add "make infest"

Makefile

@@ -21,6 +21,10 @@ else ifdef system
 deploy:;@
 	make eval system=$(system) get=config.krebs.build.script filter=json | sh
 
+.PHONY: infest
+infest:;@
+	make eval system=$(system) get=config.krebs.build.infest filter=json | sh
+
 .PHONY: eval
 eval:
 	@

krebs/3modules/default.nix

@@ -121,6 +121,112 @@ let
 
               exec "$profile"/bin/switch-to-configuration switch
               EOF
+
+            '';
+          };
+          infest = mkOption {
+            type = types.str;
+            default = ''
+              #! /bin/sh
+              set -efux
+
+              target=${escapeShellArg cfg.build.target}
+
+              push(){(
+                src=$1/
+                dst=$target:/mnt$2
+                rsync \
+                  --exclude .git \
+                  --exclude .graveyard \
+                  --exclude old \
+                  --rsync-path="mkdir -p \"/mnt$2\" && rsync" \
+                  --delete-excluded \
+                  -vrLptgoD \
+                  "$src" "$dst"
+              )}
+
+              cat krebs/4lib/infest/1prepare | ssh "$target"
+              cat krebs/4lib/infest/2install-nix | ssh "$target"
+
+              ${concatStrings (mapAttrsToList (name: { url, rev, ... }:
+                optionalString (rev == null) ''
+                  push ${toString (map escapeShellArg [
+                    "${url}"
+                    "/root/src/${name}"
+                  ])}
+                '') config.deps)}
+
+              ssh -S none "$target" /bin/sh <<\EOF
+              set -efux
+
+              fetch(){(
+                url=$1
+                rev=$2
+                dst=$3
+                mkdir -p "$dst"
+                cd "$dst"
+                if ! test -e .git; then
+                  git init
+                fi
+                if ! cur_url=$(git config remote.origin.url 2>/dev/null); then
+                  git remote add origin "$url"
+                elif test "$cur_url" != "$url"; then
+                  git remote set-url origin "$url"
+                fi
+                if test "$(git rev-parse --verify HEAD 2>/dev/null)" != "$rev"; then
+                  git fetch origin
+                  git checkout "$rev" -- .
+                  git checkout -q "$rev"
+                  git submodule init
+                  git submodule update
+                fi
+                git clean -dxf
+              )}
+
+              ${concatStrings (mapAttrsToList (name: { url, rev, ... }:
+                optionalString (rev != null) ''
+                  fetch ${toString (map escapeShellArg [
+                    url
+                    rev
+                    "/mnt/root/src/${name}"
+                  ])}
+                '') config.deps)}
+
+              export PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:$PATH
+
+              sed < "$(type -p nixos-install)" > nixos-install '
+                /^echo "building the system configuration..."/,/--set -A system/{
+                  s/.*/# &/
+                  s@.*--set -A system.*@&\n${concatStringsSep " " [
+                    "NIX_PATH=/mnt/root/src/"
+                    "nix-env"
+                    "-Q"
+                    "-p /nix/var/nix/profiles/system"
+                    "-f \"<stockholm>\""
+                    "--set"
+                    "-A system"
+                    "--argstr user-name ${escapeShellArg cfg.build.user.name}"
+                    "--argstr system-name ${escapeShellArg cfg.build.host.name}"
+                  ]}@
+                }
+              '
+
+              sed -i 's/^nixpkgs=.*$/#&/' nixos-install
+
+
+              chmod +x nixos-install
+
+              echo {} > /root/dummy.nix
+
+              echo build system...
+              profile=/nix/var/nix/profiles/system
+              NIXOS_CONFIG=/root/dummy.nix \
+              ./nixos-install -I /root/src/
+              #nl -bp nixos-install
+
+              EOF
+
+              cat krebs/4lib/infest/4finalize | ssh "$target"
             '';
           };
           host = mkOption {

krebs/4lib/infest/1prepare

@@ -0,0 +1,74 @@
+#! /bin/sh
+set -efu
+
+prepare() {(
+  if test -e /etc/os-release; then
+    . /etc/os-release
+    case $ID in
+      centos)
+        case $VERSION_ID in
+          7)
+            prepare_centos7 "$@"
+            exit
+            ;;
+        esac
+        ;;
+    esac
+  fi
+  echo "$0 prepare: unknown OS" >&2
+  exit -1
+)}
+
+prepare_centos7() {
+  type bzip2 2>/dev/null || yum install -y bzip2
+  type git   2>/dev/null || yum install -y git
+  type rsync 2>/dev/null || yum install -y rsync
+  if ! getent group nixbld >/dev/null; then
+    groupadd -g 30000 -r nixbld
+  fi
+  for i in `seq 1 10`; do
+    if ! getent passwd nixbld$i 2>/dev/null; then
+      useradd \
+        -c "CentOS Nix build user $i" \
+        -d /var/empty \
+        -g 30000 \
+        -G 30000 \
+        -l \
+        -M \
+        -s /sbin/nologin \
+        -u $(expr 30000 + $i) \
+        nixbld$i
+      rm -f /var/spool/mail/nixbld$i
+    fi
+  done
+
+  #
+  # mount install directory
+  #
+
+  if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt type xfs'; then
+    mkdir -p /newshit
+    mount --bind /newshit /mnt
+  fi
+
+  if ! mount | grep -Fq '/dev/sda1 on /mnt/boot type xfs'; then
+    mkdir -p /mnt/boot
+    mount /dev/sda1 /mnt/boot
+  fi
+
+  mount | grep 'on /mnt\>' >&2
+
+  #
+  # prepare install directory
+  #
+
+  mkdir -p /mnt/etc/nixos
+  mkdir -m 0555 -p /mnt/var/empty
+
+  if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/root type xfs'; then
+    mkdir -p /mnt/root
+    mount --bind /root /mnt/root
+  fi
+}
+
+prepare "$@"

