Merge remote-tracking branch 'ni/master'
This commit is contained in:
commit
04f48503a4
|
@ -26,9 +26,8 @@ with import <stockholm/lib>;
|
|||
Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
|
||||
${tinc.config.extraConfig}
|
||||
'';
|
||||
"tinc-up" = pkgs.writeScript "${netname}-tinc-up" ''
|
||||
#!/bin/sh
|
||||
ip link set ${netname} up
|
||||
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
|
||||
${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
|
||||
${tinc.config.tincUp}
|
||||
'';
|
||||
});
|
||||
|
@ -60,14 +59,15 @@ with import <stockholm/lib>;
|
|||
type = types.str;
|
||||
default = let
|
||||
net = tinc.config.host.nets.${netname};
|
||||
iproute = tinc.config.iproutePackage;
|
||||
in ''
|
||||
${optionalString (net.ip4 != null) /* sh */ ''
|
||||
ip -4 addr add ${net.ip4.addr} dev ${netname}
|
||||
ip -4 route add ${net.ip4.prefix} dev ${netname}
|
||||
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname}
|
||||
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname}
|
||||
''}
|
||||
${optionalString (net.ip6 != null) /* sh */ ''
|
||||
ip -6 addr add ${net.ip6.addr} dev ${netname}
|
||||
ip -6 route add ${net.ip6.prefix} dev ${netname}
|
||||
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
|
||||
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
|
||||
''}
|
||||
${tinc.config.tincUpExtra}
|
||||
'';
|
||||
|
@ -238,39 +238,41 @@ with import <stockholm/lib>;
|
|||
description = "Tinc daemon for ${netname}";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [
|
||||
cfg.iproutePackage
|
||||
cfg.tincPackage
|
||||
];
|
||||
reloadIfChanged = true;
|
||||
# Restart the service in a single step in order to prevent potential
|
||||
# connection timeouts and subsequent issues while deploying via tinc.
|
||||
stopIfChanged = false;
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
LoadCredential = filter (x: x != "") [
|
||||
(optionalString (cfg.privkey_ed25519 != null)
|
||||
"ed25519_key:${cfg.privkey_ed25519}"
|
||||
"ed25519_key.priv:${cfg.privkey_ed25519}"
|
||||
)
|
||||
"rsa_key:${cfg.privkey}"
|
||||
"rsa_key.priv:${cfg.privkey}"
|
||||
];
|
||||
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
|
||||
set -efu
|
||||
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
|
||||
${pkgs.rsync}/bin/rsync -vaL --delete \
|
||||
${pkgs.rsync}/bin/rsync -Lacv --delete \
|
||||
--chown ${cfg.user.name} \
|
||||
--chmod u=rwX,g=rX \
|
||||
--exclude='/*.priv' \
|
||||
${cfg.confDir}/ /etc/tinc/${netname}/
|
||||
${optionalString (cfg.privkey_ed25519 != null) /* sh */ ''
|
||||
${pkgs.coreutils}/bin/ln -fns \
|
||||
"$CREDENTIALS_DIRECTORY"/ed25519_key.priv \
|
||||
/etc/tinc/${netname}/
|
||||
''}
|
||||
${pkgs.coreutils}/bin/ln -fns \
|
||||
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
|
||||
/etc/tinc/${netname}/
|
||||
'';
|
||||
ExecStart = toString [
|
||||
"${cfg.tincPackage}/sbin/tincd"
|
||||
"-D"
|
||||
"-U ${cfg.user.name}"
|
||||
"-c /etc/tinc/${netname}"
|
||||
"-d 0"
|
||||
(optionalString (cfg.privkey_ed25519 != null)
|
||||
"-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key"
|
||||
)
|
||||
"-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key"
|
||||
"--pidfile=/var/run/tinc.${netname}.pid"
|
||||
"-n ${netname}"
|
||||
];
|
||||
ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} restart";
|
||||
SyslogIdentifier = netname;
|
||||
};
|
||||
}) config.krebs.tinc;
|
||||
|
|
|
@ -6,9 +6,9 @@ with import <stockholm/lib>;
|
|||
krebs.tinc.retiolum = {
|
||||
enable = true;
|
||||
connectTo = filter (ne config.krebs.build.host.name) [
|
||||
"gum"
|
||||
"ni"
|
||||
"prism"
|
||||
"eve"
|
||||
];
|
||||
extraConfig = ''
|
||||
LocalDiscovery = yes
|
||||
|
|
|
@ -1,47 +1,20 @@
|
|||
with import <stockholm/lib>;
|
||||
let
|
||||
pushBack = x: xs:
|
||||
if elem x xs then
|
||||
remove x xs ++ [ x ]
|
||||
else
|
||||
names;
|
||||
in
|
||||
|
||||
self: super:
