From 63d2cc00b9f15565429e1ba414f5e73484f8730f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 22 Feb 2016 14:19:49 +0100 Subject: [PATCH 01/25] ma 5 nodemcu-uploader: init --- makefu/5pkgs/nodemcu-uploader/default.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 makefu/5pkgs/nodemcu-uploader/default.nix diff --git a/makefu/5pkgs/nodemcu-uploader/default.nix b/makefu/5pkgs/nodemcu-uploader/default.nix new file mode 100644 index 000000000..64476be6e --- /dev/null +++ b/makefu/5pkgs/nodemcu-uploader/default.nix @@ -0,0 +1,22 @@ +{ lib, pkgs, pythonPackages, fetchurl, ... }: + +with pythonPackages; buildPythonPackage rec { + name = "nodemcu-uploader-${version}"; + version = "0.2.2"; + disabled = isPy3k || isPyPy; + propagatedBuildInputs = [ + pyserial + ]; + src = fetchurl { + url = "https://pypi.python.org/packages/source/n/nodemcu-uploader/nodemcu-uploader-${version}.tar.gz"; + sha256 = "090giz84y9y3idgifp0yh80qqyv2czv6h3y55wyrlgf7qfbwbrvn"; + }; + # ImportError: No module named tests + # not sure what to do here + doCheck = false; + meta = { + homepage = https://github.com/kmpm/nodemcu-uploader; + description = "tool for uploading files to NodeMCU filesystem"; + license = lib.licenses.mit; + }; +} From a3dc898ce8757a9b14024ea97488915069549bca Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 22 Feb 2016 14:26:59 +0100 Subject: [PATCH 02/25] ma 1 omo: remove obsolete nixpkgs rev --- makefu/1systems/omo.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 6cff35e9d..ca0bfd2b5 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -40,7 +40,6 @@ in { networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; # services.openssh.allowSFTP = false; - krebs.build.source.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; From 4011410ebdffd4b7b6522f0a252b35046fb1561a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 22 Feb 2016 14:27:25 +0100 Subject: [PATCH 03/25] ma 2 cgit: cac -> cac-api --- makefu/2configs/git/cgit-retiolum.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 15700e10d..0b69dbcaf 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -15,7 +15,7 @@ let tinc_graphs = { desc = "Tinc Advanced Graph Generation"; }; - cac = { }; + cac-api = { }; init-stockholm = { desc = "Init stuff for stockholm"; }; From 9a847d100b332d33c4b7ed03da9a1cb43b49fc3d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 22 Feb 2016 14:27:38 +0100 Subject: [PATCH 04/25] ma 2 brain: add pass --- makefu/2configs/git/brain-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 58fd250e5..80e4c87cf 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -14,6 +14,7 @@ let priv-repos = mapAttrs make-priv-repo { autosync = { }; + pass = { }; }; # TODO move users to separate module From 3a0fa295ab4bdded531b08f16139f94d50058cc2 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 22 Feb 2016 14:28:05 +0100 Subject: [PATCH 05/25] ma 2 laptop-utils: init --- makefu/2configs/laptop-utils.nix | 62 ++++++++++++++++++++++++++++++++ makefu/2configs/mail-client.nix | 2 +- makefu/2configs/main-laptop.nix | 12 +------ 3 files changed, 64 insertions(+), 12 deletions(-) create mode 100644 makefu/2configs/laptop-utils.nix diff --git a/makefu/2configs/laptop-utils.nix b/makefu/2configs/laptop-utils.nix new file mode 100644 index 000000000..b5ba2ec3b --- /dev/null +++ b/makefu/2configs/laptop-utils.nix @@ -0,0 +1,62 @@ +{ pkgs, ... }: + +# tools i use when actually working with the host. +# package version will now be maintained by nix-rebuild +# +# essentially `nix-env -q` of the main user +# TODO: split gui and non-gui +{ + environment.systemPackages = with pkgs; [ + # core + at_spi2_core + acpi + bc + exif + file + ntfs3g + pv + proot + sshpass + unzip + unrar + usbutils + zip + + # dev + python35Packages.virtualenv + + + # gui + clipit + feh + keepassx + pcmanfm + skype + tightvnc + gnome3.dconf + vlc + virtmanager + wireshark + xdotool + + # browser + firefox + chromium + + # sectools + aria2 + binwalk + dnsmasq + iodine + mtr + nmap + + + # stuff + cac-cli + cac-panel + krebspaste + ledger + password-store + ]; +} diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix index 913cbf25b..036924071 100644 --- a/makefu/2configs/mail-client.nix +++ b/makefu/2configs/mail-client.nix @@ -3,6 +3,7 @@ with config.krebs.lib; { environment.systemPackages = with pkgs; [ + abook msmtp mutt-kz notmuch @@ -10,5 +11,4 @@ with config.krebs.lib; imapfilter gnupg ]; - } diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 452cdfb23..3cc91b630 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -11,21 +11,11 @@ with config.krebs.lib; ./base-gui.nix ./fetchWallpaper.nix ./zsh-user.nix + ./laptop-utils.nix ]; users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; - environment.systemPackages = with pkgs;[ - vlc - firefox - chromium - keepassx - ntfs3g - at_spi2_core - gnome3.dconf - virtmanager - krebspaste - ]; services.redshift = { enable = true; From 5b7039f1f11e7cf2da6f3735cc7d99322a31c7a5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 22 Feb 2016 14:28:37 +0100 Subject: [PATCH 06/25] ma 5 nodemcu-uploader: expose --- makefu/5pkgs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 33e280f0e..8caab433e 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -9,7 +9,8 @@ in alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; awesomecfg = callPackage ./awesomecfg {}; - tw-upload-plugin = callPackage ./tw-upload-plugin {}; + nodemcu-uploader = callPackage ./nodemcu-uploader {}; mycube-flask = callPackage ./mycube-flask {}; + tw-upload-plugin = callPackage ./tw-upload-plugin {}; }; } From 340ea29373bd689e8b49d6657de3f0d0833df2ce Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 22 Feb 2016 14:40:29 +0100 Subject: [PATCH 07/25] k 5 test/infest: add sshpass to dependencies --- krebs/5pkgs/test/infest-cac-centos7/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index 3be4b1c41..f5fe84823 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -1,4 +1,6 @@ -{ stdenv, coreutils,makeWrapper, cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, ... }: +{ stdenv, coreutils, makeWrapper, + cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, sshpass, + ... }: stdenv.mkDerivation rec { name = "${shortname}-${version}"; @@ -21,6 +23,7 @@ stdenv.mkDerivation rec { gnused jq openssh + sshpass ]; installPhase = '' From ce0b1e987a4bd99ed204e9ce06a7c882060dcbcf Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 26 Feb 2016 23:38:50 +0100 Subject: [PATCH 08/25] ma 2 laptop-utils: init --- makefu/1systems/pornocauster.nix | 4 ++++ makefu/2configs/laptop-utils.nix | 13 ++++++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index b2cf0be79..9415f2345 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -8,6 +8,7 @@ [ # Include the results of the hardware scan. ../. ../2configs/main-laptop.nix #< base-gui + zsh + ../2configs/laptop-utils.nix # Krebs ../2configs/tinc-basic-retiolum.nix @@ -39,6 +40,9 @@ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + # steam + hardware.opengl.driSupport32Bit = true; + hardware.pulseaudio.support32Bit = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; diff --git a/makefu/2configs/laptop-utils.nix b/makefu/2configs/laptop-utils.nix index b5ba2ec3b..8a1c0e184 100644 --- a/makefu/2configs/laptop-utils.nix +++ b/makefu/2configs/laptop-utils.nix @@ -6,7 +6,7 @@ # essentially `nix-env -q` of the main user # TODO: split gui and non-gui { - environment.systemPackages = with pkgs; [ + krebs.per-user.makefu.packages = with pkgs; [ # core at_spi2_core acpi @@ -27,11 +27,14 @@ # gui + chromium clipit feh + firefox keepassx pcmanfm skype + mirage tightvnc gnome3.dconf vlc @@ -39,10 +42,6 @@ wireshark xdotool - # browser - firefox - chromium - # sectools aria2 binwalk @@ -53,10 +52,10 @@ # stuff - cac-cli + cac-api cac-panel krebspaste ledger - password-store + pass ]; } From a437d304d60760c66c085dd2d6cf9fdfdf6599c4 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 26 Feb 2016 23:39:14 +0100 Subject: [PATCH 09/25] ma 5 mycube: bump 0.2.3.4 --- makefu/5pkgs/mycube-flask/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/5pkgs/mycube-flask/default.nix b/makefu/5pkgs/mycube-flask/default.nix index d01abbbd4..5bf85a66a 100644 --- a/makefu/5pkgs/mycube-flask/default.nix +++ b/makefu/5pkgs/mycube-flask/default.nix @@ -2,7 +2,7 @@ with pkgs.pythonPackages;buildPythonPackage rec { name = "mycube-flask-${version}"; - version = "0.2.3"; + version = "0.2.3.4"; propagatedBuildInputs = [ flask redis From 113d6006bbfcb58b0d4263a56c62a34d41c89f8e Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 26 Feb 2016 23:39:52 +0100 Subject: [PATCH 10/25] ma 2 mail-client: += gnupg,w3m,openssl --- makefu/2configs/mail-client.