summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornin <nineinchnade@gmail.com>2017-03-07 16:27:15 +0100
committernin <nineinchnade@gmail.com>2017-03-07 16:27:15 +0100
commit2edd8ca37b5c134b697315fd7ab603807760e6d6 (patch)
tree4fa4df81774907b797d04707028406788d7297e1
parent01868340e25ffb05ea8b784c5cdf47c251157dfb (diff)
parentc05db2409061f721ba454f4bf79e635ee13a6f11 (diff)
Merge remote-tracking branch 'prism/newest'
Diffstat
-rw-r--r--krebs/3modules/exim-smarthost.nix2
-rw-r--r--krebs/3modules/exim.nix2
-rw-r--r--krebs/3modules/on-failure.nix2
-rw-r--r--krebs/3modules/setuid.nix2
-rw-r--r--krebs/3modules/tv/default.nix2
-rw-r--r--krebs/3modules/urlwatch.nix2
-rw-r--r--krebs/5pkgs/git-hooks/default.nix19
-rw-r--r--lass/1systems/prism.nix21
-rw-r--r--lass/2configs/baseX.nix18
-rw-r--r--lass/2configs/binary-cache/client.nix10
-rw-r--r--lass/2configs/browsers.nix4
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/exim-smarthost.nix3
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/git.nix1
-rw-r--r--lass/2configs/hfos.nix1
-rw-r--r--lass/2configs/livestream.nix12
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/programs.nix1
-rw-r--r--lass/2configs/security-workarounds.nix8
-rw-r--r--lass/2configs/termite.nix22
-rw-r--r--lass/2configs/vim.nix1
-rw-r--r--lass/2configs/websites/util.nix7
-rw-r--r--lass/2configs/xresources.nix55
-rw-r--r--lass/5pkgs/xmonad-lass.nix2
-rw-r--r--makefu/1systems/filepimp.nix2
-rw-r--r--makefu/1systems/x.nix9
-rw-r--r--makefu/2configs/base-gui.nix2
-rw-r--r--makefu/2configs/default.nix14
-rw-r--r--makefu/2configs/deployment/owncloud.nix8
-rw-r--r--makefu/2configs/hw/tp-x230.nix12
-rw-r--r--makefu/2configs/laptop-utils.nix65
-rw-r--r--makefu/2configs/logging/central-stats-server.nix15
-rw-r--r--makefu/2configs/main-laptop.nix5
-rw-r--r--makefu/2configs/omo-share.nix11
-rw-r--r--makefu/2configs/printer.nix1
-rw-r--r--makefu/2configs/tools/all.nix11
-rw-r--r--makefu/2configs/tools/core-gui.nix24
-rw-r--r--makefu/2configs/tools/core.nix46
-rw-r--r--makefu/2configs/tools/dev.nix10
-rw-r--r--makefu/2configs/tools/extra-gui.nix12
-rw-r--r--makefu/2configs/tools/games.nix7
-rw-r--r--makefu/2configs/tools/media.nix12
-rw-r--r--makefu/2configs/tools/sec.nix15
-rw-r--r--makefu/2configs/urlwatch.nix3
-rw-r--r--makefu/3modules/umts.nix9
-rw-r--r--makefu/5pkgs/awesomecfg/full.cfg4
-rw-r--r--makefu/5pkgs/default.nix41
-rw-r--r--makefu/5pkgs/dymo-cups-drivers/default.nix17
-rw-r--r--makefu/5pkgs/esptool/default.nix32
-rw-r--r--makefu/5pkgs/wol/default.nix22
-rw-r--r--mv/1systems/stro.nix6
-rw-r--r--shared/2configs/default.nix6
-rw-r--r--tv/1systems/cd.nix4
-rw-r--r--tv/1systems/mu.nix8
-rw-r--r--tv/1systems/wu.nix6
-rw-r--r--tv/1systems/xu.nix6
-rw-r--r--tv/1systems/zu.nix6
-rw-r--r--tv/2configs/default.nix2
-rw-r--r--tv/2configs/pulse.nix3
-rw-r--r--tv/2configs/urlwatch.nix2
-rw-r--r--tv/2configs/xserver/default.nix2
-rw-r--r--tv/5pkgs/q/default.nix38
-rw-r--r--tv/5pkgs/xmonad-tv/default.nix4
64 files changed, 483 insertions, 224 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index bda563f8d..0ad952e3b 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -55,7 +55,7 @@ let
local_domains = mkOption {
type = with types; listOf hostname;
- default = ["localhost"] ++ config.krebs.build.host.nets.retiolum.aliases;
+ default = unique (["localhost" cfg.primary_hostname] ++ config.krebs.build.host.nets.retiolum.aliases);
};
relay_from_hosts = mkOption {
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index 1127c0a50..0044f5b32 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -40,7 +40,7 @@ in {
etc."exim.conf".source = pkgs.writeEximConfig "exim.conf" ''
exim_user = ${cfg.user.name}
exim_group = ${cfg.group.name}
- exim_path = /var/setuid-wrappers/exim
+ exim_path = /run/wrappers/bin/exim
spool_directory = ${cfg.user.home}
${cfg.config}
'';
diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix
index 8bb022442..4da303dec 100644
--- a/krebs/3modules/on-failure.nix
+++ b/krebs/3modules/on-failure.nix
@@ -58,7 +58,7 @@
};
sendmail = mkOption {
type = types.str;
- default = "/var/setuid-wrappers/sendmail";
+ default = "/run/wrappers/bin/sendmail";
};
};
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index 13f981437..c9677fd24 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -73,7 +73,7 @@ let
};
imp = {
- system.activationScripts."krebs.setuid" = stringAfter [ "setuid" ]
+ system.activationScripts."krebs.setuid" = stringAfter [ "wrappers" ]
(concatMapStringsSep "\n" (getAttr "activate") (attrValues cfg));
};
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 1220143a7..d44c322aa 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -85,7 +85,7 @@ with import <stockholm/lib>;
};
nets = {
internet = {
- ip4.addr = "64.137.177.226";
+ ip4.addr = "45.62.237.203";
aliases = [
"cd.i"
"cd.krebsco.de"
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index e43f8de4a..126fc33bb 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -178,7 +178,7 @@ let
echo To: ${shell.escape cfg.mailto}
echo
cat changes
- } | /var/setuid-wrappers/sendmail -t
+ } | /run/wrappers/bin/sendmail -t
fi
'';
};
diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix
index 9355a878c..4017b873b 100644
--- a/krebs/5pkgs/git-hooks/default.nix
