diff options
| author | jeschli <jeschli@gmail.com> | 2018-07-09 14:31:18 +0200 |
|---|---|---|
| committer | jeschli <jeschli@gmail.com> | 2018-07-09 14:31:18 +0200 |
| commit | d1c6baf00e98a0229fc7fd96874623efc8417b05 (patch) | |
| tree | eaba9481ed208af1086690a9c07ca948b047389a | |
| parent | b439342e7533e3f695db8a46576c54d180f56a58 (diff) | |
| parent | d6df7ae483b984b90bdc8d4540301ef394885a98 (diff) | |
Merge remote-tracking branch 'origin/staging/jeschli'
66 files changed, 838 insertions, 409 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000..c96fec739 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "submodules/nix-writers"] + path = submodules/nix-writers + url = http://cgit.krebsco.de/nix-writers diff --git a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix index fa03fd4d4..5aa3c2f96 100644 --- a/jeschli/5pkgs/simple/xmonad-jeschli/default.nix +++ b/jeschli/5pkgs/simple/xmonad-jeschli/default.nix @@ -1,5 +1,5 @@ { pkgs, ... }: -pkgs.writeHaskell "xmonad-jeschli" { +pkgs.writeHaskellPackage "xmonad-jeschli" { executables.xmonad = { extra-depends = [ "containers" diff --git a/jeschli/source.nix b/jeschli/source.nix index 29cf9d818..fc1413ee4 100644 --- a/jeschli/source.nix +++ b/jeschli/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in diff --git a/krebs/1systems/onebutton/config.nix b/krebs/1systems/onebutton/config.nix index dca00a206..b87aef5a3 100644 --- a/krebs/1systems/onebutton/config.nix +++ b/krebs/1systems/onebutton/config.nix @@ -16,6 +16,36 @@ services.nixosManual.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; } + { + systemd.services.mpc-booter = let + mpc = "${pkgs.mpc_cli}/bin/mpc -h mpd.shack -p 6600"; + url = "http://lassul.us:8000/radio.ogg"; + say = pkgs.writeDash "say" '' + tmpfile=$(${pkgs.coreutils}/bin/mktemp) + echo "$@" > $tmpfile + ${pkgs.curl}/bin/curl -i -H "content-type: text/plain" -X POST -d "@$tmpfile" gobbelz.shack/say/ + rm "$tmpfile" + ''; + in { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + RemainAfterExit = "yes"; + Type = "oneshot"; + ExecStart = pkgs.writeDash "mpc-boot" '' + until ${mpc} stats;do + echo "waiting for mpd.shack to appear" + sleep 1 + done + ${say} "Willkommen im Shack wertes Mitglied" + + ${say} "Lassulus Super Radio wurde gestartet" + ${mpc} add ${url} + ${mpc} play + ''; + }; + }; + } ]; krebs.build.host = config.krebs.hosts.onebutton; # NixOS wants to enable GRUB by default diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix index 8f25881c9..6842bfaab 100644 --- a/krebs/1systems/onebutton/source.nix +++ b/krebs/1systems/onebutton/source.nix @@ -4,7 +4,7 @@ let nixpkgs = pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; - rev = "6c064e6b"; # only binary cache for unstable arm6 + rev = "nixos-unstable"; # only binary cache for unstable arm6 sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; }; in import <stockholm/krebs/source.nix> { diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 04b1c999f..62a5f9ab5 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -63,6 +63,7 @@ in grab_repo = steps.Git( repourl=stockholm_repo, mode='full', + submodules=True, ) ''; builder = { diff --git a/krebs/2configs/reaktor-krebs.nix b/krebs/2configs/reaktor-krebs.nix index fa51b84f0..d80fd0eb1 100644 --- a/krebs/2configs/reaktor-krebs.nix +++ b/krebs/2configs/reaktor-krebs.nix @@ -13,6 +13,7 @@ with import <stockholm/lib>; }; plugins = with pkgs.ReaktorPlugins; [ sed-plugin + taskwarrior ] ++ (attrValues (todo "agenda")) ; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index ba0924681..5ae24b40b 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -484,7 +484,7 @@ let reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules)); - # TODO use `writeOut` + # TODO use pkgs.write (from nix-writers) scriptFarm = farm-name: scripts: let diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index a938f8ec9..e6eb3d287 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -174,5 +174,8 @@ in { mail = "spam@krebsco.de"; pubkey = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwuAZB3wtAvBJFYh+gWdyGaZU4mtqM2dFXmh2rORlbXeh02msu1uv07ck1VKkQ4LgvCBcBsAOeVa1NTz99eLqutwgcqMCytvRNUCibcoEWwHObsK53KhDJj+zotwlFhnPPeK9+EpOP4ngh/tprJikttos5BwBwe2K+lfiid3fmVPZcTTYa77nCwijimMvWEx6CEjq1wiXMUc4+qcEn8Swbwomz/EEQdNE2hgoC3iMW9RqduTFdIJWnjVi0KaxenX9CvQRGbVK5SSu2gwzN59D/okQOCP6+p1gL5r3QRHSLSSRiEHctVQTkpKOifrtLZGSr5zArEmLd/cOVyssHQPCX repo-sync@wolf''; }; + buildbotSlave = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7cre2crQMI6O4XtIfIiGl1GUqIi060fJlOQJgG0/NH"; + }; }; } diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index fd74983fa..e2322e171 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -66,6 +66,7 @@ with import <stockholm/lib>; ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d7a750c6e..c5404f96d 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -520,6 +520,38 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; + nextgum = rec { + ci = true; + cores = 8; + nets = rec { + internet = { + ip4.addr = "144.76.26.247"; + ip6.addr = "2a01:4f8:191:12f6::2"; + aliases = [ + "nextgum.i" + ]; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.0.213"; + ip6.addr = "42:f9f0:0000:0000:0000:0000:0000:70d3"; + aliases = [ + "nextgum.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAucCebFmS96WorD+Br4UQudmAhMlLpacErjwA/u2argBTT2nGHTR8 + aN4e0xf3IYLA+iogLIW/JuQfKLe8evEK21iZ3jleW8N7mbCulhasi/0lqWlirrpO + npJAiSNF1m7ijoylkEKxtmehze+8ojprUT2hx1ImMlHMWGxvs+TmBbZBMgxAGMJh + 6cMMDJQi+4d9XrJQ3+XUVK3MkviLA91oIAXsLdFptL6b12siUaz4StQXDJUHemBF + 3ZwlO+W2Es69ifEhmV6NaDDRcSRdChGbHTz1OU8wYaFNaxWla/iprQQ+jEUldpcN + VC18QGYRUAgZ0PCIpKurjWNehJFB3zXt+wIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; + }; gum = rec { ci = true; diff --git a/krebs/5pkgs/simple/Reaktor/plugins.nix b/krebs/5pkgs/simple/Reaktor/plugins.nix index c39e39799..7573c9256 100644 --- a/krebs/5pkgs/simple/Reaktor/plugins.nix +++ b/krebs/5pkgs/simple/Reaktor/plugins.nix @@ -120,7 +120,7 @@ rec { url-title = (buildSimpleReaktorPlugin "url-title" { pattern = "^.*(?P<args>http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+).*$$"; path = with pkgs; [ curl perl ]; - script = pkgs.writePython3 [ "beautifulsoup4" "lxml" ] "url-title" '' + script = pkgs.writePython3 "url-title" [ "beautifulsoup4" "lxml" ] '' import sys import urllib.request from bs4 import BeautifulSoup @@ -141,6 +141,19 @@ rec { ''; }); + taskwarrior = buildSimpleReaktorPlugin "task" { + pattern = "^task: (?P<args>.