summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/bepasty-server.nix8
-rw-r--r--krebs/3modules/ci.nix6
-rw-r--r--krebs/3modules/lass/default.nix1
-rw-r--r--krebs/3modules/setuid.nix4
-rw-r--r--krebs/5pkgs/simple/kpaste/default.nix5
-rw-r--r--krebs/5pkgs/simple/krebspaste/default.nix12
-rw-r--r--lass/1systems/blue/config.nix2
-rw-r--r--lass/1systems/mors/config.nix2
-rw-r--r--lass/2configs/hw/x220.nix5
-rw-r--r--lass/2configs/paste.nix10
-rw-r--r--lass/2configs/syncthing.nix1
-rw-r--r--lass/3modules/usershadow.nix27
-rw-r--r--lib/types.nix2
-rw-r--r--tv/5pkgs/simple/utsushi.nix25
14 files changed, 76 insertions, 34 deletions
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index e12367b7c..94a509520 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -2,10 +2,10 @@
with import <stockholm/lib>;
let
- gunicorn = pkgs.pythonPackages.gunicorn;
- bepasty = pkgs.bepasty;
- gevent = pkgs.pythonPackages.gevent;
- python = pkgs.pythonPackages.python;
+ gunicorn = pkgs.python27Packages.gunicorn;
+ bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; };
+ gevent = pkgs.python27Packages.gevent;
+ python = pkgs.python27Packages.python;
cfg = config.krebs.bepasty;
out = {
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index a47dbe611..244de1a0d 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -108,10 +108,12 @@ let
name=str(new_step),
command=[
"${pkgs.writeDash "build-stepper.sh" ''
- set -efu
+ set -xefu
profile=${shell.escape profileRoot}/$build_name
result=$("$build_script")
- ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
+ if [ -n "$result" ]; then
+ ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result"
+ fi
''}"
],
env={
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index a3b8cab39..3396c2802 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -20,6 +20,7 @@ in {
extraZones = {
"krebsco.de" = ''
cache IN A ${nets.internet.ip4.addr}
+ p IN A ${nets.internet.ip4.addr}
paste IN A ${nets.internet.ip4.addr}
prism IN A ${nets.internet.ip4.addr}
'';
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index 3ba598a45..97cf21cdd 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -21,8 +21,8 @@ let
default = config._module.args.name;
};
envp = mkOption {
- type = types.attrsOf types.str;
- default = {};
+ type = types.nullOr (types.attrsOf types.str);
+ default = null;
};
filename = mkOption {
type = mkOptionType {
diff --git a/krebs/5pkgs/simple/kpaste/default.nix b/krebs/5pkgs/simple/kpaste/default.nix
index d6823d584..217cb8a44 100644
--- a/krebs/5pkgs/simple/kpaste/default.nix
+++ b/krebs/5pkgs/simple/kpaste/default.nix
@@ -1,5 +1,6 @@
-{ curl, writeDashBin }:
+{ curl, gnused, writeDashBin }:
writeDashBin "kpaste" ''
- exec ${curl}/bin/curl -sS http://p.r --data-binary @-
+ ${curl}/bin/curl -sS http://p.r --data-binary @- |
+ ${gnused}/bin/sed '$ {p;s/\<r\>/krebsco.de/}'
''
diff --git a/krebs/5pkgs/simple/krebspaste/default.nix b/krebs/5pkgs/simple/krebspaste/default.nix
index a11c8c90a..d97b6a053 100644
--- a/krebs/5pkgs/simple/krebspaste/default.nix
+++ b/krebs/5pkgs/simple/krebspaste/default.nix
@@ -1,6 +1,12 @@
-{ writeDashBin, bepasty-client-cli }:
+{ bepasty-client-cli, gnused, writeDashBin }:
-# TODO use `pkgs.exec` instead?