+++ b/krebs/5pkgs/git-hooks/default.nix
@@ -1,13 +1,10 @@
-{ lib, pkgs, ... }:
+{ pkgs, ... }:
-with lib;
-
-let
- out = {
- inherit irc-announce;
- };
+with import <stockholm/lib>;
+{
# TODO irc-announce should return a derivation
+ # but it cannot because krebs.git.repos.*.hooks :: attrsOf str
irc-announce = { nick, channel, server, port ? 6667, verbose ? false, branches ? [] }: ''
#! /bin/sh
set -euf
@@ -37,7 +34,7 @@ let
port=${toString port}
host=$nick
- cgit_endpoint=http://cgit.$host
+ cgit_endpoint=http://cgit.$host.r
empty=0000000000000000000000000000000000000000
@@ -99,7 +96,7 @@ let
done
if test -n "''${message-}"; then
- exec ${irc-announce-script} \
+ exec ${pkgs.irc-announce}/bin/irc-announce \
"$server" \
"$port" \
"$nick" \
@@ -107,6 +104,4 @@ let
"$message"
fi
'';
-
- irc-announce-script = "${pkgs.irc-announce}/bin/irc-announce";
-in out
+}
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 81520ad5f..b55732f65 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -215,6 +215,7 @@ in {
}
{
krebs.repo-sync.timerConfig = {
+ OnBootSec = "5min";
OnUnitInactiveSec = "3min";
RandomizedDelaySec = "2min";
};
@@ -247,7 +248,13 @@ in {
];
}
{
- krebs.Reaktor.coders = {
+ krebs.Reaktor.coders = let
+ lambdabot = (import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs";
+ rev = "a4ec1841da14fc98c5c35cc72242c23bb698d4ac";
+ sha256 = "148fpw31s922hxrf28yhrci296f7c7zd81hf0k6zs05rq0i3szgy";
+ }) {}).lambdabot;
+ in {
nickname = "reaktor-lass";
channels = [ "#coders" ];
extraEnviron = {
@@ -263,7 +270,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-pl" {
pattern = "^@pl (?P<args>.*)$$";
script = pkgs.writeDash "lambda-pl" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@pl $1"
'';
@@ -271,7 +278,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-type" {
pattern = "^@type (?P<args>.*)$$";
script = pkgs.writeDash "lambda-type" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@type $1"
'';
@@ -279,7 +286,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-let" {
pattern = "^@let (?P<args>.*)$$";
script = pkgs.writeDash "lambda-let" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@let $1"
'';
@@ -287,7 +294,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-run" {
pattern = "^@run (?P<args>.*)$$";
script = pkgs.writeDash "lambda-run" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@run $1"
'';
@@ -295,7 +302,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
@@ -303,7 +310,7 @@ in {
(buildSimpleReaktorPlugin "lambdabot-kind" {
pattern = "^@kind (?P<args>.*)$$";
script = pkgs.writeDash "lambda-kind" ''
- exec ${pkgs.lambdabot}/bin/lambdabot \
+ exec ${lambdabot}/bin/lambdabot \
${indent lambdabotflags}
-e "@kind $1"
'';
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 539fdc875..275b93f26 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -8,6 +8,8 @@ in {
./power-action.nix
./screenlock.nix
./copyq.nix
+ ./xresources.nix
+ ./livestream.nix
{
hardware.pulseaudio = {
enable = true;
@@ -32,15 +34,15 @@ in {
programs.ssh.startAgent = false;
- security.setuidPrograms = [ "slock" ];
-
services.printing = {
enable = true;
- drivers = [ pkgs.foomatic_filters ];
+ drivers = [
+ pkgs.foomatic_filters
+ pkgs.gutenprint
+ ];
};
environment.systemPackages = with pkgs; [
-
acpi
dic
dmenu
@@ -76,7 +78,13 @@ in {
enable = true;
desktopManager.xterm.enable = false;
- displayManager.slim.enable = true;
+ desktopManager.default = "none";
+ displayManager.lightdm.enable = true;
+ displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "lass";
+ };
+ windowManager.default = "xmonad";
windowManager.session = [{
name = "xmonad";
start = ''
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
index 108ff7a1e..9dba5fbfb 100644
--- a/lass/2configs/binary-cache/client.nix
+++ b/lass/2configs/binary-cache/client.nix
@@ -2,8 +2,14 @@
{
nix = {
- binaryCaches = ["http://cache.prism.r"];
- binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ binaryCaches = [
+ "http://cache.prism.r"
+ "https://cache.nixos.org/"
+ ];
+ binaryCachePublicKeys = [
+ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="
+ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
+ ];
};
}
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 88ee70802..6c381863c 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -20,7 +20,7 @@ let
createChromiumUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
- /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.chromium}/bin/chromium $@
'';
in {
users.extraUsers.${name} = {
@@ -43,7 +43,7 @@ let
createFirefoxUser = name: extraGroups:
let
bin = pkgs.writeScriptBin name ''
- /var/setuid-wrappers/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
+ /var/run/wrappers/bin/sudo -u ${name} -i ${pkgs.firefox}/bin/firefox $@
'';
in {
users.extraUsers.${name} = {
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 8100a433f..3e7881fb4 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -1,5 +1,4 @@
-{ config, lib, pkgs, ... }:
-
+{ config, pkgs, ... }:
with import <stockholm/lib>;
{
imports = [
@@ -11,6 +10,7 @@ with import <stockholm/lib>;
../2configs/vim.nix
../2configs/monitoring/client.nix
./backups.nix
+ ./security-workarounds.nix
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
@@ -135,6 +135,7 @@ with import <stockholm/lib>;
#neat utils
krebspaste
