Merge branch 'makefu'

This commit is contained in:
lassulus 2015-09-05 12:17:59 +02:00
commit f54a0a9ea7
182 changed files with 567 additions and 87 deletions

View File

@ -8,6 +8,12 @@ let
"${user-name}/1systems/${system-name}.nix" "${user-name}/1systems/${system-name}.nix"
"${user-name}/3modules" "${user-name}/3modules"
"krebs/3modules" "krebs/3modules"
] ++ [
({ lib, pkgs, ... }: {
_module.args.pkgs =
(import ./krebs/5pkgs { inherit lib pkgs; }) //
(import (./. + "/${user-name}/5pkgs") { inherit lib pkgs; });
})
]; ];
}; };

132
krebs/3modules/Reaktor.nix Normal file
View File

@ -0,0 +1,132 @@
{ config, pkgs,lib, ... }:
let
kpkgs = import ../5pkgs { inherit pkgs; inherit lib; };
inherit (lib)
mkIf
mkOption
types
singleton
isString
optionalString
concatStrings
escapeShellArg
;
ReaktorConfig = pkgs.writeText "config.py" ''
${if (isString cfg.overrideConfig ) then ''
# Overriden Config
${cfg.overrideConfig}
'' else ""}
## Extra Config
${cfg.extraConfig}
'';
cfg = config.krebs.Reaktor;
out = {
options.krebs.Reaktor = api;
config = mkIf cfg.enable imp;
};
api = {
enable = mkOption {
default = false;
description = ''
Start Reaktor at system boot
'';
};
nickname = mkOption {
default = config.krebs.build.host.name + "|r";
type = types.string;
description = ''
The nick name of the irc bot.
Defaults to {hostname}|r
'';
};
overrideConfig = mkOption {
default = null;
type = types.nullOr types.str;
description = ''
configuration to be used instead of default ones.
Reaktor default cfg can be retrieved via `reaktor get-config`
'';
};
extraConfig = mkOption {
default = "";
type = types.string;
description = ''
configuration appended to the default or overridden configuration
'';
};
ReaktorPkg = mkOption {
default = kpkgs.Reaktor;
description = ''
the Reaktor pkg to use.
'';
};
debug = mkOption {
default = false;
description = ''
Reaktor debug output
'';
};
};
imp = {
# for reaktor get-config
environment.systemPackages = [ cfg.ReaktorPkg ];
users.extraUsers = singleton {
name = "Reaktor";
# uid = config.ids.uids.Reaktor;
uid = 2066439104; #genid Reaktor
description = "Reaktor user";
home = "/var/lib/Reaktor";
createHome = true;
};
#users.extraGroups = singleton {
# name = "Reaktor";
# gid = config.ids.gids.Reaktor;
#};
systemd.services.Reaktor = {
path = with pkgs; [
utillinux #flock for tell_on-join
# git # for nag
python # for caps
];
description = "Reaktor IRC Bot";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
REAKTOR_NICKNAME = cfg.nickname;
REAKTOR_DEBUG = (if cfg.debug then "True" else "False");
};
serviceConfig= {
ExecStartPre = pkgs.writeScript "Reaktor-init" ''
#! /bin/sh
${if (isString cfg.overrideConfig) then
''cp ${ReaktorConfig} /tmp/config.py''
else
''(${cfg.ReaktorPkg}/bin/reaktor get-config;cat "${ReaktorConfig}" ) > /tmp/config.py''
}
'';
ExecStart = "${cfg.ReaktorPkg}/bin/reaktor run /tmp/config.py";
PrivateTmp = "true";
User = "Reaktor";
Restart = "on-abort";
StartLimitInterval = "1m";
StartLimitBurst = "1";
};
};
};
in
out

