summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornin <nin@c-base.org>2018-01-11 23:03:10 +0100
committernin <nin@c-base.org>2018-01-11 23:03:10 +0100
commit80c2e23ec028bfda5c0bad0e3269648d34d298b0 (patch)
tree0b1a0b2312ee8afc874639b5d2ee52fc410403fe
parent64b06a2a0c09f5e57f65bcbf1494c856b58666c3 (diff)
parent279ce3bbbc562d53ba4696c90025671be32b5e0e (diff)
Merge branch 'master' of prism:stockholm
Diffstat
-rw-r--r--jeschli/1systems/bln/config.nix14
-rw-r--r--jeschli/1systems/brauerei/config.nix2
-rw-r--r--jeschli/1systems/enklave/config.nix45
-rw-r--r--jeschli/1systems/enklave/source.nix3
-rw-r--r--jeschli/1systems/reagenzglas/config.nix1
-rw-r--r--jeschli/2configs/default.nix2
-rw-r--r--jeschli/2configs/os-templates/CentOS-7-64bit.nix16
-rw-r--r--jeschli/2configs/retiolum.nix4
-rw-r--r--jeschli/2configs/urxvt.nix2
-rw-r--r--jeschli/source.nix2
-rw-r--r--krebs/1systems/hotdog/config.nix5
-rw-r--r--krebs/1systems/wolf/config.nix1
-rw-r--r--krebs/2configs/buildbot-all.nix4
-rw-r--r--krebs/2configs/ircd.nix4
-rw-r--r--krebs/3modules/buildbot/slave.nix2
-rw-r--r--krebs/3modules/jeschli/default.nix46
-rw-r--r--krebs/3modules/makefu/default.nix1
-rw-r--r--krebs/3modules/nin/default.nix8
-rw-r--r--krebs/3modules/tv/default.nix19
-rw-r--r--krebs/4lib/infest/prepare.sh87
-rw-r--r--krebs/5pkgs/simple/internetarchive/default.nix33
-rw-r--r--krebs/5pkgs/simple/stockholm/default.nix23
-rw-r--r--krebs/source.nix2
-rw-r--r--lass/1systems/daedalus/config.nix1
-rw-r--r--lass/1systems/dishfire/config.nix1
-rw-r--r--lass/1systems/mors/config.nix4
-rw-r--r--lass/1systems/prism/config.nix16
-rw-r--r--lass/2configs/IM.nix15
-rw-r--r--lass/2configs/bepasty.nix5
-rw-r--r--lass/2configs/dns-stuff.nix22
-rw-r--r--lass/2configs/rebuild-on-boot.nix18
-rw-r--r--lass/2configs/security-workarounds.nix2
-rw-r--r--lass/source.nix2
-rw-r--r--makefu/1systems/filepimp/config.nix5
-rw-r--r--makefu/1systems/gum/config.nix29
-rw-r--r--makefu/1systems/omo/config.nix5
-rw-r--r--makefu/1systems/vbob/config.nix26
-rw-r--r--makefu/2configs/bepasty-dual.nix5
-rw-r--r--makefu/2configs/collectd/collectd-base.nix4
-rw-r--r--makefu/2configs/default.nix3
-rw-r--r--makefu/2configs/deployment/photostore.krebsco.de.nix40
-rw-r--r--makefu/2configs/nginx/euer.wiki.nix2
-rw-r--r--makefu/2configs/tools/all.nix1
-rw-r--r--makefu/2configs/tools/consoles.nix9
-rw-r--r--makefu/2configs/tools/dev.nix3
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/5pkgs/bin2iso/default.nix28
-rw-r--r--makefu/5pkgs/cameraupload-server/default.nix23
-rw-r--r--makefu/5pkgs/cue2pops/default.nix24
-rw-r--r--makefu/5pkgs/gen-oath-safe/default.nix5
-rw-r--r--makefu/5pkgs/hdl-dump/default.nix33
-rw-r--r--makefu/5pkgs/opl-utils/default.nix27
-rw-r--r--makefu/source.nix3
-rw-r--r--mv/source.nix2
-rw-r--r--tv/1systems/wu/config.nix6
-rw-r--r--tv/2configs/default.nix2
-rw-r--r--tv/2configs/hw/w110er.nix17
-rw-r--r--tv/2configs/vim.nix2
-rw-r--r--tv/source.nix10
59 files changed, 577 insertions, 151 deletions
diff --git a/jeschli/1systems/bln/config.nix b/jeschli/1systems/bln/config.nix
index 901970e81..9e5f8c52e 100644
--- a/jeschli/1systems/bln/config.nix
+++ b/jeschli/1systems/bln/config.nix
@@ -36,9 +36,9 @@
}
];
- networking.hostName = "BLN02NB0154"; # Define your hostname.
+ networking.hostName = lib.mkForce "BLN02NB0154"; # Define your hostname.
networking.networkmanager.enable = true;
- #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Select internationalisation properties.
# i18n = {
@@ -54,7 +54,11 @@
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
nixpkgs.config.allowUnfree = true;
- environment.shellAliases = { n = "nix-shell"; };
+ environment.shellAliases = {
+ n = "nix-shell";
+ gd = "cd /home/markus/go/src/gitlab.dcso.lolcat";
+ gh = "cd /home/markus/go/src/github.com";
+ };
environment.variables = { GOROOT= [ "${pkgs.go.out}/share/go" ]; };
environment.systemPackages = with pkgs; [
# system helper
@@ -62,6 +66,7 @@
copyq
dmenu
git
+ tig
i3lock
keepass
networkmanagerapplet
@@ -72,6 +77,8 @@
rxvt_unicode
# editors
emacs
+ # databases
+ sqlite
# internet
thunderbird
hipchat
@@ -91,6 +98,7 @@
jetbrains.pycharm-professional
jetbrains.webstorm
jetbrains.goland
+ jetbrains.datagrip
texlive.combined.scheme-full
pandoc
redis
diff --git a/jeschli/1systems/brauerei/config.nix b/jeschli/1systems/brauerei/config.nix
