summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2024-01-14 21:45:31 +0100
committermakefu <github@syntax-fehler.de>2024-01-14 21:45:31 +0100
commit9b553ebec7cb3315d5d7ad551ba942005e0da501 (patch)
treea4efff47471b575d8ed90aa0ae1afd56d5ced281
parent2ca25d5fc3b5bcabe15b0934208b5f5201420eb2 (diff)
parent9368e6d78abbe1523a2a54279fd4e9db01a4f610 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat
-rw-r--r--flake.lock6
-rw-r--r--kartei/krebs/default.nix3
-rw-r--r--kartei/mic92/default.nix28
-rw-r--r--kartei/tv/hosts/fu.nix24
-rw-r--r--kartei/tv/hosts/leg.nix24
-rw-r--r--kartei/tv/hosts/zoppo.nix2
-rw-r--r--kartei/tv/wiregrill/fu.pub1
-rw-r--r--kartei/tv/wiregrill/leg.pub1
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/default.nix13
-rw-r--r--krebs/2configs/mastodon-proxy.nix13
-rw-r--r--krebs/2configs/mastodon.nix14
-rw-r--r--krebs/2configs/nginx.nix24
-rw-r--r--krebs/2configs/reaktor2.nix2
-rw-r--r--krebs/3modules/setuid.nix26
-rw-r--r--krebs/3modules/sync-containers3.nix19
-rw-r--r--krebs/6assets/krebsAcmeCA.crt26
-rw-r--r--krebs/krops.nix8
-rw-r--r--krebs/nixpkgs-unstable.json12
-rw-r--r--krebs/nixpkgs.json12
-rwxr-xr-xkrebs/update-nixpkgs-unstable.sh9
-rwxr-xr-xkrebs/update-nixpkgs.sh9
-rw-r--r--lib/pure.nix1
23 files changed, 165 insertions, 113 deletions
diff --git a/flake.lock b/flake.lock
index 7ca0c5f9b..6fba339f5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -18,11 +18,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1693844670,
- "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
+ "lastModified": 1702151865,
+ "narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
+ "rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd",
"type": "github"
},
"original": {
diff --git a/kartei/krebs/default.nix b/kartei/krebs/default.nix
index 6c5c86ead..7e3f1b542 100644
--- a/kartei/krebs/default.nix
+++ b/kartei/krebs/default.nix
@@ -87,7 +87,6 @@ in {
"irc.r"
"wiki.r"
];
- tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc
@@ -114,7 +113,6 @@ in {
"go.r"
"rss.r"
];
- tinc.port = 0;
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc
@@ -225,7 +223,6 @@ in {
"build.puyak.r"
"cgit.puyak.r"
];
- tinc.port = 0;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix
index 00fb92128..96edeba55 100644
--- a/kartei/mic92/default.nix
+++ b/kartei/mic92/default.nix
@@ -692,15 +692,15 @@ in {
aliases = [ "adelaide.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAzxKKd1dV+XDUV8pHqkAtbLcwEZVsf0kK+y5X/zbZcXEZhQQv6/dY
- YJRoNG3lo8+7FMwYO2b2uyIkO1PopsORMAA2vIFaKJ2Qnt7byuIQ6n9CafIADx1M
- dVf+cwUhY8IVIX2ndz9pIAY8NhmzEcjG5vGKxRqev1zNwa1LtsLDLObhkKYznM6y
- HV5F92GONMeNOovHCxIYsSJ8jLn8BB60toADzocgzKvCiEw4IwKnzL/au9RGY4Xi
- 25YXBzF5ai84e+HyaGGGD/qa4SqL9/jCkDB7QAwRqb01wGhtTLty+ubjzh1HF3am
