Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lass/master'

Browse Source
This commit is contained in:
makefu 2018-06-14 21:54:55 +02:00
commit d98e41a4d7
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
36 changed files with 287 additions and 313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
krebs/1systems/hotdog/config.nix
View File

@ -9,17 +9,17 @@
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/buildbot-all.nix>
<stockholm/krebs/2configs/buildbot-stockholm.nix>
<stockholm/krebs/2configs/gitlab-runner-shackspace.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor-retiolum.nix>
<stockholm/krebs/2configs/reaktor-krebs.nix>
];
krebs.build.host = config.krebs.hosts.hotdog;
boot.isContainer = true;
networking.useDHCP = false;
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
environment.variables.NIX_REMOTE = "daemon";
}

9
krebs/2configs/buildbot-all.nix
View File

@ -1,9 +0,0 @@
with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
}

12
krebs/2configs/buildbot-krebs.nix
View File

@ -1,12 +0,0 @@
with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
imports = [
<stockholm/krebs/2configs/repo-sync.nix>
];
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 120;
krebs.ci.hosts = [ config.krebs.build.host ];
}

178
krebs/2configs/buildbot-stockholm.nix Normal file
View File

@ -0,0 +1,178 @@
{ config, pkgs, ... }: with import <stockholm/lib>;
let
hostname = config.networking.hostName;
in
{
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts.build = {
serverAliases = [ "build.${hostname}.r" ];
locations."/".extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
'';
};
};
krebs.buildbot.master = {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
stockholm_repo = 'http://cgit.prism.r/stockholm'
cs.append(
changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=10
)
)
'';
scheduler = {
auto-scheduler = ''
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=60,
name="build-all-branches",
builderNames=[
"hosts",
]
)
)
'';
force-scheduler = ''
sched.append(
schedulers.ForceScheduler(
name="hosts",
builderNames=[
"hosts",
]
)
)
'';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(
repourl=stockholm_repo,
mode='full',
)
'';
builder = {
hosts = ''
from buildbot import interfaces
from buildbot.steps.shell import ShellCommand
class StepToStartMoreSteps(ShellCommand):
def __init__(self, **kwargs):
ShellCommand.__init__(self, **kwargs)
def addBuildSteps(self, steps_factories):
for sf in steps_factories:
step = interfaces.IBuildStepFactory(sf).buildStep()
step.setBuild(self.build)
step.setBuildSlave(self.build.slavebuilder.slave)
step_status = self.build.build_status.addStepWithName(step.name)
step.setStepStatus(step_status)
self.build.steps.append(step)
def start(self):
props = self.build.getProperties()
hosts = json.loads(props.getProperty('hosts_json'))
for host in hosts:
user = hosts[host]['owner']
self.addBuildSteps([steps.ShellCommand(
name=str(host),
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
},
command=[
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
"--user={}".format(user),
"--system={}".format(host),
"--force-populate",
"--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
])
],
timeout=90001,
workdir='build', # TODO figure out why we need this?
)])
ShellCommand.start(self)
f = util.BuildFactory()
f.addStep(grab_repo)
f.addStep(steps.SetPropertyFromCommand(
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src",
"NIX_REMOTE": "daemon",
},
name="get_hosts",
command=["nix-instantiate", "--json", "--strict", "--eval", "-E", """
with import <nixpkgs> {};
let
eval-config = cfg:
import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [
(import cfg)
];
}
;
system = eval-config ./krebs/1systems/hotdog/config.nix; # TODO put a better config here
ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts;
filtered-attrs = lib.mapAttrs ( n: v: {
owner = v.owner.name;
}) ci-systems;
in filtered-attrs
"""],
property="hosts_json"
))
f.addStep(StepToStartMoreSteps(command=["echo"])) # TODO remove dummy command from here
bu.append(
util.BuilderConfig(
name="hosts",
slavenames=slavenames,
factory=f
)
)
'';
};
enable = true;
web.enable = true;
irc = {
enable = true;
nick = "build|${hostname}";
server = "irc.r";
channels = [ "noise" "xxx" ];
allowForce = true;
};
extraConfig = ''
c['buildbotURL'] = "http://build.${hostname}.r/"
'';
};
krebs.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate ];
};
}

