From 2ac38bb79d4444a713ad77ac17b53cc5dc4913f6 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 12:22:48 +0200 Subject: [PATCH 01/19] whatsupnix: define NIX_PAGER for remote nix-store --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index eba44be1c..7089e8897 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -28,7 +28,7 @@ $GAWK -v broken="$broken" ' case $# in 0) print_log() { - $NIX_STORE -l "$1" + NIX_PAGER= $NIX_STORE -l "$1" } ;; 1) @@ -47,7 +47,7 @@ case $# in remote_host=$1 print_log() { ssh "$remote_user@$remote_host" -p "$remote_port" \ - nix-store -l "$1" + env NIX_PAGER= nix-store -l "$1" } ;; *) @@ -55,7 +55,6 @@ case $# in exit 1 esac -export NIX_PAGER='' # for nix-store while read -r drv; do title="** FAILED $drv LOG **" frame=${title//?/*} From 9f2b087650fc27d80e91e9f44d1af3a94155b95e Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 12:30:08 +0200 Subject: [PATCH 02/19] whatsupnix: exit 2 if there were build errors --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 7089e8897..1d93f3e5c 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -1,14 +1,21 @@ #!/usr/bin/env bash - +# # Prints build logs for failed derivations in quiet build mode (-Q). # See https://github.com/NixOS/nix/issues/443 # # Usage: # -# set -o pipefail # nix-build ... -Q ... | whatsupnix [user@target[:port]] # - +# Exit Codes: +# +# 0 No failed derivations could be found. This either means there where +# no build errors, or stdin wasn't nix-build output. +# +# 1 Usage error; arguments couldn't be parsed. +# +# 2 Build error; at least one failed derivation could be found. +# GAWK=${GAWK:-gawk} NIX_STORE=${NIX_STORE:-nix-store} @@ -69,4 +76,8 @@ while read -r drv; do echo done < "$broken" -exit 0 +if test -s "$broken"; then + exit 2 +else + exit 0 +fi From 0f1ba8dfd4863876a12c5736123680cfa3d194b2 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 12:33:46 +0200 Subject: [PATCH 03/19] whatsupnix: s/broken/failed_drvs/ --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 1d93f3e5c..35785f192 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -20,14 +20,14 @@ GAWK=${GAWK:-gawk} NIX_STORE=${NIX_STORE:-nix-store} -broken=$(mktemp) -trap 'rm -f -- "$broken"' EXIT +failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX) +trap 'rm -f -- "$failed_drvs"' EXIT exec >&2 -$GAWK -v broken="$broken" ' +$GAWK -v failed_drvs="$failed_drvs" ' match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) { - print m[1] >> broken + print m[1] >> failed_drvs } { print $0 } ' @@ -74,9 +74,9 @@ while read -r drv; do print_log "$drv" echo -done < "$broken" +done < "$failed_drvs" -if test -s "$broken"; then +if test -s "$failed_drvs"; then exit 2 else exit 0 From ce89fd63d5d3ed3dc701b11a79d392294d35bd76 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 12:34:34 +0200 Subject: [PATCH 04/19] whatsupnix: talk about 2>&1 --- krebs/5pkgs/simple/whatsupnix/whatsupnix.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash index 35785f192..042763048 100644 --- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash +++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash @@ -5,7 +5,7 @@ # # Usage: # -# nix-build ... -Q ... | whatsupnix [user@target[:port]] +# nix-build ... -Q ... 2>&1 | whatsupnix [user@target[:port]] # # Exit Codes: # From 9f75e81c5f91aa4236f86c29437de190503ad586 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 15:36:18 +0200 Subject: [PATCH 05/19] lib: add test and testString --- krebs/3modules/setuid.nix | 4 +--- lib/default.nix | 4 ++++ lib/shell.nix | 2 +- lib/types.nix | 21 +++++++++++---------- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index c9677fd24..a17ec0883 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -47,9 +47,7 @@ let type = mkOptionType { # TODO admit symbolic mode name = "octal mode"; - check = x: - isString x && - match "[0-7][0-7][0-7][0-7]" x != null; + check = test "[0-7][0-7][0-7][0-7]"; merge = mergeOneOption; }; }; diff --git a/lib/default.nix b/lib/default.nix index 9399a0107..803a614a1 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -29,6 +29,10 @@ let setAttr = name: value: set: set // { ${name} = value; }; + test = re: x: isString x && testString re x; + + testString = re: x: match re x != null; + toC = x: let type = typeOf x; reject = throw "cannot convert ${type}"; diff --git a/lib/shell.nix b/lib/shell.nix index a8ff5dbe0..f9779028e 100644 --- a/lib/shell.nix +++ b/lib/shell.nix @@ -5,7 +5,7 @@ with lib; rec { escape = let - isSafeChar = c: match "[-+./0-9:=A-Z_a-z]" c != null; + isSafeChar = testString "[-+./0-9:=A-Z_a-z]"; in stringAsChars (c: if isSafeChar c then c diff --git a/lib/types.nix b/lib/types.nix index 530cd1e69..5a01e5b03 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -2,10 +2,10 @@ let inherit (lib) - all any concatMapStringsSep concatStringsSep const filter flip genid - hasSuffix head isInt isString length match mergeOneOption mkOption + all any concatMapStringsSep concatStringsSep const filter flip + genid hasSuffix head isInt isString length mergeOneOption mkOption mkOptionType optional optionalAttrs optionals range splitString - stringLength substring typeOf; + stringLength substring test typeOf; inherit (lib.types) attrsOf bool either enum int listOf nullOr path str string submodule; in @@ -338,7 +338,8 @@ rec { check = let IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in concatMapStringsSep "." (const d) (range 1 4); - in x: isString x && match IPv4address x != null; + in + test IPv4address; merge = mergeOneOption; }; addr6 = mkOptionType { @@ -346,7 +347,8 @@ rec { check = let # TODO check IPv6 address harder IPv6address = "[0-9a-f.:]+"; - in x: isString x && match IPv6address x != null; + in + test IPv6address; merge = mergeOneOption; }; @@ -396,14 +398,13 @@ rec { file-mode = mkOptionType { name = "file mode"; - check = x: isString x && match "[0-7]{4}" x != null; + check = test "[0-7]{4}"; merge = mergeOneOption; }; haskell.conid = mkOptionType { name = "Haskell constructor identifier"; - check = x: - isString x && match "[[:upper:]][[:lower:]_[:upper:]0-9']*" x != null; + check = test "[[:upper:]][[:lower:]_[:upper:]0-9']*"; merge = mergeOneOption; }; @@ -426,14 +427,14 @@ rec { name = "label"; # TODO case-insensitive labels check = x: isString x - && match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null; + && test "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x; merge = mergeOneOption; }; # POSIX.1‐2013, 3.278 Portable Filename Character Set filename = mkOptionType { name = "POSIX filename"; - check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null; + check = test "([0-9A-Za-z._])[0-9A-Za-z._-]*"; merge = mergeOneOption; }; From 9b50125b86c36ecf3e290c99e323239994fa77a7 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 16:17:55 +0200 Subject: [PATCH 06/19] types.label: drop redundant isString --- lib/types.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/types.nix b/lib/types.nix index 5a01e5b03..f9ec7b1c3 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -426,8 +426,7 @@ rec { label = mkOptionType { name = "label"; # TODO case-insensitive labels - check = x: isString x - && test "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x; + check = test "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?"; merge = mergeOneOption; }; From ede66e5d5ba5a74f4af7a9fb8479e2016faeb67f Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 16:22:32 +0200 Subject: [PATCH 07/19] xu: use krebszones, thanks 1ec7dab! --- tv/1systems/xu.nix | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index bfd59531a..d40d8ef56 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -35,6 +35,7 @@ with import ; haskellPackages.hledger htop jq + krebszones mkpasswd netcat netcup @@ -47,18 +48,6 @@ with import ; texlive.combined.scheme-full tmux - (pkgs.writeDashBin "krebszones" '' - set -efu - export OVH_ZONE_CONFIG=$HOME/.secrets/krebs/ovh-zone.conf - case $* in - import) - set -- import /etc/zones/krebsco.de krebsco.de - echo "+ krebszones $*" >&2 - ;; - esac - exec ${pkgs.krebszones}/bin/ovh-zone "$@" - '') - #ack #apache-httpd #ascii From bae426857eb956fa6941f0a0b3703ee8ab401792 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 18:55:07 +0200 Subject: [PATCH 08/19] krebs: update ciko's mail address --- krebs/3modules/default.nix | 2 +- tv/1systems/xu.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 227eb209b..081724cfe 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -186,7 +186,7 @@ let makefu tv ]; - ciko.mail = "wieczorek.stefan@gmail.com"; + ciko.mail = "ciko@slash16.net"; in { "anmeldung@eloop.org" = eloop-ml; "cfp@eloop.org" = eloop-ml; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index d40d8ef56..3add01748 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -28,6 +28,7 @@ with import ; # tv bc bind # dig + brain cac-api dic file From 11e13658d19f3e4a43400153f1f13d82a2139389 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 19:53:58 +0200 Subject: [PATCH 09/19] urlwatch: 2.5 -> 2.6 --- krebs/5pkgs/simple/urlwatch/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix index 7ffbd8870..225b5bf8f 100644 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ b/krebs/5pkgs/simple/urlwatch/default.