diff options
102 files changed, 1569 insertions, 643 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3f2f28d65..1946f269e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,19 @@ +before_script: + - mkdir -p ~/.ssh + - echo "$deploy_privkey" > deploy.key + - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key" + - chmod 600 deploy.key + - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts nix-shell test: script: - env - nix-shell --pure --command 'true' -p stdenv && echo success - nix-shell --pure --command 'false' -p stdenv || echo success +nur-packages makefu: + script: + - git reset --hard origin/master + - git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD + - git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git + - git push --force deploy HEAD:master +after_script: + - rm -f deploy.key diff --git a/jeschli/2configs/git.nix b/jeschli/2configs/git.nix index e07af1bc0..a26022789 100644 --- a/jeschli/2configs/git.nix +++ b/jeschli/2configs/git.nix @@ -45,11 +45,13 @@ let public = true; hooks = { post-receive = pkgs.git-hooks.irc-announce { - nick = config.krebs.build.host.name; channel = "#xxx"; + nick = config.krebs.build.host.name; + refs = [ + "refs/heads/master" + ]; server = "irc.r"; - verbose = true; - branches = [ "master" ]; + verbose = true; }; }; }; diff --git a/jeschli/krops.nix b/jeschli/krops.nix new file mode 100644 index 000000000..e55f207d3 --- /dev/null +++ b/jeschli/krops.nix @@ -0,0 +1,40 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/jeschli/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./2configs/tests/dummy-secrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; + }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; +} diff --git a/krebs/0tests/data/secrets/konsens.id_ed25519 b/krebs/0tests/data/secrets/konsens.id_ed25519 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/konsens.id_ed25519 diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 18b751a7e..0a848426c 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -15,6 +15,7 @@ <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/reaktor-retiolum.nix> <stockholm/krebs/2configs/reaktor-krebs.nix> + <stockholm/krebs/2configs/repo-sync.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 6addb0818..914b38051 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -25,6 +25,7 @@ in <stockholm/krebs/2configs/shack/muell_caller.nix> <stockholm/krebs/2configs/shack/radioactive.nix> <stockholm/krebs/2configs/shack/share.nix> + <stockholm/krebs/2configs/shack/mobile.mpd.nix> { systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate systemd.services.telegraf.environment = { @@ -114,7 +115,7 @@ in networking = { firewall.enable = false; firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces."${ext-if}".ip4 = [{ + interfaces."${ext-if}".ipv4.addresses = [{ address = shack-ip; prefixLength = 20; }]; diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 62a5f9ab5..8537ce40c 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -4,6 +4,22 @@ let hostname = config.networking.hostName; + sourceRepos = [ + "http://cgit.enklave.r/stockholm" + "http://cgit.gum.r/stockholm" + "http://cgit.hotdog.r/stockholm" + "http://cgit.ni.r/stockholm" + "http://cgit.prism.r/stockholm" + ]; + + build = pkgs.writeDash "build" '' + set -eu + export USER="$1" + export SYSTEM="$2" + $(nix-build $USER/krops.nix --no-out-link --argstr name "$SYSTEM" --argstr target "$HOME/stockholm-build" -A ci) + ''; + + in { networking.firewall.allowedTCPPorts = [ 80 ]; @@ -23,17 +39,16 @@ in slaves = { testslave = "lasspass"; }; - change_source.stockholm = '' - stockholm_repo = 'http://cgit.prism.r/stockholm' + change_source.stockholm = concatMapStrings (repo: '' cs.append( changes.GitPoller( - stockholm_repo, - workdir='stockholm-poller', branches=True, + "${repo}", + workdir='stockholm${elemAt(splitString "." repo) 1}', branches=True, project='stockholm', pollinterval=10 ) ) - ''; + '') sourceRepos; scheduler = { auto-scheduler = '' sched.append( @@ -61,7 +76,7 @@ in builder_pre = '' # prepare grab_repo step for stockholm grab_repo = steps.Git( - repourl=stockholm_repo, + repourl=util.Property('repository', 'http://cgit.hotdog.r/stockholm'), mode='full', submodules=True, ) @@ -95,15 +110,9 @@ in env={ "NIX_PATH": "secrets=/var/src/stockholm/null:stockholm=./:/var/src", "NIX_REMOTE": "daemon", - "dummy_secrets": "true", }, command=[ - "nix-shell", "-I", "stockholm=.", "--run", " ".join(["test", - "--user={}".format(user), - "--system={}".format(host), - "--force-populate", - "--target=$LOGNAME@${config.krebs.build.host.name}$HOME/{}".format(user), - ]) + "${build}", user, host ], timeout=90001, workdir='build', # TODO figure out why we need this? diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 48da88a8d..3ca94fc1b 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -3,78 +3,186 @@ with import <stockholm/lib>; let + konsens-user = { + name = "konsens"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKKozGNGBAzHnyj6xUlsjGxxknyChXvuyrddkWVVnz7"; + }; mirror = "git@${config.networking.hostName}:"; - defineRepo = name: announce: let + defineRepo = { + name, desc, section + }: + let repo = { public = true; name = mkDefault "${name}"; - cgit.desc = mkDefault "mirror for ${name}"; - cgit.section = mkDefault "mirror"; - hooks = mkIf announce (mkDefault { + cgit.desc = desc; + cgit.section = section; + hooks = mkDefault { post-receive = pkgs.git-hooks.irc-announce { - nick = config.networking.hostName; - verbose = false; channel = "#xxx"; + refs = [ + "refs/heads/master" + "refs/heads/newest" + "refs/tags/*" + ]; + nick = config.networking.hostName; server = "irc.r"; - branches = [ "master" ]; + verbose = false; }; - }); + }; }; in { - rules = with git; singleton { - user = with config.krebs.users; [ - config.krebs.users."${config.networking.hostName}-repo-sync" - ]; - repo = [ repo ]; - perm = push ''refs/*'' [ non-fast-forward create delete merge ]; - }; + rules = with git; [ + { + user = with config.krebs.users; [ + config.krebs.users."${config.networking.hostName}-repo-sync" + jeschli + lass + makefu + tv + ]; + repo = [ repo ]; + perm = push ''refs/*'' [ non-fast-forward create delete merge ]; + } + { + user = [ + konsens-user + ]; + repo = [ repo ]; + perm = push ''refs/heads/master'' [ create merge ]; + } + { + user = attrValues config.krebs.users; + repo = [ repo ]; + perm = fetch; + } + ]; repos."${name}" = repo; }; - sync-retiolum = name: + sync-retiolum = { + name, + desc ? "mirror for ${name}", + section ? "mirror" + }: { krebs.repo-sync.repos.${name} = { branches = { - makefu = { - origin.url = "http://cgit.gum/${name}"; + lassulus = { + origin.url = "http://cgit.lassul.us/${name}"; mirror.url = "${mirror}${name}"; }; - tv = { - origin.url = "http://cgit.ni.r/${name}"; + makefu = { + origin.url = "http://cgit.gum/${name}"; mirror.url = "${mirror}${name}"; }; nin = { origin.url = "http://cgit.onondaga.r/${name}"; mirror.url = "${mirror}${name}"; }; - lassulus = { - origin.url = "http://cgit.lassul.us/${name}"; + tv = { + origin.url = "http://cgit.ni.r/${name}"; mirror.url = "${mirror}${name}"; }; }; latest = { url = "${mirror}${name}"; - ref = "heads/master"; + ref = "heads/newest"; }; }; - krebs.git = defineRepo name false; + krebs.git = defineRepo { inherit name desc section; }; + }; + + sync-remote = { + name, + url, + desc ? "mirror for ${name}", + section ? "mirror" + }: + { + krebs.repo-sync.repos.${name} = { + branches = { + remote = { + origin.url = url; + mirror.url = "${mirror}${name}"; + }; + }; + }; + krebs.git = defineRepo { inherit name desc section; }; }; in { + krebs.git = { + enable = true; + cgit.settings = { + root-title = "krebs repos"; + root-desc = "keep calm and engage"; + }; + }; krebs.repo-sync = { enable = true; }; - krebs.git = { - enable = mkDefault true; - cgit = { - settings = { - root-title = "Shared Repos"; - root-desc = "keep on krebsing"; - }; + krebs.konsens = { + enable = true; + repos = { + krops = { branchesToCheck = [ "lassulus" "tv" ]; }; + stockholm = {}; }; }; + krebs.secret.files.konsens = { + path = "/var/lib/konsens/.ssh/id_ed25519"; + owner = konsens-user; + source-path = "${<secrets/konsens.id_ed25519>}"; + }; + imports = [ - (sync-retiolum "stockholm") + (sync-retiolum { name = "the_playlist"; desc = "Good Music collection + tools"; section = "art"; }) + + (sync-retiolum { name = "stockholm"; desc = "take all computers hostage, they love it"; section = "configuration"; }) + + (sync-retiolum { name = "cholerab"; desc = "krebs thesauron & enterprise-patterns"; section = "documentation"; }) + + (sync-retiolum { name = "disko"; desc = "take a description of your disk layout and produce a format script"; section = "software"; }) + (sync-retiolum { name = "news"; desc = "take a rss feed and a timeout and print it to stdout"; section = "software"; }) + (sync-retiolum { name = "krops"; desc = "krebs ops"; section = "software"; }) + (sync-retiolum { name = "go"; desc = "url shortener"; section = "software"; }) + (sync-retiolum { name = "much"; desc = "curses email client"; section = "software"; }) + (sync-retiolum { name = "newsbot-js"; desc = "irc rss/atom bot"; section = "software"; }) + (sync-retiolum { name = "nix-writers"; desc = "high level writers for nix"; section = "software"; }) + + (sync-retiolum { name = "cac-api"; desc = "CloudAtCost API command line interface"; section = "miscellaneous"; }) + (sync-retiolum { name = "dic"; desc = "dict.leo.org command line interface"; section = "miscellaneous"; }) + (sync-retiolum { name = "get"; section = "miscellaneous"; }) + (sync-retiolum { name = "hstool"; desc = "Haskell Development Environment ^_^"; section = "miscellaneous"; }) + (sync-retiolum { name = "htgen"; desc = "toy HTTP server"; section = "miscellaneous"; }) + (sync-retiolum { name = "kirk"; desc = "IRC tools"; section = "miscellaneous"; }) + (sync-retiolum { name = "load-env"; section = "miscellaneous"; }) + (sync-retiolum { name = "loldns"; desc = "toy DNS server"; section = "miscellaneous"; }) + (sync-retiolum { name = "netcup"; desc = "netcup command line interface"; section = "miscellaneous"; }) + (sync-retiolum { name = "populate"; desc = "source code installer"; section = "miscellaneous"; }) + (sync-retiolum { name = "q"; section = "miscellaneous"; }) + (sync-retiolum { name = "regfish"; section = "miscellaneous"; }) + (sync-retiolum { name = "soundcloud"; desc = "SoundCloud command line interface"; section = "miscellaneous"; }) + + (sync-retiolum { name = "blessings"; section = "Haskell libraries"; }) + (sync-retiolum { name = "mime"; section = "Haskell libraries"; }) + (sync-retiolum { name = "quipper"; section = "Haskell libraries"; }) + (sync-retiolum { name = "scanner"; section = "Haskell libraries"; }) + (sync-retiolum { name = "wai-middleware-time"; section = "Haskell libraries"; }) + (sync-retiolum { name = "web-routes-wai-custom"; section = "Haskell libraries"; }) + (sync-retiolum { name = "xintmap"; section = "Haskell libraries"; }) + (sync-retiolum { name = "xmonad-stockholm"; desc = "krebs xmonad modules"; section = "Haskell libraries"; }) + + (sync-remote { name = "array"; url = "https://github.com/makefu/array"; }) + (sync-remote { name = "email-header"; url = "https://github.com/4z3/email-header"; }) + (sync-remote { name = "mycube-flask"; url = "https://github.com/makefu/mycube-flask"; }) + (sync-remote { name = "reaktor-titlebot"; url = "https://github.com/makefu/reaktor-titlebot"; }) + (sync-remote { name = "repo-sync"; url = "https://github.com/makefu/repo-sync"; }) + (sync-remote { name = "skytraq-datalogger"; url = "https://github.com/makefu/skytraq-datalogger"; }) + (sync-remote { name = "realwallpaper"; url = "https://github.com/lassulus/realwallpaper"; }) + (sync-remote { name = "painload"; url = "https://github.com/krebs/painload"; }) + (sync-remote { name = "Reaktor"; url = "https://github.com/krebs/Reaktor"; }) + (sync-remote { name = "nixos-wiki"; url = "https://github.com/Mic92/nixos-wiki.wiki.git"; }) ]; } diff --git a/krebs/2configs/shack/mobile.mpd.nix b/krebs/2configs/shack/mobile.mpd.nix new file mode 100644 index 000000000..2dc466edb --- /dev/null +++ b/krebs/2configs/shack/mobile.mpd.nix @@ -0,0 +1,32 @@ +{lib,pkgs, ... }: +let + mpdHost = "mpd.shack"; + ympd = name: port: let + webPort = 10000 + port; + in { + systemd.services."ympd-${name}" = { + description = "mpd for ${name}"; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.ympd}/bin/ympd --host ${mpdHost} --port ${toString port} --webport ${toString webPort} --user nobody"; + }; + services.nginx.virtualHosts."mobile.