1
krebs/2configs/default.nix
View File

@ -50,6 +50,7 @@ with import <stockholm/lib>;
users.extraUsers.root.openssh.authorizedKeys.keys = [
# TODO
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.makefu.pubkey
# TODO HARDER:
config.krebs.users.makefu-omo.pubkey

2
krebs/2configs/news-spam.nix
View File

@ -94,7 +94,7 @@
[SPAM]npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews
[SPAM]nsa|https://www.nsa.gov/rss.xml|#snews #bullerei
[SPAM]nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews
[SPAM]painload|https://github.com/krebscode/painload/commits/master.atom|#snews
[SPAM]painload|https://github.com/krebs/painload/commits/master.atom|#snews
[SPAM]phys|http://phys.org/rss-feed/|#snews
[SPAM]piraten|https://www.piratenpartei.de/feed/|#snews
[SPAM]polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews

4
krebs/2configs/news.nix
View File

@ -8,7 +8,7 @@
ethereum|http://blog.ethereum.org/feed|#news
LtU|http://lambda-the-ultimate.org/rss.xml|#news
mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news
painload|https://github.com/krebscode/painload/commits/master.atom|#news
painload|https://github.com/krebs/painload/commits/master.atom|#news
reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news
reddit_nix|http://www.reddit.com/r/nixos/.rss|#news
shackspace|http://shackspace.de/atom.xml|#news
@ -16,7 +16,7 @@
vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news
weechat|http://dev.weechat.org/feed/atom|#news
xkcd|https://xkcd.com/rss.xml|#news
painload|https://github.com/krebscode/painload/commits/master.atom|#news
painload|https://github.com/krebs/painload/commits/master.atom|#news
'';
};
}

11
krebs/2configs/reaktor-krebs.nix
View File

@ -13,13 +13,8 @@ with import <stockholm/lib>;
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
wiki-todo-add
wiki-todo-done
wiki-todo-show
];
] ++
(attrValues (todo "agenda"))
;
};
services.nginx.virtualHosts."lassul.us".locations."/wiki-todo".extraConfig = ''
default_type "text/plain";
alias /var/lib/Reaktor/state/wiki-todo;
'';
}

4
krebs/2configs/reaktor-retiolum.nix
View File

@ -10,6 +10,8 @@ with import <stockholm/lib>;
};
plugins = with pkgs.ReaktorPlugins; [
sed-plugin
];
] ++
(attrValues (todo "agenda"))
;
};
}