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, python3Packages }: python3Packages.buildPythonPackage rec { - name = "urlwatch-2.5"; + name = "urlwatch-${meta.version}"; src = fetchurl { - url = "https://thp.io/2008/urlwatch/${name}.tar.gz"; - sha256 = "0qirpymdmpsx0klmhbx3icmiwpm6fx4wjma646gl9m90pifs8430"; + url = "https://github.com/thp/urlwatch/archive/${meta.version}.tar.gz"; + sha256 = "09bn31gn03swi7yr3s1ql8x07hx96gap1ka77kk44kk0lvfxn55b"; }; propagatedBuildInputs = with python3Packages; [ @@ -20,5 +20,6 @@ python3Packages.buildPythonPackage rec { homepage = https://thp.io/2008/urlwatch/; license = stdenv.lib.licenses.bsd3; maintainers = [ stdenv.lib.maintainers.tv ]; + version = "2.6"; }; } From b34fe1073c2ea3b2008eedfe5289e26439c8484f Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 21:48:21 +0200 Subject: [PATCH 10/19] urlwatch: add pycodestyle --- krebs/5pkgs/simple/urlwatch/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix index 225b5bf8f..509555669 100644 --- a/krebs/5pkgs/simple/urlwatch/default.nix +++ b/krebs/5pkgs/simple/urlwatch/default.nix @@ -11,6 +11,7 @@ python3Packages.buildPythonPackage rec { propagatedBuildInputs = with python3Packages; [ keyring minidb + pycodestyle pyyaml requests2 ]; From 0d8fccb35c449a34f083919c2558a8ff45328ec9 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 18 Jun 2017 21:51:55 +0200 Subject: [PATCH 11/19] bling: import krebs-v2 from painload --- krebs/5pkgs/simple/bling/default.nix | 56 ++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 krebs/5pkgs/simple/bling/default.nix diff --git a/krebs/5pkgs/simple/bling/default.nix b/krebs/5pkgs/simple/bling/default.nix new file mode 100644 index 000000000..8d6207f65 --- /dev/null +++ b/krebs/5pkgs/simple/bling/default.nix @@ -0,0 +1,56 @@ +{ imagemagick, runCommand, ... }: + +with import ; + +let + krebs-v2 = [ + " " + " " + " x x x x" + "xx x xx xx xx x" + "xx x xx xx xx x" + " xxx x x xxx" + " xxx xxxxx xxx" + " x xxxxxxx x " + " xxxxxxxxxxxxx " + " xxxxxxx " + " xxxxxxxxxxx " + " x xxx x " + " x x x x x x " + " x x x x x x " + " x xx x x xx x " + " " + ]; + + chars-per-pixel = 1; + colors = 2; + columns = foldl' max 0 (map stringLength krebs-v2); + rows = length krebs-v2; + + png-geometry = "1692x1692"; + + txt = concatMapStrings (s: "${s}\n") krebs-v2; + + xpm = '' + static char *krebs_v2[] = { + ${toC (toString [columns rows colors chars-per-pixel])}, + " c None", + "x c #E4002B", + ${concatMapStringsSep ",\n " toC krebs-v2} + }; + ''; +in + +runCommand "bling" + { + inherit xpm; + passAsFile = ["xpm"]; + } + '' + mkdir -p $out + cd $out + + cp $xpmPath krebs-v2.xpm + ${imagemagick}/bin/convert krebs-v2.xpm krebs-v2.ico + ${imagemagick}/bin/convert krebs-v2.xpm -scale ${png-geometry} krebs-v2.png + '' From 7de2610029afd1ac0e3cdea0de83c0af8b1ad4ea Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 19 Jun 2017 00:22:01 +0200 Subject: [PATCH 12/19] krebs-pages: import from painload --- krebs/5pkgs/simple/krebs-pages/default.nix | 8 ++ .../simple/krebs-pages/fixtures/index.html | 42 ++++++ .../krebs-pages/fixtures/thesauron.html | 133 ++++++++++++++++++ 3 files changed, 183 insertions(+) create mode 100644 krebs/5pkgs/simple/krebs-pages/default.nix create mode 100644 krebs/5pkgs/simple/krebs-pages/fixtures/index.html create mode 100644 krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html diff --git a/krebs/5pkgs/simple/krebs-pages/default.nix b/krebs/5pkgs/simple/krebs-pages/default.nix new file mode 100644 index 000000000..c4ecb2603 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/default.nix @@ -0,0 +1,8 @@ +{ bling, runCommand, ... }: + +runCommand "krebs-pages-0" {} '' + mkdir $out + cp ${./fixtures}/* $out/ + ln -s ${bling}/krebs-v2.ico $out/favicon.ico + ln -s ${bling}/krebs-v2.png $out/ +'' diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/index.html b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html new file mode 100644 index 000000000..e6b7034b3 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/index.html @@ -0,0 +1,42 @@ + +krebscode + + + +

