Merge remote-tracking branch 'ni/master'

This commit is contained in:
lassulus 2022-03-11 13:09:34 +01:00
commit 04f48503a4
13 changed files with 169 additions and 134 deletions

View file

@ -26,9 +26,8 @@ with import <stockholm/lib>;
Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
${tinc.config.extraConfig}
'';
"tinc-up" = pkgs.writeScript "${netname}-tinc-up" ''
#!/bin/sh
ip link set ${netname} up
"tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
${tinc.config.iproutePackage}/sbin/ip link set ${netname} up
${tinc.config.tincUp}
'';
});
@ -60,14 +59,15 @@ with import <stockholm/lib>;
type = types.str;
default = let
net = tinc.config.host.nets.${netname};
iproute = tinc.config.iproutePackage;
in ''
${optionalString (net.ip4 != null) /* sh */ ''
ip -4 addr add ${net.ip4.addr} dev ${netname}
ip -4 route add ${net.ip4.prefix} dev ${netname}
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${netname}
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${netname}
''}
${optionalString (net.ip6 != null) /* sh */ ''
ip -6 addr add ${net.ip6.addr} dev ${netname}
ip -6 route add ${net.ip6.prefix} dev ${netname}
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${netname}
''}
${tinc.config.tincUpExtra}
'';
@ -238,39 +238,41 @@ with import <stockholm/lib>;
description = "Tinc daemon for ${netname}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [
cfg.iproutePackage
cfg.tincPackage
];
reloadIfChanged = true;
# Restart the service in a single step in order to prevent potential
# connection timeouts and subsequent issues while deploying via tinc.
stopIfChanged = false;
serviceConfig = {
Restart = "always";
LoadCredential = filter (x: x != "") [
(optionalString (cfg.privkey_ed25519 != null)
"ed25519_key:${cfg.privkey_ed25519}"
"ed25519_key.priv:${cfg.privkey_ed25519}"
)
"rsa_key:${cfg.privkey}"
"rsa_key.priv:${cfg.privkey}"
];
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
set -efu
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
${pkgs.rsync}/bin/rsync -vaL --delete \
${pkgs.rsync}/bin/rsync -Lacv --delete \
--chown ${cfg.user.name} \
--chmod u=rwX,g=rX \
--exclude='/*.priv' \
${cfg.confDir}/ /etc/tinc/${netname}/
${optionalString (cfg.privkey_ed25519 != null) /* sh */ ''
${pkgs.coreutils}/bin/ln -fns \
"$CREDENTIALS_DIRECTORY"/ed25519_key.priv \
/etc/tinc/${netname}/
''}
${pkgs.coreutils}/bin/ln -fns \
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
/etc/tinc/${netname}/
'';
ExecStart = toString [
"${cfg.tincPackage}/sbin/tincd"
"-D"
"-U ${cfg.user.name}"
"-c /etc/tinc/${netname}"
"-d 0"
(optionalString (cfg.privkey_ed25519 != null)
"-o Ed25519PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/ed25519_key"
)
"-o PrivateKeyFile=\${CREDENTIALS_DIRECTORY}/rsa_key"
"--pidfile=/var/run/tinc.${netname}.pid"
"-n ${netname}"
];
ExecReload = "${cfg.tincPackage}/sbin/tinc -n ${netname} restart";
SyslogIdentifier = netname;
};
}) config.krebs.tinc;

View file

@ -6,9 +6,9 @@ with import <stockholm/lib>;
krebs.tinc.retiolum = {
enable = true;
connectTo = filter (ne config.krebs.build.host.name) [
"gum"
"ni"
"prism"
"eve"
];
extraConfig = ''
LocalDiscovery = yes

