From 6dc6b9037886ca56b4216672766e8ee4fd31a197 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 16 Oct 2016 20:14:44 +0200 Subject: [PATCH 01/27] tv URxvt.saveLines: 4096 --- tv/2configs/xserver/Xresources.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/xserver/Xresources.nix b/tv/2configs/xserver/Xresources.nix index f9af89c7e..ad41f3a94 100644 --- a/tv/2configs/xserver/Xresources.nix +++ b/tv/2configs/xserver/Xresources.nix @@ -207,6 +207,7 @@ pkgs.writeText "Xresources" /* xdefaults */ '' URxvt*url-select.underline: true URxvt*colorUL: #4682B4 URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl + URxvt.saveLines: 4096 root-urxvt*background: #230000 root-urxvt*foreground: #e0c0c0 From 91d6bd66f4d50d47692f55c16bfb14bdf4837520 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 20 Oct 2016 19:42:30 +0200 Subject: [PATCH 02/27] tv nixpkgs: 354fd37 -> b8ede35 --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 442d7370a..abc657ec0 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with config.krebs.lib; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "354fd3728952c229fee4f2924737c601d7ab4725"; + ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From 844d347ce7cf0b7646e9ecba3fbdc0b90e608501 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 20 Oct 2016 20:21:59 +0200 Subject: [PATCH 03/27] lib: import bulk of krebs/4lib --- krebs/4lib/default.nix | 59 ----------------------------------- krebs/4lib/tree.nix | 13 -------- lib/default.nix | 36 ++++++++++++++++++++- {krebs/4lib => lib}/genid.nix | 0 {krebs/4lib => lib}/git.nix | 0 {krebs/4lib => lib}/types.nix | 27 +++++++++++----- 6 files changed, 55 insertions(+), 80 deletions(-) delete mode 100644 krebs/4lib/default.nix delete mode 100644 krebs/4lib/tree.nix rename {krebs/4lib => lib}/genid.nix (100%) rename {krebs/4lib => lib}/git.nix (100%) rename {krebs/4lib => lib}/types.nix (94%) diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix deleted file mode 100644 index c40b9a868..000000000 --- a/krebs/4lib/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -_: - -let - lib = import ; -in - -with lib; - -let out = lib // rec { - - guard = spec@{ type, value, ... }: - assert isOptionType type; - if type.check value - then value - else throw (toString (filter isString [ - "argument" - (if spec ? name then "‘${spec.name}’" else null) - "is not a ${type.name}" - ])); - - types = import ./types.nix { - lib = lib // { inherit genid optionalTrace; }; - }; - - genid = import ./genid.nix { lib = lib // out; }; - genid_signed = x: ((genid x) + 16777216) / 2; - git = import ./git.nix { lib = lib // out; }; - tree = import ./tree.nix { inherit lib; }; - - lpad = n: c: s: - if stringLength s < n - then lpad n c (c + s) - else s; - - toC = x: let - type = typeOf x; - reject = throw "cannot convert ${type}"; - in { - list = "{ ${concatStringsSep ", " (map toC x)} }"; - null = "NULL"; - set = if isDerivation x then toJSON x else reject; - string = toJSON x; # close enough - }.${type} or reject; - - subdirsOf = path: - mapAttrs (name: _: path + "/${name}") - (filterAttrs (_: eq "directory") (readDir path)); - - genAttrs' = names: f: listToAttrs (map f names); - - getAttrs = names: set: - listToAttrs (map (name: nameValuePair name set.${name}) - (filter (flip hasAttr set) names)); - - setAttr = name: value: set: set // { ${name} = value; }; - - optionalTrace = c: msg: x: if c then trace msg x else x; - -}; in out diff --git a/krebs/4lib/tree.nix b/krebs/4lib/tree.nix deleted file mode 100644 index 1cd83b3f6..000000000 --- a/krebs/4lib/tree.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, ... }: - -with lib; - -rec { - # tree k v = set k (either v (tree k v)) - - # get : [k] -> tree k v -> v - get = path: tree: - if length path > 0 - then get (tail path) tree.${head path} # TODO check if elem exists - else tree; -} diff --git a/lib/default.nix b/lib/default.nix index 1f5010853..2b12fa4bf 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,10 +1,44 @@ let - lib = import // builtins // { + nixpkgs-lib = import ; + lib = with lib; nixpkgs-lib // builtins // { + git = import ./git.nix { inherit lib; }; shell = import ./shell.nix { inherit lib; }; + types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; eq = x: y: x == y; ne = x: y: x != y; mod = x: y: x - y * (x / y); + + genid = import ./genid.nix { inherit lib; }; + genid_signed = x: ((lib.genid x) + 16777216) / 2; + + lpad = n: c: s: + if lib.stringLength s < n + then lib.lpad n c (c + s) + else s; + + subdirsOf = path: + lib.mapAttrs (name: _: path + "/${name}") + (filterAttrs (_: eq "directory") (readDir path)); + + genAttrs' = names: f: listToAttrs (map f names); + + getAttrs = names: set: + listToAttrs (map (name: nameValuePair name set.${name}) + (filter (flip hasAttr set) names)); + + setAttr = name: value: set: set // { ${name} = value; }; + + toC = x: let + type = typeOf x; + reject = throw "cannot convert ${type}"; + in { + list = "{ ${concatStringsSep ", " (map toC x)} }"; + null = "NULL"; + set = if isDerivation x then toJSON x else reject; + string = toJSON x; # close enough + }.${type} or reject; + }; in diff --git a/krebs/4lib/genid.nix b/lib/genid.nix similarity index 100% rename from krebs/4lib/genid.nix rename to lib/genid.nix diff --git a/krebs/4lib/git.nix b/lib/git.nix similarity index 100% rename from krebs/4lib/git.nix rename to lib/git.nix diff --git a/krebs/4lib/types.nix b/lib/types.nix similarity index 94% rename from krebs/4lib/types.nix rename to lib/types.nix index 8d6ace2e5..edd48c35b 100644 --- a/krebs/4lib/types.nix +++ b/lib/types.nix @@ -1,10 +1,16 @@ { lib, ... }: -with builtins; -with lib; -with types; +let + inherit (lib) + all any concatMapStringsSep concatStringsSep const filter flip genid + hasSuffix head isInt isString length match mergeOneOption mkOption + mkOptionType optional optionalAttrs optionals range splitString + stringLength tail typeOf; + inherit (lib.types) + attrsOf bool either enum int listOf nullOr path str string submodule; +in -types // rec { +rec { host = submodule ({ config, ... }: { options = { @@ -20,6 +26,11 @@ types // rec { default = {}; }; + binary-cache.pubkey = mkOption { + type = nullOr binary-cache-pubkey; + default = null; + }; + owner = mkOption { type = user; }; @@ -27,7 +38,7 @@ types // rec { extraZones = mkOption { default = {}; # TODO: string is either MX, NS, A or AAAA - type = with types; attrsOf string; + type = attrsOf string; }; secure = mkOption { @@ -331,6 +342,8 @@ types // rec { merge = mergeOneOption; }; + binary-cache-pubkey = str; + pgp-pubkey = str; ssh-pubkey = str; @@ -356,7 +369,7 @@ types // rec { tinc-pubkey = str; - krebs.file-location = types.submodule { + krebs.file-location = submodule { options = { # TODO user host = mkOption { @@ -364,7 +377,7 @@ types // rec { }; # TODO merge with ssl.privkey.path path = mkOption { - type = types.either types.path types.str; + type = either path str; apply = x: { path = toString x; string = x; From 4a6fbbbe503e32096a30a07c3ee51d3524057b8e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 20 Oct 2016 20:26:15 +0200 Subject: [PATCH 04/27] krebs.lib: use --- krebs/3modules/lib.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lib.nix b/krebs/3modules/lib.nix index ccd6a6afa..1b812366e 100644 --- a/krebs/3modules/lib.nix +++ b/krebs/3modules/lib.nix @@ -10,6 +10,6 @@ let type = types.attrs; }; imp = { - krebs.lib = lib // import ../4lib { inherit config lib; } // builtins; + krebs.lib = import ; }; in out From f47bab7f710b7c8a282c3a3c38affc8a0bc30cc9 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 20 Oct 2016 20:54:38 +0200 Subject: [PATCH 05/27] drop config.krebs.lib --- krebs/3modules/Reaktor.nix | 2 +- krebs/3modules/apt-cacher-ng.nix | 2 +- krebs/3modules/backup.nix | 2 +- krebs/3modules/bepasty-server.nix | 2 +- krebs/3modules/build.nix | 2 +- krebs/3modules/buildbot/master.nix | 2 +- krebs/3modules/buildbot/slave.nix | 2 +- krebs/3modules/current.nix | 2 +- krebs/3modules/default.nix | 3 +-- krebs/3modules/exim-retiolum.nix | 2 +- krebs/3modules/exim-smarthost.nix | 2 +- krebs/3modules/exim.nix | 2 +- krebs/3modules/fetchWallpaper.nix | 2 +- krebs/3modules/git.nix | 4 ++-- krebs/3modules/github-hosts-sync.nix | 2 +- krebs/3modules/go.nix | 2 +- krebs/3modules/lass/default.nix | 2 +- krebs/3modules/lib.nix | 15 --------------- krebs/3modules/makefu/default.nix | 2 +- krebs/3modules/mv/default.nix | 2 +- krebs/3modules/nginx.nix | 2 +- krebs/3modules/nixpkgs.nix | 2 +- krebs/3modules/on-failure.nix | 2 +- krebs/3modules/os-release.nix | 2 +- krebs/3modules/per-user.nix | 2 +- krebs/3modules/power-action.nix | 2 +- krebs/3modules/realwallpaper.nix | 2 +- krebs/3modules/repo-sync.nix | 2 +- krebs/3modules/retiolum-bootstrap.nix | 2 +- krebs/3modules/retiolum.nix | 2 +- krebs/3modules/rtorrent.nix | 2 +- krebs/3modules/secret.nix | 2 +- krebs/3modules/setuid.nix | 2 +- krebs/3modules/shared/default.nix | 2 +- krebs/3modules/tinc_graphs.nix | 2 +- krebs/3modules/tv/default.nix | 2 +- krebs/3modules/urlwatch.nix | 2 +- krebs/5pkgs/builders.nix | 2 +- krebs/5pkgs/default.nix | 2 +- krebs/default.nix | 2 +- lass/1systems/helios.nix | 2 +- lass/1systems/mors.nix | 2 +- lass/1systems/prism.nix | 2 +- lass/1systems/uriel.nix | 2 +- lass/2configs/backups.nix | 2 +- lass/2configs/browsers.nix | 2 +- lass/2configs/buildbot-standalone.nix | 2 +- lass/2configs/c-base.nix | 2 +- lass/2configs/default.nix | 2 +- lass/2configs/downloading.nix | 2 +- lass/2configs/exim-retiolum.nix | 2 +- lass/2configs/exim-smarthost.nix | 2 +- lass/2configs/gc.nix | 2 +- lass/2configs/git.nix | 2 +- lass/2configs/go.nix | 2 +- lass/2configs/hw/tp-x220.nix | 2 +- lass/2configs/libvirt.nix | 2 +- lass/2configs/pulse.nix | 2 +- lass/2configs/radio.nix | 4 ++-- lass/2configs/repo-sync.nix | 2 +- lass/2configs/skype.nix | 2 +- lass/2configs/teamviewer.nix | 2 +- lass/2configs/vim.nix | 2 +- lass/2configs/weechat.nix | 2 +- lass/2configs/xserver/Xresources.nix | 2 +- lass/2configs/xserver/default.nix | 2 +- lass/2configs/xserver/xserver.conf.nix | 2 +- lass/3modules/ejabberd/config.nix | 2 +- lass/3modules/ejabberd/default.nix | 2 +- lass/3modules/hosts.nix | 2 +- lass/3modules/owncloud_nginx.nix | 2 +- lass/3modules/static_nginx.nix | 2 +- lass/3modules/umts.nix | 2 +- lass/3modules/usershadow.nix | 2 +- lass/3modules/wordpress_nginx.nix | 2 +- makefu/1systems/darth.nix | 2 +- makefu/1systems/gum.nix | 2 +- makefu/1systems/omo.nix | 2 +- makefu/1systems/wry.nix | 2 +- makefu/2configs/backup.nix | 2 +- makefu/2configs/base-gui.nix | 2 +- makefu/2configs/bepasty-dual.nix | 2 +- makefu/2configs/collectd/collectd-base.nix | 2 +- makefu/2configs/default.nix | 2 +- .../2configs/deployment/mycube.connector.one.nix | 2 +- makefu/2configs/elchos/stats.nix | 2 +- makefu/2configs/exim-retiolum.nix | 2 +- makefu/2configs/filepimp-share.nix | 2 +- makefu/2configs/fs/cac-boot-partition.nix | 2 +- makefu/2configs/fs/sda-crypto-root-home.nix | 2 +- makefu/2configs/fs/sda-crypto-root.nix | 2 +- makefu/2configs/fs/vm-single-partition.nix | 2 +- makefu/2configs/git/brain-retiolum.nix | 2 +- makefu/2configs/git/cgit-retiolum.nix | 2 +- makefu/2configs/graphite-standalone.nix | 2 +- makefu/2configs/hw/tp-x200.nix | 2 +- makefu/2configs/hw/tp-x220.nix | 2 +- makefu/2configs/hw/tp-x2x0.nix | 2 +- makefu/2configs/mail-client.nix | 2 +- makefu/2configs/main-laptop.nix | 2 +- makefu/2configs/mattermost-docker.nix | 2 +- makefu/2configs/nginx/euer.blog.nix | 2 +- makefu/2configs/nginx/euer.test.nix | 2 +- makefu/2configs/nginx/euer.wiki.nix | 2 +- makefu/2configs/nginx/icecult.nix | 2 +- makefu/2configs/nginx/public_html.nix | 2 +- makefu/2configs/nginx/update.connector.one.nix | 2 +- makefu/2configs/omo-share.nix | 2 +- makefu/2configs/sabnzbd.nix | 2 +- makefu/2configs/solr.nix | 2 +- makefu/2configs/torrent.nix | 2 +- makefu/2configs/zsh-user.nix | 2 +- makefu/3modules/awesome-extra.nix | 2 +- makefu/3modules/deluge.nix | 2 +- makefu/3modules/forward-journal.nix | 2 +- makefu/3modules/opentracker.nix | 2 +- makefu/3modules/ps3netsrv.nix | 2 +- makefu/3modules/snapraid.nix | 2 +- makefu/3modules/taskserver.nix | 2 +- makefu/3modules/udpt.nix | 2 +- makefu/3modules/umts.nix | 2 +- mv/1systems/stro.nix | 2 +- shared/2configs/cgit-mirror.nix | 2 +- shared/2configs/collectd-base.nix | 2 +- shared/2configs/default.nix | 2 +- shared/2configs/graphite.nix | 2 +- shared/2configs/shack-drivedroid.nix | 2 +- tv/1systems/alnus.nix | 2 +- tv/1systems/caxi.nix | 2 +- tv/1systems/cd.nix | 2 +- tv/1systems/mu.nix | 2 +- tv/1systems/nomic.nix | 2 +- tv/1systems/wu.nix | 2 +- tv/1systems/xu.nix | 2 +- tv/1systems/zu.nix | 2 +- tv/2configs/backup.nix | 2 +- tv/2configs/bash.nix | 2 +- tv/2configs/default.nix | 2 +- tv/2configs/exim-retiolum.nix | 2 +- tv/2configs/exim-smarthost.nix | 2 +- tv/2configs/git.nix | 2 +- tv/2configs/hw/AO753.nix | 2 +- tv/2configs/im.nix | 2 +- tv/2configs/nginx/default.nix | 2 +- tv/2configs/nginx/public_html.nix | 2 +- tv/2configs/pulse.nix | 2 +- tv/2configs/retiolum.nix | 2 +- tv/2configs/ssh.nix | 2 +- tv/2configs/sshd.nix | 2 +- tv/2configs/urlwatch.nix | 2 +- tv/2configs/vim.nix | 2 +- tv/2configs/wu-binary-cache/default.nix | 2 +- tv/2configs/xdg.nix | 2 +- tv/2configs/xserver/Xmodmap.nix | 2 +- tv/2configs/xserver/Xresources.nix | 2 +- tv/2configs/xserver/default.nix | 2 +- tv/2configs/xserver/xserver.conf.nix | 2 +- tv/2configs/xu-qemu0.nix | 2 +- tv/3modules/charybdis/config.nix | 2 +- tv/3modules/charybdis/default.nix | 2 +- tv/3modules/ejabberd/config.nix | 2 +- tv/3modules/ejabberd/default.nix | 2 +- tv/3modules/hosts.nix | 2 +- tv/3modules/iptables.nix | 2 +- tv/5pkgs/default.nix | 2 +- 165 files changed, 166 insertions(+), 182 deletions(-) delete mode 100644 krebs/3modules/lib.nix diff --git a/krebs/3modules/Reaktor.nix b/krebs/3modules/Reaktor.nix index d58661a28..d87003ac2 100644 --- a/krebs/3modules/Reaktor.nix +++ b/krebs/3modules/Reaktor.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let ReaktorConfig = pkgs.writeText "config.py" '' diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index e80d383f8..f3c8ff0cd 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let acng-config = pkgs.writeTextFile { name = "acng-configuration"; diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 4569d400f..96b283002 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let out = { options.krebs.backup = api; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 080d2188d..50e04cf80 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let gunicorn = pkgs.pythonPackages.gunicorn; bepasty = pkgs.pythonPackages.bepasty-server; diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 4848748cd..51f192703 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import ; { options.krebs.build = { diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index bd17c3765..9e144ee0e 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let # https://github.com/NixOS/nixpkgs/issues/14026 diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 02331ee12..650594a6c 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' import os diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix index 9f63e33ac..e97e53479 100644 --- a/krebs/3modules/current.nix +++ b/krebs/3modules/current.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.current; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index a4a5f9cad..ec85464df 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs; @@ -21,7 +21,6 @@ let ./git.nix ./go.nix ./iptables.nix - ./lib.nix ./newsbot-js.nix ./nginx.nix ./nixpkgs.nix diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index a18f1c979..05840e80a 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.exim-retiolum; diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index cfe2e5f04..2ed5607f1 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let indent = replaceChars ["\n"] ["\n "]; cfg = config.krebs.exim-smarthost; diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 7b18c72c1..1127c0a50 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with config.krebs.lib; let +{ config, lib, pkgs, ... }: with import ; let cfg = config.krebs.exim; in { options.krebs.exim = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index 0adcec3d8..94bcbed9d 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.fetchWallpaper; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 6a03b4638..e6b98a923 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -6,7 +6,7 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with config.krebs.lib; +with import ; let cfg = config.krebs.git; @@ -97,7 +97,7 @@ let singleton { user = [ config.krebs.users.tv ]; repo = [ testing ]; # see literal example of repos - perm = push "refs/*" (with config.krebs.lib.git; [ + perm = push "refs/*" (with git; [ non-fast-forward create delete merge ]); } diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 3646d35d6..e6db3aa42 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.github-hosts-sync; diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 52a104bb9..a86f444dc 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.go; diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 08e8995fa..5c4f5fa24 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.lass) { diff --git a/krebs/3modules/lib.nix b/krebs/3modules/lib.nix deleted file mode 100644 index 1b812366e..000000000 --- a/krebs/3modules/lib.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - out = { - options.krebs.lib = api; - config = imp; - }; - api = mkOption { - default = {}; - type = types.attrs; - }; - imp = { - krebs.lib = import ; - }; -in out diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e79e54aa6..7317e0b60 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { diff --git a/krebs/3modules/mv/default.nix b/krebs/3modules/mv/default.nix index dc47d8983..a95536122 100644 --- a/krebs/3modules/mv/default.nix +++ b/krebs/3modules/mv/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.mv) { diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 214f55018..1577c5b64 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.nginx; diff --git a/krebs/3modules/nixpkgs.nix b/krebs/3modules/nixpkgs.nix index 5816b8a30..796ee537e 100644 --- a/krebs/3modules/nixpkgs.nix +++ b/krebs/3modules/nixpkgs.