Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
077a6a6991
53
doc/Commit_Messages_Guideline.md
Normal file
53
doc/Commit_Messages_Guideline.md
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
# Commit Messages Guideline
|
||||||
|
|
||||||
|
Commits SHOULD have the following format:
|
||||||
|
|
||||||
|
```
|
||||||
|
<namespace?> <component>: <change>
|
||||||
|
|
||||||
|
<rationale>
|
||||||
|
|
||||||
|
(<reference-name>: <reference-id>)?
|
||||||
|
```
|
||||||
|
|
||||||
|
## `<namespace>`
|
||||||
|
Defines where the change took place. This can be omitted if the
|
||||||
|
namespace is `krebs`. Namespaces may be shortened to one to four characters (
|
||||||
|
lassulus -> lass, makefu -> make, tv -> tv, shared -> sha)
|
||||||
|
|
||||||
|
## `<component>`
|
||||||
|
Name of the component which was touched. `component` is
|
||||||
|
rather fuzzy and may mean different things, just choose what would fit best.
|
||||||
|
|
||||||
|
Here are a numbers of samples for defining the component:
|
||||||
|
|
||||||
|
* Change `gum` in `krebs/3modules/makefu/default.nix`: `gum.r: change ip`
|
||||||
|
* Change `prepare.sh` in `krebs/4libs/infest`: `infest: prepare stockholm ISO`
|
||||||
|
* Remove `concat` in `krebs/5pkgs`: `concat: RIP`, this commit may like some `<rationale>`
|
||||||
|
* Update `types` in `krebs/3modules`: `lib/types: add managed bool to host type`
|
||||||
|
* Change host `gum` in `makefu/1systems/gum`: `ma gum.r: add taskserver`
|
||||||
|
* Change `tinc` module in `krebs/3modules`: `tinc module: add option enableLegacy`
|
||||||
|
|
||||||
|
## `<rationale>`
|
||||||
|
Describe some trivia why the commit was done:
|
||||||
|
```
|
||||||
|
whatsupnix: init
|
||||||
|
|
||||||
|
Import from https://github.com/NixOS/nix/issues/443#issuecomment-296752535
|
||||||
|
```
|
||||||
|
|
||||||
|
## `<reference>`
|
||||||
|
Defines external resouces related to the commit:
|
||||||
|
```
|
||||||
|
Closes: #123533
|
||||||
|
CVE: CVE-2016-00001
|
||||||
|
URL: https://example.com/CVE-2016-00001
|
||||||
|
```
|
||||||
|
|
||||||
|
## Remarks
|
||||||
|
As a general rule of thumb you can check out: https://www.slideshare.net/TarinGamberini/commit-messages-goodpractices
|
||||||
|
Of course the pattern not always fits perfectly (for example for refactoring),
|
||||||
|
just apply some common sense and define a useful commit message,
|
||||||
|
like `refactor krebs.setuid`.
|
||||||
|
|
||||||
|
|
17
doc/makefu/logbook/install_fileleech.md
Normal file
17
doc/makefu/logbook/install_fileleech.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# install fileleech
|
||||||
|
|
||||||
|
```
|
||||||
|
builder$ python3 host.py --create-ssh-keys --create-passwords fileleech
|
||||||
|
iso$ fdisk /dev/sda # 3 partitions, grub,boot,crypt
|
||||||
|
iso$ cryptsetup luksFormat /dev/sda3 --cipher aes-xts-plain64 -s 512 -h sha512
|
||||||
|
iso$ cryptsetup luksAddKey /dev/sda3 hddkey
|
||||||
|
iso$ cryptsetup luksOpen --keyfile-size=4096 -d /dev/disk/by-id/usb-Intuix_DiskOnKey_09A07360336198F8-0:0 /dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3 luksroot
|
||||||
|
iso$ mkfs.ext4 -Lnixboot /dev/sda2
|
||||||
|
iso$ mkfs.ext4 -Lroot /dev/mapper/luksroot
|
||||||
|
iso$ echo 1 > /proc/sys/net/ipv6/conf/enp8s0f0/disable_ipv6
|
||||||
|
iso$ mount /dev/mapper/luksroot /mnt
|
||||||
|
iso$ mkdir /mnt/boot
|
||||||
|
iso$ mount /dev/sda2 /mnt/boot
|
||||||
|
iso$ mkdir -p /mnt/var/src
|
||||||
|
iso$ touch /mnt/var/src/.populate
|
||||||
|
```
|
16
