diff options
63 files changed, 1623 insertions, 279 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 978bd18e0..444bf383c 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -65,7 +65,16 @@ ''; environment.systemPackages = [ pkgs.zsh ]; - boot.kernelModules = [ "kvm-intel" ]; + boot = { + kernelModules = [ "kvm-intel" ]; + extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; + } + + system.activationScripts."disengage fancontrol" = '' + echo level disengaged > /proc/acpi/ibm/fan + ''; users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 91aabb716..21ae20ea0 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + influx-host = "127.0.0.1"; in { imports = [ @@ -23,6 +24,58 @@ in <stockholm/krebs/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/share.nix> + { + systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate + #systemd.services.telegraf.environment = { + # "MIBDIRS" : ""; # extra mibs like ADSL + #}; + services.telegraf = { + enable = true; + extraConfig = { + inputs = { + snmp = { + agents = [ "10.0.1.3:161" ]; + version = 2; + community = "shack"; + name = "snmp"; + field = [ + { + name = "hostname"; + oid = "RFC1213-MIB::sysName.0"; + is_tag = true; + } + { + name = "load-percent"; #cisco + oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; + } + { + name = "uptime"; + oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; + } + ]; + table = [{ + name = "snmp"; + inherit_tags = [ "hostname" ]; + oid = "IF-MIB::ifXTable"; + field = [{ + name = "ifName"; + oid = "IF-MIB::ifName"; + is_tag = true; + }]; + }]; + }; + }; + outputs = { + influxdb = { + urls = [ "http://${influx-host}:8086" ]; + database = "telegraf"; + write_consistency = "any"; + timeout = "5s"; + }; + }; + }; + }; + } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by @@ -86,6 +139,9 @@ in boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; + # without it `/nix/store` is not added grub paths + boot.loader.grub.copyKernels = true; + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ @@ -100,6 +156,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey config.krebs.users.makefu-omo.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; time.timeZone = "Europe/Berlin"; diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index c85bac0d4..44743b87d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -8,6 +8,8 @@ with import <stockholm/lib>; hardware.cpu.intel.updateMicrocode = true; + hardware.opengl.enable = true; + services.tlp.enable = true; boot = { diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 2d8d78e33..7e8d278f6 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -6,8 +6,8 @@ let name = "muell_caller-2017-06-01"; src = pkgs.fetchgit { url = "https://github.com/shackspace/muell_caller/"; - rev = "bbd4009"; - sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + rev = "ee4e499"; + sha256 = "0q1v07q633sbqg4wkgf0zya2bnqrikpyjhzp05iwn2vcs8rvsi3k"; }; buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 93211d9d4..610c20bb4 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -186,6 +186,17 @@ let }; repo = types.submodule ({ config, ... }: { options = { + admins = mkOption { + type = types.listOf types.user; + default = []; + description = '' + List of users that should be able to do everything with this repo. + + This option is currently not used by krebs.git but instead can be + used to create rules. See e.g. <stockholm/lass/2configs/git.nix> for + an example. + ''; + }; cgit = { desc = mkOption { type = types.nullOr types.str; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4e2d6df99..ca3c8b45b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -34,6 +34,7 @@ with import <stockholm/lib>; HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB -----END RSA PUBLIC KEY----- ''; + tinc.port = 993; }; }; ssh.privkey.path = <secrets/ssh.id_ed25519>; @@ -294,6 +295,37 @@ with import <stockholm/lib>; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/MmASvx3i09DY1xFVM5jOhZRZA8rMRqtf8bCIkC+t"; }; + helios = { + cores = 8; + nets = { + retiolum = { + ip4.addr = "10.243.133.117"; + ip6.addr = "42:0:0:0:0:0:3:7105"; + aliases = [ + "helios.r" + "cgit.helios.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAp+SRmP5MoCSYInx4Dm5MLZzNyXVgfo/CDoeUlUT35X0yE7WHGWsG + wHPCu+3RWfBUjuqNdb0qiGtRi3Q/LwznwBROPOX8gMXia/DgCLbIjn5Rx081pTIo + 3epbUCFtNgyDWg8IHF87ZnVBXTYAy5g4tz9u8kw82D8mR18o595TuZ9t5pDc/Kvi + fPHZenT6cd6FtL9uankX/jan1PRP9xTrhpE8dAQ6g+7XH7knMK3cno/Ztis5YzHt + Ith0bsIjk5of7hhITj0MXtTikjDqWxkpF5mfOK1cG/rC1goTmB9AfcENUBnu9iAM + I/alzqk3CEczznLyaOckfx2fRuar912LAdiJ5v7VPztfvN1p3gIxq5M0Rgkq+98B + H/s32xNRBPvqoIleKnhwE9gfrCLaAVqpaMkgKRvgsTkSDNYNhh4smQ3eAKKwwDH/ + QG3sfP8xyNyDFhBtCiDGkf9hNqBBMaKjZoh8DasZNtcfOop3fGw7jmUUbB6cG8cp + +EfYbcb5mVpmrIyXgOTwwYcp7tn+zkd4Wa8C9Q98eFTs0HGVGxGX9Hj6PM/kXK4C + aIqIQVNpnJ/9cOwT8JFIriG1MWTOXbamUusKTLs8SRp3ZkyM7XUEcLL5HMh09rUw + rzEAmE7TywXVhd7j2IaEy+bx2dfGQH2bFoh6Drm6Olo+ySi1utB5dGkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + secure = true; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqpx9jJnn4QMGO8BOrGOLRN1rgpIkR14sQb8S+otWEL"; + }; iso = { ci = false; cores = 1; @@ -349,6 +381,85 @@ with import <stockholm/lib>; }; }; }; + eddie = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.170"; + ip6.addr = "42:4992:6a6d:700::1"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + borg = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + ip6.addr = "42:4992:6a6d:700::2"; + aliases = [ "borg.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq + bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL + aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD + HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA + 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O + zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml + 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN + fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq + WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB + /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U + EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS + iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; + inspector = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.172"; + ip6.addr = "42:4992:6a6d:800::1"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { @@ -356,6 +467,10 @@ with import <stockholm/lib>; pubkey = builtins.readFile ./ssh/mors.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/mors.pgp; }; + lass-helios = { + mail = "lass@helios.r"; + pubkey = builtins.readFile ./ssh/helios.rsa; + }; lass-uriel = { mail = "lass@uriel.r"; pubkey = builtins.readFile ./ssh/uriel.rsa; diff --git a/krebs/3modules/lass/pgp/helios.pgp b/krebs/3modules/lass/pgp/helios.pgp new file mode 100644 index 000000000..dc6d07d6b --- /dev/null +++ b/krebs/3modules/lass/pgp/helios.pgp @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFm/8D0BEAC+kY6ELukGkQh4xJ+haYGYi6FdCCUgM+BqAXQ9s7FnzyrNCbTq +x5O2b3Np96NANCCWSMIcAIXt/AzfvxY7awtsFNlXolMMMEdkHbEXQCgJahK1P5iD +q7DWlwwXNy+oPdl7ZGtfhK+d698aI6eFS0SamElH4B4IFaGzSXC0ec1Cva+3QM1d +FPRmRByMllTxEcxI6P1gIAtZGXwPLPGVPYuoRQFM+3w+VPgBcWTLPYcLyvLj0r8o +Gv/JSyZHNEu5Rtyl+8G6/8W/u7+J4lzO4V6Y6+UPomvfyCkreqsQp/bB8Nw9LYN2 +zNttaxM5zu7FBY2e+OwFsxNC5nnIvSVY2qYUps6Lxuv1cxKY+3lZKhMcc8+p+j2g +QNdfys3Hk4fdZ5YBaQ/v30kS7ZpAkILCYw7g5HJ18pdoULNWYMUaJF/1Qim2mU72 +5wuCzwsWyA6BQFoBSlDPQ24ypGMVKynl6Xh3uGG/K1OcTvhUgzF3J+jcntOY698b +4Lum/zffWQsVuXZlroydMjtn7Pfr3W8nzLynhCTWruW8+irb/Qut8q04KjfR0UyE +hdc+kohQemfhk4y0CA0xuzRBRxagKo2LUFTUL312r2TZV+vLWtdToV3HzDuFJokq +FCxoVm/4M6BQQ3IxDHBVO6BmqIlAGq9cheao3t9XciERPMSHXZzZKV/3CQARAQAB +tA1sYXNzQGhlbGlvcy5yiQJOBBMBCAA4FiEEwAWygS5dtGA5vC/hQM6NxyLSe0oF +Alm/8D0CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQQM6NxyLSe0rm5hAA +jxqcevdjJt+b4FstIiiNhhjU62/9Tl4qoKgR1/BwAIfDoMWduPrw9ldQky36O923 +VMYKiZBoUzdXRLzL0ay/ewXdSONllUwnFLvil78SQOuJTe5JKM6N0IiEVSEhNjRr +zylFk7SpY2MOIc0p3eHutD4oq0PcWnOer5R1z7u0mVJRYVoJOu7IIxqj7jb8JRAh +FbLBbu2mFBcXMLKyWFCTB4nROeoTBcfKTnBuDYhaIEUCLo2RpMYqBJiVJvvFLglA +XowKFjuE/g5Yne2GB5zx1GVRkjZsE9mGL7L5mlyucMwYqWeJzkNfB7cz58ZFN9EG +9hzUlaEahPxnC6/AeF9ev/9/SF6bPM/nq36xBXj7W5lOewc5p5GigHkh94VN+bdw +/KluD5rUErO+v3ag+5Tr8FzjtbjlARRo/vz5YWRGS4yqGiXlUUchAPEzflLYxfD1 +CSH+i0eWMrm5t+BYiPZHL8DSbGI1BM5EhHZ69dS7bUAO1qL7oQObQv+755fLV6+q ++ir7GHuxtNma58PS+BDiWJnIqmDJ029u188YM4dGL+EWF2AS4cUh2y6CZCOq77Gt +NmMCZyQjg2KB1jsL5XHySB14/uN3vlSSz9V+ZT/sAK09Z4atfYNnMHBAbC00GSbH +VqQf+OIascVZWAzqExk4fjnVYjTaoIZHaNd5aT/61S25Ag0EWb/wPQEQAJwoiiHG +NhuBFBEjZYJsONfJayGE4qWSU//54gJaitSgDLV8G0NYQrxqSNAZMAux6g9BSSrD +s/LbN5U1KgKpLTHjiSXUFoQFZ44AeTSQkUeelbtMVz13ohjpDInkye3sM9Jr4Zw+ +wwgg3zRi49YR6EU78c81ehPjVyxBPg2mmguBShz1zn5r6GjzniU4p3P5Hwf5F+eu +kRekG9hlCbVz+Ibl8U/t1JQZBqSIX45svdIYqeal5LWSgUG4o8gbenggNFPi3Olz +IOoTRMGKe6HCjTzv+xML7Q9bCMkUdyIfrrG0QDj3g+VZmZYAXdKjLLujAAU18Sh0 +SekPenVE0DNvmB7HHw+Bo+4aq6wWC9+BDb31NpJzNY64zEuUZsnustEmAXM2UIKS +HRzfgnZRRyD99H128a95FNpZrG5H+QgpdTE4PxsZn6fFtCRy6/a/W79VfCdHCahz +ptthyMeE81uZ28VTBXOHgK8Wawt3xjJCRksCau3xNUgRuSPoAWUPY2tLrJ9wKbxp +uL4fY8x8M2d9G4U03DfQDGP9JUskqLThnJf7Jo42XTmkJd9hRBL0kMCIfolEcyEh +pSQqbevUnFRiipv1x90Tn9Cax06ZkHkovuyIniRve/MvX8mCzzlUv1bjVNC0d71+ +z3G8fXlhDZGCkLQu6M1MlmUZxu05UfQnk5kBABEBAAGJAjYEGAEIACAWIQTABbKB +Ll20YDm8L+FAzo3HItJ7SgUCWb/wPQIbDAAKCRBAzo3HItJ7SuI3D/0Y3A2+ZbeH +q3SCAXBs4yOv7cffT4KwDHIC2vp9I868xj0Fw9hCdN1X9Y6hfj6nilI4EKW5ozsg +xs1kqGlclqqpag5ZmFbD1y/DzEpgdlysDJPgdD9FlF0mN+tTS543d0SOyydD2N8X +el5h4T2VaEBYfwKoDyN7LnCtGoiUSE3Nw99BNJ7zGma+46NRUWjv1eByMMhxvXJF +ASKn4Ok1olhINH43tQ3TGx9XdG19GS0+OnyOlfdagKwma73A2caUAyjIXBrmR5NU +Pb3aiyMzxm6DpCupqWkQgCC/EG8HgYhPGJ6TAK2QfMWX1TjERcPGtVbTE7BbRNLd +LdaIuo+5ROVseBTYDC8VbACkV7eh1fVhUmpZa81uQotCRJ+jsYGT4Lyon44roSGn +7G+rYgS2yv/2JXSTMBa45MReEPCgkSwZ6u9jvbs7vWzao+4tILsgO9RqNw1kiN9o +LMLMVVCFmgNMCHxegmNIJYRryQkFZA5vQR2gPS3FYY3NfVGhFHMvsOK+jx415o2O +gF76EJcexglPWhyqBc5meyw1x6pjoPTNGLnFzH1rdyyYilUyFexy3TSam60Ov/Aj +cszX0D4M2Fnk9ncSq03ujflVYpVTNtkSVH0K9OY7rwjp78WycxiYzk1OQHogh18L +Du4S2e/am91kQGaz490BV9XNw4I70e4dQQ== +=gkzg +-----END PGP PUBLIC KEY BLOCK----- diff --git a/krebs/3modules/lass/ssh/helios.rsa b/krebs/3modules/lass/ssh/helios.rsa new file mode 100644 index 000000000..58f81726c --- /dev/null +++ b/krebs/3modules/lass/ssh/helios.rsa @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGZE0z5+0A42GHI2VYrN9Ra60EwlKqARZUi9e0pbiQxwKi42Y3+Jy2UIAB9rUW51Pw0K6L2FzHZyk9w4fMWjAB+OSaGi8CViGOrBmP8Xm0TSd6a725RSOKTH1jv4u54W6+VQcZpe4RepsuasvN4Rd3FYz1O0ffiroPYS0Hs7ui3HG5rZZsz+FArJ/s2mL525P9VQwMlCAdrepWXgGSPSa/ogmhMCSRttV5R0WCnvXYA4aq45scxjxIWXu/Y/FggslSpRGEnRChHiua5kPWqREC1eNbMOjYJc7OxDIZjzcwHcDHH3U1oIBEjNY8UqMFy3t87cm0BTH9yA6qQnkexCmbRGA0mnAJ1XskgL6KcZuYw+zRo6zVmnZCgRyheenBJhQy/28ZDSwCDBOayl6tAbWivesUZb0/nqucvbdRxTDd6nbSH8q8Cp1qZvP1yrhZ9X2m4Rm66UenHOPOEiyOoVQgfYb2EFHsYVN62shGcfaaL8g4rjUXsUJEheGX5ll5MOMSclUhI8Zk31APq/xuLGGIn+tipjOSX2OVZrSE+KkgitMxOOF1kx33IQGnBKQD8K/a9vVmpTrTAnfXR5oJrXp+XRZ3viXr0rUkG5KfS/zjL8ZC8ckeSkX75BLbPbimUa6TfA/lddipb76zOOOREiD4Sw+MkGDh5xnzwxMY05fjOUmk/v++WcOTTNyrknygdaC8Qx0Gv4Wxmcd+LzmIc5wZZjenwYhp4KpR55EIP966uBUcD+HlkHZnNNZUzOJA8NE+oPQbaM3qCuThe9q9hVYt08/rZ9ANwgb/ChCwEOYLNnofdgrvDb91qenwEUiE9wy79Dwgqh2SRAMN4ZTxRrVjw3potBMRuNc5HMDDXbKfGF1T6O+vBPpcQ8x+rztBDpF/lqjGqoCqyFNG/VnFHFZ5kjLkLmx6S69iRL7wg/KI1NA14tdSLJZ2qDqo5n8rbnGeAWTQB8ZgzhPO39fyOYGCdTJ8e2dIDEw8SUWaVsTnkc/PHOcGAMt2LrL6USszrLSQgU4ediPBWJjX4jk2wxLRPyBz8Z2QLWrsxV0bh1CstIsbBh1p8jMXAKJ+UXqzRWGR5T6d7lensqM0/uWqzu++w6/whQQh9Hzs6GX8l+ELMn0szkRaM9dZpAz5p9HHdYkANwsIIe8CPznRvudQ0CPManTQsjR8GZ3RjGx002VUdbDh5xx7P9Efsa6m8kkNCbUNMSHjmvC9M2sR5ww2WsnvpGBCU8sNYf4y9QvKI1LIYkG1MObhEKHyf5wxFp25bwHyxPkHGULhJKM/MdDT42flddEJCTEwiCPVuaJsr7Adr6Oni4kzY+S7CiP7YArM0v2Vg9mgVmi11koF9hcZ6zyyKAWVviDRLVIA0/eY66T/FiSS/g12zW1keuhFipNEWyZdD/r8LwfDpInAAqN5g65dx6eoyoB6AZatEwwsnn6zcDP51B1q0TC9Y+TXK5TSBE50oFxa2SLu4Gj7YOi1AoRqKxSPVktE= lass@helios diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 6e0e876b8..a34c8cd97 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -78,6 +78,37 @@ with import <stockholm/lib>; }; }; }; + latte = rec { + ci = true; + cores = 1; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + nets = { + internet = { + ip4.addr = "185.215.224.160"; + aliases = [ + "latte.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.80.249"; + ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; + aliases = [ + "latte.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU + 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo + r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf + 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 + GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 + vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pnp = { ci = true; @@ -460,6 +491,8 @@ with import <stockholm/lib>; ''; }; }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; gum = rec { diff --git a/krebs/5pkgs/simple/git-preview/default.nix b/krebs/5pkgs/simple/git-preview/default.nix new file mode 100644 index 000000000..f20f2a636 --- /dev/null +++ b/krebs/5pkgs/simple/git-preview/default.nix @@ -0,0 +1,15 @@ +{ coreutils, git, stdenv, writeDashBin }: + +writeDashBin "git-preview" '' + PATH=${stdenv.lib.makeBinPath [ + coreutils + git + ]}''${PATH+:$PATH} + hashes=$(git log --format=%h "..$1") + end=$(echo "$hashes" | head -1) + start=$(echo "$hashes" | tail -1) + # exit if no diff was found + test -z "$start" && exit 0 + shift + git diff "$start^..$end" "$@" +'' diff --git a/krebs/5pkgs/simple/weechat/default.nix b/krebs/5pkgs/simple/weechat/default.nix deleted file mode 100644 index c703ca8bf..000000000 --- a/krebs/5pkgs/simple/weechat/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ stdenv, fetchurl, ncurses, openssl, aspell, gnutls -, zlib, curl , pkgconfig, libgcrypt -, cmake, makeWrapper, libiconv -, asciidoctor # manpages -, guileSupport ? true, guile -, luaSupport ? true, lua5 -, perlSupport ? true, perl -, pythonPackages -, rubySupport ? true, ruby -, tclSupport ? true, tcl -, extraBuildInputs ? [] }: - -assert guileSupport -> guile != null; -assert luaSupport -> lua5 != null; -assert perlSupport -> perl != null; -assert rubySupport -> ruby != null; -assert tclSupport -> tcl != null; - -let - inherit (pythonPackages) python pycrypto pync; -in - -stdenv.mkDerivation rec { - version = "1.8"; - name = "weechat-${version}"; - - src = fetchurl { - url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; - sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08"; - }; - - outputs = [ "out" "doc" ]; - - enableParallelBuilding = true; - cmakeFlags = with stdenv.lib; [ - "-DENABLE_MAN=ON" - "-DENABLE_DOC=ON" - ] - ++ optionals stdenv.isDarwin ["-DICONV_LIBRARY=${libiconv}/lib/libiconv.dylib" "-DCMAKE_FIND_FRAMEWORK=LAST"] - ++ optional (!guileSupport) "-DENABLE_GUILE=OFF" - ++ optional (!luaSupport) "-DENABLE_LUA=OFF" - ++ optional (!perlSupport) "-DENABLE_PERL=OFF" - ++ optional (!rubySupport) "-DENABLE_RUBY=OFF" - ++ optional (!tclSupport) "-DENABLE_TCL=OFF" - ; - - buildInputs = with stdenv.lib; [ - ncurses python openssl aspell gnutls zlib curl pkgconfig - libgcrypt pycrypto makeWrapper - cmake - asciidoctor - ] - ++ optional guileSupport guile - ++ optional luaSupport lua5 - ++ optional perlSupport perl - ++ optional rubySupport ruby - ++ optional tclSupport tcl - ++ extraBuildInputs; - - NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix}" - # Fix '_res_9_init: undefined symbol' error - + (stdenv.lib.optionalString stdenv.isDarwin "-DBIND_8_COMPAT=1 -lresolv"); - - postInstall = with stdenv.lib; '' - NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages" - wrapProgram "$out/bin/weechat" \ - ${optionalString perlSupport "--prefix PATH : ${perl}/bin"} \ - --prefix PATH : ${pythonPackages.python}/bin \ - --prefix PYTHONPATH : "$PYTHONPATH" \ - --prefix PYTHONPATH : "$NIX_PYTHONPATH" - ''; - - meta = { - homepage = http://www.weechat.org/; - description = "A fast, light and extensible chat client"; - license = stdenv.lib.licenses.gpl3; - maintainers = with stdenv.lib.maintainers; [ lovek323 garbas the-kenny ]; - platforms = stdenv.lib.platforms.unix; - }; -} diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix new file mode 100644 index 000000000..37bdc0290 --- /dev/null +++ b/lass/1systems/helios/config.nix @@ -0,0 +1,87 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/mouse.nix> + <stockholm/lass/2configs/pass.nix> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/otp-ssh.nix> + <stockholm/lass/2configs/git.