Merge remote-tracking branch 'prism/master'

This commit is contained in:
tv 2022-06-28 22:45:06 +02:00
commit 87ca8682ce
6 changed files with 72 additions and 18 deletions

View File

@ -102,6 +102,7 @@ let
imp = lib.mkMerge [
{ krebs = import ./external { inherit config; }; }
{ krebs = import ./external/dbalan.nix { inherit config; }; }
{ krebs = import ./external/kmein.nix { inherit config; }; }
{ krebs = import ./external/mic92.nix { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }

50
krebs/3modules/external/dbalan.nix vendored Normal file
View File

@ -0,0 +1,50 @@
with import <stockholm/lib>;
{ config, ... }:
let
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
owner = config.krebs.users.dbalan;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum = {
ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
};
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill = {
ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
};
});
in
{
users = rec {
dbalan = {
mail = "dbalan@thaum.space";
pubkey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAiWF+U3VHNfp1IPU0/TWhMioxJvmoyG1AMZMvnQjy5QAAAABHNzaDo= dj@v60";
};
};
hosts = mapAttrs hostDefaults {
v60 = {
nets.retiolum = {
aliases = [ "v60.dbalan.r" ];
ip4.addr = "10.243.42.12";
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAxVRxcCWfjLu9cNo5ELfXyuwhpJBSfod5f9JkclSpydVHaQBfeVC6
RKfdknQVL6RXiCMFsSAvCvmnIohmpUCbiQWu29P/g0jzQZZ7zNx5L7JHy18x9qAr
1scu7FRdVErVuWKXXNt0+j45dA+u5HE6RLsjAHGYtQbAr21VLyLF3qq11IWNrFYU
uqSnM/ZPbOPPHLS8XtsQRdJ2cOkccSCO4W6xBar92aPFuDImH60VuxMFEKYWY2bz
p6q0K0rtRqW1qANTV62SUDeA1wMPlSmvnMFY7qesSLk6tJjJ02HwwiOvK2ov1/Rm
bpwcrqrrbUxbCaZC6t7pBBxUOZlGfnO3woZQm63+4TEw/YDHhxD0HbhH88Wc+eHy
I73tuL1oc01JxL131bJV6jcHG7LrG7wTsTdDaZpjbH54adJP47QpTMb0ggsx2WkD
mpxFFSnTZL7ghZO5NGPvidTBp+wJiSOv5igAjA72CvjR3tOF4d5Lsq4JsQeCStjA
OPrIrN0AnJRg2IFDXZEGwTS9AbLWX147O9VrNimLzezOylH4Eihn7GUJ5KLIPjLy
AvsgIYljoJuhGbM8QoWlakwqOndMeoqhz52ORZ5CDgfybJJEbyrYF8gYFVNJOzds
9gy/F+27TwfjMgcheN2+ogJp+lD754aCF0EJMwaK8ElzQLqAzbBRGAsCAwEAAQ==
-----END RSA PUBLIC KEY-----
'';
tinc.pubkey_ed25519 = "dcPFpCG94cq1KHD4TH9WgOl9fpc1589YvWkmnkEZcSC";
};
};
};
}

View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060",
"date": "2022-05-24T17:55:48+02:00",
"path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs",
"sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3",
"rev": "f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5",
"date": "2022-06-26T12:26:21+02:00",
"path": "/nix/store/d7wgj3chybniji4l6z73a0gh67hxym3b-nixpkgs",
"sha256": "1z28a3gqbv62sxahlssc5a722kh46f26f5ss3arbxpv7a1272vf1",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "d1086907f56c5a6c33c0c2e8dc9f42ef6988294f",
"date": "2022-05-28T12:29:49+02:00",
"path": "/nix/store/56gsa390lyiik6jdapnj98a2ww8af8ig-nixpkgs",
"sha256": "009dc0njvdn5pzcyd8bp4sc9byf70w4msdkv6q2zfdlnh36im1jl",
"rev": "cd90e773eae83ba7733d2377b6cdf84d45558780",
"date": "2022-06-26T19:49:46+02:00",
"path": "/nix/store/bmaf6x4yxcsvs5wp4rayvai4lw7g6snr-nixpkgs",
"sha256": "1b2wn1ncx9x4651vfcgyqrm93pd7ghnrgqjbkf6ckkpidah69m03",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

View File

@ -10,8 +10,7 @@
${write_to_irc} "$(echo "$INPUT" | jq -r '
"\(.action): " +
"[\(.issue.title // .pull_request.title)] " +
"\(.comment.html_url // .issue.html_url // .pull_request.html_url) " +
"by \(.comment.user.login // .issue.user.login // .pull_request.user.login)"
"\(.comment.html_url // .issue.html_url // .pull_request.html_url) "
')"
fi
'';
@ -58,16 +57,16 @@ in {
case "$Method $Request_URI" in
"POST /")
payload=$(head -c "$req_content_length")
echo "$payload" >&2
raw=$(printf '%s' "$payload" | ${pkgs.curl}/bin/curl --data-binary @- http://p.krebsco.de | tail -1)
payload2=$payload
payload2=$(echo "$payload" | tr '\n' ' ' | tr -d '\r')
payload2=$(printf '%s' "$payload" | tr '\n' ' ' | tr -d '\r')
if [ "$payload" != "$payload2" ]; then
echo "payload has been mangled" >&2
else
echo "payload not mangled" >&2
fi
echo "$payload2" > /tmp/last_fysi_payload
echo "$payload2" | ${format-github-message}/bin/format-github-message
${write_to_irc} "$raw"
printf 'HTTP/1.1 200 OK\r\n'
printf 'Connection: close\r\n'
printf '\r\n'

View File

@ -37,18 +37,22 @@
in {
deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeCommand "deploy" {
deploy = { target ? "root@${name}/var/src", offline ? false }: pkgs.krops.writeCommand "deploy" {
command = targetPath: ''
set -fu
set -xfu
outDir=$(mktemp -d)
trap "rm -rf $outDir;" INT TERM EXIT
nix build \
build=$(command -v nom-build || echo "nix-build")
$build \
-I "${targetPath}" \
-f '<nixpkgs/nixos>' config.system.build.toplevel \
-o "$outDir/out"
'<nixpkgs/nixos>' -A config.system.build.toplevel \
-o "$outDir/out" \
${lib.optionalString offline "--option substitute false"} \
# -vvvvv --show-trace
nix-env -p /nix/var/nix/profiles/system --set "$outDir/out"