Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'cd/master'

Browse Source
This commit is contained in:
makefu 2015-09-30 19:45:24 +02:00
commit e1ec3ff1ef
6 changed files with 194 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
default.nix
View File

@ -11,7 +11,8 @@ let
out = out =
(lib.mapAttrs (k: v: mk-namespace (./. + "/${k}")) (lib.mapAttrs (k: v: mk-namespace (./. + "/${k}"))
(lib.filterAttrs (lib.filterAttrs
(k: v: !lib.hasPrefix "." k && v == "directory") (k: v: !lib.hasPrefix "." k && v == "directory" &&
builtins.pathExists (./. + "/${k}/1systems"))
(builtins.readDir ./.))); (builtins.readDir ./.)));
eval = path: import <nixpkgs/nixos/lib/eval-config.nix> { eval = path: import <nixpkgs/nixos/lib/eval-config.nix> {

52
krebs/3modules/build/default.nix
View File

@ -28,6 +28,42 @@ let
type = types.user; type = types.user;
}; };
options.krebs.build.scripts.init = lib.mkOption {
type = lib.types.str;
default =
let
inherit (config.krebs.build) host;
in
''
#! /bin/sh
set -efu
hostname=${host.name}
secrets_dir=${config.krebs.build.source.dir.secrets.path}
key_type=ed25519
key_file=$secrets_dir/ssh.id_$key_type
key_comment=$hostname
if test -e "$key_file"; then
echo "Warning: privkey already exists: $key_file" >&2
else
ssh-keygen \
-C "$key_comment" \
-t "$key_type" \
-f "$key_file" \
-N ""
rm "$key_file.pub"
fi
pubkey=$(ssh-keygen -y -f "$key_file")
cat<<EOF
# put following into config.krebs.hosts.$hostname:
ssh.pubkey = $(echo $pubkey | jq -R .);
EOF
'';
};
options.krebs.build.scripts.deploy = lib.mkOption { options.krebs.build.scripts.deploy = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = '' default = ''
@ -67,12 +103,16 @@ let
src=$(type -p nixos-install) src=$(type -p nixos-install)
cat_src() { cat_src() {
sed < "$src" "$( sed < "$src" "$(
sed < "$src" -n ' { sed < "$src" -n '
/^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/= /^if ! test -e "\$mountPoint\/\$NIXOS_CONFIG/,/^fi$/=
/^nixpkgs=/= /^nixpkgs=/=
/^NIX_PATH=/,/^$/{/./=} /^NIX_PATH=/,/^$/{/./=}
' \
| sed 's:$:s/^/#krebs#/:' # Disable: Copy the NixOS/Nixpkgs sources to the target as
# the initial contents of the NixOS channel.
/^srcs=/,/^ln -sfn /=
'
} | sed 's:$:s/^/#krebs#/:'
)" )"
} }

80
krebs/3modules/default.nix
View File

@ -84,13 +84,16 @@ let
mapAttrsToList (hostname: host: mapAttrsToList (hostname: host:
mapAttrsToList (netname: net: mapAttrsToList (netname: net:
let let
aliases = toString (unique (longs ++ shorts)); aliases = longs ++ shorts;
providers = dns.split-by-provider net.aliases cfg.dns.providers; providers = dns.split-by-provider net.aliases cfg.dns.providers;
longs = providers.hosts; longs = providers.hosts;
shorts = map (removeSuffix ".${cfg.search-domain}") longs; shorts =
map (removeSuffix ".${cfg.search-domain}")
(filter (hasSuffix ".${cfg.search-domain}")
longs);
in in
map (addr: "${addr} ${aliases}") net.addrs map (addr: "${addr} ${toString aliases}") net.addrs
) host.nets ) (filterAttrs (name: host: host.aliases != []) host.nets)
) cfg.hosts ) cfg.hosts
)); ));
@ -100,6 +103,36 @@ let
([cfg.zone-head-config] ++ combined-hosts) ; ([cfg.zone-head-config] ++ combined-hosts) ;
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones; in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones;
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
services.openssh.knownHosts =
mapAttrs
(name: host: {
hostNames =
concatLists
(mapAttrsToList
(net-name: net:
let
aliases = shorts ++ longs;
longs = net.aliases;
shorts =
map (removeSuffix ".${cfg.search-domain}")
(filter (hasSuffix ".${cfg.search-domain}")
longs);
add-port = a:
if net.ssh.port != null
then "[${a}]:${toString net.ssh.port}"
else a;
in
aliases ++ map add-port net.addrs)
host.nets);
publicKey = host.ssh.pubkey;
})
(filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
} }
]; ];
@ -501,6 +534,7 @@ let
"cgit.cd.viljetic.de" "cgit.cd.viljetic.de"
"cd.krebsco.de" "cd.krebsco.de"
]; ];
ssh.port = 11423;
}; };
retiolum = { retiolum = {
via = internet; via = internet;
@ -527,6 +561,8 @@ let
''; '';
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
}; };
mkdir = rec { mkdir = rec {
cores = 1; cores = 1;
@ -534,7 +570,7 @@ let
infest.addr = head nets.internet.addrs4; infest.addr = head nets.internet.addrs4;
nets = rec { nets = rec {
internet = { internet = {
addrs4 = ["104.233.84.102"]; addrs4 = ["104.233.84.173"];
aliases = [ aliases = [
"mkdir.internet" "mkdir.internet"
]; ];
@ -559,6 +595,35 @@ let
''; '';
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
};
ire = {
nets = {
internet = {
addrs4 = ["198.147.22.115"];
ssh.port = 11423;
};
retiolum = {
addrs4 = ["10.243.231.66"];
addrs6 = ["42:b912:0f42:a82d:0d27:8610:e89b:490c"];
aliases = [
"ire.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwofjmP/XBf5pwsJlWklkSzI+Bo0I0B9ONc7/j+zpbmMRkwbWk4X7
rVLt1cWvTY15ujg2u8l0o6OgEbIkc6rslkD603fv1sEAd0KOv7iKLgRpE9qfSvAt
6YpiSv+mxEMTpH0g36OmBfOJ10uT+iHDB/FfxmgGJx//jdJADzLjjWC6ID+iGkGU
1Sf+yHXF7HRmQ29Yak8LYVCJpGC5bQfWIMSL5lujLq4NchY2d+NZDkuvh42Ayr0K
LPflnPBQ3XnKHKtSsnFR2vaP6q+d3Opsq/kzBnAkjL26jEuFK1v7P/HhNhJoPzwu
nKKWj/W/k448ce374k5ycjvKm0c6baAC/wIDAQAB
-----END RSA PUBLIC KEY-----
'';
ssh.port = 11423;
};
};
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY";
}; };
nomic = { nomic = {
cores = 2; cores = 2;
@ -584,6 +649,7 @@ let
}; };
}; };
secure = true; secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09";
}; };
rmdir = rec { rmdir = rec {
cores = 1; cores = 1;
@ -616,6 +682,8 @@ let
''; '';
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLuhLRmt8M5s2Edwwl9XY0KAAivzmPCEweesH5/KhR4";
}; };
wu = { wu = {
cores = 4; cores = 4;
@ -641,6 +709,7 @@ let
}; };
}; };
secure = true; secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
}; };
xu = { xu = {
cores = 4; cores = 4;
@ -666,6 +735,7 @@ let
}; };
}; };
secure = true; secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
}; };
}; };
users = addNames { users = addNames {