- zpizPVNwBTqHW1S3W1i/yi5a5w4D/zdrRQIDAQAB
+ MIIBCgKCAQEAp17cmCeFBu+WLKuhQQmYy3iVm/Vd42T7WA+WPaMDpejpf4hNFl8D
+ MYtLjEo44oOHKE95UK+CfEKjvY+XIYgr/TfXPXPbTfeUNlhwy/anK9Aek4tX/V3z
+ dkS139Tp9ffDq8jUkiITaIXBpMzWC8Pc+hvAUwOyq80YII2Xp+K7+vhpdXKP6Zo0
+ eFd15nCWBhx2LBxnFSE+JT/bpuC4GdGhzAsafjnoR9Jl8kJ/wjIhI/b3j4l6udFq
+ Pn+/1z8mmb2LGkTg4cEUDWd86CCtkYVQW5/E0fHWFzUWStl/f1hEOENU4Cqy7GaD
+ ytioO8RI0ENZOdHZiy6vFnhPFG5Er2t4jQIDAQAB
-----END RSA PUBLIC KEY-----
'';
- tinc.pubkey_ed25519 = "YzB5BqgIQ4f209B2KhpdHu6gRYj5IS64zy1wneq/yiG";
+ tinc.pubkey_ed25519 = "FBuLCjr31Z8ijUNAgzMHeuzyKUP9zvHLijtQKBouxPO";
};
};
};
@@ -993,15 +993,15 @@ in {
aliases = [ "vislor.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAnAIEtqtJzQmhAOLMDOp6LvlMoElNezeFarvZ6LshbZbLPL7Mv2Iy
- buEoduzGNlqUbqEypsv7pQBSqw4Kqn9jMnpk8EpPiLiqIaBJeGqS1eIHi4DdRIyC
- wwOgAqbc0e55LGSRyLS2GgbzD3kHh0UgVF2/MM01r4l53w8ftSJwR5dL6tpKnfgm
- wjc8hwQtxen+zym2RJV7E+YPKg2t/ZGTJZbgk54/19l5Eeb18xxfTyxBNdUWBBCo
- vnR/h2gfCZnmsj4UiSor+z+00eaDyespfjLw3X7XQkCdlfgx0BVfhXH2RGOtdH+P
- AdnLFg7OfGh9V8zAiOC7jyuCrlbh0q0QoQIDAQAB
+ MIIBCgKCAQEAzMOrwiMFgDbITQEnXBJev4bSprV2Hg04xuEUmdoMJB4OJdBrWY7G
+ 71aHXtAjBqJqRYbvSoRPa+jQcpqRHNdNctfE1wq3nUkOYSM0OHGoFwb3kfybh+vu
+ flmAY75ZlVRz3srITjMADpHeiuAEOmGPmlbLiUY09I2qjcaSzYYsTiGnyWSp95tL
+ g3CRqiC4kj4fM0B7lCp/dz/iXDvqWEgoGEQH34x4xIIToA+DkHX5/2NAl4aaiq9m
+ JQ8YCz5qBox3nD6W6bwwsEyG4vOHNcCLHBdVLEbfUFHM8XDjF3dJZ+RjCYxdiEjM
+ dZUckPeLf/8XDkNMZm1eKMIJBvcH3UESLQIDAQAB
-----END RSA PUBLIC KEY-----
'';
- tinc.pubkey_ed25519 = "PqpTiIldNgPTKQVnouiGNo8mX0wqSVtg9al6ve/sj2E";
+ tinc.pubkey_ed25519 = "ZMFZ4fd75fh2OLg/SuiTsavs013E2tUaCDqX76LPI6K";
};
};
};
diff --git a/kartei/tv/hosts/fu.nix b/kartei/tv/hosts/fu.nix
new file mode 100644
index 000000000..f33da59c9
--- /dev/null
+++ b/kartei/tv/hosts/fu.nix
@@ -0,0 +1,24 @@
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.13.44";
+ aliases = [
+ "fu.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA7zwE/2k+c14PkDPaDF4Ss4oxIvb99kcim9qHHhHanZKS0SG0pEOB
+ UthaL8ZC3ww278eh6J1hLsaqJsznEs7TAFYZtH94lbXyxsGq3hdlpMhXKdgeHuei
+ ZpNj/gyo1REsHz4k4Xj3XmtqWoAteQviccl2zi+KcC0U9hxvbnXIY3CGYgNsCFb4
+ 2EJtFXi2nDoHXicso2+bUufIhNGjxEkye9dEkChEGM27fxSr61yVlLARpm67jfEY
+ kTW2OXOYz1yJ6Akr4yvQaS3FN6sEQ3YbE57Xju46VHn5kOmpYVMGyktmdOZwHnaO
+ iaTLEzuYBEAJuyEt/2/XmiCGjlxrIGkyZQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "a2nUW601al1Sp1owDC4D3ukDesHThXeabMzhUckUL1O";
+ };
+ };
+ secure = true;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8T+2Oe6qCE0uEb9H7CWZengyhHK30NelmYmpI4Umpm root@fu";
+ syncthing.id = "F5B3EPT-OEOFYMV-GATESYO-727M6R4-YBXGW6Q-SG3QWC7-PPVFX4C-AY4UKAJ";
+}
diff --git a/kartei/tv/hosts/leg.nix b/kartei/tv/hosts/leg.nix
new file mode 100644
index 000000000..aa023b42d
