Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2018-06-14 21:54:55 +02:00
commit d98e41a4d7
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
36 changed files with 287 additions and 313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
krebs/1systems/hotdog/config.nix
View File

@ -9,17 +9,17 @@
<stockholm/krebs> <stockholm/krebs>
<stockholm/krebs/2configs> <stockholm/krebs/2configs>
<stockholm/krebs/2configs/buildbot-all.nix> <stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix> <stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
]; ];
krebs.build.host = config.krebs.hosts.hotdog; krebs.build.host = config.krebs.hosts.hotdog;
boot.isContainer = true; boot.isContainer = true;
networking.useDHCP = false; networking.useDHCP = false;
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
environment.variables.NIX_REMOTE = "daemon"; environment.variables.NIX_REMOTE = "daemon";
} }

9
krebs/2configs/buildbot-all.nix
View File

@ -1,9 +0,0 @@
with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
}

12
krebs/2configs/buildbot-krebs.nix
View File

@ -1,12 +0,0 @@
with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
imports = [
<stockholm/krebs/2configs/repo-sync.nix>
];
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 120;
krebs.ci.hosts = [ config.krebs.build.host ];
}

178
krebs/2configs/buildbot-stockholm.nix Normal file
View File

@ -0,0 +1,178 @@
{ config, pkgs, ... }: with import <stockholm/lib>;
let
hostname = config.networking.hostName;
in
{
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts.build = {
serverAliases = [ "build.${hostname}.r" ];
locations."/".extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
'';
};
};
krebs.buildbot.master = {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
stockholm_repo = 'http://cgit.prism.r/stockholm'
cs.append(
changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=10
)
)
'';
scheduler = {
auto-scheduler = ''
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=60,
name="build-all-branches",
builderNames=[
"hosts",
]
)
)
'';
force-scheduler = ''
sched.append(
schedulers.ForceScheduler(
name="hosts",
builderNames=[
"hosts",
]
)
)
'';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(
repourl=stockholm_repo,
mode='full',
)
'';
builder = {
hosts = ''
from buildbot import interfaces
from buildbot.steps.shell import ShellCommand
class StepToStartMoreSteps(ShellCommand):
def __init__(self, **kwargs):
ShellCommand.__init__(self, **kwargs)
def addBuildSteps(self, steps_factories):
for sf in steps_factories:
step = interfaces.IBuildStepFactory(sf).buildStep()
step.setBuild(self.build)
step.setBuildSlave(self.build.slavebuilder.slave)
step_status = self.build.build_status.addStepWithName(step.name)
step.setStepStatus(step_status)
self.build.steps.append(step)
def start(self):
props = self.build.getProperties()
hosts = json.loads(props.getProperty('hosts_json'))
for host in hosts:
user = hosts[host]['owner']
self.addBuildSteps([steps.ShellCommand(
name=str(host),
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
},
command=[
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
"--user={}".format(user),
"--system={}".format(host),
"--force-populate",
"--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
])
],
timeout=90001,
workdir='build', # TODO figure out why we need this?
)])
ShellCommand.start(self)
f = util.BuildFactory()
f.addStep(grab_repo)
f.addStep(steps.SetPropertyFromCommand(
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
"NIX_REMOTE": "daemon",
},
name="get_hosts",
command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """
with import <nixpkgs> {};
let
eval-config = cfg:
import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [
(import cfg)
];
}
;
system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here
ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts;
filtered-attrs = lib.mapAttrs ( n: v: {
owner = v.owner.name;
}) ci-systems;
in filtered-attrs
"""],
property="hosts_json"
))
f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
bu.append(
util.BuilderConfig(
name="hosts",
slavenames=slavenames,
factory=f
)
)
'';
};
enable = true;
web.enable = true;
irc = {
enable = true;
nick = "build|${hostname}";
server = "irc.r";
channels = [ "noise" "xxx" ];
allowForce = true;
};
extraConfig = ''
c['buildbotURL'] = "http://build.${hostname}.r/"
'';
};
krebs.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate ];
};
}

