diff options
55 files changed, 387 insertions, 396 deletions
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/krebs/0tests/data/secrets/initrd/host_ecdsa.pub index e69de29bb..e69de29bb 100644 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem +++ b/krebs/0tests/data/secrets/initrd/host_ecdsa.pub diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/krebs/0tests/data/secrets/initrd/host_ecdsa_key index e69de29bb..e69de29bb 100644 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key +++ b/krebs/0tests/data/secrets/initrd/host_ecdsa_key diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/krebs/0tests/data/secrets/initrd/hostname index e69de29bb..e69de29bb 100644 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem +++ b/krebs/0tests/data/secrets/initrd/hostname diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/krebs/0tests/data/secrets/initrd/hs_ed25519_public_key index e69de29bb..e69de29bb 100644 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt +++ b/krebs/0tests/data/secrets/initrd/hs_ed25519_public_key diff --git a/krebs/0tests/data/secrets/initrd/hs_ed25519_secret_key b/krebs/0tests/data/secrets/initrd/hs_ed25519_secret_key new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/initrd/hs_ed25519_secret_key diff --git a/krebs/0tests/data/secrets/initrd/openssh_host_ecdsa_key b/krebs/0tests/data/secrets/initrd/openssh_host_ecdsa_key new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/initrd/openssh_host_ecdsa_key diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix index 574618e39..1e7fa7872 100644 --- a/krebs/1systems/filebitch/hardware-configuration.nix +++ b/krebs/1systems/filebitch/hardware-configuration.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; + keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; in { imports = @@ -19,7 +19,7 @@ in boot.tmpOnTmpfs = true; - boot.initrd.availableKernelModules = [ + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" "raid456" "usbhid" @@ -77,20 +77,18 @@ in networking.hostId = "54d97450"; # required for zfs use boot.initrd.luks.devices = let - usbkey = name: device: { - inherit name device keyFile; + usbkey = device: { + inherit device keyFile; keyFileSize = 2048; preLVM = true; }; - in [ - ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) - // { allowDiscards = true; } ) - ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) - // { allowDiscards = true; } ) - (usbkey "125" "/dev/md125") - (usbkey "126" "/dev/md126") - (usbkey "127" "/dev/md127") - ]; - - + in { + swap = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) + // { allowDiscards = true; } ); + root = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) + // { allowDiscards = true; } ); + md125 = usbkey "/dev/md125"; + md126 = usbkey "/dev/md126"; + md127 = usbkey "/dev/md127"; + }; } diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index bb84b1873..c0fa38284 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,7 +12,6 @@ <stockholm/krebs/2configs/buildbot-stockholm.nix> <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/ircd.nix> - <stockholm/krebs/2configs/nscd-fix.nix> <stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/wiki.nix> ]; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 08a3392bd..0cadc3a10 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -7,19 +7,104 @@ <stockholm/krebs/2configs/secret-passwords.nix> <stockholm/krebs/2configs/hw/x220.nix> + + ## initrd unlocking + # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase' + <stockholm/krebs/2configs/tor/initrd.nix> + <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> <stockholm/krebs/2configs/go.nix> <stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/news.nix> <stockholm/krebs/2configs/news-spam.nix> + + ### shackspace + # handle the worlddomination map via coap + <stockholm/krebs/2configs/shack/worlddomination.nix> <stockholm/krebs/2configs/shack/ssh-keys.nix> + + # drivedroid.shack for shackphone + <stockholm/krebs/2configs/shack/drivedroid.nix> + # <stockholm/krebs/2configs/shack/nix-cacher.nix> + + # Say if muell will be collected + <stockholm/krebs/2configs/shack/muell_caller.nix> + # provide muellshack api: muell.shack + <stockholm/krebs/2configs/shack/muellshack.nix> + # send mail if muell was not handled + <stockholm/krebs/2configs/shack/muell_mail.nix> + + # provide light control api + <stockholm/krebs/2configs/shack/node-light.nix> # light.shack lounge.light.shack power.light.shack openhab.shack lightapi.shack + # light.shack web-ui + <stockholm/krebs/2configs/shack/light.shack.nix> #light.shack + + # powerraw usb serial to mqtt and raw socket + <stockholm/krebs/2configs/shack/powerraw.nix> # powerraw.shack standby.shack + # send power stats to s3 + <stockholm/krebs/2configs/shack/s3-power.nix> # powerraw.shack must be available + + + { # do not log to /var/spool/log + services.nginx.appendHttpConfig = '' + map $request_method $loggable { + default 1; + GET 0; + } + log_format vhost '$host $remote_addr - $remote_user ' + '[$time_local] "$request" $status ' + '$body_bytes_sent "$http_referer" ' + '"$http_user_agent"'; + error_log stderr; + access_log syslog:server=unix:/dev/log vhost; + ''; + services.journald.rateLimitBurst = 10000; + } + + # create samba share for anonymous usage with the laser and 3d printer pc + <stockholm/krebs/2configs/shack/share.nix> + + # mobile.lounge.mpd.shack + <stockholm/krebs/2configs/shack/mobile.mpd.nix> + + # hass.shack + <stockholm/krebs/2configs/shack/glados> + + # connect to git.shackspace.de as group runner for rz + <stockholm/krebs/2configs/shack/gitlab-runner.nix> + + # Statistics collection and visualization + # <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully) + ## Collect data from mqtt.shack and store in graphite database + <stockholm/krebs/2configs/shack/mqtt_sub.nix> + ## Collect radioactive data and put into graphite + <stockholm/krebs/2configs/shack/radioactive.nix> + ## mqtt.shack + <stockholm/krebs/2configs/shack/mqtt.nix> + ## influx.shack + <stockholm/krebs/2configs/shack/influx.nix> + + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/shack-client.nix> + <stockholm/krebs/2configs/stats/shack-debugging.nix> + + ## netbox.shack: Netbox is disabled as nobody seems to be using it anyway + # <stockholm/krebs/2configs/shack/netbox.nix> + + # grafana.shack + <stockholm/krebs/2configs/shack/grafana.nix> + + # shackdns.shack + # replacement for leases.shack and shackles.shack + <stockholm/krebs/2configs/shack/shackDNS.nix> + + # monitoring: prometheus.shack <stockholm/krebs/2configs/shack/prometheus/node.nix> <stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/blackbox.nix> <stockholm/krebs/2configs/shack/prometheus/unifi.nix> <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix> - <stockholm/krebs/2configs/shack/gitlab-runner.nix> ## Collect local statistics via collectd and send to collectd <stockholm/krebs/2configs/stats/shack-client.nix> diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 0160f9ebb..25e7c5f06 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -14,85 +14,15 @@ in <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> - # handle the worlddomination map via coap - <stockholm/krebs/2configs/shack/worlddomination.nix> - <stockholm/krebs/2configs/shack/ssh-keys.nix> + #### shackspace services + <stockholm/krebs/2configs/shack/share.nix> # wolf.shack - # drivedroid.shack for shackphone - <stockholm/krebs/2configs/shack/drivedroid.nix> - # <stockholm/krebs/2configs/shack/nix-cacher.nix> - # Say if muell will be collected - <stockholm/krebs/2configs/shack/muell_caller.nix> - # provide muellshack api - <stockholm/krebs/2configs/shack/muellshack.nix> - # provide light control api - <stockholm/krebs/2configs/shack/node-light.nix> - # light.shack web-ui - <stockholm/krebs/2configs/shack/light.shack.nix> - # send mail if muell was not handled - <stockholm/krebs/2configs/shack/muell_mail.nix> - # send mail if muell was not handled - <stockholm/krebs/2configs/shack/s3-power.nix> - # powerraw usb serial to mqtt and raw socket - <stockholm/krebs/2configs/shack/powerraw.nix> - - { # do not log to /var/spool/log - services.nginx.appendHttpConfig = '' - map $request_method $loggable { - default 1; - GET 0; - } - log_format vhost '$host $remote_addr - $remote_user ' - '[$time_local] "$request" $status ' - '$body_bytes_sent "$http_referer" ' - '"$http_user_agent"'; - error_log stderr; - access_log syslog:server=unix:/dev/log vhost; - ''; - services.journald.rateLimitBurst = 10000; - } - - # create samba share for anonymous usage with the laser and 3d printer pc - <stockholm/krebs/2configs/shack/share.nix> - - # mobile.lounge.mpd.shack - <stockholm/krebs/2configs/shack/mobile.mpd.nix> - - # hass.shack - <stockholm/krebs/2configs/shack/glados> - - # connect to git.shackspace.de as group runner for rz + # gitlab runner <stockholm/krebs/2configs/shack/gitlab-runner.nix> - - # Statistics collection and visualization - # <stockholm/krebs/2configs/shack/graphite.nix> # graphiteApi is broken and unused(hopefully) - ## Collect data from mqtt.shack and store in graphite database - <stockholm/krebs/2configs/shack/mqtt_sub.nix> - ## Collect radioactive data and put into graphite - <stockholm/krebs/2configs/shack/radioactive.nix> - ## mqtt.shack - <stockholm/krebs/2configs/shack/mqtt.nix> - ## influx.shack - <stockholm/krebs/2configs/shack/influx.nix> - - ## Collect local statistics via collectd and send to collectd - <stockholm/krebs/2configs/stats/shack-client.nix> - <stockholm/krebs/2configs/stats/shack-debugging.nix> - - <stockholm/krebs/2configs/shack/netbox.nix> - # prometheus.shack - #<stockholm/krebs/2configs/shack/prometheus/server.nix> - <stockholm/krebs/2configs/shack/prometheus/node.nix> - #<stockholm/krebs/2configs/shack/prometheus/unifi.nix> - # grafana.shack - <stockholm/krebs/2configs/shack/grafana.nix> - - # shackdns.shack - # replacement for leases.shack and shackles.shack - <stockholm/krebs/2configs/shack/shackDNS.nix> - # misc + <stockholm/krebs/2configs/shack/ssh-keys.nix> <stockholm/krebs/2configs/save-diskspace.nix> + <stockholm/krebs/2configs/shack/prometheus/node.nix> ]; # use your own binary cache, fallback use cache.nixos.org (which is used by diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 3442272ec..f56f6045a 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -43,7 +43,6 @@ with import <stockholm/lib>; ]; }; services.cron.enable = false; - services.nscd.enable = false; services.ntp.enable = false; users.mutableUsers = false; diff --git a/krebs/2configs/gitlab-runner-shackspace.nix b/krebs/2configs/gitlab-runner-shackspace.nix deleted file mode 100644 index f4247b6da..000000000 --- a/krebs/2configs/gitlab-runner-shackspace.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, ... }: -let - url = "https://git.shackspace.de/"; - # generate token from CI-token via: - ## gitlab-runner register - ## cat /etc/gitlab-runner/config.toml - token = import <secrets/shackspace-gitlab-ci-token.nix> ; -in { - systemd.services.gitlab-runner.path = [ - "/run/wrappers" # /run/wrappers/bin/su - "/" # /bin/sh - ]; - systemd.services.gitlab-runner.serviceConfig.PrivateTmp = true; - virtualisation.docker.enable = true; - services.gitlab-runner = { - enable = true; - # configFile, configOptions and gracefulTimeout not yet in stable - # gracefulTimeout = "120min"; - configFile = pkgs.writeText "gitlab-runner.cfg" '' - concurrent = 1 - check_interval = 0 - - [[runners]] - name = "krebs-shell" - url = "${url}" - token = "${token}" - executor = "shell" - shell = "sh" - environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"] - [runners.cache] - ''; - }; -} diff --git a/krebs/2configs/nscd-fix.nix b/krebs/2configs/nscd-fix.nix deleted file mode 100644 index 8e5909e72..000000000 --- a/krebs/2configs/nscd-fix.nix +++ /dev/null @@ -1,24 +0,0 @@ -with import <stockholm/lib>; -{ pkgs, ... }: let - - enable = versionOlderThan "19.03"; - - versionOlderThan = v: - compareVersions - (versions.majorMinor version) - (versions.majorMinor v) - == -1; - - warning = '' - Using custom services.nscd.config because - https://github.com/NixOS/nixpkgs/pull/50316 - ''; - -in - optionalAttrs enable (trace warning { - services.nscd.enable = mkForce true; - services.nscd.config = mkForce (readFile (pkgs.fetchurl { - url = https://raw.githubusercontent.com/arianvp/nixpkgs/1d5f4cb/nixos/modules/services/system/nscd.conf; - sha256 = "1jlddk38lyynjn51zx3xi1nc29ahajyh0qg48qbq6dqlsrn3wxqs"; - })); - }) diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index b80198b03..473028f95 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -95,7 +95,7 @@ let } hooks.sed (generators.command_hook { - inherit (commands) hello random-emoji nixos-version stockholm-issue; + inherit (commands) hello random-emoji nixos-version; tell = { filename = "${pkgs.Reaktor.src}/reaktor/commands/tell-on_privmsg"; diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index bd391851a..ecb064579 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -1,24 +1,48 @@ -{ pkgs, ... }: -let - runner-src = builtins.fetchTarball { - url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/master/nixos-gitlab-runner-master.tar.gz"; - sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi"; - }; -in +{ pkgs,lib, ... }: { - imports = [ - "${runner-src}/gitlab-runner.nix" - ]; - services.gitlab-runner2 = { + services.gitlab-runner = { enable = true; - ## registrationConfigurationFile contains: - # CI_SERVER_URL=<CI server URL> - # REGISTRATION_TOKEN=<registration secret> - # RUNNER_TAG_LIST=nix,shacklan - # RUNNER_NAME=stockholm-runner-$name - registrationConfigFile = <secrets/shackspace-gitlab-ci>; - #gracefulTermination = true; + services= { + # runner for building in docker via host's nix-daemon + # nix store will be readable in runner, might be insecure + nix = with lib;{ + # File should contain at least these two variables: + # `CI_SERVER_URL` + # `REGISTRATION_TOKEN` + registrationConfigFile = toString <secrets/shackspace-gitlab-ci>; + dockerImage = "alpine"; + dockerVolumes = [ + "/nix/store:/nix/store:ro" + "/nix/var/nix/db:/nix/var/nix/db:ro" + "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" + ]; + dockerDisableCache = true; + preBuildScript = pkgs.writeScript "setup-container" '' + mkdir -p -m 0755 /nix/var/log/nix/drvs + mkdir -p -m 0755 /nix/var/nix/gcroots + mkdir -p -m 0755 /nix/var/nix/profiles + mkdir -p -m 0755 /nix/var/nix/temproots + mkdir -p -m 0755 /nix/var/nix/userpool + mkdir -p -m 1777 /nix/var/nix/gcroots/per-user + mkdir -p -m 1777 /nix/var/nix/profiles/per-user + mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root + mkdir -p -m 0700 "$HOME/.nix-defexpr" + . ${pkgs.nix}/etc/profile.d/nix.sh + ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} + ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable + ${pkgs.nix}/bin/nix-channel --update nixpkgs + ''; + environmentVariables = { + ENV = "/etc/profile"; + USER = "root"; + NIX_REMOTE = "daemon"; + PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin"; + NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"; + }; + tagList = [ "nix" "shacklan" ]; + }; + }; }; - systemd.services.gitlab-runner2.restartIfChanged = false; + systemd.services.gitlab-runner.restartIfChanged = false; systemd.services.docker.restartIfChanged = false; } diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index f47bca2db..04843cb24 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -21,23 +21,10 @@ in { ''; }; }; - services.home-assistant = let - dwd_pollen = pkgs.fetchFromGitHub { - owner = "marcschumacher"; - repo = "dwd_pollen"; - rev = "0.1"; - sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1"; - }; - in { + services.home-assistant = + { enable = true; - package = (pkgs.home-assistant.overrideAttrs (old: { # TODO: find correct python package - installCheckPhase = '' - echo LOLLLLLLLLLLLLLL - ''; - postInstall = '' - cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen - ''; - })).override { + package = pkgs.home-assistant.override { extraPackages = ps: with ps; [ python-forecastio jsonrpc-async jsonrpc-websocket mpd2 pkgs.picotts ]; diff --git a/krebs/2configs/shack/glados/deps/dwd_pollen.nix b/krebs/2configs/shack/glados/deps/dwd_pollen.nix deleted file mode 100644 index 39d9c3069..000000000 --- a/krebs/2configs/shack/glados/deps/dwd_pollen.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, python -, voluptuous -}: - -buildPythonPackage rec { - format = "other"; - pname = "dwd_pollen"; - version = "0.1"; - - src = fetchFromGitHub { - owner = "marcschumacher"; - repo = "dwd_pollen"; - rev = version; - sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1"; - }; - propagatedBuildInputs = [ - voluptuous - ]; - installPhase = '' - install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen * - ''; - - meta = with lib; { - description = "Home Assistant component to retrieve Pollen data from DWD (Germany)"; - homepage = https://github.com/marcschumacher/dwd_pollen; - license = licenses.mit; - maintainers = [ maintainers.makefu ]; - }; -} diff --git a/krebs/2configs/shack/mqtt_sub.nix b/krebs/2configs/shack/mqtt_sub.nix index bd0b6df85..af2bc1e66 100644 --- a/krebs/2configs/shack/mqtt_sub.nix +++ b/krebs/2configs/shack/mqtt_sub.nix @@ -10,7 +10,7 @@ let sha256 = "1334jbbzlqizyp7zcn4hdswhhrnkj1p4p435n5nph82lzffrsi44"; }; buildInputs = [ - (pkgs.python35.withPackages (pythonPackages: with pythonPackages; [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ docopt paho-mqtt ])) diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index 465d6ef69..d8d65d309 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -37,6 +37,9 @@ # for legacy systems client min protocol = NT1 server min protocol = NT1 + workgroup = WORKGROUP + server string = ${config.networking.hostName} + netbios name = ${config.networking.hostName} ''; }; } diff --git a/krebs/2configs/tor/initrd.nix b/krebs/2configs/tor/initrd.nix new file mode 100644 index 000000000..98ed039b4 --- /dev/null +++ b/krebs/2configs/tor/initrd.nix @@ -0,0 +1,50 @@ +{config, pkgs, ... }: +## unlock command: +# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase' +{ + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 22; + authorizedKeys = [ + config.krebs.users.jeschli-brauerei.pubkey + config.krebs.users.lass.pubkey + config.krebs.users.lass-mors.pubkey + config.krebs.users.makefu.pubkey + config.krebs.users.tv.pubkey + ]; + hostKeys = [ <secrets/initrd/openssh_host_ecdsa_key> ]; + }; + boot.initrd.availableKernelModules = [ "e1000e" ]; + + boot.initrd.secrets = { + "/etc/tor/onion/bootup" = <secrets/initrd>; + }; + + boot.initrd.extraUtilsCommands = '' + copy_bin_and_libs ${pkgs.tor}/bin/tor + ''; + + # start tor during boot process + boot.initrd.network.postCommands = let + torRc = (pkgs.writeText "tor.rc" '' + DataDirectory /etc/tor + SOCKSPort 127.0.0.1:9050 IsolateDestAddr + SOCKSPort 127.0.0.1:9063 + HiddenServiceDir /etc/tor/onion/bootup + HiddenServicePort 22 127.0.0.1:22 + ''); + in '' + echo "tor: preparing onion folder" + # have to do this otherwise tor does not want to start + chmod -R 700 /etc/tor + + echo "make sure localhost is up" + ip a a 127.0.0.1/8 dev lo + ip link set lo up + + echo "tor: starting tor" + tor -f ${torRc} --verify-config + tor -f ${torRc} & + ''; +} diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 0b7d56098..7d618ebfd 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -62,8 +62,8 @@ let }; }; - users.extraUsers = singleton { - inherit (user) name uid; + users.users.