--- /dev/null
+++ b/kartei/tv/hosts/leg.nix
@@ -0,0 +1,24 @@
+{
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.13.43";
+ aliases = [
+ "leg.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAsfL4VK3WbgbWVYsOA0TJ3iswRrvfE/z/TbNTtzULGPSA6bTG8QXO
+ f2cm6aY6UriMktJL6GB3XNYlDZDKi74bNOXP+O/p7dTr5g9PWjYeqLFiLFr0pwWi
+ pooKxrAcPEJ8khhCI7eXVGL1baiHZsPCZLmPXm+c3qke6uY/48zmt0SG3WwjybF/
+ JMbxE7XTMrsO28PiOZgWrXqZJgLhKygcz9WGMkQ9CcjnHobKIoTRWHILIsEPjR2s
+ /vNeGTa6v9/SpDQtHlfiELNxQAHUXU0//hJvEyH4dMS+vJKNQlL9z84fQqhZGfh0
+ nN++k9cHwSPDusbMqB2ncpx6v8ieUpCsewIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = " qmxNtjkjzXP4QCIJwXLncYFrIfU7royMlQNSVvR3XKH";
+ };
+ };
+ secure = true;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGiputkYYQbg8sUHu+dMVOEuqhPYwPhPdmkS6LopPx17 root@leg";
+ syncthing.id = "5IB2U3K-HNQWNA4-ULYNPZF-XC3HX4D-IKQB72L-GNF6U2P-RNL4OMF-BWGDVAU";
+}
diff --git a/kartei/tv/hosts/zoppo.nix b/kartei/tv/hosts/zoppo.nix
index 4fcbe76c2..4d312105f 100644
--- a/kartei/tv/hosts/zoppo.nix
+++ b/kartei/tv/hosts/zoppo.nix
@@ -1,7 +1,7 @@
{
nets = {
retiolum = {
- ip4.addr = "10.243.13.43";
+ ip4.addr = "10.243.13.45";
aliases = [
"zoppo.r"
];
diff --git a/kartei/tv/wiregrill/fu.pub b/kartei/tv/wiregrill/fu.pub
new file mode 100644
index 000000000..1eaa070b0
--- /dev/null
+++ b/kartei/tv/wiregrill/fu.pub
@@ -0,0 +1 @@
+Nds8Gja25t9xlQqr9zQIUAXXidt42cEIjq9VxUHkBQw=
diff --git a/kartei/tv/wiregrill/leg.pub b/kartei/tv/wiregrill/leg.pub
new file mode 100644
index 000000000..7e75edffe
--- /dev/null
+++ b/kartei/tv/wiregrill/leg.pub
@@ -0,0 +1 @@
+tlGh9gpV09TspLVV/9+Z5T5fhMAQcz5c5L3KNvR/d1I=
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 75a8a0da1..0a103ed1a 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -4,6 +4,7 @@
imports = [
../../../krebs
../../../krebs/2configs
+ ../../../krebs/2configs/nginx.nix
../../../krebs/2configs/buildbot-stockholm.nix
../../../krebs/2configs/binary-cache/nixos.nix
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 905eaaef7..5d64555c8 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -8,7 +8,17 @@ with import ../../lib/pure.nix { inherit lib; };
];
krebs.announce-activation.enable = true;
krebs.enable = true;
- krebs.tinc.retiolum.enable = mkDefault true;
+
+ # retiolum
+ krebs.tinc.retiolum = {
+ enable = mkDefault true;
+ extraConfig = ''
+ AutoConnect = yes
+ LocalDiscovery = yes
+ '';
+ };
+ networking.firewall.allowedTCPPorts = [ 655 ];
+ networking.firewall.allowedUDPPorts = [ 655 ];
# trust krebs ACME CA
krebs.ssl.trustIntermediate = true;
@@ -52,6 +62,7 @@ with import ../../lib/pure.nix { inherit lib; };
config.krebs.users.makefu.pubkey
config.krebs.users.tv.pubkey
config.krebs.users.kmein.pubkey
+ config.krebs.users.mic92.pubkey
];