${name}.mpd.shack" = { + serverAliases = [ + "${name}.mpd.wolf.r" + "${name}.mpd.wolf.shack" + ]; + locations."/".proxyPass = "http://localhost:${toString webPort}"; + }; + }; +in lib.mkMerge [{ + services.nginx.enable = true; +} + (ympd "lounge" 6600) + (ympd "seminarraum" 6601) + (ympd "elab" 6602) + (ympd "kueche" 6603) + (ympd "crafting" 6604) + (ympd "fablab" 6605) + (ympd "workshop" 6606) + (ympd "klo" 6607) + +] diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index afc96e9ee..833349769 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -26,6 +26,7 @@ let ./iana-etc.nix ./iptables.nix ./kapacitor.nix + ./konsens.nix ./monit.nix ./newsbot-js.nix ./nixpkgs.nix diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 5ae24b40b..8a923efd2 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -348,6 +348,10 @@ let users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; description = "Git repository hosting user"; + extraGroups = [ + # To allow running cgit-clear-cache via hooks. + cfg.cgit.fcgiwrap.group.name + ]; shell = "/bin/sh"; openssh.authorizedKeys.keys = unique @@ -403,13 +407,12 @@ let )); environment.systemPackages = [ - (pkgs.writeDashBin "cgit-clear-cache" '' - ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/* - '') + (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; }) ]; system.activationScripts.cgit = '' - mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} + mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} + chmod 0770 ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} ''; diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix new file mode 100644 index 000000000..74895a971 --- /dev/null +++ b/krebs/3modules/konsens.nix @@ -0,0 +1,80 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + cfg = config.krebs.konsens; + + out = { + options.krebs.konsens = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "git konsens finder"; + repos = mkOption { + type = types.attrsOf (types.submodule ({ config, ...}: { + options = { + url = mkOption { + type = types.str; + default = "git@localhost:${config._module.args.name}"; + }; + branchesToCheck = mkOption { + type = types.listOf types.str; + default = [ "lassulus" "makefu" "tv" ]; + }; + target = mkOption { + type = types.str; + default = "master"; + }; + timerConfig = mkOption { + type = types.attrsOf types.str; + default = { + OnCalendar = "*:00,15,30,45"; + }; + }; + }; + })); + }; + }; + + imp = { + users.users.konsens = rec { + name = "konsens"; + uid = genid name; + home = "/var/lib/konsens"; + createHome = true; + }; + + systemd.timers = mapAttrs' (name: repo: + nameValuePair "konsens-${name}" { + description = "konsens timer"; + wantedBy = [ "timers.target" ]; + timerConfig = repo.timerConfig; + } + ) cfg.repos; + + systemd.services = mapAttrs' (name: repo: + nameValuePair "konsens-${name}" { + after = [ "network.target" "secret.service" ]; + path = [ pkgs.git ]; + restartIfChanged = false; + serviceConfig = { + Type = "simple"; + PermissionsStartOnly = true; + ExecStart = pkgs.writeDash "konsens-${name}" '' + if ! test -e ${name}; then + git clone ${repo.url} ${name} + fi + cd ${name} + git fetch origin + git push origin $(git merge-base --octopus ${concatMapStringsSep " " (branch: "origin/${branch}") repo.branchesToCheck}):refs/heads/master + ''; + WorkingDirectory = /var/lib/konsens; + User = "konsens"; + }; + } + ) cfg.repos; + }; + +in out diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c4a5bbb0d..7d9ef5075 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -11,39 +11,6 @@ with import <stockholm/lib>; ci = true; monitoring = true; }) { - dishfire = { - cores = 4; - nets = rec { - internet = { - ip4.addr = "144.76.172.188"; - aliases = [ - "dishfire.i" - ]; - ssh.port = 45621; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.133.99"; - ip6.addr = "42:0000:0000:0000:0000:0000:d15f:1233"; - aliases = [ - "dishfire.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwKi49fN+0s5Cze6JThM7f7lj4da27PSJ/3w3tDFPvtQco11ksNLs - Xd3qPaQIgmcNVCR06aexae3bBeTx9y3qHvKqZVE1nCtRlRyqy1LVKSj15J1D7yz7 - uS6u/BSZiCzmdZwu3Fq5qqoK0nfzWe/NKEDWNa5l4Mz/BZQyI/hbOpn6UfFD0LpK - R4jzc9Dbk/IFNAvwb5yrgEYtwBzlXzeDvHW2JcPq3qQjK2byQYNiIyV3g0GHppEd - vDbIPDFhTn3Hv5zz/lX+/We8izzRge7MEd+Vn9Jwb5NAzwDsOHl6ExpqASv9H49U - HwgPw5pstabyrsDWXybSYUb+8LcZf+unGwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.port = 993; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv0JMp0y+E5433GRSFKVK3cQmP0AAlS9aH9fk49yFxy"; - }; prism = rec { cores = 4; extraZones = { @@ -441,7 +408,7 @@ with import <stockholm/lib>; }; }; }; - borg = { + rock = { monitoring = false; ci = false; external = true; @@ -449,22 +416,21 @@ with import <stockholm/lib>; retiolum = { ip4.addr = "10.243.29.171"; ip6.addr = "42:4992:6a6d:700::2"; - aliases = [ "borg.r" ]; + aliases = [ "rock.r" ]; tinc.pubkey = '' - -----BEGIN PUBLIC KEY----- - MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq - bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL - aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD - HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA - 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O - zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml - 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN - fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq - WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB - /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U - EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS - iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ== - -----END PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAsMJbXDhkaLZcEzCIe8G+rHyLulWIqrUAmDT4Vbtv4r0QhPBsqwjM + DuvRtX5SNHdjfZWnUZoOlmXrmIo07exPFQvyrnppm6DNx+IZ5mNMNVIFUoojRhF7 + HS2jubcjTEib56XEYWKly0olrVMbsJk5THJqRQyOQuTPCFToxXVRcT5t/UK6Dzgh + mp+suJ7IcmmO80IwfZrQrQslkQ6TdOy1Vs908GacSQJyRxdRxLraU/98iMhFbAQf + Ap+qVSUU88iCi+tcoSYzKhqU2N0AhRGcsE073B3Px8CAgPK/juwTrFElKEc17X9M + Rh41DvUjrtG4ERPmbwKPtsLagmnZUlU8A5YC8wtV08RI5QBsbbOsKInareV1aLeD + 91ZVCBPFTz8IM6Mc6H435eMCMC2ynFCDyRGdcue3tBQoaTGe1dbduIZkPGn+7cg4 + fef1db6SQD4HCwDLv8CTFLACR/jmAapwZEgvJ3u3bpgMGzt+QNvL1cxUr3TBUWRv + 3f0R+Dj8DCUWTJUE7K5LO7bL4p9Ht0yIsVH+/DucyoMQqRwCwWSr7+H2MAsWviav + ZRRfH0RqZPEzCxyLDBtkVrx+GRAUZxy1xlqmN16O/sRHiqq3bv8Jk3dwuRZlFu6q + cOFu4g9XsamHkmCuVkvTGjnC2h21MjUUr3PGHzOMtiM/18LcfX730f8CAwEAAQ== + -----END RSA PUBLIC KEY----- ''; }; }; diff --git a/krebs/3modules/lass/ssh/android.rsa b/krebs/3modules/lass/ssh/android.rsa index f5190f45c..3d35b76e4 100644 --- a/krebs/3modules/lass/ssh/android.rsa +++ b/krebs/3modules/lass/ssh/android.rsa @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPH4c2zQCaCmus4T9GvaY1lrgVR9CKV3Fx1vRn1K1XB u0_a194@android diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 53b06a702..faa3dd714 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -31,11 +31,8 @@ in enable = mkDefault true; virtualHosts.retiolum-bootstrap = { inherit (cfg) serverName sslCertificate sslCertificateKey; - enableSSL = true; + forceSSL = true; extraConfig ='' - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } root ${pkgs.retiolum-bootstrap}; try_files $uri $uri/retiolum.sh; diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index e6bafbd25..4fae6256d 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -2,7 +2,7 @@ python2Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; - version = "0.8.16"; + version = "0.8.17"; namePrefix = ""; patches = []; @@ -10,7 +10,7 @@ python2Packages.buildPythonApplication rec { owner = "krebs"; repo = "buildbot-classic"; rev = version; - sha256 = "0g686n6m0cjfyympl0ksansllx503gby3hx9gmc8hiyx6x5fkjha"; + sha256 = "0yn0n37rs2bhz9q0simnvyzz5sfrpqhbdm6pdj6qk7sab4y6xbq8"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; diff --git a/krebs/5pkgs/simple/cgit-clear-cache.nix b/krebs/5pkgs/simple/cgit-clear-cache.nix new file mode 100644 index 000000000..28402c39c --- /dev/null +++ b/krebs/5pkgs/simple/cgit-clear-cache.nix @@ -0,0 +1,8 @@ +with import <stockholm/lib>; + +{ cache-root ? "/tmp/cgit", findutils, writeDashBin }: + +writeDashBin "cgit-clear-cache" '' + set -efu + ${findutils}/bin/find ${shell.escape cache-root} -type f -delete +'' diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix index 1930c7f14..0a2c84410 100644 --- a/krebs/5pkgs/simple/git-hooks/default.nix +++ b/krebs/5pkgs/simple/git-hooks/default.nix @@ -6,11 +6,11 @@ with import <stockholm/lib>; # TODO irc-announce should return a derivation # but it cannot because krebs.git.repos.*.hooks :: attrsOf str irc-announce = - { branches ? [] - , cgit_endpoint ? "http://cgit.${nick}.r" + { cgit_endpoint ? "http://cgit.${nick}.r" , channel , nick , port ? 6667 + , refs ? [] , server , verbose ? false }: /* sh */ '' @@ -57,14 +57,15 @@ with import <stockholm/lib>; receive_mode=non-fast-forward fi - h=$(echo $ref | sed 's:^refs/heads/::') - - ${optionalString (branches != []) '' - if ! (echo "$h" | grep -qE "${concatStringsSep "|" branches}"); then - echo "we are not serving this branch: $h" + ${optionalString (refs != []) '' + if ! { echo "$ref" | grep -qE "${concatStringsSep "|" refs}"; }; then + echo "we are not announcing this ref: $h" exit 0 fi ''} + + h=$(echo $ref | sed 's:^refs/heads/::') + # empty_tree=$(git hash-object -t tree /dev/null) empty_tree=4b825dc6 diff --git a/krebs/5pkgs/simple/krops.nix b/krebs/5pkgs/simple/krops.nix index e4e9928d4..23cc224b8 100644 --- a/krebs/5pkgs/simple/krops.nix +++ b/krebs/5pkgs/simple/krops.nix @@ -2,6 +2,6 @@ fetchgit { url = https://cgit.krebsco.de/krops; - rev = "refs/tags/v1.1.0"; - sha256 = "19z5385rdci2bj0l7ksjbgyj84vsb29kz87j9x6vj5vv16y7y4ll"; + rev = "refs/tags/v1.3.1"; + sha256 = "0bv984bjc6r1ys1q0wnszv1v1g1wdvjb6i0ibj7namwz0mhg67a7"; } diff --git a/krebs/krops.nix b/krebs/krops.nix index 0e80aec0e..c71e60571 100644 --- a/krebs/krops.nix +++ b/krebs/krops.nix @@ -12,7 +12,7 @@ krebs-source = { nixpkgs.git = { - ref = "d0c868ec17c2cb2ca845f33fbfe381e9c7e55516"; + ref = (lib.importJSON ./nixpkgs.json).rev; url = https://github.com/NixOS/nixpkgs; }; stockholm.file = toString ../.; @@ -60,4 +60,9 @@ source = source { test = true; }; target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json new file mode 100644 index 000000000..a9a0f6634 --- /dev/null +++ b/krebs/nixpkgs.json @@ -0,0 +1,7 @@ +{ + "url": "https://github.com/NixOS/nixpkgs-channels", + "rev": "a37638d46706610d12c9747614fd1b8f8d35ad48", + "date": "2018-08-30T21:03:26+02:00", + "sha256": "0rsdkk4z7pkqr2mw0pq7i6fkqs7gbi5kral3c8smm9bw104sn8v7", + "fetchSubmodules": true +} diff --git a/krebs/update-channel.sh b/krebs/update-channel.sh new file mode 100755 index 000000000..47d3f29c4 --- /dev/null +++ b/krebs/update-channel.sh @@ -0,0 +1,9 @@ +#!