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + { # automatic hardware detection + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = + { device = "/dev/pool/root"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/1F60-17C6"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "/dev/pool/home"; + fsType = "btrfs"; + }; + + nix.maxJobs = lib.mkDefault 8; + } + { # crypto stuff + boot.initrd.luks = { + cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; + devices = [{ + name = "luksroot"; + device = "/dev/nvme0n1p3"; + }]; + }; + } + { + services.xserver.dpi = 200; + fonts.fontconfig.dpi = 200; + lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1"; + } + ]; + krebs.build.host = config.krebs.hosts.helios; + + krebs.git.rules = [ + { + user = [ config.krebs.users.lass-helios ]; + repo = [ config.krebs.git.repos.stockholm ]; + perm = with git; push "refs/heads/*" [ fast-forward non-fast-forward create delete merge ]; + } + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.wireless.enable = true; + hardware.enableRedistributableFirmware = true; + + environment.systemPackages = with pkgs; [ + vim + rxvt_unicode + git + rsync + hashPassword + thunderbird + dpass + ]; + + users.users = { + root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass-helios.pubkey + ]; + }; + + programs.ssh.startAgent = lib.mkForce true; + + services.tlp.enable = true; +} diff --git a/lass/1systems/helios/source.nix b/lass/1systems/helios/source.nix new file mode 100644 index 000000000..bfe4dca4c --- /dev/null +++ b/lass/1systems/helios/source.nix @@ -0,0 +1,4 @@ +import <stockholm/lass/source.nix> { + name = "helios"; + secure = true; +} diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 4d2f8b0f8..8b90cce77 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -38,7 +38,7 @@ with import <stockholm/lib>; { lass.umts = { enable = true; - modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_C12AD95CB7B78F90-if09"; + modem = "/dev/serial/by-id/usb-Lenovo_F5521gw_2C7D8D7C35FC7040-if09"; initstrings = '' Init1 = AT+CFUN=1 Init2 = AT+CGDCONT=1,"IP","pinternet.interkom.de","",0,0 @@ -133,6 +133,7 @@ with import <stockholm/lib>; iodine macchanger + dpass ]; #TODO: fix this shit diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 3a99e65a0..f6390ce4d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -27,6 +27,12 @@ in { lass ALL= (root) NOPASSWD:SETENV: ${pkgs.sshuttle}/bin/.sshuttle-wrapped ''; } + { #font magic + options.lass.myFont = mkOption { + type = types.str; + default = "-schumacher-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1"; + }; + } ]; users.extraUsers.mainUser.extraGroups = [ "audio" "video" ]; @@ -73,6 +79,7 @@ in { youtube-tools rxvt_unicode + termite ]; fonts.fonts = [ diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index a70d58828..c9d7a369a 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -42,6 +42,7 @@ with import <stockholm/lib>; { from = "securityfocus@lassul.us"; to = lass.mail; } { from = "radio@lassul.us"; to = lass.mail; } { from = "btce@lassul.us"; to = lass.mail; } + { from = "raf@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 7bce93ae1..3991acadc 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -14,7 +14,7 @@ let root-desc = "keep calm and engage"; }; }; - repos = mapAttrs (_: s: removeAttrs s ["collaborators"]) repos; + repos = repos; rules = rules; }; @@ -87,8 +87,8 @@ let public = true; }; - make-restricted-repo = name: { collaborators ? [], announce ? false, hooks ? {}, ... }: { - inherit collaborators name; + make-restricted-repo = name: { admins ? [], collaborators ? [], announce ? false, hooks ? {}, ... }: { + inherit admins collaborators name; public = false; hooks = optionalAttrs announce { post-receive = pkgs.git-hooks.irc-announce { @@ -111,15 +111,20 @@ let repo = [ repo ]; perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ - optional repo.public { - user = attrValues config.krebs.users; + optional (length (repo.admins or []) > 0) { + user = repo.admins; repo = [ repo ]; - perm = fetch; + perm = push "refs/*" [ non-fast-forward create delete merge ]; } ++ optional (length (repo.collaborators or []) > 0) { user = repo.collaborators; repo = [ repo ]; perm = fetch; + } ++ + optional repo.public { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; }; in out diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index e7779f53e..fb76c5735 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -1,12 +1,14 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { krebs.iptables = { tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + filter.INPUT.rules = let + tincport = toString config.krebs.build.host.nets.retiolum.tinc.port; + in [ + { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; } + { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; } ]; }; }; diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 29800dbeb..7f36fcd90 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -106,9 +106,10 @@ let pkgs.vimPlugins.undotree (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; - src = pkgs.fetchgit { - url = git://github.com/bogado/file-line; - rev = "refs/tags/1.0"; + src = pkgs.fetchFromGitHub { + owner = "bogado"; + repo = "file-line"; + rev = "1.0"; sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0"; }; }) diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 93b817c3b..17c39a5f4 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -6,22 +6,70 @@ let genid ; + servephpBB = domains: + let + domain = head domains; + + in { + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + serverAliases = domains; + extraConfig = '' + index index.php; + root /srv/http/${domain}/; + access_log /tmp/nginx_acc.log; + error_log /tmp/nginx_err.log; + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + client_max_body_size 100m; + ''; + locations."/".extraConfig = '' + try_files $uri $uri/ /index.php?$args; + ''; + locations."~ \.php(?:$|/)".extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:/srv/http/${domain}/phpfpm.pool; + fastcgi_intercept_errors on; + ''; + #Directives to send expires headers and turn off 404 error logging. + locations."~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$".extraConfig = '' + access_log off; + log_not_found off; + expires max; + ''; + }; + services.phpfpm.poolConfigs."${domain}" = '' + listen = /srv/http/${domain}/phpfpm.pool + user = nginx + group = nginx + pm = dynamic + pm.max_children = 25 + pm.start_servers = 5 + pm.min_spare_servers = 3 + pm.max_spare_servers = 20 + listen.owner = nginx + listen.group = nginx + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + in { imports = [ ./default.nix ../git.nix + (servephpBB [ "rote-allez-fraktion.de" ]) ]; security.acme = { certs."lassul.us" = { - email = "lass@lassul.us"; - webroot = "/var/lib/acme/acme-challenges"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - "full.pem" - ]; allowKeysForGroup = true; group = "lasscert"; }; @@ -71,13 +119,11 @@ in { ]; services.nginx.virtualHosts."lassul.us" = { + enableACME = true; serverAliases = [ "lassul.us" ]; locations."/".extraConfig = '' root /srv/http/lassul.us; ''; - locations."/.well-known/acme-challenge".extraConfig = '' - root /var/lib/acme/challenges/lassul.us/; - ''; locations."= /retiolum-hosts.tar.bz2".extraConfig = '' alias ${config.krebs.tinc.retiolum.hostsArchive}; ''; diff --git a/lass/2configs/xresources.nix b/lass/2configs/xresources.nix index 2fbc31677..adbcd353d 100644 --- a/lass/2configs/xresources.nix +++ b/lass/2configs/xresources.nix @@ -8,8 +8,8 @@ let URxvt*scrollBar: false URxvt*urgentOnBell: true URxvt*SaveLines: 4096 - URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 - URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-1 + URxvt*font: ${config.lass.myFont} + URxvt*boldFont: ${config.lass.myFont} ! ref https://github.com/muennich/urxvt-perls URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix index c93c65ad2..207278440 100644 --- a/lass/3modules/umts.nix +++ b/lass/3modules/umts.nix @@ -61,6 +61,7 @@ let ''; wvdial-defaults = '' + [Dialer Defaults] Modem = ${cfg.modem} ${cfg.initstrings} Modem Type = Analog Modem @@ -70,6 +71,7 @@ let Password = ${cfg.password} Stupid Mode = 1 Idle Seconds = 0 + PPPD Path = ${pkgs.ppp}/bin/pppd ''; imp = { @@ -77,6 +79,10 @@ let umts = "sudo ${umts-bin}/bin/umts"; }; + environment.systemPackages = [ + pkgs.ppp + ]; + security.sudo.extraConfig = '' lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts ''; diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix index 9f6f95587..8380b220a 100644 --- a/lass/5pkgs/acronym/default.nix +++ b/lass/5pkgs/acronym/default.nix @@ -6,7 +6,7 @@ pkgs.writeScriptBin "acronym" '' acro=$1 - curl -s http://www.acronymfinder.com/$acro.html \ + curl -L -s http://www.acronymfinder.com/$acro.html \ | grep 'class="result-list__body__rank"' \ | sed ' s/.