Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'tv/master'

Browse Source
This commit is contained in:
makefu 2017-02-09 16:45:29 +01:00
commit 8cefb46636
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
29 changed files with 1570 additions and 1892 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
krebs/3modules/default.nix
View File

@ -21,6 +21,7 @@ let
./git.nix
./go.nix
./iptables.nix
./kapacitor.nix
./newsbot-js.nix
./nginx.nix
./nixpkgs.nix

173
krebs/3modules/kapacitor.nix Normal file
View File

@ -0,0 +1,173 @@
{ config, lib, pkgs, ... }:
with builtins;
with import <stockholm/lib>;
let
cfg = config.krebs.kapacitor;
out = {
options.krebs.kapacitor = api;
config = mkIf cfg.enable imp;
};
configOptions = recursiveUpdate {
hostname = "localhost";
data_dir = cfg.dataDir;
http = {
bind-address = ":9092";
auth-enabled = false;
log-enabled = false;
gtgwrite-tracing = false;
pprof-enabled = false;
https-enabled = false;
https-certificate = "/etc/ssl/kapacitor.pem";
shutdown-timeout = "10s";
shared-secret = "";
};
replay ={
dir = "${cfg.dataDir}/replay";
};
storage = {
boltdb = "${cfg.dataDir}/kapacitor.db";
};
task = {
dir = "${cfg.dataDir}/tasks";
snapshot-interval = "1m0s";
};
influxdb = [{
enabled = true;
name = "default";
default = false;
urls = ["http://localhost:8086"];
username = "";
password = "";
ssl-ca = "";
ssl-cert = "";
ssl-key = "";
insecure-skip-verify = false;
timeout = "0s";
disable-subscriptions = false;
subscription-protocol = "http";
udp-bind = "";
udp-buffer = 1000;
udp-read-buffer = 0;
startup-timeout = "5m0s";
subscriptions-sync-interval = "1m0s";
influxdb.excluded-subscriptions = {
_kapacitor = ["autogen"];
};
}];
logging = {
file = "STDERR";
level = "INFO";
};
deadman = {
interval = "10s";
id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'";
message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL.";
global = false;
};
} cfg.extraConfig;
api = {
enable = mkEnableOption "kapacitor";
dataDir = mkOption {
type = types.str;
default = "/var/lib/kapacitor";
};
user = mkOption {
type = types.user;
default = {
name = "kapacitor";
home = cfg.dataDir;
};
};
group = mkOption {
type = types.group;
default = {
name = "kapacitor";
};
};
extraConfig = mkOption {
type = types.attrs;
default = {};
};
alarms = mkOption {
type = with types; attrsOf (submodule {
options = {
database = mkOption {
type = str;
};
text = mkOption {
type = str;
};
};
});
default = {};
};
};
configFile = pkgs.runCommand "kapacitor.toml" {} ''
${pkgs.remarshal}/bin/remarshal -if json -of toml \
< ${pkgs.writeText "kapacitor.json" (builtins.toJSON configOptions)} \
> $out
'';
imp = {
users = {
groups.${cfg.group.name} = {
inherit (cfg.group) name gid;
};
users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
createHome = true;
group = cfg.group.name;
};
};
systemd.services.kapacitor = {
description = "kapacitor";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
User = cfg.user.name;
ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
};
};
systemd.services.kapacitor-alarms = {
description = "kapacitor-alarms";
after = [ "kapacitor.service" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Type = "oneshot";
User = cfg.user.name;
ExecStart = pkgs.writeDash "add_alarms" ''
${pkgs.kapacitor}/bin/kapacitor delete tasks \*
${concatStrings (mapAttrsToList (name: alarm: ''
${pkgs.kapacitor}/bin/kapacitor define ${name} \
-type batch \
-tick ${pkgs.writeText "${name}.tick" alarm.text} \
-dbrp ${alarm.database}.default
${pkgs.kapacitor}/bin/kapacitor enable ${name}
'') cfg.alarms)}
'';
};
};
};
in out

4
krebs/3modules/lass/default.nix
View File

@ -302,7 +302,9 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPgQIMYiyD4/Co+nlOQWEzCKssemOEXAY/lbIZZaMhj";
};
iso = {
cores = 1;
};
};
users = {
lass = {

2
krebs/5pkgs/Reaktor/plugins.nix
View File

@ -118,7 +118,7 @@ rec {
};
url-title = (buildSimpleReaktorPlugin "url-title" {
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)$$";
pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$";
path = with pkgs; [ curl perl ];
script = pkgs.writeDash "lambda-pl" ''
if [ "$#" -gt 0 ]; then

