From 865aa9c1d0198fbd57342c7593396bf4f007e71f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:32:43 +0200 Subject: l 1 mors: disable ipfs --- lass/1systems/mors.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index c196b391a..8891d1829 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -76,10 +76,6 @@ with import ; { services.redis.enable = true; } - { - #ipfs-testing - services.ipfs.enable = true; - } { environment.systemPackages = [ pkgs.krebszones -- cgit v1.2.3 From 6a53a331d11fcf1ff1d36645c3bd42c4c9d0c51c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:33:54 +0200 Subject: l 1 iso: make sshd work --- lass/1systems/iso.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index bee1c148f..01d698c4c 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -15,7 +15,6 @@ with import ; krebs.enable = true; krebs.build.user = config.krebs.users.lass; krebs.build.host = config.krebs.hosts.iso; - krebs.build.source.nixos-config.symlink = "stockholm/lass/1systems/${config.krebs.buil.host.name}.nix"; } { nixpkgs.config.allowUnfree = true; @@ -122,18 +121,12 @@ with import ; { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } ]; }; + systemd.services.sshd.wantedBy = mkForce [ "multi-user.target" ]; } { krebs.iptables = { enable = true; tables = { - nat.PREROUTING.rules = [ - { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; } - { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; } - ]; - nat.OUTPUT.rules = [ - { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; } - ]; filter.INPUT.policy = "DROP"; filter.FORWARD.policy = "DROP"; filter.INPUT.rules = [ -- cgit v1.2.3 From bd58053b7e8123850ca04601505efadace807100 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:34:25 +0200 Subject: l 2: add sshn to pkgs --- lass/2configs/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 69f8a681e..b53efa75d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -151,6 +151,10 @@ with import ; p7zip unzip unrar + + (pkgs.writeDashBin "sshn" '' + ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@" + '') ]; programs.bash = { -- cgit v1.2.3 From cb36b4fb7cd4c51b89328a06ba0b994d627813aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:35:02 +0200 Subject: l 1 mors: enable tor --- lass/1systems/mors.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 8891d1829..d80665a6b 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -85,6 +85,12 @@ with import ; #ps vita stuff boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } + { + services.tor = { + enable = true; + client.enable = true; + }; + } ]; krebs.build.host = config.krebs.hosts.mors; -- cgit v1.2.3 From b3463a3b8227a0732b1c3c4c90998f24c8ab1edf Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 16 Apr 2017 23:35:25 +0200 Subject: l 2: add syncthing.nix --- lass/1systems/mors.nix | 1 + lass/1systems/prism.nix | 1 + lass/2configs/syncthing.nix | 12 ++++++++++++ 3 files changed, 14 insertions(+) create mode 100644 lass/2configs/syncthing.nix diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index d80665a6b..c8d9465d5 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -25,6 +25,7 @@ with import ; ../2configs/repo-sync.nix ../2configs/ircd.nix ../2configs/logf.nix + ../2configs/syncthing.nix { #risk of rain port krebs.iptables.tables.filter.INPUT.rules = [ diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 9c17c4433..41a909f16 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -46,6 +46,7 @@ in { ../2configs/monitoring/server.nix ../2configs/monitoring/monit-alarms.nix ../2configs/paste.nix + ../2configs/syncthing.nix { imports = [ ../2configs/bepasty.nix diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix new file mode 100644 index 000000000..cef43d1e6 --- /dev/null +++ b/lass/2configs/syncthing.