index 171a002da..2dec45795 100644
--- a/jeschli/1systems/brauerei/config.nix
+++ b/jeschli/1systems/brauerei/config.nix
@@ -96,7 +96,7 @@
# Enable the X11 windowing system.
services.xserver.enable = true;
- # services.xserver.layout = "us";
+ services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
diff --git a/jeschli/1systems/enklave/config.nix b/jeschli/1systems/enklave/config.nix
new file mode 100644
index 000000000..010089017
--- /dev/null
+++ b/jeschli/1systems/enklave/config.nix
@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ <stockholm/jeschli>
+ <stockholm/jeschli/2configs/retiolum.nix>
+ <stockholm/jeschli/2configs/os-templates/CentOS-7-64bit.nix>
+ {
+ networking.dhcpcd.allowInterfaces = [
+ "enp*"
+ "eth*"
+ "ens*"
+ ];
+ }
+ {
+ services.openssh.enable = true;
+ }
+ {
+ sound.enable = false;
+ }
+ {
+ users.extraUsers = {
+ root.initialPassword = "pfeife123";
+ root.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+ ];
+ jeschli = {
+ name = "jeschli";
+ uid = 1000;
+ home = "/home/jeschli";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ ];
+ openssh.authorizedKeys.keys = [
+"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgHR1ZPDBMUjGWar/QmI2GiUkZM8pAXRyBDh8j3hGlxlS+0lsBV6bTAI5F13iyzTC4pCuEuDO2OlFB0scwjcOATci8phd8jTjOIDodqDaeQZXbshyuUBfyiAV6q0Sc+cUDV3D6GhzigH3t8EiQmvXmUGm916yFotT12o0dm83SCOh1nAf9ZveC1Hz/eEUTvgWvIb58OdUR5F/S5OVBnIIJZ8tcp0BP9lyjjJCcANWkYJlwaVcNNb0UarCRhvRtptFj+e/EPqQxSCaS2QcxW4zBsQ6C81TFf7WrdH+pwtFg0owlWsxv547sRLLiPf2h2YuQgSoAaW24N0SHhUqvOXd+JyaYw7MAF8Qh3jHm2iJQRgXNuIN0msFi1alwAevilL2mnfAt2biQ9sS9g+CVvQCwX3mg09E4Y3UmFLzvsJafD9meKVrjnDCcXySeAfts59eFmwKtMQ0qrEWaclzUiA6Ay3uD1zma8x1XELGTf8nxnXCGl8s2i2APn7y1Tcwep69DlENWSaReF5zBLIkCtIUDd+8xBFTF3yu5CpyRrRMKGa0QX/MtsQl4SGJWadOTwpM8joIbrIVfKkTNB2McxAjvo0iaRoBDm409gi2Ycy+NSoUV/KAIUG7OysAQZ62hr+E/Kw1ocJCIVI+9vzKx/EnEIHkCSwhYKl5393W7CShVJjJUcKcZddqX2smSShXq8rXPzhIHk1dAVn5Ff/vGZT9z9R0QN3z6Oa9QN5t5TjTdUDToqHTudqOpDxPl2c2yXK9wV+aoHFoML9AmbzTT1U1mKU7GXSoFACiKNzhDzkovyJGpWRyvisX5t75IfuVqvGGI8n3u8OhPMdyyOHRylVaciDzBMZ00xnIHB+dJG9IeYaMm9bW1Li4Jo0CWnogo2+olfHPMLijBuu+bsa5Kp6kFkccJYR/xqcSq0lVXkpGm692JI4dnMGjchipXEGh1gXof9jXHemMMBwjpLFGty+D0r5KdA33m+mIqc9hi0ShquA9nA7E1IxDlgE0gQg+P5ZOeeIN7q54AQmT8iCCCRyne2Kw57XxaGgZoLfj7VjjaeRlzBUglmtyq8B7/c0J3y41vt9Hxhj4sKD+vufZu+M9E6E936KsJlIi+3U0PtopM/b8L4jcH1JYpPljapsys8wkJZ1ymHf6Kj/0FHyi1V+GvquiVrlFN+aHECIzNlCiSMO4MqfPUO1A+s9zkG2ZgPNNv+LoZqnokjbmKM4kdxexMxaL/Eo9Nd/bzdYiFYXlllEL7Uox+yV0N3loQ2juh4zn+ctCnwHi+V9X4l4rB8amW96WrXiJ/WqEK2UO8St8dcQWhCsUUm2OawSrbYYZw5HhJwz/Rhz2UsdSc56s5OUiQLJqpILYvCnqSLlF4iZdRSdDQNpKn+le3CeGUl5UUuvK2BpKGrbPKx0i/2ZSEMxNA5GnDMx/NyiNyDBcoPu/XOlNi8VWsEbCtoTQRamvqHjOmNcPrxCxds+TaF8c0wMR720yj5sWq8= jeschli@nixos"
+ ];
+ };
+ };
+ }
+ ];
+
+ krebs.build.host = config.krebs.hosts.enklave;
+}
diff --git a/jeschli/1systems/enklave/source.nix b/jeschli/1systems/enklave/source.nix
new file mode 100644
index 000000000..4f9f37be7
--- /dev/null
+++ b/jeschli/1systems/enklave/source.nix
@@ -0,0 +1,3 @@
+import <stockholm/jeschli/source.nix> {
+ name = "enklave";
+}
diff --git a/jeschli/1systems/reagenzglas/config.nix b/jeschli/1systems/reagenzglas/config.nix
index d65e897ae..eb2ba179e 100644
--- a/jeschli/1systems/reagenzglas/config.nix
+++ b/jeschli/1systems/reagenzglas/config.nix
@@ -29,7 +29,6 @@
allowDiscards = true;
}
];
- networking.hostName = "reaganzglas"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