293
krebs/5pkgs/builders.nix
View File

@ -1,293 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
rec {
execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let
in writeC name { inherit destination; } /* c */ ''
#include <unistd.h>
static char *const filename = ${toC filename};
${if argv == null
then /* Propagate arguments */ /* c */ ''
#define MAIN_ARGS int argc, char **argv
''
else /* Provide fixed arguments */ /* c */ ''
#define MAIN_ARGS void
static char *const argv[] = ${toC (argv ++ [null])};
''}
static char *const envp[] = ${toC (
mapAttrsToList (k: v: "${k}=${v}") envp ++ [null]
)};
int main (MAIN_ARGS) {
execve(filename, argv, envp);
return -1;
}
'';
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
makeScriptWriter = interpreter: name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
executable = true;
text = "#! ${interpreter}\n${text}";
};
};
writeBash = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "shellcheck.sh" ''
${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || :
'';
executable = true;
text = "#! ${pkgs.bash}/bin/bash\n${text}";
};
};
writeBashBin = name:
assert types.filename.check name;
pkgs.writeBash "/bin/${name}";
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} /* sh */ ''
PATH=${makeBinPath (with pkgs; [
binutils
coreutils
gcc
])}
src=${pkgs.writeText "${name}.c" src}
exe=$out${destination}
mkdir -p "$(dirname "$exe")"
gcc -O -Wall -o "$exe" $src
strip --strip-unneeded "$exe"
'';
writeDash = makeScriptWriter "${pkgs.dash}/bin/dash";
writeDashBin = name:
assert types.filename.check name;
pkgs.writeDash "/bin/${name}";
writeEximConfig = name: text: pkgs.runCommand name {
inherit text;
passAsFile = [ "text" ];
} /* sh */ ''
# TODO validate exim config even with config.nix.useChroot == true
# currently doing so will fail because "user exim was not found"
#${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null
mv "$textPath" $out
'';
writeOut = name: specs0:
let
writers.link =
{ path
, link
}:
assert path == "" || types.absolute-pathname.check path;
assert types.package.check link;
{
install = /* sh */ ''
${optionalString (dirOf path != "/") /* sh */ ''
${pkgs.coreutils}/bin/mkdir -p $out${dirOf path}
''}
${pkgs.coreutils}/bin/ln -s ${link} $out${path}
'';
};
writers.text =
{ path
, check ? null
, executable ? false
, mode ? if executable then "0755" else "0644"
, text
}:
assert path == "" || types.absolute-pathname.check path;
assert types.bool.check executable;
assert types.file-mode.check mode;
rec {
var = "file_${hashString "sha1" path}";
val = text;
install = /* sh */ ''
${optionalString (check != null) /* sh */ ''
${check} ''$${var}Path
''}
${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path}
'';
};
write = spec: writers.${spec.type} (removeAttrs spec ["type"]);
specs =
mapAttrsToList
(path: spec: let
known-types = [ "link" "text" ];
found-types = attrNames (getAttrs known-types spec);
type = assert length found-types == 1; head found-types;
in spec // { inherit path type; })
specs0;
files = map write specs;
filevars = genAttrs' (filter (hasAttr "var") files)
(spec: nameValuePair spec.var spec.val);
env = filevars // { passAsFile = attrNames filevars; };
in
pkgs.runCommand name env /* sh */ ''
set -efu
${concatMapStringsSep "\n" (getAttr "install") files}
'';
writeHaskell =
k:
let
k' = parseDrvName k;
name = k'.name;
version = if k'.version != "" then k'.version else "0";
in
{ base-depends ? ["base"]
, executables ? {}
, ghc-options ? ["-Wall" "-O3" "-threaded" "-rtsopts"]
, haskellPackages ? pkgs.haskellPackages
, library ? null
, license ? "WTFPL"
}:
let
isExecutable = executables != {};
isLibrary = library != null;
cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ ''
build-type: Simple
cabal-version: >= 1.2
name: ${name}
version: ${version}
${concatStringsSep "\n" (mapAttrsToList exe-section executables)}
${optionalString isLibrary (lib-section library)}
'';
exe-install =
exe-name:
{ file ? pkgs.writeText "${name}-${exe-name}.hs" text
, relpath ? "${exe-name}.hs"
, text
, ... }:
if types.filename.check exe-name
then /* sh */ "install -D ${file} $out/${relpath}"
else throw "argument exe-name is not a ${types.filename.name}";
exe-section =
exe-name:
{ build-depends ? base-depends ++ extra-depends
, extra-depends ? []
, file ? pkgs.writeText "${name}-${exe-name}.hs" text
, relpath ? "${exe-name}.hs"
, text
, ... }: /* cabal */ ''
executable ${exe-name}
build-depends: ${concatStringsSep "," build-depends}
ghc-options: ${toString ghc-options}
main-is: ${relpath}
'';
get-depends =
{ build-depends ? base-depends ++ extra-depends
, extra-depends ? []
, ...
}:
build-depends;
lib-install =
{ exposed-modules
, ... }:
concatStringsSep "\n" (mapAttrsToList mod-install exposed-modules);
lib-section =
{ build-depends ? base-depends ++ extra-depends
, extra-depends ? []
, exposed-modules
, ... }: /* cabal */ ''
library
build-depends: ${concatStringsSep "," build-depends}
ghc-options: ${toString ghc-options}
exposed-modules: ${concatStringsSep "," (attrNames exposed-modules)}
'';
mod-install =
mod-name:
{ file ? pkgs.writeText "${name}-${mod-name}.hs" text
, relpath ? "${replaceStrings ["."] ["/"] mod-name}.hs"
, text
, ... }:
if types.haskell.modid.check mod-name
then /* sh */ "install -D ${file} $out/${relpath}"
else throw "argument mod-name is not a ${types.haskell.modid.name}";
in
haskellPackages.mkDerivation {
inherit isExecutable isLibrary license version;
executableHaskellDepends =
attrVals
(concatMap get-depends (attrValues executables))
haskellPackages;
libraryHaskellDepends =
attrVals
(optionals isLibrary (get-depends library))
haskellPackages;
pname = name;
src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ ''
install -D ${cabal-file} $out/${cabal-file.name}
${optionalString isLibrary (lib-install library)}
${concatStringsSep "\n" (mapAttrsToList exe-install executables)}
'';
};
writeJq = name: src: pkgs.runCommand name {} /* sh */ ''
name=${assert types.filename.check name; name}
src=${shell.escape src}
# syntax check
printf '%s' "$src" > src.jq
${pkgs.jq}/bin/jq -f src.jq < /dev/null
cp src.jq "$out"
'';
writeJSON = name: value: pkgs.writeText name (toJSON value);
writeNixFromCabal =
trace (toString [
"The function `writeNixFromCabal` has been deprecated in favour of"
"`writeHaskell`."
])
(name: path: pkgs.runCommand name {} /* sh */ ''
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
'');
writePython2 = name: src: pkgs.runCommand name {} /* sh */ ''
name=${assert types.filename.check name; name}
src=${shell.escape src}
# syntax check
printf '%s' "$src" > src.py
${pkgs.python2}/bin/python -m py_compile src.py
cp src.py "$out"
'';
writePython3 = name: src: pkgs.runCommand name {} /* sh */ ''
name=${assert types.filename.check name; name}
src=${shell.escape src}
# syntax check
printf '%s' "$src" > src.py
${pkgs.python3}/bin/python -m py_compile src.py
cp src.py "$out"
'';
writeSed = makeScriptWriter "${pkgs.gnused}/bin/sed -f";
}

24
krebs/5pkgs/default.nix
View File

@ -1,13 +1,16 @@
{ config, lib, pkgs, ... }@args:
with import <stockholm/lib>;
{
nixpkgs.config.packageOverrides = pkgs: let
imports = [
./writers.nix
];
nixpkgs.config.packageOverrides = oldpkgs: let
# This callPackage will try to detect obsolete overrides.
callPackage = path: args: let
override = pkgs.callPackage path args;
upstream = optionalAttrs (override ? "name")
(pkgs.${(parseDrvName override.name).name} or {});
(oldpkgs.${(parseDrvName override.name).name} or {});
in if upstream ? "name" &&
override ? "name" &&
compareVersions upstream.name override.name != -1
@ -15,14 +18,13 @@ with import <stockholm/lib>;
else override;
in {}
// import ./builders.nix args
// mapAttrs (_: flip callPackage {})
(filterAttrs (_: dir: pathExists (dir + "/default.nix"))
(subdirsOf ./.))
// {
empty = pkgs.runCommand "empty-1.0.0" {} "mkdir $out";
haskellPackages = pkgs.haskellPackages.override {
haskellPackages = oldpkgs.haskellPackages.override {
overrides = self: super:
mapAttrs (name: path: self.callPackage path {})
(mapAttrs'
@ -45,17 +47,15 @@ with import <stockholm/lib>;
buildbot-worker = callPackage ./buildbot/worker.nix {};
# https://github.com/proot-me/PRoot/issues/106
proot = overrideDerivation pkgs.proot (oldAttrs: {
patches = singleton (pkgs.fetchurl {
url = https://github.com/openmole/PRoot/commit/10119a1f1fd7dea012464ae176c2b5fc3eb18928.diff;
sha256 = "0cmd95mz8p5ifjvfvi4g9zzyxqddbscxin2j3a9zbmbjl2wi458g";
});
});
proot = pkgs.writeDashBin "proot" ''
export PROOT_NO_SECCOMP=1
exec ${oldpkgs.proot}/bin/proot "$@"
'';
# XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d
symlinkJoin = { name, paths, ... }@args: let
x = pkgs.symlinkJoin args;
in if typeOf x != "lambda" then x else pkgs.symlinkJoin name paths;
x = oldpkgs.symlinkJoin args;
in if typeOf x != "lambda" then x else oldpkgs.symlinkJoin name paths;
test = {
infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {};

4
krebs/5pkgs/fortclientsslvpn/default.nix
View File

@ -1,4 +1,4 @@
{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
{ stdenv, lib, fetchurl, gnome3, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
stdenv.mkDerivation rec {
name = "forticlientsslvpn";
@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
];
guiLibPath = lib.makeLibraryPath [
gtk
gnome3.gtk
glib
libSM
gdk_pixbuf

23
krebs/5pkgs/kapacitor/default.nix
View File

@ -1,23 +0,0 @@
{ stdenv, lib, fetchFromGitHub, buildGoPackage }:
buildGoPackage rec {
name = "kapacitor-${version}";
version = "1.0.0";
goPackagePath = "github.com/influxdata/kapacitor";
src = fetchFromGitHub {
owner = "influxdata";
repo = "kapacitor";
rev = "v${version}";
sha256 = "14l9bhj6qdif79s4dyqqbnjgj3m4iarvw0ckld1wdhpdgvl8w9qh";
};
meta = with lib; {
description = "Open source framework for processing, monitoring, and alerting on time series data";
license = licenses.mit;
homepage = https://influxdata.com/time-series-platform/kapacitor/;
maintainers = with maintainers; [offline];
platforms = with platforms; linux;
};
}

1365
krebs/5pkgs/newsbot-js/packages.nix
View File

File diff suppressed because it is too large Load Diff

27
krebs/5pkgs/telegraf/default.nix
View File

@ -1,27 +0,0 @@
{ lib, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
name = "telegraf-${version}";
version = "1.1.2";
goPackagePath = "github.com/influxdata/telegraf";
excludedPackages = "test";
src = fetchFromGitHub {
owner = "influxdata";
repo = "telegraf";
rev = "${version}";
sha256 = "0dgrbdyz261j28wcq636125ha4xmfgh4y9shlg8m1y6jqdqd2zf2";
};
goDeps = ./. + builtins.toPath "/deps-${version}.nix";
meta = with lib; {
description = "The plugin-driven server agent for collecting & reporting metrics.";
license = licenses.mit;
homepage = https://www.influxdata.com/time-series-platform/telegraf/;
maintainers = with maintainers; [ mic92 roblabla ];
platforms = platforms.linux;
};
}