# The NixOS release to be compatible with for stateful data such as databases.
diff --git a/krebs/2configs/mastodon-proxy.nix b/krebs/2configs/mastodon-proxy.nix
index 4d359c3fe..b579a5031 100644
--- a/krebs/2configs/mastodon-proxy.nix
+++ b/krebs/2configs/mastodon-proxy.nix
@@ -5,19 +5,12 @@
virtualHosts."social.krebsco.de" = {
forceSSL = true;
enableACME = true;
+ acmeFallbackHost = "hotdog.r";
locations."/" = {
# TODO use this in 22.11
- # recommendedProxySettings = true;
- proxyPass = "http://hotdog.r";
+ recommendedProxySettings = true;
+ proxyPass = "https://hotdog.r";
proxyWebsockets = true;
- extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- '';
};
};
};
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
index af308b2c7..ebc4207a0 100644
--- a/krebs/2configs/mastodon.nix
+++ b/krebs/2configs/mastodon.nix
@@ -3,7 +3,7 @@
services.postgresql = {
enable = true;
dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
- package = pkgs.postgresql_11;
+ package = pkgs.postgresql_16;
};
systemd.tmpfiles.rules = [
"d /var/state/postgresql 0700 postgres postgres -"
@@ -13,23 +13,17 @@
enable = true;
localDomain = "social.krebsco.de";
configureNginx = true;
+ streamingProcesses = 3;
trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
smtp.createLocally = false;
smtp.fromAddress = "derp";
};
- services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
- forceSSL = lib.mkForce false;
- enableACME = lib.mkForce false;
- locations."@proxy".extraConfig = ''
- proxy_redirect off;
- proxy_pass_header Server;
- proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
- '';
- };
+ security.acme.certs."social.krebsco.de".server = "https://acme-staging-v02.api.letsencrypt.org/directory";
networking.firewall.allowedTCPPorts = [
80
+ 443
];
environment.systemPackages = [
diff --git a/krebs/2configs/nginx.nix b/krebs/2configs/nginx.nix
new file mode 100644
index 000000000..812093a7e
--- /dev/null
+++ b/krebs/2configs/nginx.nix
@@ -0,0 +1,24 @@
+{
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ security.acme.acceptTerms = true;
+ security.acme.defaults.email = "spam@krebsco.de";
+
+ services.nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedTlsSettings = true;
+
+ enableReload = true;
+
+ virtualHosts.default = {
+ default = true;
+ locations."= /etc/os-release".extraConfig = ''
+ default_type text/plain;
+ alias /etc/os-release;
+ '';
+ # needed for acmeFallback in sync-containers, or other machines not reachable globally
+ locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
+ };
+ };
+}
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index db7b794f4..e84827656 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -526,6 +526,8 @@ in {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
'';
+ # needed for acmeFallback in sync-containers, or other machines not reachable globally
+ locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
};
services.nginx.virtualHosts."bedge.r" = {
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index fdb96c8ba..e3108d88e 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -80,13 +80,25 @@ let
};
imp = {
- system.activationScripts."krebs.setuid" = stringAfter [ "usrbinenv" ]
- (concatMapStringsSep "\n"
- (cfg: /* sh */ ''
- ${cfg.activate}
- rm -f ${cfg.wrapperDir}/${cfg.name}.real
- '')
- (attrValues config.krebs.setuid));
+ systemd.services."krebs.setuid" = {
+ wantedBy = [ "suid-sgid-wrappers.service" ];
+ after = [ "suid-sgid-wrappers.service" ];
+ path = [
+ pkgs.coreutils
+ ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = pkgs.writeDash "krebs.setuid.sh" ''
+ ${concatMapStringsSep "\n"