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +with import ; +{ + services.syncthing = { + enable = true; + useInotify = true; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} + { predicate = "-p udp --dport 21027"; target = "ACCEPT";} + ]; +} -- cgit v1.2.3 From 87acf579a91c5fb41393d5ffe027d287194205a4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 15 Apr 2017 18:55:15 +0200 Subject: k 5 tinc_graphs: bump to 0.3.10 --- krebs/5pkgs/tinc_graphs/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/5pkgs/tinc_graphs/default.nix b/krebs/5pkgs/tinc_graphs/default.nix index e5f1e40e8..20bbc53ba 100644 --- a/krebs/5pkgs/tinc_graphs/default.nix +++ b/krebs/5pkgs/tinc_graphs/default.nix @@ -2,14 +2,14 @@ python3Packages.buildPythonPackage rec { name = "tinc_graphs-${version}"; - version = "0.3.9"; + version = "0.3.10"; propagatedBuildInputs = with pkgs;[ python3Packages.pygeoip ## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat ]; src = fetchurl { - url = "https://pypi.python.org/packages/source/t/tinc_graphs/tinc_graphs-${version}.tar.gz"; - sha256 = "0hjmkiclvyjb3707285x4b8mk5aqjcvh383hvkad1h7p1n61qrfx"; + url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz"; + sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc"; }; preFixup = with pkgs;'' wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin" -- cgit v1.2.3 From 3b0fa5dbe7a7e4f0b6047746545b1ce602f8e65f Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 17 Apr 2017 15:43:10 +0200 Subject: l 2 baseX: remove redundant libvirt --- lass/2configs/baseX.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 3032e244f..9c51effdc 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -32,8 +32,6 @@ in { time.timeZone = "Europe/Berlin"; - virtualisation.libvirtd.enable = true; - programs.ssh.startAgent = false; services.printing = { -- cgit v1.2.3 From 7c89a9be2b7d41e0feba0a51c6e80bf046179f65 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 17:04:40 +0200 Subject: l 2 buildbot: get stockholm source from cgit.prism --- lass/2configs/buildbot-standalone.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 3006e9dfb..7b38e44c6 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -20,7 +20,7 @@ in { }; config.krebs.buildbot.master = let - stockholm-mirror-url = http://cgit.lassul.us/stockholm ; + stockholm-mirror-url = http://cgit.prism.r/stockholm ; in { workers = { testworker = "lasspass"; -- cgit v1.2.3 From 4e55661dc4e32af76f074f57c035136a7e7b3869 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 17:04:59 +0200 Subject: l 2: set dnscrypt resolver to cs-de --- lass/2configs/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index b53efa75d..e964704c3 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -64,7 +64,10 @@ with import ; ]; } { - services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy = { + enable = true; + resolverName = "cs-de"; + }; networking.extraResolvconfConf = '' name_servers='127.0.0.1' ''; -- cgit v1.2.3 From 5443d2b08ba11323844dcd4b4b79c7580c4029ef Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 17:05:18 +0200 Subject: l 2 fetchWallpaper: get new wp from prism --- lass/2configs/fetchWallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index 971be9588..31a01c754 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -6,7 +6,7 @@ in { krebs.fetchWallpaper = { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; - url = "prism/wallpaper.png"; + url = "prism/realwallpaper-sat-krebs.png"; maxTime = 10; }; } -- cgit v1.2.3 From a773c4c1db47312f5bc8b564b870a826e3bff5fc Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 15 Apr 2017 14:32:05 +0200 Subject: tv nixpkgs: 5acb454 -> 76c6313 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index cbbd5c439..8d7ed2b4f 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "5acb454e2ad3e3783e63b86a9a31e800d2507e66"; # nixos-17.03 + ref = "76c63133c5310d362c7c23157616b263db9a9510"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 From 0efdaf3a2d66a6166b135818748bd1da5e32ab12 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Apr 2017 13:46:38 +0200 Subject: tv nixpkgs: 76c6313 -> b647a67 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 8d7ed2b4f..ede73f4e5 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "76c63133c5310d362c7c23157616b263db9a9510"; # nixos-17.03 + ref = "b647a67dfee066b75d2f54b789f7646016662071"; # nixos-17.03 }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; -- cgit v1.2.3 From 6df0b60f8af8a486ec89f6630e827720efd445ca Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Apr 2017 15:45:32 +0200 Subject: wolf: cleanup --- shared/1systems/wolf.nix | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 722a08812..0b4448022 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -1,20 +1,18 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; - internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { imports = [ ../. + ../2configs/cgit-mirror.nix ../2configs/collectd-base.nix - ../2configs/shack-nix-cacher.nix + ../2configs/graphite.nix + ../2configs/repo-sync.nix ../2configs/shack-drivedroid.nix + ../2configs/shack-nix-cacher.nix ../2configs/shared-buildbot.nix - ../2configs/cgit-mirror.nix - ../2configs/repo-sync.nix - ../2configs/graphite.nix ../2configs/share-shack.