diff --git a/Makefile b/Makefile index cab53d52a..e35aa89bc 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ export STOCKHOLM_VERSION ?= $(shell \ system ?= $(HOSTNAME) $(if $(system),,$(error unbound variable: system)) -nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix +nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system)/config.nix ifneq ($(words $(wildcard $(nixos-config))),1) $(error bad nixos-config: $(nixos-config)) endif diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 976d378f9..904deb164 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -14,16 +14,9 @@ with import ; default = "/nix/var/nix/profiles/system"; }; - source = mkOption { - type = types.attrsOf types.source; - default = {}; - }; - # TODO deprecate krebs.build.user user = mkOption { type = types.user; }; }; - - config.krebs.build.source.stockholm.file = mkDefault (toString ); } diff --git a/lib/default.nix b/lib/default.nix index 803a614a1..4c54f60aa 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,9 @@ let nixpkgs-lib = import ; lib = with lib; nixpkgs-lib // builtins // { + + evalSource = import ./eval-source.nix; + git = import ./git.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; diff --git a/lib/eval-source.nix b/lib/eval-source.nix new file mode 100644 index 000000000..de5f0b43c --- /dev/null +++ b/lib/eval-source.nix @@ -0,0 +1,17 @@ +with import ; +let + eval = _file: source: evalModules { + modules = singleton { + inherit _file; + options.source = mkOption { + type = types.attrsOf types.source; + default = {}; + }; + config = { + inherit source; + }; + }; + }; +in + # This function's return value can be used as pkgs.populate input. + _file: source: (eval _file source).config.source diff --git a/shell.nix b/shell.nix index e0c60e330..57957f823 100644 --- a/shell.nix +++ b/shell.nix @@ -43,9 +43,11 @@ let ''; init.env = pkgs.writeText "init.env" /* sh */ '' - config=''${config-$LOGNAME/1systems/$system.nix} + config=''${config-$LOGNAME/1systems/$system/config.nix} + source=''${source-$LOGNAME/1systems/$system/source.nix} export config + export source export system export target @@ -92,7 +94,7 @@ let --show-trace \ --strict \ -I nixos-config="$config" \ - -E 'with import ; config.krebs.build.source') + "$source") echo $_source | ${pkgs.populate}/bin/populate \ "$target_user@$target_host:$target_port$target_path" \ diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus/config.nix similarity index 92% rename from tv/1systems/alnus.nix rename to tv/1systems/alnus/config.nix index ef2a0500f..d08a2901b 100644 --- a/tv/1systems/alnus.nix +++ b/tv/1systems/alnus/config.nix @@ -4,10 +4,10 @@ with import ; { imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/retiolum.nix + + + + ]; # TODO remove non-hardware stuff from ../2configs/hw/x220.nix diff --git a/tv/1systems/alnus/source.nix b/tv/1systems/alnus/source.nix new file mode 100644 index 000000000..f9dcefee6 --- /dev/null +++ b/tv/1systems/alnus/source.nix @@ -0,0 +1,3 @@ +import { + name = "alnus"; +} diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi/config.nix similarity index 73% rename from tv/1systems/caxi.nix rename to tv/1systems/caxi/config.nix index 59f3cd63a..b136d1ade 100644 --- a/tv/1systems/caxi.nix +++ b/tv/1systems/caxi/config.nix @@ -6,10 +6,10 @@ with import ; krebs.build.host = config.krebs.hosts.caxi; imports = [ - ../. - ../2configs/hw/CAC-Developer-1.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/retiolum.nix + + + + ]; networking = let diff --git a/tv/1systems/caxi/source.nix b/tv/1systems/caxi/source.nix new file mode 100644 index 000000000..bc875b768 --- /dev/null +++ b/tv/1systems/caxi/source.nix @@ -0,0 +1,3 @@ +import { + name = "caxi"; +} diff --git a/tv/1systems/cd.nix b/tv/1systems/cd/config.nix similarity index 71% rename from tv/1systems/cd.nix rename to tv/1systems/cd/config.nix index 9f2cec574..f78bcafeb 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd/config.nix @@ -6,11 +6,11 @@ with import ; krebs.build.host = config.krebs.hosts.cd; imports = [ - ../. - ../2configs/hw/CAC-Developer-2.nix - ../2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/exim-smarthost.nix - ../2configs/retiolum.nix + + + + + ]; networking = { diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix new file mode 100644 index 000000000..019e8bc22 --- /dev/null +++ b/tv/1systems/cd/source.nix @@ -0,0 +1,3 @@ +import { + name = "cd"; +} diff --git a/tv/1systems/mu.nix b/tv/1systems/mu/config.nix similarity index 95% rename from tv/1systems/mu.nix rename to tv/1systems/mu/config.nix index 3f3b2c2f4..239f333b5 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu/config.nix @@ -4,11 +4,11 @@ with import ; { imports = [ - ../../krebs - ../2configs - ../3modules - ../2configs/exim-retiolum.nix - ../2configs/retiolum.nix + + + + + ]; krebs.build.host = config.krebs.hosts.mu; diff --git a/tv/1systems/mu/source.nix b/tv/1systems/mu/source.nix new file mode 100644 index 000000000..7e148cf36 --- /dev/null +++ b/tv/1systems/mu/source.nix @@ -0,0 +1,3 @@ +import { + name = "mu"; +} diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic/config.nix similarity index 77% rename from tv/1systems/nomic.nix rename to tv/1systems/nomic/config.nix index 9b9502254..d0144986b 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic/config.nix @@ -6,16 +6,16 @@ with import ; krebs.build.host = config.krebs.hosts.nomic; imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/im.nix - ../2configs/mail-client.