View file

@ -1,47 +1,20 @@
with import <stockholm/lib>;
let
pushBack = x: xs:
if elem x xs then
remove x xs ++ [ x ]
else
names;
in
self: super:
# Import files and subdirectories like they are overlays.
foldl' mergeAttrs {}
fix
(foldl' (flip extends) (_: super)
(map
(name: import (./. + "/${name}") self super)
(name: import (./. + "/${name}"))
(filter
(name: name != "default.nix" && !hasPrefix "." name)
(attrNames (readDir ./.))))
//
{
cr = self.writeDashBin "cr" ''
set -efu
if test -n "''${XDG_RUNTIME_DIR-}"; then
cache_dir=$XDG_RUNTIME_DIR/chromium-disk-cache
else
cache_dir=/tmp/chromium-disk-cache_$LOGNAME
fi
export LC_TIME=de_DE.utf8
exec ${self.chromium}/bin/chromium \
--ssl-version-min=tls1 \
--disk-cache-dir="$cache_dir" \
--disk-cache-size=50000000 \
"$@"
'';
dhcpcd = overrideDerivation super.dhcpcd (old: {
configureFlags = old.configureFlags ++ [
"--dbdir=/var/lib/dhcpcd"
];
});
gitAndTools = super.gitAndTools // {
inherit (self) diff-so-fancy;
};
ff = self.writeDashBin "ff" ''
exec ${self.firefoxWrapper}/bin/firefox "$@"
'';
gnupg = self.gnupg22;
}
(pushBack "override"
(attrNames (readDir ./.))))))

View file

@ -0,0 +1,72 @@
self: super:
# https://github.com/NixOS/nixpkgs/pull/125600
super.anbox.overrideAttrs (old:
assert old.version == "unstable-2020-11-29";
rec {
version = "unstable-2021-05-26";
src = self.fetchFromGitHub {
owner = old.pname;
repo = old.pname;
rev = "ad377ff25354d68b76e2b8da24a404850f8514c6";
sha256 = "1bj07ixwbkli4ycjh41mnqdbsjz9haiwg2nhf9anbi29z1d0819w";
fetchSubmodules = true;
};
postPatch = old.patchPhase;
# patchPhase() from <nixpkgs/pkgs/stdenv/generic/setup.sh>
# TODO patchPhase = default.patchPhase; or something
patchPhase = ''
runHook prePatch
for i in ''${patches:-}; do
header "applying patch $i" 3
local uncompress=cat
case "$i" in
*.gz)
uncompress="gzip -d"
;;
*.bz2)
uncompress="bzip2 -d"
;;
*.xz)
uncompress="xz -d"
;;
*.lzma)
uncompress="lzma -d"
;;
esac
# "2>&1" is a hack to make patch fail if the decompressor fails (nonexistent patch, etc.)
# shellcheck disable=SC2086
$uncompress < "$i" 2>&1 | patch ''${patchFlags:--p1}
done
runHook postPatch
'';
patches = [
# Fixes compatibility with lxc 4
(self.fetchpatch {
url = "https://git.alpinelinux.org/aports/plain/community/anbox/lxc4.patch?id=64243590a16aee8d4e72061886fc1b15256492c3";
sha256 = "1da5xyzyjza1g2q9nbxb4p3njj2sf3q71vkpvmmdphia5qnb0gk5";
})
# Wait 10× more time when starting
# Not *strictly* needed, but helps a lot on slower hardware
(self.fetchpatch {
url = "https://git.alpinelinux.org/aports/plain/community/anbox/give-more-time-to-start.patch?id=058b56d4b332ef3379551b343bf31e0f2004321a";
sha256 = "0iiz3c7fgfgl0dvx8sf5hv7a961xqnihwpz6j8r0ib9v8piwxh9a";
})
# Ensures generated desktop files work on store path change
(self.fetchpatch {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/fdf7b4be1a659ed8b96586c2fc8ff90850e25feb/pkgs/os-specific/linux/anbox/0001-NixOS-Use-anbox-from-PATH-in-desktop-files.patch";
sha256 = "173z84g1r8h367a2dgk6945is6vxg4j1hs2hkfd3m3bbpwfw9221";
})
# Provide window icons
(self.fetchpatch {
url = "https://github.com/samueldr/anbox/commit/2387f4fcffc0e19e52e58fb6f8264fbe87aafe4d.patch";
sha256 = "12lmr0kxw1n68g3abh1ak5awmpczfh75c26f53jc8qpvdvv1ywha";
})
];
})