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.nixpkgs; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index a471a4bc2..8bb022442 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with config.krebs.lib; let +{ config, lib, pkgs, ... }: with import ; let out = { options.krebs.on-failure = api; config = lib.mkIf cfg.enable imp; diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 4c803fff8..50cf72ef9 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,5 +1,5 @@ { config, ... }: -with config.krebs.lib; +with import ; let nixos-version-id = "${config.system.nixosVersion}"; nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index 93a7d2293..1b8d092bb 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.per-user; diff --git a/krebs/3modules/power-action.nix b/krebs/3modules/power-action.nix index bb5b3e521..f405482de 100644 --- a/krebs/3modules/power-action.nix +++ b/krebs/3modules/power-action.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.power-action; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index df374e184..1564bd94a 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.realwallpaper; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index bcd9da5ea..7705635f0 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.repo-sync; diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 9d393c90b..4bcd596d4 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.retiolum-bootstrap; diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix index 2b181a556..fddaed9e3 100644 --- a/krebs/3modules/retiolum.nix +++ b/krebs/3modules/retiolum.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let out = { options.krebs.tinc = api; diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index d53482339..bcc52fb6e 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.rtorrent; webcfg = config.krebs.rtorrent.web; diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 579f375f3..672c503b0 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: with config.krebs.lib; let +{ config, lib, pkgs, ... }@args: with import ; let cfg = config.krebs.secret; in { options.krebs.secret = { diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 65a4abe1c..13f981437 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.setuid; diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix index a9868954e..a05889632 100644 --- a/krebs/3modules/shared/default.nix +++ b/krebs/3modules/shared/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import ; let testHosts = genAttrs [ "test-arch" diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index d783ba03b..26a51de00 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.krebs.tinc_graphs; internal_dir = "${cfg.workingDir}/internal"; diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index a933cbddb..5773255ec 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import ; { dns.providers = { diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index ed1a21260..e43f8de4a 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -4,7 +4,7 @@ # TODO inform about unused caches # cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}" -with config.krebs.lib; +with import ; let cfg = config.krebs.urlwatch; diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 841543819..5860b9a15 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; rec { execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let in writeC name { inherit destination; } /* c */ '' diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 75d1dac82..876f8b9a4 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }@args: -with config.krebs.lib; +with import ; { nixpkgs.config.packageOverrides = pkgs: let diff --git a/krebs/default.nix b/krebs/default.nix index 93e006f3d..e5e8cbc49 100644 --- a/krebs/default.nix +++ b/krebs/default.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ ./3modules diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 8ce1d5748..c16080762 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: with builtins; -with config.krebs.lib; +with import ; { imports = [ diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index 1028ca652..ae48761e7 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ ../. diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 8b4f1d7a2..76710ac9d 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let ip = config.krebs.build.host.nets.internet.ip4.addr; diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix index e1417c83d..b84fec317 100644 --- a/lass/1systems/uriel.nix +++ b/lass/1systems/uriel.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: with builtins; -with config.krebs.lib; +with import ; { imports = [ ../. diff --git a/lass/2configs/backups.nix b/lass/2configs/backups.nix index 916e08219..22b48f6e8 100644 --- a/lass/2configs/backups.nix +++ b/lass/2configs/backups.nix @@ -1,5 +1,5 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; { krebs.backup.plans = { diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 90f420674..88ee70802 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let mainUser = config.users.extraUsers.mainUser; diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index 628fdf61f..df01a84c0 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -1,6 +1,6 @@ { lib, config, pkgs, ... }: -with config.krebs.lib; +with import ; let sshHostConfig = pkgs.writeText "ssh-config" '' diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix index 9d13bc30d..9295fd9ef 100644 --- a/lass/2configs/c-base.nix +++ b/lass/2configs/c-base.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (config.krebs.lib) genid; + inherit (import ) genid; in { diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 0b7ca8eaa..43c4d5b0d 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ ../2configs/audit.nix diff --git a/lass/2configs/downloading.nix b/lass/2configs/downloading.nix index 1bba5b416..79a609e2b 100644 --- a/lass/2configs/downloading.nix +++ b/lass/2configs/downloading.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { users.extraUsers = { diff --git a/lass/2configs/exim-retiolum.nix b/lass/2configs/exim-retiolum.nix index c07b6c15a..1ee8d843e 100644 --- a/lass/2configs/exim-retiolum.nix +++ b/lass/2configs/exim-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.exim-retiolum.enable = true; diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 3ed8be77f..3bf78d9f4 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.exim-smarthost = { diff --git a/lass/2configs/gc.nix b/lass/2configs/gc.nix index 8762ad95e..00f318e51 100644 --- a/lass/2configs/gc.nix +++ b/lass/2configs/gc.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import ; { nix.gc = { automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ]; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index ab4450715..06cae734e 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix index 795ad7a26..7d694c173 100644 --- a/lass/2configs/go.nix +++ b/lass/2configs/go.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { environment.systemPackages = [ pkgs.go diff --git a/lass/2configs/hw/tp-x220.nix b/lass/2configs/hw/tp-x220.nix index be1faccea..4a7d0bbcd 100644 --- a/lass/2configs/hw/tp-x220.nix +++ b/lass/2configs/hw/tp-x220.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { networking.wireless.enable = lib.mkDefault true; diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index a51ccae58..e739d2f79 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -2,7 +2,7 @@ let mainUser = config.users.extraUsers.mainUser; - inherit (config.krebs.lib) genid; + inherit (import ) genid; in { virtualisation.libvirtd.enable = true; diff --git a/lass/2configs/pulse.nix b/lass/2configs/pulse.nix index 3be482191..373207461 100644 --- a/lass/2configs/pulse.nix +++ b/lass/2configs/pulse.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let pkg = pkgs.pulseaudioLight; runDir = "/run/pulse"; diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 59678dbff..88e826683 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -1,11 +1,11 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; let name = "radio"; mainUser = config.users.extraUsers.mainUser; - inherit (config.krebs.lib) genid; + inherit (import ) genid; admin-password = import ; source-password = import ; diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index eae583a84..f88149730 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let mirror = "git@${config.networking.hostName}:"; diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix index 5b6da4a95..a803df15b 100644 --- a/lass/2configs/skype.nix +++ b/lass/2configs/skype.nix @@ -2,7 +2,7 @@ let mainUser = config.users.extraUsers.mainUser; - inherit (config.krebs.lib) genid; + inherit (import ) genid; in { users.extraUsers = { diff --git a/lass/2configs/teamviewer.nix b/lass/2configs/teamviewer.nix index 22bfb18d8..87b6fbac3 100644 --- a/lass/2configs/teamviewer.nix +++ b/lass/2configs/teamviewer.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { services.teamviewer.enable = true; } diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 2bbec6ab1..aac2b96d4 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let out = { environment.systemPackages = [ diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 0bfd9fe6b..ae07b9a2e 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (config.krebs.lib) genid; + inherit (import ) genid; in { krebs.per-user.chat.packages = with pkgs; [ mosh diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix index 0f04540c3..3049774f8 100644 --- a/lass/2configs/xserver/Xresources.nix +++ b/lass/2configs/xserver/Xresources.