doc/makefu/logbook/transfer_gum.md
Normal file
16
doc/makefu/logbook/transfer_gum.md
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# transfer gum to new hosts
|
||||||
|
|
||||||
|
```
|
||||||
|
builder$ vim krebs/3modules/makefu/default.nix
|
||||||
|
## update ip
|
||||||
|
builder$ vim makefu/1systems/gum.nix
|
||||||
|
## update hardware config
|
||||||
|
|
||||||
|
old-gum$ rsync --progress -lprtvzF . <newip>:/mnt/
|
||||||
|
|
||||||
|
new-gum$ touch /mnt/var/src/.populate
|
||||||
|
new-gum$ gdisk /dev/sda r;g;w # gpt to mbr
|
||||||
|
|
||||||
|
builder$ make -C ~/stockholm system=gum target=vcygfnhdxyxr47zu.onion install
|
||||||
|
|
||||||
|
```
|
|
@ -36,14 +36,7 @@ prepare() {(
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
nixos)
|
nixos|stockholm)
|
||||||
case $(cat /proc/cmdline) in
|
|
||||||
*' root=LABEL=NIXOS_ISO '*)
|
|
||||||
prepare_nixos_iso "$@"
|
|
||||||
exit
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
stockholm)
|
|
||||||
case $(cat /proc/cmdline) in
|
case $(cat /proc/cmdline) in
|
||||||
*' root=LABEL=NIXOS_ISO '*)
|
*' root=LABEL=NIXOS_ISO '*)
|
||||||
prepare_nixos_iso "$@"
|
prepare_nixos_iso "$@"
|
||||||
|
@ -102,7 +95,8 @@ prepare_nixos_iso() {
|
||||||
mkdir -p bin
|
mkdir -p bin
|
||||||
rm -f bin/nixos-install
|
rm -f bin/nixos-install
|
||||||
cp "$(type -p nixos-install)" bin/nixos-install
|
cp "$(type -p nixos-install)" bin/nixos-install
|
||||||
sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
|
sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
get_nixos_install() {
|
get_nixos_install() {
|
||||||
|
@ -217,7 +211,7 @@ prepare_common() {(
|
||||||
mkdir -p bin
|
mkdir -p bin
|
||||||
rm -f bin/nixos-install
|
rm -f bin/nixos-install
|
||||||
cp "$(type -p nixos-install)" bin/nixos-install
|
cp "$(type -p nixos-install)" bin/nixos-install
|
||||||
sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install
|
sed -i 's@^\(\(export \|\)NIX_PATH\)=\"[^\"]*\"@\1=$target_path@' bin/nixos-install
|
||||||
|
|
||||||
if ! grep -q '^PATH.*#krebs' .bashrc; then
|
if ! grep -q '^PATH.*#krebs' .bashrc; then
|
||||||
echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc
|
echo '. /root/.nix-profile/etc/profile.d/nix.sh' >> .bashrc
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
{
|
{
|
||||||
krebs.build.source.nixpkgs.git = {
|
krebs.build.source.nixpkgs.git = {
|
||||||
url = https://cgit.lassul.us/nixpkgs;
|
url = https://cgit.lassul.us/nixpkgs;
|
||||||
ref = "4847963";
|
ref = "0a4db15";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,13 +9,21 @@
|
||||||
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
|
(toString <nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>)
|
||||||
../2configs/main-laptop.nix #< base-gui
|
../2configs/main-laptop.nix #< base-gui
|
||||||
|
|
||||||
|
# Tools
|
||||||
|
../2configs/tools/core.nix
|
||||||
|
../2configs/tools/core-gui.nix
|
||||||
|
../2configs/tools/dev.nix
|
||||||
|
../2configs/tools/extra-gui.nix
|
||||||
|
../2configs/tools/sec.nix
|
||||||
|
|
||||||
# environment
|
# environment
|
||||||
../2configs/tinc/retiolum.nix
|
../2configs/tinc/retiolum.nix
|
||||||
|
|
||||||
|
../2configs/audio/jack-on-pulse.nix
|
||||||
|
../2configs/audio/realtime-audio.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
|
networking.extraHosts = import (toString <secrets/extra-hosts.nix>);
|
||||||
# workaround for https://github.com/NixOS/nixpkgs/issues/16641
|
|
||||||
services.xserver.videoDrivers = lib.mkOverride 45 [ "virtualbox" "modesetting" ];