192
krebs/3modules/ci.nix
View File

@ -1,192 +0,0 @@
{ config, pkgs, ... }:
with import <stockholm/lib>;
let
cfg = config.krebs.ci;
hostname = config.networking.hostName;
in
{
options.krebs.ci = {
enable = mkEnableOption "krebs continous integration";
stockholmSrc = mkOption {
type = types.str;
default = "http://cgit.${hostname}.r/stockholm";
};
treeStableTimer = mkOption {
type = types.int;
default = 10;
description = "how long to wait until we test changes (in minutes)";
};
hosts = mkOption {
type = types.listOf types.host;
default = [];
description = ''
List of hosts that should be build
'';
};
tests = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of tests that should be build
'';
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts.build = {
serverAliases = [ "build.${hostname}.r" ];
locations."/".extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:${toString config.krebs.buildbot.master.web.port};
'';
};
};
krebs.buildbot.master = {
slaves = {
testslave = "lasspass";
};
change_source.stockholm = ''
stockholm_repo = '${cfg.stockholmSrc}'
cs.append(
changes.GitPoller(
stockholm_repo,
workdir='stockholm-poller', branches=True,
project='stockholm',
pollinterval=10
)
)
'';
scheduler = {
build-scheduler = ''
sched.append(
schedulers.SingleBranchScheduler(
change_filter=util.ChangeFilter(branch_re=".*"),
treeStableTimer=${toString cfg.treeStableTimer}*60,
name="build-all-branches",
builderNames=[
${optionalString (cfg.hosts != []) ''"hosts",''}
${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
'';
force-scheduler = ''
sched.append(
schedulers.ForceScheduler(
name="force",
builderNames=[
${optionalString (cfg.hosts != []) ''"hosts",''}
${optionalString (cfg.tests != []) ''"tests",''}
]
)
)
'';
};
builder_pre = ''
# prepare grab_repo step for stockholm
grab_repo = steps.Git(
repourl=stockholm_repo,
mode='full'
)
# prepare addShell function
def addShell(factory,**kwargs):
factory.addStep(steps.ShellCommand(**kwargs))
'';
builder = {
hosts = mkIf (cfg.hosts != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
def build_host(user, host):
addShell(f,
name="{}".format(host),
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
},
command=[
"nix-shell", "-I", "stockholm=.", "--run", " ".join(["test",
"--user={}".format(user),
"--system={}".format(host),
"--force-populate",
"--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user),
])
],
timeout=90001
)
${concatMapStringsSep "\n" (host:
"build_host(\"${host.owner.name}\", \"${host.name}\")"
) cfg.hosts}
bu.append(
util.BuilderConfig(
name="hosts",
slavenames=slavenames,
factory=f
)
)
'';
tests = mkIf (cfg.tests != []) ''
f = util.BuildFactory()
f.addStep(grab_repo)
def run_test(test):
addShell(f,
name="{}".format(test),
env={
"NIX_PATH": "secrets=/var/src/stockholm/null:/var/src",
"NIX_REMOTE": "daemon",
"dummy_secrets": "true",
},
command=[
"nix-build", "-I", "stockholm=.", "krebs/0tests",
"-A", "{}".format(test)
],
timeout=90001
)
${concatMapStringsSep "\n" (test:
"run_test(\"${test}\")"
) cfg.tests}
bu.append(
util.BuilderConfig(
name="tests",
slavenames=slavenames,
factory=f
)
)
'';
};
enable = true;
web.enable = true;
irc = {
enable = true;
nick = "build|${hostname}";
server = "irc.r";
channels = [ "xxx" "noise" ];
allowForce = true;
};
extraConfig = ''
c['buildbotURL'] = "http://build.${hostname}.r/"
'';
};
krebs.buildbot.slave = {
enable = true;
masterhost = "localhost";
username = "testslave";
password = "lasspass";
packages = with pkgs; [ gnumake jq nix populate ];
};
};
}

1
krebs/3modules/default.nix
View File

@ -13,7 +13,6 @@ let
./buildbot/master.nix
./buildbot/slave.nix
./build.nix
./ci.nix
./current.nix
./exim.nix
./exim-retiolum.nix

24
krebs/3modules/tv/default.nix
View File

@ -32,30 +32,6 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_rsa>;
ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q==";
};
kaepsele = {
external = true;
nets = {
retiolum = {
ip4.addr = "10.243.166.2";
ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d";
aliases = [
"kaepsele.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm
QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF
6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb
JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK
ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf
ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj";
};
mu = {
ci = true;
cores = 2;