*title="\([^"]*\)".*/\1/ diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix index 6e6ba56fa..46633ba1a 100644 --- a/lass/5pkgs/default.nix +++ b/lass/5pkgs/default.nix @@ -1,8 +1,9 @@ -{ pkgs, ... }@args: +{ config, pkgs, ... }@args: { nixpkgs.config.packageOverrides = rec { acronym = pkgs.callPackage ./acronym/default.nix {}; + dpass = pkgs.callPackage ./dpass {}; ejabberd = pkgs.callPackage ./ejabberd { erlang = pkgs.erlangR16; }; @@ -20,7 +21,7 @@ rs = pkgs.callPackage ./rs/default.nix {}; urban = pkgs.callPackage ./urban/default.nix {}; xml2json = pkgs.callPackage ./xml2json/default.nix {}; - xmonad-lass = import ./xmonad-lass.nix { inherit pkgs; }; + xmonad-lass = import ./xmonad-lass.nix { inherit config pkgs; }; yt-next = pkgs.callPackage ./yt-next/default.nix {}; }; } diff --git a/lass/5pkgs/dpass/default.nix b/lass/5pkgs/dpass/default.nix new file mode 100644 index 000000000..7e75d50c7 --- /dev/null +++ b/lass/5pkgs/dpass/default.nix @@ -0,0 +1,12 @@ +{ pass, writeOut, writeDash, ... }: + +writeOut "dsco-pass" { + "/bin/dpass".link = writeDash "dpass" '' + PASSWORD_STORE_DIR=$HOME/.dpasswordstore \ + exec ${pass}/bin/pass $@ + ''; + "/bin/dpassmenu".link = writeDash "dpassmenu" '' + PASSWORD_STORE_DIR=$HOME/.dpasswordstore \ + exec ${pass}/bin/passmenu $@ + ''; +} diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index 67a1dc787..0a2945c21 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: pkgs.writeHaskell "xmonad-lass" { executables.xmonad = { extra-depends = [ @@ -40,7 +40,7 @@ import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Minimize (minimize, minimizeWindow, MinimizeMsg(RestoreNextMinimizedWin)) import XMonad.Layout.NoBorders (smartBorders) -import XMonad.Prompt (autoComplete, searchPredicate, XPConfig) +import XMonad.Prompt (autoComplete, font, searchPredicate, XPConfig) import XMonad.Prompt.Window (windowPromptGoto, windowPromptBringCopy) import XMonad.Util.EZConfig (additionalKeysP) import XMonad.Layout.SimpleFloat (simpleFloat) @@ -51,7 +51,7 @@ urxvtcPath :: FilePath urxvtcPath = "${pkgs.rxvt_unicode}/bin/urxvtc" myFont :: String -myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*" +myFont = "${config.lass.myFont}" main :: IO () main = getArgs >>= \case @@ -99,6 +99,7 @@ myKeyMap = , ("M4-C-p", spawn "${pkgs.scrot}/bin/scrot ~/public_html/scrot.png") , ("M4-p", spawn "${pkgs.pass}/bin/passmenu --type") , ("M4-o", spawn "${pkgs.brain}/bin/brainmenu --type") + , ("M4-i", spawn "${pkgs.dpass}/bin/dpassmenu --type") , ("<XF86AudioRaiseVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ +4%") , ("<XF86AudioLowerVolume>", spawn "${pkgs.pulseaudioLight.out}/bin/pactl -- set-sink-volume @DEFAULT_SINK@ -4%") , ("<XF86MonBrightnessDown>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -time 0 -dec 1%") @@ -107,13 +108,14 @@ myKeyMap = , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") , ("M4-a", focusUrgent) - , ("M4-S-r", renameWorkspace def) - , ("M4-S-a", addWorkspacePrompt def) + , ("M4-S-r", renameWorkspace myXPConfig) + , ("M4-S-a", addWorkspacePrompt myXPConfig) , ("M4-S-<Backspace>", removeEmptyWorkspace) , ("M4-S-c", kill1) , ("M4-<Esc>", toggleWS) , ("M4-S-<Enter>", spawn urxvtcPath) , ("M4-x", floatNext True >> spawn urxvtcPath) + , ("M4-c", floatNext True >> spawn "${pkgs.termite}/bin/termite") , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) @@ -141,8 +143,13 @@ forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X () forkFile path args env = xfork (executeFile path False args env) >> return () +myXPConfig :: XPConfig +myXPConfig = def + { font = myFont + } + autoXPConfig :: XPConfig -autoXPConfig = def +autoXPConfig = myXPConfig { autoComplete = Just 5000 } diff --git a/lass/source.nix b/lass/source.nix index 01631bef1..9cc08299b 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -15,7 +15,7 @@ in # 87a4615 & 334ac4f # + acme permissions for groups # fd7a8f1 - ref = "d151161"; + ref = "2d3b4fe"; }; secrets.file = getAttr builder { buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 934bfa685..e1357ff01 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -44,6 +44,7 @@ in { <stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/vpn/openvpn-server.nix> <stockholm/makefu/2configs/dnscrypt/server.nix> + <stockholm/makefu/2configs/remote-build/slave.nix> ## Web <stockholm/makefu/2configs/nginx/share-download.nix> @@ -74,6 +75,9 @@ in { <stockholm/makefu/2configs/stats/client.nix> # <stockholm/makefu/2configs/logging/client.nix> + # Temporary: + <stockholm/makefu/2configs/temp/rst-issue.nix> + ]; makefu.dl-dir = "/var/download"; @@ -143,6 +147,8 @@ in { 53589 # temp vnc 18001 + # temp reverseshell + 31337 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix new file mode 100644 index 000000000..d532f216f --- /dev/null +++ b/makefu/1systems/latte/config.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: +let + + # external-ip = config.krebs.build.host.nets.internet.ip4.addr; + # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + # default-gw = "185.215.224.1"; + # prefixLength = 24; + # external-mac = "46:5b:fc:f4:44:c9"; + # ext-if = "et0"; +in { + + imports = [ + <stockholm/makefu> + # configure your hw: + <stockholm/makefu/2configs/hw/CAC.nix> + <stockholm/makefu/2configs/tinc/retiolum.nix> + <stockholm/makefu/2configs/save-diskspace.nix> + + # Security + <stockholm/makefu/2configs/sshd-totp.nix> + <stockholm/makefu/2configs/stats/client.nix> + + # Tools + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/vim.nix> + <stockholm/makefu/2configs/zsh-user.nix> + # Services + <stockholm/makefu/2configs/remote-build/slave.nix> + + ]; + krebs = { + enable = true; + build.host = config.krebs.hosts.latte; + }; + boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; + + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.copyKernels = true; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 655 ]; + }; + # network interface receives dhcp address + nameservers = [ "8.8.8.8" ]; + }; +} diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix new file mode 100644 index 000000000..d997fb3f0 --- /dev/null +++ b/makefu/1systems/latte/source.nix @@ -0,0 +1,3 @@ +import <stockholm/makefu/source.nix> { + name="latte"; +} diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4c93a7a3e..a22ff10bd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -60,10 +60,13 @@ in { <stockholm/makefu/2configs/stats/nodisk-client.nix> # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> + <stockholm/makefu/2configs/stats/telegraf> # services <stockholm/makefu/2configs/syncthing.nix> <stockholm/makefu/2configs/mqtt.nix> + <stockholm/makefu/2configs/remote-build/slave.nix> + # security <stockholm/makefu/2configs/sshd-totp.nix> @@ -77,6 +80,9 @@ in { ## as long as pyload is not in nixpkgs: # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload + + # Temporary: + <stockholm/makefu/2configs/temp/rst-issue.nix> ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index b776b49d6..3a53b70cb 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -25,7 +25,9 @@ in { # <stockholm/makefu/2configs/audio/realtime-audio.nix> # <stockholm/makefu/2configs/vncserver.nix> <stockholm/makefu/2configs/temp/rst-issue.nix> - ]; + # Services + <stockholm/makefu/2configs/remote-build/slave.nix> + ]; krebs = { enable = true; @@ -33,10 +35,48 @@ in { }; swapDevices = [ { device = "/var/swap"; } ]; + services.collectd.extraConfig = lib.mkAfter '' + #LoadPlugin ping + # does not work because it requires privileges + #<Plugin "ping"> + # Host "google.de" + # Host "heise.de" + #</Plugin> + + LoadPlugin