# Select internationalisation properties.
diff --git a/jeschli/2configs/default.nix b/jeschli/2configs/default.nix
index 7fb240951..6d788d283 100644
--- a/jeschli/2configs/default.nix
+++ b/jeschli/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
imports = [
./vim.nix
./retiolum.nix
+ <stockholm/lass/2configs/security-workarounds.nix>
{
environment.variables = {
NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
@@ -63,4 +64,5 @@ with import <stockholm/lib>;
];
krebs.enable = true;
+ networking.hostName = config.krebs.build.host.name;
}
diff --git a/jeschli/2configs/os-templates/CentOS-7-64bit.nix b/jeschli/2configs/os-templates/CentOS-7-64bit.nix
new file mode 100644
index 000000000..fb34e94e2
--- /dev/null
+++ b/jeschli/2configs/os-templates/CentOS-7-64bit.nix
@@ -0,0 +1,16 @@
+_:
+
+{
+ imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
+
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+
+ fileSystems."/" = {
+ device = "/dev/sda1";
+ fsType = "ext4";
+ };
+}
diff --git a/jeschli/2configs/retiolum.nix b/jeschli/2configs/retiolum.nix
index 403300b30..b611cbe7d 100644
--- a/jeschli/2configs/retiolum.nix
+++ b/jeschli/2configs/retiolum.nix
@@ -9,6 +9,7 @@
"gum"
"ni"
"dishfire"
+ "enklave"
];
};
@@ -16,6 +17,9 @@
tinc = pkgs.tinc_pre;
};
+ networking.firewall.allowedTCPPorts = [ 655 ];
+ networking.firewall.allowedUDPPorts = [ 655 ];
+
environment.systemPackages = [
pkgs.tinc
];
diff --git a/jeschli/2configs/urxvt.nix b/jeschli/2configs/urxvt.nix
index a2e02de35..69811eb0a 100644
--- a/jeschli/2configs/urxvt.nix
+++ b/jeschli/2configs/urxvt.nix
@@ -28,7 +28,7 @@ with import <stockholm/lib>;
URxvt*scrollBar: false
URxvt*urgentOnBell: true
- URxvt*font: xft:DejaVu Sans Mono:pixelsize=20
+ URxvt*font: xft:DejaVu Sans Mono:pixelsize=12
URXvt*faceSize: 12
'';
}
diff --git a/jeschli/source.nix b/jeschli/source.nix
index d1b64b0ed..382dd61bc 100644
--- a/jeschli/source.nix
+++ b/jeschli/source.nix
@@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "f9390d6";
+ ref = "0653b73";
};
secrets.file = getAttr builder {
buildbot = toString <stockholm/jeschli/2configs/tests/dummy-secrets>;
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 73b5377bd..98fb88702 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -20,10 +20,5 @@
boot.isContainer = true;
networking.useDHCP = false;
- krebs.repo-sync.repos.stockholm.timerConfig = {
- OnBootSec = "5min";
- OnUnitInactiveSec = "2min";
- RandomizedDelaySec = "2min";
- };
krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm";
}
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 0b21c0b6c..9d6955e7e 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -10,7 +10,6 @@ in
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
<stockholm/krebs/2configs/collectd-base.nix>
<stockholm/krebs/2configs/stats/wolf-client.nix>
- <stockholm/krebs/2configs/save-diskspace.nix>
<stockholm/krebs/2configs/graphite.nix>
<stockholm/krebs/2configs/buildbot-krebs.nix>
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index ca994e996..5ea78f227 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -1,10 +1,6 @@
with import <stockholm/lib>;
{ lib, config, pkgs, ... }:
{
- imports = [
- <stockholm/krebs/2configs/repo-sync.nix>
- ];
-
networking.firewall.allowedTCPPorts = [ 80 8010 9989 ];
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index b534f9ad4..962dbf49c 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -12,10 +12,10 @@
'';
config = ''
serverinfo {
- name = "${config.krebs.build.host.name}.irc.retiolum";
+ name = "${config.krebs.build.host.name}.irc.r";
sid = "1as";
description = "miep!";
- network_name = "irc.retiolum";
+ network_name = "irc.r";
hub = yes;
vhost = "0.0.0.0";
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 0af553c5d..fba585448 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -161,7 +161,7 @@ let
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
#remove garbage from old versions
- rm -r ${workdir}
+ rm -rf ${workdir}
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
echo ${contact} > ${workdir}/info/admin
diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index 0d161e1c8..c7e882742 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -118,6 +118,52 @@ with import <stockholm/lib>;
};
};
};
+ enklave = {
+ nets = rec {
+ internet = {
+ ip4.addr = "88.198.164.182";
+ aliases = [
+ "enklave.i"
+ ];
+ };
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.27.30";
+ ip6.addr = "42::30";
+ aliases = [
+ "enklave.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIID8gKCA+kAt8zRg/g0jRmqXn6rVul/tdjWtLPcu0aTjNJ5OYZh50i7WqWllGVz
+ +FfJicuq/Xd1l5qrgUN7MD+Wrfeov+G9lzSgacfPhXMujutXxX3JwW/9f7UN+yoN
+ Sw29Zj+NWb45HyI5WVwMQ332KbKjNcWdTRe+O39oE6bZWg54oEeZOad2UJ7/83sB
+ yNEV/B7bJ0+X9HR8XCKrHI/RkjixNauMDlquGzoVyqLKIWwUnBl9CwtNBCYHbvYD
+ G1rWeCewd9Z6KsqcKSePfa4mn5eOluWcXmbrD/sx8oII40oNUs3kI7a2HExB2Yle
+ P9Q5MQrXRZfI3bdrh1aHieBodZLtosHPNuJIpo8ZaCX88WLhGR3nhJa1vvM1vNwd
+ TSSAdobdZUcuIQJKnVxwP4rXQAKPkN2+ddy+tXCGvfFAsdGKDbgPy4FgT+Ed28vg
+ 3W0fef/3sDNGPY1VAa58/pLz9Un3kNJKUjt00tWamo8daU/3mxZs83nIqDHLq86l
+ 1+wCl37l+KHe7pUVZ3smoezPRCMoUThmc7VzupbQG+piiSSyiYQi0CuBusa44t76
+ 1lMr3pOdRBBAoetZ745ZZVx8s+eYk+C1BmQbLJAfzQ9sbH3LAwXpuAH70mtrFqWl
+ C3LF89/5mZRbFxALZv9cVx3LqIZDjwpKlwPWorZwo14L+eAagdPCcnVNo6ZcVow2
+ mAdNnf7C33fvRsU+rUEIZVPsBHZfAv+f0jqQ65TMvl32VZ0FlxxahSZSj64n8iwr
+ Z+DOxKA9OcAaTrHQReYLpWUfNceVDLfOmQLeih8hNgClgqPgYJP/OtN+ox3NP6ZX
+ +Gkx9HO7a+agtyJxjh3NYbT/NkRW8HcjW8KgRN7jlE9sQi5/FoxKQOUdHmLTvjdk
+ YJXqdPWMYHj2xt4A8x2nzl/si6lwDsod+zdY5RGSdYhoybEOs4wZZIuArmm8GP+C
+ IbtgutknAuqvm2FOxyWCbLFTimgqC5BgrNUsXFJJLsHQ3bWFJtVpJlSa5Y0iypCP
+ Yr/cefbDrGfs3eCy7FlYDIkCcH06FPm1LTs6USisrtKFObRQN+zPSPln9FysNmpH
+ h0YUhrWdTO+wN78K5gc4ALPNUlyqmH61h8jS2qSdrRZLcZWIi4K4banG6EJcWRvV
+ kaVxghY1i/Z9x43bZRpBPvpM462IDx08vYX9AcFmF7JfjAXPwJO/EqZVsY1YPDzO
+ vdXWrtTORO8R8Pjq3X952yNqgHBcJQh7Q9TBcj+XBtkidOSnTt3Sp/RumsucUW19
+ 0wMempDPiCOAadLmR4cW5XL1ednXurkd+5gHCmB1Sl7FueP5dgLB/mhXjmITE3zH
+ aQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
+
};
users = {
jeschli = {
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 9f1842b88..56e5c6b82 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -541,6 +541,7 @@ with import <stockholm/lib>;
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
dockerhub IN A ${nets.internet.ip4.addr}
+ photostore IN A ${nets.internet.ip4.addr}
io IN NS gum.krebsco.de.