*)$$"; + script = let + taskrc = "$HOME/.taskrc"; + in + pkgs.writeDash "task-wrapper" '' + if [ -f ${taskrc} ] ; then + touch ${taskrc} + fi + ${pkgs.taskwarrior}/bin/task "$*" + ''; + }; + todo = name: { add = buildSimpleReaktorPlugin "${name}-add" { pattern = "^${name}-add: (?P<args>.*)$$"; diff --git a/krebs/5pkgs/simple/brain/default.nix b/krebs/5pkgs/simple/brain/default.nix index e69b44f0f..9b125862b 100644 --- a/krebs/5pkgs/simple/brain/default.nix +++ b/krebs/5pkgs/simple/brain/default.nix @@ -1,6 +1,6 @@ -{ pass, writeOut, writeDash, ... }: +{ pass, write, writeDash, ... }: -writeOut "brain" { +write "brain" { "/bin/brain".link = writeDash "brain" '' PASSWORD_STORE_DIR=$HOME/brain \ exec ${pass}/bin/pass $@ diff --git a/krebs/5pkgs/simple/cholerab/default.nix b/krebs/5pkgs/simple/cholerab/default.nix new file mode 100644 index 000000000..94514fe44 --- /dev/null +++ b/krebs/5pkgs/simple/cholerab/default.nix @@ -0,0 +1,7 @@ +{ fetchgit, callPackage }: let + src = fetchgit { + url = "https://github.com/krebs/cholerab"; + rev = "25d7ef051d6fc74d99b155e768b3c650296a230c"; + sha256 = "1pymw7v2ql42iq825ccx98s4fp9jsz5b2hjr1qad6bamfc6i7yy9"; + }; +in callPackage src {} diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix index c2e83c9f4..ab7d6e651 100644 --- a/krebs/5pkgs/simple/ftb/default.nix +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl , jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm , openjdk -, mesa, openal +, mesa_glu, openal , useAlsa ? false, alsaOss ? null }: with stdenv.lib; @@ -26,7 +26,7 @@ stdenv.mkDerivation { #!${stdenv.shell} export _JAVA_AWT_WM_NONREPARENTING=1 - export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa openal ]} + export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa_glu openal ]} ${if useAlsa then "${alsaOss}/bin/aoss" else "" } \ ${jre}/bin/java -jar $out/ftb.jar EOF diff --git a/krebs/5pkgs/simple/pass/default.nix b/krebs/5pkgs/simple/pass/default.nix index 3b6928087..c2fe0e1d7 100644 --- a/krebs/5pkgs/simple/pass/default.nix +++ b/krebs/5pkgs/simple/pass/default.nix @@ -35,12 +35,12 @@ let ); in stdenv.mkDerivation rec { - version = "1.7.1"; - name = "pass-${version}"; + version = "1.7.2"; + name = "password-store-${version}"; src = fetchurl { url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz"; - sha256 = "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn"; + sha256 = "1sl0d7nc85c6c2bmmmyb8rpmn47vhkj831l153mjlkawjvhwas27"; }; patches = [ ./set-correct-program-name-for-sleep.patch diff --git a/krebs/5pkgs/simple/stockholm/default.nix b/krebs/5pkgs/simple/stockholm/default.nix index 9afe79510..c973386d6 100644 --- a/krebs/5pkgs/simple/stockholm/default.nix +++ b/krebs/5pkgs/simple/stockholm/default.nix @@ -225,6 +225,6 @@ in - pkgs.writeOut "stockholm" (lib.mapAttrs' (name: link: + pkgs.write "stockholm" (lib.mapAttrs' (name: link: lib.nameValuePair "/bin/${name}" { inherit link; } ) cmds) diff --git a/krebs/5pkgs/simple/thesauron/default.nix b/krebs/5pkgs/simple/thesauron/default.nix deleted file mode 100644 index d543319f2..000000000 --- a/krebs/5pkgs/simple/thesauron/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ fetchgit, callPackage }: let - src = fetchgit { - url = "https://github.com/krebs/thesauron"; - rev = "8ac22588cf2c20465e3c9348e7ce04885599c2a5"; - "sha256"= "1ivkjl235dnm5aaqqvarnxkz7zh0gvah22b0fqwlsflrcd5wmgva"; - }; -in callPackage src {} diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix deleted file mode 100644 index 1939bf854..000000000 --- a/krebs/5pkgs/writers.nix +++ /dev/null @@ -1,318 +0,0 @@ -pkgs: oldpkgs: -with import <stockholm/lib>; - { - execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let - in pkgs.writeC name { inherit destination; } /* c */ '' - #include <unistd.h> - - static char *const filename = ${toC filename}; - - ${if argv == null - then /* Propagate arguments */ /* c */ '' - #define MAIN_ARGS int argc, char **argv - '' - else /* Provide fixed arguments */ /* c */ '' - #define MAIN_ARGS void - static char *const argv[] = ${toC (argv ++ [null])}; - ''} - - static char *const envp[] = ${toC ( - mapAttrsToList (k: v: "${k}=${v}") envp ++ [null] - )}; - - int main (MAIN_ARGS) { - execve(filename, argv, envp); - return -1; - } - ''; - - execveBin = name: cfg: - pkgs.execve name (cfg // { destination = "/bin/${name}"; }); - - makeScriptWriter = { interpreter, check ? null }: name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - inherit check; - executable = true; - text = "#! ${interpreter}\n${text}"; - }; - }; - - writeBash = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - executable = true; - text = "#! ${pkgs.bash}/bin/bash\n${text}"; - }; - }; - - writeBashBin = name: - assert types.filename.check name; - pkgs.writeBash "/bin/${name}"; - - writeC = name: { destination ? "" }: text: pkgs.runCommand name { - inherit text; - passAsFile = [ "text" ]; - } /* sh */ '' - PATH=${makeBinPath (with pkgs; [ - # TODO remove if everyone migrated to 18.03 - (if hasAttr "binutils-unwrapped" pkgs then binutils-unwrapped else binutils) - coreutils - gcc - ])} - exe=$out${destination} - mkdir -p "$(dirname "$exe")" - gcc -O -Wall -o "$exe" -x c "$textPath" - strip --strip-unneeded "$exe" - ''; - - writeDash = pkgs.makeScriptWriter { - interpreter = "${pkgs.dash}/bin/dash"; - }; - - writeDashBin = name: - assert types.filename.check name; - pkgs.writeDash "/bin/${name}"; - - writeEximConfig = name: text: pkgs.runCommand name { - inherit text; - passAsFile = [ "text" ]; - } /* sh */ '' - # TODO validate exim config even with config.nix.useChroot == true - # currently doing so will fail because "user exim was not found" - #${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null - mv "$textPath" $out - ''; - - writeOut = name: specs0: - let - writers.link = - { path - , link - }: - assert path == "" || types.absolute-pathname.check path; - assert types.package.check link; - { - install = /* sh */ '' - ${optionalString (path != "") /* sh */ '' - ${pkgs.coreutils}/bin/mkdir -p $out${dirOf path} - ''} - ${pkgs.coreutils}/bin/ln -s ${link} $out${path} - ''; - }; - - writers.text = - { path - , check ? null - , executable ? false - , mode ? if executable then "0755" else "0644" - , text - }: - assert path == "" || types.absolute-pathname.check path; - assert types.bool.check executable; - assert types.file-mode.check mode; - rec { - var = "file_${hashString "sha1" path}"; - val = text; - install = /* sh */ '' - ${optionalString (check != null) /* sh */ '' - ${check} ''$${var}Path - ''} - ${pkgs.coreutils}/bin/install \ - -m ${mode} \ - -D \ - ''$${var}Path $out${path} - ''; - }; - - write = spec: writers.