View file

@ -1,24 +1,4 @@
with import <stockholm/lib>;
self: super: {
fzf = super.fzf.overrideAttrs (old: {
# XXX cannot use `patches` because fzf has a custom patchPhase
patchPhase = ''
patch -Np1 < ${./fzf.complete1.patch}
${old.patchPhase or ""}
'';
});
input-fonts = super.input-fonts.overrideAttrs (old: rec {
src = self.fetchzip {
url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip";
sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr";
stripRoot = false;
};
sourceRoot = null;
outputHash = null;
outputHashAlgo = null;
outputHashMode = null;
});
self: super:
nix-prefetch-github =
self.python3Packages.callPackage ./nix-prefetch-github.nix {};
}
mapNixDir (path: import path self super) ./.

View file

@ -0,0 +1,7 @@
self: super:
self.lib.overrideDerivation super.dhcpcd (old: {
configureFlags = old.configureFlags ++ [
"--dbdir=/var/lib/dhcpcd"
];
})

View file

@ -0,0 +1,9 @@
self: super:
super.fzf.overrideAttrs (old: {
# XXX cannot use `patches` because fzf has a custom patchPhase
patchPhase = ''
patch -Np1 < ${./complete1.patch}
${old.patchPhase or ""}
'';
})

View file

@ -0,0 +1,5 @@
self: super:
super.gitAndTools // {
inherit (self) diff-so-fancy;
}

View file

@ -0,0 +1,13 @@
self: super:
super.input-fonts.overrideAttrs (old: rec {
src = self.fetchzip {
url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip";
sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr";
stripRoot = false;
};
sourceRoot = null;
outputHash = null;
outputHashAlgo = null;
outputHashMode = null;
})

View file

@ -1,47 +0,0 @@
{ fetchPypi
, lib
, buildPythonPackage
, pythonOlder
, attrs
, click
, effect
, jinja2
, git
, pytestCheckHook
, pytest-black
, pytestcov
, pytest-isort
}:
buildPythonPackage rec {
pname = "nix-prefetch-github";
version = "3.0";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-EN+EbVXUaf+id5UsK4EBm/9k9FYaH79g08kblvW60XA=";
};
propagatedBuildInputs = [
attrs
click
effect
jinja2
];
checkInputs = [ pytestCheckHook pytest-black pytestcov pytest-isort git ];
checkPhase = ''
pytest -m 'not network'
'';
# latest version of isort will cause tests to fail
# ignore tests which are impure
disabledTests = [ "isort" "life" "outputs" "fetch_submodules" ];
meta = with lib; {
description = "Prefetch sources from github";
homepage = "https://github.com/seppeljordan/nix-prefetch-github";
license = licenses.gpl3;
maintainers = with maintainers; [ seppeljordan ];
};
}

16
tv/5pkgs/simple/cr.nix Normal file
View file

@ -0,0 +1,16 @@
{ pkgs }:
pkgs.writeDashBin "cr" ''
set -efu
if test -n "''${XDG_RUNTIME_DIR-}"; then
cache_dir=$XDG_RUNTIME_DIR/chromium-disk-cache
else
cache_dir=/tmp/chromium-disk-cache_$LOGNAME
fi
export LC_TIME=de_DE.utf8
exec ${pkgs.chromium}/bin/chromium \
--ssl-version-min=tls1 \
--disk-cache-dir="$cache_dir" \
--disk-cache-size=50000000 \
"$@"
''

5
tv/5pkgs/simple/ff.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs }:
pkgs.writeDashBin "ff" ''
exec ${pkgs.firefoxWrapper}/bin/firefox "$@"
''