+ mosh
pciutils
pop
psmisc
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index d120dfcad..3353cdac0 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -8,11 +8,12 @@ with import <stockholm/lib>;
dkim = [
{ domain = "lassul.us"; }
];
+ primary_hostname = "lassul.us";
sender_domains = [
"lassul.us"
"aidsballs.de"
];
- relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [
+ relay_from_hosts = map (host: host.nets.retiolum.ip6.addr) [
config.krebs.hosts.mors
config.krebs.hosts.uriel
config.krebs.hosts.helios
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 58051560a..d114a826d 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -84,5 +84,6 @@ in {
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 10666"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport 10666"; target = "ACCEPT"; }
];
}
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index bdd65ce09..3e1b2c6e3 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -5,6 +5,7 @@ with import <stockholm/lib>;
let
out = {
+ services.nginx.enable = true;
krebs.git = {
enable = true;
cgit = {
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
index dcd50dd7b..a28a6a5d2 100644
--- a/lass/2configs/hfos.nix
+++ b/lass/2configs/hfos.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
- config.krebs.users.lass.pubkey
];
};
diff --git a/lass/2configs/livestream.nix b/lass/2configs/livestream.nix
new file mode 100644
index 000000000..c877a8c0a
--- /dev/null
+++ b/lass/2configs/livestream.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+let
+
+ stream = pkgs.writeDashBin "stream" ''
+ ${pkgs.python27Packages.livestreamer}/bin/livestreamer --http-header Client-ID=jzkbprff40iqj646a697cyrvl0zt2m6 -p mpv "$@"
+ '';
+
+in {
+ environment.systemPackages = [ stream ];
+}
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index ad39848b6..9c3eafffd 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "6651c72";
+ ref = "5b0c9d4";
};
}
diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix
index 6cf23deaf..241d263f8 100644
--- a/lass/2configs/programs.nix
+++ b/lass/2configs/programs.nix
@@ -12,7 +12,6 @@
pavucontrol
pv
pwgen
- python34Packages.livestreamer
remmina
silver-searcher
wget
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
new file mode 100644
index 000000000..537c8a59b
--- /dev/null
+++ b/lass/2configs/security-workarounds.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ # http://seclists.org/oss-sec/2017/q1/471
+ boot.extraModprobeConfig = ''
+ install dccp /run/current-system/sw/bin/false
+ '';
+}
diff --git a/lass/2configs/termite.nix b/lass/2configs/termite.nix
new file mode 100644
index 000000000..245b89e9c
--- /dev/null
+++ b/lass/2configs/termite.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ environment.systemPackages = [
+ pkgs.termite
+ ];
+
+ krebs.per-user.lass.packages = let
+ termitecfg = pkgs.writeTextFile {
+ name = "termite-config";
+ destination = "/etc/xdg/termite/config";
+ text = ''
+ [colors]
+ foreground = #d0d7d0
+ background = #000000
+ '';
+ };
+ in [
+ termitecfg
+ ];
+}
diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix
index 4d6dfe366..4e0af0dc7 100644
--- a/lass/2configs/vim.nix
+++ b/lass/2configs/vim.nix
@@ -66,6 +66,7 @@ let
"Syntastic config
let g:syntastic_python_checkers=['flake8']
+ let g:syntastic_python_flake8_post_args='--ignore=E501'
nmap <esc>q :buffer
nmap <M-q> :buffer
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index d596e9db9..6d14de731 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -32,6 +32,7 @@ rec {
let
domain = head domains;
in {
+ services.phpfpm.phpPackage = pkgs.php56;
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
enableSSL = true;
@@ -181,10 +182,10 @@ rec {
user = nginx
group = nginx
pm = dynamic
- pm.max_children = 5
- pm.start_servers = 2
+ pm.max_children = 15
+ pm.start_servers = 3
pm.min_spare_servers = 1
- pm.max_spare_servers = 3
+ pm.max_spare_servers = 10
listen.owner = nginx
listen.group = nginx
php_admin_value[error_log] = 'stderr'
diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix
new file mode 100644
index 000000000..35dbe2044
--- /dev/null
+++ b/lass/2configs/xresources.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+with import <stockholm/lib>;
+
+let
+
+ xresources = pkgs.writeText "Xresources" ''
+ URxvt*scrollBar: false
+ URxvt*urgentOnBell: true
+ URxvt*SaveLines: 4096
+ URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
+ URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1
+
+ ! ref https://github.com/muennich/urxvt-perls
+ URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
+ URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
+ URxvt.url-select.launcher: ${config.lass.browser.select}/bin/browser-select
+ URxvt.url-select.underline: true
+ URxvt.keysym.M-u: perl:url-select:select_next
+ URxvt.keysym.M-Escape: perl:keyboard-select:activate
+ URxvt.keysym.M-s: perl:keyboard-select:search
+
+ URxvt.intensityStyles: false
+
+ URxvt*background: #000000
+ URxvt*foreground: #d0d7d0
+
+ URxvt*cursorColor: #f042b0
+ URxvt*cursorColor2: #f0b000
+ URxvt*cursorBlink: off
+
+ URxvt*.pointerBlank: true
+ URxvt*.pointerBlankDelay: 987654321
+ URxvt*.pointerColor: #f042b0
+ URxvt*.pointerColor2: #050505
+ '';
+
+in {
+ systemd.user.services.xresources = {
