diff options
102 files changed, 691 insertions, 305 deletions
diff --git a/krebs/1systems/arcadeomat/config.nix b/krebs/1systems/arcadeomat/config.nix new file mode 100644 index 000000000..cdeaae180 --- /dev/null +++ b/krebs/1systems/arcadeomat/config.nix @@ -0,0 +1,82 @@ +{ config,lib, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + ext-if = "et0"; + external-mac = "52:54:b0:0b:af:fe"; + mainUser = "krebs"; + +in +{ + imports = [ + ./hw.nix + <stockholm/krebs> + <stockholm/krebs/2configs> + + #<stockholm/krebs/2configs/binary-cache/nixos.nix> + #<stockholm/krebs/2configs/binary-cache/prism.nix> + + <stockholm/krebs/2configs/shack/ssh-keys.nix> + <stockholm/krebs/2configs/save-diskspace.nix> + <stockholm/krebs/2configs/shack/prometheus/node.nix> + + ]; + # use your own binary cache, fallback use cache.nixos.org (which is used by + # apt-cacher-ng in first place) + + # local discovery in shackspace + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; + + + #networking = { + # firewall.enable = false; + # firewall.allowedTCPPorts = [ 8088 8086 8083 ]; + # interfaces."${ext-if}".ipv4.addresses = [ + # { + # address = shack-ip; + # prefixLength = 20; + # } + # ]; + + # defaultGateway = "10.42.0.1"; + # nameservers = [ "10.42.0.100" "10.42.0.200" ]; + #}; + + ##################### + # uninteresting stuff + ##################### + krebs.build.host = config.krebs.hosts.arcadeomat; + users.users."${mainUser}" = { + uid = 9001; + extraGroups = [ "audio" "video" ]; + isNormalUser = true; + }; + + + time.timeZone = "Europe/Berlin"; + + # avahi + services.avahi = { + enable = true; + wideArea = false; + }; + environment.systemPackages = with pkgs;[ glxinfo sdlmame ]; + nixpkgs.config.allowUnfree = true; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_340; + boot.kernelPackages = pkgs.linuxPackages_5_4; + + services.xserver = { + videoDrivers = [ "nvidia" ]; + enable = true; + windowManager = { + awesome.enable = true; + awesome.noArgb = true; + awesome.luaModules = [ pkgs.luaPackages.vicious ]; + }; + displayManager.defaultSession = lib.mkDefault "none+awesome"; + displayManager.autoLogin = { + enable = true; + user = mainUser; + }; + }; +} diff --git a/krebs/1systems/arcadeomat/hw.nix b/krebs/1systems/arcadeomat/hw.nix new file mode 100644 index 000000000..b24deeecb --- /dev/null +++ b/krebs/1systems/arcadeomat/hw.nix @@ -0,0 +1,25 @@ + +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/0aae456e-0548-4917-a282-11d5d4e403cf"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.copyKernels = true; + +} diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix index 9c6a9da08..e27d036c8 100644 --- a/krebs/1systems/filebitch/config.nix +++ b/krebs/1systems/filebitch/config.nix @@ -23,8 +23,8 @@ in } ## Collect local statistics via collectd and send to collectd - <stockholm/krebs/2configs/stats/shack-client.nix> - <stockholm/krebs/2configs/stats/shack-debugging.nix> + # <stockholm/krebs/2configs/stats/shack-client.nix> + # <stockholm/krebs/2configs/stats/shack-debugging.nix> ]; krebs.build.host = config.krebs.hosts.filebitch; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 5ed946aca..f4bd472a4 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -92,8 +92,8 @@ <stockholm/krebs/2configs/shack/influx.nix> ## Collect local statistics via collectd and send to collectd - <stockholm/krebs/2configs/stats/shack-client.nix> - <stockholm/krebs/2configs/stats/shack-debugging.nix> + # <stockholm/krebs/2configs/stats/shack-client.nix> + # <stockholm/krebs/2configs/stats/shack-debugging.nix> ## netbox.shack: Netbox is disabled as nobody seems to be using it anyway # <stockholm/krebs/2configs/shack/netbox.nix> @@ -111,10 +111,6 @@ <stockholm/krebs/2configs/shack/prometheus/blackbox.nix> #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> - - ## Collect local statistics via collectd and send to collectd - <stockholm/krebs/2configs/stats/shack-client.nix> - <stockholm/krebs/2configs/stats/shack-debugging.nix> ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 25e7c5f06..12ce4db3e 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -52,12 +52,6 @@ in ##################### krebs.build.host = config.krebs.hosts.wolf; - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ]; diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 4c25bc963..369b750b7 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -45,6 +45,13 @@ with import <stockholm/lib>; services.cron.enable = false; services.ntp.enable = false; + # limit journald size + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + Storage=persistent + ''; + users.mutableUsers = false; users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.jeschli-brauerei.pubkey diff --git a/krebs/2configs/shack/glados/automation/ampel.nix b/krebs/2configs/shack/glados/automation/ampel.nix new file mode 100644 index 000000000..4be92a328 --- /dev/null +++ b/krebs/2configs/shack/glados/automation/ampel.nix @@ -0,0 +1,23 @@ +# needs: +# binary_sensor.lounge_ampel_status +# light.lounge_ampel_licht_rot + +let + glados = import ../lib; +in +{ + services.home-assistant.config.automation = + [ + { + alias = "Ampel Rotes Licht"; + initial_state = true; + trigger = { + platform = "state"; + entity_id = "binary_sensor.lounge_ampel_status"; + }; + action = { service = "light.turn_on"; + data.entity_id = "light.lounge_ampel_licht_rot"; + }; + } + ]; +} diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 51c2ad94f..e7860338c 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -40,6 +40,7 @@ in { ./automation/shack-startup.nix ./automation/party-time.nix ./automation/hass-restart.nix + ./automation/ampel.nix ]; services.home-assistant = diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix index e78f0f974..8ace42383 100644 --- a/krebs/2configs/shack/mqtt.nix +++ b/krebs/2configs/shack/mqtt.nix @@ -1,15 +1,21 @@ -# hostname: mqtt.shack +{ ... }: { networking.firewall.allowedTCPPorts = [ 1883 ]; networking.firewall.allowedUDPPorts = [ 1883 ]; services.mosquitto = { enable = true; - host = "0.0.0.0"; - users = {}; - # TODO: secure that shit - aclExtraConf = '' - pattern readwrite # - ''; - allowAnonymous = true; + persistence = false; + settings.max_keepalive = 60; + listeners = [ + { + port = 1883; + omitPasswordAuth = true; + users = {}; + settings = { + allow_anonymous = true; + }; + acl = [ "topic readwrite #" "pattern readwrite #" ]; + } + ]; }; } diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 9308c7b13..2a8c92e46 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -15,7 +15,9 @@ in { inherit home; isSystemUser = true; createHome = true; + group = "muell_mail"; }; + users.groups.muell_mail = {}; systemd.services.muell_mail = { description = "muell_mail"; wantedBy = [ "multi-user.target" ]; diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index cabe72b40..abec3b4d6 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -16,7 +16,9 @@ in { inherit home; isSystemUser = true; createHome = true; + group = "muellshack"; }; + users.groups.muellshack = {}; services.nginx.virtualHosts."muell.shack" = { locations."/" = { proxyPass = "http://localhost:${port}/muellshack/"; diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 7a648d4ee..1124d969f 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -17,7 +17,9 @@ in { inherit home; isSystemUser = true; createHome = true; + group = "node-light"; }; + users.groups.node-light = {}; services.nginx.virtualHosts."lounge.light.shack" = { locations."