self.pass}/bin/pass show hledger | if ${self.diffutils}/bin/diff $tmp -; then
exit 0 exit 0
else else
${pkgs.coreutils}/bin/cat $tmp | ${pkgs.pass}/bin/pass insert -m hledger ${self.coreutils}/bin/cat $tmp | ${self.pass}/bin/pass insert -m hledger
fi fi
${pkgs.coreutils}/bin/rm $tmp ${self.coreutils}/bin/rm $tmp
''; '';
screengrab = pkgs.writeDashBin "screengrab" '' rtl8814au = callPackage ./custom/rtl8814au { kernel = self.linux; };
resolution="$(${pkgs.xorg.xrandr}/bin/xrandr | ${pkgs.gnugrep}/bin/grep '*' | ${pkgs.gawk}/bin/awk '{print $1}')"
${pkgs.ffmpeg}/bin/ffmpeg -f x11grab -r 25 -i :${toString config.services.xserver.display} -s $resolution -c:v huffyuv $1
'';
};
} }
// mapAttrs (_: flip callPackage {})
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
(subdirsOf ./.))

42
lass/5pkgs/xephyrify/default.nix Normal file
View File

@ -0,0 +1,42 @@
{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }:
let
minimalXmonad = writeHaskell "minimalXmonad" {
executables.xmonad = {
extra-depends = [
"containers"
"xmonad"
];
text = /* haskell */ ''
module Main where
import XMonad
import qualified Data.Map as Map
main :: IO ()
main = do
xmonad def
{ workspaces = [ "1" ]
, layoutHook = myLayoutHook
, keys = myKeys
, normalBorderColor = "#000000"
, focusedBorderColor = "#000000"
}
myLayoutHook = Full
myKeys _ = Map.fromList []
'';
};
};
in writeDashBin "xephyrify" ''
NDISPLAY=:$(${coreutils}/bin/shuf -i 100-65536 -n 1)
echo "using DISPLAY $NDISPLAY"
${xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable $NDISPLAY &
XEPHYR_PID=$!
DISPLAY=$NDISPLAY ${minimalXmonad}/bin/xmonad &
XMONAD_PID=$!
DISPLAY=$NDISPLAY ${virtualgl}/bin/vglrun "$@"
kill $XMONAD_PID
kill $XEPHYR_PID
''

4
lass/default.nix
View File

@ -1,9 +1,9 @@
_: { pkgs, ... }:
{ {
imports = [ imports = [
../krebs ../krebs
./2configs ./2configs
./3modules ./3modules
./5pkgs
]; ];
nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
} }

6
lass/source.nix
View File

@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let
then "buildbot" then "buildbot"
else "lass"; else "lass";
_file = <stockholm> + "/lass/1systems/${name}/source.nix"; _file = <stockholm> + "/lass/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -17,6 +22,7 @@ in
}; };
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
override override
] ]

115
lib/types.nix
View File

@ -2,7 +2,7 @@
let let
inherit (lib) inherit (lib)
all any concatMapStringsSep concatStringsSep const filter flip all any attrNames concatMapStringsSep concatStringsSep const filter flip
genid hasSuffix head isInt isString length mergeOneOption mkOption genid hasSuffix head isInt isString length mergeOneOption mkOption
mkOptionType optional optionalAttrs optionals range splitString mkOptionType optional optionalAttrs optionals range splitString
stringLength substring test testString typeOf; stringLength substring test testString typeOf;
@ -231,90 +231,93 @@ rec {
source = submodule ({ config, ... }: { source = submodule ({ config, ... }: {
options = { options = {
type = let type = let
types = [ known-types = attrNames source-types;
"file" type-candidates = filter (k: config.${k} != null) known-types;
"git"
"pass"
"symlink"
];
in mkOption { in mkOption {
type = enum types; default = if length type-candidates == 1
default = let then head type-candidates
cands = filter (k: config.${k} != null) types; else throw "cannot determine type";
in type = enum known-types;
if length cands == 1
then head cands
else throw "cannot determine type";
}; };
file = let file = mkOption {
file-path = (file-source.getSubOptions "FIXME").path.type;
in mkOption {
type = nullOr (either file-source file-path);
default = null;
apply = x: apply = x:
if file-path.check x if absolute-pathname.check x
then { path = x; } then { path = x; }
else x; else x;
default = null;
type = nullOr (either absolute-pathname source-types.file);
}; };
git = mkOption { git = mkOption {
type = nullOr git-source;
default = null; default = null;
type = nullOr source-types.git;
}; };
pass = mkOption { pass = mkOption {
type = nullOr pass-source;
default = null; default = null;
type = nullOr source-types.pass;
}; };
symlink = let pipe = mkOption {
symlink-target = (symlink-source.getSubOptions "FIXME").target.type; apply = x:
in mkOption { if absolute-pathname.check x
type = nullOr (either symlink-source symlink-target); then { command = x; }
else x;
default = null;
type = nullOr (either absolute-pathname source-types.pipe);
};
symlink = mkOption {
type = nullOr (either pathname source-types.symlink);
default = null; default = null;
apply = x: apply = x:
if symlink-target.check x if pathname.check x
then { target = x; } then { target = x; }
else x; else x;
}; };
}; };
}); });
file-source = submodule { source-types = {
options = { file = submodule {
path = mkOption { options = {
type = absolute-pathname; path = mkOption {
type = absolute-pathname;
};
}; };
}; };
}; git = submodule {
options = {
git-source = submodule { ref = mkOption {
options = { type = str; # TODO types.git.ref
ref = mkOption { };
type = str; # TODO types.git.ref url = mkOption {
}; type = str; # TODO types.git.url
url = mkOption { };
type = str; # TODO types.git.url
}; };
}; };
}; pass = submodule {
options = {
pass-source = submodule { dir = mkOption {
options = { type = absolute-pathname;
dir = mkOption { };
type = absolute-pathname; name = mkOption {
}; type = pathname; # TODO relative-pathname
name = mkOption { };
type = pathname; # TODO relative-pathname
}; };
}; };
}; pipe = submodule {
options = {
symlink-source = submodule { command = mkOption {
options = { type = absolute-pathname;
target = mkOption { };
type = pathname; # TODO relative-pathname };
};
symlink = submodule {
options = {
target = mkOption {
type = pathname; # TODO relative-pathname
};
}; };
}; };
};
};
suffixed-str = suffs: suffixed-str = suffs:
mkOptionType { mkOptionType {