curl + <Plugin curl> + TotalTime true + NamelookupTime true + ConnectTime true + + <Page "google"> + MeasureResponseTime true + MeasureResponseCode true + URL "https://google.de" + </Page> + + <Page "webde"> + MeasureResponseTime true + MeasureResponseCode true + URL "http://web.de" + </Page> + + </Plugin> + #LoadPlugin netlink + #<Plugin "netlink"> + # Interface "enp0s25" + # Interface "wlp2s0" + # IgnoreSelected false + #</Plugin> + ''; networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 655 49152 ]; + networking.firewall.allowedTCPPorts = [ + 655 + 8081 #smokeping + 49152 + ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; #services.tinc.networks.siem = { # name = "display"; @@ -90,4 +130,66 @@ in { serverAddress = "x.r"; }; }; + security.wrappers.fping = { + source = "${pkgs.fping}/bin/fping"; + setuid = true; + }; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = Top + title = Network Latency Grapher + remark = Welcome to this SmokePing website. + + + network + menu = Net latency + title = Network latency (ICMP pings) + + ++ google + probe = FPing + host = google.de + ++ webde + probe = FPing + host = web.de + + + services + menu = Service latency + title = Service latency (DNS, HTTP) + + ++ HTTP + menu = HTTP latency + title = Service latency (HTTP) + + +++ webdeping + probe = EchoPingHttp + host = web.de + + +++ googwebping + probe = EchoPingHttp + host = google.de + + #+++ webwww + #probe = Curl + #host = web.de + + #+++ googwebwww + #probe = Curl + #host = google.de + ''; + probeConfig = '' + + FPing + binary = /run/wrappers/bin/fping + + EchoPingHttp + pings = 5 + url = / + + #+ Curl + ## probe-specific variables + #binary = ${pkgs.curl}/bin/curl + #step = 60 + ## a default for this target-specific variable + #urlformat = http://%host%/ + ''; + }; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index faa29f3db..443f912d8 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -56,8 +56,8 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/git/brain-retiolum.nix> <stockholm/makefu/2configs/tor.nix> <stockholm/makefu/2configs/vpn/vpngate.nix> - <stockholm/makefu/2configs/steam.nix> # <stockholm/makefu/2configs/buildbot-standalone.nix> + <stockholm/makefu/2configs/remote-build/master.nix> # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 678370c69..4c17a1d50 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -29,11 +29,11 @@ in { environment = { NIX_PATH = "/var/src"; }; - # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + after = [ "network-online.target" ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service"); wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell + ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; PrivateTmp = true; }; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 30c0b0b87..5604383e7 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -24,6 +24,7 @@ let cac-api = { }; euer_blog = { }; ampel = { }; + europastats = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 0247010b1..daa0282b8 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -58,7 +58,7 @@ in hardware.pulseaudio = { enable = true; - systemWide = true; + # systemWide = true; }; services.xserver.displayManager.sessionCommands = let xdefaultsfile = pkgs.writeText "Xdefaults" '' diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 0865a0841..51e69d8b7 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -14,17 +14,20 @@ in { # scanners are printers just in reverse anyway services.saned.enable = true; - users.users."${mainUser}".extraGroups = [ "scanner" ]; + users.users."${mainUser}".extraGroups = [ "scanner" "lp" ]; hardware.sane = { enable = true; - extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + extraBackends = [ ]; # $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 # requires 'sane-extra', scan via: - extraConfig."magicolor" = '' - net 10.42.20.30 0x2098 - ''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + #extraConfig."magicolor" = '' + # net 10.42.20.30 0x2098 + #''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + extraConfig."xerox_mfp" = '' + tcp 192.168.1.5 + ''; #home printer SCX-3205W }; } diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix new file mode 100644 index 000000000..4ad2c5ed8 --- /dev/null +++ b/makefu/2configs/remote-build/master.nix @@ -0,0 +1,14 @@ +{ pkgs, ...}: +let + sshKey = (toString <secrets>) + "/id_nixBuild"; +in { + nix.distributedBuilds = true; + # TODO: iterate over krebs.hosts + nix.buildMachines = map ( hostName: + { inherit hostName sshKey; + sshUser = "nixBuild"; + system = "x86_64-linux"; + maxJobs = 1; + }) [ "omo.r" "gum.r" "latte.r" ]; + # puyak.r "wbob.r" +} diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix new file mode 100644 index 000000000..b6e000a34 --- /dev/null +++ b/makefu/2configs/remote-build/slave.nix @@ -0,0 +1,11 @@ +{ + nix.trustedUsers = [ "nixBuild" ]; + users.users.nixBuild = { + name = "nixBuild"; + useDefaultShell = true; + # TODO: put this somewhere else + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" + ]; + }; +} diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 8f9935658..bb91b4478 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,6 +2,8 @@ with import <stockholm/lib>; let + irc-server = "ni.r"; + irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; grafana-port = 3000; # TODO nginx forward @@ -37,9 +39,9 @@ in { echoToIrc = pkgs.writeDash "echo_irc" '' set -euf data="$(${pkgs.jq}/bin/jq -r .message)" - export LOGNAME=malarm + export LOGNAME=${irc-nick} ${pkgs.irc-announce}/bin/irc-announce \ - irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null + ${irc-server} 6667 ${irc-nick} \#noise "$data" >/dev/null ''; in { enable = true; diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix new file mode 100644 index 000000000..4da6561d6 --- /dev/null +++ b/makefu/2configs/stats/telegraf/default.nix @@ -0,0 +1,20 @@ +{...}: +let + url = "http://localhost:8086"; +in { + imports = [ + ./europastats.nix + ]; + services.telegraf = { + enable = true; + extraConfig = { + agent.debug = true; + outputs = { + influxdb = [{ + urls = [ url ]; + database = "telegraf"; + }]; + }; + }; + }; +} diff --git a/makefu/2configs/stats/telegraf/europastats.nix b/makefu/2configs/stats/telegraf/europastats.nix new file mode 100644 index 000000000..9249280c5 --- /dev/null +++ b/makefu/2configs/stats/telegraf/europastats.nix @@ -0,0 +1,43 @@ +{ pkgs, ...}: +let + pkg = with pkgs.python3Packages;buildPythonPackage rec { + rev = "be31da7"; + name = "europastats-${rev}"; + propagatedBuildInputs = [ + requests2 + docopt + ]; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/europastats"; + inherit rev; + sha256 = "0qj18vgj9nm6aisyqhk3iz3rf8xp7mn5jc6sfylcaw588a9sjfvc"; + }; + }; +in { + services.telegraf.extraConfig.inputs.exec = [ + { + commands = [ "${pkg}/bin/europa-attractions"]; + timeout = "1m"; + data_format = "json"; + name_override = "europawaiting"; + interval = "1m"; + tag_keys = [ + "status" + "type" + "name" + ]; + } + { + commands = [ "${pkg}/bin/europa-weather"]; + timeout = "20s"; + data_format = "json"; + name_override = "europaweather"; + interval = "10m"; + tag_keys = [ + "type" + "name" + "offset" + ]; + } + ]; +} diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index c7a116918..7755e2872 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -7,6 +7,7 @@ ./extra-gui.nix ./games.nix ./media.nix + ./scanner-tools.nix ./sec.nix ./sec-gui.nix ./studio.nix diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 47f06287b..8e815da5e 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -1,8 +1,10 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ - steam + imports = [ + ./steam.nix + ]; + users.users.makefu.packages = with pkgs; [ games-user-env ]; } diff --git a/makefu/2configs/tools/scanner-tools.nix b/makefu/2configs/tools/scanner-tools.nix new file mode 100644 index 000000000..ef2e913e4 --- /dev/null +++ b/makefu/2configs/tools/scanner-tools.nix @@ -0,0 +1,7 @@ +{ + # ln -s /run/current-system/sw/bin/xsane ~/.gimp-2.8/plug-ins/xsane + nixpkgs.config.packageOverrides = pkgs: { + xsaneGimp = pkgs.xsane.override { gimpSupport = true; }; + }; +} + diff --git a/makefu/2configs/steam.nix b/makefu/2configs/tools/steam.nix index d4ec84abf..200ea4719 100644 --- a/makefu/2configs/steam.nix +++ b/makefu/2configs/tools/steam.nix @@ -1,6 +1,10 @@ {pkgs, ...