${spec.type} (removeAttrs spec ["type"]); - - specs = - mapAttrsToList - (path: spec: let - known-types = [ "link" "text" ]; - found-types = attrNames (getAttrs known-types spec); - type = assert length found-types == 1; head found-types; - in spec // { inherit path type; }) - specs0; - - files = map write specs; - - filevars = genAttrs' (filter (hasAttr "var") files) - (spec: nameValuePair spec.var spec.val); - - env = filevars // { passAsFile = attrNames filevars; }; - in - # Use a subshell because <nixpkgs/stdenv/generic/setup.sh>'s genericBuild - # sources (or evaluates) the buildCommand and we don't want to modify its - # shell. In particular, exitHandler breaks in multiple ways with set -u. - pkgs.runCommand name env /* sh */ '' - ( - set -efu - ${concatMapStringsSep "\n" (getAttr "install") files} - ) - ''; - - writeHaskell = - k: - let - k' = parseDrvName k; - name = k'.name; - version = if k'.version != "" then k'.version else "0"; - in - { base-depends ? ["base"] - , executables ? {} - , ghc-options ? ["-Wall" "-O3" "-threaded" "-rtsopts"] - , haskellPackages ? pkgs.haskellPackages - , library ? null - , license ? "WTFPL" - }: - let - isExecutable = executables != {}; - isLibrary = library != null; - - cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ '' - build-type: Simple - cabal-version: >= 1.2 - name: ${name} - version: ${version} - ${concatStringsSep "\n" (mapAttrsToList exe-section executables)} - ${optionalString isLibrary (lib-section library)} - ''; - - exe-install = - exe-name: - { file ? pkgs.writeText "${name}-${exe-name}.hs" text - , relpath ? "${exe-name}.hs" - , text - , ... }: - if types.filename.check exe-name - then /* sh */ "install -D ${file} $out/${relpath}" - else throw "argument ‘exe-name’ is not a ${types.filename.name}"; - - exe-section = - exe-name: - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , file ? pkgs.writeText "${name}-${exe-name}.hs" text - , relpath ? "${exe-name}.hs" - , text - , ... }: /* cabal */ '' - executable ${exe-name} - build-depends: ${concatStringsSep "," build-depends} - ghc-options: ${toString ghc-options} - main-is: ${relpath} - ''; - - get-depends = - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , ... - }: - build-depends; - - lib-install = - { exposed-modules - , ... }: - concatStringsSep "\n" (mapAttrsToList mod-install exposed-modules); - - lib-section = - { build-depends ? base-depends ++ extra-depends - , extra-depends ? [] - , exposed-modules - , ... }: /* cabal */ '' - library - build-depends: ${concatStringsSep "," build-depends} - ghc-options: ${toString ghc-options} - exposed-modules: ${concatStringsSep "," (attrNames exposed-modules)} - ''; - - mod-install = - mod-name: - { file ? pkgs.writeText "${name}-${mod-name}.hs" text - , relpath ? "${replaceStrings ["."] ["/"] mod-name}.hs" - , text - , ... }: - if types.haskell.modid.check mod-name - then /* sh */ "install -D ${file} $out/${relpath}" - else throw "argument ‘mod-name’ is not a ${types.haskell.modid.name}"; - in - haskellPackages.mkDerivation { - inherit isExecutable isLibrary license version; - executableHaskellDepends = - attrVals - (concatMap get-depends (attrValues executables)) - haskellPackages; - libraryHaskellDepends = - attrVals - (optionals isLibrary (get-depends library)) - haskellPackages; - pname = name; - src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ '' - install -D ${cabal-file} $out/${cabal-file.name} - ${optionalString isLibrary (lib-install library)} - ${concatStringsSep "\n" (mapAttrsToList exe-install executables)} - ''; - }; - - writeJq = name: text: - assert (with types; either absolute-pathname filename).check name; - pkgs.writeOut (baseNameOf name) { - ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "jqcheck.sh" '' - exec ${pkgs.jq}/bin/jq -f "$1" < /dev/null - ''; - inherit text; - }; - }; - - writeJSON = name: value: pkgs.runCommand name { - json = toJSON value; - passAsFile = [ "json" ]; - } /* sh */ '' - ${pkgs.jq}/bin/jq . "$jsonPath" > "$out" - ''; - - writeNixFromCabal = - trace (toString [ - "The function `writeNixFromCabal` has been deprecated in favour of" - "`writeHaskell`." - ]) - (name: path: pkgs.runCommand name {} /* sh */ '' - ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out - ''); - - writePython2 = deps: - let - py = pkgs.python2.withPackages(ps: attrVals deps ps); - in - pkgs.makeScriptWriter { - interpreter = "${py}/bin/python"; - check = pkgs.writeDash "python2check.sh" '' - exec ${pkgs.python2Packages.flake8}/bin/flake8 --show-source "$1" - ''; - }; - - writePython2Bin = d: name: - pkgs.writePython2 d "/bin/${name}"; - - writePython3 = deps: - let - py = pkgs.python3.withPackages(ps: attrVals deps ps); - in - pkgs.makeScriptWriter { - interpreter = "${py}/bin/python"; - check = pkgs.writeDash "python3check.sh" '' - exec ${pkgs.python3Packages.flake8}/bin/flake8 --show-source "$1" - ''; - }; - - writePython3Bin = d: name: - pkgs.writePython3 d "/bin/${name}"; - - writeSed = pkgs.makeScriptWriter { - interpreter = "${pkgs.gnused}/bin/sed -f"; - }; - } diff --git a/krebs/default.nix b/krebs/default.nix index 55bf66f77..d99f60aaa 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -3,6 +3,10 @@ with import <stockholm/lib>; { imports = [ ./3modules + { + nixpkgs.config.packageOverrides = + import ../submodules/nix-writers/pkgs pkgs; + } ]; nixpkgs.config.packageOverrides = import ./5pkgs pkgs; } diff --git a/krebs/krops.nix b/krebs/krops.nix index 97cd6a939..6a8a05726 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -12,7 +12,7 @@ krebs-source = { nixpkgs.git = { - ref = "7295e175bf6c6e8aa54f1b4d99256ee95d13d385"; + ref = "91b286c8935b8c5df4a99302715200d3bd561977"; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; diff --git a/krebs/source.nix b/krebs/source.nix index 2aaa27b2b..5b86e89c6 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in diff --git a/lass/1systems/cabal/config.nix b/lass/1systems/cabal/config.nix index 64c179e67..6a8040c9d 100644 --- a/lass/1systems/cabal/config.nix +++ b/lass/1systems/cabal/config.nix @@ -8,11 +8,6 @@ <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/exim-retiolum.nix> <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/browsers.nix> - <stockholm/lass/2configs/programs.nix> - <stockholm/lass/2configs/fetchWallpaper.nix> - <stockholm/lass/2configs/games.nix> - <stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/AP.nix> <stockholm/lass/2configs/blue-host.nix> ]; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 97e69146e..065ab2396 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -29,6 +29,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/c-base.nix> <stockholm/lass/2configs/br.nix> <stockholm/lass/2configs/ableton.nix> + <stockholm/lass/2configs/starcraft.nix> <stockholm/lass/2configs/dunst.nix> <stockholm/lass/2configs/rtl-sdr.nix> <stockholm/lass/2configs/backup.nix> @@ -179,4 +180,9 @@ with import <stockholm/lib>; }; }); virtualisation.libvirtd.enable = true; + + services.earlyoom = { + enable = true; + freeMemThreshold = 5; + }; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 9a0bb49e9..2626ebf33 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -195,6 +195,16 @@ with import <stockholm/lib>; jeschli-bolide jeschli-brauerei ]; + repo = [ config.krebs.git.repos.xmonad-stockholm ]; + perm = with git; push "refs/heads/jeschli*" [ fast-forward non-fast-forward create delete merge ]; + } + { + user = with config.krebs.users; [ + jeschli + jeschli-bln + jeschli-bolide + jeschli-brauerei + ]; repo = [ config.krebs.git.repos.stockholm ]; perm = with git; push "refs/heads/staging/jeschli*" [ fast-forward non-fast-forward create delete merge ]; } @@ -281,6 +291,18 @@ with import <stockholm/lib>; ]; } { + services.nginx = { + enable = true; + virtualHosts."radio.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:8000; + ''; + }; + }; + } + { lass.nichtparasoup.enable = true; services.nginx = { enable = true; @@ -341,6 +363,14 @@ with import <stockholm/lib>; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} ]; } + { + services.murmur.enable = true; + services.murmur.registerName = "lassul.us"; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + ]; + + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index afdefaa45..7d04827f0 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -71,8 +71,10 @@ in { ag bank cabal2nix + cholerab dic dmenu + font-size gi gitAndTools.qgit git-preview @@ -81,6 +83,7 @@ in { mpv-poll much ncdu + nix-index nix-repl nmap pavucontrol @@ -91,7 +94,6 @@ in { sxiv taskwarrior termite - thesauron timewarrior xclip xephyrify diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 657234bc1..83c235f3e 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -5,6 +5,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass/2configs/container-networking.nix> ]; + systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { environment.systemPackages = [ pkgs.git ]; diff --git a/lass/2configs/dcso-dev.nix b/lass/2configs/dcso-dev.nix index b985b67b3..0996d21c1 100644 --- a/lass/2configs/dcso-dev.nix +++ b/lass/2configs/dcso-dev.nix @@ -9,7 +9,7 @@ in { dev = { name = "dev"; uid = genid "dev"; - extraGroups = [ "docker" ]; + extraGroups = [ "docker" "vboxusers" ]; description = "user for collaborative development"; home = "/home/dev"; useDefaultShell = true; @@ -54,10 +54,13 @@ in { krebs.per-user.dev.packages = [ pkgs.go ]; + environment.variables.GOPATH = "$HOME/go"; security.sudo.extraConfig = '' ${mainUser.name} ALL=(dev) NOPASSWD: ALL ''; - services.minio.enable = true; + networking.interfaces.et0.ipv4.addresses = [ + { address = "10.99.23.1"; prefixLength = 24; } + ]; } diff --git a/lass/2configs/dunst.nix b/lass/2configs/dunst.nix index 6d3d839bc..18a22e1da 100644 --- a/lass/2configs/dunst.nix +++ b/lass/2configs/dunst.nix @@ -188,21 +188,21 @@ let foreground = "#3B7C87" background = "#191311" #background = "#2B313C" - timeout = 0 + timeout = 1 [urgency_normal] frame_color = "#5B8234" foreground = "#5B8234" background = "#191311" #background = "#2B313C" - timeout = 0 + timeout = 1 [urgency_critical] frame_color = "#B7472A" foreground = "#B7472A" background = "#191311" #background = "#2B313C" - timeout = 0 + timeout = 1 # Every section that isn't one of the above is interpreted as a rules to diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 72cfd5e75..707796dd9 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -61,6 +61,10 @@ let cgit.desc = "krebs deployment"; cgit.section = "software"; }; + xmonad-stockholm = { + cgit.desc = "krebs xmonad modules"; + cgit.section = "configuration"; + }; } // mapAttrs make-public-repo-silent { nixos-aws = { collaborators = [ { diff --git a/lass/2configs/logf.nix b/lass/2configs/logf.nix index 24b806efa..f141a94f5 100644 --- a/lass/2configs/logf.nix +++ b/lass/2configs/logf.nix @@ -11,7 +11,7 @@ let cloudkrebs = "119"; }; urgent = [ - "\\blass@mors\\b" + "\\blass@blue\\b" ]; in { environment.systemPackages = [ diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix index 3bd1852a8..eb457b7d3 100644 --- a/lass/2configs/mc.nix +++ b/lass/2configs/mc.nix @@ -326,7 +326,7 @@ in { name = "mc"; paths = [ (pkgs.writeDashBin "mc" '' - export MC_DATADIR=${pkgs.writeOut "mc-ext" { + export MC_DATADIR=${pkgs.write "mc-ext" { "/mc.ext".link = mcExt; "/sfs.ini".text = ""; }}; diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 5a39f7115..86877df7a 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -65,7 +65,7 @@ with import <stockholm/lib>; }) (buildSimpleReaktorPlugin "random-unicorn-porn" { pattern = "^!rup$$"; - script = pkgs.writePython2 [] "rup" '' + script = pkgs.writePython2 "rup" [] '' t1 = """ _. ;=',_ () @@ -100,6 +100,12 @@ with import <stockholm/lib>; exec echo 'DID SOMEBODY SAY BLOCKCHAIN? https://paste.krebsco.de/r99pMoQq/+inline' ''; }) + (buildSimpleReaktorPlugin "shrug" { + pattern = "^!shrug$"; + script = pkgs.writeDash "shrug" '' + exec echo '¯\_(ツ)_/¯' + ''; + }) ]; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 615f5a728..6a07172fe 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -27,6 +27,7 @@ let user = with config.krebs.users; [ config.krebs.users."${config.networking.hostName}-repo-sync" lass + lass-mors lass-shodan ]; repo = [ repo ]; @@ -136,5 +137,6 @@ in { (sync-retiolum "stockholm") (sync-retiolum "wai-middleware-time") (sync-retiolum "xmonad-stockholm") + (sync-retiolum "nix-writers") ]; } diff --git a/lass/2configs/starcraft.nix b/lass/2configs/starcraft.nix new file mode 100644 index 000000000..742b877e8 --- /dev/null +++ b/lass/2configs/starcraft.