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; pkgs.writeText "Xresources" '' URxvt*scrollBar: false diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix index 0f9b1f84a..53c8f9444 100644 --- a/lass/2configs/xserver/default.nix +++ b/lass/2configs/xserver/default.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }@args: -with config.krebs.lib; +with import ; let user = config.krebs.build.user; in { diff --git a/lass/2configs/xserver/xserver.conf.nix b/lass/2configs/xserver/xserver.conf.nix index c452b4226..6f34e0150 100644 --- a/lass/2configs/xserver/xserver.conf.nix +++ b/lass/2configs/xserver/xserver.conf.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.services.xserver; diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 83ca5dc2a..b1fca08d3 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: with config.krebs.lib; let +{ config, ... }: with import ; let cfg = config.lass.ejabberd; # XXX this is a placeholder that happens to work the default strings. diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index 18c7cd656..e2fba5ff5 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: with config.krebs.lib; let +{ config, lib, pkgs, ... }@args: with import ; let cfg = config.lass.ejabberd; in { options.lass.ejabberd = { diff --git a/lass/3modules/hosts.nix b/lass/3modules/hosts.nix index f2ff10c06..125819bb0 100644 --- a/lass/3modules/hosts.nix +++ b/lass/3modules/hosts.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import ; { options.lass.hosts = mkOption { diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix index 4a79311a4..01e07ae66 100644 --- a/lass/3modules/owncloud_nginx.nix +++ b/lass/3modules/owncloud_nginx.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.lass.owncloud; diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix index 6b5d19615..cd33a2cf1 100644 --- a/lass/3modules/static_nginx.nix +++ b/lass/3modules/static_nginx.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.lass.staticPage; diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix index 7daaba89e..83de4d403 100644 --- a/lass/3modules/umts.nix +++ b/lass/3modules/umts.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.lass.umts; diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index 0e7e718a4..1ee01e8d9 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: with config.krebs.lib; let +{ config, lib, pkgs, ... }@args: with import ; let cfg = config.lass.usershadow; diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix index 4305a121b..5d88e3fde 100644 --- a/lass/3modules/wordpress_nginx.nix +++ b/lass/3modules/wordpress_nginx.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.lass.wordpress; diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index c63dcb492..11bb47a93 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let byid = dev: "/dev/disk/by-id/" + dev; rootDisk = byid "ata-ADATA_SSD_S599_64GB_10460000000000000039"; diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 20731c847..178d496f3 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let external-ip = config.krebs.build.host.nets.internet.ip4.addr; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 2e09e345e..4fbbd653d 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -66,7 +66,7 @@ in { ''; }; users.groups.share = { - gid = config.krebs.lib.genid "share"; + gid = (import ).genid "share"; members = [ "makefu" "misa" ]; }; networking.firewall.trustedInterfaces = [ primaryInterface ]; diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix index 238b740a6..17e81f793 100644 --- a/makefu/1systems/wry.nix +++ b/makefu/1systems/wry.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let external-ip = config.krebs.build.host.nets.internet.ip4.addr; diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix index 57fd7a64d..38fd93e2b 100644 --- a/makefu/2configs/backup.nix +++ b/makefu/2configs/backup.nix @@ -1,5 +1,5 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; let # preparation: # mkdir -p defaultBackupDir/host.name/src diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index cbc3efbac..95ebabc44 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -11,7 +11,7 @@ # if this is not enough, check out main-laptop.nix -with config.krebs.lib; +with import ; let mainUser = config.krebs.build.user.name; in diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix index 4b5389c32..a6be04876 100644 --- a/makefu/2configs/bepasty-dual.nix +++ b/makefu/2configs/bepasty-dual.nix @@ -10,7 +10,7 @@ # wildcard.krebsco.de.key # bepasty-secret.nix <- contains single string -with config.krebs.lib; +with import ; let sec = toString ; # secKey is nothing worth protecting on a local machine diff --git a/makefu/2configs/collectd/collectd-base.nix b/makefu/2configs/collectd/collectd-base.nix index c739368ca..91e5216ad 100644 --- a/makefu/2configs/collectd/collectd-base.nix +++ b/makefu/2configs/collectd/collectd-base.nix @@ -2,7 +2,7 @@ # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) -with config.krebs.lib; +with import ; let connect-time-cfg = with pkgs; writeText "collectd-connect-time.cfg" '' LoadPlugin python diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 56a87d7af..af0e2bae0 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ { diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix index 8f51c91dd..2877d2227 100644 --- a/makefu/2configs/deployment/mycube.connector.one.nix +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # more than just nginx config but not enough to become a module -with config.krebs.lib; +with import ; let hostname = config.krebs.build.host.name; external-ip = config.krebs.build.host.nets.internet.ip4.addr; diff --git a/makefu/2configs/elchos/stats.nix b/makefu/2configs/elchos/stats.nix index 0282b04cf..9f27b6647 100644 --- a/makefu/2configs/elchos/stats.nix +++ b/makefu/2configs/elchos/stats.nix @@ -2,7 +2,7 @@ # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) -with config.krebs.lib; +with import ; let sec = toString ; acmepath = "/var/lib/acme/"; diff --git a/makefu/2configs/exim-retiolum.nix b/makefu/2configs/exim-retiolum.nix index 910066e0a..f15a0cf74 100644 --- a/makefu/2configs/exim-retiolum.nix +++ b/makefu/2configs/exim-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { networking.firewall.allowedTCPPorts = [ 25 ]; diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index 23fa8da08..70c0320a1 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let hostname = config.krebs.build.host.name; in { diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix index bf08504d5..3d59a25dd 100644 --- a/makefu/2configs/fs/cac-boot-partition.nix +++ b/makefu/2configs/fs/cac-boot-partition.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: # vda1 ext4 (label nixos) -> only root partition -with config.krebs.lib; +with import ; { boot.loader.grub.enable = true; boot.loader.grub.version = 2; diff --git a/makefu/2configs/fs/sda-crypto-root-home.nix b/makefu/2configs/fs/sda-crypto-root-home.nix index 1ef0d69e9..e790ed6a8 100644 --- a/makefu/2configs/fs/sda-crypto-root-home.nix +++ b/makefu/2configs/fs/sda-crypto-root-home.nix @@ -8,7 +8,7 @@ # / (main-root) # /home (main-home) -with config.krebs.lib; +with import ; { imports = [ diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index 5c7cdf716..cfa703aaf 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -4,7 +4,7 @@ # sda1: boot ext4 (label nixboot) - must be unlocked on boot if required: # boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }]; # sda2: cryptoluks -> ext4 -with config.krebs.lib; +with import ; { boot = { loader.grub.enable = true; diff --git a/makefu/2configs/fs/vm-single-partition.nix b/makefu/2configs/fs/vm-single-partition.nix index 88f209597..26908c357 100644 --- a/makefu/2configs/fs/vm-single-partition.nix +++ b/makefu/2configs/fs/vm-single-partition.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: # vda1 ext4 (label nixos) -> only root partition -with config.krebs.lib; +with import ; { imports = [ ./single-partition-ext4.nix diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index ae54c6dbf..81305272c 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with config.krebs.lib; +with import ; let repos = priv-repos // krebs-repos ; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index fe2c850f7..5c2a0fbd0 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # TODO: remove tv lib :) -with config.krebs.lib; +with import ; let repos = priv-repos // krebs-repos // connector-repos ; diff --git a/makefu/2configs/graphite-standalone.nix b/makefu/2configs/graphite-standalone.nix index dd5438e8d..15ae6b68f 100644 --- a/makefu/2configs/graphite-standalone.nix +++ b/makefu/2configs/graphite-standalone.nix @@ -2,7 +2,7 @@ # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) -with config.krebs.lib; +with import ; { imports = [ ]; diff --git a/makefu/2configs/hw/tp-x200.nix b/makefu/2configs/hw/tp-x200.nix index f17ac74a6..f06425aec 100644 --- a/makefu/2configs/hw/tp-x200.nix +++ b/makefu/2configs/hw/tp-x200.