42
krebs/5pkgs/simple/Reaktor/plugins.nix
View File

@ -141,25 +141,27 @@ rec {
'';
});
wiki-todo-add = buildSimpleReaktorPlugin "wiki-todo-add" {
pattern = "^wiki-todo: (?P<args>.*)$$";
script = pkgs.writeDash "wiki-todo-add" ''
echo "$*" >> wiki-todo
echo "added todo. check on http://lassul.us/wiki-todo"
'';
};
wiki-todo-done = buildSimpleReaktorPlugin "wiki-todo-done" {
pattern = "^wiki-done: (?P<args>.*)$$";
script = pkgs.writeDash "wiki-todo-done" ''
${pkgs.gnugrep}/bin/grep -Fvxe "$*" wiki-todo > wiki-todo.tmp
${pkgs.coreutils}/bin/mv wiki-todo.tmp wiki-todo
echo "thank you for resolving todo: $*"
'';
};
wiki-todo-show = buildSimpleReaktorPlugin "wiki-todo" {
pattern = "^wiki-show$";
script = pkgs.writeDash "wiki-show" ''
${pkgs.coreutils}/bin/cat wiki-todo
'';
todo = name: {
add = buildSimpleReaktorPlugin "${name}-add" {
pattern = "^${name}-add: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-add" ''
echo "$*" >> ${name}-todo
echo "added ${name} todo"
'';
};
delete = buildSimpleReaktorPlugin "${name}-delete" {
pattern = "^${name}-delete: (?P<args>.*)$$";
script = pkgs.writeDash "${name}-delete" ''
${pkgs.gnugrep}/bin/grep -Fvxe "$*" ${name}-todo > ${name}-todo.tmp
${pkgs.coreutils}/bin/mv ${name}-todo.tmp ${name}-todo
echo "removed ${name} todo: $*"
'';
};
show = buildSimpleReaktorPlugin "${name}-show" {
pattern = "^${name}-show$";
script = pkgs.writeDash "${name}-show" ''
${pkgs.coreutils}/bin/cat ${name}-todo
'';
};
};
}

2
krebs/5pkgs/simple/buildbot-classic/default.nix
View File

@ -7,7 +7,7 @@ python2Packages.buildPythonApplication rec {
patches = [];
src = fetchFromGitHub {
owner = "krebscode";
owner = "krebs";
repo = "buildbot-classic";
rev = version;
sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha";

3
krebs/5pkgs/simple/ejabberd/default.nix
View File

@ -1,6 +1,5 @@
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
, flock
, withMysql ? false
, withPgsql ? false
, withSqlite ? false, sqlite
@ -106,7 +105,7 @@ in stdenv.mkDerivation rec {
postInstall = ''
sed -i \
-e '2iexport PATH=${ctlpath}:$PATH' \
-e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \
-e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
-e 's,\(^ *JOT=\).*,\1,' \
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
$out/sbin/ejabberdctl

2
krebs/5pkgs/simple/painload/default.nix
View File

@ -1,7 +1,7 @@
{ fetchgit, ... }:
fetchgit {
url = https://github.com/krebscode/painload;
url = https://github.com/krebs/painload;
rev = "c113487f73713a03b1a139b22bb34b86234d0495";
sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6";
}

2
krebs/5pkgs/simple/repo-sync/default.nix
View File

@ -10,7 +10,7 @@ with python3Packages; buildPythonPackage rec {
pkgs.git
];
src = fetchFromGitHub {
owner = "krebscode";
owner = "krebs";
repo = "repo-sync";
rev = version;
sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw";

4
krebs/5pkgs/simple/retiolum-bootstrap/default.nix
View File

@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
src = fetchurl {
url = https://raw.githubusercontent.com/krebscode/painload/master/retiolum/scripts/tinc_setup/new_install.sh;
url = https://raw.githubusercontent.com/krebs/painload/master/retiolum/scripts/tinc_setup/new_install.sh;
sha256 = "03kmil8q2xm3rdm2jxyah7vww84pw6w01d0c3siid9zpn2j7la9s";
};
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
meta = {
description = "Retiolum boostrap scripts";
url = https://github.com/krebscode/painload;
url = https://github.com/krebs/painload;
license = licenses.wtfpl;
platforms = platforms.unix;
maintainers = with maintainers; [ makefu ];

2
krebs/5pkgs/simple/thesauron/default.nix
View File

@ -1,6 +1,6 @@
{ fetchgit, callPackage }: let
src = fetchgit {
url = "https://github.com/krebscode/thesauron";
url = "https://github.com/krebs/thesauron";
rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5";
"sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva";
};