1
krebs/2configs/default.nix
View File

@ -50,6 +50,7 @@ with import <stockholm/lib>;
users.extraUsers.root.openssh.authorizedKeys.keys = [ users.extraUsers.root.openssh.authorizedKeys.keys = [
# TODO # TODO
config.krebs.users.lass.pubkey config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.makefu.pubkey config.krebs.users.makefu.pubkey
# TODO HARDER: # TODO HARDER:
config.krebs.users.makefu-omo.pubkey config.krebs.users.makefu-omo.pubkey

2
krebs/2configs/news-spam.nix
View File

@ -94,7 +94,7 @@
[SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews [SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
[SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei [SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
[SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews [SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
[SPAM]painload|https://github.com/krebscode/painload/commits/master.atom|#snews [SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews
[SPAM]phys|http://phys.org/rss-feed/|#snews [SPAM]phys|http://phys.org/rss-feed/|#snews
[SPAM]piraten|https://www.piratenpartei.de/feed/|#snews [SPAM]piraten|https://www.piratenpartei.de/feed/|#snews
[SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews [SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews

4
krebs/2configs/news.nix
View File

@ -8,7 +8,7 @@
ethereum|http://blog.ethereum.org/feed|#news ethereum|http://blog.ethereum.org/feed|#news
LtU|http://lambda-the-ultimate.org/rss.xml|#news LtU|http://lambda-the-ultimate.org/rss.xml|#news
mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
painload|https://github.com/krebscode/painload/commits/master.atom|#news painload|https://github.com/krebs/painload/commits/master.atom|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
shackspace|http://shackspace.de/atom.xml|#news shackspace|http://shackspace.de/atom.xml|#news
@ -16,7 +16,7 @@
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news weechat|http://dev.weechat.org/feed/atom|#news
xkcd|https://xkcd.com/rss.xml|#news xkcd|https://xkcd.com/rss.xml|#news
painload|https://github.com/krebscode/painload/commits/master.atom|#news painload|https://github.com/krebs/painload/commits/master.atom|#news
''; '';
}; };
} }

11
krebs/2configs/reaktor-krebs.nix
View File

@ -13,13 +13,8 @@ with import <stockholm/lib>;
}; };
plugins = with pkgs.ReaktorPlugins; [ plugins = with pkgs.ReaktorPlugins; [
sed-plugin sed-plugin
wiki-todo-add ] ++
wiki-todo-done (attrValues (todo "agenda"))
wiki-todo-show ;
];
}; };
services.nginx.virtualHosts."lassul.us".locations."/wiki-todo".extraConfig = ''
default_type "text/plain";
alias /var/lib/Reaktor/state/wiki-todo;
'';
} }

4
krebs/2configs/reaktor-retiolum.nix
View File

@ -10,6 +10,8 @@ with import <stockholm/lib>;
}; };
plugins = with pkgs.ReaktorPlugins; [ plugins = with pkgs.ReaktorPlugins; [
sed-plugin sed-plugin
]; ] ++
(attrValues (todo "agenda"))
;
}; };
} }