588
krebs/5pkgs/telegraf/deps-1.1.2.nix
View File

@ -1,588 +0,0 @@
# This file was generated by go2nix.
[
{
goPackagePath = "github.com/Shopify/sarama";
fetch = {
type = "git";
url = "https://github.com/Shopify/sarama";
rev = "8aadb476e66ca998f2f6bb3c993e9a2daa3666b9";
sha256 = "1ndaddqcll9r22jg9x36acanxv5ds3xwahrm4b6nmmg06670gksv";
};
}
{
goPackagePath = "github.com/Sirupsen/logrus";
fetch = {
type = "git";
url = "https://github.com/Sirupsen/logrus";
rev = "219c8cb75c258c552e999735be6df753ffc7afdc";
sha256 = "04v55846v1535dplldyjhr0yqxl6n1mr4kiy2vz3ragv92xpshr6";
};
}
{
goPackagePath = "github.com/aerospike/aerospike-client-go";
fetch = {
type = "git";
url = "https://github.com/aerospike/aerospike-client-go";
rev = "7f3a312c3b2a60ac083ec6da296091c52c795c63";
sha256 = "05ancqplckvni9xp6xd4bv2pgkfa4v23svfcg27m8xinzi4ry219";
};
}
{
goPackagePath = "github.com/amir/raidman";
fetch = {
type = "git";
url = "https://github.com/amir/raidman";
rev = "53c1b967405155bfc8758557863bf2e14f814687";
sha256 = "08a6zz4akkm7lk02w53vfhkxdf0ikv32x41rc4jyi2qaf0wyw6b4";
};
}
{
goPackagePath = "github.com/aws/aws-sdk-go";
fetch = {
type = "git";
url = "https://github.com/aws/aws-sdk-go";
rev = "13a12060f716145019378a10e2806c174356b857";
sha256 = "09yl85kk2y4ayk44af5rbnkq4vy82vbh2z5ac4vpl2vgv7zyh46h";
};
}
{
goPackagePath = "github.com/beorn7/perks";
fetch = {
type = "git";
url = "https://github.com/beorn7/perks";
rev = "3ac7bf7a47d159a033b107610db8a1b6575507a4";
sha256 = "1qc3l4r818xpvrhshh1sisc5lvl9479qspcfcdbivdyh0apah83r";
};
}
{
goPackagePath = "github.com/cenkalti/backoff";
fetch = {
type = "git";
url = "https://github.com/cenkalti/backoff";
rev = "4dc77674aceaabba2c7e3da25d4c823edfb73f99";
sha256 = "0icf4vrgzksr0g8h6y00rd92h1mym6waf3mbqpf890bkw60gnm0w";
};
}
{
goPackagePath = "github.com/couchbase/go-couchbase";
fetch = {
type = "git";
url = "https://github.com/couchbase/go-couchbase";
rev = "cb664315a324d87d19c879d9cc67fda6be8c2ac1";
sha256 = "1dfw1apwrlfwl7bahb6dy5g9z2vs431l4lpaj3k9bnm13p0awivr";
};
}
{
goPackagePath = "github.com/couchbase/gomemcached";
fetch = {
type = "git";
url = "https://github.com/couchbase/gomemcached";
rev = "a5ea6356f648fec6ab89add00edd09151455b4b2";
sha256 = "00x57qqdv9ciyxiw2y6p4s65sfgi4cs6zi39qlqlw90nh133xnwi";
};
}
{
goPackagePath = "github.com/couchbase/goutils";
fetch = {
type = "git";
url = "https://github.com/couchbase/goutils";
rev = "5823a0cbaaa9008406021dc5daf80125ea30bba6";
sha256 = "15v5ps2i2y2hczwxs2ci4c2w4p3pn3bl7vc5wlaqnc7i14f9285c";
};
}
{
goPackagePath = "github.com/dancannon/gorethink";
fetch = {
type = "git";
url = "https://github.com/dancannon/gorethink";
rev = "e7cac92ea2bc52638791a021f212145acfedb1fc";
sha256 = "0f9gwsqf93qzvfpdwgam7vcfzrrkcj2s9ms4p056kcyxv9snwq3g";
};
}
{
goPackagePath = "github.com/davecgh/go-spew";
fetch = {
type = "git";
url = "https://github.com/davecgh/go-spew";
rev = "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d";
sha256 = "15h9kl73rdbzlfmsdxp13jja5gs7sknvqkpq2qizq3qv3nr1x8dk";
};
}
{
goPackagePath = "github.com/docker/engine-api";
fetch = {
type = "git";
url = "https://github.com/docker/engine-api";
rev = "8924d6900370b4c7e7984be5adc61f50a80d7537";
sha256 = "1klimc3d1a2vfgl14a7js20ricpghq5jzvh8l46kf87ycjwc0q4n";
};
}
{
goPackagePath = "github.com/docker/go-connections";
fetch = {
type = "git";
url = "https://github.com/docker/go-connections";
rev = "f549a9393d05688dff0992ef3efd8bbe6c628aeb";
sha256 = "0k1yf4bimmwxc0qiz997nagfmddbm8nwb0c1q16387m8lgw1gbwg";
};
}
{
goPackagePath = "github.com/docker/go-units";
fetch = {
type = "git";
url = "https://github.com/docker/go-units";
rev = "5d2041e26a699eaca682e2ea41c8f891e1060444";
sha256 = "0hn8xdbaykp046inc4d2mwig5ir89ighma8hk18dfkm8rh1vvr8i";
};
}
{
goPackagePath = "github.com/eapache/go-resiliency";
fetch = {
type = "git";
url = "https://github.com/eapache/go-resiliency";
rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3";
sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21";
};
}
{
goPackagePath = "github.com/eapache/queue";
fetch = {
type = "git";
url = "https://github.com/eapache/queue";
rev = "ded5959c0d4e360646dc9e9908cff48666781367";
sha256 = "0inclypw0kln8hsn34c5ww34h0qa9fcqwak93lac5dp59rz5430n";
};
}
{
goPackagePath = "github.com/eclipse/paho.mqtt.golang";
fetch = {
type = "git";
url = "https://github.com/eclipse/paho.mqtt.golang";
rev = "0f7a459f04f13a41b7ed752d47944528d4bf9a86";
sha256 = "13l6mrx9z859r4r7kpa9rsbf4ni7dn6xgz8iyv2xnz53pqffanjh";
};
}
{
goPackagePath = "github.com/go-sql-driver/mysql";
fetch = {
type = "git";
url = "https://github.com/go-sql-driver/mysql";
rev = "1fca743146605a172a266e1654e01e5cd5669bee";
sha256 = "02vbq8j4r3skg3fmiv1wvjqh1542dr515w8f3d42b5lpwc1fsn38";
};
}
{
goPackagePath = "github.com/gobwas/glob";
fetch = {
type = "git";
url = "https://github.com/gobwas/glob";
rev = "49571a1557cd20e6a2410adc6421f85b66c730b5";
sha256 = "16j7pdxajqrl20a737p7kgsngr2f7gkkpgqxxmfkrmgckgkc8cvk";
};
}
{
goPackagePath = "github.com/golang/protobuf";
fetch = {
type = "git";
url = "https://github.com/golang/protobuf";
rev = "552c7b9542c194800fd493123b3798ef0a832032";
sha256 = "1zaw1xxnvgsvfcrv5xkn1f7p87vyh9i6mc44csl11fgc2hvqp6xm";
};
}
{
goPackagePath = "github.com/golang/snappy";
