From 3a3e168c8a5731038a7fd05808f7ebdf73b1abe8 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 14 Feb 2018 23:27:37 +0100 Subject: tv gitrepos: drop redundant fetch permissions Everybody already has permission to fetch via HTTP. --- tv/2configs/gitrepos.nix | 5 ----- 1 file changed, 5 deletions(-) (limited to 'tv') diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 2c4b4868e..dc50be4f1 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -128,11 +128,6 @@ let { repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ - optional repo.public { - user = attrValues config.krebs.users; - repo = [ repo ]; - perm = fetch; - } ++ optional (repo.collaborators or [] != []) { user = repo.collaborators; repo = [ repo ]; -- cgit v1.3.1 From 67969d72e137a65adba775c6219eb85ae72ccc77 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Feb 2018 14:47:12 +0100 Subject: os-release: use --- jeschli/source.nix | 6 ++++++ krebs/3modules/os-release.nix | 6 +++++- krebs/5pkgs/simple/stockholm/default.nix | 2 -- krebs/source.nix | 6 ++++++ lass/source.nix | 6 ++++++ makefu/source.nix | 6 ++++++ mv/source.nix | 6 ++++++ nin/source.nix | 6 ++++++ tv/source.nix | 6 ++++++ 9 files changed, 47 insertions(+), 3 deletions(-) (limited to 'tv') diff --git a/jeschli/source.nix b/jeschli/source.nix index 382dd61bc..fe1de8fd1 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let then "buildbot" else "jeschli"; _file = + "/jeschli/1systems/${name}/source.nix"; + pkgs = import { + overlays = map import [ + + ]; + }; in evalSource (toString _file) [ { @@ -17,6 +22,7 @@ in jeschli = "${getEnv "HOME"}/secrets/${name}"; }; stockholm.file = toString ; + stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; } override ] diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 0779feede..8f71a357f 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -5,7 +5,11 @@ let nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; nixos-pretty-name = "NixOS ${nixos-version}"; - stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown"; + stockholm-version-id = let + eval = tryEval (removeSuffix "\n" (readFile )); + in + if eval.success then eval.value else "unknown"; + stockholm-version = "${stockholm-version-id}"; stockholm-pretty-name = "stockholm ${stockholm-version}"; diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 53c1ca5ba..4d15e7ac2 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -216,7 +216,6 @@ init.env = pkgs.writeText "init.env" /* sh */ '' export HOSTNAME="$(${pkgs.nettools}/bin/hostname)" - export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}" export quiet export system @@ -251,7 +250,6 @@ "$target_user@$target_host" -p "$target_port" \ cd "$target_path/stockholm" \; \ NIX_PATH=$(${pkgs.quote}/bin/quote "$target_path") \ - STOCKHOLM_VERSION=$(${pkgs.quote}/bin/quote "$STOCKHOLM_VERSION") \ nix-shell --run "$(${pkgs.quote}/bin/quote " ${lib.concatStringsSep " " (lib.mapAttrsToList (name: opt: /* sh */ diff --git a/krebs/source.nix b/krebs/source.nix index 73ebf135d..45507c8c3 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let then "buildbot" else "krebs"; _file = + "/krebs/1systems/${name}/source.nix"; + pkgs = import { + overlays = map import [ + + ]; + }; in evalSource (toString _file) [ { @@ -16,6 +21,7 @@ in }; }; stockholm.file = toString ; + stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; ref = "c831224528cd6bfd49bfc2c18b9c5d9015651077"; # nixos-17.09 @ 2018-02-15 diff --git a/lass/source.nix b/lass/source.nix index e3332c5de..1d840f38f 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -4,6 +4,11 @@ host@{ name, secure ? false, override ? {} }: let then "buildbot" else "lass"; _file = + "/lass/1systems/${name}/source.nix"; + pkgs = import { + overlays = map import [ + + ]; + }; in evalSource (toString _file) [ { @@ -17,6 +22,7 @@ in }; }; stockholm.file = toString ; + stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; } override ] diff --git a/makefu/source.nix b/makefu/source.nix index 708f0d20c..79a2c535f 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -13,6 +13,11 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; + pkgs = import { + overlays = map import [ + + ]; + }; # TODO: automate updating of this ref + cherry-picks ref = "51810e0"; # nixos-17.09 @ 2018-02-14 # + do_sqlite3 ruby: 55a952be5b5 @@ -42,6 +47,7 @@ in }; stockholm.file = toString ; + stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; } (mkIf ( musnix ) { musnix.git = { diff --git a/mv/source.nix b/mv/source.nix index 5f6b2fe36..1a7b83961 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -4,6 +4,11 @@ host@{ name, override ? {} }: let then "buildbot" else "mv"; _file = + "/mv/1systems/${name}/source.nix"; + pkgs = import { + overlays = map import [ + + ]; + }; in evalSource (toString _file) [ { @@ -18,6 +23,7 @@ in mv = "/home/mv/secrets/${name}"; }; stockholm.file = toString ; + stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; } override ] diff --git a/nin/source.nix b/nin/source.nix index ccf5e6acc..5f3bbcb33 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -4,6 +4,11 @@ host@{ name, secure ? false }: let then "buildbot" else "nin"; _file = + "/nin/1systems/${name}/source.nix"; + pkgs = import { + overlays = map import [ + + ]; + }; in evalSource (toString _file) { nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; @@ -12,6 +17,7 @@ in nin = "/home/nin/secrets/${name}"; }; stockholm.file = toString ; + stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; ref = "afe9649"; diff --git a/tv/source.nix b/tv/source.nix index b5e3f7cd7..e5e5e0413 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -6,6 +6,11 @@ with import ; }@host: let builder = if dummy_secrets then "buildbot" else "tv"; _file = + "/tv/1systems/${name}/source.nix"; + pkgs = import { + overlays = map import [ + + ]; + }; in evalSource (toString _file) [ { @@ -20,6 +25,7 @@ in tv = "/home/tv/secrets/${name}"; }; stockholm.file = toString ; + stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version"; } (mkIf (builder == "tv") { secrets-common.file = "/home/tv/secrets/common"; -- cgit v1.3.1 From 2934d4524bcbae13043d684a27597c8b08c0851b Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 28 Feb 2018 22:38:42 +0100 Subject: tv gitrepos: add kops --- tv/2configs/gitrepos.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tv') diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index dc50be4f1..c3418e7ee 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -42,6 +42,9 @@ let { kirk = { cgit.desc = "IRC tools"; }; + kops = { + cgit.desc = "deployment tools"; + }; load-env = {}; loldns = { cgit.desc = "toy DNS server"; -- cgit v1.3.1