View File

@ -11,6 +11,7 @@ let
./github-hosts-sync.nix ./github-hosts-sync.nix
./git.nix ./git.nix
./nginx.nix ./nginx.nix
./Reaktor.nix
./retiolum.nix ./retiolum.nix
./urlwatch.nix ./urlwatch.nix
]; ];
@ -332,11 +333,11 @@ let
}; };
users = addNames { users = addNames {
lass = { lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub; pubkey = readFile ../Zpubkeys/lass.ssh.pub;
mail = "lass@mors.retiolum"; mail = "lass@mors.retiolum";
}; };
uriel = { uriel = {
pubkey = readFile ../../Zpubkeys/uriel.ssh.pub; pubkey = readFile ../Zpubkeys/uriel.ssh.pub;
mail = "lass@uriel.retiolum"; mail = "lass@uriel.retiolum";
}; };
}; };
@ -468,6 +469,7 @@ let
IN MX 10 mx42 IN MX 10 mx42
euer IN MX 1 aspmx.l.google.com. euer IN MX 1 aspmx.l.google.com.
io IN NS pigstarter.krebsco.de. io IN NS pigstarter.krebsco.de.
euer IN A ${elemAt nets.internet.addrs4 0}
pigstarter IN A ${elemAt nets.internet.addrs4 0} pigstarter IN A ${elemAt nets.internet.addrs4 0}
conf IN A ${elemAt nets.internet.addrs4 0} conf IN A ${elemAt nets.internet.addrs4 0}
gold IN A ${elemAt nets.internet.addrs4 0} gold IN A ${elemAt nets.internet.addrs4 0}
@ -543,7 +545,7 @@ let
users = addNames { users = addNames {
makefu = { makefu = {
mail = "makefu@pornocauster.retiolum"; mail = "makefu@pornocauster.retiolum";
pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub; pubkey = readFile ../Zpubkeys/makefu_arch.ssh.pub;
}; };
}; };
}; };
@ -714,11 +716,11 @@ let
users = addNames { users = addNames {
mv = { mv = {
mail = "mv@cd.retiolum"; mail = "mv@cd.retiolum";
pubkey = readFile ../../Zpubkeys/mv_vod.ssh.pub; pubkey = readFile ../Zpubkeys/mv_vod.ssh.pub;
}; };
tv = { tv = {
mail = "tv@wu.retiolum"; mail = "tv@wu.retiolum";
pubkey = readFile ../../Zpubkeys/tv_wu.ssh.pub; pubkey = readFile ../Zpubkeys/tv_wu.ssh.pub;
}; };
}; };
}; };

View File

@ -61,9 +61,9 @@ let
${cfg.ssh-identity-file} \ ${cfg.ssh-identity-file} \
"$ssh_identity_file_target" "$ssh_identity_file_target"
ln -snf ${kpkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts ln -snf ${pkgs.github-known_hosts} ${cfg.dataDir}/.ssh/known_hosts
''; '';
ExecStart = "${kpkgs.github-hosts-sync}/bin/github-hosts-sync"; ExecStart = "${pkgs.github-hosts-sync}/bin/github-hosts-sync";
}; };
}; };
@ -77,7 +77,5 @@ let
name = "github-hosts-sync"; name = "github-hosts-sync";
uid = 3220554646; # genid github-hosts-sync uid = 3220554646; # genid github-hosts-sync
}; };
kpkgs = import ../../krebs/5pkgs { inherit pkgs; };
in in
out out

View File

@ -58,7 +58,7 @@ let
hosts = mkOption { hosts = mkOption {
type = with types; either package path; type = with types; either package path;
default = ../../Zhosts; default = ../Zhosts;
description = '' description = ''
If a path is given, then it will be used to generate an ad-hoc package. If a path is given, then it will be used to generate an ad-hoc package.
''; '';

View File

@ -78,7 +78,7 @@ let
HOME = cfg.dataDir; HOME = cfg.dataDir;
LC_ALL = "en_US.UTF-8"; LC_ALL = "en_US.UTF-8";
LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive"; LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
SSL_CERT_FILE = "${pkgs.cacert}/etc/ca-bundle.crt"; SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
}; };
serviceConfig = { serviceConfig = {
User = user.name; User = user.name;

View File

@ -14,5 +14,12 @@ builtins // lib // rec {
dns = import ./dns.nix { inherit lib; }; dns = import ./dns.nix { inherit lib; };
listset = import ./listset.nix { inherit lib; }; listset = import ./listset.nix { inherit lib; };
shell = import ./shell.nix { inherit lib; };
tree = import ./tree.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; };
toC = x: {
list = "{ ${concatStringsSep ", " (map toC x)} }";
null = "NULL";
string = toJSON x; # close enough
}.${typeOf x};
} }

22
krebs/4lib/shell.nix Normal file
View File

@ -0,0 +1,22 @@
{ lib, ... }:
with builtins;
with lib;
rec {
escape =
let
isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null;
in
stringAsChars (c:
if isSafeChar c then c
else if c == "\n" then "'\n'"
else "\\${c}");
#
# shell script generators
#
# example: "${cat (toJSON { foo = "bar"; })} | jq -r .foo"
cat = s: "printf '%s' ${escape s}";
}