fetch = {
type = "git";
url = "https://github.com/golang/snappy";
rev = "d9eb7a3d35ec988b8585d4a0068e462c27d28380";
sha256 = "0wynarlr1y8sm9y9l29pm9dgflxriiialpwn01066snzjxnpmbyn";
};
}
{
goPackagePath = "github.com/gonuts/go-shellquote";
fetch = {
type = "git";
url = "https://github.com/gonuts/go-shellquote";
rev = "e842a11b24c6abfb3dd27af69a17f482e4b483c2";
sha256 = "19lbz7wl241bsyzsv2ai40b2vnj8c9nl107b6jf9gid3i6h0xydg";
};
}
{
goPackagePath = "github.com/gorilla/context";
fetch = {
type = "git";
url = "https://github.com/gorilla/context";
rev = "1ea25387ff6f684839d82767c1733ff4d4d15d0a";
sha256 = "1nh1nzxcsgd215x4xn59wc4cbqfa8zvhvnnx5p8fkrn4bj1cgak4";
};
}
{
goPackagePath = "github.com/gorilla/mux";
fetch = {
type = "git";
url = "https://github.com/gorilla/mux";
rev = "c9e326e2bdec29039a3761c07bece13133863e1e";
sha256 = "1bplp6v14isjdfpf8328k8bvkn35n451axkxlm822d9h5ccg47g6";
};
}
{
goPackagePath = "github.com/hailocab/go-hostpool";
fetch = {
type = "git";
url = "https://github.com/hailocab/go-hostpool";
rev = "e80d13ce29ede4452c43dea11e79b9bc8a15b478";
sha256 = "05ld4wp3illkbgl043yf8jq9y1ld0zzvrcg8jdij129j50xgfxny";
};
}
{
goPackagePath = "github.com/hashicorp/consul";
fetch = {
type = "git";
url = "https://github.com/hashicorp/consul";
rev = "5aa90455ce78d4d41578bafc86305e6e6b28d7d2";
sha256 = "1xas814kkhwnjg5ghhlkgygcgi5p7h6dczmpbrzzh3yygbfdzxgw";
};
}
{
goPackagePath = "github.com/hpcloud/tail";
fetch = {
type = "git";
url = "https://github.com/hpcloud/tail";
rev = "b2940955ab8b26e19d43a43c4da0475dd81bdb56";
sha256 = "1x266pdfvcymsbdrdsns06qq5qfjb62z6h4512ylhakbm64qkn4s";
};
}
{
goPackagePath = "github.com/influxdata/config";
fetch = {
type = "git";
url = "https://github.com/influxdata/config";
rev = "b79f6829346b8d6e78ba73544b1e1038f1f1c9da";
sha256 = "0k4iywy83n3kq2f58a41rjinj03wp1di67aacpf04p25qmf46c4z";
};
}
{
goPackagePath = "github.com/influxdata/influxdb";
fetch = {
type = "git";
url = "https://github.com/influxdata/influxdb";
rev = "fc57c0f7c635df3873f3d64f0ed2100ddc94d5ae";
sha256 = "07cv1gryp4a84a2acgc8k8alr7jw4jwphf12cby8jjy1br35jrbq";
};
}
{
goPackagePath = "github.com/influxdata/toml";
fetch = {
type = "git";
url = "https://github.com/influxdata/toml";
rev = "af4df43894b16e3fd2b788d01bd27ad0776ef2d0";
sha256 = "1faf51s89sk1z41qfsazmddgwll7jq9xna67k3h3vry86c4vs2j4";
};
}
{
goPackagePath = "github.com/influxdata/wlog";
fetch = {
type = "git";
url = "https://github.com/influxdata/wlog";
rev = "7c63b0a71ef8300adc255344d275e10e5c3a71ec";
sha256 = "04kw4kivxvr3kkmghj3427b1xyhzbhnfr971qfn3lv2vvhs8kpfl";
};
}
{
goPackagePath = "github.com/kardianos/osext";
fetch = {
type = "git";
url = "https://github.com/kardianos/osext";
rev = "29ae4ffbc9a6fe9fb2bc5029050ce6996ea1d3bc";
sha256 = "1mawalaz84i16njkz6f9fd5jxhcbxkbsjnav3cmqq2dncv2hyv8a";
};
}
{
goPackagePath = "github.com/kardianos/service";
fetch = {
type = "git";
url = "https://github.com/kardianos/service";
rev = "5e335590050d6d00f3aa270217d288dda1c94d0a";
sha256 = "1g10qisgywfqj135yyiq63pnbjgr201gz929ydlgyzqq6yk3bn3h";
};
}
{
goPackagePath = "github.com/klauspost/crc32";
fetch = {
type = "git";
url = "https://github.com/klauspost/crc32";
rev = "19b0b332c9e4516a6370a0456e6182c3b5036720";
sha256 = "0fcnsf1m0bzplgp28dz8skza6l7rc65s180x85rzbdl9l3zzi43r";
};
}
{
goPackagePath = "github.com/lib/pq";
fetch = {
type = "git";
url = "https://github.com/lib/pq";
rev = "e182dc4027e2ded4b19396d638610f2653295f36";
sha256 = "1636v3snixapjf7rbjq0xn1sbym7hwckqfla0dm5cr4a5q4fw5cj";
};
}
{
goPackagePath = "github.com/matttproud/golang_protobuf_extensions";
fetch = {
type = "git";
url = "https://github.com/matttproud/golang_protobuf_extensions";
rev = "d0c3fe89de86839aecf2e0579c40ba3bb336a453";
sha256 = "0jkjgpi1s8l9bdbf14fh8050757jqy36kn1l1hxxlb2fjn1pcg0r";
};
}
{
goPackagePath = "github.com/miekg/dns";
fetch = {
type = "git";
url = "https://github.com/miekg/dns";
rev = "cce6c130cdb92c752850880fd285bea1d64439dd";
sha256 = "098gadhfjiijlgq497gbccvf26xrmjvln1fws56m0ljcgszq3jdx";
};
}
{
goPackagePath = "github.com/mreiferson/go-snappystream";
fetch = {
type = "git";
url = "https://github.com/mreiferson/go-snappystream";
rev = "028eae7ab5c4c9e2d1cb4c4ca1e53259bbe7e504";
sha256 = "0jdd5whp74nvg35d9hzydsi3shnb1vrnd7shi9qz4wxap7gcrid6";
};
}
{
goPackagePath = "github.com/naoina/go-stringutil";
fetch = {
type = "git";
url = "https://github.com/naoina/go-stringutil";
rev = "6b638e95a32d0c1131db0e7fe83775cbea4a0d0b";
sha256 = "00831p1wn3rimybk1z8l30787kn1akv5jax5wx743nn76qcmkmc6";
};
}
{
goPackagePath = "github.com/nats-io/nats";
fetch = {
type = "git";
url = "https://github.com/nats-io/nats";
rev = "ea8b4fd12ebb823073c0004b9f09ac8748f4f165";
sha256 = "0i5f6n9k0d2vzdy20sqygmss5j45y72irxsi80grjsh7qkxa6vn1";
};
}
{
goPackagePath = "github.com/nats-io/nuid";
fetch = {
type = "git";
url = "https://github.com/nats-io/nuid";
rev = "a5152d67cf63cbfb5d992a395458722a45194715";
sha256 = "0fphar5bz735wwa7549j31nxnm5a9dyw472gs9zafz0cv7g8np40";
};
}
{
goPackagePath = "github.com/nsqio/go-nsq";
fetch = {
type = "git";
url = "https://github.com/nsqio/go-nsq";
rev = "0b80d6f05e15ca1930e0c5e1d540ed627e299980";
sha256 = "1zi9jazjfzilp2g0xy30dlx9nd9g47cjqrnqxallly97mz9n01xr";
};