48
krebs/4lib/types.nix
View File

@ -1,11 +1,12 @@
{ lib, ... }: { lib, ... }:
with builtins;
with lib; with lib;
with types; with types;
types // rec { types // rec {
host = submodule { host = submodule ({ config, ... }: {
options = { options = {
name = mkOption { name = mkOption {
type = label; type = label;
@ -46,8 +47,39 @@ types // rec {
TODO define minimum requirements for secure hosts TODO define minimum requirements for secure hosts
''; '';
}; };
ssh.pubkey = mkOption {
type = nullOr str;
default = null;
apply = x:
if x != null
then x
else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null;
};
ssh.privkey = mkOption {
type = nullOr (submodule {
options = {
bits = mkOption {
type = nullOr (enum ["4096"]);
default = null;
};
path = mkOption {
type = either path str;
apply = x: {
path = toString x;
string = x;
}.${typeOf x};
};
type = mkOption {
type = enum ["rsa" "ed25519"];
default = "ed25519";
};
};
});
default = null;
};
}; };
}; });
net = submodule ({ config, ... }: { net = submodule ({ config, ... }: {
options = { options = {
@ -71,6 +103,18 @@ types // rec {
aliases = mkOption { aliases = mkOption {
# TODO nonEmptyListOf hostname # TODO nonEmptyListOf hostname
type = listOf hostname; type = listOf hostname;
default = [];
};
ssh = mkOption {
type = submodule {
options = {
port = mkOption {
type = nullOr int;
default = null;
};
};
};
default = {};
}; };
tinc = mkOption { tinc = mkOption {
type = let net-config = config; in nullOr (submodule ({ config, ... }: { type = let net-config = config; in nullOr (submodule ({ config, ... }: {

2
krebs/Zhosts/ire
View File

@ -1,4 +1,4 @@
Address = 198.147.23.143 Address = 198.147.22.115
Subnet = 10.243.231.66 Subnet = 10.243.231.66
Subnet = 42:b912:0f42:a82d:0d27:8610:e89b:490c Subnet = 42:b912:0f42:a82d:0d27:8610:e89b:490c

28
tv/4lib/git.nix
View File

@ -114,6 +114,18 @@ let
gnused gnused
])} ])}
green() { printf '\x0303,99%s\x0F' "$1"; }
red() { printf '\x0304,99%s\x0F' "$1"; }
orange() { printf '\x0307,99%s\x0F' "$1"; }
pink() { printf '\x0313,99%s\x0F' "$1"; }
gray() { printf '\x0314,99%s\x0F' "$1"; }
unset message
add_message() {
message="''${message+$message
}$*"
}
nick=${escapeShellArg nick} nick=${escapeShellArg nick}
channel=${escapeShellArg channel} channel=${escapeShellArg channel}
server=${escapeShellArg server} server=${escapeShellArg server}
@ -124,7 +136,6 @@ let
empty=0000000000000000000000000000000000000000 empty=0000000000000000000000000000000000000000
unset message
while read oldrev newrev ref; do while read oldrev newrev ref; do
if [ $oldrev = $empty ]; then if [ $oldrev = $empty ]; then
@ -157,14 +168,23 @@ let
link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)"
;; ;;
fast-forward|non-fast-forward) fast-forward|non-fast-forward)
#git diff --stat $id..$id2
link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2"
;; ;;
esac esac
#$host $GIT_SSH_REPO $ref $link #$host $GIT_SSH_REPO $ref $link
message="''${message+$message add_message $(pink push) $link $(gray "($receive_mode)")
}$GIT_SSH_USER $receive_mode $link"
add_message "$(
git log \
--format="$(orange %h) %s $(gray '(%ar)')" \
--reverse \
$id2..$id
git diff --stat $id2..$id \
| sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/'
)"
done done
if test -n "''${message-}"; then if test -n "''${message-}"; then