}: { - environment.systemPackages = [ pkgs.steam ]; + users.users.makefu.packages = [ + (pkgs.steam.override { + newStdcpp = true; + }) + ]; hardware.opengl.driSupport32Bit = true; hardware.pulseaudio.support32Bit = true; } diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 47b5d7fc3..2eecd6428 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -24,8 +24,12 @@ in { # pypi https://pypi.python.org/simple/bepasty/ - https://pypi.python.org/simple/xstatic/ https://pypi.python.org/simple/devpi-client/ + https://pypi.python.org/simple/oslo.config/ + https://pypi.python.org/simple/sqlalchemy_migrate/ + https://pypi.python.org/simple/xstatic/ + https://pypi.python.org/simple/pyserial/ + https://pypi.python.org/simple/semantic_version/ # weird shit http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix index 9f3a59717..43d362ed9 100644 --- a/makefu/2configs/vim.nix +++ b/makefu/2configs/vim.nix @@ -127,6 +127,7 @@ in { { names = [ "undotree" # "YouCompleteMe" "vim-better-whitespace" ]; } + # vim-nix handles indentation better but does not perform sanity { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } ]; diff --git a/makefu/2configs/virtualisation/docker.nix b/makefu/2configs/virtualisation/docker.nix index ddef9e371..951bdbf26 100644 --- a/makefu/2configs/virtualisation/docker.nix +++ b/makefu/2configs/virtualisation/docker.nix @@ -1,8 +1,9 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { virtualisation.docker.enable = true; environment.systemPackages = with pkgs;[ docker docker_compose ]; + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "docker" ]; } diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix index 3d1d9fe75..e62a3f748 100644 --- a/makefu/2configs/vncserver.nix +++ b/makefu/2configs/vncserver.nix @@ -33,7 +33,7 @@ in { serviceConfig = { User = "nobody"; ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}"; - PrivateTmp = true; + PrivateTmp = true; }; }; }; diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix index 1e7edbf78..79754264f 100644 --- a/makefu/2configs/vpn/openvpn-server.nix +++ b/makefu/2configs/vpn/openvpn-server.nix @@ -1,13 +1,13 @@ { config, pkgs, ... }: let - out-itf = config.makefu.server.primary-itf; - # generate via openvpn --genkey --secret static.key - client-key = (toString <secrets>) + "/openvpn-laptop.key"; + out-itf = config.makefu.server.primary-itf; + # generate via openvpn --genkey --secret static.key + client-key = (toString <secrets>) + "/openvpn-laptop.key"; # domain = "vpn.euer.krebsco.de"; domain = "gum.krebsco.de"; dev = "tun0"; port = 1194; - tcp-port = 3306; + tcp-port = 3306; in { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.nat = { diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index af0e81df5..00df56bee 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -15,7 +15,6 @@ _: ./torrent.nix ./udpt.nix ./umts.nix - ./wvdial.nix ]; } diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix deleted file mode 100644 index 982f4a7db..000000000 --- a/makefu/3modules/wvdial.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: -# from 17.03/nixos/modules/programs/wvdial.nix - -with lib; - -let - - configFile = '' - [Dialer Defaults] - PPPD PATH = ${pkgs.ppp}/sbin/pppd - ${config.environment.wvdial.dialerDefaults} - ''; - - cfg = config.environment.wvdial; - -in -{ - ###### interface - - options = { - - environment.wvdial = { - - dialerDefaults = mkOption { - default = ""; - type = types.str; - example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''; - description = '' - Contents of the "Dialer Defaults" section of - <filename>/etc/wvdial.conf</filename>. - ''; - }; - - pppDefaults = mkOption { - default = '' - noipdefault - usepeerdns - defaultroute - persist - noauth - ''; - type = types.str; - description = "Default ppp settings for wvdial."; - }; - - }; - - }; - - ###### implementation - - config = mkIf (cfg.dialerDefaults != "") { - - environment = { - - etc = - [ - { source = pkgs.writeText "wvdial.conf" configFile; - target = "wvdial.conf"; - } - { source = pkgs.writeText "wvdial" cfg.pppDefaults; - target = "ppp/peers/wvdial"; - } - ]; - - }; - - }; - -} diff --git a/makefu/5pkgs/beef/Gemfile b/makefu/5pkgs/beef/Gemfile new file mode 100644 index 000000000..1420feffd --- /dev/null +++ b/makefu/5pkgs/beef/Gemfile @@ -0,0 +1,97 @@ +# BeEF's Gemfile + +# +# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +gem 'eventmachine' +gem 'thin' +gem 'sinatra' +gem 'rack', '~> 1.6.5' +gem 'em-websocket' # WebSocket support +gem 'uglifier' +gem 'mime-types' +gem 'execjs' +gem 'ansi' +gem 'term-ansicolor', :require => 'term/ansicolor' +gem 'dm-core' +gem 'json' +gem 'data_objects' +gem 'rubyzip', '>= 1.2.1' +gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice +gem 'nokogiri', '>= 1.7' + +gem 'therubyracer' + +# SQLite support +group :sqlite do + gem 'dm-sqlite-adapter' +end + +# PostgreSQL support +group :postgres do + #gem dm-postgres-adapter +end + +# MySQL support +group :mysql do + #gem dm-mysql-adapter +end + +# Geolocation support +group :geoip do + gem 'geoip' +end + +gem 'parseconfig' +gem 'erubis' +gem 'dm-migrations' + +# Metasploit Integration extension +group :ext_msf do + gem 'msfrpc-client' +end + +# Twitter Notifications extension +group :ext_twitter do + #gem 'twitter', '>= 5.0.0' +end + +# DNS extension +group :ext_dns do + gem 'rubydns', '~> 0.7.3' +end + +# network extension +group :ext_network do + gem 'dm-serializer' +end + +# QRcode extension +group :ext_qrcode do + gem 'qr4r' +end + +# For running unit tests +group :test do +if ENV['BEEF_TEST'] + gem 'rake' + gem 'test-unit' + gem 'test-unit-full' + gem 'curb' + gem 'selenium' + gem 'selenium-webdriver' + gem 'rspec' + gem 'bundler-audit' + # nokogirl is needed by capybara which may require one of the below commands + # sudo apt-get install libxslt-dev libxml2-dev + # sudo port install libxml2 libxslt + gem 'capybara' + # RESTful API tests/generic command module tests + gem 'rest-client', '>= 2.0.1' +end +end + +source 'https://rubygems.org' diff --git a/makefu/5pkgs/beef/Gemfile.lock b/makefu/5pkgs/beef/Gemfile.lock new file mode 100644 index 000000000..d2e6ad45e --- /dev/null +++ b/makefu/5pkgs/beef/Gemfile.lock @@ -0,0 +1,139 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) + ansi (1.5.0) + chunky_png (1.3.8) + daemons (1.2.4) + data_objects (0.10.17) + addressable (~> 2.1) + dm-core (1.2.1) + addressable (~> 2.3) + dm-do-adapter (1.2.0) + data_objects (~> 0.10.6) + dm-core (~> 1.2.0) + dm-migrations (1.2.0) + dm-core (~> 1.2.0) + dm-serializer (1.2.2) + dm-core (~> 1.2.0) + fastercsv (~> 1.5) + json (~> 1.6) + json_pure (~> 1.6) + multi_json (~> 1.0) + dm-sqlite-adapter (1.2.0) + dm-do-adapter (~> 1.2.0) + do_sqlite3 (~> 0.10.6) + do_sqlite3 (0.10.17) + data_objects (= 0.10.17) + em-websocket (0.5.1) + eventmachine (>= 0.12.9) + http_parser.rb (~> 0.6.0) + erubis (2.7.0) + espeak-ruby (1.0.4) + eventmachine (1.0.9.1) + execjs (2.7.0) + fastercsv (1.5.5) + filesize (0.1.1) + geoip (1.6.3) + http_parser.rb (0.6.0) + jsobfu (0.4.2) + rkelly-remix + json (1.8.6) + json_pure (1.8.6) + libv8 (3.16.14.19) + metasm (1.0.3) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) + mini_portile2 (2.3.0) + mojo_magick (0.5.6) + msfrpc-client (1.1.1) + msgpack (~> 1) + rex (~> 2) + msgpack (1.1.0) + multi_json (1.12.2) + nokogiri (1.8.1) + mini_portile2 (~> 2.3.0) + parseconfig (1.0.8) + public_suffix (3.0.0) + qr4r (0.4.1) + mojo_magick + rqrcode + rack (1.6.8) + rack-protection (1.5.3) + rack + rainbow (2.2.2) + rake + rake (12.1.0) + rb-readline (0.5.5) + ref (2.0.0) + rex (2.0.11) + filesize + jsobfu (~> 0.4.1) + json + metasm (~> 1.0.2) + nokogiri + rb-readline + robots + rexec (1.6.3) + rainbow + rkelly-remix (0.0.7) + robots (0.10.1) + rqrcode (0.10.1) + chunky_png (~> 1.0) + rubydns (0.7.3) + eventmachine (~> 1.0.0) + rexec (~> 1.6.2) + rubyzip (1.2.1) + sinatra (1.4.8) + rack (~> 1.5) + rack-protection (~> 1.4) + tilt (>= 1.3, < 3) + term-ansicolor (1.6.0) + tins (~> 1.0) + therubyracer (0.12.3) + libv8 (~> 