diff options
55 files changed, 709 insertions, 126 deletions
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index daf9bd9d0..e7ece87b6 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -22,6 +22,7 @@ with import <stockholm/lib>; environment.systemPackages = with pkgs; [ git + vim rxvt_unicode.terminfo ]; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index cae0d1f37..7aeeb1f21 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -43,7 +43,7 @@ with import <stockholm/lib>; cores = 2; nets = rec { internet = { - ip4.addr = "104.233.79.118"; + ip4.addr = "45.62.226.163"; aliases = [ "echelon.i" ]; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 81db2d411..68cba633b 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -113,14 +113,6 @@ with import <stockholm/lib>; }; kaepsele = { nets = { - internet = { - ip4.addr = "92.222.10.169"; - aliases = [ - "kaepsele.i" - "kaepsele.internet" - # TODO "kaepsele.org" - ]; - }; retiolum = { ip4.addr = "10.243.166.2"; ip6.addr = "42:b9d:6660:d07c:2bb7:4e91:1a01:2e7d"; @@ -129,17 +121,18 @@ with import <stockholm/lib>; ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAxj7kaye4pGLou7mVRTVgtcWFjuEosJlxVg24gM7nU1EaoRnBD93/ - Y3Je7BSUbz5xMXr5SFTPSkitInL7vU+jDOf2bEpqv+uUJAJIz85494oPS9xocdWo - rQsrQRAtOg4MLD+YIoAxQm2Mc4nt2CSE1+UP4uXGxpuh0c051b+9Kmwv1bTyHB9y - y01VSkDvNyHk5eA+RGDiujBAzhi35hzTlQgCJ3REOBiq4YmE1d3qpk3oNiYUcrcu - yFzQrSRIfhXjuzIR+wxqS95HDUsewSwt9HgkjJzYF5sQZSea0/XsroFqZyTJ8iB5 - FQx2emBqB525cWKOt0f5jgyjklhozhJyiwIDAQAB + MIIBCgKCAQEA4+kDaKhCBNlpHqRCA2R6c4UEFk0OaiPwHvjmBBjpihTJVyffIEYm + QFZ5ZNkaVumSOAgKk9ygppO9WsNasl1ag+IRWik9oupdzEkNjgvOMBVJGhcwGZGF + 6UEY5sdA1n0qg74og5BGSiXUBiaahVM0rAfCNk8gV3qrot5kWJMQLb9BKabJ56eb + JrgWepxuVaw3BoEhz6uusuvw5i1IF382L8R11hlvyefifXONFOAUjCrCr0bCb4uK + ZZcRUU35pbHLDXXTOrOarOO1tuVGu85VXo3S1sLaaouHYjhTVT8bxqbwcNhxBXYf + ONLv0f7G5XwecgUNbE6ZTfjV5PQKaww3lwIDAQAB -----END RSA PUBLIC KEY----- ''; }; }; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA9cDUg7qm37uOhQpdKSgpnJPWao9VZR6LFNphVcJQ++gYvVgWu6WMhigiy7DcGQSStUlXkZc4HZBBugwwNWcf7aAF6ijBuG5rVwb9AFQmSexpTOfWap33iA5f+LXYFHe7iv4Pt9TYO1ga1Ryl4EGKb7ol2h5vbKC+JiGaDejB0WqhBAyrTg4tTWO8k2JT11CrlTjNVctqV0IVAMtTc/hcJcNusnoGD4ic0QGSzEMYxcIGRNvIgWmxhI6GHeaHxXWH5fv4b0OpLlDfVUsIvEo9KVozoLGm/wgLBG/tQXKaF9qVMVgOYi9sX/hDLwhRrcD2cyAlq9djo2pMARYiriXF"; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wr36T0MmB8pnSO5/pw9/Dfe5+IMgVHOhm6EUa55jj"; }; mu = { cores = 2; diff --git a/krebs/source.nix b/krebs/source.nix index db30e1e35..400826351 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "0590ecbe9e6b9a076065be29370701da758c61f1"; # nixos-17.03 @ 2017-07-30 + ref = "51a83266d164195698f04468d90d2c6238ed3491"; # nixos-17.03 @ 2017-07-30 }; } diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 290d8a780..36daea1d5 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -1,23 +1,75 @@ +with import <stockholm/lib>; { config, pkgs, ... }: { imports = [ <stockholm/lass> <stockholm/lass/2configs/hw/x220.nix> - <stockholm/lass/2configs/boot/stock-x220.nix> + <stockholm/lass/2configs/boot/coreboot.nix> - <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/git.nix> - <stockholm/lass/2configs/exim-retiolum.nix> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/browsers.nix> - <stockholm/lass/2configs/programs.nix> - <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/backups.nix> - <stockholm/lass/2configs/games.nix> + { + # bubsy config + users.users.bubsy = { + uid = genid "bubsy"; + home = "/home/bubsy"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + }; + networking.networkmanager.enable = true; + networking.wireless.enable = mkForce false; + hardware.pulseaudio = { + enable = true; + systemWide = true; + }; + environment.systemPackages = with pkgs; [ + pavucontrol + firefox + hexchat + networkmanagerapplet + ]; + services.xserver.enable = true; + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + } + { + krebs.per-user.bitcoin.packages = [ + pkgs.electrum + ]; + users.extraUsers = { + bitcoin = { + name = "bitcoin"; + description = "user for bitcoin stuff"; + home = "/home/bitcoin"; + useDefaultShell = true; + createHome = true; + }; + }; + security.sudo.extraConfig = '' + bubsy ALL=(bitcoin) NOPASSWD: ALL + ''; + } ]; + time.timeZone = "Europe/Berlin"; + + hardware.trackpoint = { + enable = true; + sensitivity = 220; + speed = 0; + emulateWheel = true; + }; + + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + krebs.build.host = config.krebs.hosts.daedalus; fileSystems = { @@ -29,7 +81,7 @@ }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; } diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 0b048a2b1..be064bed2 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -37,6 +37,7 @@ with import <stockholm/lib>; }; }; boot.kernelParams = [ "copytoram" ]; + networking.hostName = "lass-iso"; } { krebs.enable = true; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 2cb6a7519..bb6f84c7b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -5,7 +5,7 @@ with import <stockholm/lib>; imports = [ <stockholm/lass> <stockholm/lass/2configs/hw/x220.nix> - <stockholm/lass/2configs/boot/coreboot.nix> + <stockholm/lass/2configs/boot/stock-x220.nix> <stockholm/lass/2configs/mouse.nix> <stockholm/lass/2configs/retiolum.nix> @@ -104,8 +104,8 @@ with import <stockholm/lib>; }; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="08:11:96:0a:5d:6c", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:24:d7:f0:e8:c8", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:8f:8a:78", NAME="et0" ''; #TODO activationScripts seem broken, fix them! @@ -139,7 +139,6 @@ with import <stockholm/lib>; urban mk_sql_pair remmina - thunderbird iodine diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 5d05ae399..744bae551 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -298,6 +298,22 @@ in { localAddress = "10.233.2.2"; }; } + { + #kaepsele + containers.kaepsele = { + config = { ... }: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + tv.pubkey + ]; + }; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index b707f4388..0b9499982 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -44,6 +44,10 @@ with import <stockholm/lib>; krebs.build.host = config.krebs.hosts.skynet; + services.logind.extraConfig = '' + HandleLidSwitch=ignore + ''; + #fileSystems = { # "/bku" = { # device = "/dev/mapper/pool-bku"; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 86d0ac7c1..3a99e65a0 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -48,6 +48,7 @@ in { acpi dic dmenu + gi gitAndTools.qgit lm_sensors haskellPackages.hledger diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 728e265f6..611e1b9da 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -40,6 +40,7 @@ with import <stockholm/lib>; { from = "patreon@lassul.us"; to = lass.mail; } { from = "steam@lassul.us"; to = lass.mail; } { from = "securityfocus@lassul.us"; to = lass.mail; } + { from = "radio@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index d3f5d1f39..eb606037e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -80,7 +80,7 @@ let public = true; }; - make-restricted-repo = name: { collaborators ? [], announce ? false, ... }: { + make-restricted-repo = name: { collaborators ? [], announce ? false, hooks ? {}, ... }: { inherit collaborators name; public = false; hooks = optionalAttrs announce { @@ -93,7 +93,7 @@ let # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; }; - }; + } // hooks; }; make-rules = diff --git a/lass/2configs/ircd.nix b/lass/2configs/ircd.nix index b72e2b087..ee4c0216c 100644 --- a/lass/2configs/ircd.nix +++ b/lass/2configs/ircd.nix @@ -13,7 +13,6 @@ sid = "1as"; description = "miep!"; network_name = "irc.retiolum"; - network_desc = "Retiolum IRC Network"; hub = yes; vhost = "0.0.0.0"; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index ee0c3f938..9f9bb24fa 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -72,13 +72,13 @@ let ''} %r |" virtual-mailboxes \ + "Unread" "notmuch://?query=tag:unread"\ "INBOX" "notmuch://?query=tag:inbox \ and NOT tag:killed \ and NOT to:shackspace \ and NOT to:c-base \ and NOT from:security-alert@hpe.com \ and NOT to:nix-devel"\ - "Unread" "notmuch://?query=tag:unread"\ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\ "security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\ diff --git a/lass/2configs/newsbot-js.nix b/lass/2configs/newsbot-js.nix index 9983fd567..5e028a3fb 100644 --- a/lass/2configs/newsbot-js.nix +++ b/lass/2configs/newsbot-js.nix @@ -15,7 +15,6 @@ let bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#news #bundestag bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#news bitcoinpakistan|https://bitcoinspakistan.com/feed/|#news #financial - c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#news carta|http://feeds2.feedburner.com/carta-standard-rss|#news catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#news @@ -27,7 +26,11 @@ let ccc|http://www.ccc.de/rss/updates.rdf|#news chan_b|https://boards.4chan.org/b/index.rss|#brainfuck chan_biz|https://boards.4chan.org/biz/index.rss|#news #brainfuck + chan_g|https://boards.4chan.org/g/index.rss|#news chan_int|https://boards.4chan.org/int/index.rss|#news #brainfuck + chan_sci|https://boards.4chan.org/sci/index.rss|#news + chan_x|https://boards.4chan.org/x/index.rss|#news + c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#news cryptogon|http://www.cryptogon.com/?feed=rss2|#news csm|http://rss.csmonitor.com/feeds/csm|#news csm_world|http://rss.csmonitor.com/feeds/world|#news @@ -61,6 +64,7 @@ let greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#news guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#news gulli|http://ticker.gulli.com/rss/|#news + hackernews|https://news.ycombinator.com/rss|#news handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#news #financial heise|https://www.heise.de/newsticker/heise-atom.xml|#news hindu_business|http://www.thehindubusinessline.com/?service=rss|#news #financial @@ -100,7 +104,12 @@ let reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#news #brainfuck reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#news reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#news #financial + reddit_consp|http://reddit.com/r/conspiracy/.rss|#news + reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news + reddit_nix|http://www.reddit.com/r/nixos/.rss|#news reddit_prog|http://www.reddit.com/r/programming/new/.rss|#news + reddit_sci|http://www.reddit.com/r/science/.rss|#news + reddit_tech|http://www.reddit.com/r/technology/.rss|#news reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#news #tpp reddit_world|http://www.reddit.com/r/worldnews/.rss|#news r-ethereum|http://www.reddit.com/r/ethereum/.rss|#news @@ -156,16 +165,6 @@ let wp_world|http://feeds.washingtonpost.com/rss/rss_blogpost|#news xkcd|https://xkcd.com/rss.xml|#news zdnet|http://www.zdnet.com/news/rss.xml|#news - - chan_g|https://boards.4chan.org/g/index.rss|#news - chan_x|https://boards.4chan.org/x/index.rss|#news - chan_sci|https://boards.4chan.org/sci/index.rss|#news - reddit_consp|http://reddit.com/r/conspiracy/.rss|#news - reddit_sci|http://www.reddit.com/r/science/.rss|#news - reddit_tech|http://www.reddit.com/r/technology/.rss|#news - reddit_nix|http://www.reddit.com/r/nixos/.rss|#news - reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news - hackernews|https://news.ycombinator.com/rss|#news ''; in { environment.systemPackages = [ diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 22ec7efa9..38a9550df 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -98,6 +98,7 @@ myKeyMap = [ ("M4-<F11>", spawn "${pkgs.i3lock}/bin/i3lock -i /var/lib/wallpaper/wallpaper -f") , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") + , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix index 9dbe67429..7accb13d3 100644 --- a/makefu/1systems/darth/config.nix +++ b/makefu/1systems/darth/config.nix @@ -3,44 +3,62 @@ with import <stockholm/lib>; let byid = dev: "/dev/disk/by-id/" + dev; - rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039"; - auxDisk = byid "ata-HGST_HTS721010A9E630_JR10006PH3A02F"; - dataPartition = auxDisk + "-part1"; + rootDisk = byid "ata-INTEL_SSDSC2BW480H6_CVTR53120385480EGN"; + bootPart = rootDisk + "-part1"; + rootPart = rootDisk + "-part2"; allDisks = [ rootDisk ]; # auxDisk in { imports = [ <stockholm/makefu> - <stockholm/makefu/2configs/fs/single-partition-ext4.nix> + <stockholm/makefu/2configs/fs/sda-crypto-root.nix> + <stockholm/makefu/2configs/sshd-totp.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/smart-monitor.nix> <stockholm/makefu/2configs/exim-retiolum.nix> - <stockholm/makefu/2configs/virtualisation/libvirt.nix> + # <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/share/temp-share-samba.nix> + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/nsupdate-data.nix> + + # SIEM + #<stockholm/makefu/2configs/tinc/siem.nix> + # {services.tinc.networks.siem = { + # name = "sdarth"; + # extraConfig = "ConnectTo = sjump"; + # }; + # } + + # { + # makefu.forward-journal = { + # enable = true; + # src = "10.8.10.2"; + # dst = "10.8.10.6"; + # }; + # } + + ## Sharing + # <stockholm/makefu/2configs/share/temp-share-samba.nix> + #{ + # services.samba.shares = { + # isos = { + # path = "/data/isos/"; + # "read only" = "yes"; + # browseable = "yes"; + # "guest ok" = "yes"; + # }; + # }; + #} + <stockholm/makefu/2configs/share/anon-ftp.nix> ]; - services.samba.shares = { - isos = { - path = "/data/isos/"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - services.tinc.networks.siem = { - name = "sdarth"; - extraConfig = "ConnectTo = sjump"; - }; - makefu.forward-journal = { - enable = true; - src = "10.8.10.2"; - dst = "10.8.10.6"; - }; - #networking.firewall.enable = false; + #networking.firewall.enable = false; + makefu.server.primary-itf = "enp0s25"; + krebs.hidden-ssh.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; @@ -49,31 +67,28 @@ in { firewall = { allowPing = true; logRefusedConnections = false; - trustedInterfaces = [ "eno1" ]; + # trustedInterfaces = [ "eno1" ]; allowedUDPPorts = [ 80 655 1655 67 ]; allowedTCPPorts = [ 80 655 1655 ]; }; # fallback connection to the internal virtual network - interfaces.virbr3.ip4 = [{ - address = "10.8.8.2"; - prefixLength = 24; - }]; + # interfaces.virbr3.ip4 = [{ + # address = "10.8.8.2"; + # prefixLength = 24; + # }]; }; # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; - zramSwap.enable = true; - - #fileSystems."