/" = { proxyPass = "http://localhost:${port}/lounge/"; diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index 64e1911cf..79ba567b6 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -19,7 +19,9 @@ in { users.users.powermeter = { extraGroups = [ "dialout" ]; isSystemUser = true; + group = "powermeter"; }; + users.groups.powermeter = {}; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index bed98d860..d8033f1e2 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -16,7 +16,9 @@ in { inherit home; createHome = true; isSystemUser = true; + group = "s3_power"; }; + users.groups.shackDNS = {}; systemd.services.s3-power = { startAt = "daily"; description = "s3-power"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 00f79abc4..4e73023aa 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,9 +30,11 @@ in { users.users.shackDNS = { inherit home; + group = "nogroup"; createHome = true; isSystemUser = true; }; + users.groups.shackDNS = {}; services.nginx.virtualHosts."leases.shack" = { locations."/" = { proxyPass = "http://localhost:${port}/"; diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index 3eb30964e..bc483e8d0 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -7,6 +7,7 @@ home = "/home/share"; createHome = true; }; + users.groups.share = {}; networking.firewall.allowedTCPPorts = [ 139 445 # samba diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 4ac6e30ee..259f613cc 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -269,6 +269,7 @@ let home = cfg.stateDir; createHome = true; isSystemUser = true; + group = "airdcpp"; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 7a78880ea..8427ca50b 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -11,10 +11,12 @@ in { config = mkIf cfg.enable { users.extraUsers.brockman = { home = "/var/lib/brockman"; + group = "brockman"; createHome = true; isSystemUser = true; uid = genid_uint31 "brockman"; }; + users.groups.brockman = {}; systemd.services.brockman = { description = "RSS to IRC broadcaster"; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index e55bd95ea..c30f31e31 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -319,6 +319,7 @@ let users.extraUsers.buildbotMaster = { uid = genid "buildbotMaster"; + group = "buildbotMaster"; description = "Buildbot Master"; home = cfg.workDir; createHome = false; diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index d877b9911..f97b50def 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -128,6 +128,7 @@ let users.extraUsers.buildbotSlave = { uid = genid "buildbotSlave"; + group = "buildbotSlave"; description = "Buildbot Slave"; home = cfg.workDir; createHome = false; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 7c896e90a..d919c8129 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -207,18 +207,45 @@ in { aliases = [ "qubasa.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA65g1Xql+S+Dd90uDpSVxzGRTL8n4DHc1p9T8u9h7ioytC9B+e2dQ - RU/y3gdJ0gXxrbth36MhTANuUonnqpHvsWwUDCQRbxLEFh8avlzLsecWvwrIt3zL - 102EaVurRySUa83D6TK8ZsDa2+ADY7tEzfFMJhT53g7MpBNIeOquB0rR6hVYBbHc - 3B+QtwdM8dx1gO/5+FsPYhJbR7ARczYHsj7Eyb8NbdzthEO0ICDgwzmcXTJfVHGR - qfT7DUolXsu7uSPMLB+Pe/leI7XcQ2VFukpVGP0fZv0mSMxavFlcFVkLgdbAEd2H - DPEBEcJpLR4Hw3HlO1kPPufaUdoeNhUmTkIp76mkCbanS1P/aFNFFcVB+a/+tpdK - z5pG8K3qANg5txp6sAatPchvkeQelIg11lvT9luc+nFsTEW6Ky5nDLo60luZVFnn - i1bdVeOojXR0u7M2gMqQZcSuscvy8APe48S8vPsqoiob1l/r77B7iNrWDwH8IutW - u8fpC64CbhlR76Orp3xTZPmJQCRT8XYpKDDoq5Z7prdlAEz3U6wEfVckVv+f1dmU - odG0zDTsmyKhkWWmZbPgPrOEUvAVoSpSLSQQxPR+UHArlgYe+2dAf8IHYqrgmhuO - D4Lga4nNwTyVbCZ8vUu5b/lnGCLpNcVj22WVQTdAJzNsCVTdIM2V5hcCAwEAAQ== + MIICCgKCAgEAwEaIkC/JxEI6mAnA2lnoNYRSVAVOggtm7XBAX2tTq9OCnwgh6Nnr + Bv8S6j8HBybMqZHKBlfFUo+Trm7Ig/g8KI8xwm2ThO83GnXLyu5qoIFLgjAtvx9w + uh/ZGIn2MKHy0aZ6J/HqDEbsr6XC/YpLb3mA3C5Msaiand0zmAh1oYQVvNJMLgLA + HgBr7a14ngyndwGiBoFDoHu2gtPXTallruv/eopnOVaidkyNRDlMhbqr/Xkxlwov + E2pewl+IKvt5WnGzCHDFvHYCDpeKX9ZAiBBJQ5tgGhxScN5rJ4Omx7iVbnjjPMzs + 1VSRgOqR1xPk5aMa0ByV2P978mNJL6MwIEhnGjg6Dyr1hvmjFxKjj+Pd8IWAeli9 + G3Xq4xJ8+vRbFBoqzBuxcUOTN/V1i1XECGMxEg5cE+9tp+2mvOSpiChkpxeGA42Y + KbcVR7df2bjIQ+8IQzgPkpGnpG/XwC8JKsy+2jiiXOWrwUDfEFrkFaqGNareTeST + ynkbl+y8PgtoHloubckKoXqyY/zHTG3gDDW7SLfr/OpHqyq8MtITyojwMB/Ijyzo + 6mAPiTLI7oFYpWIP0UiM7u4o6iDW9S8G9l+vLZJyEmhEUZJUkWoXRy2Ibd6ix0L3 + eA6izpRuehl1OLePY4HNkuqOgXiEf1mgNcoGnyx3kzKYa1cUlMP0ve8CAwEAAQ== -----END RSA PUBLIC KEY----- + Ed25519PublicKey = dqJq+qESCNakC3p9duc5LrG26D1scj58Hy1S5kPGtME + ''; + }; + }; + }; + + keller = { + owner = config.krebs.users.qubasa; + nets = { + retiolum = { + ip4.addr = "10.243.30.2"; + aliases = [ "kelle.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA3jJgnaEJnKiBILtdtIROVfJJ1IgQSdfAw83aNE8xinkIFkP8lSFS + Nd1C9pRI2r8Tjut/MB0b7MRlwOS2FWP1COcKzZGR4gKSiwK9oWGy6Vf5Qvrsd5M+ + 0roUsf6Km/muJgqhWYY4OOaDK3LSp4mAo8H9+pibH9GuMuhu/Ebe0gtwnoOuuQs5 + GeHtaBrtpiGX2WvIU2S1TwDw0cmheEbqyaQ9COSqdOW1ldbfAbh7Zv38iUzMNXJ2 + yAWUfT5eYsIWlQc55JzEABuxIZEFj7BiR2vQYjVa+sIjsb+vI/6SFK4uiuqPP0dW + xFAQyRuQbW0gyooMLXnZ6ByD/t4mFpk7Eo1Sxiv8CdgDI/lELZ1h7jTYKrcuPHYc + P9m2Ut9FxuFMl+s2etkVUVGba2Kz9b9iwvvAZUtU85UrsQCkrghIT0Hm0SIdYQHO + +WyCw46okk5xLicXEd+RgwlWWq+AJeo0LKof3uoRnjQq1kkU5E0nGX/YqRa3YIxV + qmShTnQSTGUe6qVz1uAoh+ljTEUWWgW5UKuHPn1gdqFcIJ+4DSkJgiQ/cbSXtyp0 + 35bQuqjpFe/bwW1PuK6YspMRK2hQrYkypQNrvjcz0RJJc/1ULILTl0NaZEMtCcj2 + t7KpA6wY6WIz5+uTVBnc3vQrcBebfSWzl0IWxjaSufp8ojq5B7mz8s0CAwEAAQ== + -----END RSA PUBLIC KEY----- + Ed25519PublicKey = HeSMxgGaB9alyS0n766TJ3qA2fAwvJmMyLPFbYhfZdJ ''; }; }; @@ -633,8 +660,10 @@ in { }; hydrogen = { owner = config.krebs.users.sandro; - nets = { + nets = rec { + internet.addrs = [ "hydrogen.supersandro.de" ]; retiolum = { + via = internet; ip4.addr = "10.243.54.54"; aliases = [ "hydrogen.r" ]; tinc.pubkey = '' diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index b4e046303..0e6812a35 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -224,10 +224,8 @@ in { retiolum = { via = internet; addrs = [ - config.krebs.hosts.eve.nets.retiolum.ip4.addr config.krebs.hosts.eve.nets.retiolum.ip6.addr ]; - ip4.addr = "10.243.29.174"; aliases = [ "eve.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -451,6 +449,7 @@ in { nets = rec { internet = { ip4.addr = "129.215.165.75"; + ip6.addr = "2001:630:3c1:164:d65d:64ff:feb0:e8a8"; aliases = [ "sauron.i" ]; }; retiolum = { @@ -707,8 +706,8 @@ in { nets = rec { internet = { # eva.thalheim.io - ip4.addr = "157.90.232.92"; - ip6.addr = "2a01:4f8:1c1c:9a9::1"; + ip4.addr = "131.159.102.4"; + ip6.addr = "2a09:80c0:102::4"; aliases = [ "eva.i" ]; }; retiolum = { @@ -798,7 +797,14 @@ in { ryan = { owner = config.krebs.users.mic92; nets = rec { + internet = { + # ryan.dse.in.tum.de + ip4.addr = "131.159.102.8"; + ip6.addr = "2a09:80c0:102::8"; + aliases = [ "ryan.i" ]; + }; retiolum = { + via = internet; addrs = [ config.krebs.hosts.ryan.nets.retiolum.ip4.addr config.krebs.hosts.ryan.nets.retiolum.ip6.addr @@ -823,7 +829,14 @@ in { graham = { owner = config.krebs.users.mic92; nets = rec { + internet = { + # graham.dse.in.tum.de + ip4.addr = "131.159.102.9"; + ip6.addr = "2a09:80c0:102::9"; + aliases = [ "graham.i" ]; + }; retiolum = { + via = internet; addrs = [ config.krebs.hosts.graham.nets.retiolum.ip4.addr config.krebs.hosts.graham.nets.retiolum.ip6.addr diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 9421576df..71eed6c69 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -66,11 +66,14 @@ let users.users.${user.name} = { inherit (user) uid; + group = user.name; home = cfg.dataDir; isSystemUser = true; }; }; + users.groups.${user.name} = {}; + user = rec { mail = "${name}@${config.krebs.build.host.name}"; name = "github-hosts-sync"; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 517dad76f..4221703ec 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -69,10 +69,13 @@ let users.users = mapAttrs' (name: htgen: nameValuePair htgen.user.name { inherit (htgen.user) home name uid; + group = htgen.user.name; createHome = true; isSystemUser = true; } ) cfg; + users.groups = mapAttrs (_: _: {}) cfg; + }; in out diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 776b893f5..f796f0323 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -187,6 +187,30 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpVwKv9mQGfcn5oFwuitq+b6Dz4jBG9sGhVoCYFw5RY"; syncthing.id = "DK5CEE2-PNUXYCE-Q42H2HP-623GART-B7KS4VK-HU2RBGQ-EK6QPUP-HUL3PAR"; }; + arcadeomat = { + ci = true; + nets = { + retiolum = { + ip4.addr = "10.243.77.67"; + aliases = [ + "arcadeomat.