'';
};
diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix
index 1a0999b8d..1531a2c89 100644
--- a/krebs/3modules/nin/default.nix
+++ b/krebs/3modules/nin/default.nix
@@ -14,7 +14,6 @@ with import <stockholm/lib>;
ip4.addr = "10.243.132.96";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342";
aliases = [
- "hiawatha.retiolum"
"hiawatha.r"
];
tinc.pubkey = ''
@@ -39,7 +38,6 @@ with import <stockholm/lib>;
ip4.addr = "10.243.134.66";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379";
aliases = [
- "axon.retiolum"
"axon.r"
];
tinc.pubkey = ''
@@ -80,10 +78,8 @@ with import <stockholm/lib>;
ip4.addr = "10.243.132.55";
ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357";
aliases = [
- "onondaga.retiolum"
"onondaga.r"
"cgit.onondaga.r"
- "cgit.onondaga.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -104,11 +100,11 @@ with import <stockholm/lib>;
};
users = {
nin = {
- mail = "nin@axon.retiolum";
+ mail = "nin@axon.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon";
};
nin_h = {
- mail = "nin@hiawatha.retiolum";
+ mail = "nin@hiawatha.r";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha";
};
};
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 98145274c..cc09313f7 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -122,6 +122,7 @@ with import <stockholm/lib>;
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
krebsco.de. 60 IN MX 5 ni
+ krebsco.de. 60 IN TXT v=spf1 mx -all
'';
};
nets = {
@@ -201,24 +202,6 @@ with import <stockholm/lib>;
};
};
};
- schnabeldrucker = {
- external = true;
- nets = {
- gg23 = {
- ip4.addr = "10.23.1.21";
- aliases = ["schnabeldrucker.gg23"];
- };
- };
- };
- schnabelscanner = {
- external = true;
- nets = {
- gg23 = {
- ip4.addr = "10.23.1.22";
- aliases = ["schnabelscanner.gg23"];
- };
- };
- };
wu = {
ci = true;
cores = 4;
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index ccfc4f49b..78c1c6ec1 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -21,6 +21,10 @@ prepare() {(
esac
;;
debian)
+ if grep -Fq Hetzner /etc/motd; then
+ prepare_hetzner_rescue "$@"
+ exit
+ fi
case $VERSION_ID in
7)
prepare_debian "$@"
@@ -72,7 +76,7 @@ prepare_debian() {
type bzip2 2>/dev/null || apt-get install bzip2
type git 2>/dev/null || apt-get install git
type rsync 2>/dev/null || apt-get install rsync
- type curl 2>/dev/null || apt-get install curl
+ type curl 2>/dev/null || apt-get install curl
prepare_common
}
@@ -90,10 +94,33 @@ prepare_nixos_iso() {
mkdir -p bin
rm -f bin/nixos-install
- cp "$(type -p nixos-install)" bin/nixos-install
+ cp "$(_which nixos-install)" bin/nixos-install
sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
}
+prepare_hetzner_rescue() {
+ _which() (
+ which "$1"
+ )
+ mountpoint /mnt
+
+ type bzip2 2>/dev/null || apt-get install bzip2
+ type git 2>/dev/null || apt-get install git
+ type rsync 2>/dev/null || apt-get install rsync
+ type curl 2>/dev/null || apt-get install curl
+
+ mkdir -p /mnt/"$target_path"
+ mkdir -p "$target_path"
+
+ if ! mountpoint "$target_path"; then
+ mount --rbind /mnt/"$target_path" "$target_path"
+ fi
+
+ _prepare_nix_users
+ _prepare_nix
+ _prepare_nixos_install
+}
+
get_nixos_install() {
echo "installing nixos-install" 2>&1
c=$(mktemp)
@@ -107,24 +134,13 @@ EOF
nix-env -i -A config.system.build.nixos-install -f "<nixpkgs/nixos>"
rm -v $c
}
+
prepare_common() {(
+ _which() (
+ type -p "$1"
+ )
- if ! getent group nixbld >/dev/null; then
- groupadd -g 30000 -r nixbld
- fi
- for i in `seq 1 10`; do
- if ! getent passwd nixbld$i 2>/dev/null; then
- useradd \
- -d /var/empty \
- -g 30000 \
- -G 30000 \
- -l \
- -M \
- -s /sbin/nologin \
- -u $(expr 30000 + $i) \
- nixbld$i
- fi
- done
+ _prepare_nix_users
#
# mount install directory
@@ -173,10 +189,12 @@ prepare_common() {(
mount --bind /nix /mnt/nix
fi
- #
- # install nix
- #
+ _prepare_nix
+ _prepare_nixos_install
+)}
+
+_prepare_nix() {
# install nix on host (cf. https://nixos.org/nix/install)
if ! test -e /root/.nix-profile/etc/profile.d/nix.sh; then
(
@@ -201,17 +219,40 @@ prepare_common() {(
if ! mountpoint "$target_path"; then
mount --rbind /mnt/"$target_path" "$target_path"
fi
+}
+_prepare_nix_users() {
+ if ! getent group nixbld >/dev/null; then
+ groupadd -g 30000 -r nixbld
+ fi
+ for i in `seq 1 10`; do
+ if ! getent passwd nixbld$i 2>/dev/null; then
+ useradd \
+ -d /var/empty \
+ -g 30000 \
+ -G 30000 \
+ -l \
+ -M \
+ -s /sbin/nologin \
+ -u $(expr 30000 + $i) \
+ nixbld$i
+ fi
+ done
+}
+
+
+_prepare_nixos_install() {
get_nixos_install
+
mkdir -p bin
rm -f bin/nixos-install
- cp "$(type -p nixos-install)" bin/nixos-install
+ cp "$(_which nixos-install)" bin/nixos-install
sed -i "s@NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
if ! grep -q '^PATH.*#krebs' .bashrc; then
echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc
echo 'PATH=$HOME/bin:$PATH #krebs' >> .bashrc
fi
-)}
+}
prepare "$@"
diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix
index f5e1bbff3..3c83093be 100644
--- a/krebs/5pkgs/simple/internetarchive/default.nix
+++ b/krebs/5pkgs/simple/internetarchive/default.nix
@@ -1,38 +1,39 @@
-{ pkgs, fetchFromGitHub, ... }:
+{ stdenv, pkgs, ... }:
with pkgs.python3Packages;
buildPythonPackage rec {
pname = "internetarchive";
version = "1.7.3";
name = "${pname}-${version}";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
+ };
+
propagatedBuildInputs = [
requests
- jsonpatch
- docopt
- clint
- six
- schema
- backports_csv
+ jsonpatch
+ docopt
+ clint
+ six
+ schema
+ backports_csv
];
-# check only works when cloned from git repo
+ # check only works when cloned from git repo
doCheck = false;
+
checkInputs = [
pytest
- responses
+ responses
];
prePatch = ''
sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
- '';
-
- src = fetchPypi {
- inherit pname version;
- sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
- };
+ '';
meta = with stdenv.lib; {
description = "python library and cli for uploading files to internet archive";
license = licenses.agpl3;
};
-
}
diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix
index 5705f086d..53c1ca5ba 100644
--- a/krebs/5pkgs/simple/stockholm/default.nix
+++ b/krebs/5pkgs/simple/stockholm/default.nix
@@ -92,6 +92,17 @@
-I "$target_path"
'');
+ cmds.get-version = pkgs.writeDash "get-version" ''
+ set -efu
+ hostname=''${HOSTNAME-$(${pkgs.nettools}/bin/hostname)}
+ version=git.$(${pkgs.git}/bin/git describe --always --dirty)
+ case $version in (*-dirty)
+ version=$version@$hostname
+ esac
+ date=$(${pkgs.coreutils}/bin/date +%y.%m)
+ echo "$date.$version"
+ '';
+
cmds.install = pkgs.withGetopt {
force-populate = { default = /* sh */ "false"; switch = true; };
quiet = { default = /* sh */ "false"; switch = true; };
@@ -205,7 +216,7 @@
init.env = pkgs.writeText "init.env" /* sh */ ''
export HOSTNAME="$(${pkgs.nettools}/bin/hostname)"
- export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${shell.get-version})}"
+ export STOCKHOLM_VERSION="''${STOCKHOLM_VERSION-$(${cmds.get-version})}"
export quiet
export system
@@ -274,16 +285,6 @@
fi
'';
- shell.get-version = pkgs.writeDash "stockholm.get-version" ''
- set -efu
- version=git.$(${pkgs.git}/bin/git describe --always --dirty)
- case $version in (*-dirty)
- version=$version@$HOSTNAME
- esac
- date=$(${pkgs.coreutils}/bin/date +%y.%m)
- echo "$date.$version"
- '';
-
in
pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link:
diff --git a/krebs/source.nix b/krebs/source.nix
index 8fbdce284..b952aa2a2 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -17,6 +17,6 @@ in
stockholm.file = toString <stockholm>;
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "cb751f9b1c3fe6885f3257e69ce328f77523ad77"; # nixos-17.09 @ 2017-12-13
+ ref = "0b30c1dd4c638e318957fc6a9198cf2429e38cb5"; # nixos-17.09 @ 2018-01-04
};
}
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix
index 6674b3db5..8ec744584 100644
--- a/lass/1systems/daedalus/config.nix
+++ b/lass/1systems/daedalus/config.nix
@@ -41,6 +41,7 @@ with import <stockholm/lib>;
skype
wine
];
+ nixpkgs.config.firefox.enableAdobeFlash = true;
services.xserver.enable = true;
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
index 416edeb82..7993c763e 100644
--- a/lass/1systems/dishfire/config.nix
+++ b/lass/1systems/dishfire/config.nix
@@ -43,6 +43,7 @@
networking.dhcpcd.allowInterfaces = [
"enp*"
"eth*"
+ "ens*"
];
}
{
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 8c7c39a6f..c231a0b10 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -71,10 +71,6 @@ with import <stockholm/lib>;
];
}
{
- #ps vita stuff
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
- }
- {
services.tor = {
enable = true;
client.enable = true;
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 593a1fc9c..03e9f6eeb 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -184,14 +184,17 @@ in {
}
{
#hotdog
+ systemd.services."container@hotdog".reloadIfChanged = mkForce false;
containers.hotdog = {
config = { ... }: {
+ imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
+ autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
@@ -200,8 +203,10 @@ in {
}
{
#kaepsele
+ systemd.services."container@kaepsele".reloadIfChanged = mkForce false;
containers.kaepsele = {
config = { ... }: {
+ imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [
@@ -209,6 +214,7 @@ in {
tv.pubkey
];
};
+ autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.3";
@@ -217,8 +223,10 @@ in {
}
{
#onondaga
+ systemd.services."container@onondaga".reloadIfChanged = mkForce false;
containers.onondaga = {
config = { ... }: {
+ imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
@@ -226,6 +234,7 @@ in {
config.krebs.users.nin.pubkey
];
};
+ autoStart = true;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.5";
@@ -302,6 +311,13 @@ in {
}
];
}
+ {
+ krebs.repo-sync.repos.stockholm.timerConfig = {
+ OnBootSec = "5min";
+ OnUnitInactiveSec = "2min";
+ RandomizedDelaySec = "2min";
+ };
+ }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix
index b94cb0634..51512955e 100644
--- a/lass/2configs/IM.nix
+++ b/lass/2configs/IM.nix
@@ -20,6 +20,17 @@ let
'';
in {
+ services.bitlbee = {
+ enable = true;
+ portNumber = 6666;
+ plugins = [
+ pkgs.bitlbee-facebook
+ pkgs.bitlbee-steam
+ pkgs.bitlbee-discord
+ ];
+ libpurple_plugins = [ pkgs.telegram-purple ];
+ };
+
users.extraUsers.chat = {
home = "/home/chat";
uid = genid "chat";
@@ -46,6 +57,10 @@ in {
restartIfChanged = false;
+ path = [
+ pkgs.rxvt_unicode.terminfo
+ ];
+
serviceConfig = {
User = "chat";
RemainAfterExit = true;
diff --git a/lass/2configs/bepasty.nix b/lass/2configs/bepasty.nix
index 43647892f..9bd416c05 100644
--- a/lass/2configs/bepasty.nix
+++ b/lass/2configs/bepasty.nix
@@ -23,7 +23,10 @@ in {
servers = {
"paste.r" = {
nginx = {
- serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
+ serverAliases = [
+ "paste.${config.krebs.build.host.name}"
+ "paste.r"
+ ];
};
defaultPermissions = "admin,list,create,read,delete";
secretKey = secKey;
diff --git a/lass/2configs/dns-stuff.nix b/lass/2configs/dns-stuff.nix
index 411b07503..cbcce8df9 100644
--- a/lass/2configs/dns-stuff.nix
+++ b/lass/2configs/dns-stuff.nix
@@ -11,24 +11,6 @@ with import <stockholm/lib>;
key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
};
};
- services.dnsmasq = {
- enable = true;
- resolveLocalQueries = false;
- extraConfig = ''
- server=127.1.0.1
- #no-resolv
- cache-size=1000
- min-cache-ttl=3600
- bind-dynamic
- all-servers
- dnssec
- trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
- rebind-domain-ok=/onion/
- server=/.onion/127.0.0.1#9053
- port=53