192
krebs/3modules/ci.nix
View File

@ -1,192 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.krebs.ci;
hostname = config.networking.hostName;
in
{
options.krebs.ci = {
enable = mkEnableOption "krebs continous integration";
stockholmSrc = mkOption {
type = types.str;
default = "http://cgit.${hostname}.r/stockholm";
};
treeStableTimer = mkOption {
type = types.int;
default = 10;
description = "how long to wait until we test changes (in minutes)";
};
hosts = mkOption {
type = types.listOf types.host;
default = [];
description = ''
List of hosts that should be build
'';
};
tests = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of tests that should be build
'';
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts.build = {
serverAliases = [ "build.${hostname}.r" ];
locations."/".extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
'';
};
};
krebs.buildbot.master = {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
stockholm_repo = '${cfg.stockholmSrc}'
cs.append(
changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=10
)
)
'';
scheduler = {
build-scheduler = ''
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=${toString cfg.treeStableTimer}*60,
name="build-all-branches",
builderNames=[
${optionalString (cfg.hosts != []) ''"hosts",''}
${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
'';
force-scheduler = ''
sched.append(
schedulers.ForceScheduler(
name="force",
builderNames=[
${optionalString (cfg.hosts != []) ''"hosts",''}
${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
'';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(
repourl=stockholm_repo,
mode='full'
)
# prepare addShell function
def addShell(factory,**kwargs):
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
hosts = mkIf (cfg.hosts != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
def build_host(user, host):
addShell(f,
name="{}".format(host),
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
},
command=[
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
"--user={}".format(user),
"--system={}".format(host),
"--force-populate",
"--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
])
],
timeout=90001
)
${concatMapStringsSep "\n" (host:
"build_host(\"${host.owner.name}\", \"${host.name}\")"
) cfg.hosts}
bu.append(
util.BuilderConfig(
name="hosts",
slavenames=slavenames,
factory=f
)
)
'';
tests = mkIf (cfg.tests != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
def run_test(test):
addShell(f,
name="{}".format(test),
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
},
command=[
"nix-build", "-I", "stockholm=.", "krebs/0tests",
"-A", "{}".format(test)
],
timeout=90001
)
${concatMapStringsSep "\n" (test:
"run_test(\"${test}\")"
) cfg.tests}
bu.append(
util.BuilderConfig(
name="tests",
slavenames=slavenames,
factory=f
)
)
'';
};
enable = true;
web.enable = true;
irc = {
enable = true;
nick = "build|${hostname}";
server = "irc.r";
channels = [ "xxx" "noise" ];
allowForce = true;
};
extraConfig = ''
c['buildbotURL'] = "http://build.${hostname}.r/"
'';
};
krebs.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate ];
};
};
}

1
krebs/3modules/default.nix
View File

@ -13,7 +13,6 @@ let
./buildbot/master.nix ./buildbot/master.nix
./buildbot/slave.nix ./buildbot/slave.nix
./build.nix ./build.nix
./ci.nix
./current.nix ./current.nix
./exim.nix ./exim.nix
./exim-retiolum.nix ./exim-retiolum.nix

24
krebs/3modules/tv/default.nix
View File

@ -32,30 +32,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_rsa>; ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
}; };
kaepsele = {
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.166.2";
ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
aliases = [
"kaepsele.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm
QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF
6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb
JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK
ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf
ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj";
};
mu = { mu = {
ci = true; ci = true;
cores = 2; cores = 2;

42
krebs/5pkgs/simple/Reaktor/plugins.nix
View File

@ -141,25 +141,27 @@ rec {
''; '';
}); });
wiki-todo-add = buildSimpleReaktorPlugin "wiki-todo-add" { todo = name: {
pattern = "^wiki-todo: (?P<args>.*)$$"; add = buildSimpleReaktorPlugin "${name}-add" {
script = pkgs.writeDash "wiki-todo-add" '' pattern = "^${name}-add: (?P<args>.*)$$";
echo "$*" >> wiki-todo script = pkgs.writeDash "${name}-add" ''
echo "added todo. check on http://lassul.us/wiki-todo" echo "$*" >> ${name}-todo
''; echo "added ${name} todo"
}; '';
wiki-todo-done = buildSimpleReaktorPlugin "wiki-todo-done" { };
pattern = "^wiki-done: (?P<args>.*)$$"; delete = buildSimpleReaktorPlugin "${name}-delete" {
script = pkgs.writeDash "wiki-todo-done" '' pattern = "^${name}-delete: (?P<args>.*)$$";
${pkgs.gnugrep}/bin/grep -Fvxe "$*" wiki-todo > wiki-todo.tmp script = pkgs.writeDash "${name}-delete" ''
${pkgs.coreutils}/bin/mv wiki-todo.tmp wiki-todo ${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp
echo "thank you for resolving todo: $*" ${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo
''; echo "removed ${name} todo: $*"
}; '';
wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" { };
pattern = "^wiki-show$"; show = buildSimpleReaktorPlugin "${name}-show" {
script = pkgs.writeDash "wiki-show" '' pattern = "^${name}-show$";
${pkgs.coreutils}/bin/cat wiki-todo script = pkgs.writeDash "${name}-show" ''
''; ${pkgs.coreutils}/bin/cat ${name}-todo
'';
};
}; };
} }