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAzpXyEATt8+ElxPq650/fkboEC9RvTWqN6UIAl/R4Zu+uDhAZ2ekb + HBjoSbRxu/0w2I37nwWUhEOemxGm4PXCgWrtO0jeRF4nVNYu3ZBppA3vuVALUWq7 + apxRUEL9FdsWQlXGo4PVd20dGaDTi8M/Ggo755MStVTY0rRLluxyPq6VAa015sNg + 4NOFuWm0NDn4e+qrahTCTiSjbCU8rWixm0GktV40kdg0QAiFbEcRhuXF1s9/yojk + 7JT/nFg6LELjWUSSNZnioj5oSfVbThDRelIld9VaAKBAZZ5/zy6T2XSeDfoepytH + 8aw6itEuTCy1M1DTiTG+12SPPw+ubG+NqQIDAQAB + -----END RSA PUBLIC KEY----- + Ed25519PublicKey = n/HMlgTTyLa0fcXqSBO/G6sVOUYh2yZ5PfU4vLI9CJO + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOu6EVN3928qWiWszqBUzOjeQJRvFozTBl4xAhBP/Ymc"; + }; wolf = { ci = true; nets = { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 2475a0d5a..280021347 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -14,7 +14,47 @@ in { dns.providers = { "lassul.us" = "zones"; }; - hosts = mapAttrs hostDefaults { + hosts = mapAttrs (_: recursiveUpdate { + owner = config.krebs.users.lass; + ci = true; + monitoring = true; + }) { + dishfire = { + cores = 4; + nets = rec { + internet = { + ip4 = rec { + addr = "157.90.232.92"; + prefix = "${addr}/32"; + }; + aliases = [ + "dishfire.i" + ]; + ssh.port = 45621; + }; + retiolum = { + via = internet; + ip4.addr = "10.243.133.99"; + ip6.addr = r6 "d15f:1233"; + aliases = [ + "dishfire.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs + Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 + uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK + R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd + vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U + HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.port = 655; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; + }; prism = rec { cores = 4; extraZones = { @@ -31,6 +71,7 @@ in { 60 IN NS ns16.ovh.net. 60 IN NS dns16.ovh.net. 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} IN MX 5 lassul.us. 60 IN TXT v=spf1 mx a:lassul.us -all 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) @@ -58,6 +99,10 @@ in { addr = "95.216.1.150"; prefix = "0.0.0.0/0"; }; + ip6 = { + addr = "2a01:4f9:2a:1e9::1"; + prefix = "2a01:4f9:2a:1e9::/64"; + }; aliases = [ "prism.i" "paste.i" @@ -73,6 +118,7 @@ in { "cache.prism.r" "cgit.prism.r" "flix.r" + "jelly.r" "paste.r" "c.r" "p.r" @@ -529,6 +575,20 @@ in { ci = false; syncthing.id = "PWKVXPB-JCNO6E4-KVIQ7CK-6FSOWHM-AWORMDU-HVVYLKW-44DQTYW-XZT7DQJ"; }; + tablet = { + nets = { + wiregrill = { + ip4.addr = "10.244.1.14"; + ip6.addr = w6 "b"; + aliases = [ + "tablet.w" + ]; + wireguard.pubkey = "eIafsxYEFCqmWNFon6ZsYXeDrK4X1UJ9KD0zmNZjgEI="; + }; + }; + external = true; + ci = false; + }; hilum = { cores = 1; nets = { @@ -777,5 +837,8 @@ in { mail = "lassulus@gmail.com"; pubkey = builtins.readFile ./ssh/android.ed25519; }; + lass-tablet = { + pubkey = builtins.readFile ./ssh/tablet.ed25519; + }; }; } diff --git a/krebs/3modules/lass/ssh/tablet.ed25519 b/krebs/3modules/lass/ssh/tablet.ed25519 new file mode 100644 index 000000000..250be53f7 --- /dev/null +++ b/krebs/3modules/lass/ssh/tablet.ed25519 @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMaulRARjJt6gQ4q5DCj3ySAf4juHvVaIcXDRhWZ5mM u0_a234@localhost
\ No newline at end of file diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 1fa6012cf..167afed2c 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -59,10 +59,13 @@ let users.extraUsers.realwallpaper = { uid = genid "realwallpaper"; + group = "realwallpaper"; home = cfg.workingDir; createHome = true; isSystemUser = true; }; + + users.groups.realwallpaper = {}; }; in diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 7a414e6e3..733db69ca 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -128,9 +128,12 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; + group = "tinc_graphs"; home = "/var/spool/tinc_graphs"; isSystemUser = true; }; + users.groups.tinc_graphs = {}; + services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; virtualHosts = { diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 6a159a5b2..2e336de21 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -194,7 +194,9 @@ let home = cfg.dataDir; createHome = true; isSystemUser = true; + group = user.name; }; + users.groups.${user.name} = {}; }; user = rec { diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index 1b346d4ec..fe13b4309 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -23,7 +23,7 @@ self: super: { "0.10.2" = [ ./flameshot/flameshot_imgur_0.9.0.patch ]; - }.${old.version}; + }.${old.version} or []; }); # https://github.com/proot-me/PRoot/issues/106 diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 594147405..2e6bc6fe7 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "b165ce0c4efbb74246714b5c66b6bcdce8cde175", - "date": "2021-11-01T19:42:18+01:00", - "path": "/nix/store/ccfd4ijkp4rn018sjghkhn4a7gkdq84l-nixpkgs", - "sha256": "1q7n9rk4i8ky2xxiymm72cfq1xra3ss3vkhbwf60rhiblslldgqg", + "rev": "bc5d68306b40b8522ffb69ba6cff91898c2fbbff", + "date": "2021-12-07T01:07:01+09:00", + "path": "/nix/store/3z2f4r7kfkma94zwf083x7cvq8nypw42-nixpkgs", + "sha256": "0c5qjrmh1k2zr15x2i9cp6n1r2pvrlk7hdyfvrwzpk963gc9ssmz", + "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 8bfd16523..603544123 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f", - "date": "2021-10-31T15:33:08-07:00", - "path": "/nix/store/60dqlv3rf8dyf041qwx2bblmpd7mp7q6-nixpkgs", - "sha256": "150rrksrjf6w9m3c1ll04xilpglysklfpi636rxwyy318g5xss55", + "rev": "1bd4bbd49bef217a3d1adea43498270d6e779d65", + "date": "2021-12-07T15:25:15+01:00", + "path": "/nix/store/4gssny5dsr4w6p5v7mni9xl7xs5fkv3c-nixpkgs", + "sha256": "1fx6nqz8x9biwlwsnh67z5qz0fmrdgr01yvmdw2cw9xjx8hyss3s", + "fetchLFS": false, "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 368a3ecb3..bc421a75f 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-21.05' \ + --rev refs/heads/nixos-21.11' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index b033477fe..6be047300 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -56,14 +56,4 @@ xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Button' 2 xinput set-prop 'ETPS/2 Elantech TrackPoint' 'Evdev Wheel Emulation Axes' 6 7 4 5 ''; - - # https://forums.lenovo.com/t5/Fedora/T14s-AMD-Trackpoint-almost-unusable/m-p/5064952?page=4 - # https://bugzilla.kernel.org/show_bug.cgi?id=209167#c1 - boot.kernelPatches = [{ - name = "fix-trackpoint-jumping"; - patch = pkgs.fetchurl { - url = "https://patchwork.kernel.org/project/linux-input/patch/20210729010940.5752-1-phoenix@emc.com.tw/raw/"; - sha256 = "0apbf7c8w830dbdsrmxpip90d5zbg74a939x89jfgpvm5gbdqdjg"; - }; - }]; } diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix new file mode 100644 index 000000000..b814d7188 --- /dev/null +++ b/lass/1systems/dishfire/config.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + ]; + + krebs.build.host = config.krebs.hosts.dishfire; +} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix new file mode 100644 index 000000000..ca013132f --- /dev/null +++ b/lass/1systems/dishfire/physical.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + ./config.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.loader.grub.devices = [ "/dev/sda" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/84053adc-49bc-4e02-8a19-3838bf3a43fd"; + fsType = "ext4"; + }; + + swapDevices = [ ]; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 45f9ae00e..c92a239f9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -284,6 +284,12 @@ with import <stockholm/lib>; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."jelly.r" = { + locations."/".extraConfig = '' + proxy_pass http://10.233.2.14:8096/; + proxy_set_header Accept-Encoding ""; + ''; + }; services.nginx.virtualHosts."flix.r" = { locations."