View File

@ -0,0 +1,19 @@
{ lib, pkgs,python3Packages,fetchurl, ... }:
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
version = "0.4.3";
propagatedBuildInputs = with pkgs;[
python3Packages.docopt
python3Packages.requests2
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
sha256 = "1rvfw9vg7i7z2ah7m5k3zik2b92d3xdaqa8am62qw6vgvmxcmfp4";
};
meta = {
homepage = http://krebsco.de/;
description = "An IRC bot based on asynchat";
license = lib.licenses.wtfpl;
};
}

View File

@ -1,18 +1,54 @@
{ pkgs, ... }: { lib, pkgs, ... }:
with import ../4lib { inherit lib; };
let let
inherit (pkgs) callPackage; inherit (pkgs) callPackage;
in in
pkgs // rec {
{ cac = callPackage ./cac {};
cac = callPackage ./cac.nix {}; charybdis = callPackage ./charybdis {};
dic = callPackage ./dic.nix {}; dic = callPackage ./dic {};
genid = callPackage ./genid.nix {}; genid = callPackage ./genid {};
github-hosts-sync = callPackage ./github-hosts-sync.nix {}; github-hosts-sync = callPackage ./github-hosts-sync {};
github-known_hosts = callPackage ./github-known_hosts.nix {}; github-known_hosts = callPackage ./github-known_hosts {};
hashPassword = callPackage ./hashPassword.nix {}; hashPassword = callPackage ./hashPassword {};
nq = callPackage ./nq.nix {}; krebszones = callPackage ./krebszones {};
posix-array = callPackage ./posix-array.nix {}; lentil = callPackage ./lentil {};
youtube-tools = callPackage ./youtube-tools.nix {}; much = callPackage ./much {};
nq = callPackage ./nq {};
posix-array = callPackage ./posix-array {};
pssh = callPackage ./pssh {};
Reaktor = callPackage ./Reaktor {};
youtube-tools = callPackage ./youtube-tools {};
execve = name: { filename, argv, envp ? {}, destination ? "" }:
writeC name { inherit destination; } ''
#include <unistd.h>
int main () {
const char *filename = ${toC filename};
char *const argv[] = ${toC (argv ++ [null])};
char *const envp[] = ${toC (
mapAttrsToList (k: v: "${k}=${v}") envp ++ [null]
)};
execve(filename, argv, envp);
return -1;
}
'';
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
PATH=${lib.makeSearchPath "bin" (with pkgs; [
binutils
coreutils
gcc
])}
src=${pkgs.writeText "${name}.c" src}
exe=$out${destination}
mkdir -p "$(dirname "$exe")"
gcc -O -Wall -o "$exe" $src
strip --strip-unneeded "$exe"
'';
} }

View File

@ -4,7 +4,7 @@ with builtins;
with lib; with lib;
let let
github-pubkey = removeSuffix "\n" (readFile ../../Zpubkeys/github.ssh.pub); github-pubkey = removeSuffix "\n" (readFile ./github.ssh.pub);
in in
toFile "github-known_hosts" toFile "github-known_hosts"

View File

@ -0,0 +1,20 @@
{ lib, pkgs,python3Packages,fetchurl, ... }:
python3Packages.buildPythonPackage rec {
name = "krebszones-${version}";
version = "0.4.3";
propagatedBuildInputs = with pkgs.python3Packages;[
d2to1 # for setup to work
ovh
docopt
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/k/krebszones/krebszones-${version}.tar.gz";
sha256 = "1i6aqy27bikypc4mq7ymfnvf42rr5sxiy6l7gnyk6ifhlp1jq8z5";
};
meta = {
homepage = http://krebsco.de/;
description = "OVH Zone Upload";
license = lib.licenses.wtfpl;
};
}

View File

@ -0,0 +1,37 @@
{ writeScriptBin }:
writeScriptBin "pssh" ''
#! /bin/sh
set -efu
case ''${1-} in
# TODO create plog with -o json | jq ... | map date
# usage: pssh {-j,--journal} host...
# Follow journal at each host.
-j|--journal)
shift
"$0" journalctl -n0 -ocat --follow --all ::: "$@" \
| while read line; do
printf '%s %s\n' "$(date --rfc-3339=s)" "$line"
done
;;
-*)
echo $0: unknown option: $1 >&2
exit 1
;;
# usage: pssh command [arg...] ::: host...
# Run command at each host.
*)
exec parallel \
--line-buffer \
-j0 \
--no-notice \
--tagstring {} \
ssh -T {} "$@"
;;
esac
''

Some files were not shown because too many files have changed in this diff Show More