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix index 036924071..793daa6f8 100644 --- a/makefu/2configs/mail-client.nix +++ b/makefu/2configs/mail-client.nix @@ -4,11 +4,13 @@ with config.krebs.lib; { environment.systemPackages = with pkgs; [ abook + gnupg + imapfilter msmtp mutt-kz notmuch offlineimap - imapfilter - gnupg + openssl + w3m ]; } From da20505f5d187f2bbe649543125f1097c6d87d85 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 27 Feb 2016 12:26:06 +0100 Subject: [PATCH 11/25] ma 2 default: fix path to glibc patch --- makefu/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 3043a1af3..7166c0cc9 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -6,7 +6,7 @@ with config.krebs.lib; system.replaceRuntimeDependencies = with pkgs.lib; [{original = pkgs.glibc; replacement = pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: { patches = oldAttr.patches ++ - [(pkgs.fetchurl { url = "https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/development/libraries/glibc/cve-2015-7547.patch"; + [(pkgs.fetchurl { url = "https://raw.githubusercontent.com/NixOS/nixpkgs/fc48bf5a2ceb908b73dc035374e2ec5a31086aa2/pkgs/development/libraries/glibc/cve-2015-7547.patch"; sha256 = "0awpc4rp2x27rjpj83ps0rclmn73hsgfv2xxk18k82w4hdxqpp5r";})]; });} ]; From 217c4840d8ebc5ffff15bb3f9c679689a4139edb Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Feb 2016 01:11:21 +0100 Subject: [PATCH 12/25] k 3 bepasty: create build environment for recursive package inclusion --- krebs/3modules/bepasty-server.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 9e777a5ef..cbf87b2a7 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -96,9 +96,13 @@ let wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; restartIfChanged = true; - environment = { + environment = let + penv = python.buildEnv.override { + extraLibs = [ bepasty gevent ]; + }; + in { BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf"; - PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages"; + PYTHONPATH= "${penv}/${python.sitePackages}/"; }; serviceConfig = { From 6dd129a4641b6f720c4c93f16bf6c94f77e7327e Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Feb 2016 01:52:40 +0100 Subject: [PATCH 13/25] ma 2 iodined: now requires listen addres --- makefu/2configs/iodined.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix index db8a1bfed..2e69d167c 100644 --- a/makefu/2configs/iodined.nix +++ b/makefu/2configs/iodined.nix @@ -1,4 +1,4 @@ -{ services,builtins,environment,pkgs, ... }: +{ pkgs, config, ... }: let # TODO: make this a parameter @@ -10,7 +10,7 @@ in { enable = true; domain = domain; ip = "172.16.10.1/24"; - extraConfig = "-P ${pw}"; + extraConfig = "-P ${pw} -l ${pkgs.lib.head config.krebs.build.host.nets.internet.addrs4}"; }; } From 9b1996625451f46c605f4b77ad760ba401319232 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Feb 2016 01:53:41 +0100 Subject: [PATCH 14/25] ma 2 mycube: not necessary to include implicit deps with nixpkgs@2016-02-14 --- makefu/2configs/deployment/mycube.connector.one.