Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2022-12-13 14:51:58 +01:00
commit 248d3f592a
12 changed files with 35 additions and 46 deletions

View file

@ -151,6 +151,12 @@ in {
};
};
};
# pixel3a
telex.nets.wiregrill = {
aliases = ["telex.w"];
ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address;
};
latte = rec {
ci = true;
extraZones = {

View file

@ -0,0 +1 @@
T7Cr80dBbtPFCPdz4OS7whDlQJzn2Orclq5rLVtD+Ds=

View file

@ -110,7 +110,8 @@
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/blackbox.nix>
#<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
<stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
# TODO: alertmanager 0.24+ supports telegram
# <stockholm/krebs/2configs/shack/prometheus/alertmanager-telegram.nix>
];
krebs.build.host = config.krebs.hosts.puyak;

View file

@ -1,17 +0,0 @@
{ pkgs, ...}:
{
systemd.services.alertmanager-bot-telegram = {
wantedBy = [ "multi-user.target" ];
after = [ "ip-up.target" ];
serviceConfig = {
EnvironmentFile = toString <secrets/shack/telegram_bot.env>;
DynamicUser = true;
StateDirectory = "alertbot";
ExecStart = ''${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
--alertmanager.url=http://alert.prometheus.shack --log.level=info \
--store=bolt --bolt.path=/var/lib/alertbot/bot.db \
--listen.addr="0.0.0.0:16320" \
--template.paths=${./templates}/shack.tmpl'';
};
};
}

View file

@ -1,17 +1,17 @@
{ fetchurl, lib, stdenv
, libxcrypt
, pam
, linux-pam
, wordset-file ? null, # set your own wordset-file
}:
stdenv.mkDerivation rec {
name = "passwdqc-utils-${version}";
version = "1.3.0";
buildInputs = [ libxcrypt pam ];
pname = "passwdqc-utils";
version = "2.0.2";
buildInputs = [ libxcrypt linux-pam ];
src = fetchurl {
url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
hash = "sha256-/x9QV2TAIPakSEseDMT9vy4/cbUikm2QtHCRBMoGBKs=";
};
buildTargets = "utils";

View file

@ -43,16 +43,13 @@ in {
services.logrotate = {
enable = true;
config = ''
${bgtaccess} ${bgterror} {
rotate 5
weekly
create 600 nginx nginx
postrotate
${pkgs.systemd}/bin/systemctl reload nginx
endscript
}
'';
settings.bgt = {
files = [ bgtaccess bgterror ];
rotate = 5;
frequency = "weekly";
create = "600 nginx nginx";
postrotate = "${pkgs.systemd}/bin/systemctl reload nginx";
};
};
# 20.09 unharden nginx to write logs

View file

@ -11,7 +11,7 @@ with import <stockholm/lib>;
./editor/vim.nix
./binary-cache/nixos.nix
./minimal.nix
./security/hotfix.nix
# ./security/hotfix.nix
];
# users are super important

View file

@ -1,4 +1,9 @@
{
{pkgs, config, ... }:
let
user = config.krebs.build.user.name;
window-manager = "awesome";
in
{
systemd.services.look-up = {
startAt = "*:30";
serviceConfig = {

View file

@ -1,4 +0,0 @@
{ pkgs, lib,... }: {
# https://github.com/berdav/CVE-2021-4034
security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
}

View file

@ -2,19 +2,19 @@
}:
stdenv.mkDerivation rec {
name = "pkgrename";
version = "1.03";
version = "1.05";
src = fetchFromGitHub {
owner = "hippie68";
repo = "pkgrename";
rev = "c3e5c47ed9367273bd09577af46d3d9bf87b2a50";
rev = "c7c95f0ea49324433db4a7df8db8b0905198e62e";
sha256 = "0cphxdpj04h1i0qf5mji3xqdsbyilvd5b4gwp4vx914r6k5f0xf3";
};
buildInputs = [ curl.dev ];
buildPhase = ''
cd pkgrename.c
gcc pkgrename.c src/*.c -o pkgrename -lcurl -s -O1 $(curl-config --cflags --libs)
$CC pkgrename.c src/*.c -o pkgrename -s -O3 $(curl-config --cflags --libs) -Wl,--allow-multiple-definition
'';
installPhase = ''
install -D pkgrename $out/bin/pkgrename

View file

@ -11,7 +11,7 @@ buildGoModule rec {
};
proxyVendor = true;
vendorSha256 = "sha256-AOtWR7Ew+0I7+TrMZOCxOKGCv+mlvcqy9s+gX2JKwnE=";
vendorSha256 = "sha256-tCSwyusVstEkz2pXYGX5JmS+VgqErSPtnh4LomaaFcE=";
# tests try to access the internet to scrape websites
doCheck = false;

View file

@ -75,20 +75,20 @@
(lib.mkIf ( host-src.hw ) {
nixos-hardware.git = {
url = https://github.com/nixos/nixos-hardware.git;
ref = "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1";
ref = "9d87bc030a0bf3f00e953dbf095a7d8e852dab6b";
};
})
(lib.mkIf ( host-src.nix-ld ) {
nix-ld.git = {
url = https://github.com/Mic92/nix-ld.git;
ref = "c25cc4b";
ref = "7d251c0c5adf6b9b003499243be257d0f130b3d6";
};
})
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
ref = "1de492f";
ref = "054d9e3187ca00479e8036dc0e92900a384f30fd";
};
})
];