50
makefu/2configs/deployment/owncloud.nix
View File

@ -1,6 +1,18 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
with lib; with lib;
# imperative in config.php:
# #local memcache:
# 'memcache.local' => '\\OC\\Memcache\\APCu',
# #local locking:
# 'memcache.locking' => '\\OC\\Memcache\\Redis',
# 'redis' =>
# array (
# 'host' => 'localhost',
# 'port' => 6379,
# ),
let let
# TODO: copy-paste from lass/2/websites/util.nix # TODO: copy-paste from lass/2/websites/util.nix
serveCloud = domains: serveCloud = domains:
@ -124,20 +136,48 @@ let
env[PATH] = ${lib.makeBinPath [ pkgs.php ]} env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
catch_workers_output = yes catch_workers_output = yes
''; '';
services.phpfpm.phpOptions = ''
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
display_errors = on
display_startup_errors = on
always_populate_raw_post_data = -1
error_reporting = E_ALL | E_STRICT
html_errors = On
date.timezone = "Europe/Berlin"
# extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so
extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
'';
}; };
in { in {
imports = [ imports = [
( serveCloud [ "o.euer.krebsco.de" ] ) ( serveCloud [ "o.euer.krebsco.de" ] )
]; ];
services.mysql = { # TODO: currently nextcloud uses sqlite services.redis.enable = true;
services.mysql = {
enable = false; enable = false;
package = pkgs.mariadb; package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path; rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
}; initialDatabases = [
services.mysqlBackup = { # Or use writeText instead of literalExample?
enable = false; #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
databases = [ "nextcloud" ]; {
name = "nextcloud";
schema = pkgs.writeText "nextcloud.sql"
''
create user if not exists 'nextcloud'@'localhost' identified by 'password';
grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
'';
}
];
}; };
# dataDir is only defined after mysql is enabled # dataDir is only defined after mysql is enabled
# krebs.secret.files.mysql_rootPassword = { # krebs.secret.files.mysql_rootPassword = {

6
makefu/source.nix
View File

@ -13,6 +13,11 @@ let
then "buildbot" then "buildbot"
else "makefu"; else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
# TODO: automate updating of this ref + cherry-picks # TODO: automate updating of this ref + cherry-picks
ref = "51810e0"; # nixos-17.09 @ 2018-02-14 ref = "51810e0"; # nixos-17.09 @ 2018-02-14
# + do_sqlite3 ruby: 55a952be5b5 # + do_sqlite3 ruby: 55a952be5b5
@ -42,6 +47,7 @@ in
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
(mkIf ( musnix ) { (mkIf ( musnix ) {
musnix.git = { musnix.git = {

6
mv/source.nix
View File

@ -4,6 +4,11 @@ host@{ name, override ? {} }: let
then "buildbot" then "buildbot"
else "mv"; else "mv";
_file = <stockholm> + "/mv/1systems/${name}/source.nix"; _file = <stockholm> + "/mv/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -18,6 +23,7 @@ in
mv = "/home/mv/secrets/${name}"; mv = "/home/mv/secrets/${name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
override override
] ]

6
nin/source.nix
View File

@ -4,6 +4,11 @@ host@{ name, secure ? false }: let
then "buildbot" then "buildbot"
else "nin"; else "nin";
_file = <stockholm> + "/nin/1systems/${name}/source.nix"; _file = <stockholm> + "/nin/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) { evalSource (toString _file) {
nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix";
@ -12,5 +17,6 @@ in
nin = "/home/nin/secrets/${name}"; nin = "/home/nin/secrets/${name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs; nixpkgs = (import <stockholm/krebs/source.nix> host).nixpkgs;
} }

3
tv/2configs/gitrepos.nix
View File

@ -42,6 +42,9 @@ let {
kirk = { kirk = {
cgit.desc = "IRC tools"; cgit.desc = "IRC tools";
}; };
kops = {
cgit.desc = "deployment tools";
};
load-env = {}; load-env = {};
loldns = { loldns = {
cgit.desc = "toy DNS server"; cgit.desc = "toy DNS server";

6
tv/source.nix
View File

@ -6,6 +6,11 @@ with import <stockholm/lib>;
}@host: let }@host: let
builder = if dummy_secrets then "buildbot" else "tv"; builder = if dummy_secrets then "buildbot" else "tv";
_file = <stockholm> + "/tv/1systems/${name}/source.nix"; _file = <stockholm> + "/tv/1systems/${name}/source.nix";
pkgs = import <nixpkgs> {
overlays = map import [
<stockholm/krebs/5pkgs>
];
};
in in
evalSource (toString _file) [ evalSource (toString _file) [
{ {
@ -20,6 +25,7 @@ in
tv = "/home/tv/secrets/${name}"; tv = "/home/tv/secrets/${name}";
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
} }
(mkIf (builder == "tv") { (mkIf (builder == "tv") {
secrets-common.file = "/home/tv/secrets/common"; secrets-common.file = "/home/tv/secrets/common";