- '';
- };
- networking.extraResolvconfConf = ''
- name_servers='127.0.0.1'
- '';
+ services.resolved.enable = true;
+ services.resolved.fallbackDns = [ "127.1.0.1" ];
}
diff --git a/lass/2configs/rebuild-on-boot.nix b/lass/2configs/rebuild-on-boot.nix
new file mode 100644
index 000000000..60198be7b
--- /dev/null
+++ b/lass/2configs/rebuild-on-boot.nix
@@ -0,0 +1,18 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ systemd.services.rebuild-on-boot = {
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ NIX_REMOTE = "daemon";
+ HOME = "/var/empty";
+ };
+ serviceConfig = {
+ ExecStart = pkgs.writeScript "rebuild" ''
+ #!${pkgs.bash}/bin/bash
+ (/run/current-system/sw/bin/nixos-rebuild -I /var/src switch) &
+ '';
+ ExecStop = "${pkgs.coreutils}/bin/sleep 10";
+ };
+ };
+}
diff --git a/lass/2configs/security-workarounds.nix b/lass/2configs/security-workarounds.nix
index 537c8a59b..c3d07d5fe 100644
--- a/lass/2configs/security-workarounds.nix
+++ b/lass/2configs/security-workarounds.nix
@@ -5,4 +5,6 @@ with import <stockholm/lib>;
boot.extraModprobeConfig = ''
install dccp /run/current-system/sw/bin/false
'';
+
+ boot.kernelPackages = pkgs.linuxPackages_latest;
}
diff --git a/lass/source.nix b/lass/source.nix
index 473dd2cf2..46c6d31dc 100644
--- a/lass/source.nix
+++ b/lass/source.nix
@@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "3aec59c";
+ ref = "d202e30";
};
secrets = getAttr builder {
buildbot.file = toString <stockholm/lass/2configs/tests/dummy-secrets>;
diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix
index e9058ec85..30ba61a9b 100644
--- a/makefu/1systems/filepimp/config.nix
+++ b/makefu/1systems/filepimp/config.nix
@@ -71,7 +71,10 @@ in {
'') allDisks);
fileSystems = let
xfsmount = name: dev:
- { "/media/${name}" = { device = dev; fsType = "xfs"; }; };
+ { "/media/${name}" = {
+ device = dev; fsType = "xfs";
+ options = [ "nofail" ];
+ }; };
in
# (xfsmount "j0" (part1 jDisk0)) //
(xfsmount "j1" (part1 jDisk1)) //
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 1fe0b62f9..f473d9e4c 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -67,7 +67,7 @@ in {
<stockholm/makefu/2configs/nginx/public_html.nix>
<stockholm/makefu/2configs/nginx/update.connector.one.nix>
- <stockholm/makefu/2configs/deployment/mycube.connector.one.nix>
+ <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
@@ -108,16 +108,35 @@ in {
# };
#}
{ # wireguard server
- networking.firewall.allowedUDPPorts = [ 51820 ];
+
+ # TODO: networking.nat
+
+ # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+ # conf.all.proxy_arp =1
+ networking.firewall = {
+ allowedUDPPorts = [ 51820 ];
+ extraCommands = ''
+ iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
+ '';
+ };
+
networking.wireguard.interfaces.wg0 = {
ips = [ "10.244.0.1/24" ];
+ listenPort = 51820;
privateKeyFile = (toString <secrets>) + "/wireguard.key";
allowedIPsAsRoutes = true;
- peers = [{
- # allowedIPs = [ "0.0.0.0/0" "::/0" ];
+ peers = [
+ {
+ # x
allowedIPs = [ "10.244.0.2/32" ];
publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
- }];
+ }
+ {
+ # vbob
+ allowedIPs = [ "10.244.0.3/32" ];
+ publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+ }
+ ];
};
}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index aaecebadc..ce3ffbcf3 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -143,7 +143,10 @@ in {
];
fileSystems = let
cryptMount = name:
- { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };};
+ { "/media/${name}" = {
+ device = "/dev/mapper/${name}"; fsType = "xfs";
+ options = [ "nofail" ];
+ };};
in cryptMount "crypt0"
// cryptMount "crypt1"
// cryptMount "crypt2"
diff --git a/makefu/1systems/vbob/config.nix b/makefu/1systems/vbob/config.nix
index f318c0e61..ffd9deaee 100644
--- a/makefu/1systems/vbob/config.nix
+++ b/makefu/1systems/vbob/config.nix
@@ -7,7 +7,8 @@
<stockholm/makefu>
{
imports = [<stockholm/makefu/2configs/fs/single-partition-ext4.nix> ];
- boot.loader.grub.device = "/dev/vda";
+ boot.loader.grub.device = "/dev/sda";
+ virtualisation.virtualbox.guest.enable = true;
}
# {
# imports = [
@@ -49,6 +50,27 @@
# environment
<stockholm/makefu/2configs/tinc/retiolum.nix>
+ (let
+ gum-ip = config.krebs.hosts.gum.nets.internet.ip4.addr;
+ gateway = "10.0.2.2";
+ in {
+ # make sure the route to gum gets added after the network is online
+ systemd.services.wireguard-wg0.after = [ "network-online.target" ];
+ networking.wireguard.interfaces.wg0 = {
+ ips = [ "10.244.0.3/24" ];
+ privateKeyFile = (toString <secrets>) + "/wireguard.key";
+ # explicit route via eth0 to gum
+ preSetup = ["${pkgs.iproute}/bin/ip route add ${gum-ip} via ${gateway}"];
+ peers = [
+ { # gum
+ endpoint = "${gum-ip}:51820";
+ allowedIPs = [ "0.0.0.0/0" "10.244.0.0/24" ];
+ publicKey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=";
+ persistentKeepalive = 25;
+ }
+ ];
+ };
+ })
];
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
@@ -90,5 +112,5 @@
8010
];
-
+ systemd.services."serial-getty@ttyS0".enable = true;
}
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index 701bf5b1d..890652285 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -28,7 +28,10 @@ in {
servers = {
"paste.r" = {
nginx = {
- serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
+ serverAliases = [
+ "paste.${config.krebs.build.host.name}"
+ "paste.r"
+ ];
};
defaultPermissions = "admin,list,create,read,delete";
secretKeyFile = secKey;
diff --git a/makefu/2configs/collectd/collectd-base.nix b/makefu/2configs/collectd/collectd-base.nix
index 91e5216ad..9168d1fa9 100644
--- a/makefu/2configs/collectd/collectd-base.nix
+++ b/makefu/2configs/collectd/collectd-base.nix
@@ -10,7 +10,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
- target "wry.retiolum" "localhost" "google.com"
+ target "wry.r" "localhost" "google.com"