/bin/sh +dir=$(dirname $0) +oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ + --url https://github.com/NixOS/nixpkgs-channels \ + --rev refs/heads/nixos-18.03' \ +> $dir/nixpkgs.json +newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index eafc0d06c..305b3f70e 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -30,7 +30,8 @@ with import <stockholm/lib>; }; environment.systemPackages = with pkgs; [ pavucontrol - firefox + #firefox + chromium hexchat networkmanagerapplet libreoffice diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix deleted file mode 100644 index 3d5f32180..000000000 --- a/lass/1systems/dishfire/config.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - <stockholm/lass> - <stockholm/lass/2configs/retiolum.nix> - <stockholm/lass/2configs/git.nix> - { - networking.dhcpcd.allowInterfaces = [ - "enp*" - "eth*" - "ens*" - ]; - } - { - sound.enable = false; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; - } - { - imports = [ - <stockholm/lass/2configs/websites/fritz.nix> - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport http"; target = "ACCEPT"; } - { predicate = "-p tcp --dport https"; target = "ACCEPT"; } - ]; - } - { - #TODO: abstract & move to own file - krebs.exim-smarthost = { - enable = true; - relay_from_hosts = map (host: host.nets.retiolum.ip4.addr) [ - config.krebs.hosts.mors - config.krebs.hosts.uriel - ]; - system-aliases = [ - { from = "mailer-daemon"; to = "postmaster"; } - { from = "postmaster"; to = "root"; } - { from = "nobody"; to = "root"; } - { from = "hostmaster"; to = "root"; } - { from = "usenet"; to = "root"; } - { from = "news"; to = "root"; } - { from = "webmaster"; to = "root"; } - { from = "www"; to = "root"; } - { from = "ftp"; to = "root"; } - { from = "abuse"; to = "root"; } - { from = "noc"; to = "root"; } - { from = "security"; to = "root"; } - { from = "root"; to = "lass"; } - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - ]; - } - ]; - - krebs.build.host = config.krebs.hosts.dishfire; -} diff --git a/lass/1systems/dishfire/physical.nix b/lass/1systems/dishfire/physical.nix deleted file mode 100644 index 64e3904e0..000000000 --- a/lass/1systems/dishfire/physical.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./config.nix - <nixpkgs/nixos/modules/profiles/qemu-guest.nix> - ]; - - boot.loader.grub = { - device = "/dev/vda"; - splashImage = null; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "ehci_pci" - "uhci_hcd" - "virtio_pci" - "virtio_blk" - ]; - - fileSystems."/" = { - device = "/dev/mapper/pool-nix"; - fsType = "ext4"; - }; - - fileSystems."/srv/http" = { - device = "/dev/pool/srv_http"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - fileSystems."/bku" = { - device = "/dev/pool/bku"; - fsType = "ext4"; - }; -} diff --git a/lass/1systems/dishfire/source.nix b/lass/1systems/dishfire/source.nix deleted file mode 100644 index 2445af130..000000000 --- a/lass/1systems/dishfire/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import <stockholm/lass/source.nix> { - name = "dishfire"; -} diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 257e51ee3..68acf12b8 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -1,48 +1,7 @@ with import <stockholm/lib>; -{ config, lib, pkgs, ... }: - +{ pkgs, ... }: { - imports = [ - <stockholm/lass> - <stockholm/lass/2configs/baseX.nix> - <stockholm/lass/2configs/browsers.nix> - <stockholm/lass/2configs/mouse.nix> - <stockholm/lass/2configs/pass.nix> - { - services.xserver.dpi = 200; - fonts.fontconfig.dpi = 200; - lass.fonts.regular = "xft:Hack-Regular:pixelsize=22,xft:Symbola"; - lass.fonts.bold = "xft:Hack-Bold:pixelsize=22,xft:Symbola"; - lass.fonts.italic = "xft:Hack-RegularOblique:pixelsize=22,xft:Symbol"; - } - ]; - krebs.build.host = config.krebs.hosts.helios; - environment.systemPackages = with pkgs; [ - ag - vim - git - rsync - hashPassword - thunderbird dpass - - # we want tensorflow! (with GPU acceleration) - python3Packages.tensorflowWithCuda ]; - - users.users = { - root.openssh.authorizedKeys.keys = [ - config.krebs.users.lass-helios.pubkey - ]; - }; - - services.tlp.enable = true; - - services.printing.drivers = [ pkgs.postscript-lexmark ]; - - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - } diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 90e04cad1..5a9c26b9d 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -40,6 +40,9 @@ with import <stockholm/lib>; { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } #chromecast { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; } + #quake3 + { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; } + { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } ]; } { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b9fda2949..0f20d1c4e 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -287,6 +287,8 @@ with import <stockholm/lib>; { users.users.download.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" ]; } { @@ -337,7 +339,7 @@ with import <stockholm/lib>; { # lass-android allowedIPs = [ "10.244.1.2/32" ]; - publicKey = "63+ns9AGv6e6a8WgxiZNFEt1xQT0YKFlEHzRaYJWtmk="; + publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw="; } ]; }; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 30757964c..191e25831 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -85,6 +85,8 @@ with import <stockholm/lib>; { from = "qwertee@lassul.us"; to = lass.mail; } { from = "zazzle@lassul.us"; to = lass.mail; } { from = "hackbeach@lassul.us"; to = lass.mail; } + { from = "transferwise@lassul.us"; to = lass.mail; } + { from = "cis@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 829e62269..caa7c3065 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -38,6 +38,10 @@ let cgit.desc = "take a description of your disk layout and produce a format script"; cgit.section = "software"; }; + krebspage = { + cgit.desc = "homepage of krebs"; + cgit.section = "configuration"; + }; news = { cgit.desc = "take a rss feed and a timeout and print it to stdout"; cgit.section = "software"; @@ -100,10 +104,12 @@ let # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#xxx"; + # TODO define refs in some kind of option per repo + refs = [ + "refs/heads/master" + ]; server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; - # TODO define branches in some kind of option per repo - branches = [ "master" ]; }; }; }; @@ -121,10 +127,13 @@ let # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; channel = "#xxx"; + # TODO define refs in some kind of option per repo + refs = [ + "refs/heads/master" + "refs/heads/staging*" + ]; server = "irc.r"; verbose = false; - # TODO define branches in some kind of option per repo - branches = [ "master" "staging*" ]; }; } // hooks; }; diff --git a/lass/2configs/reaktor-coders.nix b/lass/2configs/reaktor-coders.nix index 86877df7a..9365582b8 100644 --- a/lass/2configs/reaktor-coders.nix +++ b/lass/2configs/reaktor-coders.nix @@ -106,6 +106,12 @@ with import <stockholm/lib>; exec echo '¯\_(ツ)_/¯' ''; }) + (buildSimpleReaktorPlugin "flip" { + pattern = "^!flip$"; + script = pkgs.writeDash "shrug" '' + exec echo '(╯°□°)╯ ┻━┻' + ''; + }) ]; }; } diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 6a07172fe..8b7d0db71 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -14,10 +14,12 @@ let hooks = mkIf announce (mkDefault { post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; - verbose = false; channel = "#xxx"; + refs = [ + "refs/heads/newest" + ]; server = "irc.r"; - branches = [ "newest" ]; + verbose = false; }; }); }; diff --git a/lass/krops.nix b/lass/krops.nix index 776a3a55d..c5a932206 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -1,4 +1,4 @@ -{ config ? config, name }: let +{ name }: let inherit (import ../krebs/krops.nix { inherit name; }) krebs-source lib @@ -10,7 +10,7 @@ { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; secrets = if test then { - file = "/home/lass/stockholm/lass/2configs/tests/dummy-secrets"; + file = toString ./2configs/tests/dummy-secrets; } else { pass = { dir = "${lib.getEnv "HOME"}/.password-store"; @@ -30,13 +30,11 @@ in { # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) test = pkgs.krops.writeTest "${name}-test" { source = source { test = true; }; - target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; }; - ci = map (host: - pkgs.krops.writeTest "${host.name}-test" { - source = source { test = true; }; - target = "${lib.getEnv "TMPDIR"}/lass/${host.name}"; - } - ) (lib.filter (host: lib.getAttr "ci" host && host.owner == "lass") (lib.attrValues config.krebs.hosts)); + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; } diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix index cd97a7c62..22c40039e 100644 --- a/makefu/1systems/cake/source.nix +++ b/makefu/1systems/cake/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="cake"; full = true; } diff --git a/makefu/1systems/darth/source.nix b/makefu/1systems/darth/source.nix index b13b6c603..a8d7368ab 100644 --- a/makefu/1systems/darth/source.nix +++ b/makefu/1systems/darth/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="darth"; } diff --git a/makefu/1systems/drop/config.nix b/makefu/1systems/drop/config.nix index b7e0d0395..2757db8cc 100644 --- a/makefu/1systems/drop/config.nix +++ b/makefu/1systems/drop/config.nix @@ -30,7 +30,7 @@ in { allowedTCPPorts = [ ]; allowedUDPPorts = [ 655 ]; }; - interfaces.enp0s3.ip4 = [{ + interfaces.enp0s3.ipv4.addresses = [{ address = external-ip; inherit prefixLength; }]; diff --git a/makefu/1systems/drop/source.nix b/makefu/1systems/drop/source.nix index 45bd6f97e..a6bc834b0 100644 --- a/makefu/1systems/drop/source.nix +++ b/makefu/1systems/drop/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="drop"; torrent = true; } diff --git a/makefu/1systems/fileleech/config.nix b/makefu/1systems/fileleech/config.nix index e36afecd5..7e9dea9ec 100644 --- a/makefu/1systems/fileleech/config.nix +++ b/makefu/1systems/fileleech/config.nix @@ -145,13 +145,13 @@ in { networking.nameservers = [ "8.8.8.8" ]; # SPF networking.defaultGateway = "151.217.176.1"; - networking.interfaces.enp6s0f0.ip4 = [{ + networking.interfaces.enp6s0f0.ipv4.addresses = [{ address = "151.217.178.63"; prefixLength = 22; }]; # Gigabit - networking.interfaces.enp8s0f1.ip4 = [{ + networking.interfaces.enp8s0f1.ipv4.addresses = [{ address = "192.168.126.1"; prefixLength = 24; }]; diff --git a/makefu/1systems/fileleech/source.nix b/makefu/1systems/fileleech/source.nix index caca1fbcb..b6951a273 100644 --- a/makefu/1systems/fileleech/source.nix +++ b/makefu/1systems/fileleech/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name = "fileleech"; torrent = true; } diff --git a/makefu/1systems/filepimp/source.nix b/makefu/1systems/filepimp/source.nix index 88c9f4f08..b81a2bf4a 100644 --- a/makefu/1systems/filepimp/source.nix +++ b/makefu/1systems/filepimp/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="filepimp"; } diff --git a/makefu/1systems/full/source.nix b/makefu/1systems/full/source.nix new file mode 100644 index 000000000..1e36c6e87 --- /dev/null +++ b/makefu/1systems/full/source.nix @@ -0,0 +1,5 @@ +{ + name="gum"; + torrent = true; + clever_kexec = true; +} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 998ecd0fb..351844482 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -17,7 +17,6 @@ in { # <stockholm/makefu/2configs/disable_v6.nix> <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/urlwatch> # Security <stockholm/makefu/2configs/sshd-totp.nix> @@ -26,7 +25,6 @@ in { <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/sec.nix> - <stockholm/makefu/2configs/vim.nix> <stockholm/makefu/2configs/zsh-user.nix> # services @@ -57,7 +55,7 @@ in { <stockholm/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix> <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> - <stockholm/makefu/2configs/deployment/graphs.nix> + # <stockholm/makefu/2configs/deployment/graphs.nix> <stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/bgt/hidden_service.nix> @@ -196,12 +194,6 @@ in { get tmux ]; - services.bitlbee = { - enable = true; - libpurple_plugins = [ pkgs.telegram-purple ]; - }; - - # Hardware # Network networking = { diff --git a/makefu/1systems/gum/source.nix b/makefu/1systems/gum/source.nix index e3ca472e4..1e36c6e87 100644 --- a/makefu/1systems/gum/source.nix +++ b/makefu/1systems/gum/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="gum"; torrent = true; clever_kexec = true; diff --git a/makefu/1systems/iso/source.nix b/makefu/1systems/iso/source.nix index e200dbfd2..6bef8ada9 100644 --- a/makefu/1systems/iso/source.nix +++ b/makefu/1systems/iso/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="iso"; } diff --git a/makefu/1systems/kexec/source.nix b/makefu/1systems/kexec/source.nix index e200dbfd2..6bef8ada9 100644 --- a/makefu/1systems/kexec/source.nix +++ b/makefu/1systems/kexec/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="iso"; } diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix index 5352b029f..bec778abc 100644 --- a/makefu/1systems/latte/config.nix +++ b/makefu/1systems/latte/config.nix @@ -22,7 +22,6 @@ in { # Tools <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/vim.nix> <stockholm/makefu/2configs/zsh-user.nix> # Services <stockholm/makefu/2configs/remote-build/slave.nix> diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix index d9600909a..ab0a454c0 100644 --- a/makefu/1systems/latte/source.nix +++ b/makefu/1systems/latte/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name = "latte"; torrent = true; } diff --git a/makefu/1systems/nextgum/config.nix b/makefu/1systems/nextgum/config.nix index 9761546e7..db22cf9b8 100644 --- a/makefu/1systems/nextgum/config.nix +++ b/makefu/1systems/nextgum/config.nix @@ -19,14 +19,15 @@ in { <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/sec.nix> - <stockholm/makefu/2configs/vim.nix> <stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/mosh.nix> + <stockholm/makefu/2configs/gui/xpra.nix> <stockholm/makefu/2configs/git/cgit-retiolum.nix> <stockholm/makefu/2configs/backup.nix> <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> + # services <stockholm/makefu/2configs/sabnzbd.nix> @@ -51,12 +52,13 @@ in { <stockholm/makefu/2configs/dnscrypt/server.nix> <stockholm/makefu/2configs/binary-cache/server.nix> <stockholm/makefu/2configs/iodined.nix> + <stockholm/makefu/2configs/bitlbee.nix> ## buildbot <stockholm/makefu/2configs/remote-build/slave.nix> # Removed until move: no extra mails - # <stockholm/makefu/2configs/urlwatch> + <stockholm/makefu/2configs/urlwatch> # Removed until move: avoid double-update of domain # <stockholm/makefu/2configs/hub.nix> # Removed until move: avoid letsencrypt ban @@ -166,6 +168,8 @@ in { networking.firewall.allowedTCPPorts = [ 5201 ]; } + # krebs infrastructure services + <stockholm/makefu/2configs/stats/server.nix> ]; makefu.dl-dir = "/var/download"; @@ -200,13 +204,8 @@ in { environment.systemPackages = with pkgs;[ weechat bepasty-client-cli - get tmux ]; - services.bitlbee = { - enable = true; - libpurple_plugins = [ pkgs.telegram-purple ]; - }; # Hardware diff --git a/makefu/1systems/nextgum/source.nix b/makefu/1systems/nextgum/source.nix index 413889c47..6940498f1 100644 --- a/makefu/1systems/nextgum/source.nix +++ b/makefu/1systems/nextgum/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="nextgum"; torrent = true; clever_kexec = true; diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index a85d5f5ce..109877bf1 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -10,6 +10,7 @@ let rootDisk = byid "ata-SanDisk_SD8SNAT128G1122_162099420904"; rootPartition = byid "ata-SanDisk_SD8SNAT128G1122_162099420904-part2"; primaryInterface = "enp2s0"; + firetv = "192.168.1.238"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 @@ -28,7 +29,8 @@ let # | * | # | * | # |_______| - cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; + # cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; + cryptDisk0 = byid "ata-ST8000DM004-2CX188_ZCT01PLV"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; cryptDisk3 = byid "ata-ST8000DM004-2CX188_ZCT01SG4"; @@ -97,6 +99,71 @@ in { # Temporary: # <stockholm/makefu/2configs/temp/rst-issue.nix> + { # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; + } + { + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.65.5" + ]; + services.home-assistant = { + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + }; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + sensor = [ + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "663"; + monitored_conditions = [ "P1" "P2" ]; + } + # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ + { platform = "darksky"; + api_key = "c73619e6ea79e553a585be06aacf3679"; + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "hourly_summary" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 10; + seconds = 0; + }; + } + ]; + frontend = { }; + http = { }; + }; + enable = true; + #configDir = "/var/lib/hass"; + }; + } ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; @@ -164,7 +231,7 @@ in { // cryptMount "crypt2" // cryptMount "crypt3" // { "/media/cryptX" = { - device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 ]); + device = (lib.concatMapStringsSep ":" (d: (toMapper d)) [ 0 1 2 3 ]); fsType = "mergerfs"; noCheck = true; options = [ "defaults" "allow_other" "nofail" "nonempty" ]; diff --git a/makefu/1systems/omo/source.nix b/makefu/1systems/omo/source.nix index da0d87aad..0d42cc9e2 100644 --- a/makefu/1systems/omo/source.nix +++ b/makefu/1systems/omo/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="omo"; torrent = true; } diff --git a/makefu/1systems/pnp/source.nix b/makefu/1systems/pnp/source.nix index 0b630aa3b..02f7d0ab6 100644 --- a/makefu/1systems/pnp/source.nix +++ b/makefu/1systems/pnp/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="pnp"; } diff --git a/makefu/1systems/repunit/source.nix b/makefu/1systems/repunit/source.nix index ff361fb55..20d3cd1cb 100644 --- a/makefu/1systems/repunit/source.nix +++ b/makefu/1systems/repunit/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="repunit"; } diff --git a/makefu/1systems/sdev/source.nix b/makefu/1systems/sdev/source.nix index 833d9bf73..2e085740a 100644 --- a/makefu/1systems/sdev/source.nix +++ b/makefu/1systems/sdev/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="sdev"; } diff --git a/makefu/1systems/shack-autoinstall/source.nix b/makefu/1systems/shack-autoinstall/source.nix new file mode 100644 index 000000000..6bef8ada9 --- /dev/null +++ b/makefu/1systems/shack-autoinstall/source.nix @@ -0,0 +1,3 @@ +{ + name="iso"; +} diff --git a/makefu/1systems/shoney/config.nix b/makefu/1systems/shoney/config.nix index ba9d0911e..27d389b85 100644 --- a/makefu/1systems/shoney/config.nix +++ b/makefu/1systems/shoney/config.nix @@ -46,7 +46,7 @@ in { dst = "10.8.10.6"; }; networking = { - interfaces.enp2s1.ip4 = [ + interfaces.enp2s1.ipv4.addresses = [ { address = ip; prefixLength = 24; } # { address = alt-ip; prefixLength = 24; } ]; diff --git a/makefu/1systems/shoney/source.nix b/makefu/1systems/shoney/source.nix index 382474f5e..3616716f9 100644 --- a/makefu/1systems/shoney/source.nix +++ b/makefu/1systems/shoney/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="shoney"; } diff --git a/makefu/1systems/studio/config.nix b/makefu/1systems/studio/config.nix index b9a1a5d6a..b3d9383c4 100644 --- a/makefu/1systems/studio/config.nix +++ b/makefu/1systems/studio/config.nix @@ -3,7 +3,6 @@ imports = [ <stockholm/makefu> <stockholm/makefu/2configs/vncserver.nix> - <stockholm/makefu/2configs/vim.nix> <stockholm/makefu/2configs/disable_v6.nix> <stockholm/makefu/2configs/audio/jack-on-pulse.nix> <stockholm/makefu/2configs/audio/realtime-audio.nix> diff --git a/makefu/1systems/studio/source.nix b/makefu/1systems/studio/source.nix index f662653e7..ff88d3557 100644 --- a/makefu/1systems/studio/source.nix +++ b/makefu/1systems/studio/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="studio"; musnix = true; } diff --git a/makefu/1systems/tsp/source.nix b/makefu/1systems/tsp/source.nix index 79f6a435d..9abf503e2 100644 --- a/makefu/1systems/tsp/source.nix +++ b/makefu/1systems/tsp/source.nix @@ -1,3 +1,5 @@ -import <stockholm/makefu/source.nix> { +{ name="tsp"; + full = true; + hw = true; } diff --git a/makefu/1systems/vbob/source.nix b/makefu/1systems/vbob/source.nix index 5419215e2..59744faf5 100644 --- a/makefu/1systems/vbob/source.nix +++ b/makefu/1systems/vbob/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="vbob"; # musnix = true; } diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 9d8a91e6d..e1d66a2f9 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -150,7 +150,7 @@ in { # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # not explicitly setting the interface results in wpa_supplicant to crash networking.wireless.interfaces = [ "wlp2s0" ]; - networking.interfaces.virbr1.ip4 = [{ + networking.interfaces.virbr1.ipv4.addresses = [{ address = "10.8.8.11"; prefixLength = 24; }]; diff --git a/makefu/1systems/wbob/source.nix b/makefu/1systems/wbob/source.nix index b768aa87d..c76f73760 100644 --- a/makefu/1systems/wbob/source.nix +++ b/makefu/1systems/wbob/source.nix @@ -1,4 +1,4 @@ -import <stockholm/makefu/source.nix> { +{ name="wbob"; # musnix = true; } diff --git a/makefu/1systems/wry/config.nix b/makefu/1systems/wry/config.nix index 2db1a9a95..b728703ec 100644 --- a/makefu/1systems/wry/config.nix +++ b/makefu/1systems/wry/config.nix @@ -42,7 +42,7 @@ in { allowedTCPPorts = [ 53 80 443 ]; allowedUDPPorts = [ 655 53 ]; }; - interfaces.enp2s1.ip4 = [{ + interfaces.enp2s1.ipv4.addresses = [{ address = external-ip; prefixLength = 24; }]; diff --git a/makefu/1systems/wry/source.nix b/makefu/1systems/wry/source.nix index fac3877ee..730300590 100644 --- a/makefu/1systems/wry/source.nix +++ b/makefu/1systems/wry/source.nix @@ -1,3 +1,3 @@ -import <stockholm/makefu/source.nix> { +{ name="wry"; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index e5b481ab6..54a16a931 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -12,10 +12,9 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/main-laptop.nix> <stockholm/makefu/2configs/extra-fonts.nix> <stockholm/makefu/2configs/tools/all.nix> - <stockholm/makefu/2configs/tools/mic92.nix> <stockholm/makefu/2configs/laptop-backup.nix> - <stockholm/makefu/2configs/dnscrypt/client.nix> + # <stockholm/makefu/2configs/dnscrypt/client.nix> <stockholm/makefu/2configs/avahi.nix> # Debugging @@ -36,6 +35,8 @@ with import <stockholm/lib>; # Krebs <stockholm/makefu/2configs/tinc/retiolum.nix> + <stockholm/makefu/2configs/share/gum-client.nix> + # applications <stockholm/makefu/2configs/exim-retiolum.nix> @@ -72,6 +73,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/hw/irtoy.nix> <stockholm/makefu/2configs/hw/bluetooth.nix> # <stockholm/makefu/2configs/hw/rad1o.nix> + <stockholm/makefu/2configs/hw/smartcard.nix> # Filesystem <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix> @@ -82,6 +84,8 @@ with import <stockholm/lib>; programs.adb.enable = true; } # temporary + <stockholm/makefu/2configs/pyload.nix> + # <stockholm/makefu/2configs/nginx/rompr.nix> # <stockholm/makefu/2configs/lanparty/lancache.nix> # <stockholm/makefu/2configs/lanparty/lancache-dns.nix> # <stockholm/makefu/2configs/lanparty/samba.nix> @@ -138,8 +142,11 @@ with import <stockholm/lib>; boot.loader.grub.configurationLimit = 3; environment.systemPackages = [ pkgs.passwdqc-utils pkgs.nixUnstable ]; - nixpkgs.overlays = [ (import <python/overlay.nix>) ]; # environment.variables = { GOROOT = [ "${pkgs.go.out}/share/go" ]; }; - + state = [ + "/home/makefu/stockholm" + "/home/makefu/backup/borgun" + "/home/makefu/.mail/" + ]; } diff --git a/makefu/1systems/x/source.nix b/makefu/1systems/x/source.nix index ab6429dc1..75af3255b 100644 --- a/makefu/1systems/x/source.nix +++ b/makefu/1systems/x/source.nix @@ -1,9 +1,10 @@ -import <stockholm/makefu/source.nix> { +{ name="x"; full = true; python = true; hw = true; unstable = true; mic92 = true; + clever_kexec = true; # torrent = true; } diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix new file mode 100644 index 000000000..17efa7113 --- /dev/null +++ b/makefu/2configs/bitlbee.nix @@ -0,0 +1,8 @@ +{pkgs, ... }: +# state: /var/lib/bitlbee +{ + services.bitlbee = { + enable = true; + libpurple_plugins = [ pkgs.telegram-purple ]; + }; +} diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 0a89d2023..6192a92a5 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -8,13 +8,16 @@ with import <stockholm/lib>; mapAttrs (_: h: { hashedPassword = h; }) (import <secrets/hashedPasswords.nix>); } - ./vim.nix + ./editor/vim.nix ./binary-cache/nixos.nix ]; boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; programs.command-not-found.enable = false; + + nix.package = pkgs.nixUnstable; + nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; @@ -158,4 +161,10 @@ with import <stockholm/lib>; "-a task,never" ]; }; + system.activationScripts.state = optionalString (config.state != []) '' + cat << EOF + This machine is burdened with state: + ${concatMapStringsSep "\n" (d: "* ${d}") config.state} + EOF + ''; } diff --git a/makefu/2configs/deployment/events-publisher/default.nix b/makefu/2configs/deployment/events-publisher/default.nix index c671b1a0b..37d74c282 100644 --- a/makefu/2configs/deployment/events-publisher/default.nix +++ b/makefu/2configs/deployment/events-publisher/default.nix @@ -2,12 +2,13 @@ with import <stockholm/lib>; let shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/5e7b083c63f25182a02c1fddb3d32cb9534fbc50.tar.gz"; - sha256 = "1zzlhyj8fr6y3a3b6qlyrm474xxxs1ydqjpkd2jva3g1lnzlmvkp"; + url = "https://github.com/makefu/events-publisher/archive/c5218195e6afdc646cb7682d8f355a7ec2b90716.tar.gz"; + sha256 = "0xk74q7gah3l5zy3bkvih3k9fr1hclvf71rm3ixcmslhicl7khav"; }) {} ; home = "/var/lib/shackannounce"; user = "shackannounce"; creds = (toString <secrets>) + "/shack-announce.json"; + LOL = "DEBUG"; in { users.users.${user}= { @@ -32,14 +33,14 @@ in if test ! -e announce.state; then echo "initializing state" announce-daemon \ - --lol INFO \ + --lol ${LOL} \ --creds creds.json \ --state announce.state \ --clean --init fi echo "Running announce" announce-daemon \ - --lol INFO \ + --lol ${LOL} \ --creds creds.json \ --state announce.state ''; diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix new file mode 100644 index 000000000..d14a611b4 --- /dev/null +++ b/makefu/2configs/editor/vim.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +let + customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin { + name = "vim-better-whitespace"; + src = pkgs.fetchFromGitHub { + owner = "ntpeters"; + repo = "vim-better-whitespace"; + rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7"; + sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk"; + }; + }; + +in { + + environment.systemPackages = [ + pkgs.python27Full # required for youcompleteme + (pkgs.vim_configurable.customize { + name = "vim"; + + vimrcConfig.customRC = builtins.readFile ./vimrc; + vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; + vimrcConfig.vam.pluginDictionaries = [ + { names = [ "undotree" + # "YouCompleteMe" + "vim-better-whitespace" ]; } + # vim-nix handles indentation better but does not perform sanity + { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + ]; + + }) + ]; +} diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc new file mode 100644 index 000000000..8cdab55db --- /dev/null +++ b/makefu/2configs/editor/vimrc @@ -0,0 +1,98 @@ +set nocompatible +syntax on +set list +set listchars=tab:▸\ +"set list listchars=tab:>-,trail:.,extends:> + +filetype off +filetype plugin indent on + +colorscheme darkblue +set background=dark + +set number +set relativenumber +set mouse=a +set ignorecase +set incsearch +set wildignore=*.o,*.obj,*.bak,*.exe,*.os +set textwidth=79 +set shiftwidth=2 +set expandtab +set softtabstop=2 +set shiftround +set smarttab +set tabstop=2 +set et +set autoindent +set backspace=indent,eol,start + + +inoremap <F1> <ESC> +nnoremap <F1> <ESC> +vnoremap <F1> <ESC> + +nnoremap <F5> :UndotreeToggle<CR> +set undodir =~/.vim/undo +set undofile +"maximum number of changes that can be undone +set undolevels=1000000 +"maximum number lines to save for undo on a buffer reload +set undoreload=10000000 + +nnoremap <F2> :set invpaste paste?<CR> +set pastetoggle=<F2> +set showmode + +set showmatch +set matchtime=3 +set hlsearch + +autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red + + +" save on focus lost +au FocusLost * :wa + +autocmd BufRead *.json set filetype=json +au BufNewFile,BufRead *.mustache set syntax=mustache + +cnoremap SudoWrite w !sudo tee > /dev/null % + +" create Backup/tmp/undo dirs +set backupdir=~/.vim/backup +set directory=~/.vim/tmp + +function! InitBackupDir() + let l:parent = $HOME . '/.vim/' + let l:backup = l:parent . 'backup/' + let l:tmpdir = l:parent . 'tmp/' + let l:undodir= l:parent . 'undo/' + + + if !isdirectory(l:parent) + call mkdir(l:parent) + endif + if !isdirectory(l:backup) + call mkdir(l:backup) + endif + if !isdirectory(l:tmpdir) + call mkdir(l:tmpdir) + endif + if !isdirectory(l:undodir) + call mkdir(l:undodir) + endif +endfunction +call InitBackupDir() + +augroup Binary + " edit binaries in xxd-output, xxd is part of vim + au! + au BufReadPre *.bin let &bin=1 + au BufReadPost *.bin if &bin | %!xxd + au BufReadPost *.bin set ft=xxd | endif + au BufWritePre *.bin if &bin | %!xxd -r + au BufWritePre *.bin endif + au BufWritePost *.bin if &bin | %!xxd + au BufWritePost *.bin set nomod | endif +augroup END diff --git a/makefu/2configs/gui/xpra.nix b/makefu/2configs/gui/xpra.nix new file mode 100644 index 000000000..2384acbaa --- /dev/null +++ b/makefu/2configs/gui/xpra.nix @@ -0,0 +1,3 @@ +{ + services.xserver.displayManager.xpra.enable = true; +} diff --git a/makefu/2configs/hw/smartcard.nix b/makefu/2configs/hw/smartcard.nix new file mode 100644 index 000000000..1e9bca53b --- /dev/null +++ b/makefu/2configs/hw/smartcard.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + services.pcscd = { + enable = true; + plugins = with pkgs; [ ifdnfc ccid ]; + + }; + environment.systemPackages = with pkgs; [ + # need to run ifdnfc-activate before usage + ifdnfc + # pcsc_scan + pcsctools + ]; + boot.blacklistedKernelModules = [ + "pn533" "pn533_usb" + "nfc" + ]; +} diff --git a/makefu/2configs/nginx/rompr.nix b/makefu/2configs/nginx/rompr.nix new file mode 100644 index 000000000..8c1fbc53b --- /dev/null +++ b/makefu/2configs/nginx/rompr.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + user = config.services.nginx.user; + group = config.services.nginx.group; + src = pkgs.fetchFromGitHub { + owner = "fatg3erman"; + repo = "RompR"; + rev = "1.21"; + sha256 = "00gk2c610qgpsb6y296h9pz2aaa6gfq4cqhn15l7fdrk3lkvh01q"; + }; + fpm-socket = "/var/run/php5-rompr-fpm.sock"; + mpd-src = "/var/lib/rompr"; + +in { + services.phpfpm = { + # phpfpm does not have an enable option + poolConfigs = { + mpd = '' + user = ${user} + group = ${group} + listen = ${fpm-socket} + listen.owner = ${user} + listen.group = ${group} + pm = dynamic + pm.max_children = 5 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + chdir = / + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + catch_workers_output = yes + ''; + }; + }; + # TODO: Pre-job + # TODO: prefs.var could be templated (serialized php ...) then we would not + # need to have a state dir at all + system.activationScripts.rompr = '' + mkdir -p ${mpd-src} + cp -r ${src}/. ${mpd-src} + chown -R ${user}:${group} ${mpd-src} + chmod 770 ${mpd-src} + ''; + services.nginx = { + enable = mkDefault true; + virtualHosts = { + "localhost" = { + root = mpd-src; + locations."/".index = "index.php"; + locations."~ \.php$" = { + root = mpd-src; + extraConfig = '' + client_max_body_size 200M; + fastcgi_pass unix:${fpm-socket}; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + fastcgi_index index.php; + try_files $uri =404; + ''; + }; + }; + }; + }; + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureDatabases = [ "romprdb" ]; + ensureUsers = [ + { ensurePermissions = { "romprdb.*" = "ALL PRIVILEGES"; }; + name = user; } + ]; + }; +} diff --git a/makefu/2configs/pyload.nix b/makefu/2configs/pyload.nix new file mode 100644 index 000000000..3aa5048a4 --- /dev/null +++ b/makefu/2configs/pyload.nix @@ -0,0 +1,10 @@ +{pkgs, ... }: +{ + nixpkgs.config.unfreeRedistributable = true; + users.users.makefu.packages = with pkgs;[ + pyload + spidermonkey + tesseract + ]; + +} diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix new file mode 100644 index 000000000..be9ab026b --- /dev/null +++ b/makefu/2configs/share/gum-client.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + automount_opts = + [ "x-systemd.automount" + "noauto" "x-systemd.idle-timeout=600" + "x-systemd.device-timeout=5s" + "x-systemd.mount-timeout=5s" + ]; + host = "nextgum"; #TODO +in { + fileSystems."/media/download" = { + device = "//${host}/download"; + fsType = "cifs"; + options = automount_opts ++ + [ "credentials=/var/src/secrets/download.smb" + "file_mode=0775" + "dir_mode=0775" + "uid=9001" + ]; + }; + +} diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index f5942a0f7..cc59ce3cc 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -10,7 +10,7 @@ in { # description = "smb guest user"; # home = "/var/empty"; # }; - + environment.systemPackages = [ pkgs.samba ]; users.users.download.uid = genid "download"; services.samba = { enable = true; diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index ae97edd54..3d26cc574 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -12,7 +12,6 @@ virtmanager # Dev saleae-logic - arduino-user-env gitAndTools.gitFull signal-desktop ]; diff --git a/makefu/2configs/tools/mic92.nix b/makefu/2configs/tools/mic92.nix deleted file mode 100644 index 176e461c7..000000000 --- a/makefu/2configs/tools/mic92.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ - nixpkgs.overlays = [ - (import <mic92/nixos/overlays/mypackages>) - ]; - users.users.makefu.packages = [ - pkgs.nix-review - ]; -} diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix deleted file mode 100644 index 43d362ed9..000000000 --- a/makefu/2configs/vim.nix +++ /dev/null @@ -1,136 +0,0 @@ -{ config, pkgs, ... }: - -let - customPlugins.vim-better-whitespace = pkgs.vimUtils.buildVimPlugin { - name = "vim-better-whitespace"; - src = pkgs.fetchFromGitHub { - owner = "ntpeters"; - repo = "vim-better-whitespace"; - rev = "984c8da518799a6bfb8214e1acdcfd10f5f1eed7"; - sha256 = "10l01a8xaivz6n01x6hzfx7gd0igd0wcf9ril0sllqzbq7yx2bbk"; - }; - }; - -in { - - environment.systemPackages = [ - pkgs.python27Full # required for youcompleteme - (pkgs.vim_configurable.customize { - name = "vim"; - - vimrcConfig.customRC = '' - set nocompatible - syntax on - set list - set listchars=tab:▸\ - "set list listchars=tab:>-,trail:.,extends:> - - filetype off - filetype plugin indent on - - colorscheme darkblue - set background=dark - - set number - set relativenumber - set mouse=a - set ignorecase - set incsearch - set wildignore=*.o,*.obj,*.bak,*.exe,*.os - set textwidth=79 - set shiftwidth=2 - set expandtab - set softtabstop=2 - set shiftround - set smarttab - set tabstop=2 - set et - set autoindent - set backspace=indent,eol,start - - - inoremap <F1> <ESC> - nnoremap <F1> <ESC> - vnoremap <F1> <ESC> - - nnoremap <F5> :UndotreeToggle<CR> - set undodir =~/.vim/undo - set undofile - "maximum number of changes that can be undone - set undolevels=1000000 - "maximum number lines to save for undo on a buffer reload - set undoreload=10000000 - - nnoremap <F2> :set invpaste paste?