+ + Linuxtag Heckenkrebs Presentation + +

+

+ + CTF Writeups + +

+

+ + Thesauron + +

+ diff --git a/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html new file mode 100644 index 000000000..bcf1c5d48 --- /dev/null +++ b/krebs/5pkgs/simple/krebs-pages/fixtures/thesauron.html @@ -0,0 +1,133 @@ +

Cholerab n. +[de] +- Kunstwort aus Kollaboration und Cholera. Beschreibt den Zustand, dass + Zusammenarbeit niemals gut, einfach und ohne Schmerzen funktioniert. +- Teamwork-Plattform für Krebscode.

+ +

eigentlich adv. +[de] +- Hinweis darauf, dass der Inhalt eines Satzes eine Soll-Realität beschreibt, + die nicht der Fall ist. +Antonym: tatsaechlich

+ +

ghost n. +[de] +- Host im Darknet welcher evtl. irgendwie noch da ist (als dd image auf anderen + Festplatten) aber wohl nie wieder kommen wird. +Siehe: Wiederbelebung

+ +

KD;RP abbr. (pronounciation: kah-derp) +[en] +- Short for Krebs Darknet / Retiolum Prefix.

+ +

krebs +[de] +- krebs ist ein soziales Experiment, eine Organisation, das zweit aelteste + Softwareprojekt im Shack und viel verteilte infrastruktur.

+ +

kremium +[en] +- coinage derived from the words premium and krebs +see: broken +usage: Reaktor ircbot has unfixed broken behavior since ever->“Kremium Software”

+ +

KRI abbr. (pronounciation: [en] cry) +[en] +- Short for Krebs Request for Implementation. + Derived from Scheme Requests for Implementation (SRFI).

+ +

litterate programming n. +[en] +- any code that has not been proved mathematically.

+ +

Nahziel n. +[de] +- Ziel mit höchst möglicher Priorität.

+ +

Nahzielerfahrung n. +[de] +- das Erlebnis der (endgültigen) Nichterreichung eines Nahziels (obwohl + nur noch wenig ((quasi-) infinitesimal viel) nötig gewesen wäre).

+ +

parentheses of fear +[en] +- unnecessary parentheses, usually used when order of precedence is unknown. + - Examples: 1 + (2 * 3)

+ +

Protip n. +[en] +- (Probably vague) description how a task can be solved. + - Antonym: Spoiler + - Example: + - To defeat the Cyberdaemon, shoot at it until it dies. + - RTFM

+ +

Punching Lemma n. +[de] +- Sozialer Druck zur Aufrechterhaltung der Ordnung in dem sozialen Geflaecht + von Krebs

+ +

ref, n. +[en] +- A reference like an URI, ISBN, name of a person, etc.

+ +

reftrace, n. +[en] +- A stacktrace-like representation of refs that lead to some (any kind of) + conclusion. Usually generated by a human. The conclusion can be either on + the top or on the bottom of the stack. If the order is ambiguous, then it + should be communicated explicitly. + - Example: (conclusion first) + - http://en.wikipedia.org/wiki/Stack_trace + - google “stacktrace” (first entry / 2014–12–05T12:13:58Z) + - think about some example [this could be omitted, as it’s obvious…]

+ +

Retiolum n. +[en] +- The official darknet of Krebs which utilizes the Retiolum Prefix to + address individual nodes.

+ +

Retiolum Prefix n. +[en] +- The universally accepted IPv6-prefix, 42::/16. Anyone can has a + /128-subnet and, if require, anything larger.

+ +

Retiolum Realtime Map n. +[en] +- The network map of the public visible part of Retiolum.