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix index 38fc4a243..125b3dfff 100644 --- a/makefu/2configs/deployment/mycube.connector.one.nix +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -16,7 +16,7 @@ in { vassals = { mycube-flask = { type = "normal"; - python2Packages = self: with self; [ pkgs.mycube-flask flask redis werkzeug jinja2 markupsafe itsdangerous ]; + pythonPackages = self: with self; [ pkgs.mycube-flask ]; socket = wsgi-sock; }; }; From 9af9b562b578ec3a1ccb2b870f49ad3d7a4c467c Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Feb 2016 02:24:52 +0100 Subject: [PATCH 15/25] k 3 default: add `via` to gum, fix wry pubkey --- krebs/3modules/makefu/default.nix | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d309c1714..24f0cdd84 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -221,17 +221,17 @@ with config.krebs.lib; ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ - rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 - e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN - sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v - CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 - PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V - LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk - DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW - ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK - jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 - Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== + MIICCgKCAgEAs9bq++H4HF8EpZMfWGfoIsh/C+YNO2pg74UPBsP/tFFe71yzWwUn + U9LW0n3bBqCMQ/oDthbSMwCkS9JzcUi22QJEdjbQs/aay9gZR115b+UxWPocw0Ms + ZoREKo3Oe0hETk7Ing8NdBDI0kCBh9QnvqQ3iKd0rBae3DYvcWlDsY93GLGMddgA + 7E9oa3EHVYH/MPZaeJtTknaJduanBSbiEb/xQOqxTadHoQASKU6DQD1czMH3hLG2 + 8Wn4MBj9fgKBAoIy092tIzPtE2QwAHO73yz4mSW/3r190hREgVbjuEPiw4w5mEyQ + j+NeN3f3heFKx+GCgdWH9xPw6m6qPdqUiGUPq91KXMOhNa8lLcTp95mHdCMesZCF + TFj7hf6y+SVt17Vo+YUL7UqnMtAm3eZZmwyDu0DfKFrdgz6MtDD+5dQp9g8VHpqw + RfbaB1Srlr24EUYYoOBEF9CcIacFbsr+MKh+hQk5R0uEMSeAWARzxvvr69iMgdEC + zDiu0rrRLN+CrfgkDir7pkRKxeA1lz8KpySyIZRziNg6mSHjKjih4++Bbu4N2ack + 86h84qBrA8lq2xsub4+HgKZGH2l5Y8tvlr+rx0mQKEJkT6XDKCXZFPfl2N0QrWGT + Dv7l2vn0QMj9E6+BdRhYaO/m3+cIZ9faM851nRj/gq2OOtzW3ekrne0CAwEAAQ== -----END RSA PUBLIC KEY----- ''; }; @@ -323,7 +323,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB cgit.euer IN A ${head nets.internet.addrs4} ''; }; - nets = { + nets = rec { internet = { addrs4 = ["195.154.108.70"]; aliases = [ @@ -331,6 +331,7 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB ]; }; retiolum = { + via = internet; addrs4 = ["10.243.0.211"]; addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; aliases = [ From 321b831755f8d8572e30e9b735617a90525b311a Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Feb 2016 02:25:53 +0100 Subject: [PATCH 16/25] ma 2 laptop-utils: FF with flash --- makefu/1systems/wry.nix | 4 ++-- makefu/2configs/laptop-utils.nix | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 747321968..462ec4faf 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -11,7 +11,6 @@ in { # TODO: copy this config or move to krebs ../../tv/2configs/hw/CAC.nix ../../tv/2configs/fs/CAC-CentOS-7-64bit.nix - ../2configs/unstable-sources.nix ../2configs/headless.nix ../2configs/tinc-basic-retiolum.nix @@ -28,7 +27,8 @@ in { # collectd ../2configs/collectd/collectd-base.nix ]; - + services.nixosManual.enable = false; + programs.man.enable = false; krebs.build.host = config.krebs.hosts.wry; krebs.Reaktor = { diff --git a/makefu/2configs/laptop-utils.nix b/makefu/2configs/laptop-utils.nix index 8a1c0e184..815ff7489 100644 --- a/makefu/2configs/laptop-utils.nix +++ b/makefu/2configs/laptop-utils.nix @@ -6,6 +6,10 @@ # essentially `nix-env -q` of the main user # TODO: split gui and non-gui { + nixpkgs.config.firefox = { + enableAdobeFlash = true; + }; + krebs.per-user.makefu.packages = with pkgs; [ # core at_spi2_core From 64a1dc64a3a7daf57e1ebc677e35c4dc89d9c36b Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 28 Feb 2016 02:26:20 +0100 Subject: [PATCH 17/25] ma 2 default: back to unstable, remove runtime-patch --- makefu/2configs/default.