+ (getAttr "activate")
+ (attrValues config.krebs.setuid)
+ }
+ '';
+ };
+ unitConfig = {
+ DefaultDependencies = false;
+ };
+ };
};
in out
diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix
index 58446c82b..7373592a5 100644
--- a/krebs/3modules/sync-containers3.nix
+++ b/krebs/3modules/sync-containers3.nix
@@ -58,6 +58,8 @@ in {
pkgs.jq
];
networking.useDHCP = lib.mkForce true;
+ networking.useHostResolvConf = false;
+ services.resolved.enable = true;
systemd.services.autoswitch = {
environment = {
NIX_REMOTE = "daemon";
@@ -155,7 +157,7 @@ in {
# echo 'container is reachable, continueing'
continue
else
- # echo 'container seems dead, killing'
+ echo 'container seems dead, killing'
break
fi
else
@@ -246,6 +248,9 @@ in {
}; }
{ "container@${ctr.name}" = lib.mkIf ctr.runContainer {
serviceConfig = {
+ ExecStop = pkgs.writers.writeDash "remove_interface" ''
+ ${pkgs.iproute2}/bin/ip link del vb-${ctr.name}
+ '';
ExecStartPost = [
(pkgs.writers.writeDash "bind-to-bridge" ''
${pkgs.iproute2}/bin/ip link set "vb-$INSTANCE" master ctr0
@@ -294,9 +299,6 @@ in {
(lib.mkIf (cfg.containers != {}) {
# networking
- # needed because otherwise we lose local dns
- environment.etc."resolv.conf".source = lib.mkForce "/run/systemd/resolve/resolv.conf";
-
boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkForce 1;
systemd.network.networks.ctr0 = {
name = "ctr0";
@@ -309,6 +311,9 @@ in {
ConfigureWithoutCarrier = true;
DHCPServer = "yes";
};
+ dhcpServerConfig = {
+ DNS = "9.9.9.9";
+ };
};
systemd.network.netdevs.ctr0.netdevConfig = {
Kind = "bridge";
@@ -341,6 +346,12 @@ in {
networking.useHostResolvConf = false;
networking.useNetworkd = true;
+ services.resolved = {
+ enable = true;
+ extraConfig = ''
+ Domains=~.
+ '';
+ };
systemd.network = {
enable = true;
networks.eth0 = {
diff --git a/krebs/6assets/krebsAcmeCA.crt b/krebs/6assets/krebsAcmeCA.crt
index bf05b44f4..6f659d905 100644
--- a/krebs/6assets/krebsAcmeCA.crt
+++ b/krebs/6assets/krebsAcmeCA.crt
@@ -1,15 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICWTCCAcKgAwIBAgIQIpBt0MsRpYd8LWNdb9MfITANBgkqhkiG9w0BAQsFADCB
-gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
-YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
-hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMjEyMDYxODI2
-MDhaFw0yMzEyMDYxODI2MDhaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAAT4KuemY4BowAbFjzCvi+PthBTWCtewnAbr
-qDSlA602QcuQVmqa1/3TaYag7KNDgeg5eshMRI9GN/boKTpgcLeZo4GAMH4wDgYD
-VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJYxArnj
-SEArwloaM5blBymFmcL2MB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv
-MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEAekCt
-XrKwanrcy6+k3YfXWGiMJ47Ys7Mfa5UfIs7QiXv74MgtklLsX63D27hKn5rd7wk4
-20wXLMhb8ofrKnO4mt0VFRSGm9/cq9N/c/uuf4hMzhAJmusgkn02GG+cafqZ9ab9
-MjLmveT9WHphmgQTnJPEeYP2U2faHKIp6Gwv5qc=
+MIICWjCCAcOgAwIBAgIRAOACUgvw++4VwgQ7Iu1/iRkwDQYJKoZIhvcNAQELBQAw
+gYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3MxEDAOBgNVBAoMB0ty
+ZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBSb290IENBMScwJQYJ
+KoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUwHhcNMjMxMjA2MjAy
+NTI1WhcNMjQxMjA1MjAyNTI1WjAYMRYwFAYDVQQDEw1LcmVicyBBQ01FIENBMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESHiqfjJYhLvY9pBWVi5gwDmZQ65F5KGV
+GSkOprlw4TJguHr6ToSC9MErHhDb80kyidcjWDi2WTJX1zg/OmTv2qOBgDB+MA4G
+A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTSCUQO
+B5ICY1kqFPQ299+Kn6zr8TAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGV
+LzAYBgNVHR4BAf8EDjAMoAowA4IBcjADggF3MA0GCSqGSIb3DQEBCwUAA4GBAMY3
+hXVyUAYfNw+sb5NLZKkp5/Uu9ehcmVJV/CkWm5BKyEFsdCJ3PL5rnpockxNrOTy1