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
fileSystems."/nix" = {
|
fileSystems."/nix" = {
|
||||||
|
|
|
@ -13,59 +13,49 @@ with import <stockholm/lib>;
|
||||||
../2configs/tools/all.nix
|
../2configs/tools/all.nix
|
||||||
../2configs/laptop-backup.nix
|
../2configs/laptop-backup.nix
|
||||||
../2configs/dnscrypt.nix
|
../2configs/dnscrypt.nix
|
||||||
|
../2configs/avahi.nix
|
||||||
|
|
||||||
# testing
|
# Debugging
|
||||||
# ../2configs/openvpn/vpngate.nix
|
# ../2configs/disable_v6.nix
|
||||||
#../2configs/temp/share-samba.nix
|
|
||||||
# ../2configs/mediawiki.nix
|
|
||||||
# ../2configs/wordpress.nix
|
|
||||||
# ../2configs/nginx/public_html.nix
|
|
||||||
# ../2configs/nginx/icecult.nix
|
|
||||||
|
|
||||||
# ../2configs/elchos/irc-token.nix
|
|
||||||
# ../2configs/elchos/log.nix
|
|
||||||
|
|
||||||
#../2configs/elchos/search.nix
|
|
||||||
#../2configs/elchos/stats.nix
|
|
||||||
#../2configs/elchos/test/ftpservers.nix
|
|
||||||
|
|
||||||
# ../2configs/tinc/siem.nix
|
|
||||||
#../2configs/torrent.nix
|
|
||||||
# temporary modules
|
|
||||||
|
|
||||||
# ../2configs/torrent.nix
|
|
||||||
#../2configs/temp/elkstack.nix
|
|
||||||
# ../2configs/temp/sabnzbd.nix
|
|
||||||
|
|
||||||
|
# Testing
|
||||||
|
# ../2configs/deployment/dirctator.nix
|
||||||
|
# ../2configs/vncserver.nix
|
||||||
|
# ../2configs/deployment/led-fader
|
||||||
|
# ../2configs/deployment/hound
|
||||||
|
|
||||||
# development
|
# development
|
||||||
../2configs/sources
|
../2configs/sources
|
||||||
|
|
||||||
# Krebs
|
# Krebs
|
||||||
# ../2configs/disable_v6.nix
|
|
||||||
../2configs/tinc/retiolum.nix
|
../2configs/tinc/retiolum.nix
|
||||||
|
|
||||||
# applications
|
# applications
|
||||||
../2configs/exim-retiolum.nix
|
../2configs/exim-retiolum.nix
|
||||||
../2configs/mail-client.nix
|
../2configs/mail-client.nix
|
||||||
../2configs/printer.nix
|
../2configs/printer.nix
|
||||||
../2configs/virtualization.nix
|
../2configs/task-client.nix
|
||||||
../2configs/virtualization-virtualbox.nix
|
|
||||||
../2configs/wwan.nix
|
|
||||||
../2configs/rad1o.nix
|
|
||||||
|
|
||||||
# services
|
# Virtualization
|
||||||
|
../2configs/virtualization.nix
|
||||||
|
../2configs/docker.nix
|
||||||
|
../2configs/virtualization-virtualbox.nix
|
||||||
|
|
||||||
|
# Services
|
||||||
../2configs/git/brain-retiolum.nix
|
../2configs/git/brain-retiolum.nix
|
||||||
../2configs/tor.nix
|
../2configs/tor.nix
|
||||||
../2configs/steam.nix
|
../2configs/steam.nix
|
||||||
# ../2configs/buildbot-standalone.nix
|
# ../2configs/buildbot-standalone.nix
|
||||||
|
|
||||||
# hardware specifics are in here
|
# Hardware
|
||||||
../2configs/hw/tp-x230.nix
|
../2configs/hw/tp-x230.nix
|
||||||
../2configs/hw/rtl8812au.nix
|
../2configs/hw/rtl8812au.nix
|
||||||
../2configs/hw/stk1160.nix
|
../2configs/hw/exfat-nofuse.nix
|
||||||
|
../2configs/hw/wwan.nix
|
||||||
|
# ../2configs/hw/stk1160.nix
|
||||||
|
# ../2configs/rad1o.nix
|
||||||
|
|
||||||
# mount points
|
# Filesystem
|
||||||
../2configs/fs/sda-crypto-root-home.nix
|
../2configs/fs/sda-crypto-root-home.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
|
@ -76,10 +66,8 @@ with import <stockholm/lib>;
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
|
||||||
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
environment.systemPackages = [ pkgs.passwdqc-utils ];
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
|
||||||
|
|
||||||
# configure pulseAudio to provide a HDMI sink as well
|