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: let + mainUser = config.users.extraUsers.mainUser; + newWine = pkgs.wineStaging; + #newWine = pkgs.wineStaging.overrideAttrs (old: { + # name = "wine-3.7"; + # buildInputs = old.buildInputs ++ [ + # pkgs.libuuid.bin + # pkgs.autoconf.out + # ]; + # src = pkgs.fetchurl { + # url = "https://dl.winehq.org/wine/source/3.x/wine-3.7.tar.xz"; + # sha256 = "1drbzk3y0m14lkq3vzwwkvain5shykgcbmyzh6gcb5r4sxh3givn"; + # }; + # postPatch = old.postPatch or "" + '' + # patchShebangs tools + # cp -r ${pkgs.fetchFromGitHub { + # sha256 = "0kam73jqhah7bzji5csxxhhfdp6byhzpcph6xnzjqz2aic5xk7xi"; + # owner = "wine-staging"; + # repo = "wine-staging"; + # rev = "v3.7"; + # }}/patches . + # chmod +w patches + # cd patches + # patchShebangs gitapply.sh + # ./patchinstall.sh DESTDIR="$PWD/.." --all + # cd .. + # ''; + + #}); + #newWine = (import (builtins.fetchGit { + # url = "https://github.com/NixOS/nixpkgs"; + # rev = "696c6bed4e8e2d9fd9b956dea7e5d49531e9d13f"; + #}) {}).wineStaging; +in { + users.users= { + starcraft = { + isNormalUser = true; + extraGroups = [ + "audio" + "video" + ]; + packages = [ + newWine + pkgs.winetricks + pkgs.mpg123 + ]; + }; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(starcraft) NOPASSWD: ALL + ''; +} + diff --git a/lass/2configs/urxvt.nix b/lass/2configs/urxvt.nix index fc4537140..90d28d650 100644 --- a/lass/2configs/urxvt.nix +++ b/lass/2configs/urxvt.nix @@ -5,7 +5,7 @@ with import <stockholm/lib>; services.urxvtd.enable = true; krebs.xresources.resources.urxvt = '' - URxvt*SaveLines: 4096 + URxvt*SaveLines: 1000000 URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select @@ -19,6 +19,12 @@ with import <stockholm/lib>; URxvt.keysym.M-Escape: perl:keyboard-select:activate URxvt.keysym.M-s: perl:keyboard-select:search + URxvt.keysym.M-F1: command:\033]710;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007\033]711;-*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1\007 + URxvt.keysym.M-F2: command:\033]710;xft:Monospace:size=15\007\033]711;xft:Monospace:size=15:bold\007 + URxvt.keysym.M-F3: command:\033]710;xft:Monospace:size=20\007\033]711;xft:Monospace:size=20:bold\007 + URxvt.keysym.M-F4: command:\033]710;xft:Monospace:size=25\007\033]711;xft:Monospace:size=25:bold\007 + URxvt.keysym.M-F5: command:\033]710;xft:Monospace:size=30\007\033]711;xft:Monospace:size=30:bold\007 + URxvt.intensityStyles: false URxvt*background: #000000 diff --git a/lass/2configs/virtualbox.nix b/lass/2configs/virtualbox.nix index 8171def2d..cfb835d78 100644 --- a/lass/2configs/virtualbox.nix +++ b/lass/2configs/virtualbox.nix @@ -15,7 +15,7 @@ in { description = "user for running VirtualBox"; home = "/home/virtual"; useDefaultShell = true; - extraGroups = [ "vboxusers" "audio" ]; + extraGroups = [ "vboxusers" "audio" "video" ]; createHome = true; }; }; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 53f1eea5c..f60a66952 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -66,6 +66,22 @@ in { locations."/tinc".extraConfig = '' alias ${config.krebs.tinc_graphs.workingDir}/external; ''; + locations."/urlaubyay2018".extraConfig = '' + autoindex on; + alias /srv/http/lassul.us-media/india2018; + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' + paolo:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 + ''}; + ''; + locations."/heilstadt".extraConfig = '' + autoindex on; + alias /srv/http/lassul.us-media/grabowsee2018; + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "pics-user-pass" '' + c-base:$apr1$aQ6mYNR3$ho.aJ7icqSO.y.xKo3GQf0 + ''}; + ''; # TODO make this work! locations."= /ddate".extraConfig = let script = pkgs.writeBash "test" '' diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 816449c14..a807f7160 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -194,7 +194,7 @@ rec { in { services.nginx.virtualHosts."${domain}" = { enableACME = true; - addSSL = true; + forceSSL = true; serverAliases = domains; extraConfig = '' root /srv/http/${domain}/; diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index dd82b34eb..71a5cdda9 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -17,6 +17,7 @@ in { createHome = true; packages = [ pkgs.wine + pkgs.winetricks ]; }; }; diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index fc9e63e31..cb2890969 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -45,7 +45,7 @@ "pwstore-fast" "bytestring" ]; - body = pkgs.writeHaskell "passwords" { + body = pkgs.writeHaskellPackage "passwords" { executables.verify_pam = { extra-depends = deps; text = '' diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 325ebcc99..8f5f05bc2 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -41,10 +41,14 @@ with import <stockholm/lib>; type = types.path; default = pkgs.writeScript "echo_lol" "echo lol"; }; + vglrun = mkOption { + type = types.bool; + default = false; + }; wm = mkOption { #TODO find type type = types.string; - default = "${pkgs.writeHaskell "xephyrify-xmonad" { + default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" @@ -116,9 +120,11 @@ with import <stockholm/lib>; ${pkgs.coreutils}/bin/kill $WM_PID ${pkgs.coreutils}/bin/kill $XEPHYR_PID ''; - sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' + sudo_ = pkgs.writeDash "${cfg.name}-sudo" (if cfg.vglrun then '' /var/run/wrappers/bin/sudo -u ${cfg.name} -i ${vglrun_} "$@" - ''; + '' else '' + /var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" + ''); vglrun_ = pkgs.writeDash "${cfg.name}-vglrun" '' DISPLAY=:${cfg.display} ${pkgs.virtualgl}/bin/vglrun ${cfg.extraVglrunArgs} ${cfg.script} "$@" ''; diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 868c1072a..694f3c033 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -pkgs.writeHaskell "xmonad-lass" { +pkgs.writeHaskellPackage "xmonad-lass" { executables.xmonad = { extra-depends = [ "containers" @@ -48,7 +48,8 @@ import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Util.NamedWindows (getName) import XMonad.Util.Run (safeSpawn) -import XMonad.Stockholm.Shutdown +import XMonad.Stockholm.Shutdown (handleShutdownEvent, sendShutdownEvent) +import XMonad.Stockholm.Pager (defaultWindowColors, pager, MatchMethod(MatchPrefix), PagerConfig(..)) data LibNotifyUrgencyHook = LibNotifyUrgencyHook deriving (Read, Show) @@ -129,8 +130,8 @@ myKeyMap = , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) - , ("M4-v", withWorkspace autoXPConfig (windows . W.greedyView)) - , ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift)) + , ("M4-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.view) ) + , ("M4-S-v", gets windowset >>= allWorkspaceNames >>= pager pagerConfig (windows . W.shift) ) , ("M4-C-v", withWorkspace autoXPConfig (windows . copy)) , ("M4-m", withFocused minimizeWindow) @@ -183,6 +184,21 @@ infixAutoXPConfig = autoXPConfig { searchPredicate = isInfixOf } +pagerConfig :: PagerConfig +pagerConfig = def + { pc_font = myFont + , pc_cellwidth = 64 + , pc_matchmethod = MatchPrefix + , pc_windowColors = windowColors + } + where + windowColors _ _ _ True _ = ("#ef4242","#ff2323") + windowColors wsf m c u wf = do + let y = defaultWindowColors wsf m c u wf + if m == False && wf == True + then ("#402020", snd y) + else y + gridConfig :: GSConfig WorkspaceId gridConfig = def { gs_cellwidth = 100 @@ -191,6 +207,10 @@ gridConfig = def , gs_navigate = navNSearch , gs_font = myFont } + +allWorkspaceNames :: W.StackSet i l a sid sd -> X [i] +allWorkspaceNames ws = + return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws] ''; }; } diff --git a/lass/5pkgs/dpass/default.nix b/lass/5pkgs/dpass/default.nix index 7e75d50c7..c1e803bcb 100644 --- a/lass/5pkgs/dpass/default.nix +++ b/lass/5pkgs/dpass/default.nix @@ -1,6 +1,6 @@ -{ pass, writeOut, writeDash, ... }: +{ pass, write, writeDash, ... }: -writeOut "dsco-pass" { +write "dsco-pass" { "/bin/dpass".link = writeDash "dpass" '' PASSWORD_STORE_DIR=$HOME/.dpasswordstore \ exec ${pass}/bin/pass $@ diff --git a/lass/5pkgs/xephyrify/default.nix b/lass/5pkgs/xephyrify/default.nix index 8d6036843..20c546dbb 100644 --- a/lass/5pkgs/xephyrify/default.nix +++ b/lass/5pkgs/xephyrify/default.nix @@ -1,8 +1,8 @@ -{ writeDashBin, writeHaskell, coreutils, xorg, virtualgl, ... }: +{ writeDashBin, writeHaskellPackage, coreutils, xorg, virtualgl, ... }: let - xephyrify-xmonad = writeHaskell "xephyrify-xmonad" { + xephyrify-xmonad = writeHaskellPackage "xephyrify-xmonad" { executables.xmonad = { extra-depends = [ "containers" diff --git a/lass/source.nix b/lass/source.nix index e7991da2a..49f919faf 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false, override ? {} }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in diff --git a/makefu/0tests/data/secrets/nsupdate-hub.nix b/makefu/0tests/data/secrets/nsupdate-hub.nix new file mode 100644 index 000000000..e76c0e87e --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-hub.nix @@ -0,0 +1 @@ +{ "lol" = "wut"; } diff --git a/makefu/0tests/data/secrets/uhub.sql b/makefu/0tests/data/secrets/uhub.sql new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/uhub.sql diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 9b6d9d571..998ecd0fb 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -2,28 +2,13 @@ with import <stockholm/lib>; let - # hw-specific - external-mac = "2a:c5:6e:d2:fc:7f"; - main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; - external-gw = "185.194.140.1"; - # single partition, label "nixos" - # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate - - - # static external-ip = config.krebs.build.host.nets.internet.ip4.addr; - external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; - external-gw6 = "fe80::1"; - external-netmask = 22; - external-netmask6 = 64; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; - ext-if = "et0"; # gets renamed on the fly + ext-if = config.makefu.server.primary-itf; in { imports = [ <stockholm/makefu> - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + ./hardware-config.nix <stockholm/makefu/2configs/headless.nix> - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> # <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/git/cgit-retiolum.nix> @@ -49,6 +34,7 @@ in { # <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/mosh.nix> + # <stockholm/makefu/2configs/retroshare.nix> # network <stockholm/makefu/2configs/vpn/openvpn-server.nix> @@ -90,6 +76,15 @@ in { <stockholm/makefu/2configs/syncthing.nix> # <stockholm/makefu/2configs/opentracker.nix> + <stockholm/makefu/2configs/hub.nix> + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> @@ -187,7 +182,6 @@ in { ]; }; - makefu.server.primary-itf = ext-if; # access users.users = { @@ -200,6 +194,7 @@ in { weechat bepasty-client-cli get + tmux ]; services.bitlbee = { enable = true; @@ -207,15 +202,8 @@ in { }; # Hardware - boot.loader.grub.device = main-disk; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; # Network - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - boot.kernelParams = [ ]; networking = { firewall = { allowPing = true; @@ -249,19 +237,8 @@ in { 21032 ]; }; - interfaces."${ext-if}" = { - ip4 = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - ip6 = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; - }; - defaultGateway6 = external-gw6; - defaultGateway = external-gw; nameservers = [ "8.8.8.8" ]; }; - + users.users.makefu.extraGroups = [ "download" "nginx" ]; + boot.tmpOnTmpfs = true; } diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix new file mode 100644 index 000000000..a40709169 --- /dev/null +++ b/makefu/1systems/gum/hardware-config.nix @@ -0,0 +1,46 @@ +{ config, ... }: +let + external-mac = "2a:c5:6e:d2:fc:7f"; + main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; + external-gw = "185.194.140.1"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + external-ip6 = config.krebs.build.host.nets.internet.ip6.addr; + external-gw6 = "fe80::1"; + external-netmask = 22; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in { + imports = [ + <nixpkgs/nixos/modules/profiles/qemu-guest.nix> + <stockholm/makefu/2configs/fs/single-partition-ext4.nix> + ]; + + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = external-gw6; + defaultGateway = external-gw; + }; + boot.kernelParams = [ ]; + boot.loader.grub.device = main-disk; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; +} diff --git a/makefu/1systems/kexec/config.nix b/makefu/1systems/kexec/config.nix new file mode 100644 index 000000000..5bf19f978 --- /dev/null +++ b/makefu/1systems/kexec/config.nix @@ -0,0 +1,25 @@ +{ config, pkgs, lib, ... }: + +with import <stockholm/lib>; +{ + imports = [ + <stockholm/makefu> + # <stockholm/makefu/2configs/tools/core.nix> + <nixpkgs/nixos/modules/installer/netboot/netboot-minimal.nix> + <clever_kexec/kexec/kexec.nix> + ]; + # cd ~/stockholm ; nix-build '<nixpkgs/nixos>' -A config.system.build.kexec_tarball -j 4 -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso + + krebs.build.host = config.krebs.hosts.iso; + krebs.hidden-ssh.enable = true; + environment.extraInit = '' + EDITOR=vim + ''; + services.openssh = { + enable = true; + hostKeys = [ + { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + }; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; +} diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix new file mode 100644 index 000000000..e200dbfd2 --- /dev/null +++ b/makefu/1systems/kexec/source.nix @@ -0,0 +1,3 @@ +import <stockholm/makefu/source.nix> { + name="iso"; +} diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix new file mode 100644 index 000000000..a23ccf7b2 --- /dev/null +++ b/makefu/1systems/nextgum/config.nix @@ -0,0 +1,247 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + external-ip = config.krebs.build.host.nets.internet.ip4.addr; + ext-if = config.makefu.server.primary-itf; +in { + imports = [ + <stockholm/makefu> + ./hardware-config.nix + ./transfer-config.nix + <stockholm/makefu/2configs/headless.nix> + # <stockholm/makefu/2configs/smart-monitor.nix> + + # Security + <stockholm/makefu/2configs/sshd-totp.nix> + + # Tools + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/tools/dev.nix> + <stockholm/makefu/2configs/tools/sec.nix> + <stockholm/makefu/2configs/vim.nix> + <stockholm/makefu/2configs/zsh-user.nix> + <stockholm/makefu/2configs/mosh.nix> + + <stockholm/makefu/2configs/git/cgit-retiolum.nix> + <stockholm/makefu/2configs/backup.nix> + <stockholm/makefu/2configs/exim-retiolum.nix> + <stockholm/makefu/2configs/tinc/retiolum.nix> + # services + <stockholm/makefu/2configs/sabnzbd.nix> + + # sharing + <stockholm/makefu/2configs/share/gum.nix> + <stockholm/makefu/2configs/torrent.nix> + #<stockholm/makefu/2configs/retroshare.nix> + ## <stockholm/makefu/2configs/ipfs.nix> + #<stockholm/makefu/2configs/syncthing.nix> + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + # <stockholm/makefu/2configs/opentracker.nix> + + ## network + <stockholm/makefu/2configs/vpn/openvpn-server.nix> + # <stockholm/makefu/2configs/vpn/vpnws/server.nix> + <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/iodined.nix> + + ## buildbot + #<stockholm/makefu/2configs/remote-build/slave.nix> + + # Removed until move: no extra mails + # <stockholm/makefu/2configs/urlwatch> + # Removed until move: avoid double-update of domain + # <stockholm/makefu/2configs/hub.nix> + # Removed until move: avoid letsencrypt ban + ### Web + #<stockholm/makefu/2configs/nginx/share-download.nix> + #<stockholm/makefu/2configs/nginx/euer.test.nix> + #<stockholm/makefu/2configs/nginx/euer.mon.nix> + #<stockholm/makefu/2configs/nginx/euer.wiki.nix> + #<stockholm/makefu/2configs/nginx/euer.blog.nix> + ## <stockholm/makefu/2configs/nginx/gum.krebsco.de.nix> + #<stockholm/makefu/2configs/nginx/public_html.nix> + #<stockholm/makefu/2configs/nginx/update.connector.one.nix> + #<stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> + + #<stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> + #<stockholm/makefu/2configs/deployment/graphs.nix> + #<stockholm/makefu/2configs/deployment/owncloud.nix> + #<stockholm/makefu/2configs/deployment/boot-euer.nix> + #<stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> + + { + services.taskserver.enable = true; + services.taskserver.fqdn = config.krebs.build.host.name; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.home.users = [ "makefu" ]; + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport 53589 -j ACCEPT + ''; + } + + + <stockholm/makefu/2configs/stats/client.nix> + # <stockholm/makefu/2configs/logging/client.nix> + + ## Temporary: + # <stockholm/makefu/2configs/temp/rst-issue.nix> + <stockholm/makefu/2configs/virtualisation/docker.nix> + + #{ + # services.dockerRegistry.enable = true; + # networking.firewall.allowedTCPPorts = [ 8443 ]; + + # services.nginx.virtualHosts."euer.krebsco.de" = { + # forceSSL = true; + # enableACME = true; + # extraConfig = '' + # client_max_body_size 1000M; + # ''; + # locations."/".proxyPass = "http://localhost:5000"; + # }; + #} + { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; + } + { # iperf3 + networking.firewall.allowedUDPPorts = [ 5201 ]; + networking.firewall.allowedTCPPorts = [ 5201 ]; + } + + ]; + makefu.dl-dir = "/var/download"; + + services.openssh.hostKeys = [ + { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } + { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ]; + ###### stable + services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; + krebs.build.host = config.krebs.hosts.gum; + + krebs.tinc.retiolum = { + extraConfig = '' + ListenAddress = ${external-ip} 53 + ListenAddress = ${external-ip} 655 + ListenAddress = ${external-ip} 21031 + ''; + connectTo = [ + "muhbaasu" "tahoe" "flap" "wry" + "ni" + "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" + ]; + }; + + + # access + users.users = { + root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-omo.pubkey ]; + makefu.openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey config.krebs.users.makefu-bob.pubkey ]; + }; + + # Chat + environment.systemPackages = with pkgs;[ + weechat + bepasty-client-cli + get + tmux + ]; + services.bitlbee = { + enable = true; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; + + # Hardware + + # Network + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ + # smtp + 25 + # http + 80 443 + # httptunnel + 8080 8443 + # tinc + 655 + # tinc-shack + 21032 + # tinc-retiolum + 21031 + # taskserver + 53589 + # temp vnc + 18001 + # temp reverseshell + 31337 + ]; + allowedUDPPorts = [ + # tinc + 655 53 + # tinc-retiolum + 21031 + # tinc-shack + 21032 + ]; + }; + nameservers = [ "8.8.8.8" ]; + }; + users.users.makefu.extraGroups = [ "download" "nginx" ]; + boot.tmpOnTmpfs = true; +} diff --git a/makefu/1systems/nextgum/hardware-config.nix b/makefu/1systems/nextgum/hardware-config.nix new file mode 100644 index 000000000..36fea6544 --- /dev/null +++ b/makefu/1systems/nextgum/hardware-config.nix @@ -0,0 +1,80 @@ +{ config, ... }: +let + external-mac = "50:46:5d:9f:63:6b"; + main-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_13H8863AS"; + sec-disk = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA300_23OJ2GJAS"; + external-gw = "144.76.26.225"; + # single partition, label "nixos" + # cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/809cf38 -L | tar zx ; mv * nixpkgs && touch .populate + + + # static + external-ip = "144.76.26.247"; + external-ip6 = "2a01:4f8:191:12f6::2"; + external-gw6 = "fe80::1"; + external-netmask = 27; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in { + imports = [ + ]; + makefu.server.primary-itf = ext-if; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = external-gw6; + defaultGateway = external-gw; + }; + boot.kernelParams = [ ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ main-disk ]; + boot.initrd.availableKernelModules = [ + "ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci" + "xhci_pci" "ehci_pci" "ahci" "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + hardware.enableRedistributableFirmware = true; + fileSystems."