Merge remote-tracking branch 'ni/master'
This commit is contained in:
lassulus
commit
821e59baca
@ -32,52 +32,6 @@ with import <stockholm/lib>;
|
|||||||
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
ssh.privkey.path = <secrets/ssh.id_rsa>;
|
||||||
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
|
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
|
||||||
};
|
};
|
||||||
cd = {
|
|
||||||
ci = true;
|
|
||||||
cores = 2;
|
|
||||||
extraZones = {
|
|
||||||
# TODO generate krebsco.de zone from nets and don't use extraZones at all
|
|
||||||
"krebsco.de" = ''
|
|
||||||
cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
nets = {
|
|
||||||
internet = {
|
|
||||||
ip4.addr = "45.62.237.203";
|
|
||||||
aliases = [
|
|
||||||
"cd.i"
|
|
||||||
"cd.krebsco.de"
|
|
||||||
];
|
|
||||||
ssh.port = 11423;
|
|
||||||
};
|
|
||||||
retiolum = {
|
|
||||||
via = config.krebs.hosts.cd.nets.internet;
|
|
||||||
ip4.addr = "10.243.113.222";
|
|
||||||
ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3";
|
|
||||||
aliases = [
|
|
||||||
"cd.r"
|
|
||||||
"cgit.cd.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ
|
|
||||||
rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4
|
|
||||||
e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN
|
|
||||||
sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v
|
|
||||||
CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0
|
|
||||||
PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V
|
|
||||||
LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk
|
|
||||||
DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW
|
|
||||||
ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK
|
|
||||||
jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5
|
|
||||||
Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
|
||||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
|
|
||||||
};
|
|
||||||
ju = {
|
ju = {
|
||||||
external = true;
|
external = true;
|
||||||
nets = {
|
nets = {
|
||||||
|
|||||||
@ -13,6 +13,7 @@ opt-spec: cmd-spec: let
|
|||||||
opts = mapAttrs (name: value: value // rec {
|
opts = mapAttrs (name: value: value // rec {
|
||||||
long = value.long or (replaceStrings ["_"] ["-"] name);
|
long = value.long or (replaceStrings ["_"] ["-"] name);
|
||||||
ref = value.ref or "\"\$${varname}\"";
|
ref = value.ref or "\"\$${varname}\"";
|
||||||
|
short = value.short or null;
|
||||||
switch = value.switch or false;
|
switch = value.switch or false;
|
||||||
varname = value.varname or (replaceStrings ["-"] ["_"] name);
|
varname = value.varname or (replaceStrings ["-"] ["_"] name);
|
||||||
}) opt-spec;
|
}) opt-spec;
|
||||||
@ -43,11 +44,17 @@ in writeDash wrapper-name ''
|
|||||||
'') opts)}
|
'') opts)}
|
||||||
|
|
||||||
args=$(${utillinux}/bin/getopt \
|
args=$(${utillinux}/bin/getopt \
|
||||||
|
-l ${shell.escape
|
||||||
|
(concatMapStringsSep ","
|
||||||
|
(opt: opt.long + optionalString (!opt.switch) ":")
|
||||||
|
(filter (opt: opt.long != null)
|
||||||
|
(attrValues opts)))} \
|
||||||
-n "$wrapper_name" \
|
-n "$wrapper_name" \
|
||||||
-o "" \
|
-o ${shell.escape
|
||||||
-l ${concatMapStringsSep ","
|
(concatMapStringsSep ""
|
||||||
(opt: opt.long + optionalString (!opt.switch) ":")
|
(opt: opt.short + optionalString (!opt.switch) ":")
|
||||||
(attrValues opts)} \
|
(filter (opt: opt.short != null)
|
||||||
|
(attrValues opts)))} \
|
||||||
-s sh \
|
-s sh \
|
||||||
-- "$@")
|
-- "$@")
|
||||||
if \test $? != 0; then exit 1; fi
|
if \test $? != 0; then exit 1; fi
|
||||||
@ -56,7 +63,10 @@ in writeDash wrapper-name ''
|
|||||||
while :; do
|
while :; do
|
||||||
case $1 in
|
case $1 in
|
||||||
${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ ''
|
${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ ''
|
||||||
--${opt.long})
|
(${concatMapStringsSep "|" shell.escape (filter (x: x != "") [
|
||||||
|
(optionalString (opt.long != null) "--${opt.long}")
|
||||||
|
(optionalString (opt.short != null) "-${opt.short}")
|
||||||
|
])})
|
||||||
${if opt.switch then /* sh */ ''
|