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ ./tp-x2x0.nix ]; diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix index 2ec531e56..ce3e34ad3 100644 --- a/makefu/2configs/hw/tp-x220.nix +++ b/makefu/2configs/hw/tp-x220.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ ./tp-x2x0.nix ]; diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 368465a8b..2b615ecfa 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { networking.wireless.enable = lib.mkDefault true; diff --git a/makefu/2configs/mail-client.nix b/makefu/2configs/mail-client.nix index eeade94e8..8319b89ce 100644 --- a/makefu/2configs/mail-client.nix +++ b/makefu/2configs/mail-client.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { environment.systemPackages = with pkgs; [ abook diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 9d5b06f70..ef8a3b88f 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -5,7 +5,7 @@ # not fit into base-gui # TODO split generic desktop stuff and laptop-specifics like lidswitching -with config.krebs.lib; +with import ; let window-manager = "awesome"; user = config.krebs.build.user.name; diff --git a/makefu/2configs/mattermost-docker.nix b/makefu/2configs/mattermost-docker.nix index e679a3d91..a887a6a8f 100644 --- a/makefu/2configs/mattermost-docker.nix +++ b/makefu/2configs/mattermost-docker.nix @@ -1,6 +1,6 @@ {config, lib, ...}: -with config.krebs.lib; +with import ; let sec = toString ; ssl_cert = "${sec}/wildcard.krebsco.de.crt"; diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index 137c0b0e3..b2a965de6 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let sec = toString ; ssl_cert = "${sec}/wildcard.krebsco.de.crt"; diff --git a/makefu/2configs/nginx/euer.test.nix b/makefu/2configs/nginx/euer.test.nix index 84b9bacda..bff652daf 100644 --- a/makefu/2configs/nginx/euer.test.nix +++ b/makefu/2configs/nginx/euer.test.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let hostname = config.krebs.build.host.name; user = config.services.nginx.user; diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix index 655dee7b2..22cf9c9b7 100644 --- a/makefu/2configs/nginx/euer.wiki.nix +++ b/makefu/2configs/nginx/euer.wiki.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let sec = toString ; ext-dom = "wiki.euer.krebsco.de"; diff --git a/makefu/2configs/nginx/icecult.nix b/makefu/2configs/nginx/icecult.nix index a11f92af7..ce4f62e55 100644 --- a/makefu/2configs/nginx/icecult.nix +++ b/makefu/2configs/nginx/icecult.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with config.krebs.lib; +with import ; let icecult = pkgs.fetchFromGitHub { diff --git a/makefu/2configs/nginx/public_html.nix b/makefu/2configs/nginx/public_html.nix index 9df8351ca..9545e98f4 100644 --- a/makefu/2configs/nginx/public_html.nix +++ b/makefu/2configs/nginx/public_html.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; { krebs.nginx = { diff --git a/makefu/2configs/nginx/update.connector.one.nix b/makefu/2configs/nginx/update.connector.one.nix index dde3e3a64..593f23199 100644 --- a/makefu/2configs/nginx/update.connector.one.nix +++ b/makefu/2configs/nginx/update.connector.one.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let hostname = config.krebs.build.host.name; external-ip = config.krebs.build.host.nets.internet.ip4.addr; diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix index 86f768662..f2ed42230 100644 --- a/makefu/2configs/omo-share.nix +++ b/makefu/2configs/omo-share.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let hostname = config.krebs.build.host.name; # TODO local-ip from the nets config diff --git a/makefu/2configs/sabnzbd.nix b/makefu/2configs/sabnzbd.nix index 6b0f2ac3a..90a9f284f 100644 --- a/makefu/2configs/sabnzbd.nix +++ b/makefu/2configs/sabnzbd.nix @@ -1,6 +1,6 @@ { pkgs, config, ... }: -with config.krebs.lib; +with import ; let web-port = 8080; in { diff --git a/makefu/2configs/solr.nix b/makefu/2configs/solr.nix index cad9eabc1..6fc02df1f 100644 --- a/makefu/2configs/solr.nix +++ b/makefu/2configs/solr.nix @@ -2,7 +2,7 @@ # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) -with config.krebs.lib; +with import ; let solrHome = "/var/db/solr"; in { diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index 28f21b659..5b9ce6178 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let daemon-user = "tor"; diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index a3286b7fd..f3cdbfda4 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: ## -with config.krebs.lib; +with import ; let mainUser = config.krebs.build.user.name; in diff --git a/makefu/3modules/awesome-extra.nix b/makefu/3modules/awesome-extra.nix index b12556486..81c42cba7 100644 --- a/makefu/3modules/awesome-extra.nix +++ b/makefu/3modules/awesome-extra.nix @@ -1,6 +1,6 @@ {config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.makefu.awesome; out = { diff --git a/makefu/3modules/deluge.nix b/makefu/3modules/deluge.nix index e81f96f85..bbdd18454 100644 --- a/makefu/3modules/deluge.nix +++ b/makefu/3modules/deluge.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: # based on /nixos/modules/services/torrent/deluge.nix -with config.krebs.lib; +with import ; let cfg_daemon = config.makefu.deluge; diff --git a/makefu/3modules/forward-journal.nix b/makefu/3modules/forward-journal.nix index 26de3ffdd..f501048be 100644 --- a/makefu/3modules/forward-journal.nix +++ b/makefu/3modules/forward-journal.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.makefu.forward-journal; diff --git a/makefu/3modules/opentracker.nix b/makefu/3modules/opentracker.nix index 8847fc09a..202231fa1 100644 --- a/makefu/3modules/opentracker.nix +++ b/makefu/3modules/opentracker.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.makefu.opentracker; diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix index 22681637c..5222e50ac 100644 --- a/makefu/3modules/ps3netsrv.nix +++ b/makefu/3modules/ps3netsrv.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.makefu.ps3netsrv; diff --git a/makefu/3modules/snapraid.nix b/makefu/3modules/snapraid.nix index acdeb46d8..762e909b9 100644 --- a/makefu/3modules/snapraid.nix +++ b/makefu/3modules/snapraid.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let # returns dirname without / , used as disk name diff --git a/makefu/3modules/taskserver.nix b/makefu/3modules/taskserver.nix index 41247fff3..808e70425 100644 --- a/makefu/3modules/taskserver.nix +++ b/makefu/3modules/taskserver.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.makefu.taskserver; diff --git a/makefu/3modules/udpt.nix b/makefu/3modules/udpt.nix index 59602e4a9..18f56ab6b 100644 --- a/makefu/3modules/udpt.nix +++ b/makefu/3modules/udpt.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.makefu.udpt; diff --git a/makefu/3modules/umts.nix b/makefu/3modules/umts.nix index 300467e1f..91ac13755 100644 --- a/makefu/3modules/umts.nix +++ b/makefu/3modules/umts.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let nixpkgs-1509 = import (pkgs.fetchFromGitHub { diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index 08e6ce2ce..e371db788 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs = { diff --git a/shared/2configs/cgit-mirror.nix b/shared/2configs/cgit-mirror.nix index d9241a2b5..a3860a0ef 100644 --- a/shared/2configs/cgit-mirror.nix +++ b/shared/2configs/cgit-mirror.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let rules = with git; singleton { user = [ wolf-repo-sync ]; diff --git a/shared/2configs/collectd-base.nix b/shared/2configs/collectd-base.nix index 9c63dcd20..fd6016d4f 100644 --- a/shared/2configs/collectd-base.nix +++ b/shared/2configs/collectd-base.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: # TODO: krebs.collectd.plugins -with config.krebs.lib; +with import ; let connect-time-cfg = with pkgs; writeText "collectd-connect-time.conf" '' LoadPlugin python diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix index f5377db94..cae2bc814 100644 --- a/shared/2configs/default.nix +++ b/shared/2configs/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.enable = true; krebs.tinc.retiolum.enable = true; diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix index bfa2b2966..8a1238466 100644 --- a/shared/2configs/graphite.nix +++ b/shared/2configs/graphite.nix @@ -5,7 +5,7 @@ # TODO: krebs.graphite.minimal.enable # TODO: configure firewall -with config.krebs.lib; +with import ; { imports = [ ]; diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix index 6133ccc99..3581f9e96 100644 --- a/shared/2configs/shack-drivedroid.nix +++ b/shared/2configs/shack-drivedroid.nix @@ -1,5 +1,5 @@ { pkgs, lib, config, ... }: -with config.krebs.lib; +with import ; let repodir = "/var/srv/drivedroid"; srepodir = shell.escape repodir; diff --git a/tv/1systems/alnus.nix b/tv/1systems/alnus.nix index d3de8bdfa..bc6e3a6d8 100644 --- a/tv/1systems/alnus.nix +++ b/tv/1systems/alnus.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ diff --git a/tv/1systems/caxi.nix b/tv/1systems/caxi.nix index 5bfacd992..59f3cd63a 100644 --- a/tv/1systems/caxi.nix +++ b/tv/1systems/caxi.