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by -- cgit v1.2.3 From 6b453f7068e4eff470821341e9fcfdbb6d5483ca Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Apr 2017 15:46:45 +0200 Subject: shared shack-drivedroid: krebs.nginx -> services.nginx --- shared/2configs/shack-drivedroid.nix | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix index 3581f9e96..07fcffa42 100644 --- a/shared/2configs/shack-drivedroid.nix +++ b/shared/2configs/shack-drivedroid.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: +{ config, pkgs, ... }: with import ; let repodir = "/var/srv/drivedroid"; @@ -7,6 +7,20 @@ in { environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-drivedroid = { + serverAliases = [ + "drivedroid.shack" + ]; + # TODO: prepare this somehow + locations."/".extraConfig = '' + root ${repodir}; + index main.json; + ''; + }; + }; + systemd.services.drivedroid = { description = "generates drivedroid repo file"; restartIfChanged = true; @@ -27,18 +41,4 @@ in ''; }; }; - - krebs.nginx = { - enable = lib.mkDefault true; - servers = { - drivedroid-repo = { - server-names = [ "drivedroid.shack" ]; - # TODO: prepare this somehow - locations = lib.singleton (lib.nameValuePair "/" '' - root ${repodir}; - index main.json; - ''); - }; - }; - }; } -- cgit v1.2.3 From 82aa7c6f101c16d7e2607f3429cfbb222c572438 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Apr 2017 15:47:07 +0200 Subject: shared shack-nix-cacher: krebs.nginx -> services.nginx --- shared/2configs/shack-nix-cacher.nix | 37 +++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack-nix-cacher.nix index 7519bb3ac..4fcbf3a4e 100644 --- a/shared/2configs/shack-nix-cacher.nix +++ b/shared/2configs/shack-nix-cacher.nix @@ -1,25 +1,28 @@ -{ pkgs, lib, ... }: - +{ config, pkgs, ... }: +with import ; +let + cfg = config.krebs.apt-cacher-ng; +in { - krebs.nginx = { - enable = lib.mkDefault true; - servers = { - apt-cacher-ng = { - server-names = [ "acng.shack" ]; - locations = lib.singleton (lib.nameValuePair "/" '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:3142/; - ''); - }; - }; - }; - krebs.apt-cacher-ng = { enable = true; port = 3142; bindAddress = "localhost"; cacheExpiration = 30; }; + + services.nginx = { + enable = mkDefault true; + virtualHosts.shack-nix-cacher = { + serverAliases = [ + "acng.shack" + ]; + locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:${toString cfg.port}/; + ''; + }; + }; } -- cgit v1.2.3 From d34d95ec3ed4230faa2dc9dd90938e9991dd73d7 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Apr 2017 15:59:27 +0200 Subject: shared shack-drivedroid: cleanup --- shared/2configs/shack-drivedroid.nix | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix index 07fcffa42..12e4a39c3 100644 --- a/shared/2configs/shack-drivedroid.nix +++ b/shared/2configs/shack-drivedroid.nix @@ -1,8 +1,7 @@ { config, pkgs, ... }: with import ; let - repodir = "/var/srv/drivedroid"; - srepodir = shell.escape repodir; + root = "/var/srv/drivedroid"; in { environment.systemPackages = [ pkgs.drivedroid-gen-repo ]; @@ -15,28 +14,34 @@ in ]; # TODO: prepare this somehow locations."/".extraConfig = '' - root ${repodir}; + root ${root}; index main.json; ''; }; }; - systemd.services.drivedroid = { + systemd.services.drivedroid-gen-repo = { description = "generates drivedroid repo file"; - restartIfChanged = true; + path = [ + pkgs.coreutils + pkgs.drivedroid-gen-repo + pkgs.inotify-tools + ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "simple"; Restart = "always"; - ExecStartPre = pkgs.writeScript "prepare-drivedroid-gen-repo" '' - #!/bin/sh - mkdir -p ${srepodir}/repos + ExecStartPre = pkgs.writeDash "prepare-drivedroid-gen-repo" '' + mkdir -p ${root}/repos ''; - ExecStart = pkgs.writeScript "start-drivedroid-gen-repo" '' - #!