}
{
goPackagePath = "github.com/opencontainers/runc";
fetch = {
type = "git";
url = "https://github.com/opencontainers/runc";
rev = "89ab7f2ccc1e45ddf6485eaa802c35dcf321dfc8";
sha256 = "1rnaqcsww7plr430r4ksv9si4l91l25li0bwa1b03g3sn2shirk1";
};
}
{
goPackagePath = "github.com/prometheus/client_golang";
fetch = {
type = "git";
url = "https://github.com/prometheus/client_golang";
rev = "18acf9993a863f4c4b40612e19cdd243e7c86831";
sha256 = "1gyjvwnvgyl0fs4hd2vp5hj1dsafhwb2h55w8zgzdpshvhwrpmhv";
};
}
{
goPackagePath = "github.com/prometheus/client_model";
fetch = {
type = "git";
url = "https://github.com/prometheus/client_model";
rev = "fa8ad6fec33561be4280a8f0514318c79d7f6cb6";
sha256 = "11a7v1fjzhhwsl128znjcf5v7v6129xjgkdpym2lial4lac1dhm9";
};
}
{
goPackagePath = "github.com/prometheus/common";
fetch = {
type = "git";
url = "https://github.com/prometheus/common";
rev = "e8eabff8812b05acf522b45fdcd725a785188e37";
sha256 = "08magd2aw7dqaa8bbv85404zvy120ify61msfpy75az5rdl5anxq";
};
}
{
goPackagePath = "github.com/prometheus/procfs";
fetch = {
type = "git";
url = "https://github.com/prometheus/procfs";
rev = "406e5b7bfd8201a36e2bb5f7bdae0b03380c2ce8";
sha256 = "0yla9hz15pg63394ygs9iiwzsqyv29labl8p424hijwsc9z9nka8";
};
}
{
goPackagePath = "github.com/samuel/go-zookeeper";
fetch = {
type = "git";
url = "https://github.com/samuel/go-zookeeper";
rev = "218e9c81c0dd8b3b18172b2bbfad92cc7d6db55f";
sha256 = "1v0m6wn83v4pbqz6hs7z1h5hbjk7k6npkpl7icvcxdcjd7rmyjp2";
};
}
{
goPackagePath = "github.com/shirou/gopsutil";
fetch = {
type = "git";
url = "https://github.com/shirou/gopsutil";
rev = "4d0c402af66c78735c5ccf820dc2ca7de5e4ff08";
sha256 = "1wkp7chzpz6brq2y0k2mvsf0iaknns279wfsjn5gm6gvih49lqni";
};
}
{
goPackagePath = "github.com/soniah/gosnmp";
fetch = {
type = "git";
url = "https://github.com/soniah/gosnmp";
rev = "3fe3beb30fa9700988893c56a63b1df8e1b68c26";
sha256 = "0a0vlxx1plqj9fi863wd8ajbzl705wgma4qk75v949azgn1yx9ib";
};
}
{
goPackagePath = "github.com/streadway/amqp";
fetch = {
type = "git";
url = "https://github.com/streadway/amqp";
rev = "b4f3ceab0337f013208d31348b578d83c0064744";
sha256 = "1whcg2l6w2q7xrkk8q5y95i90ckq72bpgksii9ibrpyixbx7p5xp";
};
}
{
goPackagePath = "github.com/stretchr/testify";
fetch = {
type = "git";
url = "https://github.com/stretchr/testify";
rev = "1f4a1643a57e798696635ea4c126e9127adb7d3c";
sha256 = "0nam9d68rn8ha8ldif22kkgv6k6ph3y88fp26159wdrs63ca3bzl";
};
}
{
goPackagePath = "github.com/vjeantet/grok";
fetch = {
type = "git";
url = "https://github.com/vjeantet/grok";
rev = "83bfdfdfd1a8146795b28e547a8e3c8b28a466c2";
sha256 = "03zdcg9gy482gbasa7sw4cpw1k1n3dr2q06q80qnkqn268p7hp80";
};
}
{
goPackagePath = "github.com/wvanbergen/kafka";
fetch = {
type = "git";
url = "https://github.com/wvanbergen/kafka";
rev = "46f9a1cf3f670edec492029fadded9c2d9e18866";
sha256 = "1czmbilprffdbwnrq4wcllaqknbq91l6p0ni6b55fkaggnwck694";
};
}
{
goPackagePath = "github.com/wvanbergen/kazoo-go";
fetch = {
type = "git";
url = "https://github.com/wvanbergen/kazoo-go";
rev = "0f768712ae6f76454f987c3356177e138df258f8";
sha256 = "1paaayg03nknbnl3kdl0ybqv4llz7iwry7f29i0bh9srb6c87x16";
};
}
{
goPackagePath = "github.com/yuin/gopher-lua";
fetch = {
type = "git";
url = "https://github.com/yuin/gopher-lua";
rev = "bf3808abd44b1e55143a2d7f08571aaa80db1808";
sha256 = "02m7ly5yzc3snvxlfl9j4ggwd7v0kpvy3pqgqbfr7scdjxdap4nm";
};
}
{
goPackagePath = "github.com/zensqlmonitor/go-mssqldb";
fetch = {
type = "git";
url = "https://github.com/zensqlmonitor/go-mssqldb";
rev = "ffe5510c6fa5e15e6d983210ab501c815b56b363";
sha256 = "079x8ms8lv5p6253ppaxva37k6w04xnd38y8763rr2giswxqzlkl";
};
}
{
goPackagePath = "golang.org/x/crypto";
fetch = {
type = "git";
url = "https://go.googlesource.com/crypto";
rev = "c197bcf24cde29d3f73c7b4ac6fd41f4384e8af6";
sha256 = "1y2bbghi594m8p4pcm9pwrzql06179xj6zvhaghwcc6y0l48rbgp";
};
}
{
goPackagePath = "golang.org/x/net";
fetch = {
type = "git";
url = "https://go.googlesource.com/net";
rev = "6acef71eb69611914f7a30939ea9f6e194c78172";
sha256 = "1fcsv50sbq0lpzrhx3m9jw51wa255fsbqjwsx9iszq4d0gysnnvc";
};
}
{
goPackagePath = "golang.org/x/text";
fetch = {
type = "git";
url = "https://go.googlesource.com/text";
rev = "a71fd10341b064c10f4a81ceac72bcf70f26ea34";
sha256 = "1igxqrgnnb6983fl0yck0xal2hwnkcgbslr7cxyrg7a65vawd0q1";
};
}
{
goPackagePath = "gopkg.in/dancannon/gorethink.v1";
fetch = {
type = "git";
url = "https://gopkg.in/dancannon/gorethink.v1";
rev = "7d1af5be49cb5ecc7b177bf387d232050299d6ef";
sha256 = "0036hcadshka19bcqmq4mm9ssl9qhsx1n96lj1y24mh9g1api8fi";
};
}
{
goPackagePath = "gopkg.in/fatih/pool.v2";
fetch = {
type = "git";
url = "https://gopkg.in/fatih/pool.v2";
rev = "cba550ebf9bce999a02e963296d4bc7a486cb715";
sha256 = "1jlrakgnpvhi2ny87yrsj1gyrcncfzdhypa9i2mlvvzqlj4r0dn0";
};
}
{
goPackagePath = "gopkg.in/mgo.v2";
fetch = {
type = "git";
url = "https://gopkg.in/mgo.v2";
rev = "d90005c5262a3463800497ea5a89aed5fe22c886";
sha256 = "1z81k6mnfk07hkrkw31l16qycyiwa6wzyhysmywgkh58sm5dc9m7";
};
}
{
goPackagePath = "gopkg.in/yaml.v2";
fetch = {
type = "git";
url = "https://gopkg.in/yaml.v2";
rev = "a83829b6f1293c91addabc89d0571c246397bbf4";
sha256 = "1m4dsmk90sbi17571h6pld44zxz7jc4lrnl4f27dpd1l8g5xvjhh";
};
}
]