+ description = "xresources";
+ wantedBy = [ "default.target" ];
+
+ environment = {
+ DISPLAY = ":0";
+ };
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${pkgs.xorg.xrdb}/bin/xrdb -merge ${xresources}";
+ Restart = "on-failure";
+ };
+ };
+}
diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix
index 22ec7efa9..bc70417f5 100644
--- a/lass/5pkgs/xmonad-lass.nix
+++ b/lass/5pkgs/xmonad-lass.nix
@@ -95,7 +95,7 @@ displaySomeException = displayException
myKeyMap :: [([Char], X ())]
myKeyMap =
- [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f")
+ [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i $HOME/wallpaper -f")
, ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png")
, ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type")
, ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%")
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index 0fabf6d93..e143d0046 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -3,7 +3,7 @@ let
byid = dev: "/dev/disk/by-id/" + dev;
part1 = disk: disk + "-part1";
rootDisk = byid "ata-SanDisk_SDSSDP064G_140237402890";
- primary-interface = "enp2s0"; # c8:cb:b8:cf:e4:dc
+ primary-interface = "enp3s0"; # c8:cb:b8:cf:e4:dc
# N54L Chassis:
# ____________________
# |______FRONT_______|
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 08da92068..9666f50ff 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -8,7 +8,7 @@
[ # base
../.
../2configs/main-laptop.nix
- ../2configs/laptop-utils.nix
+ ../2configs/tools/all.nix
../2configs/laptop-backup.nix
../2configs/dnscrypt.nix
@@ -46,7 +46,7 @@
../2configs/mail-client.nix
../2configs/printer.nix
../2configs/virtualization.nix
- ../2configs/virtualization-virtualbox.nix
+ # ../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
../2configs/rad1o.nix
@@ -64,8 +64,10 @@
../2configs/fs/sda-crypto-root-home.nix
];
- makefu.server.primary-itf = "wlp2s0";
+
+ makefu.server.primary-itf = "wlp3s0";
makefu.full-populate = true;
+ makefu.umts.apn = "web.vodafone.de";
nixpkgs.config.allowUnfree = true;
krebs.nginx = {
@@ -74,6 +76,7 @@
servers.default.server-names = [ "_" ];
};
+ boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ];
virtualisation.docker.enable = true;
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index 95ebabc44..43b37cd8c 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -82,7 +82,7 @@ in
URxvt.perl-ext: default,url-select
URxvt.keysym.M-u: perl:url-select:select_next
- URxvt.url-select.launcher: chromium
+ URxvt.url-select.launcher: firefox -new-tab
URxvt.url-select.underline: true
URxvt.searchable-scrollback: CM-s
'';
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 45f7315b0..1ad7f0710 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with import <stockholm/lib>;
user = config.krebs.users.makefu;
source = let
inherit (config.krebs.build) host user;
- ref = "f66d782"; # unstable @ 2017-02-04
+ ref = "53a2baa"; # unstable @ 2017-02-28
in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{
@@ -145,21 +145,21 @@ with import <stockholm/lib>;
tinc = pkgs.tinc_pre;
};
- services.cron.enable = false;
- services.nscd.enable = false;
- services.ntp.enable = false;
- services.timesyncd.enable = true;
- services.ntp.servers = [
+ networking.timeServers = [
"pool.ntp.org"
"time.windows.com"
"time.apple.com"
"time.nist.gov"
];
+
nix.extraOptions = ''
auto-optimise-store = true
'';
- security.setuidPrograms = [ "sendmail" ];
+ security.wrappers.sendmail = {
+ source = "${pkgs.exim}/bin/sendmail";
+ setuid = true;
+ };
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index d692ef72d..c6fb9c8e5 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -131,11 +131,15 @@ in {
( serveCloud [ "o.euer.krebsco.de" ] )
];
- services.mysql = {
- enable = true;
+ services.mysql = { # TODO: currently nextcloud uses sqlite
+ enable = false;
package = pkgs.mariadb;
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
};
+ services.mysqlBackup = {
+ enable = false;
+ databases = [ "nextcloud" ];
+ };
krebs.secret.files.mysql_rootPassword = {
path = "${config.services.mysql.dataDir}/mysql_rootPassword";
diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix
index 99563a771..2de32dd94 100644
--- a/makefu/2configs/hw/tp-x230.nix
+++ b/makefu/2configs/hw/tp-x230.nix
@@ -9,20 +9,28 @@ with import <stockholm/lib>;
kernelModules = [
"kvm-intel"
"thinkpad_ec"
- # "acpi_call"
+ "acpi_call"
# "thinkpad_acpi"
# "tpm-rng"
];
extraModulePackages = [
- # config.boot.kernelPackages.acpi_call
+ config.boot.kernelPackages.acpi_call
];
+ # support backlight adjustment
+ kernelParams = [ "acpi_osi=Linux" "acpi_backlight=vendor" ];
};
+
+ # configured media keys inside awesomerc
+ # sound.mediaKeys.enable = true;
+ hardware.bluetooth.enable = true;
+
services.acpid.enable = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
services.xserver = {
videoDriver = "intel";
deviceSection = ''
Option "AccelMethod" "sna"
+ Option "Backlight" "intel_backlight"
'';
};
# no entropy source working
diff --git a/makefu/2configs/laptop-utils.nix b/makefu/2configs/laptop-utils.nix
deleted file mode 100644
index ec6d4adec..000000000
--- a/makefu/2configs/laptop-utils.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ pkgs, ... }:
-
-# tools i use when actually working with the host.