interval 30
</Module>
</Plugin>
@@ -19,7 +19,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
- Host "heidi.retiolum"
+ Host "heidi.r"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 25f9f63bf..0a89d2023 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -11,6 +11,9 @@ with import <stockholm/lib>;
./vim.nix
./binary-cache/nixos.nix
];
+
+ boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+
programs.command-not-found.enable = false;
nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
krebs = {
diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix
new file mode 100644
index 000000000..9e16a384a
--- /dev/null
+++ b/makefu/2configs/deployment/photostore.krebsco.de.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+# more than just nginx config but not enough to become a module
+with import <stockholm/lib>;
+let
+ wsgi-sock = "${workdir}/uwsgi-photostore.sock";
+ workdir = config.services.uwsgi.runDir;
+in {
+
+ services.uwsgi = {
+ enable = true;
+ user = "nginx";
+ runDir = "/var/lib/photostore";
+ plugins = [ "python3" ];
+ instance = {
+ type = "emperor";
+ vassals = {
+ cameraupload-server = {
+ type = "normal";
+ pythonPackages = self: with self; [ pkgs.cameraupload-server ];
+ socket = wsgi-sock;
+ };
+ };
+ };
+ };
+
+ services.nginx = {
+ enable = mkDefault true;
+ virtualHosts."photostore.krebsco.de" = {
+ locations = {
+ "/".extraConfig = ''
+ uwsgi_pass unix://${wsgi-sock};
+ uwsgi_param UWSGI_CHDIR ${workdir};
+ uwsgi_param UWSGI_MODULE cuserver.main;
+ uwsgi_param UWSGI_CALLABLE app;
+ include ${pkgs.nginx}/conf/uwsgi_params;
+ '';
+ };
+ };
+ };
+}
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index ef2c17c63..08bc5659f 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -76,7 +76,7 @@ in {
virtualHosts = {
"${ext-dom}" = {
#serverAliases = [
- # "wiki.makefu.retiolum"
+ # "wiki.makefu.r"
# "wiki.makefu"
#];
forceSSL = true;
diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix
index 1ac22e34c..2bb438f16 100644
--- a/makefu/2configs/tools/all.nix
+++ b/makefu/2configs/tools/all.nix
@@ -1,6 +1,7 @@
{
imports = [
./android-pentest.nix
+ ./consoles.nix
./core.nix
./core-gui.nix
./dev.nix
diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix
new file mode 100644
index 000000000..7090804d4
--- /dev/null
+++ b/makefu/2configs/tools/consoles.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{
+ users.users.makefu.packages = with pkgs; [
+ opl-utils
+ hdl-dump
+ bin2iso
+ cue2pops
+ ];
+}
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 04a65df26..b652241bd 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -21,6 +21,9 @@
gen-oath-safe
cdrtools
stockholm
+ # nix related
+ nix-repl
+ nix-index
# git-related
tig
];
diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix
index 1993a5212..f2676f11c 100644
--- a/makefu/2configs/tools/mobility.nix
+++ b/makefu/2configs/tools/mobility.nix
@@ -5,5 +5,5 @@
mosh
];
- boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
+ # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
}
diff --git a/makefu/5pkgs/bin2iso/default.nix b/makefu/5pkgs/bin2iso/default.nix
new file mode 100644
index 000000000..31d05fab3
--- /dev/null
+++ b/makefu/5pkgs/bin2iso/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, lib, pkgs, fetchurl }:
+stdenv.mkDerivation rec {
+ pname = "bin2iso";
+ version = "1.9b";
+ _dlver = builtins.replaceStrings ["."] [""] version;
+ name = "${pname}-${version}";
+
+ src = fetchurl {
+ url = "http://users.eastlink.ca/~doiron/${pname}/linux/${pname}${_dlver}_linux.c";
+ sha256 = "0gg4hbzlm83nnbccy79dnxbwpn7lxl3fb87ka36mlclikvknm2hy";
+ };
+
+ unpackPhase = "true";
+
+ buildPhase =''
+ gcc -Wall -o $pname $src
+ '';
+
+ installPhase = ''
+ install -Dm755 $pname $out/bin/$pname
+ '';
+
+ meta = {
+ homepage = http://users.eastlink.ca/~doiron/bin2iso/ ;
+ description = "converts bin+cue to iso";
+ license = lib.licenses.gpl3;
+ };
+}
diff --git a/makefu/5pkgs/cameraupload-server/default.nix b/makefu/5pkgs/cameraupload-server/default.nix
new file mode 100644
index 000000000..e2e410958
--- /dev/null
+++ b/makefu/5pkgs/cameraupload-server/default.nix
@@ -0,0 +1,23 @@
+{ lib, pkgs, fetchFromGitHub, ... }:
+
+with pkgs.python3Packages;buildPythonPackage rec {
+ name = "cameraupload-server-${version}";
+ version = "0.2.4";
+
+ propagatedBuildInputs = [
+ flask
+ ];
+
+ src = fetchFromGitHub {
+ owner = "makefu";
+ repo = "cameraupload-server";
+ rev = "c98c8ec";
+ sha256 = "0ssgvjm0z399l62wkgjk8c75mvhgn5z7g1dkb78r8vrih9428bb8";
+ };
+
+ meta = {
+ homepage = https://github.com/makefu/cameraupload-server;
+ description = "server side for cameraupload_full";
+ license = lib.licenses.asl20;
+ };
+}
diff --git a/makefu/5pkgs/cue2pops/default.nix b/makefu/5pkgs/cue2pops/default.nix
new file mode 100644
index 000000000..218ae8307
--- /dev/null
+++ b/makefu/5pkgs/cue2pops/default.nix
@@ -0,0 +1,24 @@
+{ stdenv, lib, pkgs, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+ pname = "cue2pops";
+ version = "2";
+ name = "${pname}-${version}";
+
+ src = fetchFromGitHub {
+ owner = "makefu";
+ repo = "cue2pops-linux";
+ rev = "541863a";
+ sha256 = "05w84726g3k33rz0wwb9v77g7xh4cnhy9sxlpilf775nli9bynrk";
+ };
+
+ installPhase = ''
+ install -Dm755 $pname $out/bin/$pname
+ '';
+
+ meta = {
+ homepage = http://users.eastlink.ca/~doiron/bin2iso/ ;
+ description = "converts bin+cue to iso";
+ license = lib.licenses.gpl3;
+ };
+}
diff --git a/makefu/5pkgs/gen-oath-safe/default.nix b/makefu/5pkgs/gen-oath-safe/default.nix
index 344dc1a02..bad4b08a8 100644
--- a/makefu/5pkgs/gen-oath-safe/default.nix
+++ b/makefu/5pkgs/gen-oath-safe/default.nix
@@ -1,7 +1,6 @@
{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }:
-builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken"