writeDashBin "krebspaste" ''
- exec ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" | sed '$ s/$/\/+inline/g'
+ ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" |
+ ${gnused}/bin/sed '
+ $ {
+ s/$/\/+inline/
+ p
+ s/\<r\>/krebsco.de/
+ }
+ '
''
diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix
index a287f548b..43c80d52f 100644
--- a/lass/1systems/blue/config.nix
+++ b/lass/1systems/blue/config.nix
@@ -15,9 +15,11 @@ with import <stockholm/lib>;
krebs.syncthing.folders = [
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
+ { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
];
environment.shellAliases = {
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index fa5fb5518..52bcc9e15 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -52,10 +52,12 @@ with import <stockholm/lib>;
krebs.syncthing.folders = [
{ id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; }
{ id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; }
+ { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
];
lass.ensure-permissions = [
{ folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; }
{ folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
+ { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
];
}
{
diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix
index f5651da13..5649041f9 100644
--- a/lass/2configs/hw/x220.nix
+++ b/lass/2configs/hw/x220.nix
@@ -30,8 +30,7 @@
};
};
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
}
diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix
index 293691c0f..3c3d8e636 100644
--- a/lass/2configs/paste.nix
+++ b/lass/2configs/paste.nix
@@ -10,6 +10,16 @@ with import <stockholm/lib>;
proxy_pass http://localhost:9081;
'';
};
+ services.nginx.virtualHosts.paste-readonly = {
+ serverAliases = [ "p.krebsco.de" ];
+ locations."/".extraConfig = ''
+ if ($request_method != GET) {
+ return 403;
+ }
+ proxy_set_header Host $host;
+ proxy_pass http://localhost:9081;
+ '';
+ };
krebs.htgen.paste = {
port = 9081;
script = toString [
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 842abc195..d8b3c9f90 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
services.syncthing = {
enable = true;
group = "syncthing";
+ configDir = "/var/lib/syncthing";
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix
index cb2890969..d967a108a 100644
--- a/lass/3modules/usershadow.nix
+++ b/lass/3modules/usershadow.nix
@@ -31,13 +31,20 @@
session required pam_loginuid.so
'';
- security.pam.services.dovecot2.text = ''
- auth required pam_exec.so expose_authtok ${usershadow}/bin/verify_pam ${cfg.pattern}
- auth required pam_permit.so
- account required pam_permit.so
- session required pam_permit.so
- session required pam_env.so envfile=${config.system.build.pamEnvironment}
- '';
+ security.pam.services.dovecot2 = {
+ text = ''
+ auth required pam_exec.so debug expose_authtok log=/tmp/lol /run/wrappers/bin/shadow_verify_pam ${cfg.pattern}
+ auth required pam_permit.so
+ account required pam_permit.so
+ session required pam_permit.so
+ session required pam_env.so envfile=${config.system.build.pamEnvironment}
+ '';
+ };
+
+ security.wrappers.shadow_verify_pam = {
+ source = "${usershadow}/bin/verify_pam";
+ owner = "root";
+ };
};
usershadow = let {
@@ -46,10 +53,13 @@
"bytestring"
];
body = pkgs.writeHaskellPackage "passwords" {
+ ghc-options = [
+ "-rtsopts"
+ "-Wall"
+ ];
executables.verify_pam = {
extra-depends = deps;
text = ''
- import Data.Monoid
import System.IO
import Data.Char (chr)
import System.Environment (getEnv, getArgs)
@@ -72,7 +82,6 @@
executables.verify_arg = {
extra-depends = deps;
text = ''
- import Data.Monoid
import System.Environment (getArgs)
import Crypto.PasswordStore (verifyPasswordWith, pbkdf2)
import qualified Data.ByteString.Char8 as BS8
diff --git a/lib/types.nix b/lib/types.nix
index 9001bc7c3..23919af38 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -89,7 +89,7 @@ rec {
syncthing.id = mkOption {
# TODO syncthing id type
- type = nullOr string;
+ type = nullOr str;
default = null;
};
};
diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix
index 55e8800a6..0ae4ed880 100644
--- a/tv/5pkgs/simple/utsushi.nix
+++ b/tv/5pkgs/simple/utsushi.nix
@@ -51,13 +51,19 @@ let
src =
if stdenv.system == "i686-linux" then
fetchurl {
- url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x86.deb.tar.gz";
- sha256 = "16xv1pdfm2ryis815fawb7zqg6c4swww726g272ssx044r5dp80r";
+ urls = [
+ "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x86/imagescan-bundle-debian-9-3.55.0.x86.deb.tar.gz"
+ "http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-9-3.55.0.x86.deb.tar.gz"
+ ];
+ sha256 = "12syk4y8z22hm9r1lgxqp81vd24jbqgmq83b7yiyqfd4wfxb6k3s";
}
else if stdenv.system == "x86_64-linux" then
fetchurl {
- url = "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-1.3.21.x64.deb.tar.gz";
- sha256 = "0zik35h2jwrvkwcmq55wc72imidwdnmn1bayhypzhjcz61rasjg2";
+ urls = [
+ "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-3.55.0.x64.deb.tar.gz"
+ "http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-9-3.55.0.x64.deb.tar.gz"
+ ];
+ sha256 = "1wp372hqhzdar6ldxy7s9js2s872x8c5nwq3608dwg9gca11ppc5";
}
else throw "${name} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)";
@@ -92,7 +98,7 @@ let
license = stdenv.lib.licenses.eapl;
maintainers = [ stdenv.lib.maintainers.tv ];
platforms = stdenv.lib.platforms.linux;
- version = "1.1.0";
+ version = "1.1.2";
};
};
@@ -102,8 +108,11 @@ stdenv.mkDerivation rec {
name = "utsushi-${meta.version}";
src = fetchurl {
- url = "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz";
- sha256 = "1gmiimwkcyzbkfr25vzqczjhgh90fgxd96agbnkpf9gah1mpd6qj";
+ urls = [
+ "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${meta.version}.orig.tar.gz"
+ "http://ni.r/~tv/mirrors/epson/imagescan_${meta.version}.orig.tar.gz"
+ ];
+ sha256 = "0xwl4xp07cigslbi1qc52jsjvxcyvjlx54g812mn7211p01v2h4l";
};
preConfigure = ''
@@ -203,6 +212,6 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl3;
maintainers = [ stdenv.lib.maintainers.tv ];
platforms = stdenv.lib.platforms.linux;
- version = "3.54.0";
+ version = "3.55.0";
};
}