# configure pulseAudio to provide a HDMI sink as well
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
|
|
|
@ -11,7 +11,10 @@ in
|
||||||
package = pulse;
|
package = pulse;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ jack2Full ];
|
environment.systemPackages = with pkgs; [
|
||||||
|
jack2Full
|
||||||
|
jack_capture
|
||||||
|
];
|
||||||
# from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html
|
# from http://anderspapitto.com/posts/2015-11-26-overtone-on-nixos-with-jack-and-pulseaudio.html
|
||||||
|
|
||||||
systemd.user.services = {
|
systemd.user.services = {
|
||||||
|
|
|
@ -10,7 +10,7 @@ in
|
||||||
musnix.enable = true;
|
musnix.enable = true;
|
||||||
musnix.kernel.optimize = true;
|
musnix.kernel.optimize = true;
|
||||||
musnix.kernel.realtime = true;
|
musnix.kernel.realtime = true;
|
||||||
# TODO: musnix.kernel.packages = pkgs.linuxPackages_latest_rt;
|
musnix.kernel.packages = pkgs.linuxPackages_latest_rt;
|
||||||
|
|
||||||
users.users."${user}".extraGroups = [ "audio" ];
|
users.users."${user}".extraGroups = [ "audio" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,10 @@ in {
|
||||||
stdout { codec => rubydebug }
|
stdout { codec => rubydebug }
|
||||||
exec { command => "${runit} '%{message}" }
|
exec { command => "${runit} '%{message}" }
|
||||||
'';
|
'';
|
||||||
plugins = [ ];
|
extraSettings = ''
|
||||||
|
path.plugins: [ "${pkgs.logstash-output-exec}" ]
|
||||||
|
'';
|
||||||
|
## NameError: `@path.plugins' is not allowable as an instance variable name
|
||||||
|
# plugins = [ pkgs.logstash-output-exec ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,6 +31,7 @@ in {
|
||||||
};
|
};
|
||||||
# after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
|
# after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
# User = "nobody"; # need a user with permissions to run nix-shell
|
# User = "nobody"; # need a user with permissions to run nix-shell
|
||||||
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
|
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json";
|
||||||
|
|
4
makefu/2configs/docker.nix
Normal file
4
makefu/2configs/docker.nix
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
{...}:
|
||||||
|
{
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
}
|
4
makefu/2configs/hw/exfat-nofuse.nix
Normal file
4
makefu/2configs/hw/exfat-nofuse.nix
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
|
||||||
|
}
|
|
@ -1,9 +1,8 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
# TODO: un-pin linuxPackages somehow
|
# TODO: un-pin linuxPackages somehow
|
||||||
boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages_4_9;
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
linux_4_9 = pkgs.linux_4_9.override {
|
linux_latest = pkgs.linux_latest.override {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
MEDIA_ANALOG_TV_SUPPORT y
|
MEDIA_ANALOG_TV_SUPPORT y
|
||||||
VIDEO_STK1160_COMMON m
|
VIDEO_STK1160_COMMON m
|
||||||
|
|
55
makefu/2configs/lanparty/lancache-dns.nix
Normal file
55
makefu/2configs/lanparty/lancache-dns.nix
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
# see https://github.com/zeropingheroes/lancache for full docs
|
||||||
|
lancache-dns = pkgs.stdenv.mkDerivation rec {
|
||||||
|
name = "lancache-dns-2017-06-28";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
# forked: https://github.com/zeropingheroes/lancache-dns
|
||||||
|
repo = "lancache-dns";
|
||||||
|
owner = "zeropingheroes";
|
||||||
|
rev = "420aa62";
|
||||||
|
sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m";