|
||||
|
||||
# Import files and subdirectories like they are overlays.
|
||||
foldl' mergeAttrs {}
|
||||
fix
|
||||
(foldl' (flip extends) (_: super)
|
||||
(map
|
||||
(name: import (./. + "/${name}") self super)
|
||||
(name: import (./. + "/${name}"))
|
||||
(filter
|
||||
(name: name != "default.nix" && !hasPrefix "." name)
|
||||
(attrNames (readDir ./.))))
|
||||
|
||||
//
|
||||
|
||||
{
|
||||
cr = self.writeDashBin "cr" ''
|
||||
set -efu
|
||||
if test -n "''${XDG_RUNTIME_DIR-}"; then
|
||||
cache_dir=$XDG_RUNTIME_DIR/chromium-disk-cache
|
||||
else
|
||||
cache_dir=/tmp/chromium-disk-cache_$LOGNAME
|
||||
fi
|
||||
export LC_TIME=de_DE.utf8
|
||||
exec ${self.chromium}/bin/chromium \
|
||||
--ssl-version-min=tls1 \
|
||||
--disk-cache-dir="$cache_dir" \
|
||||
--disk-cache-size=50000000 \
|
||||
"$@"
|
||||
'';
|
||||
|
||||
dhcpcd = overrideDerivation super.dhcpcd (old: {
|
||||
configureFlags = old.configureFlags ++ [
|
||||
"--dbdir=/var/lib/dhcpcd"
|
||||
];
|
||||
});
|
||||
|
||||
gitAndTools = super.gitAndTools // {
|
||||
inherit (self) diff-so-fancy;
|
||||
};
|
||||
|
||||
ff = self.writeDashBin "ff" ''
|
||||
exec ${self.firefoxWrapper}/bin/firefox "$@"
|
||||
'';
|
||||
|
||||
gnupg = self.gnupg22;
|
||||
|
||||
}
|
||||
(pushBack "override"
|
||||
(attrNames (readDir ./.))))))
|
||||
|
|
72
tv/5pkgs/override/anbox.nix
Normal file
72
tv/5pkgs/override/anbox.nix
Normal file
|
@ -0,0 +1,72 @@
|
|||
self: super:
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/pull/125600
|
||||
super.anbox.overrideAttrs (old:
|
||||
assert old.version == "unstable-2020-11-29";
|
||||
rec {
|
||||
version = "unstable-2021-05-26";
|
||||
|
||||
src = self.fetchFromGitHub {
|
||||
owner = old.pname;
|
||||
repo = old.pname;
|
||||
rev = "ad377ff25354d68b76e2b8da24a404850f8514c6";
|
||||
sha256 = "1bj07ixwbkli4ycjh41mnqdbsjz9haiwg2nhf9anbi29z1d0819w";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
postPatch = old.patchPhase;
|
||||
|
||||
# patchPhase() from <nixpkgs/pkgs/stdenv/generic/setup.sh>
|
||||
# TODO patchPhase = default.patchPhase; or something
|
||||
patchPhase = ''
|
||||
runHook prePatch
|
||||
|
||||
for i in ''${patches:-}; do
|
||||
header "applying patch $i" 3
|
||||
local uncompress=cat
|
||||
case "$i" in
|
||||
*.gz)
|
||||
uncompress="gzip -d"
|
||||
;;
|
||||
*.bz2)
|
||||
uncompress="bzip2 -d"
|
||||
;;
|
||||
*.xz)
|
||||
uncompress="xz -d"
|
||||
;;
|
||||
*.lzma)
|
||||
uncompress="lzma -d"
|
||||
;;