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import ; { krebs.build.host = config.krebs.hosts.caxi; diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index 2ad4a1505..043e91510 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.build.host = config.krebs.hosts.cd; diff --git a/tv/1systems/mu.nix b/tv/1systems/mu.nix index 55f18326d..e9a8a131a 100644 --- a/tv/1systems/mu.nix +++ b/tv/1systems/mu.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index 5415e50b1..793e1f80b 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.build.host = config.krebs.hosts.nomic; diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index c2a624a91..19db559f1 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.build.host = config.krebs.hosts.wu; diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 85ac23e9d..a84da38db 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.build.host = config.krebs.hosts.xu; diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index 0503021d4..056652e4b 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.build.host = config.krebs.hosts.zu; diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index e74ed79d8..6dd24b32f 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -1,5 +1,5 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; { krebs.backup.plans = { } // mapAttrs (_: recursiveUpdate { diff --git a/tv/2configs/bash.nix b/tv/2configs/bash.nix index fe87aa8d7..40c0725ed 100644 --- a/tv/2configs/bash.nix +++ b/tv/2configs/bash.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { programs.bash = { diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index abc657ec0..32e4b4503 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.enable = true; diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix index ad355f8b4..bf13a388a 100644 --- a/tv/2configs/exim-retiolum.nix +++ b/tv/2configs/exim-retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.exim-retiolum.enable = true; diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 591edafb6..cc3bdf95d 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.exim-smarthost = { diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index fd3875410..21d365381 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let diff --git a/tv/2configs/hw/AO753.nix b/tv/2configs/hw/AO753.nix index b81b773be..8625078da 100644 --- a/tv/2configs/hw/AO753.nix +++ b/tv/2configs/hw/AO753.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { imports = [ diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix index db1be7f0b..82f1be042 100644 --- a/tv/2configs/im.nix +++ b/tv/2configs/im.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { environment.systemPackages = with pkgs; [ (pkgs.writeDashBin "im" '' diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix index d0d07d5ca..39995c052 100644 --- a/tv/2configs/nginx/default.nix +++ b/tv/2configs/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; { krebs.nginx = { diff --git a/tv/2configs/nginx/public_html.nix b/tv/2configs/nginx/public_html.nix index 858f16563..e0bbb8d57 100644 --- a/tv/2configs/nginx/public_html.nix +++ b/tv/2configs/nginx/public_html.nix @@ -1,6 +1,6 @@ { config, lib, ... }: -with config.krebs.lib; +with import ; { krebs.nginx = { diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 512919759..9c40e9b66 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let pkg = pkgs.pulseaudioLight; runDir = "/run/pulse"; diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index 7179be570..0abc96822 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.tinc.retiolum = { diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix index 7bf583426..84d247362 100644 --- a/tv/2configs/ssh.nix +++ b/tv/2configs/ssh.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; { # Override NixOS's "Allow DSA keys for now." diff --git a/tv/2configs/sshd.nix b/tv/2configs/sshd.nix index 943f32fe9..1749b552d 100644 --- a/tv/2configs/sshd.nix +++ b/tv/2configs/sshd.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { services.openssh = { diff --git a/tv/2configs/urlwatch.nix b/tv/2configs/urlwatch.nix index 89937d702..b34590908 100644 --- a/tv/2configs/urlwatch.nix +++ b/tv/2configs/urlwatch.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; { krebs.urlwatch = { enable = true; diff --git a/tv/2configs/vim.nix b/tv/2configs/vim.nix index 16f540488..cc59a95a5 100644 --- a/tv/2configs/vim.nix +++ b/tv/2configs/vim.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let out = { environment.systemPackages = [ diff --git a/tv/2configs/wu-binary-cache/default.nix b/tv/2configs/wu-binary-cache/default.nix index 6fcac21af..f039a552b 100644 --- a/tv/2configs/wu-binary-cache/default.nix +++ b/tv/2configs/wu-binary-cache/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with config.krebs.lib; +{ config, lib, pkgs, ... }: with import ; { services.nix-serve = assert config.krebs.build.host.name == "wu"; { enable = true; diff --git a/tv/2configs/xdg.nix b/tv/2configs/xdg.nix index f05ec5431..18bac9b38 100644 --- a/tv/2configs/xdg.nix +++ b/tv/2configs/xdg.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; { environment.variables.XDG_RUNTIME_DIR = "/run/xdg/$LOGNAME"; diff --git a/tv/2configs/xserver/Xmodmap.nix b/tv/2configs/xserver/Xmodmap.nix index 02b6c730e..d2b1b2604 100644 --- a/tv/2configs/xserver/Xmodmap.nix +++ b/tv/2configs/xserver/Xmodmap.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; pkgs.writeText "Xmodmap" '' !keycode 66 = Caps_Lock diff --git a/tv/2configs/xserver/Xresources.nix b/tv/2configs/xserver/Xresources.nix index ad41f3a94..398247d27 100644 --- a/tv/2configs/xserver/Xresources.nix +++ b/tv/2configs/xserver/Xresources.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; pkgs.writeText "Xresources" /* xdefaults */ '' !URxvt*background: #050505 diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index 7a76530be..7dcfecce6 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }@args: -with config.krebs.lib; +with import ; let user = config.krebs.build.user; in { diff --git a/tv/2configs/xserver/xserver.conf.nix b/tv/2configs/xserver/xserver.conf.nix index c452b4226..6f34e0150 100644 --- a/tv/2configs/xserver/xserver.conf.nix +++ b/tv/2configs/xserver/xserver.conf.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.services.xserver; diff --git a/tv/2configs/xu-qemu0.nix b/tv/2configs/xu-qemu0.nix index 0e4a91c90..355a36650 100644 --- a/tv/2configs/xu-qemu0.nix +++ b/tv/2configs/xu-qemu0.nix @@ -15,7 +15,7 @@ in # # make [install] system=xu-qemu0 target_host=10.56.0.101 -with config.krebs.lib; +with import ; { networking.dhcpcd.denyInterfaces = [ "qemubr0" ]; diff --git a/tv/3modules/charybdis/config.nix b/tv/3modules/charybdis/config.nix index 1b160926c..5812516f1 100644 --- a/tv/3modules/charybdis/config.nix +++ b/tv/3modules/charybdis/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: with config.krebs.lib; let +{ config, ... }: with import ; let cfg = config.tv.charybdis; in toFile "charybdis.conf" '' /* doc/example.conf - brief example configuration file diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 3af971cd4..859dc122c 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: with config.krebs.lib; let +{ config, lib, pkgs, ... }@args: with import ; let cfg = config.tv.charybdis; in { options.tv.charybdis = { diff --git a/tv/3modules/ejabberd/config.nix b/tv/3modules/ejabberd/config.nix index 49bded855..29c38fbe4 100644 --- a/tv/3modules/ejabberd/config.nix +++ b/tv/3modules/ejabberd/config.nix @@ -1,4 +1,4 @@ -{ config, ... }: with config.krebs.lib; let +{ config, ... }: with import ; let cfg = config.tv.ejabberd; # XXX this is a placeholder that happens to work the default strings. diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index 95ea24be1..4d3493d78 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }@args: with config.krebs.lib; let +{ config, lib, pkgs, ... }@args: with import ; let cfg = config.tv.ejabberd; in { options.tv.ejabberd = { diff --git a/tv/3modules/hosts.nix b/tv/3modules/hosts.nix index 7bf3267c7..118740510 100644 --- a/tv/3modules/hosts.nix +++ b/tv/3modules/hosts.nix @@ -1,6 +1,6 @@ { config, ... }: -with config.krebs.lib; +with import ; { options.tv.hosts = mkOption { diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 4b1d1ef87..7276726ca 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with config.krebs.lib; +with import ; let cfg = config.tv.iptables; diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 3590ad572..ace3ed00f 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -with config.krebs.lib; +with import ; { nixpkgs.config.packageOverrides = super: { # TODO use XDG_RUNTIME_DIR? From 0d4d8ccf3f1cd8ae16bb38bbb1b347742ef14980 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 21 Oct 2016 22:44:30 +0200 Subject: [PATCH 06/27] tv nixpkgs: b8ede35 -> 31c72ce --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 32e4b4503..b80479eaa 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; + ref = "31c72ce266b0179efa877bb3acd7dfd7b746537b"; }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From b15eda79dffda9eb69c22f0d78e1d79120ca269b Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Oct 2016 00:47:55 +0200 Subject: [PATCH 07/27] ire: RIP --- krebs/3modules/tv/default.nix | 40 ----------------------------------- makefu/1systems/gum.nix | 2 +- tv/2configs/retiolum.nix | 1 - 3 files changed, 1 insertion(+), 42 deletions(-) diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 5773255ec..0e7535e6c 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -162,46 +162,6 @@ with import ; }; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM6dL0fQ8Bd0hER0Xa3I2pAWVHdnwOBaAZhbDlLJmUu"; }; - ire = { - extraZones = { - # TODO generate krebsco.de zone from nets and don't use extraZones at all - "krebsco.de" = '' - ire 60 IN A ${config.krebs.hosts.ire.