/bin/sh + ExecStart = pkgs.writeDash "start-drivedroid-gen-repo" '' + set -efu + cd ${root} while sleep 60; do - ${pkgs.inotify-tools}/bin/inotifywait -r ${srepodir} && ${pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json" + if inotifywait -r .; then + drivedroid-gen-repo repos > main.json + fi done ''; }; -- cgit v1.2.3 From 57b4a87962e273525a0e3a955ae4a13ca45c59f3 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Apr 2017 16:20:05 +0200 Subject: retiolum-bootstrap: krebs.nginx -> services.nginx --- krebs/3modules/retiolum-bootstrap.nix | 56 ++++++++++++----------------------- 1 file changed, 19 insertions(+), 37 deletions(-) diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 4bcd596d4..53b06a702 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -1,53 +1,38 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import ; let cfg = config.krebs.retiolum-bootstrap; - - out = { - options.krebs.retiolum-bootstrap = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "retiolum boot strap for tinc.krebsco.de"; - hostname = mkOption { +in +{ + options.krebs.retiolum-bootstrap = { + enable = mkEnableOption "retiolum boot strap for ${cfg.serverName}"; + serverName = mkOption { type = types.str; description = "hostname which serves tinc boot"; default = "tinc.krebsco.de" ; }; - listen = mkOption { - type = with types; listOf str; - description = ''Addresses to listen on (nginx-syntax). - ssl will be configured, http will be redirected to ssl. - Make sure to have at least 1 ssl port configured. - ''; - default = [ "80" "443 ssl" ] ; + sslCertificate = mkOption { + type = types.str; + description = "Certificate file to use for ssl"; + default = "${toString }/tinc.krebsco.de.crt" ; }; - ssl_certificate_key = mkOption { + sslCertificateKey = mkOption { type = types.str; description = "Certificate key to use for ssl"; default = "${toString }/tinc.krebsco.de.key"; }; - ssl_certificate = mkOption { - type = types.str; - description = "Certificate file to use for ssl"; - default = "${toString }/tinc.krebsco.de.crt" ; - }; # in use: # # }; - imp = { - krebs.nginx.servers = assert config.krebs.nginx.enable; { - retiolum-boot-ssl = { - server-names = singleton cfg.hostname; - listen = cfg.listen; - extraConfig = '' - ssl_certificate ${cfg.ssl_certificate}; - ssl_certificate_key ${cfg.ssl_certificate_key}; - + config = mkIf cfg.enable { + services.nginx = { + enable = mkDefault true; + virtualHosts.retiolum-bootstrap = { + inherit (cfg) serverName sslCertificate sslCertificateKey; + enableSSL = true; + extraConfig ='' if ($scheme = http){ return 301 https://$server_name$request_uri; } @@ -55,10 +40,7 @@ let root ${pkgs.retiolum-bootstrap}; try_files $uri $uri/retiolum.sh; ''; - locations = []; }; }; }; - -in -out +} -- cgit v1.2.3 From c577d6b9972203941c577d9fb5488345d5fe84b5 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Apr 2017 16:22:09 +0200 Subject: krebs.nginx: RIP --- krebs/3modules/bepasty-server.nix | 2 +- krebs/3modules/buildbot/master.nix | 1 - krebs/3modules/default.nix | 1 - krebs/3modules/nginx.nix | 190 ----------------------------- shared/1systems/test-all-krebs-modules.nix | 1 - 5 files changed, 1 insertion(+), 194 deletions(-) delete mode 100644 krebs/3modules/nginx.nix diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 4e035e725..0ca13366b 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -37,7 +37,7 @@ let # TODO use the correct type type = with types; attrsOf unspecified; description = '' - additional nginx configuration. see krebs.nginx for all options + Additional nginx configuration. ''; }; secretKey = mkOption { diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index b31661572..d75e6c880 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -78,7 +78,6 @@ let # stopAllBuilds = 'auth', # cancelPendingBuild = 'auth' #) - # TODO: configure krebs.nginx c['www'] = dict( port = ${toString cfg.web.port}, plugins = { 'waterfall_view':{}, 'console_view':{} } diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 37db5bfe7..d539d4166 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -26,7 +26,6 @@ let ./kapacitor.nix ./monit.nix ./newsbot-js.nix - ./nginx.nix ./nixpkgs.nix ./on-failure.nix ./os-release.nix diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix deleted file mode 100644 index b28e97e37..000000000 --- a/krebs/3modules/nginx.nix +++ /dev/null @@ -1,190 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - cfg = config.krebs.nginx; - - out = { - options.krebs.nginx = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "krebs.nginx"; - - default404 = mkOption { - type = types.bool; - default = true; - description = '' - By default all requests not directed to an explicit hostname are - replied with a 404 error to avoid accidental exposition of nginx - services. - - Set this value to `false` to disable this behavior - you will then be - able to configure a new `default_server` in the listen address entries - again. - ''; - }; - - servers = mkOption { - type = types.attrsOf (types.submodule { - options = { - server-names = mkOption { - type = with types; listOf str; - default = - [config.krebs.build.host.name] ++ - concatMap (getAttr "aliases") - (attrValues config.krebs.build.host.nets); - }; - listen = mkOption { - type = with types; either str (listOf str); - default = "80"; - apply = x: - if typeOf x != "list" - then [x] - else x; - }; - locations = mkOption { - type = with types; listOf (attrsOf str); - default = []; - }; - extraConfig = mkOption { - type = with types; string; - default = ""; - }; - ssl = mkOption { - type = with types; submodule ({ config, ... }: { - options = { - enable = mkEnableOption "ssl"; - acmeEnable = mkOption { - type = bool; - apply = x: - if x && config.enable - #conflicts because of certificate/certificate_key location - then throw "can't use ssl.enable and ssl.acmeEnable together" - else x; - default = false; - description = '' - enables automatical generation of lets-encrypt certificates and setting them as certificate - conflicts with ssl.enable - ''; - }; - certificate = mkOption { - type = str; - }; - certificate_key = mkOption { - type = str; - }; - #TODO: check for valid cipher - ciphers = mkOption { - type = str; - default = "AES128+EECDH:AES128+EDH"; - }; - prefer_server_ciphers = mkOption { - type = bool; - default = true; - }; - force_encryption = mkOption { - type = bool; - default = false; - description = '' - redirect all `http` traffic to the same domain but with ssl - protocol. - ''; - }; - protocols = mkOption { - type = listOf (enum [ "SSLv2" "SSLv3" "TLSv1" "TLSv1.1" "TLSv1.2" ]); - default = [ "TLSv1.1" "TLSv1.2" ]; - - }; - }; - }); - default = {}; - }; - }; - }); - default = {}; - }; - }; - - imp = { - security.acme.certs = mapAttrs (_: to-acme) (filterAttrs (_: server: server.ssl.acmeEnable) cfg.servers); - services.nginx = { - enable = true; - httpConfig = '' - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - gzip on; - - ${optionalString cfg.default404 '' - server { - listen 80 default_server; - server_name _; - return 404; - }''} - - ${concatStrings (mapAttrsToList (_: to-server) cfg.servers)} - ''; - }; - }; - - to-acme = { server-names, ssl, ... }: - optionalAttrs ssl.acmeEnable { - email = "lassulus@gmail.com"; - webroot = "${config.security.acme.directory}/${head server-names}"; - }; - - to-location = { name, value }: '' - location ${name} { - ${indent value} - } - ''; - - to-server = { server-names, listen, locations, extraConfig, ssl, ... }: let - domain = head server-names; - acmeLocation = optionalAttrs ssl.acmeEnable (nameValuePair "/.well-known/acme-challenge" '' - root ${config.security.acme.certs.${domain}.webroot}; - ''); - in '' - server { - server_name ${toString (unique server-names)}; - ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} - ${optionalString ssl.enable (indent '' - ${optionalString ssl.force_encryption '' - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } - ''} - listen 443 ssl; - ssl_certificate ${ssl.certificate}; - ssl_certificate_key ${ssl.certificate_key}; - ${optionalString ssl.prefer_server_ciphers '' - ssl_prefer_server_ciphers On; - ''} - ssl_ciphers ${ssl.ciphers}; - ssl_protocols ${toString ssl.protocols}; - '')} - ${optionalString ssl.acmeEnable (indent '' - ${optionalString ssl.force_encryption '' - if ($scheme = http){ - return 301 https://$server_name$request_uri; - } - ''} - listen 443 ssl; - ssl_certificate ${config.security.acme.directory}/${domain}/fullchain.pem; - ssl_certificate_key ${config.security.acme.directory}/${domain}/key.pem; - ${optionalString ssl.prefer_server_ciphers '' - ssl_prefer_server_ciphers On; - ''} - ssl_ciphers ${ssl.ciphers}; - ssl_protocols ${toString ssl.protocols}; - '')} - ${indent extraConfig} - ${optionalString ssl.acmeEnable (indent (to-location acmeLocation))} - ${indent (concatMapStrings to-location locations)} - } - ''; - -in -out diff --git a/shared/1systems/test-all-krebs-modules.nix b/shared/1systems/test-all-krebs-modules.nix index b42968cfb..39d7c494b 100644 --- a/shared/1systems/test-all-krebs-modules.nix +++ b/shared/1systems/test-all-krebs-modules.nix @@ -36,7 +36,6 @@ in { enable = true; tables = {}; }; - nginx.enable = true; realwallpaper.enable = true; tinc.retiolum.enable = true; retiolum-bootstrap.enable = true; -- cgit v1.2.3 From d53824e7b551759854c6e0ae77411c179a168754 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:08:36 +0200 Subject: m: init syncthing for hosts --- makefu/1systems/fileleech.nix | 2 +- makefu/1systems/gum.nix | 5 +++-- makefu/1systems/omo.nix | 5 +++-- makefu/2configs/ipfs.nix | 5 +++++ makefu/2configs/syncthing.nix | 11 +++++++++++ 5 files changed, 23 insertions(+), 5 deletions(-) create mode 100644 makefu/2configs/ipfs.nix create mode 100644 makefu/2configs/syncthing.nix diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix index 4f92c2b90..3aa5a54f8 100644 --- a/makefu/1systems/fileleech.nix +++ b/makefu/1systems/fileleech.nix @@ -32,7 +32,6 @@ in { ../2configs/elchos/log.nix ../2configs/elchos/search.nix ../2configs/elchos/stats.nix - ../2configs/stats-srv.nix ]; systemd.services.grafana.serviceConfig.LimitNOFILE=10032; @@ -129,6 +128,7 @@ in { # createHome = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey + config.krebs.users.lass.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7betFnMWVeBYRhJ+2f0B5WbDdbpteIVg/BlyimXbx79R7lZ7nUq5GyMLrp7B00frUuA0su8oFFN3ODPJDstgBslBIP7kWPR2zW8NOXorrbFo3J2fKvlO77k6/wD5/M11m5nS01/aVJgAgMGLg2W12G7EMf5Wq75YsQJC/S9p8kMca589djMPRuQETu7fWq0t/Gmwq+2ELLL0csRK87LvybA92JYkAIneRnGzIlCguOXq0Vcq6pGQ1J1PfVEP76Do33X29l2hZc/+vR9ExW6s2g7fs5/5LDX9Wnq7+AEsxiEf4IOeL0hCG4/CGGCN23J+6cDrNKOP94AHO1si0O2lxFsxgNU2vdVWPNgSLottiUFBPPNEZFD++sZyutzH6PIz6D90hB2Q52X6WN9ZUtlDfQ91rHd+S2BhR6f4dAqiRDXlI5MNNDdoTT4S5R0wU/UrNwjiV/xiu/hWZYGQK7YgY4grFRblr378r8FqjLvumPDFMDLVa9eJKq1ad1x/GV5tZpsttzWj4nbixaKlZOg+TN2GHboujLx3bANz1Jqfvfto8UOeKTtA8pkb8E1PJPpBMOZcA7oHaqJrp6Vuf/SkmglHnQvGbi60OK3s61nuRmIcBiTXd+4qeAJpq1QyEDj3X/+hV0Gwz8rCo6JGkF1ETW37ZYvqU9rxNXjS+/Pfktw== jules@kvasir-2015-02-13" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINUD+p2yrc9KoTbCiuYhdfLlRu/eNX6BftToSMLs8O9qWQORjgXbDn8M9iUWXCHzdUZ9sm6Rz8TMdEV0jZq/nB01zYnW4NhMrt+NGtrmGqDa+eYrRZ4G7Rx8AYzM/ZSwERKX10txAVugV44xswRxWvFbCedujjXyWsxelf1ngb+Hiy9/CPuWNYEhTZs/YuvNkupCui2BuKuoSivJAkLhGk5YqwwcllCr39YXa/tFJWsgoQNcB9hwpzfhFm6Cc7m5DhmTWSVhQHEWyaas8Lukmd4v+mRY+KZpuhbomCHWzkxqzdBun8SXiiAKlgem9rtBIgeTEfz9OtOfF3/6VfqE7 toerb@mittagspause ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0IP143FAHBHWjEEKGOnM8SSTIgNF1MJxGCMKaJvTHf momo@k2.local" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1ZJSpBb7Cxo+c2r2JJIcbYOTm/sJxOv2NFRoDfjxGS9CCwzRbzrwJcv2d23j35mu97x3+fUvo8DyMFLvLvume2PFCijqhMDzZZvjYXZdvXA+hnh53nqZf+Pjq8Xc3tSWBHQxUokaBmZbd4LlKHh8NgKVrP2zve6OPZMzo/Es93v37KEmT8d/PfVMrQEMPZzFrCVdq2RbpdQ1nhx09zRFW7OJOazgotafjx6IYXbVq2VDnjffXInsE9ZxDzYq1cNKIH0c2BLpTd3mv76iD9i+nD6W6s48+usFQnVLt2TY1uKkfMr7043E6jBxx5kNHBe5Xxr6Zs0SkR8kKOEhMO//4ucviUYKZJn8wk2SLkAyMYVBexx8jrTdlI4xgQ7RLpSIDTCm9dfbZY/YhZDJ21lsWduQqu7DFWMe05gg4NZDjf2kwYQOzATyqISGA7ttSEPT1iymr/ffAOgLBLSqWQAteUbI2U5cnflWZGwm33JF/Pyb4S3k3/f2mIBKiRx2lsGv6mx1w0SaYRtJxDWqGYMHuFiNYbq9r/bZfLqV3Fy9kRODFJTfJh8mcTnC4zabpiQ7fnqbh1qHu0WrrBSgFW0PR2WWCJ0e5Btj1yRgXp0+d5OuxxlVInRs+l2HogdxjonMhAHrTCzJtI8UJTKXKN0FBPRDRcepeExhvNqcOUz4Kvw== me@andreaskist.de" diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index c39997ebf..3186f8887 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -35,10 +35,12 @@ in { ../2configs/nginx/update.connector.one.nix ../2configs/deployment/mycube.connector.one.nix ../2configs/deployment/graphs.nix + # ../2configs/ipfs.nix + ../2configs/syncthing.nix # ../2configs/opentracker.nix ../2configs/logging/central-stats-client.nix - ../2configs/logging/central-logging-client.nix + # ../2configs/logging/central-logging-client.nix ]; services.smartd.devices = [ { device = "/dev/sda";} ]; @@ -79,7 +81,6 @@ in { ]; services.bitlbee.enable = true; systemd.services.bitlbee.environment.BITLBEE_DEBUG="1"; - # systemd.services.bitlbee.serviceConfig.ExecStart = "${pkgs.bitlbee}/bin/bitlbee -Dnv -c # Hardware boot.loader.grub.device = "/dev/sda"; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 99303b604..ff34ee843 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -53,9 +53,10 @@ in { ../2configs/omo-share.nix ../2configs/tinc/retiolum.nix ../2configs/logging/central-stats-server.nix - ../2configs/logging/central-logging-server.nix + # ../2configs/logging/central-logging-server.nix ../2configs/logging/central-stats-client.nix - ../2configs/logging/central-logging-client.nix + ../2configs/syncthing.nix + # ../2configs/logging/central-logging-client.nix # ../2configs/torrent.nix diff --git a/makefu/2configs/ipfs.nix b/makefu/2configs/ipfs.nix new file mode 100644 index 000000000..cc07e063d --- /dev/null +++ b/makefu/2configs/ipfs.nix @@ -0,0 +1,5 @@ +{...}: +{ + services.ipfs.enable = true; + networking.firewall.allowedTCPPorts = [ 4001 ]; +} diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix new file mode 100644 index 000000000..6b758ea2d --- /dev/null +++ b/makefu/2configs/syncthing.nix @@ -0,0 +1,11 @@ +{...}: + +with import ; { + services.syncthing = { + enable = true; + openDefaultPorts = true; + useInotify = true; + group = "download"; + }; + users.extraGroups.download.gid = genid "download"; +} -- cgit v1.2.3 From 6436eac7b9081c3a2f06aff5c27c40a2f54a4eff Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:11:32 +0200 Subject: m 2 urxvtd: init --- makefu/1systems/x.nix | 3 ++- makefu/2configs/base-gui.nix | 5 ++++- makefu/2configs/urxvtd.nix | 21 +++++++++++++++++++++ makefu/5pkgs/awesomecfg/full.cfg | 2 +- 4 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 makefu/2configs/urxvtd.nix diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 9cedc04a8..51c9543ef 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -2,6 +2,7 @@ # # { config, pkgs, ... }: +with import ; { imports = @@ -78,7 +79,7 @@ }; boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; - environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; + environment.systemPackages = [ pkgs.passwdqc-utils ]; virtualisation.docker.enable = true; diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index ba4c551b3..1a19ab36b 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -16,7 +16,10 @@ let mainUser = config.krebs.build.user.name; in { - imports = [ ]; + imports = [ + ./urxvtd.nix + ]; + services.xserver = { enable = true; layout = "us"; diff --git a/makefu/2configs/urxvtd.nix b/makefu/2configs/urxvtd.nix new file mode 100644 index 000000000..286b87ab3 --- /dev/null +++ b/makefu/2configs/urxvtd.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +let + mainUser = config.krebs.build.user.name; +in { + systemd.services.urxvtd = { + wantedBy = [ "multi-user.target" ]; + before = [ "graphical.target" ]; + reloadIfChanged = true; + serviceConfig = { + SyslogIdentifier = "urxvtd"; + ExecReload = "${pkgs.coreutils}/bin/echo NOP"; + ExecStart = "${pkgs.rxvt_unicode_with-plugins}/bin/urxvtd"; + Restart = "always"; + RestartSec = "2s"; + StartLimitBurst = 0; + User = mainUser; + }; + }; + # TODO: sessionCommands from base-gui related to urxvt in this file +} diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index e43341d25..73ff42e9f 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -90,7 +90,7 @@ client.connect_signal("focus", function(c) c.border_color = beautiful.border_foc client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end) -- This is used later as the default terminal and editor to run. -terminal = "urxvt" +terminal = "urxvtc" editor = os.getenv("EDITOR") or "vim" editor_cmd = terminal .. " -e " .. editor browser = "firefox" -- cgit v1.2.3 From c762622a293248f55e46ff83fb870df128a0fb59 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:12:16 +0200 Subject: m 2 default: 2982661 -> 4fac473 --- makefu/2configs/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index cd9b4c056..0865c3a31 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -11,7 +11,7 @@ with import ; ./vim.nix ./binary-cache/nixos.nix ]; - + programs.command-not-found.enable = false; nixpkgs.config.allowUnfreePredicate = (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name); krebs = { enable = true; @@ -22,7 +22,7 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "2982661"; # unstable @ 2017-03-31 + cups-dymo + snapraid-11.1 + ref = "4fac473"; # unstable @ 2017-03-31 + command-not-found in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { -- cgit v1.2.3 From 52ff49d7d5a7bc7a815fd457d69e028cfb9b8325 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:13:07 +0200 Subject: m 2 tools: add packages --- makefu/2configs/tools/core-gui.nix | 2 +- makefu/2configs/tools/core.nix | 1 + makefu/2configs/tools/extra-gui.nix | 1 + makefu/2configs/tools/sec.nix | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 6d62e92c0..0538647ae 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -12,11 +12,11 @@ firefox keepassx pcmanfm + evince skype mirage tightvnc gnome3.dconf - wireshark xdotool xorg.xbacklight scrot diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 86d72c662..6ae2951eb 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -40,6 +40,7 @@ cac-api cac-panel krebspaste + krebszones ledger pass ]; diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 9cfacf408..596734dd5 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -4,6 +4,7 @@ krebs.per-user.makefu.packages = with pkgs;[ inkscape gimp + libreoffice skype virtmanager synergy diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 5ab699f35..e53d9ee8e 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -11,5 +11,6 @@ nmap msf thc-hydra + wireshark ]; } -- cgit v1.2.3 From 456f20deda1d5d651a8c382aa8edc3cb59e26e7e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Apr 2017 13:13:35 +0200 Subject: m 1 shoney: graphs -> graph --- makefu/1systems/shoney.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/shoney.nix b/makefu/1systems/shoney.nix index 96aeb2856..9f04e97eb 100644 --- a/makefu/1systems/shoney.nix +++ b/makefu/1systems/shoney.nix @@ -31,7 +31,7 @@ in { anonymous-domain = "localhost.localdomain"; anonymous.extraConfig = "return 403;"; complete = { - serverAliases = [ "graphs.siem" ]; + serverAliases = [ "graph.siem" ]; extraConfig = '' if ( $server_addr = "${ip}" ) { return 403; -- cgit v1.2.3 From 0011f32a343a88ec1b7e5426d271a419bfeb6444 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 19:55:19 +0200 Subject: l 1 iso: enable copytoram --- lass/1systems/iso.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 01d698c4c..5bbd0c1d7 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -11,6 +11,9 @@ with import ; ../2configs/mc.nix ../2configs/nixpkgs.nix ../2configs/vim.nix + { + boot.kernelParams = [ "copytoram" ]; + } { krebs.enable = true; krebs.build.user = config.krebs.users.lass; -- cgit v1.2.3 From d528daf9e8d4ec59b3e5355576eaf001136763cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 18 Apr 2017 21:02:17 +0200 Subject: l 2 nixpkgs: 5acb454 -> c85f39e --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 5309c9551..5f9800b0f 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://cgit.lassul.us/nixpkgs; - ref = "5acb454"; + ref = "c85f39e"; }; } -- cgit v1.2.3 From d40738d41573eca83d7e84f8a9946f8d8441a0d0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 19 Apr 2017 00:13:52 +0200 Subject: l 1 iso: hack around buggy /dev/stderr in live iso --- lass/1systems/iso.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index 5bbd0c1d7..99399550c 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -12,6 +12,27 @@ with import ; ../2configs/nixpkgs.nix ../2configs/vim.nix { + # /dev/stderr doesn't work. I don't know why + # /proc/self doesn't seem to work correctly + # /dev/pts is empty except for 1 file + # my life sucks + nixpkgs.config.packageOverrides = super: { + irc-announce = super.callPackage { + pkgs = pkgs // { coreutils = pkgs.concat "coreutils-hack" [ + pkgs.coreutils + (pkgs.writeDashBin "tee" '' + if test "$1" = /dev/stderr; then + while read -r line; do + echo "$line" + echo "$line" >&2 + done + else + ${super.coreutils}/bin/tee "$@" + fi + '') + ];}; + }; + }; boot.kernelParams = [ "copytoram" ]; } { -- cgit v1.2.3