<CR> - set pastetoggle=<F2> - set showmode - - set showmatch - set matchtime=3 - set hlsearch - - autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red - - - " save on focus lost - au FocusLost * :wa - - autocmd BufRead *.json set filetype=json - au BufNewFile,BufRead *.mustache set syntax=mustache - - cnoremap SudoWrite w !sudo tee > /dev/null % - - " create Backup/tmp/undo dirs - set backupdir=~/.vim/backup - set directory=~/.vim/tmp - - function! InitBackupDir() - let l:parent = $HOME . '/.vim/' - let l:backup = l:parent . 'backup/' - let l:tmpdir = l:parent . 'tmp/' - let l:undodir= l:parent . 'undo/' - - - if !isdirectory(l:parent) - call mkdir(l:parent) - endif - if !isdirectory(l:backup) - call mkdir(l:backup) - endif - if !isdirectory(l:tmpdir) - call mkdir(l:tmpdir) - endif - if !isdirectory(l:undodir) - call mkdir(l:undodir) - endif - endfunction - call InitBackupDir() - - augroup Binary - " edit binaries in xxd-output, xxd is part of vim - au! - au BufReadPre *.bin let &bin=1 - au BufReadPost *.bin if &bin | %!xxd - au BufReadPost *.bin set ft=xxd | endif - au BufWritePre *.bin if &bin | %!xxd -r - au BufWritePre *.bin endif - au BufWritePost *.bin if &bin | %!xxd - au BufWritePost *.bin set nomod | endif - augroup END - - - - ''; - - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins // customPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" - # "YouCompleteMe" - "vim-better-whitespace" ]; } - # vim-nix handles indentation better but does not perform sanity - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } - ]; - - }) - ]; -} diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index fa4eb827c..f06ce3d53 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,6 +2,7 @@ _: { imports = [ + ./state.nix ./populate.nix ./awesome-extra.nix ./deluge.nix diff --git a/makefu/3modules/state.nix b/makefu/3modules/state.nix new file mode 100644 index 000000000..461b90152 --- /dev/null +++ b/makefu/3modules/state.nix @@ -0,0 +1,9 @@ +{config, lib, pkgs, ... }: + +{ + options.state = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "state which is currently scattered on the machine"; + default = []; + }; +} diff --git a/makefu/5pkgs/arduino-user-env/default.nix b/makefu/5pkgs/arduino-user-env/default.nix deleted file mode 100644 index 7339c50a2..000000000 --- a/makefu/5pkgs/arduino-user-env/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, pkgs, ... }: let - -#TODO: make sure env exists prior to running -env_nix = pkgs.writeText "env.nix" '' - { pkgs ? import <nixpkgs> {} }: - - (pkgs.buildFHSUserEnv { - name = "arduino-user-env"; - targetPkgs = pkgs: with pkgs; [ - coreutils - ]; - multiPkgs = pkgs: with pkgs; [ - arduino - alsaLib - zlib - xorg.libXxf86vm - curl - openal - openssl_1_0_2 - xorg.libXext - xorg.libX11 - xorg.libXrandr - xorg.libXcursor - xorg.libXinerama - xorg.libXi - mesa_glu - ]; - runScript = "zsh"; - }).env -''; - - -in pkgs.writeDashBin "arduino-user-env" '' - nix-shell ${env_nix} -'' diff --git a/makefu/5pkgs/beef/Gemfile b/makefu/5pkgs/beef/Gemfile index 1420feffd..da13e1fb8 100644 --- a/makefu/5pkgs/beef/Gemfile +++ b/makefu/5pkgs/beef/Gemfile @@ -1,15 +1,16 @@ # BeEF's Gemfile # -# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net +# Copyright (c) 2006-2018 Wade Alcorn - wade@bindshell.net # Browser Exploitation Framework (BeEF) - http://beefproject.com # See the file 'doc/COPYING' for copying permission # gem 'eventmachine' gem 'thin' -gem 'sinatra' -gem 'rack', '~> 1.6.5' +gem 'sinatra', '~> 2.0' +gem 'rack', '~> 2.0' +gem 'rack-protection', '~> 2.0' gem 'em-websocket' # WebSocket support gem 'uglifier' gem 'mime-types' @@ -22,8 +23,7 @@ gem 'data_objects' gem 'rubyzip', '>= 1.2.1' gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice gem 'nokogiri', '>= 1.7' - -gem 'therubyracer' +gem 'rake' # SQLite support group :sqlite do @@ -52,11 +52,17 @@ gem 'dm-migrations' # Metasploit Integration extension group :ext_msf do gem 'msfrpc-client' + gem 'xmlrpc' end -# Twitter Notifications extension -group :ext_twitter do - #gem 'twitter', '>= 5.0.0' +# Notifications extension +group :ext_notifications do + # Pushover + gem 'rushover' + # Slack + gem 'slack-notifier' + # Twitter + gem 'twitter', '>= 5.0.0' end # DNS extension @@ -76,22 +82,24 @@ end # For running unit tests group :test do -if ENV['BEEF_TEST'] - gem 'rake' - gem 'test-unit' - gem 'test-unit-full' - gem 'curb' - gem 'selenium' - gem 'selenium-webdriver' - gem 'rspec' - gem 'bundler-audit' - # nokogirl is needed by capybara which may require one of the below commands - # sudo apt-get install libxslt-dev libxml2-dev - # sudo port install libxml2 libxslt - gem 'capybara' - # RESTful API tests/generic command module tests - gem 'rest-client', '>= 2.0.1' -end + if ENV['BEEF_TEST'] + gem 'test-unit' + gem 'test-unit-full' + gem 'rspec' + # curb gem requires curl libraries + # sudo apt-get install libcurl4-openssl-dev + gem 'curb' + # selenium-webdriver 3.x is incompatible with Firefox version 48 and prior + gem 'selenium' + gem 'selenium-webdriver', '~> 2.53.4' + # nokogirl is needed by capybara which may require one of the below commands + # sudo apt-get install libxslt-dev libxml2-dev + # sudo port install libxml2 libxslt + gem 'capybara' + # RESTful API tests/generic command module tests + gem 'rest-client', '>= 2.0.1' + gem 'byebug' + end end source 'https://rubygems.org' diff --git a/makefu/5pkgs/beef/Gemfile.lock b/makefu/5pkgs/beef/Gemfile.lock index d2e6ad45e..8f18bf220 100644 --- a/makefu/5pkgs/beef/Gemfile.lock +++ b/makefu/5pkgs/beef/Gemfile.lock @@ -4,8 +4,9 @@ GEM addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) ansi (1.5.0) - chunky_png (1.3.8) - daemons (1.2.4) + buftok (0.2.0) + chunky_png (1.3.10) + daemons (1.2.6) data_objects (0.10.17) addressable (~> 2.1) dm-core (1.2.1) @@ -26,48 +27,66 @@ GEM do_sqlite3 (~> 0.10.6) do_sqlite3 (0.10.17) data_objects (= 0.10.17) + domain_name (0.5.20180417) + unf (>= 0.0.5, < 1.0.0) em-websocket (0.5.1) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) + equalizer (0.0.11) erubis (2.7.0) espeak-ruby (1.0.4) eventmachine (1.0.9.1) execjs (2.7.0) fastercsv (1.5.5) filesize (0.1.1) - geoip (1.6.3) + geoip (1.6.4) + http (3.3.0) + addressable (~> 2.3) + http-cookie (~> 1.0) + http-form_data (~> 2.0) + http_parser.rb (~> 0.6.0) + http-cookie (1.0.3) + domain_name (~> 0.5) + http-form_data (2.1.1) http_parser.rb (0.6.0) jsobfu (0.4.2) rkelly-remix json (1.8.6) json_pure (1.8.6) - libv8 (3.16.14.19) + memoizable (0.4.2) + thread_safe (~> 0.3, >= 0.3.1) metasm (1.0.3) - mime-types (3.1) + mime-types (3.2.2) mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) + mime-types-data (3.2018.0812) mini_portile2 (2.3.0) mojo_magick (0.5.6) msfrpc-client (1.1.1) msgpack (~> 1) rex (~> 2) - msgpack (1.1.0) - multi_json (1.12.2) - nokogiri (1.8.1) + msgpack (1.2.4) + multi_json (1.13.1) + multipart-post (2.0.0) + mustermann (1.0.2) + naught (1.1.0) + netrc (0.11.0) + nokogiri (1.8.4) mini_portile2 (~> 2.3.0) parseconfig (1.0.8) - public_suffix (3.0.0) + public_suffix (3.0.3) qr4r (0.4.1) mojo_magick rqrcode - rack (1.6.8) - rack-protection (1.5.3) + rack (2.0.5) + rack-protection (2.0.3) rack - rainbow (2.2.2) - rake - rake (12.1.0) + rainbow (3.0.0) + rake (12.3.1) rb-readline (0.5.5) - ref (2.0.0) + rest-client (2.0.2) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) rex (2.0.11) filesize jsobfu (~> 0.4.1) @@ -86,23 +105,42 @@ GEM eventmachine (~> 1.0.0) rexec (~> 1.6.2) rubyzip (1.2.1) - sinatra (1.4.8) - rack (~> 1.5) - rack-protection (~> 1.4) - tilt (>= 1.3, < 3) + rushover (0.3.0) + json + rest-client + simple_oauth (0.3.1) + sinatra (2.0.3) + mustermann (~> 1.0) + rack (~> 2.0) + rack-protection (= 2.0.3) + tilt (~> 2.0) + slack-notifier (2.3.2) term-ansicolor (1.6.0) tins (~> 1.0) - therubyracer (0.12.3) - libv8 (~> 3.16.14.15) - ref thin (1.7.2) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) + thread_safe (0.3.6) tilt (2.0.8) - tins (1.15.0) - uglifier (3.2.0) + tins (1.16.3) + twitter (6.2.0) + addressable (~> 2.3) + buftok (~> 0.2.0) + equalizer (~> 0.0.11) + http (~> 3.0) + http-form_data (~> 2.0) + http_parser.rb (~> 0.6.0) + memoizable (~> 0.4.0) + multipart-post (~> 2.0) + naught (~> 1.0) + simple_oauth (~> 0.3.0) + uglifier (4.1.18) execjs (>= 0.3.0, < 3) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.5) + xmlrpc (0.3.0) PLATFORMS ruby @@ -126,14 +164,19 @@ DEPENDENCIES nokogiri (>= 1.7) parseconfig qr4r - rack (~> 1.6.5) + rack (~> 2.0) + rack-protection (~> 2.0) + rake rubydns (~> 0.7.3) rubyzip (>= 1.2.1) - sinatra + rushover + sinatra (~> 2.0) + slack-notifier term-ansicolor - therubyracer thin + twitter (>= 5.0.0) uglifier + xmlrpc BUNDLED WITH - 1.15.4 + 1.14.6 diff --git a/makefu/5pkgs/beef/db-in-homedir.patch b/makefu/5pkgs/beef/db-in-homedir.patch new file mode 100644 index 000000000..e8dd8e3db --- /dev/null +++ b/makefu/5pkgs/beef/db-in-homedir.patch @@ -0,0 +1,39 @@ +--- /beef 2018-08-16 19:03:55.199437566 +0200 ++++ /beef 2018-08-16 19:27:34.735985233 +0200 +@@ -110,9 +110,20 @@ + # + # @note Database setup - use DataMapper::Logger.new($stdout, :debug) for development debugging + # ++ ++# ++# @note Create ~/.beef/ ++# ++begin ++ FileUtils.mkdir_p($home_dir) unless File.directory?($home_dir) ++rescue => e ++ print_error "Could not create '#{$home_dir}': #{e.message}" ++end ++ + case config.get("beef.database.driver") + when "sqlite" +- DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}") ++ print_info "Using Database #{$home_dir}/#{config.get("beef.database.db_file")}" ++ DataMapper.setup(:default, "sqlite3://#{$home_dir}/#{config.get("beef.database.db_file")}") + when "mysql", "postgres" + DataMapper.setup(:default, + :adapter => config.get("beef.database.driver"), +@@ -162,14 +173,6 @@ + BeEF::Core::Console::Banners.print_network_interfaces_count + BeEF::Core::Console::Banners.print_network_interfaces_routes + +-# +-# @note Create ~/.beef/ +-# +-begin +- FileUtils.mkdir_p($home_dir) unless File.directory?($home_dir) +-rescue => e +- print_error "Could not create '#{$home_dir}': #{e.message}" +-end + + # + # @note Check whether we load the Console Shell or not diff --git a/makefu/5pkgs/beef/default.nix b/makefu/5pkgs/beef/default.nix index 82540cde9..d444dbded 100644 --- a/makefu/5pkgs/beef/default.nix +++ b/makefu/5pkgs/beef/default.nix @@ -1,4 +1,4 @@ -{ stdenv, bundlerEnv, ruby, fetchFromGitHub }: +{ stdenv, bundlerEnv, ruby, fetchFromGitHub, nodejs }: # nix-shell --command "bundler install && bundix" in the clone, copy gemset.nix, Gemfile and Gemfile.lock let gems = bundlerEnv { @@ -7,13 +7,17 @@ let gemdir = ./.; }; in stdenv.mkDerivation { - name = "beef-2017-09-21"; + name = "beef-2018-09-21"; src = fetchFromGitHub { owner = "beefproject"; repo = "beef"; - rev = "69aa2a3"; - sha256 = "1rky61i0wzpwcq3kqfa0m5hf6wyz8q8jgzs7dpfh04w9qh32ic4p"; + rev = "d237c95"; + sha256 = "1mykbjwjcbd2a18wycaf35hi3b9rmvqz1jnk2v55sd4c39f0jpf2"; }; + prePatch = '' + ls -alhtr + ''; + patches = [ ./db-in-homedir.patch ]; buildInputs = [gems ruby]; installPhase = '' mkdir -p $out/{bin,share/beef} @@ -25,13 +29,17 @@ in stdenv.mkDerivation { bin=$out/bin/beef cat > $bin <<EOF #!