+ +

RRM [abbr.][en] +- Short for Retiolum Retiolum Map.

+ +

Sanatorium n. +[en] +- The Krebs Control and Command Center. +- An Retiolum-based IRC-channel where all Reaktor-enabled nodes gather + and lurk for relevant input.

+ +

Spoiler n. +[en] +- A subset of walkthrough, i.e. any individual steps may be omitted. + - Antonym: Protip

+ +

tatsaechlich, adv. +[de] +- Hinweis darauf, dass der Inhalt eines Satzes exakt der Realität entspricht. +Antonym: eigentlich

+ +

Verkrebsung n. +[de] +- Synonym fuer die Installation von Krebs (oder eine einzelnen Krebs + Komponente) auf einem beliebigem System.

+ +

Walkthrough n. +[en] +- Description of the individual steps to complete a task. + - Examples: + - program code + - small-step semantics

+ +

Wiederbelebung n. +[de] +- Ein ghost wird im Darknet wieder erreichbar +Siehe: ghost

From 3e4e5e5c098341667087eb1255912c40f3371863 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 19 Jun 2017 01:00:36 +0200 Subject: [PATCH 13/19] tv: admit dummy_secrets --- tv/2configs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b1d739ef3..b6c8e4393 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -9,7 +9,10 @@ with import ; user = config.krebs.users.tv; source = let inherit (config.krebs.build) host; in { nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; - secrets.file = "/home/tv/secrets/${host.name}"; + secrets.file = + if getEnv "dummy_secrets" == "true" + then toString + else "/home/tv/secrets/${host.name}"; secrets-common.file = "/home/tv/secrets/common"; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { From f6bb11676deb080096ba5ce335df82d6a0b3ac9c Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 19 Jun 2017 01:01:04 +0200 Subject: [PATCH 14/19] tv nixpkgs: 99dfb6d -> 412b0a1 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b6c8e4393..13fc73aa7 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -17,7 +17,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "99dfb6dce37edcd1db7cb85c2db97089d9d5f442"; # nixos-17.03 + ref = "412b0a17aa2975e092c7ab95a38561c5f82908d4"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From 094feb9b4ac1334f6d1390592a52c755083e57d0 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 19 Jun 2017 01:01:29 +0200 Subject: [PATCH 15/19] tv: add whatsupnix --- tv/2configs/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 13fc73aa7..93b9c0122 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -44,6 +44,7 @@ with import ; gnumake hashPassword populate + whatsupnix ]; } { From f2e151ba2443eb0cfeb45f05e4699082769cdbc9 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 19 Jun 2017 22:46:26 +0200 Subject: [PATCH 16/19] tv gitrepos: announce brain --- tv/2configs/gitrepos.nix | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 13b12986c..7e059cc46 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -90,28 +90,31 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; + hooks.post-receive = irc-announce-retiolum; }; } // # TODO don't put secrets/repos.nix into the store import { inherit config lib pkgs; } ); + irc-announce-retiolum = pkgs.git-hooks.irc-announce { + # TODO make nick = config.krebs.build.host.name the default + nick = config.krebs.build.host.name; + channel = "#retiolum"; + server = "ni.r"; + verbose = true; + }; + make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = pkgs.git-hooks.irc-announce { - # TODO make nick = config.krebs.build.host.name the default - nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; - verbose = true; - }; + post-receive = irc-announce-retiolum; }; }; - make-restricted-repo = name: { collaborators ? [], ... }: { - inherit collaborators name; + make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { + inherit collaborators hooks name; public = false; }; From a8d188ff6364701b624571e960146af691d9e650 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 19 Jun 2017 23:00:00 +0200 Subject: [PATCH 17/19] pkgs.git-hooks.irc-announce: make cgit_endpoint configurable --- krebs/5pkgs/simple/git-hooks/default.nix | 40 +++++++++++++++--------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 4017b873b..1930c7f14 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -5,7 +5,15 @@ with import ; { # TODO irc-announce should return a derivation # but it cannot because krebs.git.repos.*.hooks :: attrsOf str - irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: '' + irc-announce = + { branches ? [] + , cgit_endpoint ? "http://cgit.