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 7166c0cc9..313ccbec7 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -4,13 +4,6 @@ with config.krebs.lib; { system.stateVersion = "15.09"; - system.replaceRuntimeDependencies = with pkgs.lib; - [{original = pkgs.glibc; replacement = pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: { patches = oldAttr.patches ++ - [(pkgs.fetchurl { url = "https://raw.githubusercontent.com/NixOS/nixpkgs/fc48bf5a2ceb908b73dc035374e2ec5a31086aa2/pkgs/development/libraries/glibc/cve-2015-7547.patch"; - sha256 = "0awpc4rp2x27rjpj83ps0rclmn73hsgfv2xxk18k82w4hdxqpp5r";})]; - });} - ]; - imports = [ { users.extraUsers = @@ -29,7 +22,7 @@ with config.krebs.lib; source = mapAttrs (_: mkDefault) { nixpkgs = { url = https://github.com/nixos/nixpkgs; - rev = "77f8f35d57618c1ba456d968524f2fb2c3448295"; # unstable @ 2015-01-27, tested on wry + rev = "40c586b7ce2c559374df435f46d673baf711c543"; # unstable @ 2016-02-27, tested on wry }; secrets = "/home/makefu/secrets/${config.krebs.build.host.name}/"; stockholm = "/home/makefu/stockholm"; From f3ed026c4749a496c1a5249b55d08081b73e3988 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Mar 2016 01:09:10 +0100 Subject: [PATCH 18/25] ma 3 snapraid: add timerConfig type --- makefu/3modules/snapraid.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/3modules/snapraid.nix b/makefu/3modules/snapraid.nix index 3d458bbbf..acdeb46d8 100644 --- a/makefu/3modules/snapraid.nix +++ b/makefu/3modules/snapraid.nix @@ -35,7 +35,7 @@ let enable = mkEnableOption "snapraid"; timerConfig = mkOption { - type = types.unspecified; + type = with types;attrsOf str; description = '' Start snapraid service ''; From e8679ae6c0fd33be9c84a671d2ebfae51f5851f0 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Mar 2016 10:59:09 +0100 Subject: [PATCH 19/25] ma 1 omo: replace disk2 --- makefu/1systems/omo.nix | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index ca0bfd2b5..e6a1434ab 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -12,11 +12,25 @@ let # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 # mkfs.xfs /dev/mapper/crypt0 -L crypt0 + + # omo Chassis: + # __FRONT_ + # |* d2 | + # | | + # |* d3 | + # | | + # |* d0 | + # | | + # |* d1 | + # |* | + # | * r0 | + # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; - cryptDisk2 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WCAZA5548487"; + # cryptDisk2 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WCAZA5548487"; + cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks - allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; + allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk3 ]; in { imports = [ @@ -85,7 +99,7 @@ in { (usbkey "home" homePartition) (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) - (usbkey "crypt2" cryptDisk2) + (usbkey "crypt2" cryptDisk3) ]; }; loader.grub.device = rootDisk; From ef97cc848f379f84dcbe1aa3ed327bd5c30dadc2 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 8 Mar 2016 18:35:32 +0100 Subject: [PATCH 20/25] ma 1 omo: replace crypt2 --- krebs/3modules/makefu/default.nix | 1 + makefu/1systems/omo.nix | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 24f0cdd84..1fcf07b1e 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -272,6 +272,7 @@ with config.krebs.lib; addrs6 = ["42:f9f0::10"]; aliases = [ "omo.retiolum" + "omo.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e6a1434ab..aa4a8a5c9 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -10,8 +10,8 @@ let homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey - # cryptsetup luksOpen $dev crypt0 - # mkfs.xfs /dev/mapper/crypt0 -L crypt0 + # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 + # mkfs.ext4 /dev/mapper/crypt0 -L crypt0 -T largefile # omo Chassis: # __FRONT_ @@ -27,10 +27,10 @@ let # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; - # cryptDisk2 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WCAZA5548487"; - cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; + cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks - allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk3 ]; + allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; in { imports = [ @@ -99,7 +99,7 @@ in { (usbkey "home" homePartition) (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) - (usbkey "crypt2" cryptDisk3) + (usbkey "crypt2" cryptDisk2) ]; }; loader.grub.device = rootDisk; From 05e4f0f7b551685ea2ce8b23b4d1829867239767 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 9 Mar 2016 22:49:29 +0100 Subject: [PATCH 21/25] k 4 infest/prepare: build nixos-install --- krebs/4lib/infest/prepare.