/".extraConfig = '' proxy_pass http://10.233.2.14:80/; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index dc3b4b566..554882bf3 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -21,7 +21,7 @@ with import <stockholm/lib>; download-dir = "/var/download/finished"; incomplete-dir = "/var/download/incoming"; incomplete-dir-enable = true; - rpc-bind-address = "0.0.0.0"; + rpc-bind-address = "::"; message-level = 1; umask = 18; rpc-whitelist-enabled = false; diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index baa891821..1abf51ae6 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -1,27 +1,14 @@ -{ config, lib, pkgs, ...}: +{ config, lib, pkgs, stockholm, ...}: { # generate private key with: # nix-store --generate-binary-cache-key my-secret-key my-public-key services.nix-serve = { enable = true; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + secretKeyFile = toString <secrets> + "/nix-serve.key"; port = 5005; }; - systemd.services.nix-serve = { - after = [ - config.krebs.secret.files.nix-serve-key.service - ]; - partOf = [ - config.krebs.secret.files.nix-serve-key.service - ]; - }; - krebs.secret.files.nix-serve-key = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString <secrets> + "/nix-serve.key"; - }; services.nginx = { enable = true; virtualHosts.nix-serve = { diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index d8f1ae888..b84221155 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -11,9 +11,22 @@ with (import <stockholm/lib>); pkgs.bitlbee-discord ]; libpurple_plugins = [ - # pkgs.telegram-purple - pkgs.tdlib-purple + pkgs.telegram-purple + # pkgs.tdlib-purple # pkgs.purple-gowhatsapp ]; }; + + users.users.bitlbee = { + uid = genid_uint31 "bitlbee"; + isSystemUser = true; + group = "bitlbee"; + }; + users.groups.bitlbee = {}; + + systemd.services.bitlbee.serviceConfig = { + DynamicUser = lib.mkForce false; + User = "bitlbee"; + StateDirectory = lib.mkForce null; + }; } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index be9c32809..b303df938 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -119,13 +119,10 @@ in { services.mosquitto = { enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - users.gg23 = { - password = "gg23-mqtt"; - acl = [ "topic readwrite #" ]; - }; + listeners = [{ + acl = [ "topic pattern readwrite #" ]; + users.gg23 = { acl = [ "topic readwrite #" ]; password = "gg23-mqtt"; }; + }]; }; environment.systemPackages = [ pkgs.mosquitto ]; diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix index aa3eb541d..fb803dd77 100644 --- a/lass/2configs/prism-share.nix +++ b/lass/2configs/prism-share.nix @@ -14,7 +14,10 @@ with import <stockholm/lib>; description = "smb guest user"; home = "/home/share"; createHome = true; + group = "share"; }; + users.groups.share = {}; + services.samba = { enable = true; enableNmbd = true; diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index c3d4de84d..b1011ced0 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -28,23 +28,22 @@ session required pam_permit.so ''; - security.pam.services.dovecot2 = { - text = '' - auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} - auth required pam_permit.so - account required pam_permit.so - session required pam_permit.so - session required pam_env.so envfile=${config.system.build.pamEnvironment} - ''; - }; + security.pam.services.dovecot2.text = '' + auth required pam_exec.so expose_authtok /run/wrappers/bin/shadow_verify_pam ${cfg.pattern} + auth required pam_permit.so + account required pam_permit.so + session required pam_permit.so + ''; security.wrappers.shadow_verify_pam = { source = "${usershadow}/bin/verify_pam"; owner = "root"; + group = "root"; }; security.wrappers.shadow_verify_arg = { source = "${usershadow}/bin/verify_arg"; owner = "root"; + group = "root"; }; }; diff --git a/lib/types.nix b/lib/types.nix index c50969de7..b6c266c33 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -113,7 +113,7 @@ rec { default = null; }; addrs = mkOption { - type = listOf addr; + type = listOf (either addr str); default = optional (config.ip4 != null) config.ip4.addr ++ optional (config.ip6 != null) config.ip6.addr; @@ -187,6 +187,8 @@ rec { [config.extraConfig] ++ [config.pubkey] + ++ + optional (config.weight != null) "Weight = ${toString config.weight}" ); defaultText = '' Address = ‹addr› ‹port› # for each ‹net.via.addrs› @@ -217,6 +219,15 @@ rec { description = "tinc subnets"; default = []; }; + weight = mkOption { + type = nullOr int; + description = '' + global tinc weight (latency in ms) of this particular node. + can be set to some high value to make it unprobable to be used as router. + if set to null, tinc will autogenerate the value based on latency. + ''; + default = if net.via != null then null else 300; + }; }; })); default = null; diff --git a/makefu/0tests/data/secrets/hass/tile.nix b/makefu/0tests/data/secrets/hass/tile.nix new file mode 100644 index 000000000..cbcf433f7 --- /dev/null +++ b/makefu/0tests/data/secrets/hass/tile.nix @@ -0,0 +1,4 @@ +{ + username = "lol"; + password = "wut"; +} diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix index 346de10ba..3edfffb78 100644 --- a/makefu/1systems/filepimp/config.nix +++ b/makefu/1systems/filepimp/config.nix @@ -17,12 +17,6 @@ in { krebs.build.host = config.krebs.hosts.filepimp; networking.firewall.trustedInterfaces = [ itf ]; + networking.interfaces.${itf}.wakeOnLan.enable = true; - services.wakeonlan.interfaces = [ - { - interface = itf ; - method = "password"; - password = "CA:FE:BA:BE:13:37"; - } - ]; } diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 1cd569947..39c0554e0 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -159,7 +159,7 @@ in { <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix> - <stockholm/makefu/2configs/shiori.nix> + # <stockholm/makefu/2configs/shiori.nix> # <stockholm/makefu/2configs/workadventure> <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix index ba4e3207b..6915e4137 100644 --- a/makefu/1systems/iso/target-config.nix +++ b/makefu/1systems/iso/target-config.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { imports = [ ./hardware-configuration.nix ./generated.nix ]; @@ -33,8 +33,8 @@ defaultLocale = "en_US.UTF-8"; }; boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; + "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; + "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; }; services.nscd.enable = false; } diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 6afe792ec..0b4aaacb3 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -75,7 +75,7 @@ in { # Logging #influx + grafana <stockholm/makefu/2configs/stats/server.nix> - <stockholm/makefu/2configs/stats/nodisk-client.nix> + # <stockholm/makefu/2configs/stats/nodisk-client.nix> # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf> diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 550afbeae..60f4f7b72 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -100,7 +100,7 @@ in { networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedTCPPorts = [ 655 - 8081 #smokeping + 8081 # smokeping 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; @@ -111,15 +111,15 @@ in { # Port = 1655 # ''; #}; - boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_latest; # rt2870.bin wifi card, part of linux-unfree hardware.enableRedistributableFirmware = true; nixpkgs.config.allowUnfree = true; # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # not explicitly setting the interface results in wpa_supplicant to crash - networking.interfaces.virbr1.ipv4.addresses = [{ - address = "10.8.8.11"; - prefixLength = 24; - }]; + #networking.interfaces.virbr1.ipv4.addresses = [{ + # address = "10.8.8.11"; + # prefixLength = 24; + #}]; # nuc hardware } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index dee6bd70e..224277861 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -178,6 +178,7 @@ # temporary # { services.redis.enable = true; } # { services.mongodb.enable = true; } + # { services.elasticsearch.enable = true; } # <stockholm/makefu/2configs/deployment/nixos.wiki> # <stockholm/makefu/2configs/home/photoprism.nix> # <stockholm/makefu/2configs/dcpp/airdcpp.nix> diff --git a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix index ba10ae74b..b35019793 100644 --- a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix +++ b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix @@ -12,7 +12,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index d9a2869cc..b8ca49b74 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -39,7 +39,9 @@ in { home = stateDir; isSystemUser = true; createHome = true; + group = ddclientUser; }; + users.groups.