19
krebs/kops.nix → krebs/krops.nix
View File

@ -1,19 +1,18 @@
{ name }: rec {
kops = (import <nixpkgs> {}).fetchgit {
url = https://cgit.krebsco.de/kops/;
rev = "e89cf20d4310070a877c2e24a287659546b561c9";
sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
krops = builtins.fetchGit {
url = https://cgit.krebsco.de/krops/;
rev = "4e466eaf05861b47365c5ef46a31a188b70f3615";
};
lib = import "${kops}/lib";
lib = import "${krops}/lib";
# TODO document why pkgs should be used like this
pkgs = import "${kops}/pkgs" {};
pkgs = import "${krops}/pkgs" {};
krebs-source = {
nixpkgs.git = {
ref = "ef74cafd3e5914fdadd08bf20303328d72d65d6c";
ref = "7295e175bf6c6e8aa54f1b4d99256ee95d13d385";
url = https://github.com/NixOS/nixpkgs;
};
stockholm.file = toString ../.;
@ -51,14 +50,14 @@
];
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = pkgs.kops.writeDeploy "${name}-deploy" {
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; };
target = "root@${name}/var/src";
};
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
test = pkgs.kops.writeTest "${name}-test" {
test = pkgs.krops.writeTest "${name}-test" {
source = source { test = true; };
target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src";
target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src";
};
}

2
krebs/source.nix
View File

@ -22,7 +22,7 @@ in
};
stockholm.file = toString <stockholm>;
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs = (import ./kops.nix { name = ""; }).krebs-source.nixpkgs;
nixpkgs = (import ./krops.nix { name = ""; }).krebs-source.nixpkgs;
}
override
]

8
lass/1systems/blue/config.nix
View File

@ -12,6 +12,14 @@ with import <stockholm/lib>;
krebs.build.host = config.krebs.hosts.blue;
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
networking.nameservers = [ "1.1.1.1" ];
lass.restic = genAttrs [

8
lass/1systems/mors/config.nix
View File

@ -140,14 +140,6 @@ with import <stockholm/lib>;
OnCalendar = "00:37";
};
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/stockholm/lass/kops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
};
nix.package = pkgs.nixUnstable;
programs.adb.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "docker" ];

6
lass/1systems/prism/config.nix
View File

@ -175,7 +175,6 @@ with import <stockholm/lib>;
alias /var/realwallpaper/realwallpaper.png;
'';
}
<stockholm/krebs/2configs/reaktor-krebs.nix>
<stockholm/lass/2configs/dcso-dev.nix>
{
users.users.jeschli = {
@ -337,6 +336,11 @@ with import <stockholm/lib>;
];
};
}
{
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
];
krebs.build.host = config.krebs.hosts.prism;

1
lass/2configs/baseX.nix
View File

@ -68,6 +68,7 @@ in {
environment.systemPackages = with pkgs; [
acpi
ag
bank
cabal2nix
dic

5
lass/2configs/blue.nix
View File

@ -9,6 +9,11 @@ with (import <stockholm/lib>);
./pass.nix
];
environment.systemPackages = with pkgs; [
ag
nmap
];
services.tor.enable = true;
krebs.iptables.tables.filter.INPUT.rules = [

1
lass/2configs/default.nix
View File

@ -23,7 +23,6 @@ with import <stockholm/lib>;
config.krebs.users.lass-blue.pubkey
config.krebs.users.lass-shodan.pubkey
config.krebs.users.lass-icarus.pubkey
config.krebs.users.lass-xerxes.pubkey
];
};
mainUser = {

2
lass/2configs/git.nix
View File

@ -54,7 +54,7 @@ let
cgit.section = "art";
};
nix-user-chroot = {
cgit.desc = "Fork of nix-user-chroot my lethalman";
cgit.desc = "Fork of nix-user-chroot by lethalman";
cgit.section = "software";
};
krops = {