/" = { + device = "/dev/mapper/nixos-root"; + fsType = "ext4"; + }; + fileSystems."/boot" = { + device = "/dev/sda2"; + fsType = "vfat"; + }; + # parted -s -a optimal "$disk" \ + # mklabel gpt \ + # mkpart no-fs 0 1024KiB \ + # set 1 bios_grub on \ + # mkpart ESP fat32 1025KiB 1024MiB set 2 boot on \ + # mkpart primary 1025MiB 100% + # parted -s -a optimal "/dev/sdb" \ + # mklabel gpt \ + # mkpart primary 1M 100% + + #mkfs.vfat /dev/sda2 + #pvcreate /dev/sda3 + #pvcreate /dev/sdb1 + #vgcreate nixos /dev/sda3 /dev/sdb1 + #lvcreate -L 120G -n root nixos + #mkfs.ext4 /dev/mapper/nixos-root + #mount /dev/mapper/nixos-root /mnt + #mkdir /mnt/boot + #mount /dev/sda2 /mnt/boot + #mkdir -p /mnt/var/src + #touch /mnt/var/src/.populate + +} diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix new file mode 100644 index 000000000..413889c47 --- /dev/null +++ b/makefu/1systems/nextgum/source.nix @@ -0,0 +1,5 @@ +import <stockholm/makefu/source.nix> { + name="nextgum"; + torrent = true; + clever_kexec = true; +} diff --git a/makefu/1systems/nextgum/transfer-config.nix b/makefu/1systems/nextgum/transfer-config.nix new file mode 100644 index 000000000..92df60195 --- /dev/null +++ b/makefu/1systems/nextgum/transfer-config.nix @@ -0,0 +1,7 @@ +{ config, lib, ... }: +# configuration which is only required for the time of the transfer +{ + krebs.tinc.retiolum.connectTo = [ "gum" ]; + krebs.build.host = lib.mkForce config.krebs.hosts.nextgum; +} + diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index c209b83f6..61182f6c3 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -38,6 +38,7 @@ let priv-repos = mapAttrs make-priv-repo { autosync = { }; + fenkins = { }; pass = { }; }; diff --git a/makefu/2configs/hub.nix b/makefu/2configs/hub.nix new file mode 100644 index 000000000..a121157d4 --- /dev/null +++ b/makefu/2configs/hub.nix @@ -0,0 +1,102 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import <stockholm/lib>; +let + ddclientUser = "ddclient"; + sec = toString <secrets>; + nsupdate = import "${sec}/nsupdate-hub.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ext-if = config.makefu.server.primary-itf; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + protocol=dyndns2 + use=web, web=http://ipv4.nsupdate.info/myip + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + '') dict)} + ''; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + redis.serviceConfig.LimitNOFILE=10032; + ddclient-nsupdate-uhub = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 + ''; + systemd.services.uhub.serviceConfig = { + PrivateTmp = true; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "uhub-pre" '' + cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt + cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key + cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql + chown uhub /tmp/* + ''; + + }; + services.uhub = { + enable = true; + port = 1511; + enableTLS = true; + hubConfig = '' + hub_name = "krebshub" + tls_certificate = /tmp/uhub.crt + tls_private_key = /tmp/uhub.key + registered_users_only = true + ''; + plugins = { + welcome = { + enable = true; + motd = "shareit"; + rules = "1. Don't be an asshole"; + }; + history = { + enable = true; + }; + authSqlite = { + enable = true; + file = "/tmp/uhub.sql"; + }; + + }; + }; + networking.firewall.allowedTCPPorts = [ 411 1511 ]; +} diff --git a/makefu/source.nix b/makefu/source.nix index 56d9095b2..fac1c0282 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -20,12 +20,15 @@ let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; # TODO: automate updating of this ref + cherry-picks - ref = "60b6ab055ad"; # nixos-18.03 @ 2018-05-31 + ref = "14946ec63a1"; # nixos-18.03 @ 2018-05-31 # + do_sqlite3 ruby: 55a952be5b5 # + exfat-nofuse bump: ee6a5296a35 + # + uhub/sqlite: 5dd7610401747 + # + forecastio: f27584df02337 in evalSource (toString _file) [ diff --git a/mv/source.nix b/mv/source.nix index 1a7b83961..29dfe9723 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -7,6 +7,7 @@ host@{ name, override ? {} }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in diff --git a/nin/source.nix b/nin/source.nix index ae13c5583..a4bf0a98c 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -7,6 +7,7 @@ host@{ name, secure ? false }: let pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in @@ -1,6 +1,11 @@ let lib = import ./lib; - pkgs = import <nixpkgs> { overlays = [(import ./krebs/5pkgs)]; }; + pkgs = import <nixpkgs> { + overlays = [ + (import ./krebs/5pkgs) + (import ./submodules/nix-writers/pkgs) + ]; + }; in pkgs.stdenv.mkDerivation { name = "stockholm"; diff --git a/submodules/nix-writers b/submodules/nix-writers new file mode 160000 +Subproject 4d0829328e885a6d7163b513998a975e60dd0a7 diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 6598393a2..400d179d0 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -111,7 +111,7 @@ let { command! -n=0 -bar ShowSyntax :call ShowSyntax() ''; }))) - ((rtp: rtp // { inherit rtp; }) (pkgs.writeOut "vim-tv" { + ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { "/syntax/haskell.vim".text = /* vim */ '' syn region String start=+\[[[:alnum:]]*|+ end=+|]+ diff --git a/tv/5pkgs/simple/xmonad-tv/default.nix b/tv/5pkgs/simple/xmonad-tv/default.nix index cb59e8517..1168f10c8 100644 --- a/tv/5pkgs/simple/xmonad-tv/default.nix +++ b/tv/5pkgs/simple/xmonad-tv/default.nix @@ -1,5 +1,5 @@ { pkgs, ... }: -pkgs.writeHaskell "xmonad-tv" { +pkgs.writeHaskellPackage "xmonad-tv" { executables.xmonad = { extra-depends = [ "containers" diff --git a/tv/source.nix b/tv/source.nix index 14527d956..c0df06567 100644 --- a/tv/source.nix +++ b/tv/source.nix @@ -9,6 +9,7 @@ with import <stockholm/lib>; pkgs = import <nixpkgs> { overlays = map import [ <stockholm/krebs/5pkgs> + <stockholm/submodules/nix-writers/pkgs> ]; }; in |