${ddclientUser} = {}; systemd.services = { ddclient-nsupdate-uhub = { @@ -80,32 +82,36 @@ in { users.users.uhub = { home = uhubDir; createHome = true; + isSystemUser = true; + group = "uhub"; }; - services.uhub = { + users.groups.uhub = {}; + services.uhub.home = { enable = true; - port = 1511; enableTLS = true; - hubConfig = '' - hub_name = "krebshub" - tls_certificate = ${uhubDir}/uhub.crt - tls_private_key = ${uhubDir}/uhub.key - registered_users_only = true - ''; - plugins = { - welcome = { - enable = true; - motd = "shareit"; - rules = "1. Don't be an asshole"; - }; - history = { - enable = true; - }; - authSqlite = { - enable = true; - file = "${uhubDir}/uhub.sql"; - }; - + settings = { + server_port = 1511; + hub_name = "krebshub"; + tls_certificate = "${uhubDir}/uhub.crt"; + tls_private_key = "${uhubDir}/uhub.key"; + registered_users_only = true; }; + plugins = [ + { + plugin = "${pkgs.uhub}/plugins/mod_auth_sqlite.so"; + settings.file = "${uhubDir}/uhub.sql"; + } + { + plugin = "${pkgs.uhub}/plugins/mod_welcome.so"; + settings.motd = "shareit"; + settings.rules = "1. Don't be an asshole"; + } + { + plugin = "${pkgs.uhub}/plugins/mod_history.so"; + settings.motd = "shareit"; + settings.rules = "1. Don't be an asshole"; + } + ]; }; networking.firewall.allowedTCPPorts = [ 411 1511 ]; } diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 52206c380..bb5c057be 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -75,10 +75,10 @@ with import <stockholm/lib>; auto-optimise-store = true ''; - security.wrappers.sendmail = { - source = "${pkgs.exim}/bin/sendmail"; - setuid = true; - }; + #security.wrappers.sendmail = { + # source = "${pkgs.exim}/bin/sendmail"; + # setuid = true; + #}; services.journald.extraConfig = '' SystemMaxUse=1G RuntimeMaxUse=128M diff --git a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix b/makefu/2configs/deployment/gecloudpad/gecloudpad.nix index 7d51dfa0d..6f20ff579 100644 --- a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix +++ b/makefu/2configs/deployment/gecloudpad/gecloudpad.nix @@ -11,8 +11,8 @@ with pkgs.python3Packages;buildPythonPackage rec { src = fetchFromGitHub { owner = "binaergewitter"; repo = "gecloudpad"; - rev = "master"; - sha256 = "0p9lcphp3r7hyypxadzw4x9ix6d0anmspxnjnj0v2jjll8gxqlhf"; + rev = "1399ede4e609f63fbf1c4560979a6b22b924e0c5"; + sha256 = "1w74j5ks7naalzrib87r0adq20ik5x3x5l520apagb7baszn17lb"; }; meta = { diff --git a/makefu/2configs/editor/neovim/default.nix b/makefu/2configs/editor/neovim/default.nix index e7e59373a..a6fc1abc1 100644 --- a/makefu/2configs/editor/neovim/default.nix +++ b/makefu/2configs/editor/neovim/default.nix @@ -29,7 +29,11 @@ enable = true; withPython3 = true; # withNodeJs = true; - extraPython3Packages = (ps: with ps; [ python-language-server pyls-mypy black libxml2]); + extraPython3Packages = (ps: with ps; [ + # python-language-server + # pyls-mypy + black libxml2 + ]); extraConfig = builtins.readFile ./vimrc; plugins = with pkgs.vimPlugins;[ undotree diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index abbdcbbb2..850d432f3 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -9,7 +9,9 @@ in { uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; + group = "share"; }; + users.groups.share = {}; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index e49843cfe..54ee9f9e5 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -16,8 +16,8 @@ loader.grub.version = 2; loader.grub.device = lib.mkDefault "/dev/sda"; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["cbc" "hmac" "sha256" "rng" "aes" "encrypted_keys" "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; fileSystems = { "/" = { diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 2f6a26d82..dc28cf4d2 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -17,7 +17,7 @@ user = "makefu"; }; displayManager.defaultSession = "gnome"; - desktopManager.gnome3.enable = true; + desktopManager.gnome.enable = true; displayManager.sessionCommands = '' ${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms ${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1 diff --git a/makefu/2configs/home/ham/automation/light_buttons.nix b/makefu/2configs/home/ham/automation/light_buttons.nix index 62fc87bb4..1892917c4 100644 --- a/makefu/2configs/home/ham/automation/light_buttons.nix +++ b/makefu/2configs/home/ham/automation/light_buttons.nix @@ -1,27 +1,53 @@ let inherit (import ../lib) btn_cycle_light; - turn_off_all = btn: #lights: - { - alias = "Turn of all lights via ${btn} double click"; - trigger = { - platform = "state"; - entity_id = "sensor.${btn}_click"; - to = "double"; - }; - action = { - service = "light.turn_off"; - #entity_id = lights; - entity_id = "all"; - }; - }; in { services.home-assistant.config.automation = [ # (btn_cycle_light "light.arbeitszimmerbeleuchtung" "arbeitszimmer_btn1") (btn_cycle_light "light.schlafzimmer_komode_osram" "schlafzimmer_btn2" 128) - - (btn_cycle_light "light.keller_osram" "keller_btn1" 128) + { + alias = "toggle keller"; + trigger = { + platform = "state"; + entity_id = "sensor.keller_btn1_click"; + to = "single"; + }; + action = { + service = "light.toggle"; + #entity_id = lights; + data = { + entity_id = "light.keller_osram"; + brightness = 255; + }; + }; + } + { + alias = "low brightness keller with doubleclick"; + trigger = { + platform = "state"; + entity_id = "sensor.keller_btn1_click"; + to = "double"; + }; + action = { + service = "light.toggle"; + data = { + entity_id = "light.keller_osram"; + brightness = 50; + }; + }; + } # (btn_cycle_light "light.wohnzimmerbeleuchtung" "wohnzimmer_btn3") - (turn_off_all "schlafzimmer_btn2" ) + { + alias = "Turn of all lights via schlafzimmer_btn2 double click"; + trigger = { + platform = "state"; + entity_id = "sensor.schlafzimmer_btn2_click"; + to = "double"; + }; + action = { + service = "light.turn_off"; + entity_id = "all"; + }; + } ]; } diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index 6ab3cd46c..e17cfc35d 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -23,6 +23,7 @@ in { # ./multi/fliegen-couter.nix ./device_tracker/openwrt.nix + ./device_tracker/tile.nix ./sensor/outside.nix diff --git a/makefu/2configs/home/ham/device_tracker/tile.nix b/makefu/2configs/home/ham/device_tracker/tile.nix new file mode 100644 index 000000000..ad1e6c15d --- /dev/null +++ b/makefu/2configs/home/ham/device_tracker/tile.nix @@ -0,0 +1,10 @@ +{ + + services.home-assistant.config.device_tracker = + [ + { inherit (import <secrets/hass/tile.nix>) username password; + platform = "tile"; + show_inactive = true; + } + ]; +} diff --git a/makefu/2configs/home/ham/light/arbeitszimmer.nix b/makefu/2configs/home/ham/light/arbeitszimmer.nix index bc60678b3..45fbfb57b 100644 --- a/makefu/2configs/home/ham/light/arbeitszimmer.nix +++ b/makefu/2configs/home/ham/light/arbeitszimmer.nix @@ -6,7 +6,8 @@ let ]; arbeitszimmerbeleuchtung = [ "light.arbeitszimmer_schrank_dimmer" - "light.arbeitszimmer_kerze" # arbeitszimmer_kerze + "light.arbeitszimmer_kerze" + "light.arbeitszimmer_pflanzenlicht" ]; in { services.home-assistant.config.light = [ @@ -20,5 +21,22 @@ in { name = "Arbeitszimmer Deko"; entities = arbeitszimmer_deko; } + { platform = "switch"; + name = "Arbeitszimmer Pflanzenlicht"; + entity_id = "switch.arbeitszimmer_stecker1"; + } + ]; + services.home-assistant.config.automation = [ + { + alias = "Toggle Arbeitszimmerbeleuchtung via Remote"; + trigger = { + platform = "state"; + entity_id = "sensor.arbeitszimmer_remote1_action"; + }; + action = { + service = "light.toggle"; + data.entity_id = "light.arbeitszimmerbeleuchtung"; + }; + } ]; } diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix index cd1c328d7..c90afff4a 100644 --- a/makefu/2configs/home/ham/mqtt.nix +++ b/makefu/2configs/home/ham/mqtt.nix @@ -1,24 +1,31 @@ { pkgs, config, ... }: { + environment.systemPackages = [ pkgs.mosquitto ]; + # port open via trusted interface services.mosquitto = { enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - # see <host>/mosquitto - users.sensor = { - hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; - acl = [ "topic readwrite #" ]; - }; - users.hass = { - hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; - acl = [ "topic readwrite #" ]; - }; - users.stats = { - hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; - acl = [ "topic read #" ]; - }; + persistence = false; + settings.max_keepalive = 60; + listeners = [ + { + port = 1883; + omitPasswordAuth = false; + users.sensor = { + hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; + acl = [ "topic readwrite #" ]; + }; + users.hass = { + hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; + acl = [ "topic readwrite #" ]; + }; + users.stats = { + hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; + acl = [ "topic read #" ]; + }; + settings = { + allow_anonymous = false; + }; + } + ]; }; - environment.systemPackages = [ pkgs.mosquitto ]; - # port open via trusted interface } diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 0bd29497d..e2fa58c4b 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -7,7 +7,9 @@ description = "smb guest user"; home = "/data/lanparty"; createHome = true; + group = "share"; }; + users.groups.share = {}; services.samba = { enable = true; enableNmbd = true; diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix index 445e6c577..1761f65e2 100644 --- a/makefu/2configs/minimal.nix +++ b/makefu/2configs/minimal.nix @@ -78,8 +78,8 @@ # Enable IPv6 Privacy Extensions boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; + "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; + "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; }; } diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index 9d1da8392..cba43e22d 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -2,12 +2,18 @@ { services.mosquitto = { enable = true; - host = "0.0.0.0"; - users = {}; - # TODO: secure that shit - aclExtraConf = '' - pattern readwrite # - ''; - allowAnonymous = true; + persistence = false; + settings.max_keepalive = 60; + listeners = [ + { + port = 1883; + omitPasswordAuth = true; + users = {}; + settings = { + allow_anonymous = true; + }; + acl = [ "topic readwrite #" "pattern readwrite #" ]; + } + ]; }; } diff --git a/makefu/2configs/nix-community/supervision.nix b/makefu/2configs/nix-community/supervision.nix index f648b9c17..cd4b6567b 100644 --- a/makefu/2configs/nix-community/supervision.nix +++ b/makefu/2configs/nix-community/supervision.nix @@ -6,6 +6,7 @@ in { networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT ''; services.telegraf = { diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix index 2f8f4acc4..3b6518f60 100644 --- a/makefu/2configs/nsupdate-data.nix +++ b/makefu/2configs/nsupdate-data.nix @@ -28,14 +28,16 @@ let ''; in { - users.extraUsers = singleton { + users.users.${ddclientUser} = { name = ddclientUser; - uid = genid "ddclient"; + uid = genid ddclientUser; description = "ddclient daemon user"; home = stateDir; createHome = true; isSystemUser = true; + group = ddclientUser; }; + users.groups.${ddclientUser} = {}; systemd.services = { ddclient-nsupdate-elchos = { diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 308142f03..93536b63d 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -14,7 +14,9 @@ in { uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/var/empty"; + group = "share"; }; + users.groups.share = {}; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index 56beb5b42..bcfddc112 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -13,7 +13,9 @@ description = "smb guest user"; home = "/home/share"; createHome = true; + group = "smbguest"; }; + users.groups.smbguest = {}; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index f2c36b551..9e5f8ddf5 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -7,7 +7,9 @@ description = "smb guest user"; home = "/home/share"; createHome = true; + group = "smbguest"; }; + users.groups.smbguest = {}; users.groups.mpd.members = [ "makefu" ]; services.samba = { enable = true; diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index c8ccbfbb9..0ea05e779 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -24,7 +24,9 @@ in { inherit home; createHome = true; isSystemUser = true; + group = "arafetch"; }; + users.groups.arafetch = {}; systemd.services.ara2mqtt = { startAt = "05:00:00"; diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 766aacb9e..1f622a8e0 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -6,7 +6,7 @@ # mitmproxy nmap msf - drozer + #drozer #dex2jar apktool jd-gui diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 94e77e636..918d950f2 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -3,9 +3,10 @@ { users.users.makefu.packages = with pkgs;[ (python3.withPackages(ps: [ - ps.python-language-server + #ps.python-language-server # the following plugins are optional, they provide type checking, import sorting and code formatting - ps.pyls-mypy ps.pyls-isort ps.pyls-black + # ps.pyls-mypy ps.pyls-isort ps.pyls-black + ps.virtualenv ps.pyserial ps.virtualenv ])) # embedded diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 763603dfd..4bd0c25f4 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -20,6 +20,9 @@ # rambox vscode + + # 3d Modelling chitubox + freecad ]; } diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 93424815d..3620bc568 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -34,9 +34,9 @@ in { https://pypi.python.org/simple/pyserial/ https://pypi.python.org/simple/semantic_version/ # weird shit - { url = "https://www.zigbee2mqtt.io/information/supported_adapters.html"; - filter = "html2text"; - } + #{ url = "https://www.zigbee2mqtt.io/guide/adapters/"; + # filter = "html2text"; + #} http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix index 30070430c..bb2abd9a5 100644 --- a/makefu/3modules/ps3netsrv.nix +++ b/makefu/3modules/ps3netsrv.nix @@ -51,6 +51,7 @@ let users.users.ps3netsrv = { uid = genid "ps3netsrv"; isSystemUser = true; + group = "ps3netsrv"; }; users.groups.ps3netsrv.gid = genid "ps3netsrv"; }; diff --git a/makefu/5pkgs/beef/default.nix b/makefu/5pkgs/beef/default.nix index d444dbded..c99577caf 100644 --- a/makefu/5pkgs/beef/default.nix +++ b/makefu/5pkgs/beef/default.nix @@ -1,4 +1,4 @@ -{ stdenv, bundlerEnv, ruby, fetchFromGitHub, nodejs }: +{ stdenv, lib, bundlerEnv, ruby, fetchFromGitHub, nodejs }: # nix-shell --command "bundler install && bundix" in the clone, copy gemset.nix, Gemfile and Gemfile.lock let gems = bundlerEnv { @@ -35,7 +35,7 @@ EOF chmod +x $bin ''; - meta = with stdenv.lib; { + meta = with lib; { homepage = https://beefproject.com/; description = "The Browser Exploitation Framework"; platforms = platforms.linux; diff --git a/makefu/5pkgs/bintray-upload/default.nix b/makefu/5pkgs/bintray-upload/default.nix index 099b8ca88..725ced12d 100644 --- a/makefu/5pkgs/bintray-upload/default.nix +++ b/makefu/5pkgs/bintray-upload/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: pkgs.python3Packages.buildPythonPackage rec { name = "bintray-upload-${version}"; @@ -14,6 +14,6 @@ pkgs.python3Packages.buildPythonPackage rec { meta = { description = "Simple BinTray utility for uploading packages"; - license = pkgs.stdenv.lib.licenses.asl20; + license = lib.licenses.asl20; }; } diff --git a/makefu/5pkgs/cmpforopenssl/default.nix b/makefu/5pkgs/cmpforopenssl/default.nix index 3b9a20098..b8934357a 100644 --- a/makefu/5pkgs/cmpforopenssl/default.nix +++ b/makefu/5pkgs/cmpforopenssl/default.nix @@ -1,8 +1,8 @@ -{ stdenv, fetchurl, buildPackages, perl, fetchgit +{ stdenv, lib, fetchurl, buildPackages, perl, fetchgit , hostPlatform }: -with stdenv.lib; +with lib; let @@ -70,8 +70,8 @@ let meta = { homepage = https://sourceforge.net/p/cmpforopenssl ; description = "A cryptographic library that implements the SSL and TLS protocols"; - platforms = stdenv.lib.platforms.all; - maintainers = [ stdenv.lib.maintainers.makefu ]; + platforms = lib.platforms.all; + maintainers = [ lib.maintainers.makefu ]; priority = 0; # resolves collision with ‘man-pages’ }; }; diff --git a/makefu/5pkgs/custom/alsa-tools/default.nix b/makefu/5pkgs/custom/alsa-tools/default.nix index 5134c10ec..386b08704 100644 --- a/makefu/5pkgs/custom/alsa-tools/default.nix +++ b/makefu/5pkgs/custom/alsa-tools/default.nix @@ -1,4 +1,4 @@ -{stdenv,alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}: +{stdenv, lib, alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}: stdenv.mkDerivation rec { name = "alsa-${alsaToolTarget}-${version}"; @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { homepage = http://www.alsa-project.org/; description = "ALSA tools - ${name}"; - platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.makefu ]; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.makefu ]; }; } diff --git a/makefu/5pkgs/custom/qcma/default.nix b/makefu/5pkgs/custom/qcma/default.nix index dfb57c880..670822f33 100644 --- a/makefu/5pkgs/custom/qcma/default.nix +++ b/makefu/5pkgs/custom/qcma/default.nix @@ -22,9 +22,9 @@ let meta = { description = "Content Manager Assistant for the PS Vita"; homepage = https://github.com/codestation/qcma; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; + license = lib.licenses.gpl2; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ makefu ]; }; }; in stdenv.mkDerivation rec { @@ -50,8 +50,8 @@ in stdenv.mkDerivation rec { meta = { description = "Content Manager Assistant for the PS Vita"; homepage = https://github.com/codestation/qcma; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; + license = lib.licenses.gpl2; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ makefu ]; }; } diff --git a/makefu/5pkgs/debmirror/default.nix b/makefu/5pkgs/debmirror/default.nix index d1f007de6..69c29481d 100644 --- a/makefu/5pkgs/debmirror/default.nix +++ b/makefu/5pkgs/debmirror/default.nix @@ -1,4 +1,4 @@ -{ stdenv, pkgs, fetchgit }: +{ stdenv, lib, pkgs, fetchgit }: pkgs.perlPackages.buildPerlPackage rec { pname = "debmirror"; @@ -34,8 +34,8 @@ pkgs.perlPackages.buildPerlPackage rec { meta = { description = "mirror apt repos"; homepage = https://tracker.debian.org/pkg/debmirror; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; + license = lib.licenses.gpl2; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ makefu ]; }; } diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 2d54455e6..0040b2786 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -20,12 +20,12 @@ with super.lib; with builtins; let (filterAttrs (_: eq "directory") (readDir path)); in { - quodlibet = super.pkgs.stdenv.lib.overrideDerivation super.quodlibet (old: { + quodlibet = super.pkgs.lib.overrideDerivation super.quodlibet (old: { doCheck = false; # 1 error because of warnings (possibly upstream) patches = [ ./custom/quodlibet/single-digit-discnumber.patch ./custom/quodlibet/remove-override-warning.patch ]; }); - #rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: { + #rclone = super.pkgs.lib.overrideDerivation super.rclone (old: { # postInstall = old.postInstall + '' # $out/bin/rclone genautocomplete zsh _rclone diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix index 6515ea3d1..ac79482f4 100644 --- a/makefu/5pkgs/devpi/default.nix +++ b/makefu/5pkgs/devpi/default.nix @@ -1,5 +1,5 @@ { pkgs ? import <nixpkgs> {} }: -with pkgs.stdenv.lib; +with pkgs.lib; let readme-renderer = pkgs.python3Packages.buildPythonPackage rec { diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix index 1f353e477..22d720f33 100644 --- a/makefu/5pkgs/drozer/default.nix +++ b/makefu/5pkgs/drozer/default.nix @@ -30,5 +30,6 @@ pythonPackages.buildPythonApplication rec { homepage = https://github.com/mwrlabs/drozer/; description = "The Leading Security Assessment Framework for Android"; license = lib.licenses.bsd2; + broken = true; }; } diff --git a/makefu/5pkgs/gen-oath-safe/default.nix b/makefu/5pkgs/gen-oath-safe/default.nix index bad4b08a8..bdd48f407 100644 --- a/makefu/5pkgs/gen-oath-safe/default.nix +++ b/makefu/5pkgs/gen-oath-safe/default.nix @@ -1,4 +1,4 @@ -{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, ... }: +{ coreutils, makeWrapper, openssl, libcaca, qrencode, fetchFromGitHub, yubikey-manager, python, stdenv, lib, ... }: stdenv.mkDerivation { name = "gen-oath-safe-2017-06-30"; @@ -19,7 +19,7 @@ stdenv.mkDerivation { installPhase = let - path = stdenv.lib.makeBinPath [ + path = lib.makeBinPath [ coreutils openssl qrencode diff --git a/makefu/5pkgs/kalauerbot/default.nix b/makefu/5pkgs/kalauerbot/default.nix index f8ad7c12d..42de86d50 100644 --- a/makefu/5pkgs/kalauerbot/default.nix +++ b/makefu/5pkgs/kalauerbot/default.nix @@ -1,4 +1,4 @@ -{ stdenv, python3, fetchgit }: +{ stdenv, lib, python3, fetchgit }: python3.pkgs.buildPythonPackage rec { name = "kalauerbot"; rev = "f244b35"; @@ -9,12 +9,12 @@ rev = "f244b35"; }; propagatedBuildInputs = with python3.pkgs;[ (callPackage ./python-matrixbot.nix { - matrix-client = (stdenv.lib.overrideDerivation matrix-client (self: { + matrix-client = (lib.overrideDerivation matrix-client (self: { patches = [ ./badsync.patch ]; })); }) - (stdenv.lib.overrideDerivation googletrans (self: { + (lib.overrideDerivation googletrans (self: { patches = [ ./translate.patch ]; })) ]; diff --git a/makefu/5pkgs/logstash-input-rss/default.nix b/makefu/5pkgs/logstash-input-rss/default.nix index af66359ef..ca9be15ce 100644 --- a/makefu/5pkgs/logstash-input-rss/default.nix +++ b/makefu/5pkgs/logstash-input-rss/default.nix @@ -24,8 +24,8 @@ stdenv.mkDerivation rec { meta = with lib; { description = "logstash output plugin"; homepage = https://github.com/logstash-plugins/logstash-input-rss; - license = stdenv.lib.licenses.asl20; - platforms = stdenv.lib.platforms.unix; + license = lib.licenses.asl20; + platforms = lib.platforms.unix; maintainers = with maintainers; [ makefu ]; }; } diff --git a/makefu/5pkgs/logstash-output-exec/default.nix b/makefu/5pkgs/logstash-output-exec/default.nix index d1de851c7..de85545a7 100644 --- a/makefu/5pkgs/logstash-output-exec/default.nix +++ b/makefu/5pkgs/logstash-output-exec/default.nix @@ -25,8 +25,8 @@ stdenv.mkDerivation rec { meta = with lib; { description = "logstash output plugin"; homepage = https://github.com/logstash-plugins/logstash-output-exec; - license = stdenv.lib.licenses.asl20; - platforms = stdenv.lib.platforms.unix; + license = lib.licenses.asl20; + platforms = lib.platforms.unix; maintainers = with maintainers; [ makefu ]; }; } diff --git a/makefu/5pkgs/novnc/default.nix b/makefu/5pkgs/novnc/default.nix index 7da8e9be1..b3b5ed0d4 100644 --- a/makefu/5pkgs/novnc/default.nix +++ b/makefu/5pkgs/novnc/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgs }: +{ stdenv, lib, fetchurl, pkgs }: # source: https://github.com/hyphon81/Nixtack/blob/master/noVNC/noVNC.nix let in @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { url = "https://github.com/novnc/noVNC/archive/v${version}.tar.gz"; sha256 = "16ygbdzdmnfg9a26d9il4a6fr16qmq0ix9imfbpzl0drfbj7z8kh"; }; - p = stdenv.lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify + p = lib.makeBinPath [ pkgs.nettools pkgs.python27Packages.websockify pkgs.coreutils pkgs.which pkgs.procps ]; patchPhase = '' sed -i '1aset -efu\nexport PATH=${p}\n' utils/launch.sh @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { cp vnc_auto.html $out ''; - meta = with stdenv.lib; { + meta = with lib; { homepage = http://novnc.com/info.html; repositories.git = git://github.com/novnc/noVNC.git; description = '' diff --git a/makefu/5pkgs/ns-atmosphere-programmer/default.nix b/makefu/5pkgs/ns-atmosphere-programmer/default.nix index 88a408578..c17e0ac76 100644 --- a/makefu/5pkgs/ns-atmosphere-programmer/default.nix +++ b/makefu/5pkgs/ns-atmosphere-programmer/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchzip +{ stdenv, fetchzip, lib , makeWrapper , autoPatchelfHook , xlibs @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { dontStrip = true; - meta = with stdenv.lib; { + meta = with lib; { description = "Payload programmer for ns-atmosphere injector for nintendo switch"; homepage = http://www.ns-atmosphere.com; maintainers = [ maintainers.makefu ]; diff --git a/makefu/5pkgs/nx_game_info/default.nix b/makefu/5pkgs/nx_game_info/default.nix index 89880d59c..bf64dc90e 100644 --- a/makefu/5pkgs/nx_game_info/default.nix +++ b/makefu/5pkgs/nx_game_info/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl , mono , unzip +{ lib, stdenv, fetchurl , mono , unzip, }: stdenv.mkDerivation rec { pname = "NX_Game_Info"; @@ -25,8 +25,8 @@ stdenv.mkDerivation rec { meta = { description = "Tool to read information from Nintendo Switch game files"; homepage = https://github.com/garoxas/NX_Game_Info; - license = stdenv.lib.licenses.gpl3; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; + license = lib.licenses.gpl3; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ makefu ]; }; } diff --git a/makefu/5pkgs/pavumeter/default.nix b/makefu/5pkgs/pavumeter/default.nix index b1822530a..03f179cc1 100644 --- a/makefu/5pkgs/pavumeter/default.nix +++ b/makefu/5pkgs/pavumeter/default.nix @@ -23,8 +23,8 @@ stdenv.mkDerivation rec { meta = { description = "PulseAudio volumene meter"; homepage = http://0pointer.de/lennart/projects/pavumeter; - license = stdenv.lib.licenses.gpl2; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; + license = lib.licenses.gpl2; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ makefu ]; }; } diff --git a/makefu/5pkgs/studio-link/default.nix b/makefu/5pkgs/studio-link/default.nix index 3a02e365c..4189846d5 100644 --- a/makefu/5pkgs/studio-link/default.nix +++ b/makefu/5pkgs/studio-link/default.nix @@ -1,4 +1,5 @@ { stdenv +, lib , fetchurl , alsaLib , unzip @@ -34,7 +35,7 @@ stdenv.mkDerivation rec { install -m755 -D studio-link-standalone-v${version} $out/bin/studio-link ''; - meta = with stdenv.lib; { + meta = with lib; { homepage = https://studio-link.com; description = "Voip transfer"; platforms = platforms.linux; diff --git a/makefu/5pkgs/uhub/default.nix b/makefu/5pkgs/uhub/default.nix deleted file mode 100644 index 66dfebc3b..000000000 --- a/makefu/5pkgs/uhub/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ stdenv, fetchpatch, fetchFromGitHub, cmake, openssl, sqlite, pkgconfig, systemd -, tlsSupport ? false }: - -assert tlsSupport -> openssl != null; - -stdenv.mkDerivation rec { - pname = "uhub"; - version = "2019-06-18"; - - src = fetchFromGitHub { - owner = "janvidar"; - repo = "uhub"; - rev = "78a703924064a92cedeb0a5aab5a80d8f77db73e"; - sha256 = "1dqmj08salhbcdlkglbi03hn9jzgmhjqlb0iysafpzrrwi0mca1z"; - }; - - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ cmake sqlite systemd ] ++ stdenv.lib.optional tlsSupport openssl; - - outputs = [ "out" - "mod_example" - "mod_welcome" - "mod_logging" - "mod_auth_simple" - "mod_auth_sqlite" - "mod_chat_history" - "mod_chat_only" - "mod_topic" - "mod_no_guest_downloads" - ]; - - patches = [ - <nixpkgs/pkgs/servers/uhub/plugin-dir.patch> - ]; - - cmakeFlags = '' - -DSYSTEMD_SUPPORT=ON - ${if tlsSupport then "-DSSL_SUPPORT=ON" else "-DSSL_SUPPORT=OFF"} - ''; - - meta = with stdenv.lib; { - description = "High performance peer-to-peer hub for the ADC network"; - homepage = https://www.uhub.org/; - license = licenses.gpl3; - maintainers = [ maintainers.ehmry ]; - platforms = platforms.unix; - }; -} diff --git a/makefu/5pkgs/v4l2loopback-dc/default.nix b/makefu/5pkgs/v4l2loopback-dc/default.nix index 2bb9d3d0b..416831e5e 100644 --- a/makefu/5pkgs/v4l2loopback-dc/default.nix +++ b/makefu/5pkgs/v4l2loopback-dc/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, kernel, kmod }: +{ stdenv, lib, fetchFromGitHub, kernel, kmod }: stdenv.mkDerivation rec { name = "v4l2loopback-dc-${version}-${kernel.version}"; @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { "INSTALL_MOD_PATH=$(out)" ]; - meta = with stdenv.lib; { + meta = with lib; { description = "A kernel module to create V4L2 loopback devices"; homepage = "https://github.com/aramg/droidcam"; license = licenses.gpl2; diff --git a/makefu/5pkgs/xdcc-dl/default.nix b/makefu/5pkgs/xdcc-dl/default.nix index d9fdc3d2b..26264beb1 100644 --- a/makefu/5pkgs/xdcc-dl/default.nix +++ b/makefu/5pkgs/xdcc-dl/default.nix @@ -11,7 +11,7 @@ let inherit (pkgs) makeWrapper; - inherit (pkgs.stdenv.lib) fix' extends inNixShell; + inherit (pkgs.lib) fix' extends inNixShell; pythonPackages = import "${toString pkgs.path}/pkgs/top-level/python-packages.nix" { @@ -73,7 +73,7 @@ let propagatedBuildInputs = [ self."six" ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.mit; description = "Run JavaScript code from Python"; @@ -91,7 +91,7 @@ let propagatedBuildInputs = [ self."beautifulsoup4" ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.mit; description = "Screen-scraping library"; @@ -106,7 +106,7 @@ let doCheck = commonDoCheck; buildInputs = commonBuildInputs; propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = "MPL-2.0"; description = "Python package for providing Mozilla's CA Bundle."; @@ -124,7 +124,7 @@ let self."PyExecJS" self."requests" ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = ""; description = "A simple Python module to bypass Cloudflare's anti-bot page. See https://github.com/Anorov/cloudflare-scrape for more information."; @@ -139,7 +139,7 @@ let doCheck = commonDoCheck; buildInputs = commonBuildInputs; propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.psfl; description = "Type Hints for Python"; @@ -155,7 +155,7 @@ let doCheck = commonDoCheck; buildInputs = commonBuildInputs; propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.lgpl2; description = "A full-featured console (xterm et al.) user interface library"; @@ -177,7 +177,7 @@ let self."typing" self."urwid" ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.gpl3; description = "An XDCC File Downloader based on the irclib framework"; diff --git a/makefu/5pkgs/xmm7360/default.nix b/makefu/5pkgs/xmm7360/default.nix index 76cdc2cbf..3c4eab345 100644 --- a/makefu/5pkgs/xmm7360/default.nix +++ b/makefu/5pkgs/xmm7360/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, python3, kernel, kmod }: +{ stdenv, lib, fetchFromGitHub, python3, kernel, kmod }: let py = python3.withPackages (p: [ p.ConfigArgParse p.pyroute2 p.dbus-python ]); in @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { install -D open_xdatachannel $out/bin/open_xdatachannel ''; - meta = with stdenv.lib; { + meta = with lib; { description = "A kernel module to create V4L2 loopback devices"; homepage = "https://github.com/aramg/droidcam"; license = licenses.gpl2; diff --git a/makefu/krops.nix b/makefu/krops.nix index fd53f004e..1db4401a4 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -77,7 +77,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "fd5fbb0a241f644908cdf01ccd1821d0606fb4fd"; + ref = "6ce1d64073f48b9bc9425218803b1b607454c1e7"; }; }) ]; |