2
krebs/5pkgs/simple/buildbot-classic/default.nix
View File

@ -7,7 +7,7 @@ python2Packages.buildPythonApplication rec {
patches = []; patches = [];
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "krebscode"; owner = "krebs";
repo = "buildbot-classic"; repo = "buildbot-classic";
rev = version; rev = version;
sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha";

3
krebs/5pkgs/simple/ejabberd/default.nix
View File

@ -1,6 +1,5 @@
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert { stdenv, writeScriptBin, lib, fetchurl, git, cacert
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd , erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
, flock
, withMysql ? false , withMysql ? false
, withPgsql ? false , withPgsql ? false
, withSqlite ? false, sqlite , withSqlite ? false, sqlite
@ -106,7 +105,7 @@ in stdenv.mkDerivation rec {
postInstall = '' postInstall = ''
sed -i \ sed -i \
-e '2iexport PATH=${ctlpath}:$PATH' \ -e '2iexport PATH=${ctlpath}:$PATH' \
-e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \ -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
-e 's,\(^ *JOT=\).*,\1,' \ -e 's,\(^ *JOT=\).*,\1,' \
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \ -e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
$out/sbin/ejabberdctl $out/sbin/ejabberdctl

2
krebs/5pkgs/simple/painload/default.nix
View File

@ -1,7 +1,7 @@
{ fetchgit, ... }: { fetchgit, ... }:
fetchgit { fetchgit {
url = https://github.com/krebscode/painload; url = https://github.com/krebs/painload;
rev = "c113487f73713a03b1a139b22bb34b86234d0495"; rev = "c113487f73713a03b1a139b22bb34b86234d0495";
sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6"; sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6";
} }

2
krebs/5pkgs/simple/repo-sync/default.nix
View File

@ -10,7 +10,7 @@ with python3Packages; buildPythonPackage rec {
pkgs.git pkgs.git
]; ];
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "krebscode"; owner = "krebs";
repo = "repo-sync"; repo = "repo-sync";
rev = version; rev = version;
sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw"; sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw";

4
krebs/5pkgs/simple/retiolum-bootstrap/default.nix
View File

@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
src = fetchurl { src = fetchurl {
url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh; url = https://raw.githubusercontent.com/krebs/painload/master/retiolum/scripts/tinc_setup/new_install.sh;
sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s"; sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s";
}; };
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
meta = { meta = {
description = "Retiolum boostrap scripts"; description = "Retiolum boostrap scripts";
url = https://github.com/krebscode/painload; url = https://github.com/krebs/painload;
license = licenses.wtfpl; license = licenses.wtfpl;
platforms = platforms.unix; platforms = platforms.unix;
maintainers = with maintainers; [ makefu ]; maintainers = with maintainers; [ makefu ];

2
krebs/5pkgs/simple/thesauron/default.nix
View File

@ -1,6 +1,6 @@
{ fetchgit, callPackage }: let { fetchgit, callPackage }: let
src = fetchgit { src = fetchgit {
url = "https://github.com/krebscode/thesauron"; url = "https://github.com/krebs/thesauron";
rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5"; rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5";
"sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva"; "sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva";
}; };

19
krebs/kops.nix → krebs/krops.nix
View File

@ -1,19 +1,18 @@
{ name }: rec { { name }: rec {
kops = (import <nixpkgs> {}).fetchgit { krops = builtins.fetchGit {
url = https://cgit.krebsco.de/kops/; url = https://cgit.krebsco.de/krops/;
rev = "e89cf20d4310070a877c2e24a287659546b561c9"; rev = "4e466eaf05861b47365c5ef46a31a188b70f3615";
sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
}; };
lib = import "${kops}/lib"; lib = import "${krops}/lib";
# TODO document why pkgs should be used like this # TODO document why pkgs should be used like this
pkgs = import "${kops}/pkgs" {}; pkgs = import "${krops}/pkgs" {};
krebs-source = { krebs-source = {
nixpkgs.git = { nixpkgs.git = {
ref = "ef74cafd3e5914fdadd08bf20303328d72d65d6c"; ref = "7295e175bf6c6e8aa54f1b4d99256ee95d13d385";
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
}; };
stockholm.file = toString ../.; stockholm.file = toString ../.;
@ -51,14 +50,14 @@
]; ];
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = pkgs.kops.writeDeploy "${name}-deploy" { deploy = pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; }; source = source { test = false; };
target = "root@${name}/var/src"; target = "root@${name}/var/src";
}; };
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
test = pkgs.kops.writeTest "${name}-test" { test = pkgs.krops.writeTest "${name}-test" {
source = source { test = true; }; source = source { test = true; };
target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src";
}; };
} }