|
||||
esac
|
||||
# "2>&1" is a hack to make patch fail if the decompressor fails (nonexistent patch, etc.)
|
||||
# shellcheck disable=SC2086
|
||||
$uncompress < "$i" 2>&1 | patch ''${patchFlags:--p1}
|
||||
done
|
||||
|
||||
runHook postPatch
|
||||
'';
|
||||
|
||||
patches = [
|
||||
# Fixes compatibility with lxc 4
|
||||
(self.fetchpatch {
|
||||
url = "https://git.alpinelinux.org/aports/plain/community/anbox/lxc4.patch?id=64243590a16aee8d4e72061886fc1b15256492c3";
|
||||
sha256 = "1da5xyzyjza1g2q9nbxb4p3njj2sf3q71vkpvmmdphia5qnb0gk5";
|
||||
})
|
||||
# Wait 10× more time when starting
|
||||
# Not *strictly* needed, but helps a lot on slower hardware
|
||||
(self.fetchpatch {
|
||||
url = "https://git.alpinelinux.org/aports/plain/community/anbox/give-more-time-to-start.patch?id=058b56d4b332ef3379551b343bf31e0f2004321a";
|
||||
sha256 = "0iiz3c7fgfgl0dvx8sf5hv7a961xqnihwpz6j8r0ib9v8piwxh9a";
|
||||
})
|
||||
# Ensures generated desktop files work on store path change
|
||||
(self.fetchpatch {
|
||||
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/fdf7b4be1a659ed8b96586c2fc8ff90850e25feb/pkgs/os-specific/linux/anbox/0001-NixOS-Use-anbox-from-PATH-in-desktop-files.patch";
|
||||
sha256 = "173z84g1r8h367a2dgk6945is6vxg4j1hs2hkfd3m3bbpwfw9221";
|
||||
})
|
||||
# Provide window icons
|
||||
(self.fetchpatch {
|
||||
url = "https://github.com/samueldr/anbox/commit/2387f4fcffc0e19e52e58fb6f8264fbe87aafe4d.patch";
|
||||
sha256 = "12lmr0kxw1n68g3abh1ak5awmpczfh75c26f53jc8qpvdvv1ywha";
|
||||
})
|
||||
];
|
||||
})
|
|
@ -1,24 +1,4 @@
|
|||
with import <stockholm/lib>;
|
||||
self: super: {
|
||||
fzf = super.fzf.overrideAttrs (old: {
|
||||
# XXX cannot use `patches` because fzf has a custom patchPhase
|
||||
patchPhase = ''
|
||||
patch -Np1 < ${./fzf.complete1.patch}
|
||||
${old.patchPhase or ""}
|
||||
'';
|
||||
});
|
||||
input-fonts = super.input-fonts.overrideAttrs (old: rec {
|
||||
src = self.fetchzip {
|
||||
url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip";
|
||||
sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr";
|
||||
stripRoot = false;
|
||||
};
|
||||
sourceRoot = null;
|
||||
outputHash = null;
|
||||
outputHashAlgo = null;
|
||||
outputHashMode = null;
|
||||
});
|
||||
self: super:
|
||||
|
||||
nix-prefetch-github =
|
||||
self.python3Packages.callPackage ./nix-prefetch-github.nix {};
|
||||
}
|
||||
mapNixDir (path: import path self super) ./.