${nick}.r" + , channel + , nick + , port ? 6667 + , server + , verbose ? false + }: /* sh */ '' #! /bin/sh set -euf @@ -34,7 +42,6 @@ with import ; port=${toString port} host=$nick - cgit_endpoint=http://cgit.$host.r empty=0000000000000000000000000000000000000000 @@ -66,22 +73,27 @@ with import ; if [ $newrev = $empty ]; then id=$empty_tree; fi if [ $oldrev = $empty ]; then id2=$empty_tree; fi - case $receive_mode in - create) - link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h" - ;; - delete) - link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" - ;; - fast-forward|non-fast-forward) - link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" - ;; - esac + ${if cgit_endpoint != null then /* sh */ '' + cgit_endpoint=${escapeShellArg cgit_endpoint} + case $receive_mode in + create) + link="$cgit_endpoint/$GIT_SSH_REPO/?h=$h" + ;; + delete) + link="$cgit_endpoint/$GIT_SSH_REPO/ ($h)" + ;; + fast-forward|non-fast-forward) + link="$cgit_endpoint/$GIT_SSH_REPO/diff/?h=$h&id=$id&id2=$id2" + ;; + esac + '' else /* sh */ '' + link="$GIT_SSH_REPO $h" + ''} #$host $GIT_SSH_REPO $ref $link add_message $(pink push) $link $(gray "($receive_mode)") - ${optionalString verbose '' + ${optionalString verbose /* sh */ '' add_message "$( git log \ --format="$(orange %h) %s $(gray '(%ar)')" \ From 7cdd99f2b777f2335bfac1cfb686c07add288b05 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 19 Jun 2017 23:07:51 +0200 Subject: [PATCH 18/19] gitrepos: don't announce brain's cgit link Because it's not accessible anyway. --- tv/2configs/gitrepos.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 7e059cc46..b6480f356 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -90,26 +90,28 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; - hooks.post-receive = irc-announce-retiolum; + hooks.post-receive = irc-announce { + cgit_endpoint = null; + }; }; } // # TODO don't put secrets/repos.nix into the store import { inherit config lib pkgs; } ); - irc-announce-retiolum = pkgs.git-hooks.irc-announce { + irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate { + channel = "#retiolum"; # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#retiolum"; server = "ni.r"; verbose = true; - }; + } args); make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = irc-announce-retiolum; + post-receive = irc-announce {}; }; }; From 57c6b890f9088bb333eeab215ecfeca9d09ce3ef Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 20 Jun 2017 00:02:04 +0200 Subject: [PATCH 19/19] tv dummy_secrets: init --- tv/2configs/default.nix | 2 +- tv/dummy_secrets/default.nix | 8 ++++++++ tv/dummy_secrets/repos.nix | 1 + tv/dummy_secrets/ssh.id_ed25519 | 3 +++ tv/dummy_secrets/ssh.id_rsa | 3 +++ 5 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 tv/dummy_secrets/default.nix create mode 100644 tv/dummy_secrets/repos.nix create mode 100644 tv/dummy_secrets/ssh.id_ed25519 create mode 100644 tv/dummy_secrets/ssh.id_rsa diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 93b9c0122..4a1247ef5 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -11,7 +11,7 @@ with import ; nixos-config.symlink = "stockholm/tv/1systems/${host.name}.nix"; secrets.file = if getEnv "dummy_secrets" == "true" - then toString + then toString else "/home/tv/secrets/${host.name}"; secrets-common.file = "/home/tv/secrets/common"; stockholm.file = "/home/tv/stockholm"; diff --git a/tv/dummy_secrets/default.nix b/tv/dummy_secrets/default.nix new file mode 100644 index 000000000..ab90db55c --- /dev/null +++ b/tv/dummy_secrets/default.nix @@ -0,0 +1,8 @@ +{ config, ... }: +{ + users.users.root = { + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; +} diff --git a/tv/dummy_secrets/repos.nix b/tv/dummy_secrets/repos.nix new file mode 100644 index 000000000..eed712458 --- /dev/null +++ b/tv/dummy_secrets/repos.nix @@ -0,0 +1 @@ +_: {} diff --git a/tv/dummy_secrets/ssh.id_ed25519 b/tv/dummy_secrets/ssh.id_ed25519 new file mode 100644 index 000000000..a7d2adab4 --- /dev/null +++ b/tv/dummy_secrets/ssh.id_ed25519 @@ -0,0 +1,3 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +dummy +-----END OPENSSH PRIVATE KEY----- diff --git a/tv/dummy_secrets/ssh.id_rsa b/tv/dummy_secrets/ssh.id_rsa new file mode 100644 index 000000000..dd7209c2e --- /dev/null +++ b/tv/dummy_secrets/ssh.id_rsa @@ -0,0 +1,3 @@ +-----BEGIN RSA PRIVATE KEY----- +dummy +-----END RSA PRIVATE KEY-----