${if opt.switch then /* sh */ ''
|
||||||
${opt.varname}=true
|
${opt.varname}=true
|
||||||
shift
|
shift
|
||||||
@ -65,7 +75,9 @@ in writeDash wrapper-name ''
|
|||||||
shift 2
|
shift 2
|
||||||
''}
|
''}
|
||||||
;;
|
;;
|
||||||
'') opts)}
|
'') (filterAttrs
|
||||||
|
(_: opt: opt.long != null || opt.short != null)
|
||||||
|
opts))}
|
||||||
--)
|
--)
|
||||||
shift
|
shift
|
||||||
break
|
break
|
||||||
@ -102,5 +114,5 @@ in writeDash wrapper-name ''
|
|||||||
export ${opt.varname}
|
export ${opt.varname}
|
||||||
'') opts)}
|
'') opts)}
|
||||||
|
|
||||||
${cmd-script}
|
${cmd-script} "$@"
|
||||||
''
|
''
|
||||||
|
|||||||
@ -7,10 +7,13 @@ rec {
|
|||||||
let
|
let
|
||||||
isSafeChar = testString "[-+./0-9:=A-Z_a-z]";
|
isSafeChar = testString "[-+./0-9:=A-Z_a-z]";
|
||||||
in
|
in
|
||||||
stringAsChars (c:
|
x:
|
||||||
if isSafeChar c then c
|
if x == "" then "''"
|
||||||
else if c == "\n" then "'\n'"
|
else stringAsChars (c:
|
||||||
else "\\${c}");
|
if isSafeChar c then c
|
||||||
|
else if c == "\n" then "'\n'"
|
||||||
|
else "\\${c}"
|
||||||
|
) x;
|
||||||
|
|
||||||
#
|
#
|
||||||
# shell script generators
|
# shell script generators
|
||||||
|
|||||||
20
shell.nix
20
shell.nix
@ -111,19 +111,13 @@ let
|
|||||||
|
|
||||||
# usage: parse-target [--default=TARGET] TARGET
|
# usage: parse-target [--default=TARGET] TARGET
|
||||||
# TARGET = [USER@]HOST[:PORT][/PATH]
|
# TARGET = [USER@]HOST[:PORT][/PATH]
|
||||||
cmds.parse-target = pkgs.writeDash "cmds.parse-target" ''
|
cmds.parse-target = pkgs.withGetopt {
|
||||||
|
default_target = {
|
||||||
|
long = "default";
|
||||||
|
short = "d";
|
||||||
|
};
|
||||||
|
} (opts: pkgs.writeDash "cmds.parse-target" ''
|
||||||
set -efu
|
set -efu
|
||||||
args=$(${pkgs.utillinux}/bin/getopt -n "$0" -s sh \
|
|
||||||
-o d: \
|
|
||||||
-l default: \
|
|
||||||
-- "$@")
|
|
||||||
if \test $? != 0; then exit 1; fi
|
|
||||||
eval set -- "$args"
|
|
||||||
default_target=
|
|
||||||
while :; do case $1 in
|
|
||||||
-d|--default) default_target=$2; shift 2;;
|
|
||||||
--) shift; break;;
|
|
||||||
esac; done
|
|
||||||
target=$1; shift
|
target=$1; shift
|
||||||
for arg; do echo "$0: bad argument: $arg" >&2; done
|
for arg; do echo "$0: bad argument: $arg" >&2; done
|
||||||
if \test $# != 0; then exit 2; fi
|
if \test $# != 0; then exit 2; fi
|
||||||
@ -142,7 +136,7 @@ let
|
|||||||
($default_target | parse) + ($target | parse | sanitize) |
|
($default_target | parse) + ($target | parse | sanitize) |
|
||||||
. + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
|
. + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) }
|
||||||
''}
|
''}
|
||||||
'';
|
'');
|
||||||
|
|
||||||
# usage: quote [ARGS...]
|
# usage: quote [ARGS...]
|
||||||
cmds.quote = pkgs.writeDash "cmds.quote" ''
|
cmds.quote = pkgs.writeDash "cmds.quote" ''
|
||||||
|
|||||||
@ -1,35 +0,0 @@
|
|||||||
with import <stockholm/lib>;
|
|
||||||
{ config, pkgs, ... }: let
|
|
||||||
|
|
||||||
bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1";
|
|
||||||
|
|
||||||
in {
|
|
||||||
krebs.build.host = config.krebs.hosts.cd;
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
<stockholm/tv>
|
|
||||||
<stockholm/tv/2configs/hw/CAC-Developer-2.nix>
|
|
||||||
<stockholm/tv/2configs/fs/CAC-CentOS-7-64bit.nix>
|
|
||||||
<stockholm/tv/2configs/exim-smarthost.nix>
|
|
||||||
<stockholm/tv/2configs/retiolum.nix>
|
|
||||||
];
|
|
||||||
|
|
||||||
networking = let
|
|
||||||
address = config.krebs.build.host.nets.internet.ip4.addr;
|
|
||||||
in {
|
|
||||||
defaultGateway = bestGuessGateway address;
|
|
||||||
interfaces.enp2s1.ip4 = singleton {
|
|
||||||
inherit address;
|
|
||||||
prefixLength = 24;
|
|
||||||
};
|
|
||||||
nameservers = ["8.8.8.8"];
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
iftop
|
|
||||||
iotop
|
|
||||||
iptables
|
|
||||||
nethogs
|
|
||||||
tcpdump
|
|
||||||
];
|
|
||||||
}
|
|
||||||
@ -1,3 +0,0 @@
|
|||||||
import <stockholm/tv/source.nix> {
|
|
||||||
name = "cd";
|
|
||||||
}
|
|
||||||
Loading…
Reference in New Issue
Block a user