From 6ec3d922a48ad6a583315a4433a7170e6850c676 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 17 Apr 2016 05:24:33 +0200 Subject: krebs.backup network-ssh-port -> pkgs.get-ssh-port --- krebs/5pkgs/default.nix | 21 +++++++++++---------- krebs/5pkgs/get-ssh-port/default.nix | 29 +++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 10 deletions(-) create mode 100644 krebs/5pkgs/get-ssh-port/default.nix (limited to 'krebs/5pkgs') diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 0c39324a7..5ec0d54e9 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -14,7 +14,16 @@ with config.krebs.lib; then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override else override; - in { + in {} + // import ./builders.nix args + // mapAttrs (_: flip callPackage {}) + (filterAttrs (_: dir.has-default-nix) + (subdirsOf ./.)) + // { + get-ssh-port = callPackage ./get-ssh-port { + inherit config; + }; + haskellPackages = pkgs.haskellPackages.override { overrides = self: super: mapAttrs (name: path: self.callPackage path {}) @@ -29,18 +38,10 @@ with config.krebs.lib; (builtins.readDir ./haskell-overrides)); }; - push = callPackage ./push { - inherit (subdirs) get; - }; - ReaktorPlugins = callPackage ./Reaktor/plugins.nix {}; test = { infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {}; }; - } - // import ./builders.nix args - // mapAttrs (_: flip callPackage {}) - (filterAttrs (_: dir.has-default-nix) - (subdirsOf ./.)); + }; } diff --git a/krebs/5pkgs/get-ssh-port/default.nix b/krebs/5pkgs/get-ssh-port/default.nix new file mode 100644 index 000000000..2d106b2b6 --- /dev/null +++ b/krebs/5pkgs/get-ssh-port/default.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: with config.krebs.lib; + +pkgs.writeScriptBin "get-ssh-port" '' + #! ${pkgs.dash}/bin/dash + set -efu + if test $# != 1 || test $1 = -h || test $1 = --help; then + echo "usage: get-ssh-port HOSTNAME" >&2 + exit 23 + fi + case $1 in + ${concatMapStringsSep ";;\n" + (host: toString [ + "(${shell.escape host.name})" + "echo ${toString host.nets.${config.krebs.search-domain}.ssh.port}" + ]) + (filter (host: hasAttr config.krebs.search-domain host.nets) + (attrValues config.krebs.hosts)) + };; + ${concatMapStringsSep ";;\n" + (net: toString [ + "(${concatMapStringsSep "|" shell.escape net.aliases})" + "echo ${toString net.ssh.port}" + ]) + (concatMap (host: attrValues host.nets) (attrValues config.krebs.hosts)) + };; + (*) echo "get-ssh-port: don't know ssh port of $1" >&2 + exit 1 + esac +'' -- cgit v1.3.1 From 41ff57c6d6a7ed4d8562169c0d3fd9d6adb949e6 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 17 Apr 2016 10:25:59 +0200 Subject: krebs.backup: use globally configured ssh ports --- krebs/3modules/backup.nix | 99 ++++++++++++++++-------------------- krebs/5pkgs/default.nix | 4 -- krebs/5pkgs/get-ssh-port/default.nix | 29 ----------- 3 files changed, 44 insertions(+), 88 deletions(-) delete mode 100644 krebs/5pkgs/get-ssh-port/default.nix (limited to 'krebs/5pkgs') diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 4172c9800..71b22d8cb 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -103,74 +103,63 @@ let plan.method == method && config.krebs.build.host.name == plan.${side}.host.name; - start = plan: pkgs.writeScript "backup.${plan.name}" '' + start = plan: let + login-name = "root"; + identity = local.host.ssh.privkey.path; + ssh = "ssh -i ${shell.escape identity}"; + local = getAttr plan.method { + push = plan.src // { rsync = src-rsync; }; + pull = plan.dst // { rsync = dst-rsync; }; + }; + remote = getAttr plan.method { + push = plan.dst // { rsync = dst-rsync; }; + pull = plan.src // { rsync = src-rsync; }; + }; + src-rsync = "rsync"; + dst-rsync = concatStringsSep " && " [ + "stat ${shell.escape plan.dst.path} >/dev/null" + "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current" + "flock -n ${shell.escape plan.dst.path} rsync" + ]; + in pkgs.writeScript "backup.${plan.name}" '' #! ${pkgs.bash}/bin/bash set -efu + start_date=$(date +%s) + ssh_target=${shell.escape login-name}@$(${fastest-address remote.host}) ${getAttr plan.method { push = '' - identity=${shell.escape plan.src.host.ssh.privkey.path} - src_path=${shell.escape plan.src.path} - src=$src_path - dst_user=root - dst_host=$(${fastest-address plan.dst.host}) - dst_port=$(${pkgs.get-ssh-port}/bin/get-ssh-port "$dst_host") - dst_path=${shell.escape plan.dst.path} - dst=$dst_user@$dst_host:$dst_path - echo "update snapshot: current; $src -> $dst" >&2 - dst_exec() { - exec ssh -F /dev/null \ - -i "$identity" \ - -p $dst_port \ - "$dst_user@$dst_host" \ - -T "exec$(printf ' %q' "$@")" - } - rsh="ssh -F /dev/null -i $identity -p $dst_port" - local_rsync() { - rsync "$@" - } - remote_rsync=${shell.escape (concatStringsSep " && " [ - "stat ${shell.escape