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index a217e7bed..e265b0e67 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -98,6 +98,19 @@ prepare_nixos_iso() { sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } +get_nixos_install() { + echo "installing nixos-install" 2>&1 + c=$(mktemp) + + cat < $c +{ fileSystems."/" = {}; + boot.loader.grub.enable = false; +} +EOF + export NIXOS_CONFIG=$c + nix-env -i -A config.system.build.nixos-install -f "" + rm -v $c +} prepare_common() {( if ! getent group nixbld >/dev/null; then @@ -191,6 +204,7 @@ prepare_common() {( mount --rbind /mnt/"$target_path" "$target_path" fi + get_nixos_install mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install From 95dcf70cd619b19734773b20225f7f55a02a749e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 9 Mar 2016 22:51:04 +0100 Subject: [PATCH 22/25] k 5 infest-cac-centos7: 0.2.0 -> 0.2.6 so much stuff happened --- .../5pkgs/test/infest-cac-centos7/default.nix | 2 +- krebs/5pkgs/test/infest-cac-centos7/notes | 78 ++++++++++++++----- 2 files changed, 58 insertions(+), 22 deletions(-) diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index f5fe84823..ba3ff30b9 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { name = "${shortname}-${version}"; shortname = "infest-cac-centos7"; - version = "0.2.0"; + version = "0.2.6"; src = ./notes; diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes index 6bb0258a9..5b8f08c31 100755 --- a/krebs/5pkgs/test/infest-cac-centos7/notes +++ b/krebs/5pkgs/test/infest-cac-centos7/notes @@ -1,10 +1,26 @@ -# nix-shell -p gnumake jq openssh cac-api cac-panel sshpass -set -eufx +#! /bin/sh +# usage: user=makefu target_system=wry debug=true \ +# krebs_cred=~/secrets/cac.json \ +# retiolum_key=~/secrets/wry/retiolum.rsa_key.priv \ +# infest-cac-centos7 + +# IMPORTANT: set debug to TRUE if you want to actually keep the system + +# must be run in +set -euf # 2 secrets are required: - +# login to panel krebs_cred=${krebs_cred-./cac.json} +# tinc retiolum key for host retiolum_key=${retiolum_key-./retiolum.rsa_key.priv} +# build this host +user=${user:-shared} +target=${target_system:-test-centos7} + +log(){ + echo "[$(date +"%Y-%m-%d %T")] $@" 2>&1 +} clear_defer(){ echo "${trapstr:-exit}" @@ -14,9 +30,13 @@ defer(){ if test -z "${debug:-}"; then trapstr="$1;${trapstr:-exit}" trap "$trapstr" INT TERM EXIT KILL + else + log "ignored defer: $1" fi } +test -z "${debug:-}" && log "debug enabled, vm will not be deleted on error" + # Sanity if test ! -r "$krebs_cred";then echo "\$krebs_cred=$krebs_cred must be readable"; exit 1 @@ -25,6 +45,11 @@ if test ! -r "$retiolum_key";then echo "\$retiolum_key=$retiolum_key must be readable"; exit 1 fi +if test ! -r "${user}/1systems/${target}.nix" ;then + echo "cannot find ${user}/1systems/${target}.nix , not started in stockholm directory?" + exit 1 +fi + krebs_secrets=$(mktemp -d) sec_file=$krebs_secrets/cac_config krebs_ssh=$krebs_secrets/tempssh @@ -32,7 +57,7 @@ export cac_resources_cache=$krebs_secrets/res_cache.json export cac_servers_cache=$krebs_secrets/servers_cache.json export cac_tasks_cache=$krebs_secrets/tasks_cache.json export cac_templates_cache=$krebs_secrets/templates_cache.json -# we need to receive this key from buildmaster to speed up tinc bootstrap + defer "trap - INT TERM EXIT" defer "rm -r $krebs_secrets" @@ -42,10 +67,13 @@ cac_key="$(cac-panel --config $krebs_cred settings | jq -r .apicode)" EOF export cac_secrets=$sec_file +log "adding own ip to allowed ips via cac-panel" cac-panel --config $krebs_cred add-api-ip # test login: +log "updating cac-api state" cac-api update +log "list of cac servers:" cac-api servers # preserve old trap @@ -56,10 +84,10 @@ while true;do out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1) if name=$(echo "$out" | jq -r .servername);then id=servername:$name - echo "got a working machine, id=$id" + log "got a working machine, id=$id" else - echo "Unable to build