-# package version will now be maintained by nix-rebuild
-#
-# essentially `nix-env -q` of the main user
-# TODO: split gui and non-gui
-{
- nixpkgs.config.firefox = {
- enableAdobeFlash = true;
- };
-
- krebs.per-user.makefu.packages = with pkgs; [
- # core
- at_spi2_core
- acpi
- bc
- exif
- file
- ntfs3g
- pv
- proot
- sshpass
- unzip
- unrar
- usbutils
- zip
-
- # dev
- python35Packages.virtualenv
-
-
- # gui
- chromium
- clipit
- feh
- firefox
- keepassx
- pcmanfm
- skype
- mirage
- tightvnc
- gnome3.dconf
- vlc
- virtmanager
- wireshark
- xdotool
-
- # sectools
- aria2
- pythonPackages.binwalk-full
- dnsmasq
- iodine
- mtr
- nmap
-
-
- # stuff
- cac-api
- cac-panel
- krebspaste
- ledger
- pass
- ];
-}
diff --git a/makefu/2configs/logging/central-stats-server.nix b/makefu/2configs/logging/central-stats-server.nix
index 8151d4939..30ad63879 100644
--- a/makefu/2configs/logging/central-stats-server.nix
+++ b/makefu/2configs/logging/central-stats-server.nix
@@ -5,10 +5,9 @@ let
collectd-port = 25826;
influx-port = 8086;
grafana-port = 3000; # TODO nginx forward
+ db = "collectd_db";
+ logging-interface = config.makefu.server.primary-itf;
in {
- imports = [
- ../../../lass/3modules/kapacitor.nix
- ];
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
@@ -27,11 +26,11 @@ in {
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
- database = "collectd_db";
+ database = db;
port = collectd-port;
}];
};
- lass.kapacitor =
+ krebs.kapacitor =
let
echoToIrc = pkgs.writeDash "echo_irc" ''
set -euf
@@ -43,7 +42,8 @@ in {
in {
enable = true;
alarms = {
- cpu_deadman = ''
+ cpu_deadman.database = db;
+ cpu_deadman.text = ''
var data = batch
|query(${"'''"}
SELECT mean("value") AS mean
@@ -68,5 +68,8 @@ in {
iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT
+ iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
+ iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
+ iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
'';
}
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index e1c3d20ff..eaf6dec97 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -14,7 +14,8 @@ in {
./base-gui.nix
./fetchWallpaper.nix
./zsh-user.nix
- ./laptop-utils.nix
+ ./tools/core.nix
+ ./tools/core-gui.nix
];
users.users.${config.krebs.build.user.name}.extraGroups = [ "dialout" ];
@@ -60,7 +61,7 @@ in {
sleep 1
'')
[ 5 4 3 2 1 ]}
- /var/setuid-wrappers/sudo ${pkgs.systemd}/bin/systemctl suspend
+ /var/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl suspend
'';
};
};
diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix
index 8a3eab98a..7d7a4ec57 100644
--- a/makefu/2configs/omo-share.nix
+++ b/makefu/2configs/omo-share.nix
@@ -48,15 +48,8 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
- crypt0-rw = {
- path = "/media/crypt0/";
- "read only" = "no";
- browseable = "yes";
- "guest ok" = "no";
- "valid users" = "makefu";
- };
- crypt1-rw = {
- path = "/media/crypt1/";
+ media-rw = {
+ path = "/media/";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
index d288748f9..7c7b00abc 100644
--- a/makefu/2configs/printer.nix
+++ b/makefu/2configs/printer.nix
@@ -5,6 +5,7 @@
enable = true;
drivers = [
pkgs.samsungUnifiedLinuxDriver
+ pkgs.dymo-cups-drivers
];
};
diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix
new file mode 100644
index 000000000..e64e216e0
--- /dev/null
+++ b/makefu/2configs/tools/all.nix
@@ -0,0 +1,11 @@
+{
+ imports = [
+ ./core.nix
+ ./core-gui.nix
+ ./dev.nix
+ ./extra-gui.nix
+ ./games.nix
+ ./media.nix
+ ./sec.nix
+ ];
+}
diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix
new file mode 100644
index 000000000..6d62e92c0
--- /dev/null
+++ b/makefu/2configs/tools/core-gui.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+
+{
+ nixpkgs.config.firefox = {
+ enableAdobeFlash = true;
+ };
+
+ krebs.per-user.makefu.packages = with pkgs; [
+ chromium
+ clipit
+ feh
+ firefox
+ keepassx
+ pcmanfm
+ skype
+ mirage
+ tightvnc
+ gnome3.dconf
+ wireshark
+ xdotool
+ xorg.xbacklight
+ scrot
+ ];
+}
diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix
new file mode 100644
index 000000000..86d72c662
--- /dev/null
+++ b/makefu/2configs/tools/core.nix
@@ -0,0 +1,46 @@
+{ pkgs, ... }:
+
+# tools i use when actually working with the host.