301
krebs/5pkgs/writers.nix Normal file
View File

@ -0,0 +1,301 @@
{ pkgs, ... }:
with import <stockholm/lib>;
{
nixpkgs.config.packageOverrides = _: {
execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let
in pkgs.writeC name { inherit destination; } /* c */ ''
#include <unistd.h>
static char *const filename = ${toC filename};
${if argv == null
then /* Propagate arguments */ /* c */ ''
#define MAIN_ARGS int argc, char **argv
''
else /* Provide fixed arguments */ /* c */ ''
#define MAIN_ARGS void
static char *const argv[] = ${toC (argv ++ [null])};
''}
static char *const envp[] = ${toC (
mapAttrsToList (k: v: "${k}=${v}") envp ++ [null]
)};
int main (MAIN_ARGS) {
execve(filename, argv, envp);
return -1;
}
'';
execveBin = name: cfg:
pkgs.execve name (cfg // { destination = "/bin/${name}"; });
makeScriptWriter = interpreter: name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
executable = true;
text = "#! ${interpreter}\n${text}";
};
};
writeBash = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "shellcheck.sh" ''
${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || :
'';
executable = true;
text = "#! ${pkgs.bash}/bin/bash\n${text}";
};
};
writeBashBin = name:
assert types.filename.check name;
pkgs.writeBash "/bin/${name}";
writeC = name: { destination ? "" }: text: pkgs.runCommand name {
inherit text;
passAsFile = [ "text" ];
} /* sh */ ''
PATH=${makeBinPath (with pkgs; [
binutils
coreutils
gcc
])}
exe=$out${destination}
mkdir -p "$(dirname "$exe")"
gcc -O -Wall -o "$exe" -x c "$textPath"
strip --strip-unneeded "$exe"
'';
writeDash = pkgs.makeScriptWriter "${pkgs.dash}/bin/dash";
writeDashBin = name:
assert types.filename.check name;
pkgs.writeDash "/bin/${name}";
writeEximConfig = name: text: pkgs.runCommand name {
inherit text;
passAsFile = [ "text" ];
} /* sh */ ''
# TODO validate exim config even with config.nix.useChroot == true
# currently doing so will fail because "user exim was not found"
#${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null
mv "$textPath" $out
'';
writeOut = name: specs0:
let
writers.link =
{ path
, link
}:
assert path == "" || types.absolute-pathname.check path;
assert types.package.check link;
{
install = /* sh */ ''
${optionalString (dirOf path != "/") /* sh */ ''
${pkgs.coreutils}/bin/mkdir -p $out${dirOf path}
''}
${pkgs.coreutils}/bin/ln -s ${link} $out${path}
'';
};
writers.text =
{ path
, check ? null
, executable ? false
, mode ? if executable then "0755" else "0644"
, text
}:
assert path == "" || types.absolute-pathname.check path;
assert types.bool.check executable;
assert types.file-mode.check mode;
rec {
var = "file_${hashString "sha1" path}";
val = text;
install = /* sh */ ''
${optionalString (check != null) /* sh */ ''
${check} ''$${var}Path
''}
${pkgs.coreutils}/bin/install \
-m ${mode} \
-D \
''$${var}Path $out${path}
'';
};
write = spec: writers.${spec.type} (removeAttrs spec ["type"]);
specs =
mapAttrsToList
(path: spec: let
known-types = [ "link" "text" ];
found-types = attrNames (getAttrs known-types spec);
type = assert length found-types == 1; head found-types;
in spec // { inherit path type; })
specs0;
files = map write specs;
filevars = genAttrs' (filter (hasAttr "var") files)
(spec: nameValuePair spec.var spec.val);
env = filevars // { passAsFile = attrNames filevars; };
in
pkgs.runCommand name env /* sh */ ''
set -efu
${concatMapStringsSep "\n" (getAttr "install") files}
'';
writeHaskell =
k:
let
k' = parseDrvName k;
name = k'.name;
version = if k'.version != "" then k'.version else "0";
in
{ base-depends ? ["base"]
, executables ? {}
, ghc-options ? ["-Wall" "-O3" "-threaded" "-rtsopts"]
, haskellPackages ? pkgs.haskellPackages
, library ? null
, license ? "WTFPL"
}:
let
isExecutable = executables != {};
isLibrary = library != null;
cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ ''
build-type: Simple
cabal-version: >= 1.2
name: ${name}
version: ${version}
${concatStringsSep "\n" (mapAttrsToList exe-section executables)}
${optionalString isLibrary (lib-section library)}
'';
exe-install =
exe-name:
{ file ? pkgs.writeText "${name}-${exe-name}.hs" text
, relpath ? "${exe-name}.hs"
, text
, ... }:
if types.filename.check exe-name
then /* sh */ "install -D ${file} $out/${relpath}"
else throw "argument exe-name is not a ${types.filename.name}";
exe-section =
exe-name:
{ build-depends ? base-depends ++ extra-depends
, extra-depends ? []
, file ? pkgs.writeText "${name}-${exe-name}.hs" text
, relpath ? "${exe-name}.hs"
, text
, ... }: /* cabal */ ''
executable ${exe-name}
build-depends: ${concatStringsSep "," build-depends}
ghc-options: ${toString ghc-options}
main-is: ${relpath}
'';
get-depends =
{ build-depends ? base-depends ++ extra-depends
, extra-depends ? []
, ...
}:
build-depends;
lib-install =
{ exposed-modules
, ... }:
concatStringsSep "\n" (mapAttrsToList mod-install exposed-modules);
lib-section =
{ build-depends ? base-depends ++ extra-depends
, extra-depends ? []
, exposed-modules
, ... }: /* cabal */ ''
library
build-depends: ${concatStringsSep "," build-depends}
ghc-options: ${toString ghc-options}
exposed-modules: ${concatStringsSep "," (attrNames exposed-modules)}
'';
mod-install =
mod-name:
{ file ? pkgs.writeText "${name}-${mod-name}.hs" text
, relpath ? "${replaceStrings ["."] ["/"] mod-name}.hs"
, text
, ... }:
if types.haskell.modid.check mod-name
then /* sh */ "install -D ${file} $out/${relpath}"
else throw "argument mod-name is not a ${types.haskell.modid.name}";
in
haskellPackages.mkDerivation {
inherit isExecutable isLibrary license version;
executableHaskellDepends =
attrVals
(concatMap get-depends (attrValues executables))
haskellPackages;
libraryHaskellDepends =
attrVals
(optionals isLibrary (get-depends library))
haskellPackages;
pname = name;
src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ ''
install -D ${cabal-file} $out/${cabal-file.name}
${optionalString isLibrary (lib-install library)}
${concatStringsSep "\n" (mapAttrsToList exe-install executables)}
'';
};
writeJq = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "jqcheck.sh" ''
exec ${pkgs.jq}/bin/jq -f "$1" -n
'';
inherit text;
};
};
writeJSON = name: value: pkgs.writeText name (toJSON value);
writeNixFromCabal =
trace (toString [
"The function `writeNixFromCabal` has been deprecated in favour of"
"`writeHaskell`."
])
(name: path: pkgs.runCommand name {} /* sh */ ''
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
'');
writePython2 = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "python2check.sh" ''
exec ${pkgs.python2}/bin/python -m py_compile "$1"
'';
inherit text;
};
};
writePython3 = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "python3check.sh" ''
exec ${pkgs.python3}/bin/python -m py_compile "$textPath"
'';
inherit text;
};
};
writeSed = pkgs.makeScriptWriter "${pkgs.gnused}/bin/sed -f";
};
}

152
lass/1systems/iso.nix Normal file
View File

@ -0,0 +1,152 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
../../krebs
../3modules
../5pkgs
../2configs/binary-cache/client.nix
../2configs/mc.nix
../2configs/nixpkgs.nix
../2configs/vim.nix
{
krebs.enable = true;
krebs.build.user = config.krebs.users.lass;
krebs.build.host = config.krebs.hosts.iso;
krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix";
}
{
nixpkgs.config.allowUnfree = true;
}
{
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
];
};
};
}
{
environment.extraInit = ''
EDITOR=vim
'';
}
{
environment.systemPackages = with pkgs; [
#stockholm
git
gnumake
jq
parallel
proot
populate
#style
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables
iftop
#stuff for dl
aria2
#neat utils
krebspaste
pciutils
pop
psmisc
q
rs
tmux
untilport
usbutils
#unpack stuff
p7zip
unzip
unrar
#data recovery
ddrescue
ntfs3g
dosfstools
];
}
{
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
'';
};
}
{
services.openssh = {
enable = true;
hostKeys = [
# XXX bits here make no science
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
}
{
krebs.iptables = {
enable = true;
tables = {
nat.PREROUTING.rules = [
{ predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
{ predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
];
nat.OUTPUT.rules = [
{ predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
];
filter.INPUT.policy = "DROP";
filter.FORWARD.policy = "DROP";
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
{ predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
{ predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
];
};
};
}
];
}