${user.name} = { + inherit (user) uid; home = cfg.dataDir; }; }; diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix index 75d7eda6e..390f7585f 100644 --- a/krebs/3modules/jeschli/default.nix +++ b/krebs/3modules/jeschli/default.nix @@ -12,6 +12,7 @@ with import <stockholm/lib>; in { hosts = mapAttrs hostDefaults { brauerei = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.29"; @@ -93,6 +94,7 @@ in { }; bolide = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.31"; @@ -130,6 +132,7 @@ in { }; reagenzglas = { + ci = false; nets = { retiolum = { ip4.addr = "10.243.27.32"; diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix index ae242efea..6a48f865c 100644 --- a/krebs/5pkgs/haskell/reaktor2/default.nix +++ b/krebs/5pkgs/haskell/reaktor2/default.nix @@ -6,13 +6,13 @@ , time, transformers, unagi-chan, unix, unordered-containers , vector, wai, warp }: -mkDerivation { +mkDerivation rec { pname = "reaktor2"; - version = "0.3.0"; + version = "0.4.0"; src = fetchgit { url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "02hqpq8wcfd6rvi8qk10zy3f3lrzzqnjwqal4cbvksjn3vahz36h"; - rev = "a6893c00f78a8acd0a4bfe7da87ab6889eabcf21"; + sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp"; + rev = "v${version}"; fetchSubmodules = true; }; isLibrary = false; diff --git a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix index f0e221406..a84407457 100644 --- a/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix +++ b/krebs/5pkgs/simple/alertmanager-bot-telegram/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { sha256 = "09cciml1j8x76jpm2v5v6h2q6j1fkhsz1kswslmx8wl4wk40xgp4"; }; - modSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h"; + vendorSha256 = "0nlnxkpcna7g7qslyz5i1619paw4jkb1ma4fgpsgvgx1spwrjm8h"; postInstall = '' install -D ./default.tmpl $out/templates/default.tmpl ''; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 161a099e5..b21087764 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "7c2a362b58a1c2ba72d24aa3869da3b1a91d39e1", - "date": "2020-10-20T09:32:31+02:00", - "sha256": "0gl4xndyahasa9dv5mi3x9w8s457wl2xh9lcldizcn1irjvkrzs4", + "rev": "f41c0fc7d8e49d94220f74495d4d702922df2a67", + "date": "2020-11-15T21:38:00-06:00", + "sha256": "01wim7ayn69y056q28ifw2f0mdypidpc0z15dda54aj5yy5vai09", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index b0ffb6adc..9a0ea7ed4 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-20.03' \ + --rev refs/heads/nixos-20.09' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 8332e7c53..609da6011 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -19,7 +19,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/syncthing.nix> <stockholm/lass/2configs/nfs-dl.nix> #<stockholm/lass/2configs/prism-share.nix> - <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/network-manager.nix> <stockholm/lass/2configs/home-media.nix> ]; diff --git a/lass/1systems/morpheus/physical.nix b/lass/1systems/morpheus/physical.nix index 3fb03cda4..6e59a2273 100644 --- a/lass/1systems/morpheus/physical.nix +++ b/lass/1systems/morpheus/physical.nix @@ -34,10 +34,7 @@ }; boot.initrd.luks = { cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; - devices = [{ - name = "luksroot"; - device = "/dev/nvme0n1p3"; - }]; + devices.luksroot.device = "/dev/nvme0n1p3"; }; services.udev.extraRules = '' diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index d7b43f2cd..9e01396bc 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,7 +15,6 @@ with import <stockholm/lib>; <stockholm/lass/2configs/bitcoin.nix> <stockholm/lass/2configs/backup.nix> <stockholm/lass/2configs/blue-host.nix> - <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/nfs-dl.nix> <stockholm/lass/2configs/gg23.nix> <stockholm/lass/2configs/hass> diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 2d21f00d5..82a088643 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -15,7 +15,7 @@ loader.systemd-boot.enable = true; loader.timeout = 5; - initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; + initrd.luks.devices.luksroot.device = "/dev/sda2"; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; #kernelModules = [ "kvm-intel" "msr" ]; diff --git a/lass/2configs/copyq.nix b/lass/2configs/copyq.nix index 56c091a6e..ed78699b0 100644 --- a/lass/2configs/copyq.nix +++ b/lass/2configs/copyq.nix @@ -25,9 +25,6 @@ in { environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; - path = with pkgs; [ - qt5.full - ]; serviceConfig = { SyslogIdentifier = "copyq"; ExecStart = "${pkgs.copyq}/bin/copyq"; diff --git a/lass/2configs/dcso-vpn.nix b/lass/2configs/dcso-vpn.nix deleted file mode 100644 index 0a5623bf0..000000000 --- a/lass/2configs/dcso-vpn.nix +++ /dev/null @@ -1,44 +0,0 @@ -with import <stockholm/lib>; -{ ... }: - -{ - - users.extraUsers = { - dcsovpn = rec { - name = "dcsovpn"; - uid = genid "dcsovpn"; - description = "user for running dcso openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.dcsovpn.gid = genid "dcsovpn"; - - services.openvpn.servers = { - dcso = { - config = '' - client - dev tun - tun-mtu 1356 - mssfix - proto udp - float - remote 217.111.55.41 1194 - nobind - user dcsovpn - group dcsovpn - persist-key - persist-tun - ca ${toString <secrets/dcsovpn/ca.pem>} - cert ${toString <secrets/dcsovpn/cert.pem>} - key ${toString <secrets/dcsovpn/cert.key>} - verb 3 - mute 20 - auth-user-pass ${toString <secrets/dcsovpn/login.txt>} - route-method exe - route-delay 2 - ''; - updateResolvConf = true; - }; - }; -} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f59988b75..babcb51de 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -2,7 +2,6 @@ with import <stockholm/lib>; { config, pkgs, ... }: { imports = [ - <stockholm/krebs/2configs/nscd-fix.nix> ./binary-cache/client.nix ./backup.nix ./gc.nix diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 78cfb29cd..ac7db10f5 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -97,7 +97,6 @@ in { overwriteProtocol = "https"; }; https = true; - nginx.enable = true; }; services.nginx.virtualHosts."o.xanf.org" = { enableACME = true; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 74585a6f8..17df71310 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -16,7 +16,6 @@ in { email = "acme@lassul.us"; acceptTerms = true; certs."lassul.us" = { - allowKeysForGroup = true; group = "lasscert"; }; }; @@ -78,7 +77,6 @@ in { email = "lassulus@lassul.us"; webroot = "/var/lib/acme/acme-challenge"; group = "nginx"; - user = "nginx"; }; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index d0ba1a3c6..f65c6672b 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -82,8 +82,12 @@ in { # ci # <stockholm/makefu/2configs/exim-retiolum.nix> <stockholm/makefu/2configs/git/cgit-retiolum.nix> + + ###### Shack ##### # <stockholm/makefu/2configs/shack/events-publisher> - <stockholm/makefu/2configs/shack/gitlab-runner> + # <stockholm/makefu/2configs/shack/gitlab-runner> + + <stockholm/makefu/2configs/remote-build/slave.nix> <stockholm/makefu/2configs/remote-build/aarch64-community.nix> <stockholm/makefu/2configs/taskd.nix> diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index dd89b4057..cbe97e28a 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -47,6 +47,7 @@ in { # <stockholm/makefu/2configs/legacy_only.nix> <stockholm/makefu/2configs/share/omo.nix> + <stockholm/makefu/2configs/share/gum-client.nix> <stockholm/makefu/2configs/dcpp/airdcpp.nix> { krebs.airdcpp.dcpp.shares = let d = path: "/media/cryptX/${path}"; diff --git a/makefu/1systems/sdev/config.nix b/makefu/1systems/sdev/config.nix index e3c59e181..d02c30342 100644 --- a/makefu/1systems/sdev/config.nix +++ b/makefu/1systems/sdev/config.nix @@ -37,10 +37,11 @@ passwdqc-utils gnupg populate - (pkgs.writeScriptBin "tor-browser" '' - #! /bin/sh - TOR_SKIP_LAUNCH=1 ${torbrowser}/bin/tor-browser - '') + # 20.09: torbrowser is broken + #(pkgs.writeScriptBin "tor-browser" '' + # #! /bin/sh + # TOR_SKIP_LAUNCH=1 ${torbrowser}/bin/tor-browser + #'') ]; networking.firewall.allowedTCPPorts = [ diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 9b33595f4..cd598f0aa 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -15,30 +15,8 @@ in { ]; networking.firewall.allowedTCPPorts = [ 8123 ]; state = [ "/var/lib/hass/known_devices.yaml" ]; - services.home-assistant = let - dwd_pollen = pkgs.fetchFromGitHub { - owner = "marcschumacher"; - repo = "dwd_pollen"; - rev = "0.1"; - sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1"; - }; - in { + services.home-assistant = { enable = true; - package = (pkgs.home-assistant.overrideAttrs (old: { - # TODO: find correct python package - installCheckPhase = '' - echo LOLLLLLLLLLLLLLL - ''; - postInstall = '' - cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen - ''; - })).override { - extraPackages = ps: with ps; [ - pkgs.picotts - python-forecastio jsonrpc-async jsonrpc-websocket mpd2 - (callPackage ./deps/openwrt-luci-rpc.nix { }) - ]; - }; autoExtraComponents = true; config = { config = {}; @@ -139,7 +117,7 @@ in { sensor = [] ++ [{ platform = "version"; }] # pyhaversion - ++ (import ./sensor/pollen.nix) + # ++ (import ./sensor/pollen.nix) ++ (import ./sensor/espeasy.nix) ++ (import ./sensor/airquality.nix) ++ ((import ./sensor/outside.nix) {inherit lib;}) diff --git a/makefu/2configs/bureautomation/deps/dwd_pollen.nix b/makefu/2configs/bureautomation/deps/dwd_pollen.nix deleted file mode 100644 index 39d9c3069..000000000 --- a/makefu/2configs/bureautomation/deps/dwd_pollen.