+# package version will now be maintained by nix-rebuild
+#
+# essentially `nix-env -q` of the main user
+{
+ krebs.per-user.makefu.packages = with pkgs; [
+ at_spi2_core
+ acpi
+ bc
+ rsync
+ exif
+ file
+ ntfs3g
+ pv
+ proot
+ sshpass
+ populate
+ usbutils
+ p7zip
+ hdparm
+ inetutils
+ ncftp
+ mutt
+ tcpdump
+ sysstat
+ which
+ weechat
+ curl
+ wget
+ wol
+ tmux
+ smartmontools
+ cifs-utils
+ iftop
+ taskwarrior
+ mplayer
+
+ cac-api
+ cac-panel
+ krebspaste
+ ledger
+ pass
+ ];
+}
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
new file mode 100644
index 000000000..8acc25fcc
--- /dev/null
+++ b/makefu/2configs/tools/dev.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+ krebs.per-user.makefu.packages = with pkgs;[
+ nodemcu-uploader
+ esptool
+ python35Packages.virtualenv
+ flashrom
+ ];
+}
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
new file mode 100644
index 000000000..9cfacf408
--- /dev/null
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+
+{
+ krebs.per-user.makefu.packages = with pkgs;[
+ inkscape
+ gimp
+ skype
+ virtmanager
+ synergy
+ saleae-logic
+ ];
+}
diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix
new file mode 100644
index 000000000..34c686451
--- /dev/null
+++ b/makefu/2configs/tools/games.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+
+{
+ krebs.per-user.makefu.packages = with pkgs; [
+ steam
+ ];
+}
diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix
new file mode 100644
index 000000000..4fc3413e8
--- /dev/null
+++ b/makefu/2configs/tools/media.nix
@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+
+{
+ krebs.per-user.makefu.packages = with pkgs; [
+ kodi
+ streamripper
+ youtube-dl
+ calibre
+ vlc
+ mumble
+ ];
+}
diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix
new file mode 100644
index 000000000..5ab699f35
--- /dev/null
+++ b/makefu/2configs/tools/sec.nix
@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+
+{
+ krebs.per-user.makefu.packages = with pkgs; [
+ aria2
+ # mitmproxy
+ pythonPackages.binwalk-full
+ dnsmasq
+ iodine
+ mtr
+ nmap
+ msf
+ thc-hydra
+ ];
+}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index d575d18bc..20eb031a1 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -16,6 +16,9 @@
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://github.com/amadvance/snapraid/releases.atom
https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack
+ https://api.github.com/repos/embray/d2to1/tags
+ https://api.github.com/repos/dorimanx/exfat-nofuse/commits
+ https://api.github.com/repos/dorimanx/exfat-nofuse/tags
];
};
}
diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix
index 91ac13755..86669945a 100644
--- a/makefu/3modules/umts.nix
+++ b/makefu/3modules/umts.nix
@@ -26,7 +26,7 @@ let
Dial Command = ATDT
Modem = ${cfg.modem-device}
Baud = 460800
- Init1 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0
+ Init1 = AT+CGDCONT=1,"IP","${config.makefu.umts.apn}","",0,0
Init2 = ATZ
Init3 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
@@ -54,6 +54,13 @@ let
to avoid race conditions.
'';
};
+ apn = mkOption {
+ default = "pinternet.interkom.de";
+ type = types.str;
+ description = ''
+ apn to use for dailing
+ '';
+ };
};
imp = {
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index 8036e5765..e43341d25 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -364,6 +364,10 @@ globalkeys = awful.util.table.join(
end,
{description = "restore minimized", group = "client"}),
+ awful.key({ }, "XF86MonBrightnessUp", function ()
+ awful.util.spawn("xbacklight -inc 5", false) end),
+ awful.key({ }, "XF86MonBrightnessDown", function ()
+ awful.util.spawn("xbacklight -dec 5", false) end),
awful.key({ }, "XF86AudioRaiseVolume", function ()
awful.util.spawn("amixer set Master 5%+", false) end),
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 71354a015..25ae2fe4b 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -1,38 +1,35 @@
{ pkgs, ... }:
-let
- inherit (pkgs) callPackage;
-in
+with import <stockholm/lib>;
{
- nixpkgs.config.packageOverrides = rec {
- acdcli = callPackage ./acdcli {};
+ nixpkgs.config.packageOverrides = oldpkgs: let
+
+ # This callPackage will try to detect obsolete overrides.
+ callPackage = path: args: let
+ override = pkgs.callPackage path args;
+ upstream = optionalAttrs (override ? "name")
+ (oldpkgs.${(parseDrvName override.name).name} or {});
+ in if upstream ? "name" &&
+ override ? "name" &&
+ compareVersions upstream.name override.name != -1
+ then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
+ else override;
+
+ in {}
+ // mapAttrs (_: flip callPackage {})
+ (filterAttrs (_: dir: pathExists (dir + "/default.nix"))
+ (subdirsOf ./.))