/data" = { - # device = dataPartition; - # fsType = "ext4"; - #}; boot.loader.grub.device = rootDisk; - - users.users.root.openssh.authorizedKeys.keys = [ - config.krebs.users.makefu-omo.pubkey - config.krebs.users.makefu-vbob.pubkey + boot.initrd.luks.devices = [ + { name = "luksroot"; + device = rootPart; + allowDiscards = true; + keyFileSize = 4096; + keyFile = "/dev/sdb"; + } ]; krebs.build.host = config.krebs.hosts.darth; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index bbb8cfe11..110edc130 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -9,6 +9,7 @@ let external-gw6 = "fe80::1"; external-netmask = 22; external-netmask6 = 64; + ext-if = "et0"; # gets renamed on the fly internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; main-disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0-0-0-0"; in { @@ -41,6 +42,7 @@ in { <stockholm/makefu/2configs/sabnzbd.nix> <stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/iodined.nix> + <stockholm/makefu/2configs/vpn/openvpn-server.nix> ## Web <stockholm/makefu/2configs/nginx/share-download.nix> @@ -94,7 +96,7 @@ in { ]; }; - + makefu.server.primary-itf = ext-if; # access users.users = { @@ -120,7 +122,7 @@ in { # Network services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" ''; boot.kernelParams = [ ]; networking = { @@ -152,14 +154,16 @@ in { 21032 ]; }; - interfaces.et0.ip4 = [{ - address = external-ip; - prefixLength = external-netmask; - }]; - interfaces.et0.ip6 = [{ - address = external-ip6; - prefixLength = external-netmask6; - }]; + interfaces."${ext-if}" = { + ip4 = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ip6 = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; defaultGateway6 = external-gw6; defaultGateway = external-gw; nameservers = [ "8.8.8.8" ]; diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 368655575..8e8c8a736 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -42,6 +42,14 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/virtualbox.nix> + { + networking.firewall.allowedTCPPorts = [ 8080 ]; + networking.nat = { + enable = true; + externalInterface = "wlp3s0"; + internalInterfaces = [ "vboxnet0" ]; + }; + } # Services <stockholm/makefu/2configs/git/brain-retiolum.nix> @@ -81,6 +89,7 @@ with import <stockholm/lib>; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ]; networking.firewall.allowedUDPPorts = [ 665 26061 ]; + networking.firewall.trustedInterfaces = [ "vboxnet0" ]; krebs.build.host = config.krebs.hosts.x; diff --git a/makefu/2configs/audio/jack-on-pulse.nix b/makefu/2configs/audio/jack-on-pulse.nix index a8ee05c7d..e18b2192a 100644 --- a/makefu/2configs/audio/jack-on-pulse.nix +++ b/makefu/2configs/audio/jack-on-pulse.nix @@ -45,7 +45,7 @@ in Restart = "always"; RestartSec = "5"; }; - # after = [ "display-manager.service" "sound.target" ]; + after = [ "display-manager.service" "sound.target" ]; wantedBy = [ "default.target" ]; }; }; diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 1cc78bfc1..166365ba0 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -31,6 +31,7 @@ in { krebs.backup.plans = { # wry-to-omo_root = defaultPull config.krebs.hosts.wry "/"; gum-to-omo_root = defaultPull config.krebs.hosts.gum "/"; + # wolf-to-omo_root = defaultPull config.krebs.hosts.wolf "/"; }; environment.systemPackages = [ pkgs.borgbackup diff --git a/makefu/2configs/deployment/gitlab.nix b/makefu/2configs/deployment/gitlab.nix new file mode 100644 index 000000000..d61f50c1d --- /dev/null +++ b/makefu/2configs/deployment/gitlab.nix @@ -0,0 +1,39 @@ +{ lib, config, ... }: +let + web-port = 19453; + hostn = "gitlab.makefu.r"; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; +in { + + services.gitlab = { + enable = true; + https = false; + port = web-port; + secrets = import <secrets/gitlab/secrets.nix>; + databasePassword = import <secrets/gitlab/dbpw.nix>; + initialRootEmail = "makefu@x.r"; + initialRootPassword = import <secrets/gitlab/rootpw.nix>; + host = hostn; + smtp = { + enable = true; + domain = "r"; + enableStartTLSAuto = false; + port = 25; + }; + }; + + services.nginx = { + enable = lib.mkDefault true; + virtualHosts."${hostn}".locations."/" = { + proxyPass = "http://localhost:${toString web-port}/"; + extraConfig = '' + if ( $server_addr != "${internal-ip}" ) { + return 403; + } + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + }; + }; +} diff --git a/makefu/2configs/elchos/search.nix b/makefu/2configs/elchos/search.nix index 5777be373..521bfc80a 100644 --- a/makefu/2configs/elchos/search.nix +++ b/makefu/2configs/elchos/search.nix @@ -23,10 +23,21 @@ let pid=${ddclientPIDFile} ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + protocol=dyndns2 use=if, if=${primary-itf} - protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user} - #usev6=if, if=${primary-itf} - #protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user} + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + protocol=dyndns2 + usev5=if, if=${primary-itf} + ssl=yes + server=ipv6.nsupdate.info + login=${user} + password='${pass}' + ${user} '') dict)} ''; diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index cfa703aaf..55cfd74f5 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -4,6 +4,12 @@ # sda1: boot ext4 (label nixboot) - must be unlocked on boot if required: # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; # sda2: cryptoluks -> ext4 + +# fdisk /dev/sda + # boot 500M + # rest rest +# cryptsetup luksFormat /dev/sda2 +# with import <stockholm/lib>; { boot = { diff --git a/makefu/2configs/git/gitlab-runner-shackspace.nix b/makefu/2configs/git/gitlab-runner-shackspace.nix new file mode 100644 index 000000000..a5a1247ba --- /dev/null +++ b/makefu/2configs/git/gitlab-runner-shackspace.nix @@ -0,0 +1,32 @@ +{ config, ... }: +let + url = "https://git.shackspace.de/"; + # generate token from CI-token via: + ## gitlab-runner register + token = import <secrets/shackspace-gitlab-ci-token.nix> ; +in { + virtualisation.docker.enable = true; + services.gitlab-runner = { + enable = true; + gracefulTimeout = "120min"; + # configFile = "/var/src/secrets/runner.toml"; + configOptions = { + concurrent = 2; + runners = [{ + name = "nix-krebs-1.11"; + inherit token url; + executor = "docker"; + builds_dir = ""; + docker = { + host = ""; + image = "nixos/nix:1.11"; + privileged = false; + disable_cache = false; + volumes = ["/cache"]; + shm_size = 0; + }; + cache = {}; + }]; + }; + }; +} diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix index c705b52a7..14572b35c 100644 --- a/makefu/2configs/hw/tp-x230.nix +++ b/makefu/2configs/hw/tp-x230.nix @@ -33,8 +33,8 @@ with import <stockholm/lib>; Option "Backlight" "intel_backlight" ''; }; - # no entropy source working - # security.rngd.enable = true; + + security.rngd.enable = true; services.xserver.displayManager.sessionCommands ='' xinput set-int-prop "TPPS/2 IBM TrackPoint" "Evdev Wheel Emulation" 8 1 diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix new file mode 100644 index 000000000..de834ab16 --- /dev/null +++ b/makefu/2configs/lanparty/samba.nix @@ -0,0 +1,31 @@ +{config, ... }:{ + networking.firewall.allowedUDPPorts = [ 137 138 ]; + networking.firewall.allowedTCPPorts = [ 139 445 ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/data/lanparty"; + createHome = true; + }; + services.samba = { + enable = true; + shares = { + share-home = { + path = "/data/lanparty/"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix new file mode 100644 index 000000000..cfa6193c6 --- /dev/null +++ b/makefu/2configs/nsupdate-data.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import <stockholm/lib>; +let + #primary-itf = "eth0"; + #primary-itf = "wlp2s0"; + primary-itf = config.makefu.server.primary-itf; + ddclientUser = "ddclient"; + sec = toString <secrets>; + nsupdate = import "${sec}/nsupdate-data.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + use=if, if=${primary-itf} protocol=dyndns2, server=ipv4.nsupdate.info, login=${user}, password='${pass}' ${user} + usev6=if, if=${primary-itf} protocol=dyndns2, server=ipv6.nsupdate.info, login=${user}, password='${pass}' ${user} + '') dict)} + ''; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + ddclient-nsupdate-elchos = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; +} diff --git a/makefu/2configs/share/anon-ftp.nix b/makefu/2configs/share/anon-ftp.nix index 471f22cba..d2a535f97 100644 --- a/makefu/2configs/share/anon-ftp.nix +++ b/makefu/2configs/share/anon-ftp.nix @@ -1,6 +1,6 @@ { config, lib, ... }: let - ftpdir = "/home/ftp"; + ftpdir = "/data"; in { networking.firewall = { allowedTCPPorts = [ 20 21 ]; diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index e578f43d3..f5942a0f7 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import <stockholm/lib>; let hostname = config.krebs.build.host.name; in { @@ -11,7 +11,7 @@ in { # home = "/var/empty"; # }; - users.users.download = { }; + users.users.download.uid = genid "download"; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 3f65424cc..da8a357ae 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -10,5 +10,8 @@ apktool jd-gui android-studio + jdk + jre + openssl ]; } diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 42006eb22..6681484fd 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -1,9 +1,10 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs;[ + users.users.makefu.packages = with pkgs;[ python35Packages.virtualenv # embedded + gi flashrom mosquitto libcoap diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 1e68e935c..b2d616764 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -13,5 +13,6 @@ # Dev saleae-logic arduino-user-env + gitAndTools.gitFull ]; } diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index f17bcdc3a..47b5d7fc3 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -1,6 +1,11 @@ { config, lib, ... }: -{ +let + grss = name: { #github rss feed + url = "https://github.com/${name}/releases.atom"; + filter = "grepi:(<updated|<media.thumbnail)"; + }; +in { krebs.urlwatch = { enable = true; mailto = config.krebs.users.makefu.mail; @@ -10,14 +15,7 @@ ## nixpkgs maintenance # github ## No rate limit - https://github.com/amadvance/snapraid/releases.atom - https://github.com/radare/radare2/releases.atom - https://github.com/ovh/python-ovh/releases.atom - https://github.com/embray/d2to1/releases.atom - https://github.com/Mic92/vicious/releases.atom - https://github.com/embray/d2to1/releases.atom - https://github.com/dorimanx/exfat-nofuse/releases.atom - https://github.com/rapid7/metasploit-framework/releases.atom + ## rate limited # https://api.github.com/repos/dorimanx/exfat-nofuse/commits # https://api.github.com/repos/mcepl/gen-oath-safe/commits @@ -39,6 +37,15 @@ filter = "grep:Software/Linux/dymo-cups-drivers"; } # TODO: dymo cups + ] ++ map grss [ + "amadvance/snapraid" + "radare/radare2" + "ovh/python-ovh" + "embray/d2to1" + "Mic92/vicious" + "embray/d2to1" + "dorimanx/exfat-nofuse" + "rapid7/metasploit-framework" ]; }; } diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix index 227d73c81..524caf8f5 100644 --- a/makefu/2configs/vim.nix +++ b/makefu/2configs/vim.nix @@ -21,6 +21,9 @@ in { vimrcConfig.customRC = '' set nocompatible syntax on + set list + set listchars=tab:▸ + "set list listchars=tab:>-,trail:.,extends:> filetype off filetype plugin indent on diff --git a/makefu/2configs/virtualisation/docker.nix b/makefu/2configs/virtualisation/docker.nix index 98fd980cc..ddef9e371 100644 --- a/makefu/2configs/virtualisation/docker.nix +++ b/makefu/2configs/virtualisation/docker.nix @@ -1,4 +1,8 @@ -{...}: +{ pkgs, ... }: { virtualisation.docker.enable = true; + environment.systemPackages = with pkgs;[ + docker + docker_compose + ]; } diff --git a/makefu/5pkgs/cmpforopenssl/default.nix b/makefu/5pkgs/cmpforopenssl/default.nix new file mode 100644 index 000000000..3b9a20098 --- /dev/null +++ b/makefu/5pkgs/cmpforopenssl/default.nix @@ -0,0 +1,82 @@ +{ stdenv, fetchurl, buildPackages, perl, fetchgit +, hostPlatform +}: + +with stdenv.lib; + +let + + common = args@{ rev, sha256, patches ? [] }: stdenv.mkDerivation rec { + name = "cmpforopenssl-${rev}"; + + src = fetchgit { + url = "https://git.code.sf.net/p/cmpforopenssl/git"; + inherit sha256 rev; + fetchSubmodules = false; + deepClone = false; + }; + + patches = + (args.patches or []) + ++ [ ./nix-ssl-cert-file.patch ]; + + outputs = [ "bin" "dev" "out" "man" ]; + setOutputFlags = false; + separateDebugInfo = stdenv.isLinux; + + nativeBuildInputs = [ perl ]; + + configureScript = "./config"; + + configureFlags = [ + "shared" + "--libdir=lib" + "--openssldir=etc/ssl" + ] ; + + makeFlags = [ "MANDIR=$(man)/share/man" ]; + + # Parallel building is broken in OpenSSL. + enableParallelBuilding = false; + + postInstall = '' + # If we're building dynamic libraries, then don't install static + # libraries. + if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then + rm "$out/lib/"*.a + fi + + mkdir -p $bin + mv $out/bin $bin/ + + mkdir $dev + mv $out/include $dev/ + + # remove dependency on Perl at runtime + rm -r $out/etc/ssl/misc + + rmdir $out/etc/ssl/{certs,private} + ''; + + postFixup = '' + # Check to make sure the main output doesn't depend on perl + if grep -r '${buildPackages.perl}' $out; then + echo "Found an erroneous dependency on perl ^^^" >&2 + exit 1 + fi + ''; + + + meta = { + homepage = https://sourceforge.net/p/cmpforopenssl ; + description = "A cryptographic library that implements the SSL and TLS protocols"; + platforms = stdenv.lib.platforms.all; + maintainers = [ stdenv.lib.maintainers.makefu ]; + priority = 0; # resolves collision with ‘man-pages’ + }; + }; + +in common { + rev = "462b3"; + sha256 = "1h2k1c4lg27gmsyd72zrlr303jw765x8sscxblq2jwb44jag85na"; + } diff --git a/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch b/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch new file mode 100644 index 000000000..b615f1482 --- /dev/null +++ b/makefu/5pkgs/cmpforopenssl/nix-ssl-cert-file.patch @@ -0,0 +1,14 @@ +diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c +--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200 ++++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200 +@@ -97,7 +97,9 @@ + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = (char *)getenv(X509_get_default_cert_file_env()); ++ file = (char *)getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = (char *)getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); diff --git a/makefu/5pkgs/alsa-tools/default.nix b/makefu/5pkgs/custom/alsa-tools/default.nix index 5134c10ec..5134c10ec 100644 --- a/makefu/5pkgs/alsa-tools/default.nix +++ b/makefu/5pkgs/custom/alsa-tools/default.nix diff --git a/makefu/5pkgs/custom/default.nix b/makefu/5pkgs/custom/default.nix new file mode 100644 index 000000000..626938cdc --- /dev/null +++ b/makefu/5pkgs/custom/default.nix @@ -0,0 +1,3 @@ +{}: +{ +} diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch new file mode 100644 index 000000000..5ea0a073e --- /dev/null +++ b/makefu/5pkgs/custom/inkscape/dxf_fix.patch @@ -0,0 +1,13 @@ +--- ./share/extensions/dxf_outlines.py 2017-02-14 00:46:57.000000000 +0100 ++++ ./share/extensions/dxf_outlines.py.new 2017-05-10 04:15:03.000000000 +0200 +@@ -340,7 +340,7 @@ + scale = eval(self.options.units) + if not scale: + scale = 25.4/96 # if no scale is specified, assume inch as baseunit +- h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0]) ++ h = self.unittouu(self.getDocumentHeight()) + self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]] + doc = self.document.getroot() + self.process_group(doc) + + diff --git a/makefu/5pkgs/qcma/default.nix b/makefu/5pkgs/custom/qcma/default.nix index 6eb1a971d..d67cda142 100644 --- a/makefu/5pkgs/qcma/default.nix +++ b/makefu/5pkgs/custom/qcma/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git, -gettext, automake, libxml2 , qmakeHook, makeQtWrapper, +gettext, automake, libxml2 , qmake, qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }: let libvitamtp = stdenv.mkDerivation rec { @@ -52,13 +52,14 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ]; - nativeBuildInputs = [ qmakeHook qttools pkgconfig makeQtWrapper ]; + nativeBuildInputs = [ qmake qttools pkgconfig ]; meta = { description = "Content Manager Assistant for the PS Vita"; homepage = https://github.com/codestation/qcma; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.linux; + broken = true; maintainers = with stdenv.lib.maintainers; [ makefu ]; }; } diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index bb776ef25..96975e54f 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -20,13 +20,17 @@ self: super: let (filterAttrs (_: eq "directory") (readDir path)); in { - alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";}; - alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";}; - alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";}; + alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";}; + alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; + alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; + qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client; - nodemcu-uploader = callPackage ./nodemcu-uploader {}; + nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; + inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { + patches = [ ./custom/inkscape/dxf_fix.patch ]; + }); pwqgen-ger = callPackage <stockholm/krebs/5pkgs/simple/passwdqc-utils> { - wordset-file = pkgs.fetchurl { + wordset-file = super.pkgs.fetchurl { url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ; sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb"; }; diff --git a/makefu/5pkgs/dionaea/default.nix b/makefu/5pkgs/dionaea/default.nix new file mode 100644 index 000000000..fef197c20 --- /dev/null +++ b/makefu/5pkgs/dionaea/default.nix @@ -0,0 +1,50 @@ +{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, + libpcap, libdnet, libevent, readline, autoconf, automake, libtool, zlib, pcre, + libev, + ... }: +let + liblcfg = stdenv.mkDerivation rec { + name = "liblcfg-${version}"; + version = "750bc90"; + src = fetchFromGitHub { + owner = "ThomasAdam"; + repo = "liblcfg"; + rev = version; + sha256 = "1k3r47p81paw5802jklx9xqbjrxr26pahipxn9nq3177qhxxibkr"; + }; + buildInputs = with pkgs;[ autoconf automake ]; + preConfigure = ''autoreconf -fi''; + sourceRoot = "${name}-src/code"; + }; +in stdenv.mkDerivation rec { + name = "liblcfg-${version}"; + + #version = "1.5c"; #original, does not compile due to libc errors + #src = fetchurl { + # url = "http://www.honeyd.org/uploads/honeyd-${version}.tar.gz"; + # sha256 = "0vcih16fk5pir5ssfil8x79nvi62faw0xvk8s5klnysv111db1ii"; + #}; + + #version = "64d087c"; # honeyd-1.6.7 + # sha256 = "0zhnn13r24y1q494xcfx64vyp84zqk8qmsl41fq2674230bn0p31"; + + version = "6756787f94c4f1ac53d1e5545d052774a0446c04"; + src = fetchFromGitHub { + owner = "rep"; + repo = "dionaea"; + rev = version; + sha256 = "04zjr9b7x0rqwzgb9gfxq6pclb817gz4qaghdl8xa79bqf9vv2p7"; + }; + + buildInputs = with pkgs;[ libtool automake autoconf ]; + configureFlags = [ + "--with-liblcfg=${liblcfg}" + "--with-libpcap=${libpcap}" + ]; + + meta = { + homepage = http://www.honeyd.org/; + description = "virtual Honeypots"; + license = lib.licenses.gpl2; + }; +} diff --git a/makefu/5pkgs/farpd/default.nix b/makefu/5pkgs/farpd/default.nix index d16400016..8dfcee90c 100644 --- a/makefu/5pkgs/farpd/default.nix +++ b/makefu/5pkgs/farpd/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { zlib coreutils python - pythonPackages.sqlite3 + pythonPackages.pysqlite ]; patches = [ ( fetchurl { diff --git a/makefu/5pkgs/libopencm3/default.nix b/makefu/5pkgs/libopencm3/default.nix new file mode 100644 index 000000000..ed35fc639 --- /dev/null +++ b/makefu/5pkgs/libopencm3/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub, gcc-arm-embedded, python }: +stdenv.mkDerivation rec { + name = "libopencm-${version}"; + version = "2017-04-01"; + + src = fetchFromGitHub { + owner = "libopencm3"; + repo = "libopencm3"; + rev = "383fafc862c0d47f30965f00409d03a328049278"; + sha256 = "0ar67icxl39cf7yb5glx3zd5413vcs7zp1jq0gzv1napvmrv3jv9"; + }; + + buildInputs = [ gcc-arm-embedded python ]; + buildPhase = '' + sed -i 's#/usr/bin/env python#${python}/bin/python#' ./scripts/irq2nvic_h + make + ''; + installPhase = '' + mkdir -p $out + cp -r lib $out/ + ''; + + meta = { + description = "Open Source ARM cortex m microcontroller library"; + homepage = https://github.com/libopencm3/libopencm3; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ makefu ]; + }; +} diff --git a/makefu/5pkgs/logstash-output-exec/default.nix b/makefu/5pkgs/logstash-output-exec/default.nix new file mode 100644 index 000000000..d1de851c7 --- /dev/null +++ b/makefu/5pkgs/logstash-output-exec/default.nix @@ -0,0 +1,32 @@ +{ pkgs, stdenv, lib, fetchFromGitHub }: + + +# TODO: requires ftw ruby package +stdenv.mkDerivation rec { + name = "logstash-input-github-${version}"; + version = "3.1.0"; + + src = fetchFromGitHub { + owner = "logstash-plugins"; + repo = "logstash-output-exec"; + rev = "v${version}"; + sha256 = "0ix5w9l6hrbjaymkh7fzymjvpkiias3hs0l77zdpcwdaa6cz53nf"; + }; + + dontBuild = true; + dontPatchELF = true; + dontStrip = true; + dontPatchShebangs = true; + installPhase = '' + mkdir -p $out/logstash + cp -r lib/* $out + ''; + + meta = with lib; { + description = "logstash output plugin"; + homepage = https://github.com/logstash-plugins/logstash-output-exec; + license = stdenv.lib.licenses.asl20; + platforms = stdenv.lib.platforms.unix; + maintainers = with maintainers; [ makefu ]; + }; +} diff --git a/makefu/5pkgs/mcomix/default.nix b/makefu/5pkgs/mcomix/default.nix new file mode 100644 index 000000000..a12e2e821 --- /dev/null +++ b/makefu/5pkgs/mcomix/default.nix @@ -0,0 +1,20 @@ +{ pkgs, lib ,python2Packages, fetchurl, gtk3}: +python2Packages.buildPythonPackage rec { + name = "mcomix-${version}"; + version = "1.2.1"; + + src = fetchurl { + url = "mirror://sourceforge/mcomix/${name}.tar.bz2"; + sha256 = "0fzsf9pklhfs1rzwzj64c0v30b74nk94p93h371rpg45qnfiahvy"; + }; + + propagatedBuildInputs = with python2Packages; + [ python2Packages.pygtk gtk3 python2Packages.pillow ]; + + meta = { + homepage = https://github.com/pyload/pyload; + description = "Free and Open Source download manager written in Python"; + license = lib.licenses.gpl3; + maintainers = with lib.maintainers; [ makefu ]; + }; +} diff --git a/makefu/5pkgs/minibar/default.nix b/makefu/5pkgs/minibar/default.nix new file mode 100644 index 000000000..384a73261 --- /dev/null +++ b/makefu/5pkgs/minibar/default.nix @@ -0,0 +1,12 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "minibar-${version}"; + version = "0.5.0"; + src = fetchFromGitHub { + owner = "canassa"; + repo = "minibar"; + rev = "c8ecd61"; + sha256 = "1k718zrjd11rw93nmz2wxvhvsai6lwqfblnwjpmkpnslcdan7641"; + }; +} diff --git a/makefu/5pkgs/nltk/default.nix b/makefu/5pkgs/nltk/default.nix new file mode 100644 index 000000000..b2d88b3fe --- /dev/null +++ b/makefu/5pkgs/nltk/default.nix @@ -0,0 +1,17 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.pythonPackages;buildPythonPackage rec { + name = "nltk-${version}"; + version = "3.2.1"; + src = pkgs.fetchurl{ + #url = "mirror://pypi/n/${name}.tar.gz"; + url = "https://pypi.python.org/packages/58/85/8fa6f8c488507aab7d6234ce754bbbe61bfeb8382489785e2d764bf8f52a/${name}.tar.gz"; + sha256 = "0skxbhnymwlspjkzga0f7x1hg3y50fwpfghs8g8k7fh6f4nknlym"; + + }; + meta = { + homepage = http://nltk.org; + description = "Natural languages Toolkit"; + license = lib.licenses.asl20; + }; +} diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix index b1d62248d..7da8e9be1 100644 --- a/makefu/5pkgs/novnc/default.nix +++ b/makefu/5pkgs/novnc/default.nix @@ -13,7 +13,6 @@ stdenv.mkDerivation rec { }; p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify pkgs.coreutils pkgs.which pkgs.procps ]; - # TODO: propagatedBuildInputs does not seem to work with shell scripts patchPhase = '' sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh ''; diff --git a/makefu/5pkgs/programs-db/default.nix b/makefu/5pkgs/programs-db/default.nix new file mode 100644 index 000000000..f40b1b96e --- /dev/null +++ b/makefu/5pkgs/programs-db/default.nix @@ -0,0 +1,12 @@ +{ stdenv }: + +stdenv.mkDerivation rec { + name = "programs-db"; + src = builtins.fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz ; + + phases = [ "unpackPhase" "installPhase" ]; + installPhase = '' + cp programs.sqlite $out + ''; + +} diff --git a/makefu/6tests/data/secrets/nsupdate-data.nix b/makefu/6tests/data/secrets/nsupdate-data.nix new file mode 100644 index 000000000..e76c0e87e --- /dev/null +++ b/makefu/6tests/data/secrets/nsupdate-data.nix @@ -0,0 +1 @@ +{ "lol" = "wut"; } diff --git a/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix new file mode 100644 index 000000000..963e6db8b --- /dev/null +++ b/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix @@ -0,0 +1 @@ +"lol" diff --git a/makefu/source.nix b/makefu/source.nix index 0c74585b2..31243c2fd 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,7 +11,10 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "1e47827"; # unstable @ 2017-07-31 + graceful requests2 (a772c3aa) + libpurple bitlbee ( ce6fe1a, 65e38b7 ) + ref = "9d4bd6b"; # unstable @ 2017-07-31 + # + graceful requests2 (a772c3aa) + # + libpurple bitlbee ( ce6fe1a, 65e38b7 ) + # + buildbot-runner ( f3cecc5 ) in evalSource (toString _file) [ |