4
lass/2configs/repo-sync.nix
View File

@ -126,8 +126,8 @@ in {
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
(sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
(sync-remote "painload" "https://github.com/krebscode/painload")
(sync-remote "Reaktor" "https://github.com/krebscode/Reaktor")
(sync-remote "painload" "https://github.com/krebs/painload")
(sync-remote "Reaktor" "https://github.com/krebs/Reaktor")
(sync-remote "nixos-wiki" "https://github.com/Mic92/nixos-wiki.wiki.git")
(sync-retiolum "go")
(sync-retiolum "much")

5
lass/2configs/websites/domsen.nix
View File

@ -26,7 +26,10 @@ in {
./default.nix
./sqlBackup.nix
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
(servePage [ "freemonkey.art" ])
(servePage [
"freemonkey.art"
"www.freemonkey.art"
])
(serveOwncloud [ "o.ubikmedia.de" ])
(serveWordpress [
"ubikmedia.de"

17
lass/kops.nix → lass/krops.nix
View File

@ -1,5 +1,5 @@
{ name }: let
inherit (import ../krebs/kops.nix { inherit name; })
{ config ? config, name }: let
inherit (import ../krebs/krops.nix { inherit name; })
krebs-source
lib
pkgs
@ -22,14 +22,21 @@
in {
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = pkgs.kops.writeDeploy "${name}-deploy" {
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; };
target = "root@${name}/var/src";
};
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test)
test = pkgs.kops.writeTest "${name}-test" {
test = pkgs.krops.writeTest "${name}-test" {
source = source { test = true; };
target = "${lib.getEnv "HOME"}/tmp/${name}-kops-test-src";
target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src";
};
ci = map (host:
pkgs.krops.writeTest "${host.name}-test" {
source = source { test = true; };
target = "${lib.getEnv "TMPDIR"}/lass/${host.name}";
}
) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts));
}

4
makefu/5pkgs/elchhub/default.nix
View File

@ -22,13 +22,13 @@ in buildPythonPackage rec {
];
doCheck = false;
src = fetchFromGitHub {
owner = "krebscode";
owner = "krebs";
repo = "elchhub";
rev = "58707c6";
sha256 = "04spbcr660dxyc4jvrai094na25zizd2cfi36jz19lahb0k66lqm";
};
meta = {
homepage = https://github.com/krebscode/elchhub;
homepage = https://github.com/krebs/elchhub;
description = "elchhub";
license = lib.licenses.wtfpl;
};

1
tv/2configs/gitrepos.nix
View File

@ -54,6 +54,7 @@ let {
netcup = {
cgit.desc = "netcup command line interface";
};
nix-writers = {};
populate = {
cgit.desc = "source code installer";
};

2
tv/2configs/urlwatch.nix
View File

@ -34,7 +34,7 @@ with import <stockholm/lib>;
## other
https://nixos.org/channels/nixos-17.09/git-revision
https://nixos.org/channels/nixos-18.03/git-revision
https://nixos.org/channels/nixos-unstable/git-revision
## 2014-10-17

15
tv/5pkgs/simple/otpmenu.nix Normal file
View File

@ -0,0 +1,15 @@
{ dmenu, gnused, pass, writeDashBin, xdotool }:
writeDashBin "otpmenu" ''
set -efu
x=$(
${pass}/bin/pass git ls-files '*/otp.gpg' \
| ${gnused}/bin/sed 's:/otp\.gpg$::' \
| ${dmenu}/bin/dmenu -f -p OTP
)
otp=$(${pass}/bin/pass otp code "$x/otp")
printf %s "$otp" | ${xdotool}/bin/xdotool type -f -
''

1
tv/5pkgs/simple/xmonad-tv/default.nix
View File

@ -133,6 +133,7 @@ myKeys conf = Map.fromList $
[ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill)
, ((_4 , xK_o ), forkFile "${pkgs.otpmenu}/bin/otpmenu" [] Nothing)
, ((_4 , xK_p ), forkFile "${pkgs.pass}/bin/passmenu" ["--type"] Nothing)
, ((_4 , xK_x ), chooseAction spawnTermAt)