+/y0IWZ4UaV2jqVibKOTt3FWax1BHXuTBMSirAIKYdUnT969KTTs0atrDYYh1bBzy
+YIxiIU+Be343LFI5HTNewAyK2SYUO0QP0BkGUUGD
-----END CERTIFICATE-----
diff --git a/krebs/krops.nix b/krebs/krops.nix
index aeb2413a4..eba966b4f 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -10,8 +10,8 @@
krebs-source = { test ? false }: rec {
nixpkgs = if test then {
derivation = let
- rev = (lib.importJSON ./nixpkgs.json).rev;
- sha256 = (lib.importJSON ./nixpkgs.json).sha256;
+ rev = (lib.importJSON ../flake.lock).nodes.nixpkgs.locked.rev;
+ sha256 = (lib.importJSON ../flake.lock).nodes.nixpkgs.locked.narHash;
in ''
with import (builtins.fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
@@ -26,8 +26,8 @@
'';
} else {
git = {
- ref = (lib.importJSON ./nixpkgs.json).rev;
- url = https://github.com/NixOS/nixpkgs;
+ ref = (lib.importJSON ../flake.lock).nodes.nixpkgs.locked.rev;
+ url = "https://github.com/NixOS/nixpkgs";
shallow = true;
};
};
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
deleted file mode 100644
index 2233cd20b..000000000
--- a/krebs/nixpkgs-unstable.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "url": "https://github.com/NixOS/nixpkgs",
- "rev": "aa8aa7e2ea35ce655297e8322dc82bf77a31d04b",
- "date": "2023-09-01T18:51:16+08:00",
- "path": "/nix/store/10xskkarnksmn1fahylswv0y4216c73w-nixpkgs",
- "sha256": "0bbv3y86kfpn02zh5vvdbkmnqyzagzbc1gzpvvlb6qbvgg639bf9",
- "hash": "sha256-ya00zHt7YbPo3ve/wNZ/6nts61xt7wK/APa6aZAfey0=",
- "fetchLFS": false,
- "fetchSubmodules": false,
- "deepClone": false,
- "leaveDotGit": false
-}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
deleted file mode 100644
index 0b6021ed0..000000000
--- a/krebs/nixpkgs.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "url": "https://github.com/NixOS/nixpkgs",
- "rev": "9075cba53e86dc318d159aee55dc9a7c9a4829c1",
- "date": "2023-09-02T08:28:47+02:00",
- "path": "/nix/store/605bv7zssv38j0ii8rbnxkv1m0f0b53p-nixpkgs",
- "sha256": "0kymzp32d31c0hny2b2f7zfn49nzrxlm963xbm4v0axka6abym36",
- "hash": "sha256-ZlS/lFGzK7BJXX2YVGnP3yZi3T9OLOEtBCyMJsb91U8=",
- "fetchLFS": false,
- "fetchSubmodules": false,
- "deepClone": false,
- "leaveDotGit": false
-}
diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh
deleted file mode 100755
index ab04914c1..000000000
--- a/krebs/update-nixpkgs-unstable.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-dir=$(dirname $0)
-oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
- --url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-unstable' \
-> $dir/nixpkgs-unstable.json
-newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-git commit $dir/nixpkgs-unstable.json -m "nixpkgs-unstable: $oldrev -> $newrev"
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
deleted file mode 100755
index 465548f44..000000000
--- a/krebs/update-nixpkgs.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-dir=$(dirname $0)
-oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
- --url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-23.05' \
-> $dir/nixpkgs.json
-newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
diff --git a/lib/pure.nix b/lib/pure.nix
index 3329db022..3fe51cd54 100644
--- a/lib/pure.nix
+++ b/lib/pure.nix
@@ -23,7 +23,6 @@ let
git = import ./git.nix { inherit (stockholm) lib; };
haskell = import ./haskell.nix { inherit (stockholm) lib; };
krebs = import ./krebs stockholm.lib;
- krops = import ../submodules/krops/lib;
shell = import ./shell.nix { inherit (stockholm) lib; };
systemd = {
encodeName = replaceStrings ["/"] ["\\x2f"];
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 08:55:52 +0000