/bin/sh -e +PATH=$PATH:${nodejs}/bin/ exec ${gems}/bin/bundle exec ${ruby}/bin/ruby $out/share/beef/beef "\$@" EOF chmod +x $bin ''; - # crashes with segfault - # also, db cannot be set - meta.broken = true; + meta = with stdenv.lib; { + homepage = https://beefproject.com/; + description = "The Browser Exploitation Framework"; + platforms = platforms.linux; + maintainers = with maintainers; [ makefu ]; + }; } diff --git a/makefu/5pkgs/beef/gemset.nix b/makefu/5pkgs/beef/gemset.nix index b6af75d00..3ccd7340b 100644 --- a/makefu/5pkgs/beef/gemset.nix +++ b/makefu/5pkgs/beef/gemset.nix @@ -16,21 +16,29 @@ }; version = "1.5.0"; }; + buftok = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1rzsy1vy50v55x9z0nivf23y0r9jkmq6i130xa75pq9i8qrn1mxs"; + type = "gem"; + }; + version = "0.2.0"; + }; chunky_png = { source = { remotes = ["https://rubygems.org"]; - sha256 = "0j0dngz6s0j3s3zaf9vrimjz65s9k7ad1c3xmmldr1vmz8sbd843"; + sha256 = "05g2xli9wbjylkmblln3bhvjalziwb92q452q8ibjagmb853424w"; type = "gem"; }; - version = "1.3.8"; + version = "1.3.10"; }; daemons = { source = { remotes = ["https://rubygems.org"]; - sha256 = "1bmb4qrd95b5gl3ym5j3q6mf090209f4vkczggn49n56w6s6zldz"; + sha256 = "0lxqq6dgb8xhliywar2lvkwqy2ssraf9dk4b501pb4ixc2mvxbp2"; type = "gem"; }; - version = "1.2.4"; + version = "1.2.6"; }; data_objects = { dependencies = ["addressable"]; @@ -95,6 +103,15 @@ }; version = "0.10.17"; }; + domain_name = { + dependencies = ["unf"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0abdlwb64ns7ssmiqhdwgl27ly40x2l27l8hs8hn0z4kb3zd2x3v"; + type = "gem"; + }; + version = "0.5.20180417"; + }; em-websocket = { dependencies = ["eventmachine" "http_parser.rb"]; source = { @@ -104,6 +121,14 @@ }; version = "0.5.1"; }; + equalizer = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1kjmx3fygx8njxfrwcmn7clfhjhb6bvv3scy2lyyi0wqyi3brra4"; + type = "gem"; + }; + version = "0.0.11"; + }; erubis = { source = { remotes = ["https://rubygems.org"]; @@ -155,10 +180,36 @@ geoip = { source = { remotes = ["https://rubygems.org"]; - sha256 = "099hxng7h8i3pwibnassivj58iw1x7ygwq06qj6rx7j16iyz6rzx"; + sha256 = "1if16n4pjl2kshc0cqg7i03m55fspmlca6p9f4r66rpzw0v4d6jc"; type = "gem"; }; - version = "1.6.3"; + version = "1.6.4"; + }; + http = { + dependencies = ["addressable" "http-cookie" "http-form_data" "http_parser.rb"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1jlm5prw437wqpfxcigh88lfap3m7g8mnmj5as7qw6dzqnvrxwmc"; + type = "gem"; + }; + version = "3.3.0"; + }; + http-cookie = { + dependencies = ["domain_name"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "004cgs4xg5n6byjs7qld0xhsjq3n6ydfh897myr2mibvh6fjc49g"; + type = "gem"; + }; + version = "1.0.3"; + }; + http-form_data = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15lpn604byf7cyxnw949xz4rvpcknqp7a48q73nm630gqxsa76f3"; + type = "gem"; + }; + version = "2.1.1"; }; "http_parser.rb" = { source = { @@ -193,13 +244,14 @@ }; version = "1.8.6"; }; - libv8 = { + memoizable = { + dependencies = ["thread_safe"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "0271i5sfma05gvhmrmxqb0jj667bl6m54yd49ay6yrdbh1g4wpl1"; + sha256 = "0v42bvghsvfpzybfazl14qhkrjvx0xlmxz0wwqc960ga1wld5x5c"; type = "gem"; }; - version = "3.16.14.19"; + version = "0.4.2"; }; metasm = { source = { @@ -213,18 +265,18 @@ dependencies = ["mime-types-data"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "0087z9kbnlqhci7fxh9f6il63hj1k02icq2rs0c6cppmqchr753m"; + sha256 = "0fjxy1jm52ixpnv3vg9ld9pr9f35gy0jp66i1njhqjvmnvq0iwwk"; type = "gem"; }; - version = "3.1"; + version = "3.2.2"; }; mime-types-data = { source = { remotes = ["https://rubygems.org"]; - sha256 = "04my3746hwa4yvbx1ranhfaqkgf6vavi1kyijjnw8w3dy37vqhkm"; + sha256 = "07wvp0aw2gjm4njibb70as6rh5hi1zzri5vky1q6jx95h8l56idc"; type = "gem"; }; - version = "3.2016.0521"; + version = "3.2018.0812"; }; mini_portile2 = { source = { @@ -254,27 +306,59 @@ msgpack = { source = { remotes = ["https://rubygems.org"]; - sha256 = "0ck7w17d6b4jbb8inh1q57bghi9cjkiaxql1d3glmj1yavbpmlh7"; + sha256 = "09xy1wc4wfbd1jdrzgxwmqjzfdfxbz0cqdszq2gv6rmc3gv1c864"; type = "gem"; }; - version = "1.1.0"; + version = "1.2.4"; }; multi_json = { source = { remotes = ["https://rubygems.org"]; - sha256 = "1raim9ddjh672m32psaa9niw67ywzjbxbdb8iijx3wv9k5b0pk2x"; + sha256 = "1rl0qy4inf1mp8mybfk56dfga0mvx97zwpmq5xmiwl5r770171nv"; + type = "gem"; + }; + version = "1.13.1"; + }; + multipart-post = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "09k0b3cybqilk1gwrwwain95rdypixb2q9w65gd44gfzsd84xi1x"; + type = "gem"; + }; + version = "2.0.0"; + }; + mustermann = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "07sb7fckrraqh48fjnqf6yl7vxxabfx0qrsrhfdz67pd838g4k8g"; + type = "gem"; + }; + version = "1.0.2"; + }; + naught = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1wwjx35zgbc0nplp8a866iafk4zsrbhwwz4pav5gydr2wm26nksg"; type = "gem"; }; - version = "1.12.2"; + version = "1.1.0"; + }; + netrc = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0gzfmcywp1da8nzfqsql2zqi648mfnx6qwkig3cv36n9m0yy676y"; + type = "gem"; + }; + version = "0.11.0"; }; nokogiri = { dependencies = ["mini_portile2"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "105xh2zkr8nsyfaj2izaisarpnkrrl9000y3nyflg9cbzrfxv021"; + sha256 = "1h9nml9h3m0mpvmh8jfnqvblnz5n5y3mmhgfc38avfmfzdrq9bgc"; type = "gem"; }; - version = "1.8.1"; + version = "1.8.4"; }; parseconfig = { source = { @@ -287,10 +371,10 @@ public_suffix = { source = { remotes = ["https://rubygems.org"]; - sha256 = "0snaj1gxfib4ja1mvy3dzmi7am73i0mkqr0zkz045qv6509dhj5f"; + sha256 = "08q64b5br692dd3v0a9wq9q5dvycc6kmiqmjbdxkxbfizggsvx6l"; type = "gem"; }; - version = "3.0.0"; + version = "3.0.3"; }; qr4r = { dependencies = ["mojo_magick" "rqrcode"]; @@ -304,36 +388,35 @@ rack = { source = { remotes = ["https://rubygems.org"]; - sha256 = "19m7aixb2ri7p1n0iqaqx8ldi97xdhvbxijbyrrcdcl6fv5prqza"; + sha256 = "158hbn7rlc3czp2vivvam44dv6vmzz16qrh5dbzhfxbfsgiyrqw1"; type = "gem"; }; - version = "1.6.8"; + version = "2.0.5"; }; rack-protection = { dependencies = ["rack"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cvb21zz7p9wy23wdav63z5qzfn4nialik22yqp6gihkgfqqrh5r"; + sha256 = "1z5598qipilmnf45428jnxi63ykrgvnyywa5ckpr52zv2vpd8jdp"; type = "gem"; }; - version = "1.5.3"; + version = "2.0.3"; }; rainbow = { - dependencies = ["rake"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "08w2ghc5nv0kcq5b257h7dwjzjz1pqcavajfdx2xjyxqsvh2y34w"; + sha256 = "0bb2fpjspydr6x0s8pn1pqkzmxszvkfapv0p4627mywl7ky4zkhk"; type = "gem"; }; - version = "2.2.2"; + version = "3.0.0"; }; rake = { source = { remotes = ["https://rubygems.org"]; - sha256 = "0mfqgpp3m69s5v1rd51lfh5qpjwyia5p4rg337pw8c8wzm6pgfsw"; + sha256 = "1idi53jay34ba9j68c3mfr9wwkg3cd9qh0fn9cg42hv72c6q8dyg"; type = "gem"; }; - version = "12.1.0"; + version = "12.3.1"; }; rb-readline = { source = { @@ -343,13 +426,14 @@ }; version = "0.5.5"; }; - ref = { + rest-client = { + dependencies = ["http-cookie" "mime-types" "netrc"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "04p4pq4sikly7pvn30dc7v5x2m7fqbfwijci4z1y6a1ilwxzrjii"; + sha256 = "1hzcs2r7b5bjkf2x2z3n8z6082maz0j8vqjiciwgg3hzb63f958j"; type = "gem"; }; - version = "2.0.0"; + version = "2.0.2"; }; rex = { dependencies = ["filesize" "jsobfu" "json" "metasm" "nokogiri" "rb-readline" "robots"]; @@ -411,32 +495,48 @@ }; version = "1.2.1"; }; + rushover = { + dependencies = ["json" "rest-client"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0j6x61drcdfnbvgmkmrc92zw67acpfcz5h1a29sdf884zkwd1444"; + type = "gem"; + }; + version = "0.3.0"; + }; + simple_oauth = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0dw9ii6m7wckml100xhjc6vxpjcry174lbi9jz5v7ibjr3i94y8l"; + type = "gem"; + }; + version = "0.3.1"; + }; sinatra = { - dependencies = ["rack" "rack-protection" "tilt"]; + dependencies = ["mustermann" "rack" "rack-protection" "tilt"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "0byxzl7rx3ki0xd7aiv1x8mbah7hzd8f81l65nq8857kmgzj1jqq"; + sha256 = "1kyi55q4k4idv31h7l53hw0mnh50dwwrrsfm35j52jy7fc993m9r"; type = "gem"; }; - version = "1.4.8"; + version = "2.0.3"; }; - term-ansicolor = { - dependencies = ["tins"]; + slack-notifier = { source = { remotes = ["https://rubygems.org"]; - sha256 = "1b1wq9ljh7v3qyxkk8vik2fqx2qzwh5lval5f92llmldkw7r7k7b"; + sha256 = "1pkfn99dhy5s526r6k8d87fwwb6j287ga9s7lxqmh60z28xqh3bv"; type = "gem"; }; - version = "1.6.0"; + version = "2.3.2"; }; - therubyracer = { - dependencies = ["libv8" "ref"]; + term-ansicolor = { + dependencies = ["tins"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "1g95bzs2axjglyjyj6xvsywqgr80bnzlkw7mddxx1fdrak5wni2q"; + sha256 = "1b1wq9ljh7v3qyxkk8vik2fqx2qzwh5lval5f92llmldkw7r7k7b"; type = "gem"; }; - version = "0.12.3"; + version = "1.6.0"; }; thin = { dependencies = ["daemons" "eventmachine" "rack"]; @@ -447,6 +547,14 @@ }; version = "1.7.2"; }; + thread_safe = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0nmhcgq6cgz44srylra07bmaw99f5271l0dpsvl5f75m44l0gmwy"; + type = "gem"; + }; + version = "0.3.6"; + }; tilt = { source = { remotes = ["https://rubygems.org"]; @@ -458,18 +566,52 @@ tins = { source = { remotes = ["https://rubygems.org"]; - sha256 = "09whix5a7ics6787zrkwjmp16kqyh6560p9f317syks785805f7s"; + sha256 = "0g95xs4nvx5n62hb4fkbkd870l9q3y9adfc4h8j21phj9mxybkb8"; type = "gem"; }; - version = "1.15.0"; + version = "1.16.3"; + }; + twitter = { + dependencies = ["addressable" "buftok" "equalizer" "http" "http-form_data" "http_parser.rb" "memoizable" "multipart-post" "naught" "simple_oauth"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0fjyz3viabz3xs5d9aad18zgdbhfwm51jsnzigc8kxk77p1x58n5"; + type = "gem"; + }; + version = "6.2.0"; }; uglifier = { dependencies = ["execjs"]; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wmqvn4xncw6h3d5gp2a44170zwxfyj3iq4rsjp16zarvzbdmgnz"; + sha256 = "14r283lkhisq2sdccv8ngf10f2f18ly4nc3chz3kliw5nylbgznw"; + type = "gem"; + }; + version = "4.1.18"; + }; + unf = { + dependencies = ["unf_ext"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bh2cf73i2ffh4fcpdn9ir4mhq8zi50ik0zqa1braahzadx536a9"; + type = "gem"; + }; + version = "0.1.4"; + }; + unf_ext = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06p1i6qhy34bpb8q8ms88y6f2kz86azwm098yvcc0nyqk9y729j1"; + type = "gem"; + }; + version = "0.0.7.5"; + }; + xmlrpc = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s744iwblw262gj357pky3d9fcx9hisvla7rnw29ysn5zsb6i683"; type = "gem"; }; - version = "3.2.0"; + version = "0.3.0"; }; }