2
krebs/source.nix
View File

@ -22,7 +22,7 @@ in
}; };
stockholm.file = toString <stockholm>; stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs = (import ./kops.nix { name = ""; }).krebs-source.nixpkgs; nixpkgs = (import ./krops.nix { name = ""; }).krebs-source.nixpkgs;
} }
override override
] ]

8
lass/1systems/blue/config.nix
View File

@ -12,6 +12,14 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.blue; krebs.build.host = config.krebs.hosts.blue;
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
networking.nameservers = [ "1.1.1.1" ]; networking.nameservers = [ "1.1.1.1" ];
lass.restic = genAttrs [ lass.restic = genAttrs [

8
lass/1systems/mors/config.nix
View File

@ -140,14 +140,6 @@ with import <stockholm/lib>;
OnCalendar = "00:37"; OnCalendar = "00:37";
}; };
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
nix.package = pkgs.nixUnstable; nix.package = pkgs.nixUnstable;
programs.adb.enable = true; programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ]; users.users.mainUser.extraGroups = [ "adbusers" "docker" ];

6
lass/1systems/prism/config.nix
View File

@ -175,7 +175,6 @@ with import <stockholm/lib>;
alias /var/realwallpaper/realwallpaper.png; alias /var/realwallpaper/realwallpaper.png;
''; '';
} }
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix> <stockholm/lass/2configs/dcso-dev.nix>
{ {
users.users.jeschli = { users.users.jeschli = {
@ -337,6 +336,11 @@ with import <stockholm/lib>;
]; ];
}; };
} }
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
]; ];
krebs.build.host = config.krebs.hosts.prism; krebs.build.host = config.krebs.hosts.prism;

1
lass/2configs/baseX.nix
View File

@ -68,6 +68,7 @@ in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
acpi acpi
ag
bank bank
cabal2nix cabal2nix
dic dic

5
lass/2configs/blue.nix
View File

@ -9,6 +9,11 @@ with (import <stockholm/lib>);
./pass.nix ./pass.nix
]; ];
environment.systemPackages = with pkgs; [
ag
nmap
];
services.tor.enable = true; services.tor.enable = true;
krebs.iptables.tables.filter.INPUT.rules = [ krebs.iptables.tables.filter.INPUT.rules = [

1
lass/2configs/default.nix
View File

@ -23,7 +23,6 @@ with import <stockholm/lib>;
config.krebs.users.lass-blue.pubkey config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-shodan.pubkey config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey config.krebs.users.lass-icarus.pubkey
config.krebs.users.lass-xerxes.pubkey
]; ];
}; };
mainUser = { mainUser = {

2
lass/2configs/git.nix
View File

@ -54,7 +54,7 @@ let
cgit.section = "art"; cgit.section = "art";
}; };
nix-user-chroot = { nix-user-chroot = {
cgit.desc = "Fork of nix-user-chroot my lethalman"; cgit.desc = "Fork of nix-user-chroot by lethalman";
cgit.section = "software"; cgit.section = "software";
}; };
krops = { krops = {

4
lass/2configs/repo-sync.nix
View File

@ -126,8 +126,8 @@ in {
(sync-remote "xintmap" "https://github.com/4z3/xintmap") (sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper") (sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
(sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog") (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
(sync-remote "painload" "https://github.com/krebscode/painload") (sync-remote "painload" "https://github.com/krebs/painload")
(sync-remote "Reaktor" "https://github.com/krebscode/Reaktor") (sync-remote "Reaktor" "https://github.com/krebs/Reaktor")
(sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git") (sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git")
(sync-retiolum "go") (sync-retiolum "go")
(sync-retiolum "much") (sync-retiolum "much")