+ // {
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
- awesomecfg = callPackage ./awesomecfg {};
- bintray-upload = callPackage ./bintray-upload {};
- debmirror = callPackage ./debmirror {};
inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client;
- elchhub = callPackage ./elchhub {};
- f3 = callPackage ./f3 {};
- farpd = callPackage ./farpd {};
- git-xlsx-textconv = callPackage ./git-xlsx-textconv {};
- mergerfs = callPackage ./mergerfs {};
- mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
- ps3netsrv = callPackage ./ps3netsrv {};
pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils {
wordset-file = pkgs.fetchurl {
url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
};
};
- qcma = pkgs.qt5.callPackage ./qcma {};
- tw-upload-plugin = callPackage ./tw-upload-plugin {};
- skytraq-logger = callPackage ./skytraq-logger {};
- taskserver = callPackage ./taskserver {};
- udpt = callPackage ./udpt {};
- wol = callPackage ./wol {};
- snapraid = callPackage ./snapraid {};
};
}
diff --git a/makefu/5pkgs/dymo-cups-drivers/default.nix b/makefu/5pkgs/dymo-cups-drivers/default.nix
new file mode 100644
index 000000000..d47bae6dd
--- /dev/null
+++ b/makefu/5pkgs/dymo-cups-drivers/default.nix
@@ -0,0 +1,17 @@
+{ stdenv, lib, pkgs, fetchurl, cups, ... }:
+
+stdenv.mkDerivation rec {
+ name = "dymo-cups-drivers-${version}";
+ version = "1.4.0";
+ src = fetchurl {
+ url = "http://download.dymo.com/dymo/Software/Download%20Drivers/Linux/Download/${name}.tar.gz";
+ sha256 = "0wagsrz3q7yrkzb5ws0m5faq68rqnqfap9p98sgk5jl6x7krf1y6";
+ };
+ buildInputs = [ cups ];
+ makeFlags = [ "cupsfilterdir=$(out)/lib/cups/filter" "cupsmodeldir=$(out)/share/cups/model" ];
+
+ # acd_cli gets dumped in bin and gets overwritten by fixupPhase
+ meta = {
+ description = "Dymo printer drivers";
+ };
+}
diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix
new file mode 100644
index 000000000..84bb232cd
--- /dev/null
+++ b/makefu/5pkgs/esptool/default.nix
@@ -0,0 +1,32 @@
+{ pkgs, fetchFromGitHub, ... }:
+with pkgs.python2Packages;
+let
+ pyaes = buildPythonPackage rec {
+ name = "pyaes-${version}";
+ version = "1.6.0";
+ src = fetchFromGitHub {
+ owner = "ricmoo";
+ repo = "pyaes";
+ rev = "v${version}";
+ sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb";
+ };
+ doCheck = false;
+ };
+in
+buildPythonPackage rec {
+ name = "esptool-${version}";
+ version = "2.0beta2";
+ propagatedBuildInputs = [
+ pyserial
+ flake8
+ ecdsa
+ pyaes
+ ];
+ src = fetchFromGitHub {
+ owner = "themadinventor";
+ repo = "esptool";
+ rev = "v${version}";
+ sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i";
+ };
+ doCheck = false;
+}
diff --git a/makefu/5pkgs/wol/default.nix b/makefu/5pkgs/wol/default.nix
deleted file mode 100644
index a6d54b8a2..000000000
--- a/makefu/5pkgs/wol/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- proj = "wake-on-lan";
- name = "wol-${version}";
- version = "0.7.1";
-
- enableParallelBuilding = true;
-
- src = fetchurl {
- url = "mirror://sourceforge/${proj}/${name}.tar.gz";
- sha256 = "08i6l5lr14mh4n3qbmx6kyx7vjqvzdnh3j9yfvgjppqik2dnq270";
- };
-
- meta = {
- description = "simple wake-on-lan client";
- homepage = https://sourceforge.net/projects/wake-on-lan/;
- license = stdenv.lib.licenses.gpl2;
- platforms = stdenv.lib.platforms.linux;
- maintainers = with stdenv.lib.maintainers; [ makefu ];
- };
-}
diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix
index e371db788..c8035b88e 100644
--- a/mv/1systems/stro.nix
+++ b/mv/1systems/stro.nix
@@ -143,9 +143,9 @@ with import <stockholm/lib>;
};
};
- security.setuidPrograms = [
- "sendmail"
- ];
+ security.wrappers = {
+ sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
+ };
security.sudo.extraConfig = ''
Defaults env_keep+="SSH_CLIENT"
diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix
index cae2bc814..49c0d3d95 100644
--- a/shared/2configs/default.nix
+++ b/shared/2configs/default.nix
@@ -11,7 +11,7 @@ with import <stockholm/lib>;
nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19
+ ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03 @ 2017-03-03
};
secrets.file =
if getEnv "dummy_secrets" == "true"
@@ -30,10 +30,6 @@ with import <stockholm/lib>;
];
nix.useSandbox = true;
- nixpkgs.config.packageOverrides = pkgs: {
- nano = pkgs.vim;
- };
-
environment.systemPackages = with pkgs; [
git
rxvt_unicode.terminfo
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index b718d19b8..108006f34 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -16,11 +16,11 @@ with import <stockholm/lib>;
networking = {
interfaces.enp2s1.ip4 = singleton {
address = let
- addr = "64.137.177.226";
+ addr = "45.62.237.203";
in assert config.krebs.build.host.nets.internet.ip4.addr == addr; addr;
prefixLength = 24;
};
- defaultGateway = "64.137.177.1";
+ defaultGateway = "45.62.237.1";
nameservers = ["8.8.8.8"];
};
diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix
index e9a8a131a..fcd0a2178 100644
--- a/tv/1systems/mu.nix
+++ b/tv/1systems/mu.nix
@@ -99,10 +99,10 @@ with import <stockholm/lib>;
programs.ssh.startAgent = false;
- security.setuidPrograms = [
- "sendmail" # for cron
- "slock"
- ];
+ security.wrappers = {
+ sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
+ slock.slock = "${pkgs.slock}/bin/slock";
+ };
security.pam.loginLimits = [
# for jack
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index a9d7e94eb..4cde8b903 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -157,9 +157,9 @@ with import <stockholm/lib>;
#jack2
];
- security.setuidPrograms = [
- "sendmail" # for cron
- ];
+ security.wrappers = {
+ sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
+ };
services.printing.enable = true;
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 974d820d5..4b8fe8da2 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -167,9 +167,9 @@ with import <stockholm/lib>;
gptfdisk
];
- security.setuidPrograms = [
- "sendmail" # for cron
- ];
+ security.wrappers = {
+ sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
+ };
services.printing.enable = true;
diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix
index 59e8b1c7f..194ac2928 100644
--- a/tv/1systems/zu.nix
+++ b/tv/1systems/zu.nix
@@ -167,9 +167,9 @@ with import <stockholm/lib>;
gptfdisk
];
- security.setuidPrograms = [
- "sendmail" # for cron
- ];
+ security.wrappers = {
+ sendmail.source = "${pkgs.exim}/bin/sendmail"; # for cron
+ };
services.printing.enable = true;
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index dc26a6c6f..33fb7e492 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -14,7 +14,7 @@ with import <stockholm/lib>;
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "5d03aab044970e72a9c6cb07dab734c9c2a391e4";
+ ref = "5b0c9d4f92f15f171afa65caf13a29ac1c068a10"; # nixos-17.03
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";
diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index 2a3b5cbc1..418551213 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -76,6 +76,9 @@ in
};
};
+ # TODO assert that pulse is the only user with "audio" in group/extraGroups
+ # otherwise the audio device can be hijacked while the pulse service restarts
+ # (e.g. when mpv is running) and then the service will fail.