\ No newline at end of file diff --git a/makefu/5pkgs/bento4/default.nix b/makefu/5pkgs/bento4/default.nix new file mode 100644 index 000000000..07c64a101 --- /dev/null +++ b/makefu/5pkgs/bento4/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub +, pkgconfig +, cmake +}: +stdenv.mkDerivation rec { + name = "bento4-${version}"; + version = "1.5.1-624"; + + src = fetchFromGitHub { + owner = "axiomatic-systems"; + repo = "Bento4"; + rev = "v${version}"; + sha256 = "1cq6vhrq3n3lc1n454slbc66qdyqam2srxgdhfpyfxbq5c4y06nf"; + }; + + nativeBuildInputs = [ cmake pkgconfig ]; + installPhase = '' + mkdir -p $out/{lib,bin} + find -iname '*.so' -exec mv --target-directory="$out/lib" {} \; + find -maxdepth 1 -executable -type f -exec mv --target-directory="$out/bin" {} \; + ''; + + meta = with stdenv.lib; { + description = "Full-featured MP4 format and MPEG DASH library and tools"; + homepage = http://bento4.com; + license = licenses.gpl3; + maintainers = with maintainers; [ makefu ]; + platforms = with platforms; linux; + }; +} diff --git a/makefu/5pkgs/cozy-audiobooks/default.nix b/makefu/5pkgs/cozy-audiobooks/default.nix new file mode 100644 index 000000000..f1d655a0a --- /dev/null +++ b/makefu/5pkgs/cozy-audiobooks/default.nix @@ -0,0 +1,99 @@ +{ stdenv, fetchFromGitHub +, ninja +, boost +, meson +, pkgconfig +, wrapGAppsHook +, appstream-glib +, desktop-file-utils +, gtk3 +, glib +, gst_all_1 +, gobjectIntrospection +, python3Packages +, file +, cairo , sqlite , gettext +, gnome3 +}: + +let + peewee = with python3Packages; buildPythonPackage rec { + # https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/python-peewee + pname = "peewee"; + version = "3.6.4"; + src = fetchPypi { + inherit pname version; + sha256 = "1fi4z9n86ri79gllwav0gv3hmwipzmkvivzfyszfqn9fi5zpp3ak"; + }; + doCheck = false; + + checkPhase = '' + python runtests.py + ''; + + buildInputs = [ + cython + sqlite + # psycopg2 + # mysql-connector + ]; + meta.license = stdenv.lib.licenses.mit; + }; +in +stdenv.mkDerivation rec { + name = "cozy-${version}"; + version = "0.6.0"; + + src = fetchFromGitHub { + owner = "geigi"; + repo = "cozy"; + rev = version; + sha256 = "1afl3qsn9h4k8fgp63z0ab9p5ashrg3g936a9rh3i9qydv6s3srd"; + }; + + postPatch = '' + chmod +x data/meson_post_install.py + patchShebangs data/meson_post_install.py + substituteInPlace cozy/magic/magic.py --replace "ctypes.util.find_library('magic')" "'${file}/lib/libmagic${stdenv.hostPlatform.extensions.sharedLibrary}'" + ''; + postInstall = '' + wrapProgram $out/bin/com.github.geigi.cozy \ + --prefix PYTHONPATH : "$PYTHONPATH:$(toPythonPath $out)" + + ''; + wrapPrefixVariables = [ "PYTHONPATH" ]; + + + nativeBuildInputs = [ + meson ninja pkgconfig + wrapGAppsHook + appstream-glib + desktop-file-utils + gobjectIntrospection + + ]; + buildInputs = with gst_all_1; [ gtk3 glib + gstreamer gst-plugins-good gst-plugins-ugly gst-plugins-base cairo gettext + gnome3.defaultIconTheme gnome3.gsettings-desktop-schemas + ] + ++ (with python3Packages; [ + python gst-python pygobject3 dbus-python mutagen peewee magic + + ]); + + checkPhase = '' + ninja test + ''; + + #preInstall = '' + # export MESON_INSTALL_PREFIX=$out + #''; + + meta = with stdenv.lib; { + description = '' + Eval nix code from python. + ''; + maintainers = [ maintainers.makefu ]; + license = licenses.mit; + }; +} diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index b1d6df67e..390c13ffe 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -1,6 +1,5 @@ -with import <stockholm/lib>; -self: super: let - +self: super: +with super.lib; with builtins; let # This callPackage will try to detect obsolete overrides. callPackage = path: args: let override = super.callPackage path args; @@ -15,6 +14,7 @@ self: super: let override else override; + eq = x: y: x == y; subdirsOf = path: mapAttrs (name: _: path + "/${name}") (filterAttrs (_: eq "directory") (readDir path)); @@ -40,6 +40,6 @@ in { }; } -// mapAttrs (_: flip callPackage {}) +// (mapAttrs (_: flip callPackage {}) (filterAttrs (_: dir: pathExists (dir + "/default.nix")) - (subdirsOf ./.)) + (subdirsOf ./.))) diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix index 3df67d07e..1f353e477 100644 --- a/makefu/5pkgs/drozer/default.nix +++ b/makefu/5pkgs/drozer/default.nix @@ -1,15 +1,16 @@ -{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7 }: +{ pkgs, lib, fetchFromGitHub, pythonPackages, jre, jdk }: pythonPackages.buildPythonApplication rec { name = "drozer-${version}"; version = "2.4.3"; - buildInputs = [ jdk7 ]; + buildInputs = [ jdk ]; propagatedBuildInputs = with pythonPackages; [ protobuf pyopenssl pyyaml + service-identity ] ++ [ - jre7 + jre twisted ]; src = fetchFromGitHub { @@ -19,7 +20,7 @@ pythonPackages.buildPythonApplication rec { sha256 = "1z437y7rr53dhpi95yc2c3x8g4aix90y7zf52avcdsvhlp4iip3q"; }; prePatch = '' - sed -i 's#^exec java #exec ${jre7}/bin/java #' ./src/drozer/lib/dx + sed -i 's#^exec java #exec ${jre}/bin/java #' ./src/drozer/lib/dx patchShebangs ./src/drozer/lib/dx patchelf $(cat $NIX_CC/nix-support/dynamic-linker) ./src/drozer/lib/aapt echo starting build diff --git a/makefu/5pkgs/ifdnfc/default.nix b/makefu/5pkgs/ifdnfc/default.nix new file mode 100644 index 000000000..cc7956c8c --- /dev/null +++ b/makefu/5pkgs/ifdnfc/default.nix @@ -0,0 +1,45 @@ +{ stdenv, fetchFromGitHub , pkgconfig +, pcsclite +, autoreconfHook +, libnfc +}: + +stdenv.mkDerivation rec { + name = "ifdnfc-${version}"; + version = "2016-03-01"; + + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = "ifdnfc"; + rev = "0e48e8e"; + sha256 = "1cxnvhhlcbm8h49rlw5racspb85fmwqqhd3gzzpzy68vrs0b37vg"; + }; + nativeBuildInputs = [ pkgconfig autoreconfHook ]; + buildInputs = [ pcsclite libnfc ]; + + configureFlags = [ "--prefix=$(out)" ]; + makeFlags = [ "DESTDIR=/" "usbdropdir=$(out)/pcsc/drivers" ]; + + meta = with stdenv.lib; { + description = "PC/SC IFD Handler based on libnfc"; + long_description = + '' libnfc Interface Plugin to be used in <code>services.pcscd.plugins</code>. + It provides support for all readers which are not supported by ccid but by libnfc. + + For activating your reader you need to run + <code>ifdnfc-activate yes<code> with this package in your + <code>environment.systemPackages</code> + + To use your reader you may need to blacklist your reader kernel modules: + <code>boot.blacklistedKernelModules = [ "pn533" "pn533_usb" "nfc" ];</code> + + Supports the pn533 smart-card reader chip which is for example used in + the SCM SCL3711. + ''; + homepage = https://github.com/nfc-tools/ifdnfc; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ makefu ]; + }; +} + diff --git a/makefu/5pkgs/nur.nix b/makefu/5pkgs/nur.nix new file mode 100644 index 000000000..b0607671b --- /dev/null +++ b/makefu/5pkgs/nur.nix @@ -0,0 +1,7 @@ +{ pkgs ? import <nixpkgs> {} }: + +{ + overlays.full = import ./default.nix; + pkgs = import ./default.nix pkgs pkgs; +} // (import ./default.nix pkgs pkgs) + diff --git a/makefu/krops.nix b/makefu/krops.nix new file mode 100644 index 000000000..9a701dcac --- /dev/null +++ b/makefu/krops.nix @@ -0,0 +1,88 @@ +{ config ? config, name, target ? name }: let + krops = builtins.fetchGit { + url = https://cgit.krebsco.de/krops/; + rev = "4e466eaf05861b47365c5ef46a31a188b70f3615"; + }; + nixpkgs-src = lib.importJSON ./nixpkgs.json; + + lib = import "${krops}/lib"; + pkgs = import "${krops}/pkgs" {}; + + host-src = { + secure = false; + full = false; + torrent = false; + hw = false; + musnix = false; + python = false; + unstable = false; #unstable channel checked out + mic92 = false; + nms = false; + clever_kexec = false; + } // import (./. + "/1systems/${name}/source.nix"); + source = { test }: lib.evalSource [ + { + # nixos-18.03 @ 2018-08-06 + # + do_sqlite3 ruby: 55a952be5b5 + # + exfat-nofuse bump: ee6a5296a35 + # + uhub/sqlite: 5dd7610401747 + nixpkgs = if test || host-src.full then { + git.ref = nixpkgs-src.rev; + git.url = nixpkgs-src.url; + } else { + file = "/home/makefu/store/${nixpkgs-src.rev}"; + }; + nixos-config.symlink = "stockholm/makefu/1systems/${name}/config.nix"; + + stockholm.file = toString ./..; + secrets = if test then { + file = toString ./0tests/data/secrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.secrets-pass"; + inherit name; + }; + }; + } + (lib.mkIf (host-src.torrent) { + torrent-secrets = if test then { + file = toString ./0tests/data/secrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.secrets-pass"; + name = "torrent"; + }; + }; + }) + (lib.mkIf ( host-src.musnix ) { + musnix.git = { + url = https://github.com/musnix/musnix.git; + ref = "master"; # follow the musnix channel, lets see how this works out + }; + }) + (lib.mkIf ( host-src.hw ) { + nixos-hardware.git = { + url = https://github.com/nixos/nixos-hardware.git; + ref = "30fdd53"; + }; + }) + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${target}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-krops-test-src"; + }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; +} diff --git a/makefu/nixpkgs.json b/makefu/nixpkgs.json new file mode 100644 index 000000000..f39bb6688 --- /dev/null +++ b/makefu/nixpkgs.json @@ -0,0 +1,7 @@ +{ + "url": "https://github.com/makefu/nixpkgs", + "rev": "8f991294288b27b9dec05cc1e07ec6a360bb39c8", + "date": "2018-08-06T14:29:01+02:00", + "sha256": "0zan8kdjk1pwdzm1rwc3ka87k11j0zmw4mdnj70r6pm38x2fa9n6", + "fetchSubmodules": true +} diff --git a/makefu/update-channel.sh b/makefu/update-channel.sh new file mode 100755 index 000000000..59d3c434f --- /dev/null +++ b/makefu/update-channel.sh @@ -0,0 +1,9 @@ +#!/bin/sh +dir=$(dirname $0) +oldref=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ + --url https://github.com/makefu/nixpkgs \ + --rev refs/heads/master' \ +> $dir/nixpkgs.json +newref=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') +echo git commit $dir/nixpkgs.json -m "nixpkgs: $oldref -> $newref" diff --git a/nin/krops.nix b/nin/krops.nix new file mode 100644 index 000000000..2ba896419 --- /dev/null +++ b/nin/krops.nix @@ -0,0 +1,40 @@ +{ name }: let + inherit (import ../krebs/krops.nix { inherit name; }) + krebs-source + lib + pkgs + ; + + source = { test }: lib.evalSource [ + krebs-source + { + nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; + secrets = if test then { + file = toString ./0tests/dummysecrets; + } else { + pass = { + dir = "${lib.getEnv "HOME"}/.password-store"; + name = "hosts/${name}"; + }; + }; + } + ]; + +in { + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy) + deploy = pkgs.krops.writeDeploy "${name}-deploy" { + source = source { test = false; }; + target = "root@${name}/var/src"; + }; + + # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A test) + test = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/tmp/${name}-stockholm-test"; + }; + + ci = pkgs.krops.writeTest "${name}-test" { + source = source { test = true; }; + target = "${lib.getEnv "HOME"}/stockholm-build"; + }; +} diff --git a/submodules/nix-writers b/submodules/nix-writers -Subproject 4d0829328e885a6d7163b513998a975e60dd0a7 +Subproject 5d79992262e8f16a3efa985375be74abea3bb39 diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 06875038d..74fb5215a 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -18,6 +18,10 @@ let { }; }; + cgit-clear-cache = pkgs.cgit-clear-cache.override { + inherit (config.krebs.git.cgit.settings) cache-root; + }; + repos = public-repos // optionalAttrs config.krebs.build.host.secure restricted-repos; @@ -97,8 +101,11 @@ let { { brain = { collaborators = with config.krebs.users; [ lass makefu ]; - hooks.post-receive = irc-announce { - cgit_endpoint = null; + hooks = { + post-receive = /* sh */ '' + (${irc-announce { cgit_endpoint = null; }}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; }; }; } // @@ -117,14 +124,24 @@ let { make-public-repo = name: { cgit ? {}, ... }: { inherit cgit name; public = true; - hooks = optionalAttrs (config.krebs.build.host.name == "ni") { - post-receive = irc-announce {}; + hooks = { + post-receive = /* sh */ '' + (${optionalString (config.krebs.build.host.name == "ni") + (irc-announce {})}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; }; }; make-restricted-repo = name: { collaborators ? [], hooks ? {}, ... }: { - inherit collaborators hooks name; + inherit collaborators name; public = false; + hooks = hooks // { + post-receive = /* sh */ '' + (${hooks.post-receive or ""}) + ${cgit-clear-cache}/bin/cgit-clear-cache + ''; + }; }; make-rules = |