ma treewide: make 21.05 compatible (is*User, other fixes)

This commit is contained in:
makefu 2021-06-05 15:52:06 +02:00
parent 771ea66091
commit e7bf265a85
13 changed files with 33 additions and 16 deletions

View file

@ -43,7 +43,6 @@ in {
<stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/desktop.nix> <stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix> <stockholm/makefu/2configs/tools/mobility.nix>
{ environment.systemPackages = [ pkgs.esniper ]; }
#<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix> #<stockholm/makefu/2configs/share-user-sftp.nix>
@ -141,6 +140,7 @@ in {
]; ];
makefu.full-populate = true; makefu.full-populate = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
users.users.share.isNormalUser = true;
users.groups.share = { users.groups.share = {
gid = (import <stockholm/lib>).genid "share"; gid = (import <stockholm/lib>).genid "share";
members = [ "makefu" "misa" ]; members = [ "makefu" "misa" ];
@ -152,6 +152,7 @@ in {
users.users.misa = { users.users.misa = {
uid = 9002; uid = 9002;
name = "misa"; name = "misa";
isNormalUser = true;
}; };
zramSwap.enable = true; zramSwap.enable = true;

View file

@ -41,8 +41,8 @@ in
services.tor = { services.tor = {
enable = true; enable = true;
hiddenServices."${name}".map = [ hiddenServices."${name}".map = [
{ port = "80"; } { port = 80; }
# { port = "443"; toHost = "blog.binaergewitter.de"; } # { port = 443; toHost = "blog.binaergewitter.de"; }
]; ];
}; };
} }

View file

@ -75,7 +75,7 @@ in {
}; };
}; };
services.redis.enable = true; services.redis.enable = true;
systemd.services.redis.serviceConfig.LimitNOFILE=65536; systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536";
services.postgresql = { services.postgresql = {
enable = true; enable = true;
# Ensure the database, user, and permissions always exist # Ensure the database, user, and permissions always exist

View file

@ -7,6 +7,11 @@ in {
virtualHost = fqdn; virtualHost = fqdn;
selfUrlPath = "https://${fqdn}"; selfUrlPath = "https://${fqdn}";
}; };
nixpkgs.config.permittedInsecurePackages = [
"python2.7-Pillow-6.2.2"
];
systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php";
services.postgresql.package = pkgs.postgresql_9_6; services.postgresql.package = pkgs.postgresql_9_6;
state = [ config.services.postgresqlBackup.location ]; state = [ config.services.postgresqlBackup.location ];

View file

@ -26,7 +26,10 @@ in
]; ];
user = "metube"; user = "metube";
}; };
users.users.metube.uid = uid; users.users.metube = {
uid = uid;
isSystemUser = true;
};
systemd.services.docker-metube.serviceConfig = { systemd.services.docker-metube.serviceConfig = {
StandardOutput = lib.mkForce "journal"; StandardOutput = lib.mkForce "journal";

View file

@ -20,7 +20,7 @@ in
services.zigbee2mqtt = { services.zigbee2mqtt = {
enable = true; enable = true;
inherit dataDir; inherit dataDir;
config = { settings = {
permit_join = true; permit_join = true;
serial.port = "/dev/cc2531"; serial.port = "/dev/cc2531";
homeassistant = true; homeassistant = true;

View file

@ -7,6 +7,7 @@
description = "smb guest user"; description = "smb guest user";
home = "/data/lanparty"; home = "/data/lanparty";
createHome = true; createHome = true;
isNormalUser = true;
}; };
services.samba = { services.samba = {
enable = true; enable = true;

View file

@ -1,11 +1,12 @@
{config,...}:{ {config,...}:{
nix.trustedUsers = [ "nixBuild" ]; nix.trustedUsers = [ "nixBuild" ];
users.users.nixBuild = { users.users.nixBuild = {
name = "nixBuild"; name = "nixBuild";
useDefaultShell = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ useDefaultShell = true;
config.krebs.users.buildbotSlave.pubkey openssh.authorizedKeys.keys = [
config.krebs.users.makefu-remote-builder.pubkey config.krebs.users.buildbotSlave.pubkey
]; config.krebs.users.makefu-remote-builder.pubkey
}; ];
};
} }

View file

@ -5,6 +5,7 @@
share = { share = {
uid = 9002; uid = 9002;
home = "/var/empty"; home = "/var/empty";
isNormalUser = true;
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
}; };
}; };

View file

@ -11,7 +11,10 @@ in {
# home = "/var/empty"; # home = "/var/empty";
# }; # };
environment.systemPackages = [ pkgs.samba ]; environment.systemPackages = [ pkgs.samba ];
users.users.download.uid = genid "download"; users.users.download = {
uid = genid "download";
isNormalUser = true;
};
services.samba = { services.samba = {
enable = true; enable = true;
shares = { shares = {

View file

@ -4,6 +4,7 @@
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest;
group = "share"; group = "share";
description = "smb guest user"; description = "smb guest user";
isNormalUser = true;
home = "/var/empty"; home = "/var/empty";
}; };
users.groups.share.members = [ "makefu" ]; users.groups.share.members = [ "makefu" ];

View file

@ -50,6 +50,7 @@ let
# TODO only create if user is ps3netsrv # TODO only create if user is ps3netsrv
users.users.ps3netsrv = { users.users.ps3netsrv = {
uid = genid "ps3netsrv"; uid = genid "ps3netsrv";
isSystemUser = true;
}; };
users.groups.ps3netsrv.gid = genid "ps3netsrv"; users.groups.ps3netsrv.gid = genid "ps3netsrv";
}; };

View file

@ -1,6 +1,6 @@
{ go_1_14, buildGoPackage, fetchFromGitHub }: { buildGoPackage, fetchFromGitHub }:
let let
builder = buildGoPackage.override { go = go_1_14; }; builder = buildGoPackage;
in in
builder rec { builder rec {
name = "shiori-${version}"; name = "shiori-${version}";