|
||||||
|
};
|
||||||
|
phases = [ "unpackPhase" "installPhase" ];
|
||||||
|
# here we can chance to edit `includes/proxy-cache-paths.conf`
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
cp -r * $out/
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
stateDir = "/var/lib/unbound";
|
||||||
|
user = "unbound";
|
||||||
|
upstream-server = "8.8.8.8";
|
||||||
|
in {
|
||||||
|
services.unbound = {
|
||||||
|
enable = true;
|
||||||
|
allowedAccess = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ];
|
||||||
|
interfaces = ["0.0.0.0" "::" ];
|
||||||
|
forwardAddresses = [ upstream-server ];
|
||||||
|
extraConfig = ''
|
||||||
|
include: "${stateDir}/lancache/*.conf"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.dnscrypt-proxy.enable = lib.mkForce false;
|
||||||
|
virtualisation.libvirtd.enable = lib.mkForce false;
|
||||||
|
systemd.services.dns-lancache-prepare = {
|
||||||
|
wantedBy = [ "unbound.service" ];
|
||||||
|
before = [ "unbound.service" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
|
partOf= [ "unbound.service" ];
|
||||||
|
|
||||||
|
path = [ pkgs.gawk pkgs.iproute pkgs.gnused ];
|
||||||
|
script = ''
|
||||||
|
set -xeu
|
||||||
|
current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
|
||||||
|
old_ip=10.1.1.250
|
||||||
|
mkdir -p ${stateDir}
|
||||||
|
rm -rvf ${stateDir}/lancache
|
||||||
|
cp -r ${lancache-dns}/upstreams-available ${stateDir}/lancache
|
||||||
|
sed -i "s/$old_ip/$current_ip/g" ${stateDir}/lancache/*.conf
|
||||||
|
chown -R unbound ${stateDir}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||||
|
}
|
73
makefu/2configs/lanparty/lancache.nix
Normal file
73
makefu/2configs/lanparty/lancache.nix
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
# see https://github.com/zeropingheroes/lancache for full docs
|
||||||
|
lancache= pkgs.stdenv.mkDerivation rec {
|
||||||
|
name = "lancache-2017-06-26";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
# origin: https://github.com/multiplay/lancache
|
||||||
|
# forked: https://github.com/zeropingheroes/lancache
|
||||||
|
repo = "lancache";
|
||||||
|
owner = "zeropingheroes";
|
||||||
|
rev = "143f7bb";
|
||||||
|
sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6";
|
||||||
|
};
|
||||||
|
phases = [ "unpackPhase" "installPhase" ];
|
||||||
|
# here we can chance to edit `includes/proxy-cache-paths.conf`
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
cp -r * $out/
|
||||||
|
sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \
|
||||||
|
-e '1 idaemon off;' \
|
||||||
|
$out/nginx.conf
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
cfg = {
|
||||||
|
group = "nginx-lancache";
|
||||||
|
user = "nginx-lancache";
|
||||||
|
statedir = "/var/lancache";
|
||||||
|
package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{
|
||||||
|
configureFlags = old.configureFlags ++ [
|
||||||
|
"--with-http_slice_module"
|
||||||
|
"--with-stream"
|
||||||
|
"--with-pcre"
|
||||||
|
];
|
||||||
|
});
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
systemd.services.nginx-lancache = {
|
||||||
|
description = "Nginx lancache Server";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
restartIfChanged = true;
|
||||||
|
|
||||||
|
preStart = ''
|
||||||
|
mkdir -p ${cfg.statedir} && cd ${cfg.statedir}
|
||||||
|
PATH_CACHE=$PATH_BASE/cache
|
||||||
|
PATH_LOGS=$PATH_BASE/logs
|
||||||
|
|
||||||
|
mkdir -p cache/{installers,tmp} logs
|
||||||
|
rm -f conf; ln -s ${lancache} conf
|
||||||
|
chown -R ${cfg.user}:${cfg.group} .