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "198.147.22.115"; - aliases = [ - "ire.i" - "ire.internet" - "ire.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.ire.nets.internet; - ip4.addr = "10.243.231.66"; - ip6.addr = "42:b912:0f42:a82d:0d27:8610:e89b:490c"; - aliases = [ - "ire.r" - "ire.retiolum" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAwofjmP/XBf5pwsJlWklkSzI+Bo0I0B9ONc7/j+zpbmMRkwbWk4X7 - rVLt1cWvTY15ujg2u8l0o6OgEbIkc6rslkD603fv1sEAd0KOv7iKLgRpE9qfSvAt - 6YpiSv+mxEMTpH0g36OmBfOJ10uT+iHDB/FfxmgGJx//jdJADzLjjWC6ID+iGkGU - 1Sf+yHXF7HRmQ29Yak8LYVCJpGC5bQfWIMSL5lujLq4NchY2d+NZDkuvh42Ayr0K - LPflnPBQ3XnKHKtSsnFR2vaP6q+d3Opsq/kzBnAkjL26jEuFK1v7P/HhNhJoPzwu - nKKWj/W/k448ce374k5ycjvKm0c6baAC/wIDAQAB - -----END RSA PUBLIC KEY----- - ''; - ssh.port = 11423; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaMjBJ/BfYlHjyn5CO0xzFNaQ0LPvMP3W9UlOs1OxGY"; - }; kaepsele = { nets = { internet = { diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index 178d496f3..c9d424888 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -40,7 +40,7 @@ in { ''; connectTo = [ "muhbaasu" "tahoe" "flap" "wry" - "ire" "cd" "mkdir" "rmdir" + "cd" "fastpoke" "prism" "dishfire" "echelon" "cloudkrebs" ]; }; diff --git a/tv/2configs/retiolum.nix b/tv/2configs/retiolum.nix index 0abc96822..ad1116d4f 100644 --- a/tv/2configs/retiolum.nix +++ b/tv/2configs/retiolum.nix @@ -10,7 +10,6 @@ with import ; "prism" "echelon" "cd" - "ire" ]; tincPackage = pkgs.tinc_pre; }; From 147df0c9048ec01691993f7ceef8e95d68814ddb Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Oct 2016 10:06:10 +0200 Subject: [PATCH 08/27] tv nixpkgs: 31c72ce -> cd41bfe --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index b80479eaa..475c17f2f 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "31c72ce266b0179efa877bb3acd7dfd7b746537b"; + ref = "cd41bfeeb1aaa10e4d412f2bd90dc2844a7c5df8"; }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From 30fe90d4c7f2aad36527accdc12a0718c02bd143 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Oct 2016 14:54:19 +0200 Subject: [PATCH 09/27] tv pkgs: callPackage all subdirs --- tv/5pkgs/default.nix | 24 +++++++++++++++---- .../{xmonad-tv.nix => xmonad-tv/default.nix} | 0 2 files changed, 19 insertions(+), 5 deletions(-) rename tv/5pkgs/{xmonad-tv.nix => xmonad-tv/default.nix} (100%) diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index ace3ed00f..4eb8a10b4 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,7 +1,24 @@ { config, pkgs, ... }: with import ; { - nixpkgs.config.packageOverrides = super: { + nixpkgs.config.packageOverrides = super: let + + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = super.callPackage path args; + upstream = optionalAttrs (override ? "name") + (super.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override + else override; + + in {} + // mapAttrs (_: flip callPackage {}) + (filterAttrs (_: dir: pathExists (dir + "/default.nix")) + (subdirsOf ./.)) + // { # TODO use XDG_RUNTIME_DIR? cr = pkgs.writeDashBin "cr" '' set -efu @@ -12,7 +29,7 @@ with import ; --disk-cache-size=50000000 \ "$@" ''; - ejabberd = pkgs.callPackage ./ejabberd { + ejabberd = callPackage ./ejabberd { erlang = pkgs.erlangR16; }; ff = pkgs.writeDashBin "ff" '' @@ -22,8 +39,5 @@ with import ; if elem config.krebs.build.host.name ["xu" "wu"] then super.gnupg21 else super.gnupg; - q = pkgs.callPackage ./q {}; - viljetic-pages = pkgs.callPackage ./viljetic-pages {}; - xmonad-tv = import ./xmonad-tv.nix { inherit pkgs; }; }; } diff --git a/tv/5pkgs/xmonad-tv.nix b/tv/5pkgs/xmonad-tv/default.nix similarity index 100% rename from tv/5pkgs/xmonad-tv.nix rename to tv/5pkgs/xmonad-tv/default.nix From 183b9d64bf0406d4ea722e2157483e0d47217aae Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 22 Oct 2016 14:55:09 +0200 Subject: [PATCH 10/27] tv djbdns: init at 1.05 --- tv/5pkgs/djbdns/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 tv/5pkgs/djbdns/default.nix diff --git a/tv/5pkgs/djbdns/default.nix b/tv/5pkgs/djbdns/default.nix new file mode 100644 index 000000000..ad5a530bd --- /dev/null +++ b/tv/5pkgs/djbdns/default.nix @@ -0,0 +1,20 @@ +{ coreutils, gawk, fetchurl, stdenv, ... }: + +with stdenv.lib; + +stdenv.mkDerivation rec { + name = "djbdns-1.05"; + src = fetchurl { + url = "http://cr.yp.to/djbdns/djbdns-1.05.tar.gz"; + sha256 = "0j3baf92vkczr5fxww7rp1b7gmczxmmgrqc8w2dy7kgk09m85k9w"; + }; + configurePhase = '' + echo $out > conf-home + echo gcc -O2 -include errno.h > conf-cc + ''; + patchPhase = '' + sed -i 's:c("/","etc","dnsroots.global",-1,-1,0644);:// &:' hier.c + sed -i '1s@^@PATH=${makeBinPath [ coreutils gawk ]}\n@' dnstracesort.sh + ''; + installTargets = "setup check"; +} From 0fdd081b281f3ab03c6f75e79896ea64746c1a21 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:05:42 +0200 Subject: [PATCH 11/27] k 3 l: add sokratess user --- krebs/3modules/lass/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 5c4f5fa24..ad1221e8e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -305,5 +305,7 @@ with import ; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; }; + sokratess = { + }; }; } From 7b7b7e2c8044a8a09697ded15a936fe5a76f03a7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:05:56 +0200 Subject: [PATCH 12/27] l 1 mors: activate redis --- lass/1systems/mors.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix index ae48761e7..c3d027edc 100644 --- a/lass/1systems/mors.nix +++ b/lass/1systems/mors.nix @@ -77,6 +77,9 @@ with import ; ]; }; } + { + services.redis.enable = true; + } ]; krebs.build.host = config.krebs.hosts.mors; From fee98f9862526c01b4716f1a479f9c296650be59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:08:55 +0200 Subject: [PATCH 13/27] l 2 c-base: add cifs-utils --- lass/2configs/c-base.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix index 9295fd9ef..3e533fb74 100644 --- a/lass/2configs/c-base.nix +++ b/lass/2configs/c-base.nix @@ -16,6 +16,10 @@ in { users.extraGroups.cbasevpn.gid = genid "cbasevpn"; + environment.systemPackages = [ + pkgs.cifs-utils + ]; + services.openvpn.servers = { c-base = { config = '' From 08b18c3c551c55228ef9e059b09b3cdf88413273 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:09:26 +0200 Subject: [PATCH 14/27] l 2 websites domsen: remove obsolete code --- lass/2configs/websites/domsen.nix | 32 ------------------------------- 1 file changed, 32 deletions(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3a3e60d39..5a4748f42 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -22,25 +22,6 @@ let exec ${pkgs.msmtp}/bin/msmtp --read-envelope-from -C ${msmtprc} "$@" ''; - check-password = pkgs.writeDash "check-password" '' - read pw - - file="/home/$PAM_USER/.shadow" - - #check if shadow file exists - test -e "$file" || exit 123 - - hash="$(${pkgs.coreutils}/bin/head -1 $file)" - salt="$(echo $hash | ${pkgs.gnused}/bin/sed 's/.*\$\(.*\)\$.*/\1/')" - - calc_hash="$(echo "$pw" | ${pkgs.mkpasswd}/bin/mkpasswd -m sha-512 -S $salt)" - if [ "$calc_hash" == $hash ]; then - exit 0 - else - exit 1 - fi - ''; - in { imports = [ ./sqlBackup.nix @@ -164,19 +145,6 @@ in { { predicate = "-p tcp --dport 465"; target = "ACCEPT"; } ]; - security.pam.services.exim.text = '' - auth required pam_env.so - auth sufficient pam_exec.so debug expose_authtok ${check-password} - auth sufficient pam_unix.so likeauth nullok - auth required pam_deny.so - account required pam_unix.so - password required pam_cracklib.so retry=3 type= - password sufficient pam_unix.so nullok use_authtok md5shadow - password required pam_deny.so - session required pam_limits.so - session required pam_unix.so - ''; - krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext From 41e6300dbc650814e88de40ad9be292e3cea4de1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:10:59 +0200 Subject: [PATCH 15/27] l 1 shodan: add sokratess user --- lass/1systems/shodan.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 5140591af..7c44807a6 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -22,6 +22,26 @@ with builtins; # }; # }; #} + { + users.users.sokratess = { + uid = genid "sokratess"; + home = "/home/sokratess"; + group = "users"; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + ]; + useDefaultShell = true; + password = "aidsballs"; + }; + krebs.per-user.sokratess.packages = [ + pkgs.firefox + pkgs.python27Packages.virtualenv + pkgs.python27Packages.ipython + pkgs.python27Packages.python + ]; + } ]; krebs.build.host = config.krebs.hosts.shodan; From 2ecba9acd593d2677903ef5e4d5eecfc38174ed9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 20 Oct 2016 21:40:11 +0200 Subject: [PATCH 16/27] l: import --- krebs/3modules/newsbot-js.nix | 4 +--- lass/1systems/shodan.nix | 2 +- lass/2configs/websites/domsen.nix | 2 +- lass/2configs/websites/fritz.nix | 2 +- lass/2configs/websites/lassulus.nix | 2 +- lass/2configs/websites/wohnprojekt-rhh.de.nix | 2 +- 6 files changed, 6 insertions(+), 8 deletions(-) diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix index b58c555e7..2ff9a5ebb 100644 --- a/krebs/3modules/newsbot-js.nix +++ b/krebs/3modules/newsbot-js.nix @@ -1,10 +1,8 @@ { config, lib, pkgs, ... }: -with builtins; -with lib; +with import ; let - inherit (config.krebs.lib) genid; cfg = config.krebs.newsbot-js; diff --git a/lass/1systems/shodan.nix b/lass/1systems/shodan.nix index 7c44807a6..9d1df1d72 100644 --- a/lass/1systems/shodan.nix +++ b/lass/1systems/shodan.