|
||||
|
|
7
tv/5pkgs/override/dhcpcd.nix
Normal file
7
tv/5pkgs/override/dhcpcd.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
self: super:
|
||||
|
||||
self.lib.overrideDerivation super.dhcpcd (old: {
|
||||
configureFlags = old.configureFlags ++ [
|
||||
"--dbdir=/var/lib/dhcpcd"
|
||||
];
|
||||
})
|
9
tv/5pkgs/override/fzf/default.nix
Normal file
9
tv/5pkgs/override/fzf/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
self: super:
|
||||
|
||||
super.fzf.overrideAttrs (old: {
|
||||
# XXX cannot use `patches` because fzf has a custom patchPhase
|
||||
patchPhase = ''
|
||||
patch -Np1 < ${./complete1.patch}
|
||||
${old.patchPhase or ""}
|
||||
'';
|
||||
})
|
5
tv/5pkgs/override/gitAndTools.nix
Normal file
5
tv/5pkgs/override/gitAndTools.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
self: super:
|
||||
|
||||
super.gitAndTools // {
|
||||
inherit (self) diff-so-fancy;
|
||||
}
|
13
tv/5pkgs/override/input-fonts.nix
Normal file
13
tv/5pkgs/override/input-fonts.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
self: super:
|
||||
|
||||
super.input-fonts.overrideAttrs (old: rec {
|
||||
src = self.fetchzip {
|
||||
url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip";
|
||||
sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr";
|
||||
stripRoot = false;
|
||||
};
|
||||
sourceRoot = null;
|
||||
outputHash = null;
|
||||
outputHashAlgo = null;
|
||||
outputHashMode = null;
|
||||
})
|
|
@ -1,47 +0,0 @@
|
|||
{ fetchPypi
|
||||
, lib
|
||||
, buildPythonPackage
|
||||
, pythonOlder
|
||||
, attrs
|
||||
, click
|
||||
, effect
|
||||
, jinja2
|
||||
, git
|
||||
, pytestCheckHook
|
||||
, pytest-black
|
||||
, pytestcov
|
||||
, pytest-isort
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "nix-prefetch-github";
|
||||
version = "3.0";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-EN+EbVXUaf+id5UsK4EBm/9k9FYaH79g08kblvW60XA=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
attrs
|
||||
click
|
||||
effect
|
||||
jinja2
|
||||
];
|
||||
|
||||
checkInputs = [ pytestCheckHook pytest-black pytestcov pytest-isort git ];
|
||||
checkPhase = ''
|
||||
pytest -m 'not network'
|
||||
'';
|
||||
|
||||
# latest version of isort will cause tests to fail
|
||||
# ignore tests which are impure
|
||||
disabledTests = [ "isort" "life" "outputs" "fetch_submodules" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Prefetch sources from github";
|
||||
homepage = "https://github.com/seppeljordan/nix-prefetch-github";
|
||||
license = licenses.gpl3;
|
||||
maintainers = with maintainers; [ seppeljordan ];
|
||||
};
|
||||
}
|
16
tv/5pkgs/simple/cr.nix
Normal file
16
tv/5pkgs/simple/cr.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ pkgs }:
|
||||
|
||||
pkgs.writeDashBin "cr" ''
|
||||
set -efu
|
||||
if test -n "''${XDG_RUNTIME_DIR-}"; then
|
||||
cache_dir=$XDG_RUNTIME_DIR/chromium-disk-cache
|
||||
else
|
||||
cache_dir=/tmp/chromium-disk-cache_$LOGNAME
|
||||
fi
|
||||
export LC_TIME=de_DE.utf8
|
||||
exec ${pkgs.chromium}/bin/chromium \
|
||||
--ssl-version-min=tls1 \
|
||||
--disk-cache-dir="$cache_dir" \
|
||||
--disk-cache-size=50000000 \
|
||||
"$@"
|
||||
''
|
5
tv/5pkgs/simple/ff.nix
Normal file
5
tv/5pkgs/simple/ff.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ pkgs }:
|
||||
|
||||
pkgs.writeDashBin "ff" ''
|
||||
exec ${pkgs.firefoxWrapper}/bin/firefox "$@"
|
||||
''
|
Loading…
Reference in a new issue