a virtual machine, retrying in 15 seconds" >&2 - echo "Output of build program: $out" >&2 + elog "Unable to build a virtual machine, retrying in 15 seconds" + log "Output of build program: $out" sleep 15 continue fi @@ -74,22 +102,23 @@ while true;do for t in `seq 180`;do # now we have a working cac-api server if cac-api ssh $1 -o ConnectTimeout=10 \ - cat /etc/redhat-release | \ - grep CentOS ;then + cat /etc/redhat-release >/dev/null 2>&1 ;then return 0 fi + log "cac-api ssh $1 failed, retrying" sleep 10 done + log "cac-api ssh failed for 30 minutes, assuming something else broke. bailing ou.t" return 1 } # die on timeout if ! wait_login_cac $id;then - echo "unable to boot a working system within time frame, retrying..." >&2 - echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)" + log "unable to boot a working system within time frame, retrying..." + log "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)" eval "$(clear_defer | sed 's/;exit//')" sleep 15 else - echo "got a working system" >&2 + log "got a working system: $id" break fi done @@ -101,16 +130,16 @@ cac-api generatenetworking $id > \ shared/2configs/temp/networking.nix # new temporary ssh key we will use to log in after install ssh-keygen -f $krebs_ssh -N "" -cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv +cp "$retiolum_key" $krebs_secrets/retiolum.rsa_key.priv # we override the directories for secrets and stockholm # additionally we set the ssh key we generated ip=$(cac-api getserver $id | jq -r .ip) cat > shared/2configs/temp/dirs.nix </dev/null 2>&1;then + log "login to host $1 successful" return 0 fi + log "unable to log into server, waiting" sleep 10 done + log "unable to log in after 15 minutes, bailing out" return 1 } +log "waiting for system to come up" wait_login $ip From 2741e97fc0a950511961211e7aab15b5eb4eb635 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 9 Mar 2016 22:52:51 +0100 Subject: [PATCH 23/25] s 2 base: bump nixpkgs --- shared/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index 9f998b554..f6ec93a97 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -18,7 +18,7 @@ with config.krebs.lib; krebs.build.source = { nixpkgs = mkDefault { url = https://github.com/NixOS/nixpkgs; - rev = "77f8f35d57618c1ba456d968524f2fb2c3448295"; # for urlwatch-minidb + rev = "40c586b7ce2c559374df435f46d673baf711c543"; }; secrets = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}"; stockholm = mkDefault "${getEnv "HOME"}/stockholm"; From 5d6cf7bf717baf9943a3b6d53a8b57d98d3cb50c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 10 Mar 2016 09:09:47 +0100 Subject: [PATCH 24/25] add proot dependency --- krebs/5pkgs/test/infest-cac-centos7/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index ba3ff30b9..5dbb4ebd5 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -1,5 +1,5 @@ { stdenv, coreutils, makeWrapper, - cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, sshpass, + cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, sshpass, proot, ... }: stdenv.mkDerivation rec { @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { jq openssh sshpass + proot ]; installPhase = '' @@ -37,7 +38,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { homepage = http://krebsco.de; - description = "Krebs CI Scripts"; + description = "infest a CaC box with stockholm"; license = licenses.wtfpl; maintainers = [ maintainers.makefu ]; }; From 4ca96e8b04056ae9d06c2ff2e153d2e592991c15 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 10 Mar 2016 10:09:02 +0100 Subject: [PATCH 25/25] k 5 test/infest-cac-centos7: remove hardcoded path --- krebs/5pkgs/test/infest-cac-centos7/notes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes index 5b8f08c31..fafc11572 100755 --- a/krebs/5pkgs/test/infest-cac-centos7/notes +++ b/krebs/5pkgs/test/infest-cac-centos7/notes @@ -156,7 +156,7 @@ make install \ system=${target} \ target=$ip log "finalizing installation" -cac-api ssh $id < ~/stockholm/krebs/4lib/infest/finalize.sh +cac-api ssh $id < krebs/4lib/infest/finalize.sh log "reset $id" cac-api powerop $id reset