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: -with builtins; +with import ; { imports = [ ../. diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 5a4748f42..18c771fad 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -2,7 +2,7 @@ let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid genid_signed ; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 48d96b1bf..d93d310da 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -2,7 +2,7 @@ with lib; let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid head ; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 04c19fad0..b8342e148 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -2,7 +2,7 @@ with lib; let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid ; diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index fb1a58109..0c409ca87 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let - inherit (import { config = {}; inherit lib; }) + inherit (import ) genid ; inherit (import {inherit lib pkgs;}) From 6a2d38b29d52443c537787fdd40dac9c46e1e8a8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 22 Oct 2016 01:29:16 +0200 Subject: [PATCH 17/27] l 2 nixpkgs: b8ede35 -> 686bc9c --- lass/2configs/nixpkgs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 73c96e876..4ef4c6ce7 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; + ref = "686bc9c5ccafbec2b6d2db61bd0803c2b7bc2b7d"; }; } From c7858f23ee9bcdae0616c21c347d1691168fbada Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 21 Oct 2016 22:37:59 +0200 Subject: [PATCH 18/27] m 2 default: bump to latest stable (dirtycow) --- makefu/2configs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index af0e2bae0..cb6fe55b8 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -23,7 +23,8 @@ with import ; user = config.krebs.users.makefu; source = let inherit (config.krebs.build) host user; - ref = "b8ede35"; # stable @ 2016-10-19 + # ref = "b8ede35"; # stable @ 2016-10-19 + ref = "31c72ce"; # stable @ 2016-10-21 (dirtycow) in { nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then { From 92615e0d0bc09763747a255cc1ce064c50b72fa5 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 21 Oct 2016 22:38:18 +0200 Subject: [PATCH 19/27] m 1 gum: remove mattermost --- makefu/1systems/gum.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix index c9d424888..bfd880b88 100644 --- a/makefu/1systems/gum.nix +++ b/makefu/1systems/gum.nix @@ -11,9 +11,9 @@ in { ../2configs/fs/simple-swap.nix ../2configs/fs/single-partition-ext4.nix ../2configs/smart-monitor.nix - # ../2configs/iodined.nix + ../2configs/iodined.nix ../2configs/git/cgit-retiolum.nix - ../2configs/mattermost-docker.nix + # ../2configs/mattermost-docker.nix ../2configs/nginx/euer.test.nix ../2configs/nginx/update.connector.one.nix ../2configs/deployment/mycube.connector.one.nix From 5809a2f2f87f1f5d58525ee539029cffcb71653d Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 22 Oct 2016 12:47:22 +0200 Subject: [PATCH 20/27] m 1 x: disable docker for now --- makefu/1systems/x.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix index 00eca87c4..e7f5d0dae 100644 --- a/makefu/1systems/x.nix +++ b/makefu/1systems/x.nix @@ -13,6 +13,7 @@ # Krebs #../2configs/disable_v6.nix + ../2configs/rad1o.nix # applications @@ -38,19 +39,21 @@ ../2configs/fs/sda-crypto-root-home.nix # ../2configs/mediawiki.nix #../2configs/wordpress.nix - ../2configs/nginx/public_html.nix + #../2configs/nginx/public_html.nix + ../2configs/nginx/icecult.nix ../2configs/tinc/retiolum.nix # temporary modules ../2configs/temp/share-samba.nix ../2configs/laptop-backup.nix - # ../2configs/temp/elkstack.nix + ../2configs/temp/elkstack.nix # ../2configs/temp/sabnzbd.nix ../2configs/tinc/siem.nix #../2configs/torrent.nix ]; makefu.full-populate = true; + nixpkgs.config.allowUnfree = true; krebs.nginx = { default404 = false; servers.default.listen = [ "80 default_server" ]; @@ -59,7 +62,7 @@ environment.systemPackages = [ pkgs.passwdqc-utils pkgs.bintray-upload ]; - virtualisation.docker.enable = true; + # virtualisation.docker.enable = true; # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; From 7cc65e17941978cca54ae62772cb1fd13c1b2996 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 22 Oct 2016 14:21:22 +0200 Subject: [PATCH 21/27] m 1 vbob:disable docker --- makefu/1systems/vbob.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 27a216316..56d1b01ba 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -40,7 +40,7 @@ fortclientsslvpn ppp xclip get logstash - docker + # docker devpi-web devpi-client ]; @@ -53,8 +53,6 @@ 8010 ]; - virtualisation.docker.enable = false; - fileSystems."/media/share" = { fsType = "vboxsf"; device = "share"; From 2c74f5a654fa357a4eec8eef9c40ebdbd4456f70 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Oct 2016 18:10:00 +0200 Subject: [PATCH 22/27] tv: globally set CURL_CA_BUNDLE, GIT_SSL_CAINFO, SSL_CERT_FILE --- tv/2configs/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 475c17f2f..4b89252f9 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -112,6 +112,14 @@ with import ; }; } + (let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; in { + environment.variables = { + CURL_CA_BUNDLE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + }; + }) + { services.cron.enable = false; services.nscd.enable = false; From e66a4afdc11db6864ac96815feac4eb797e2c038 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Oct 2016 18:10:31 +0200 Subject: [PATCH 23/27] tv git: add netcup --- tv/2configs/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 21d365381..7d641dceb 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -34,6 +34,7 @@ let load-env = {}; make-snapshot = {}; much = {}; + netcup.desc = "netcup command line interface"; newsbot-js = {}; nixpkgs = {}; populate.desc = "source code installer"; From 9e6c8a91b23326abd7c26c70e96c9069e79a7938 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Oct 2016 18:15:20 +0200 Subject: [PATCH 24/27] tv git: replace misplaced desc attrs --- tv/2configs/git.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 7d641dceb..d937be2c4 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -34,10 +34,14 @@ let load-env = {}; make-snapshot = {}; much = {}; - netcup.desc = "netcup command line interface"; + netcup = { + cgit.desc = "netcup command line interface"; + }; newsbot-js = {}; nixpkgs = {}; - populate.desc = "source code installer"; + populate = { + cgit.desc = "source code installer"; + }; push = {}; regfish = {}; soundcloud = { From 6c02b9125dc7025ebad0a15cf4916f812f8f8e49 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Oct 2016 21:33:45 +0200 Subject: [PATCH 25/27] tv nixpkgs: cd41bfe -> e4fb65a --- tv/2configs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 4b89252f9..39d0c4f6b 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -14,7 +14,7 @@ with import ; stockholm.file = "/home/tv/stockholm"; nixpkgs.git = { url = https://github.com/NixOS/nixpkgs; - ref = "cd41bfeeb1aaa10e4d412f2bd90dc2844a7c5df8"; + ref = "e4fb65a3627f8c17a2f92c08bf302dc30f0a8db9"; }; } // optionalAttrs host.secure { secrets-master.file = "/home/tv/secrets/master"; From 059d7b2d058d29b04e33324e830a7bbac837535e Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 23 Oct 2016 23:32:20 +0200 Subject: [PATCH 26/27] populate: 1.1.1 -> 1.2.0 --- krebs/5pkgs/populate/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/populate/default.nix b/krebs/5pkgs/populate/default.nix index 09b29c6c3..dc5750bda 100644 --- a/krebs/5pkgs/populate/default.nix +++ b/krebs/5pkgs/populate/default.nix @@ -13,12 +13,12 @@ in stdenv.mkDerivation rec { name = "populate"; - version = "1.1.1"; + version = "1.2.0"; src = fetchgit { url = http://cgit.cd.krebsco.de/populate; rev = "refs/tags/v${version}"; - sha256 = "139f4lzn56lca3qgqy9g33r94m3xi1mqns9340lkb4qm6626yvqd"; + sha256 = "0q3110hkkxn9bc3a63xbx1hyd1fpzz4wrck4lng3j5a9i1y1jm07"; }; phases = [ From 08c7671fc51270e582e16cbe49aa896f8bff7685 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 24 Oct 2016 00:43:14 +0200 Subject: [PATCH 27/27] krebs.git: add cgit-clear-cache --- krebs/3modules/git.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index e6b98a923..20907a3ed 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -389,6 +389,12 @@ let mapAttrsToList repo-to-cgitrc cfg.repos )); + environment.systemPackages = [ + (pkgs.writeDashBin "cgit-clear-cache" '' + ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/* + '') + ]; + system.activationScripts.cgit = '' mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}