plan.dst.path} >/dev/null" - "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current" - "exec flock -n ${shell.escape plan.dst.path} rsync" - ])} + rsync_src=${shell.escape plan.src.path} + rsync_dst=$ssh_target:${shell.escape plan.dst.path} + echo >&2 "update snapshot current; $rsync_src -> $rsync_dst" ''; pull = '' - identity=${shell.escape plan.dst.host.ssh.privkey.path} - src_user=root - src_host=$(${fastest-address plan.src.host}) - src_port=$(${pkgs.get-ssh-port}/bin/get-ssh-port "$src_host") - src_path=${shell.escape plan.src.path} - src=$src_user@$src_host:$src_path - dst_path=${shell.escape plan.dst.path} - dst=$dst_path - echo "update snapshot: current; $dst <- $src" >&2 - dst_exec() { - exec "$@" - } - rsh="ssh -F /dev/null -i $identity -p $src_port" - local_rsync() { - stat ${shell.escape plan.dst.path} >/dev/null - mkdir -m 0700 -p ${shell.escape plan.dst.path}/current - flock -n ${shell.escape plan.dst.path} rsync "$@" - } - remote_rsync=rsync + rsync_src=$ssh_target:${shell.escape plan.src.path} + rsync_dst=${shell.escape plan.dst.path} + echo >&2 "update snapshot current; $rsync_dst <- $rsync_src" ''; }} - start_date=$(date +%s) - local_rsync >&2 \ + ${local.rsync} >&2 \ -aAXF --delete \ - --rsh="$rsh" \ - --rsync-path="$remote_rsync" \ - --link-dest="$dst_path/current" \ - "$src/" \ - "$dst/.partial" + --rsh=${shell.escape ssh} \ + --rsync-path=${shell.escape remote.rsync} \ + --link-dest=${shell.escape plan.dst.path}/current \ + "$rsync_src/" \ + "$rsync_dst/.partial" + + dst_exec() { + ${getAttr plan.method { + push = ''exec ${ssh} "$ssh_target" -T "exec$(printf ' %q' "$@")"''; + pull = ''exec "$@"''; + }} + } dst_exec env \ - dst_path="$dst_path" \ start_date="$start_date" \ - flock -n "$dst_path" \ + flock -n ${shell.escape plan.dst.path} \ /bin/sh < ${toFile "backup.${plan.name}.take-snapshots" '' set -efu - : $dst_path $start_date + : $start_date + + dst_path=${shell.escape plan.dst.path} mv "$dst_path/current" "$dst_path/.previous" mv "$dst_path/.partial" "$dst_path/current" diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 5ec0d54e9..bcc894b2c 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -20,10 +20,6 @@ with config.krebs.lib; (filterAttrs (_: dir.has-default-nix) (subdirsOf ./.)) // { - get-ssh-port = callPackage ./get-ssh-port { - inherit config; - }; - haskellPackages = pkgs.haskellPackages.override { overrides = self: super: mapAttrs (name: path: self.callPackage path {}) diff --git a/krebs/5pkgs/get-ssh-port/default.nix b/krebs/5pkgs/get-ssh-port/default.nix deleted file mode 100644 index 2d106b2b6..000000000 --- a/krebs/5pkgs/get-ssh-port/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, pkgs, ... }: with config.krebs.lib; - -pkgs.writeScriptBin "get-ssh-port" '' - #! ${pkgs.dash}/bin/dash - set -efu - if test $# != 1 || test $1 = -h || test $1 = --help; then - echo "usage: get-ssh-port HOSTNAME" >&2 - exit 23 - fi - case $1 in - ${concatMapStringsSep ";;\n" - (host: toString [ - "(${shell.escape host.name})" - "echo ${toString host.nets.${config.krebs.search-domain}.ssh.port}" - ]) - (filter (host: hasAttr config.krebs.search-domain host.nets) - (attrValues config.krebs.hosts)) - };; - ${concatMapStringsSep ";;\n" - (net: toString [ - "(${concatMapStringsSep "|" shell.escape net.aliases})" - "echo ${toString net.ssh.port}" - ]) - (concatMap (host: attrValues host.nets) (attrValues config.krebs.hosts)) - };; - (*) echo "get-ssh-port: don't know ssh port of $1" >&2 - exit 1 - esac -'' -- cgit v1.3.1 From 97c2e4bbd99f6034d550a83804e508c278045b67 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 21 May 2016 11:18:24 +0200 Subject: krebs.exim: validate config file syntax --- krebs/3modules/exim.nix | 2 +- krebs/5pkgs/builders.nix | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'krebs/5pkgs') diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 16a2a37b6..7b18c72c1 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -37,7 +37,7 @@ in { }; config = lib.mkIf cfg.enable { environment = { - etc."exim.conf".text = '' + etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" '' exim_user = ${cfg.user.name} exim_group = ${cfg.group.name} exim_path = /var/setuid-wrappers/exim diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 146e6f9e1..70d65cfc3 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -56,6 +56,14 @@ rec { ''; }; + writeEximConfig = name: text: pkgs.runCommand name { + inherit text; + passAsFile = [ "text" ]; + } '' + ${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null + mv "$textPath" $out + ''; + writeNixFromCabal = name: path: pkgs.runCommand name {} '' ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out ''; -- cgit v1.3.1 [cgit] Unable to lock slot /tmp/cgit/da200000.lock: No such file or directory (2)