|
||||||
|
'';
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}";
|
||||||
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "10s";
|
||||||
|
StartLimitInterval = "1min";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environment.etc.nginx.source = lancache;
|
||||||
|
users.extraUsers = (singleton
|
||||||
|
{ name = cfg.user;
|
||||||
|
group = cfg.group;
|
||||||
|
uid = genid cfg.group;
|
||||||
|
});
|
||||||
|
|
||||||
|
users.extraGroups = (singleton
|
||||||
|
{ name = "${cfg.group}";
|
||||||
|
gid = genid cfg.group;
|
||||||
|
});
|
||||||
|
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
krebs.build.source.musnix.git = {
|
krebs.build.source.musnix.git = {
|
||||||
url = https://github.com/musnix/musnix.git;
|
url = https://github.com/musnix/musnix.git;
|
||||||
ref = "37a8378";
|
ref = "f0ec1f3";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
14
makefu/2configs/task-client.nix
Normal file
14
makefu/2configs/task-client.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
krebs.per-user.makefu.packages = [
|
||||||
|
pkgs.taskwarrior
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.shellAliases = {
|
||||||
|
tshack = "task project:shack";
|
||||||
|
twork = "task project:soc";
|
||||||
|
tpki = "task project:pki";
|
||||||
|
tkrebs = "task project:krebs";
|
||||||
|
t = "task project: ";
|
||||||
|
};
|
||||||
|
}
|
|
@ -12,5 +12,7 @@
|
||||||
cac-api
|
cac-api
|
||||||
cac-panel
|
cac-panel
|
||||||
ovh-zone
|
ovh-zone
|
||||||
|
whatsupnix
|
||||||
|
brain
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,13 +2,16 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
krebs.per-user.makefu.packages = with pkgs;[
|
krebs.per-user.makefu.packages = with pkgs;[
|
||||||
|
# media
|
||||||
gimp
|
gimp
|
||||||
inkscape
|
inkscape
|
||||||
libreoffice
|
libreoffice
|
||||||
saleae-logic
|
|
||||||
skype
|
skype
|
||||||
synergy
|
synergy
|
||||||
tdesktop
|
tdesktop
|
||||||
virtmanager
|
virtmanager
|
||||||
|
# Dev
|
||||||
|
saleae-logic
|
||||||
|
arduino-user-env
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
35
makefu/5pkgs/arduino-user-env/default.nix
Normal file
35
makefu/5pkgs/arduino-user-env/default.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{ lib, pkgs, ... }: let
|
||||||
|
|
||||||
|
#TODO: make sure env exists prior to running
|
||||||
|
env_nix = pkgs.writeText "env.nix" ''
|
||||||
|
{ pkgs ? import <nixpkgs> {} }:
|
||||||
|
|
||||||
|
(pkgs.buildFHSUserEnv {
|
||||||
|
name = "arduino-user-env";
|
||||||
|
targetPkgs = pkgs: with pkgs; [
|
||||||
|
coreutils
|
||||||
|
];
|
||||||
|
multiPkgs = pkgs: with pkgs; [
|
||||||
|
arduino
|
||||||
|
alsaLib
|
||||||
|
zlib
|
||||||
|
xorg.libXxf86vm
|
||||||
|
curl
|
||||||
|
openal
|
||||||
|
openssl_1_0_2
|
||||||
|
xorg.libXext
|
||||||
|
xorg.libX11
|
||||||
|
xorg.libXrandr
|
||||||
|
xorg.libXcursor
|
||||||
|
xorg.libXinerama
|
||||||
|
xorg.libXi
|
||||||
|
mesa_glu
|
||||||
|
];
|
||||||
|
runScript = "zsh";
|
||||||
|
}).env
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
in pkgs.writeDashBin "arduino-user-env" ''
|
||||||
|
nix-shell ${env_nix}
|
||||||
|
''
|
Loading…
Reference in a new issue