users = {
groups.pulse.gid = config.users.users.pulse.uid;
users.pulse = {
diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix
index 6e11e0251..5779240ba 100644
--- a/tv/2configs/urlwatch.nix
+++ b/tv/2configs/urlwatch.nix
@@ -31,7 +31,7 @@ with import <stockholm/lib>;
## other
- https://nixos.org/channels/nixos-16.09/git-revision
+ https://nixos.org/channels/nixos-17.03/git-revision
https://nixos.org/channels/nixos-unstable/git-revision
## 2014-10-17
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix
index 7dcfecce6..deb929c34 100644
--- a/tv/2configs/xserver/default.nix
+++ b/tv/2configs/xserver/default.nix
@@ -18,7 +18,7 @@ in {
];
# TODO dedicated group, i.e. with a single user [per-user-setuid]
- # TODO krebs.setuid.slock.path vs /var/setuid-wrappers
+ # TODO krebs.setuid.slock.path vs /run/wrappers/bin
krebs.setuid.slock = {
filename = "${pkgs.slock}/bin/slock";
group = "wheel";
diff --git a/tv/5pkgs/q/default.nix b/tv/5pkgs/q/default.nix
index a3a7cd739..2e7aa5cf2 100644
--- a/tv/5pkgs/q/default.nix
+++ b/tv/5pkgs/q/default.nix
@@ -1,7 +1,19 @@
{ pkgs, ... }:
+with import <stockholm/lib>;
let
q-cal = let
- # XXX 23 is the longest line of cal's output
+
+ # Maximum width of cal's output.
+ calwidth = 23;
+
+ # Number of space characters between two calendars.
+ hspace = 2;
+
+ # Return number of columns required to print n calenders side by side.
+ need_width = n:
+ assert n >= 1;
+ n * calwidth + (n - 1) * hspace;
+
pad = ''{
${pkgs.gnused}/bin/sed '
# rtrim
@@ -10,7 +22,7 @@ let
# delete last empty line
''${/^$/d}
' \
- | ${pkgs.gawk}/bin/awk '{printf "%-23s\n", $0}' \
+ | ${pkgs.gawk}/bin/awk '{printf "%-${toString calwidth}s\n", $0}' \
| ${pkgs.gnused}/bin/sed '
# colorize header
1,2s/.*/&/
@@ -20,23 +32,31 @@ let
'
}'';
in ''
+ cols=$(${pkgs.ncurses}/bin/tput cols)
${pkgs.coreutils}/bin/paste \
- <(${pkgs.utillinux}/bin/cal -mw \
+ <(if test $cols -ge ${toString (need_width 3)}; then
+ ${pkgs.utillinux}/bin/cal -mw \
$(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \
| ${pad}
- ) \
- <(${pkgs.utillinux}/bin/cal -mw \
+ fi) \
+ <(if test $cols -ge ${toString (need_width 1)}; then
+ ${pkgs.utillinux}/bin/cal -mw \
| ${pkgs.gnused}/bin/sed '
# colorize day of month
s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/&/
' \
| ${pad}
- ) \
- <(${pkgs.utillinux}/bin/cal -mw \
+ fi) \
+ <(if test $cols -ge ${toString (need_width 2)}; then
+ ${pkgs.utillinux}/bin/cal -mw \
$(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \
| ${pad}
- ) \
- | ${pkgs.gnused}/bin/sed 's/\t/ /g'
+ fi) \
+ | ${pkgs.gnused}/bin/sed '
+ s/^\t//
+ s/\t$//
+ s/\t/${lpad hspace " " ""}/g
+ '
'';
q-isodate = ''
diff --git a/tv/5pkgs/xmonad-tv/default.nix b/tv/5pkgs/xmonad-tv/default.nix
index c6a622bd1..5ac8f8372 100644
--- a/tv/5pkgs/xmonad-tv/default.nix
+++ b/tv/5pkgs/xmonad-tv/default.nix
@@ -132,7 +132,7 @@ spawnRootTerm :: X ()
spawnRootTerm =
forkFile
urxvtcPath
- ["-name", "root-urxvt", "-e", "/var/setuid-wrappers/su", "-"]
+ ["-name", "root-urxvt", "-e", "/run/wrappers/bin/su", "-"]
Nothing
spawnTermAt :: String -> X ()
@@ -143,7 +143,7 @@ spawnTermAt ws = do
myKeys :: XConfig Layout -> Map (KeyMask, KeySym) (X ())
myKeys conf = Map.fromList $
- [ ((_4 , xK_Escape ), forkFile "/var/setuid-wrappers/slock" [] Nothing)
+ [ ((_4 , xK_Escape ), forkFile "/run/wrappers/bin/slock" [] Nothing)
, ((_4S , xK_c ), kill)
, ((_4 , xK_x ), chooseAction spawnTermAt)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 12:00:01 +0000
[cgit] Unable to lock slot /tmp/cgit/b4000000.lock: No such file or directory (2)