krebs/4lib/infest/2install-nix

@@ -0,0 +1,57 @@
+#! /bin/sh
+set -efu
+
+nix_url=https://nixos.org/releases/nix/nix-1.10/nix-1.10-x86_64-linux.tar.bz2
+nix_sha256="504f7a3a85fceffb8766ae5e1005de9e02e489742f5a63cc3e7552120b138bf4"
+
+install-nix() {(
+
+  # install nix on host (cf. https://nixos.org/nix/install)
+  if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
+    (
+      verify() {
+        printf '%s  %s\n' $nix_sha256  $(basename $nix_url) | sha256sum -c
+      }
+      if ! verify; then
+        curl -C - -O "$nix_url"
+        verify
+      fi
+    )
+    nix_src_dir=$(basename $nix_url .tar.bz2)
+    tar jxf $nix_src_dir.tar.bz2
+    mkdir -v -m 0755 -p /nix
+    $nix_src_dir/install
+  fi
+
+  #TODO: make this general or move to 1prepare
+  if ! mount | grep -Fq '/dev/mapper/centos-root on /mnt/nix type xfs'; then
+    mkdir -p /mnt/nix
+    mount --bind /nix /mnt/nix
+  fi
+
+  . /root/.nix-profile/etc/profile.d/nix.sh
+
+  for i in \
+    bash \
+    coreutils \
+    # This line intentionally left blank.
+  do
+    if ! nix-env -q $i | grep -q .; then
+      nix-env -iA nixpkgs.pkgs.$i
+    fi
+  done
+
+  # install nixos-install
+  if ! type nixos-install 2>/dev/null; then
+    nixpkgs_expr='import <nixpkgs> { system = builtins.currentSystem; }'
+    nixpkgs_path=$(find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d)
+    nix-env \
+      --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \
+      --arg pkgs "$nixpkgs_expr" \
+      --arg modulesPath 'throw "no modulesPath"' \
+      -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \
+      -iA config.system.build.nixos-install
+  fi
+)}
+
+install-nix "$@"

krebs/4lib/infest/3install-nix-tools

@@ -0,0 +1,9 @@
+#! /bin/sh
+set -efu
+
+install-nix-tools() {(
+
+
+)}
+
+install-nix-tools "$@"

krebs/4lib/infest/4finalize

@@ -0,0 +1,65 @@
+#! /bin/sh
+set -eux
+{
+  umount /mnt/nix || [ $? -eq 32 ]
+  umount /mnt/boot || [ $? -eq 32 ]
+  umount /mnt/root || [ $? -eq 32 ]
+  umount /mnt || [ $? -eq 32 ]
+  umount /boot || [ $? -eq 32 ]
+
+  PATH=$(for i in /nix/store/*coreutils*/bin; do :; done; echo $i)
+  export PATH
+
+  mkdir /oldshit
+
+  mv /bin /oldshit/
+  mv /newshit/bin /
+
+  # TODO ensure /boot is empty
+  rmdir /newshit/boot
+
+  # skip /dev
+  rmdir /newshit/dev
+
+  mv /etc /oldshit/
+  mv /newshit/etc /
+
+  # skip /nix (it's already there)
+  rmdir /newshit/nix
+
+  # skip /proc
+  rmdir /newshit/proc
+
+  # skip /run
+  rmdir /newshit/run
+
+  # skip /sys
+  rmdir /newshit/sys
+
+  # skip /root
+  rmdir /newshit/root
+
+  # skip /tmp
+  # TODO rmdir /newshit/tmp
+
+  mv /home /oldshit/
+  mv /newshit/home /
+
+  mv /usr /oldshit/
+  mv /newshit/usr /
+
+  mv /var /oldshit/
+  mv /newshit/var /
+
+  mv /lib /oldshit/
+  mv /lib64 /oldshit/
+  mv /sbin /oldshit/
+  mv /srv /oldshit/
+  mv /opt /oldshit/
+
+
+  mv /newshit /root/  # TODO this one shoult be empty
+  mv /oldshit /root/
+
+  sync
+}