3
lass/1systems/prism.nix
View File

@ -215,7 +215,8 @@ in {
}
{
krebs.repo-sync.timerConfig = {
OnCalendar = "*:0/5";
OnUnitInactiveSec = "5min";
RandomizedDelaySec = "2min";
};
}
{

1
lass/2configs/baseX.nix
View File

@ -66,7 +66,6 @@ in {
youtube-tools
rxvt_unicode
termite
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh

2
lass/2configs/buildbot-standalone.nix
View File

@ -11,7 +11,7 @@ let
in {
config.krebs.buildbot.master = let
stockholm-mirror-url = http://cgit.prism/stockholm ;
stockholm-mirror-url = http://cgit.lassul.us/stockholm ;
in {
workers = {
testworker = "lasspass";

4
lass/2configs/mail.nix
View File

@ -17,7 +17,7 @@ let
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.mutt-kz}/share/doc/mutt-kz/samples/gpg.rc
source ${pkgs.neomutt}/share/doc/mutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
set pgp_sign_as = 0x976A7E4D
set crypt_autosign = yes
@ -99,7 +99,7 @@ let
'';
mutt = pkgs.writeDashBin "mutt" ''
exec ${pkgs.mutt-kz}/bin/mutt -F ${muttrc} $@
exec ${pkgs.neomutt}/bin/mutt -F ${muttrc} $@
'';
in {

105
lass/2configs/monitoring/client.nix
View File

@ -1,94 +1,35 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
lass.telegraf = {
services.telegraf = {
enable = true;
interval = "1s";
outputs = ''
[outputs.influxdb]
urls = ["http://prism:8086"]
database = "telegraf_db"
user_agent = "telegraf"
'';
inputs = [
''
[cpu]
percpu = false
totalcpu = true
drop = ["cpu_time"]
''
''
[[inputs.mem]]
''
''
[[inputs.ping]]
urls = ["8.8.8.8"]
''
''
[[inputs.net]]
''
''
[[inputs.dns_query]]
servers = ["8.8.8.8"]
''
];
extraConfig = {
agent.interval = "1s";
outputs = {
influxdb = {
urls = ["http://prism:8086"];
database = "telegraf_db";
user_agent = "telegraf";
};
};
inputs = {
cpu = {
percpu = false;
totalcpu = true;
};
mem = {};
net = {};
};
};
};
systemd.services.telegraf.path = with pkgs; [
iputils
lm_sensors
];
services.collectd = {
services.journalbeat = {
enable = true;
autoLoadPlugin = true;
extraConfig = ''
Hostname ${config.krebs.build.host.name}
LoadPlugin load
LoadPlugin disk
LoadPlugin memory
Interval 30.0
LoadPlugin interface
<Plugin "interface">
Interface "*Link"
Interface "lo"
Interface "vboxnet*"
Interface "virbr*"
IgnoreSelected true
</Plugin>
LoadPlugin df
<Plugin "df">
MountPoint "/nix/store"
FSType "tmpfs"
FSType "binfmt_misc"
FSType "debugfs"
FSType "mqueue"
FSType "hugetlbfs"
FSType "systemd-1"
FSType "cgroup"
FSType "securityfs"
FSType "ramfs"
FSType "proc"
FSType "devpts"
FSType "devtmpfs"
MountPoint "/var/lib/docker/devicemapper"
IgnoreSelected true
</Plugin>
LoadPlugin cpu
<Plugin cpu>
ReportByCpu true
ReportByState true
ValuesPercentage true
</Plugin>
LoadPlugin network
<Plugin "network">
Server "prism" "25826"
</Plugin>
output.elasticsearch:
hosts: ["prism:9200"]
template.enabled: false
'';
};
}

83
lass/2configs/monitoring/server.nix
View File

@ -1,15 +1,14 @@
{pkgs, config, ...}:
with import <stockholm/lib>;
{
services.influxdb = {
enable = true;
};
services.influxdb.enable = true;
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":8086";
admin.bind-address = ":8083";
http.log-enabled = false;
monitoring = {
enabled = false;
# write-interval = "24h";
@ -22,45 +21,79 @@ with import <stockholm/lib>;
}];
};
lass.kapacitor =
krebs.kapacitor =
let
db = "telegraf_db";
echoToIrc = pkgs.writeDash "echo_irc" ''
set -euf
data="$(${pkgs.jq}/bin/jq -r .message)"
export LOGNAME=prism-alarm
${pkgs.irc-announce}/bin/irc-announce \
irc.freenode.org 6667 prism-alarm \#krebs-bots "$data" >/dev/null
ni.r 6667 prism-alarm \#retiolum "$data" >/dev/null
'';
in {
enable = true;
alarms = {
test2 = ''
batch
|query(${"'''"}
SELECT mean("usage_user") AS mean
FROM "${config.lass.kapacitor.check_db}"."default"."cpu"
${"'''"})
.every(3m)
.period(1m)
.groupBy('host')
|alert()
.crit(lambda: "mean" > 90)
// Whenever we get an alert write it to a file.
.log('/tmp/alerts.log')
.exec('${echoToIrc}')
'';
cpu = {
database = db;
text = ''
var data = batch
|query(${"'''"}
SELECT mean("usage_user") AS mean
FROM "${db}"."default"."cpu"
${"'''"})
.period(10m)
.every(1m)
.groupBy('host')
data |alert()
.crit(lambda: "mean" > 90)
.exec('${echoToIrc}')
data |deadman(1.0,5m)
.stateChangesOnly()
.exec('${echoToIrc}')
'';
};
ram = {
database = db;
text = ''
var data = batch
|query(${"'''"}
SELECT mean("used_percent") AS mean
FROM "${db}"."default"."mem"
${"'''"})
.period(10m)
.every(1m)
.groupBy('host')
data |alert()
.crit(lambda: "mean" > 90)
.exec('${echoToIrc}')
'';
};
};
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
];
services.grafana = {
enable = true;
addr = "0.0.0.0";
auth.anonymous.enable = true;
security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
};
services.elasticsearch = {
enable = true;
listenAddress = "0.0.0.0";
};
services.kibana = {
enable = true;
listenAddress = "0.0.0.0";
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp -i retiolum --dport 8086"; target = "ACCEPT"; }
{ predicate = "-p tcp -i retiolum --dport 3000"; target = "ACCEPT"; }
{ predicate = "-p udp -i retiolum --dport 25826"; target = "ACCEPT"; }
{ predicate = "-p tcp -i retiolum --dport 9200"; target = "ACCEPT"; }
{ predicate = "-p tcp -i retiolum --dport 5601"; target = "ACCEPT"; }
];
}

5
lass/2configs/newsbot-js.nix
View File

@ -10,10 +10,6 @@ let
arbor|http://feeds2.feedburner.com/asert/|#news
archlinux|http://www.archlinux.org/feeds/news/|#news
ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#news
asiaone_asia|http://news.asiaone.com/rss/asia|#news
asiaone_business|http://business.asiaone.com/rss.xml|#news
asiaone_sci|http://news.asiaone.com/rss/science-and-tech|#news
asiaone_world|http://news.asiaone.com/rss/world|#news
augustl|http://augustl.com/atom.xml|#news
bbc|http://feeds.bbci.co.uk/news/rss.xml|#news
bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#news #bundestag
@ -78,7 +74,6 @@ let
heise|http://heise.de.feedsportal.com/c/35207/f/653902/index.rss|#news
hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial
hindu|http://www.thehindu.com/?service=rss|#news
hintergrund|http://www.hintergrund.de/index.php?option=com_bca-rss-syndicator&feed_id=8|#news
ign|http://feeds.ign.com/ign/all|#news
independent|http://www.independent.com/rss/headlines/|#news
indymedia|http://de.indymedia.org/RSS/newswire.xml|#news