3.16.14.15) + ref + thin (1.7.2) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) + tilt (2.0.8) + tins (1.15.0) + uglifier (3.2.0) + execjs (>= 0.3.0, < 3) + +PLATFORMS + ruby + +DEPENDENCIES + ansi + data_objects + dm-core + dm-migrations + dm-serializer + dm-sqlite-adapter + em-websocket + erubis + espeak-ruby (>= 1.0.4) + eventmachine + execjs + geoip + json + mime-types + msfrpc-client + nokogiri (>= 1.7) + parseconfig + qr4r + rack (~> 1.6.5) + rubydns (~> 0.7.3) + rubyzip (>= 1.2.1) + sinatra + term-ansicolor + therubyracer + thin + uglifier + +BUNDLED WITH + 1.15.4 diff --git a/makefu/5pkgs/beef/default.nix b/makefu/5pkgs/beef/default.nix new file mode 100644 index 000000000..82540cde9 --- /dev/null +++ b/makefu/5pkgs/beef/default.nix @@ -0,0 +1,37 @@ +{ stdenv, bundlerEnv, ruby, fetchFromGitHub }: +# nix-shell --command "bundler install && bundix" in the clone, copy gemset.nix, Gemfile and Gemfile.lock +let + gems = bundlerEnv { + name = "beef-env"; + inherit ruby; + gemdir = ./.; + }; +in stdenv.mkDerivation { + name = "beef-2017-09-21"; + src = fetchFromGitHub { + owner = "beefproject"; + repo = "beef"; + rev = "69aa2a3"; + sha256 = "1rky61i0wzpwcq3kqfa0m5hf6wyz8q8jgzs7dpfh04w9qh32ic4p"; + }; + buildInputs = [gems ruby]; + installPhase = '' + mkdir -p $out/{bin,share/beef} + + cp -r * $out/share/beef + # set the default db path, unfortunately setting to /tmp does not seem to work + # sed -i 's#db_file: .*#db_file: "/tmp/beef.db"#' $out/share/beef/config.yaml + + bin=$out/bin/beef + cat > $bin <<EOF +#!/bin/sh -e +exec ${gems}/bin/bundle exec ${ruby}/bin/ruby $out/share/beef/beef "\$@" +EOF + chmod +x $bin + ''; + + # crashes with segfault + # also, db cannot be set + meta.broken = true; + +} diff --git a/makefu/5pkgs/beef/gemset.nix b/makefu/5pkgs/beef/gemset.nix new file mode 100644 index 000000000..b6af75d00 --- /dev/null +++ b/makefu/5pkgs/beef/gemset.nix @@ -0,0 +1,475 @@ +{ + addressable = { + dependencies = ["public_suffix"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0viqszpkggqi8hq87pqp0xykhvz60g99nwmkwsb0v45kc2liwxvk"; + type = "gem"; + }; + version = "2.5.2"; + }; + ansi = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14ims9zfal4gs2wpx2m5rd8zsrl2k794d359shkrsgg3fhr2a22l"; + type = "gem"; + }; + version = "1.5.0"; + }; + chunky_png = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j0dngz6s0j3s3zaf9vrimjz65s9k7ad1c3xmmldr1vmz8sbd843"; + type = "gem"; + }; + version = "1.3.8"; + }; + daemons = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1bmb4qrd95b5gl3ym5j3q6mf090209f4vkczggn49n56w6s6zldz"; + type = "gem"; + }; + version = "1.2.4"; + }; + data_objects = { + dependencies = ["addressable"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19fw1ckqc5f1wc4r72qrymy2k6cmd8azbxpn61ksbsjqhzc2bgqd"; + type = "gem"; + }; + version = "0.10.17"; + }; + dm-core = { + dependencies = ["addressable"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09x67ka6f1lxh4iwrg87iama0haq0d0z35gavvnvzpx9kn9pfbnw"; + type = "gem"; + }; + version = "1.2.1"; + }; + dm-do-adapter = { + dependencies = ["data_objects" "dm-core"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1v84lsmsq8kawl8k4qz2h87xqc1sr10c08wwasrxbcgrkvp7qk4q"; + type = "gem"; + }; + version = "1.2.0"; + }; + dm-migrations = { + dependencies = ["dm-core"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "04hr8qgm4j1z5fg0cfpr8r6apvk5xykad0d0xqfg48rjv5rdwc0i"; + type = "gem"; + }; + version = "1.2.0"; + }; + dm-serializer = { + dependencies = ["dm-core" "fastercsv" "json" "json_pure" "multi_json"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0mvpb2d4cniysw45d3c9xidjpdb3wmfl7x5lgvnsfm69wq24v5y4"; + type = "gem"; + }; + version = "1.2.2"; + }; + dm-sqlite-adapter = { + dependencies = ["dm-do-adapter" "do_sqlite3"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0mq9xrw4jwb753sy8902rq9sfv62mzss2n3875g51i9acqy475hc"; + type = "gem"; + }; + version = "1.2.0"; + }; + do_sqlite3 = { + dependencies = ["data_objects"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gxz54qjgwg6a2mkqpai28m0i5swbyxpr4qmh9x1nwf20lysrgcf"; + type = "gem"; + }; + version = "0.10.17"; + }; + em-websocket = { + dependencies = ["eventmachine" "http_parser.rb"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1bsw8vjz0z267j40nhbmrvfz7dvacq4p0pagvyp17jif6mj6v7n3"; + type = "gem"; + }; + version = "0.5.1"; + }; + erubis = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fj827xqjs91yqsydf0zmfyw9p4l2jz5yikg3mppz6d7fi8kyrb3"; + type = "gem"; + }; + version = "2.7.0"; + }; + espeak-ruby = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0d658zr53jibyrs5qnic7bfl6h69k5987s8asncsbnxwbzzilj6y"; + type = "gem"; + }; + version = "1.0.4"; + }; + eventmachine = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "17jr1caa3ggg696dd02g2zqzdjqj9x9q2nl7va82l36f7c5v6k4z"; + type = "gem"; + }; + version = "1.0.9.1"; + }; + execjs = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1yz55sf2nd3l666ms6xr18sm2aggcvmb8qr3v53lr4rir32y1yp1"; + type = "gem"; + }; + version = "2.7.0"; + }; + fastercsv = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1df3vfgw5wg0s405z0pj0rfcvnl9q6wak7ka8gn0xqg4cag1k66h"; + type = "gem"; + }; + version = "1.5.5"; + }; + filesize = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "061qmg82mm9xnmnq3b7gbi24g28xk62w0b0nw86gybd07m1jn989"; + type = "gem"; + }; + version = "0.1.1"; + }; + geoip = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "099hxng7h8i3pwibnassivj58iw1x7ygwq06qj6rx7j16iyz6rzx"; + type = "gem"; + }; + version = "1.6.3"; + }; + "http_parser.rb" = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15nidriy0v5yqfjsgsra51wmknxci2n2grliz78sf9pga3n0l7gi"; + type = "gem"; + }; + version = "0.6.0"; + }; + jsobfu = { + dependencies = ["rkelly-remix"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hchns89cfj0gggm2zbr7ghb630imxm2x2d21ffx2jlasn9xbkyk"; + type = "gem"; + }; + version = "0.4.2"; + }; + json = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qmj7fypgb9vag723w1a49qihxrcf5shzars106ynw2zk352gbv5"; + type = "gem"; + }; + version = "1.8.6"; + }; + json_pure = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1vllrpm2hpsy5w1r7000mna2mhd7yfrmd8hi713lk0n9mv27bmam"; + type = "gem"; + }; + version = "1.8.6"; + }; + libv8 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0271i5sfma05gvhmrmxqb0jj667bl6m54yd49ay6yrdbh1g4wpl1"; + type = "gem"; + }; + version = "3.16.14.19"; + }; + metasm = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gss57q4lv6l0jkih77zffrpjjzgkdcsy7b9nvvawyzknis9w4s5"; + type = "gem"; + }; + version = "1.0.3"; + }; + mime-types = { + dependencies = ["mime-types-data"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0087z9kbnlqhci7fxh9f6il63hj1k02icq2rs0c6cppmqchr753m"; + type = "gem"; + }; + version = "3.1"; + }; + mime-types-data = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "04my3746hwa4yvbx1ranhfaqkgf6vavi1kyijjnw8w3dy37vqhkm"; + type = "gem"; + }; + version = "3.2016.0521"; + }; + mini_portile2 = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13d32jjadpjj6d2wdhkfpsmy68zjx90p49bgf8f7nkpz86r1fr11"; + type = "gem"; + }; + version = "2.3.0"; + }; + mojo_magick = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1n4hzdyvaggzasxb55iqjd8sg6g84yc2dbaip0zzy7nwr5j5h8sm"; + type = "gem"; + }; + version = "0.5.6"; + }; + msfrpc-client = { + dependencies = ["msgpack" "rex"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0q1x0xy857qm3sdxynp5p8kk7f6j25qjw1p28jh0y2qivc5ksik8"; + type = "gem"; + }; + version = "1.1.1"; + }; + msgpack = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ck7w17d6b4jbb8inh1q57bghi9cjkiaxql1d3glmj1yavbpmlh7"; + type = "gem"; + }; + version = "1.1.0"; + }; + multi_json = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1raim9ddjh672m32psaa9niw67ywzjbxbdb8iijx3wv9k5b0pk2x"; + type = "gem"; + }; + version = "1.12.2"; + }; + nokogiri = { + dependencies = ["mini_portile2"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "105xh2zkr8nsyfaj2izaisarpnkrrl9000y3nyflg9cbzrfxv021"; + type = "gem"; + }; + version = "1.8.1"; + }; + parseconfig = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0br2g9k6zc4ygah52aa8cwvpnnkszia29bnvnr8bhpk3rdzi2vmq"; + type = "gem"; + }; + version = "1.0.8"; + }; + public_suffix = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0snaj1gxfib4ja1mvy3dzmi7am73i0mkqr0zkz045qv6509dhj5f"; + type = "gem"; + }; + version = "3.0.0"; + }; + qr4r = { + dependencies = ["mojo_magick" "rqrcode"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ya71fxhmx2zfsmflmqh6xm9jwgjxamsj9d3h1kjp21w4vca0s30"; + type = "gem"; + }; + version = "0.4.1"; + }; + rack = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19m7aixb2ri7p1n0iqaqx8ldi97xdhvbxijbyrrcdcl6fv5prqza"; + type = "gem"; + }; + version = "1.6.8"; + }; + rack-protection = { + dependencies = ["rack"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0cvb21zz7p9wy23wdav63z5qzfn4nialik22yqp6gihkgfqqrh5r"; + type = "gem"; + }; + version = "1.5.3"; + }; + rainbow = { + dependencies = ["rake"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08w2ghc5nv0kcq5b257h7dwjzjz1pqcavajfdx2xjyxqsvh2y34w"; + type = "gem"; + }; + version = "2.2.2"; + }; + rake = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0mfqgpp3m69s5v1rd51lfh5qpjwyia5p4rg337pw8c8wzm6pgfsw"; + type = "gem"; + }; + version = "12.1.0"; + }; + rb-readline = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "14w79a121czmvk1s953qfzww30mqjb2zc0k9qhi0ivxxk3hxg6wy"; + type = "gem"; + }; + version = "0.5.5"; + }; + ref = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "04p4pq4sikly7pvn30dc7v5x2m7fqbfwijci4z1y6a1ilwxzrjii"; + type = "gem"; + }; + version = "2.0.0"; + }; + rex = { + dependencies = ["filesize" "jsobfu" "json" "metasm" "nokogiri" "rb-readline" "robots"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0kxacxq4l1gcqbw1izg2qqvdhxl6b5779a2qa2jk24f6x96bpi68"; + type = "gem"; + }; + version = "2.0.11"; + }; + rexec = { + dependencies = ["rainbow"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ihc0a6gj4i3287fjm86cn2ax4hlznyk5aqxrhjxkf4y9kabc3in"; + type = "gem"; + }; + version = "1.6.3"; + }; + rkelly-remix = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g7hjl9nx7f953y7lncmfgp0xgxfxvgfm367q6da9niik6rp1y3j"; + type = "gem"; + }; + version = "0.0.7"; + }; + robots = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "141gvihcr2c0dpzl3dqyh8kqc9121prfdql2iamaaw0mf9qs3njs"; + type = "gem"; + }; + version = "0.10.1"; + }; + rqrcode = { + dependencies = ["chunky_png"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h1pnnydgs032psakvg3l779w3ghbn08ajhhhw19hpmnfhrs8k0a"; + type = "gem"; + }; + version = "0.10.1"; + }; + rubydns = { + dependencies = ["eventmachine" "rexec"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mav6589kpqh37wlipkh1nww6ipbw4kzja2crz216v25wwjrbpx2"; + type = "gem"; + }; + version = "0.7.3"; + }; + rubyzip = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06js4gznzgh8ac2ldvmjcmg9v1vg9llm357yckkpylaj6z456zqz"; + type = "gem"; + }; + version = "1.2.1"; + }; + sinatra = { + dependencies = ["rack" "rack-protection" "tilt"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0byxzl7rx3ki0xd7aiv1x8mbah7hzd8f81l65nq8857kmgzj1jqq"; + type = "gem"; + }; + version = "1.4.8"; + }; + term-ansicolor = { + dependencies = ["tins"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1b1wq9ljh7v3qyxkk8vik2fqx2qzwh5lval5f92llmldkw7r7k7b"; + type = "gem"; + }; + version = "1.6.0"; + }; + therubyracer = { + dependencies = ["libv8" "ref"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1g95bzs2axjglyjyj6xvsywqgr80bnzlkw7mddxx1fdrak5wni2q"; + type = "gem"; + }; + version = "0.12.3"; + }; + thin = { + dependencies = ["daemons" "eventmachine" "rack"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nagbf9pwy1vg09k6j4xqhbjjzrg5dwzvkn4ffvlj76fsn6vv61f"; + type = "gem"; + }; + version = "1.7.2"; + }; + tilt = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0020mrgdf11q23hm1ddd6fv691l51vi10af00f137ilcdb2ycfra"; + type = "gem"; + }; + version = "2.0.8"; + }; + tins = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09whix5a7ics6787zrkwjmp16kqyh6560p9f317syks785805f7s"; + type = "gem"; + }; + version = "1.15.0"; + }; + uglifier = { + dependencies = ["execjs"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wmqvn4xncw6h3d5gp2a44170zwxfyj3iq4rsjp16zarvzbdmgnz"; + type = "gem"; + }; + version = "3.2.0"; + }; +}
\ No newline at end of file diff --git a/makefu/5pkgs/beef/shell.nix b/makefu/5pkgs/beef/shell.nix new file mode 100644 index 000000000..cd7a01214 --- /dev/null +++ b/makefu/5pkgs/beef/shell.nix @@ -0,0 +1,16 @@ +# Env to update Gemfile.lock / gemset.nix +with import <nixpkgs> {}; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + ruby.devEnv + git + sqlite + libpcap + postgresql + libxml2 + libxslt + pkgconfig + bundix + ]; +} diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix index f91d5b984..885777be4 100644 --- a/makefu/5pkgs/drozer/default.nix +++ b/makefu/5pkgs/drozer/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7, ... }: +{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7 }: pythonPackages.buildPythonApplication rec { name = "drozer-${version}"; diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix deleted file mode 100644 index 84bb232cd..000000000 --- a/makefu/5pkgs/esptool/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, fetchFromGitHub, ... }: -with pkgs.python2Packages; -let - pyaes = buildPythonPackage rec { - name = "pyaes-${version}"; - version = "1.6.0"; - src = fetchFromGitHub { - owner = "ricmoo"; - repo = "pyaes"; - rev = "v${version}"; - sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb"; - }; - doCheck = false; - }; -in -buildPythonPackage rec { - name = "esptool-${version}"; - version = "2.0beta2"; - propagatedBuildInputs = [ - pyserial - flake8 - ecdsa - pyaes - ]; - src = fetchFromGitHub { - owner = "themadinventor"; - repo = "esptool"; - rev = "v${version}"; - sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i"; - }; - doCheck = false; -} diff --git a/makefu/5pkgs/logstash-input-rss/default.nix b/makefu/5pkgs/logstash-input-rss/default.nix new file mode 100644 index 000000000..af66359ef --- /dev/null +++ b/makefu/5pkgs/logstash-input-rss/default.nix @@ -0,0 +1,31 @@ +{ pkgs, stdenv, lib, fetchFromGitHub }: + + +stdenv.mkDerivation rec { + name = "logstash-input-rss-${version}"; + version = "3.0.3"; + + src = fetchFromGitHub { + owner = "logstash-plugins"; + repo = "logstash-input-rss"; + rev = "v${version}"; + sha256 = "026902g256385dx3qkbknz10vsp9dm2ymjdx6s6rkh3krs67w09l"; + }; + + dontBuild = true; + dontPatchELF = true; + dontStrip = true; + dontPatchShebangs = true; + installPhase = '' + mkdir -p $out/logstash + cp -r lib/* $out/ + ''; + + meta = with lib; { + description = "logstash output plugin"; + homepage = https://github.com/logstash-plugins/logstash-input-rss; + license = stdenv.lib.licenses.asl20; + platforms = stdenv.lib.platforms.unix; + maintainers = with maintainers; [ makefu ]; + }; +} diff --git a/makefu/5pkgs/udpt/default.nix b/makefu/5pkgs/udpt/default.nix deleted file mode 100644 index 99bcac18b..000000000 --- a/makefu/5pkgs/udpt/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, boost, sqlite, fetchFromGitHub }: - -stdenv.mkDerivation rec { - proj = "udpt"; - name = "udpt-${rev}"; - rev = "0790558"; - - enableParallelBuilding = true; - - src = fetchFromGitHub { - owner = "naim94a"; - repo = "udpt"; - inherit rev; - sha256 = "0rgkjwvnqwbnqy7pm3dk176d3plb5lypaf12533yr0yfzcp6gnzk"; - }; - buildInputs = [ boost sqlite ]; - installPhase = '' - mkdir -p $out/bin $out/etc/ - cp udpt $out/bin - cp udpt.conf $out/etc/ - ''; - meta = { - description = "udp tracker"; - homepage = https://github.com/naim94a/udpt; - license = stdenv.lib.licenses.gpl3; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; - }; -} diff --git a/makefu/source.nix b/makefu/source.nix index fdd367cba..1a5d4a5d7 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,10 +11,13 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "c91346e"; # unstable @ 2017-09-04 - # + graceful requests2 (a772c3aa) - # + mitmproxy fix (eee2d174) + ref = "46cfb36"; # unstable @ 2017-09-04 + # + graceful requests2 (a772c3a) + # + mitmproxy fix (eee2d17) # + tpm-tools fix (5cb9987) + # + dnscrypt-wrapper (25703c3) + # + lass wvstream fix (76f4910,37cc2bc,0d48837) + # + ruby stuff (2f0b17e4be9,55a952be5b5) in evalSource (toString _file) [ |