- stdenv.mkDerivation {
+stdenv.mkDerivation {
name = "gen-oath-safe-2017-06-30";
src = fetchFromGitHub {
owner = "mcepl";
@@ -24,7 +23,7 @@ builtins.trace "Warning: HTOP mode of gen-oath-safe is currently broken"
coreutils
openssl
qrencode
- #yubikey-manager
+ yubikey-manager
libcaca
python
];
diff --git a/makefu/5pkgs/hdl-dump/default.nix b/makefu/5pkgs/hdl-dump/default.nix
new file mode 100644
index 000000000..bd454223a
--- /dev/null
+++ b/makefu/5pkgs/hdl-dump/default.nix
@@ -0,0 +1,33 @@
+{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }:
+stdenv.mkDerivation rec {
+ pname = "hdl-dump";
+ version = "75df8d7";
+ name = "${pname}-${version}";
+
+ src = fetchFromGitHub {
+ owner = "AKuHAK";
+ repo = "hdl-dump";
+ rev = version;
+ sha256 = "10jjr6p5yn0c182x17m7q68jmf8gizcny7wjxw7z5yh0fv5s48z4";
+ };
+
+ buildInputs = [ upx wine ];
+
+ makeFlags = [ "RELEASE=yes" ];
+
+ # uses wine, currently broken
+ #postBuild = ''
+ # make -C gui
+ #'';
+
+ installPhase = ''
+ mkdir -p $out/bin
+ cp hdl_dump $out/bin
+ '';
+
+ meta = {
+ homepage = https://github.com/AKuHAK/hdl-dump ;
+ description = "copy isos to psx hdd";
+ license = lib.licenses.gpl2;
+ };
+}
diff --git a/makefu/5pkgs/opl-utils/default.nix b/makefu/5pkgs/opl-utils/default.nix
new file mode 100644
index 000000000..f4430f333
--- /dev/null
+++ b/makefu/5pkgs/opl-utils/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, lib, pkgs, fetchFromGitHub }:
+stdenv.mkDerivation rec {
+ pname = "opl-utils";
+ version = "881c0d2";
+ name = "${pname}-${version}";
+
+ src = fetchFromGitHub {
+ owner = "ifcaro";
+ repo = "open-ps2-loader";
+ rev = version;
+ sha256 = "1c2hgbyp5hymyq60mrk7g0m3gi00wqx165pdwwwb740q0qig07d1";
+ };
+
+
+ preBuild = "cd pc/";
+
+ installPhase = ''
+ mkdir -p $out/bin
+ cp */bin/* $out/bin
+ '';
+
+ meta = {
+ homepage = https://github.com/ifcaro/Open-PS2-Loader;
+ description = "open-ps2-loader utils (opl2iso,iso2opl,genvmc)";
+ license = lib.licenses.afl3;
+ };
+}
diff --git a/makefu/source.nix b/makefu/source.nix
index fde1d9680..c22c82f32 100644
--- a/makefu/source.nix
+++ b/makefu/source.nix
@@ -13,8 +13,9 @@ let
then "buildbot"
else "makefu";
_file = <stockholm> + "/makefu/1systems/${name}/source.nix";
- ref = "3874de4"; # unstable @ 2017-12-08
+ ref = "0f19bee"; # nixos-17.09 @ 2018-01-05
# + do_sqlite3 ruby: 55a952be5b5
+ # + signal: 0f19beef3
in
evalSource (toString _file) [
diff --git a/mv/source.nix b/mv/source.nix
index 2fa53a13e..5f6b2fe36 100644
--- a/mv/source.nix
+++ b/mv/source.nix
@@ -10,7 +10,7 @@ in
nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
nixpkgs.git = {
# nixos-17.09
- ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
+ ref = mkDefault "0653b73bf61f3a23d28c38ab7e9c69a318d433de";
url = https://github.com/NixOS/nixpkgs;
};
secrets.file = getAttr builder {
diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix
index 5c593894a..b3e084fe2 100644
--- a/tv/1systems/wu/config.nix
+++ b/tv/1systems/wu/config.nix
@@ -44,12 +44,6 @@ with import <stockholm/lib>;
};
};
- krebs.nixpkgs.allowUnfreePredicate = pkg: hasPrefix "nvidia-x11-" pkg.name;
- hardware.bumblebee.enable = true;
- hardware.bumblebee.group = "video";
- hardware.enableRedistributableFirmware= true;
- hardware.opengl.driSupport32Bit = true;
-
services.printing.enable = true;
services.udev.extraRules = ''
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 280552fe4..2ccab3d09 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -1,6 +1,8 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: {
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+
boot.tmpOnTmpfs = true;
krebs.enable = true;
diff --git a/tv/2configs/hw/w110er.nix b/tv/2configs/hw/w110er.nix
index 787bfc6e9..55e9482d4 100644
--- a/tv/2configs/hw/w110er.nix
+++ b/tv/2configs/hw/w110er.nix
@@ -1,8 +1,20 @@
+with import <stockholm/lib>;
{ pkgs, ... }:
{
imports = [
../smartd.nix
+ {
+ # nvidia doesn't build despite
+ # https://github.com/NixOS/nixpkgs/issues/33284
+ #hardware.bumblebee.enable = true;
+ #hardware.bumblebee.group = "video";
+ #hardware.enableRedistributableFirmware= true;
+ #krebs.nixpkgs.allowUnfreePredicate = pkg:
+ # hasPrefix "nvidia-x11-" pkg.name ||
+ # hasPrefix "nvidia-persistenced-" pkg.name ||
+ # hasPrefix "nvidia-settings-" pkg.name;
+ }
];
boot.extraModprobeConfig = ''
@@ -15,6 +27,7 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
+ hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = [ pkgs.vaapiIntel ];
networking.wireless.enable = true;
@@ -41,4 +54,8 @@
echo auto > $i/power/control # defaults to 'on'
done)
'';
+
+ services.xserver = {
+ videoDriver = "intel";
+ };
}
diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix
index 8a27b606a..59619f9b5 100644
--- a/tv/2configs/vim.nix
+++ b/tv/2configs/vim.nix
@@ -233,7 +233,7 @@ let {
lua = {};
sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
sh.extraStart = concatStringsSep ''\|'' [
- ''write\(Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
+ ''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
''[a-z]*Phase[ \t\r\n]*=''
];
yaml = {};
diff --git a/tv/source.nix b/tv/source.nix
index 31308fc99..b5e3f7cd7 100644
--- a/tv/source.nix
+++ b/tv/source.nix
@@ -1,8 +1,10 @@
with import <stockholm/lib>;
-host@{ name, secure ? false, override ? {} }: let
- builder = if getEnv "dummy_secrets" == "true"
- then "buildbot"
- else "tv";
+{ name
+, dummy_secrets ? getEnv "dummy_secrets" == "true"
+, override ? {}
+, secure ? false
+}@host: let
+ builder = if dummy_secrets then "buildbot" else "tv";
_file = <stockholm> + "/tv/1systems/${name}/source.nix";
in
evalSource (toString _file) [
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 17:51:45 +0000
[cgit] Unable to lock slot /tmp/cgit/b7300000.lock: No such file or directory (2)