2
lass/2configs/nixpkgs.nix
View File

@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
ref = "5fff5a902594b34471b613eb2babcec923e1e1f1";
ref = "f7b7d8e";
};
}

3
lass/2configs/repo-sync.nix
View File

@ -49,7 +49,7 @@ let
mirror.url = "${mirror}${name}";
};
lassulus = {
origin.url = "http://cgit.prism/${name}";
origin.url = "http://cgit.lassul.us/${name}";
mirror.url = "${mirror}${name}";
};
"@latest" = {
@ -102,6 +102,7 @@ in {
(sync-retiolum "go")
(sync-retiolum "much")
(sync-retiolum "newsbot-js")
(sync-retiolum "populate")
(sync-retiolum "stockholm")
(sync-retiolum "wai-middleware-time")
(sync-retiolum "web-routes-wai-custom")

10
lass/2configs/websites/domsen.nix
View File

@ -118,8 +118,7 @@ in {
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "jms@ubikmedia.eu"; to = "jms"; }
{ from = "ms@ubikmedia.eu"; to = "ms"; }
{ from = "nrg@ubikmedia.eu"; to = "nrg"; }
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms, nrg"; }
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
];
@ -161,13 +160,6 @@ in {
createHome = true;
};
users.users.nrg = {
uid = genid_signed "nrg";
home = "/home/nrg";
useDefaultShell = true;
createHome = true;
};
users.users.testuser = {
uid = genid_signed "testuser";
home = "/home/testuser";

3
lass/3modules/default.nix
View File

@ -6,10 +6,7 @@ _:
./hosts.nix
./mysql-backup.nix
./umts.nix
./urxvtd.nix
./usershadow.nix
./xresources.nix
./kapacitor.nix
./telegraf.nix
];
}

143
lass/3modules/kapacitor.nix
View File

@ -1,143 +0,0 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.lass.kapacitor;
out = {
options.lass.kapacitor = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "kapacitor";
dataDir = mkOption {
type = types.str;
default = "/var/lib/kapacitor";
};
user = mkOption {
type = types.str;
default = "kapacitor";
};
logLevel = mkOption {
type = types.enum ["DEBUG" "INFO" "WARN" "ERROR" "OFF"];
default = "INFO";
};
alarms = mkOption {
type = with types; attrsOf str;
default = {};
};
check_db = mkOption {
type = types.str;
default = "all_data";
};
config = mkOption {
type = types.str;
#TODO: find a good default
default = ''
hostname = "localhost"
data_dir = "${cfg.dataDir}"
[http]
bind-address = ":9092"
auth-enabled = false
log-enabled = true
write-tracing = false
pprof-enabled = false
https-enabled = false
https-certificate = "/etc/ssl/kapacitor.pem"
shutdown-timeout = "10s"
shared-secret = ""
[replay]
dir = "${cfg.dataDir}/replay"
[storage]
boltdb = "${cfg.dataDir}/kapacitor.db"
[task]
dir = "${cfg.dataDir}/tasks"
snapshot-interval = "1m0s"
[[influxdb]]
enabled = true
name = "default"
default = false
urls = ["http://localhost:8086"]
username = ""
password = ""
ssl-ca = ""
ssl-cert = ""
ssl-key = ""
insecure-skip-verify = false
timeout = "0s"
disable-subscriptions = false
subscription-protocol = "http"
udp-bind = ""
udp-buffer = 1000
udp-read-buffer = 0
startup-timeout = "5m0s"
subscriptions-sync-interval = "1m0s"
[influxdb.subscriptions]
[influxdb.excluded-subscriptions]
_kapacitor = ["autogen"]
[logging]
file = "STDERR"
level = "${cfg.logLevel}"
[deadman]
interval = "10s"
threshold = 0.0
id = "{{ .Group }}:NODE_NAME for task '{{ .TaskName }}'"
message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"emitted\" | printf \"%0.3f\" }} points/INTERVAL."
global = false
'';
description = "configuration kapacitor is started with";
};
};
configFile = pkgs.writeText "kapacitor.conf" cfg.config;
imp = {
systemd.services.kapacitor = {
description = "kapacitor";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.kapacitor}/bin/kapacitord -config ${configFile}";
};
};
systemd.services.kapacitor-alarms = {
description = "kapacitor-alarms";
after = [ "kapacitor.service" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeDash "add_alarms" ''
${pkgs.kapacitor}/bin/kapacitor delete tasks \*
${concatStrings (mapAttrsToList (name: alarm: ''
${pkgs.kapacitor}/bin/kapacitor define ${name} \
-type batch \
-tick ${pkgs.writeText "${name}.tick" alarm} \
-dbrp ${cfg.check_db}.default
${pkgs.kapacitor}/bin/kapacitor enable ${name}
'') cfg.alarms)}
'';
};
};
};
in out

84
lass/3modules/telegraf.nix
View File

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
with builtins;
with lib;
let
cfg = config.lass.telegraf;
out = {
options.lass.telegraf = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "telegraf";
dataDir = mkOption {
type = types.str;
default = "/var/lib/telegraf";
};
user = mkOption {
type = types.str;
default = "telegraf";
};
outputs = mkOption {
type = types.str;
default = ''
[outputs.influxdb]
urls = ["http://localhost:8086"]
database = "telegraf_db"
user_agent = "telegraf"
'';
};
inputs = mkOption {
type = with types; listOf str;
default = [
''
[cpu]
percpu = false
totalcpu = true
drop = ["cpu_time"]
''
];
};
interval = mkOption {
type = types.str;
default = "10s";
};
config = mkOption {
type = types.str;
#TODO: find a good default
default = ''
[agent]
interval = "${cfg.interval}"
[outputs]
${cfg.outputs}
${concatStringsSep "\n" cfg.inputs}
'';
description = "configuration telegraf is started with";
};
};
configFile = pkgs.writeText "telegraf.conf" cfg.config;
imp = {
systemd.services.telegraf = {
description = "telegraf";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
serviceConfig = {
Restart = "always";
ExecStart = "${pkgs.telegraf}/bin/telegraf -config ${configFile}";
};
};
};
in out

55
lass/3modules/urxvtd.nix
View File

@ -1,55 +0,0 @@
{ config, lib, pkgs, ... }:
let
in
with builtins;
with lib;
{
options = {
services.urxvtd = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable urxvtd per user";
};
users = mkOption {
type = types.listOf types.string;
default = [];
description = "users to run urxvtd for";
};
urxvtPackage = mkOption {
type = types.package;
default = pkgs.rxvt_unicode;
description = "urxvt package to use";
};
};
};
config =
let
cfg = config.services.urxvtd;
users = cfg.users;
urxvt = cfg.urxvtPackage;
mkService = user: {
description = "urxvt terminal daemon";
wantedBy = [ "multi-user.target" ];
restartIfChanged = false;
path = [ pkgs.xlibs.xrdb ];
environment = {
DISPLAY = ":0";
URXVT_PERL_LIB = "${urxvt}/lib/urxvt/perl";
};
serviceConfig = {
Restart = "always";
User = user;
ExecStart = "${urxvt}/bin/urxvtd";
};
};
in
mkIf cfg.enable {
environment.systemPackages = [ urxvt ];
systemd.services = listToAttrs (map (u: { name = "${u}-urxvtd"; value = mkService u; }) users);
};
}

1
lass/5pkgs/xmonad-lass.nix
View File

@ -129,7 +129,6 @@ myKeyMap =
, ("M4-<Esc>", toggleWS)
, ("M4-S-<Enter>", spawn urxvtcPath)
, ("M4-x", floatNext True >> spawn urxvtcPath)
, ("M4-z", floatNext True >> spawn "${pkgs.termite}/bin/termite")
, ("M4-f", floatNext True)
, ("M4-b", sendMessage ToggleStruts)

1
makefu/2configs/default.nix
View File

@ -143,7 +143,6 @@ with import <stockholm/lib>;
nixpkgs.config.packageOverrides = pkgs: {
nano = pkgs.runCommand "empty" {} "mkdir -p $out";
tinc = pkgs.tinc_pre;
gnupg1compat = super.gnupg1compat.override { gnupg = self.gnupg21; };
};
services.cron.enable = false;