5
lass/2configs/websites/domsen.nix
View File

@ -26,7 +26,10 @@ in {
./default.nix ./default.nix
./sqlBackup.nix ./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "freemonkey.art" ]) (servePage [
"freemonkey.art"
"www.freemonkey.art"
])
(serveOwncloud [ "o.ubikmedia.de" ]) (serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [ (serveWordpress [
"ubikmedia.de" "ubikmedia.de"

17
lass/kops.nix → lass/krops.nix
View File

@ -1,5 +1,5 @@
{ name }: let { config ? config, name }: let
inherit (import ../krebs/kops.nix { inherit name; }) inherit (import ../krebs/krops.nix { inherit name; })
krebs-source krebs-source
lib lib
pkgs pkgs
@ -22,14 +22,21 @@
in { in {
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = pkgs.kops.writeDeploy "${name}-deploy" { deploy = pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; }; source = source { test = false; };
target = "root@${name}/var/src"; target = "root@${name}/var/src";
}; };
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
test = pkgs.kops.writeTest "${name}-test" { test = pkgs.krops.writeTest "${name}-test" {
source = source { test = true; }; source = source { test = true; };
target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src"; target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src";
}; };
ci = map (host:
pkgs.krops.writeTest "${host.name}-test" {
source = source { test = true; };
target = "${lib.getEnv "TMPDIR"}/lass/${host.name}";
}
) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts));
} }

4
makefu/5pkgs/elchhub/default.nix
View File

@ -22,13 +22,13 @@ in buildPythonPackage rec {
]; ];
doCheck = false; doCheck = false;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "krebscode"; owner = "krebs";
repo = "elchhub"; repo = "elchhub";
rev = "58707c6"; rev = "58707c6";
sha256 = "04spbcr660dxyc4jvrai094na25zizd2cfi36jz19lahb0k66lqm"; sha256 = "04spbcr660dxyc4jvrai094na25zizd2cfi36jz19lahb0k66lqm";
}; };
meta = { meta = {
homepage = https://github.com/krebscode/elchhub; homepage = https://github.com/krebs/elchhub;
description = "elchhub"; description = "elchhub";
license = lib.licenses.wtfpl; license = lib.licenses.wtfpl;
}; };

1
tv/2configs/gitrepos.nix
View File

@ -54,6 +54,7 @@ let {
netcup = { netcup = {
cgit.desc = "netcup command line interface"; cgit.desc = "netcup command line interface";
}; };
nix-writers = {};
populate = { populate = {
cgit.desc = "source code installer"; cgit.desc = "source code installer";
}; };

2
tv/2configs/urlwatch.nix
View File

@ -34,7 +34,7 @@ with import <stockholm/lib>;
## other ## other
https://nixos.org/channels/nixos-17.09/git-revision https://nixos.org/channels/nixos-18.03/git-revision
https://nixos.org/channels/nixos-unstable/git-revision https://nixos.org/channels/nixos-unstable/git-revision
## 2014-10-17 ## 2014-10-17

15
tv/5pkgs/simple/otpmenu.nix Normal file
View File

@ -0,0 +1,15 @@
{ dmenu, gnused, pass, writeDashBin, xdotool }:
writeDashBin "otpmenu" ''
set -efu
x=$(
${pass}/bin/pass git ls-files '*/otp.gpg' \
| ${gnused}/bin/sed 's:/otp\.gpg$::' \
| ${dmenu}/bin/dmenu -f -p OTP
)
otp=$(${pass}/bin/pass otp code "$x/otp")
printf %s "$otp" | ${xdotool}/bin/xdotool type -f -
''

1
tv/5pkgs/simple/xmonad-tv/default.nix
View File

@ -133,6 +133,7 @@ myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing) [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill) , ((_4S , xK_c ), kill)
, ((_4 , xK_o ), forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing)
, ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing) , ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing)
, ((_4 , xK_x ), chooseAction spawnTermAt) , ((_4 , xK_x ), chooseAction spawnTermAt)