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, python -, voluptuous -}: - -buildPythonPackage rec { - format = "other"; - pname = "dwd_pollen"; - version = "0.1"; - - src = fetchFromGitHub { - owner = "marcschumacher"; - repo = "dwd_pollen"; - rev = version; - sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1"; - }; - propagatedBuildInputs = [ - voluptuous - ]; - installPhase = '' - install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen * - ''; - - meta = with lib; { - description = "Home Assistant component to retrieve Pollen data from DWD (Germany)"; - homepage = https://github.com/marcschumacher/dwd_pollen; - license = licenses.mit; - maintainers = [ maintainers.makefu ]; - }; -} diff --git a/makefu/2configs/bureautomation/kalauerbot.nix b/makefu/2configs/bureautomation/kalauerbot.nix index d61b8885e..ff045e2f3 100644 --- a/makefu/2configs/bureautomation/kalauerbot.nix +++ b/makefu/2configs/bureautomation/kalauerbot.nix @@ -12,6 +12,9 @@ WorkingDirectory = "/var/lib/kalauerbot"; ExecStart = "${pkgs.kalauerbot}/bin/kalauerbot"; PrivateTmp = true; + + Restart = "always"; + RuntimeMaxSec = "12h"; }; }; } diff --git a/makefu/2configs/hw/droidcam.nix b/makefu/2configs/hw/droidcam.nix new file mode 100644 index 000000000..c638123bb --- /dev/null +++ b/makefu/2configs/hw/droidcam.nix @@ -0,0 +1,7 @@ +{ pkgs, config, ... }: +{ + boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480"; + boot.extraModulePackages = [ + (pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; }) + ]; +} diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index f4578bf77..b997a9eec 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -54,6 +54,6 @@ powerManagement.resumeCommands = '' - ${pkgs.rfkill}/bin/rfkill unblock all + ${pkgs.utillinux}/bin/rfkill unblock all ''; } diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix index 78a9dcfa6..445e6c577 100644 --- a/makefu/2configs/minimal.nix +++ b/makefu/2configs/minimal.nix @@ -82,5 +82,4 @@ "net.ipv6.conf.default.use_tempaddr" = 2; }; - services.nscd.enable = false; } diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index d297483b2..6fd1c1858 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -21,16 +21,20 @@ in { hardware.sane = { enable = true; extraBackends = [ ]; + netConf = + # drucker.lan SCX-3205W + '' + 192.168.1.6'' + # uhrenkind.shack magicolor 1690mf + + '' + 10.42.20.30''; # $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 # requires 'sane-extra', scan via: - #extraConfig."magicolor" = '' - # net 10.42.20.30 0x2098 - #''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf - extraConfig."xerox_mfp" = '' - tcp 192.168.1.5 - ''; #home printer SCX-3205W + extraConfig."magicolor" = '' + net 10.42.20.30 0x2098 + ''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf }; state = [ "/var/lib/cups" ]; } diff --git a/makefu/2configs/remote-build/gum.nix b/makefu/2configs/remote-build/gum.nix index 98e2e58b5..39e90f1b8 100644 --- a/makefu/2configs/remote-build/gum.nix +++ b/makefu/2configs/remote-build/gum.nix @@ -10,6 +10,14 @@ system = "x86_64-linux"; supportedFeatures = [ ]; } + { + hostName = "gum.krebsco.de"; + maxJobs = 8; + sshKey = toString <secrets/id_nixBuild>; + sshUser = "nixBuild"; + system = "armv6l-linux"; + supportedFeatures = [ ]; + } ]; }; } diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 732dc2036..1a488e69c 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -82,6 +82,9 @@ in { printing = bsd printcap name = /dev/null disable spoolss = yes + workgroup = WORKGROUP + server string = ${config.networking.hostName} + netbios name = ${config.networking.hostName} ''; }; } diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 838c26278..ecd03710e 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -34,6 +34,9 @@ in { https://pypi.python.org/simple/pyserial/ https://pypi.python.org/simple/semantic_version/ # weird shit + { url = "https://www.zigbee2mqtt.io/information/supported_adapters.html"; + filter = "html2text"; + } http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix index ae10f34a2..1b81cf57f 100644 --- a/makefu/2configs/wireguard/server.nix +++ b/makefu/2configs/wireguard/server.nix @@ -54,4 +54,10 @@ in { # wireguard server } ]; }; + # TODO: this issue is related to the router which connects to the host but is + # unable to re-connect once restarted + systemd.services.wireguard-wg0.serviceConfig = { + Restart = "always"; + RuntimeMaxSec = "12h"; + }; } diff --git a/makefu/5pkgs/droidcam/default.nix b/makefu/5pkgs/droidcam/default.nix new file mode 100644 index 000000000..d30fb01a6 --- /dev/null +++ b/makefu/5pkgs/droidcam/default.nix @@ -0,0 +1,55 @@ +{ stdenv, fetchFromGitHub +, pkg-config +, alsaLib +, libjpeg_turbo +, ffmpeg +, libusbmuxd +, speex +, gtk3 +, libappindicator-gtk3 +}: + +stdenv.mkDerivation rec { + pname = "droidcam"; + version = "1.6"; + + src = fetchFromGitHub { + owner = "aramg"; + repo = "droidcam"; + rev = "v${version}"; + sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx"; + }; + + sourceRoot = "source/linux"; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ + alsaLib + libjpeg_turbo + ffmpeg + libusbmuxd + speex + gtk3 + libappindicator-gtk3 + ]; + + buildPhase = '' + runHook preBuild + make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)" + ''; + installPhase = '' + runHook preInstall + install -Dm755 "droidcam" "$out/bin/droidcam" + install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli" + install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png" + install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE" + ''; + + meta = with stdenv.lib; { + description = "A kernel module to create V4L2 loopback devices"; + homepage = "https://github.com/aramg/droidcam"; + license = licenses.gpl2; + maintainers = [ maintainers.makefu ]; + platforms = platforms.linux; + }; +} diff --git a/makefu/5pkgs/kalauerbot/badsync.patch b/makefu/5pkgs/kalauerbot/badsync.patch new file mode 100644 index 000000000..842129b94 --- /dev/null +++ b/makefu/5pkgs/kalauerbot/badsync.patch @@ -0,0 +1,14 @@ +diff --git a/matrix_client/client.py b/matrix_client/client.py +index af0e08f..f848c4f 100644 +--- a/matrix_client/client.py ++++ b/matrix_client/client.py +@@ -471,7 +471,7 @@ class MatrixClient(object): + self._sync(timeout_ms) + + def listen_forever(self, timeout_ms=30000, exception_handler=None, +- bad_sync_timeout=5): ++ bad_sync_timeout=61): + """ Keep listening for events forever. + + Args: + diff --git a/makefu/5pkgs/kalauerbot/default.nix b/makefu/5pkgs/kalauerbot/default.nix index 2cecbc3f2..ee90fdeec 100644 --- a/makefu/5pkgs/kalauerbot/default.nix +++ b/makefu/5pkgs/kalauerbot/default.nix @@ -8,7 +8,12 @@ rev = "08d98aa"; sha256 = "017hh61smgq4zsxd10brgwmykwgwabgllxjs31xayvs1hnqmkv2v"; }; propagatedBuildInputs = with python3.pkgs;[ - (callPackage ./python-matrixbot.nix {}) + (callPackage ./python-matrixbot.nix { + matrix-client = (stdenv.lib.overrideDerivation matrix-client (self: { + patches = [ ./badsync.patch ]; + })); + }) + (stdenv.lib.overrideDerivation googletrans (self: { patches = [ ./translate.patch ]; })) diff --git a/makefu/5pkgs/navi/default.nix b/makefu/5pkgs/navi/default.nix deleted file mode 100644 index 1e8274f80..000000000 --- a/makefu/5pkgs/navi/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -# via https://git.ingolf-wagner.de/palo/nixos-config/src/master/pkgs/navi/default.nix - -{ rustPlatform, fetchFromGitHub, stdenv, fzf, makeWrapper, openssl, pkgconfig }: - -rustPlatform.buildRustPackage rec { - pname = "navi"; - version = "2.1.1"; - - src = fetchFromGitHub { - owner = "denisidoro"; - repo = "navi"; - rev = "v${version}"; - #rev = "${version}"; - sha256 = "1195f7c3ij2mkv0k1h9fwn6jkyjb01w0p6mj2xc39w5f6i0c0hwp"; - }; - - cargoSha256 = "0ks25w0dncaiw3ma05r8jrng3cczancrynnpgdksbvgz49lg3wjw"; - - postInstall = '' - mkdir -p $out/share/navi/ - mv shell $out/share/navi/ - - wrapProgram "$out/bin/navi" \ - --suffix "PATH" : "${fzf}/bin" - ''; - buildInputs = [ openssl ]; - nativeBuildInputs = [ makeWrapper pkgconfig ]; - - meta = with stdenv.lib; { - description = "An interactive cheatsheet tool for the command-line"; - homepage = "https://github.com/denisidoro/navi"; - license = licenses.asl20; - platforms = platforms.unix; - maintainers = with maintainers; [ mrVanDalo ]; - }; -} - diff --git a/makefu/5pkgs/v4l2loopback-dc/default.nix b/makefu/5pkgs/v4l2loopback-dc/default.nix new file mode 100644 index 000000000..2bb9d3d0b --- /dev/null +++ b/makefu/5pkgs/v4l2loopback-dc/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, kernel, kmod }: + +stdenv.mkDerivation rec { + name = "v4l2loopback-dc-${version}-${kernel.version}"; + version = "1.6"; + + src = fetchFromGitHub { + owner = "aramg"; + repo = "droidcam"; + rev = "v${version}"; + sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx"; + }; + + sourceRoot = "source/linux/v4l2loopback"; + + buildTargets = "v4l2loopback-dc"; + hardeningDisable = [ "pic" ]; + + nativeBuildInputs = kernel.moduleBuildDependencies; + buildInputs = [ kmod ]; + + + makeFlags = [ + "KERNELRELEASE=${kernel.modDirVersion}" + "KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + "INSTALL_MOD_PATH=$(out)" + ]; + + meta = with stdenv.lib; { + description = "A kernel module to create V4L2 loopback devices"; + homepage = "https://github.com/aramg/droidcam"; + license = licenses.gpl2; + maintainers = [ maintainers.makefu ]; + platforms = platforms.linux; + }; +} diff --git a/makefu/krops.nix b/makefu/krops.nix index 213af0497..2fa050e95 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -77,7 +77,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "cb17f1e"; + ref = "63f299b"; }; }) ]; |