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver + + + + + + + + + + ]; boot.initrd.luks = { diff --git a/tv/1systems/nomic/source.nix b/tv/1systems/nomic/source.nix new file mode 100644 index 000000000..f173b65a6 --- /dev/null +++ b/tv/1systems/nomic/source.nix @@ -0,0 +1,4 @@ +import { + name = "nomic"; + secure = true; +} diff --git a/tv/1systems/test/source.nix b/tv/1systems/test/source.nix new file mode 100644 index 000000000..f756b8586 --- /dev/null +++ b/tv/1systems/test/source.nix @@ -0,0 +1,3 @@ +import { + name = "test"; +} diff --git a/tv/1systems/wu.nix b/tv/1systems/wu/config.nix similarity index 88% rename from tv/1systems/wu.nix rename to tv/1systems/wu/config.nix index 4b3bf8538..5b2542acd 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu/config.nix @@ -6,17 +6,17 @@ with import ; krebs.build.host = config.krebs.hosts.wu; imports = [ - ../. - ../2configs/hw/w110er.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/im.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver + + + + + + + + + + + { environment.systemPackages = with pkgs; [ # root diff --git a/tv/1systems/wu/source.nix b/tv/1systems/wu/source.nix new file mode 100644 index 000000000..2e9cdeb8a --- /dev/null +++ b/tv/1systems/wu/source.nix @@ -0,0 +1,4 @@ +import { + name = "wu"; + secure = true; +} diff --git a/tv/1systems/xu.nix b/tv/1systems/xu/config.nix similarity index 86% rename from tv/1systems/xu.nix rename to tv/1systems/xu/config.nix index d82f45ac0..2bffdddb3 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu/config.nix @@ -6,18 +6,18 @@ with import ; krebs.build.host = config.krebs.hosts.xu; imports = [ - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitconfig.nix - ../2configs/gitrepos.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/binary-cache - ../2configs/xserver + + + + + + + + + + + + { environment.systemPackages = with pkgs; [ diff --git a/tv/1systems/xu/source.nix b/tv/1systems/xu/source.nix new file mode 100644 index 000000000..46e1aee90 --- /dev/null +++ b/tv/1systems/xu/source.nix @@ -0,0 +1,4 @@ +import { + name = "xu"; + secure = true; +} diff --git a/tv/1systems/zu.nix b/tv/1systems/zu/config.nix similarity index 88% rename from tv/1systems/zu.nix rename to tv/1systems/zu/config.nix index 4fae3ca75..d2aab8c51 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu/config.nix @@ -12,16 +12,16 @@ with import ; default = {}; }; } - ../. - ../2configs/hw/x220.nix - ../2configs/exim-retiolum.nix - ../2configs/gitrepos.nix - ../2configs/mail-client.nix - ../2configs/man.nix - ../2configs/nginx/public_html.nix - ../2configs/pulse.nix - ../2configs/retiolum.nix - ../2configs/xserver + + + + + + + + + + { environment.systemPackages = with pkgs; [ diff --git a/tv/1systems/zu/source.nix b/tv/1systems/zu/source.nix new file mode 100644 index 000000000..7a5c4f523 --- /dev/null +++ b/tv/1systems/zu/source.nix @@ -0,0 +1,4 @@ +import { + name = "zu"; + secure = true; +} diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 3d95d6dee..07496fd1f 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -6,23 +6,7 @@ with import ; in { krebs.enable = true; - krebs.build = { - user = config.krebs.users.tv; - source = let inherit (config.krebs.build) host; in { - nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = getAttr builder { - buildbot = toString ; - tv = "/home/tv/secrets/${host.name}"; - }; - secrets-common.file = "/home/tv/secrets/common"; - nixpkgs.git = { - url = https://github.com/NixOS/nixpkgs; - ref = "057f89b9344e5341796046f25ae4f269be6d4529"; # nixos-17.03 - }; - } // optionalAttrs host.secure { - secrets-master.file = "/home/tv/secrets/master"; - }; - }; + krebs.build.user = config.krebs.users.tv; networking.hostName = config.krebs.build.host.name; diff --git a/tv/source.nix b/tv/source.nix new file mode 100644 index 000000000..7306cd954 --- /dev/null +++ b/tv/source.nix @@ -0,0 +1,22 @@ +with import ; +host@{ name, secure ? false }: let + builder = if getEnv "dummy_secrets" == "true" + then "buildbot" + else "tv"; + _file = + "/tv/1systems/${name}/source.nix"; +in + evalSource (toString _file) { + nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix"; + secrets.file = getAttr builder { + buildbot = toString ; + tv = "/home/tv/secrets/${name}"; + }; + stockholm.file = toString ; + secrets-common.file = "/home/tv/secrets/common"; + nixpkgs.git = { + url = https://github.com/NixOS/nixpkgs; + ref = "1b57bf274ae5c76e91b2b264d8aa8bfcecb72102"; # nixos-17.03 + }; + } // optionalAttrs secure { + secrets-master.file = "/home/tv/secrets/master"; + }