diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 3780e0d7d..bb273652d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -22,8 +22,6 @@ with import ; pkgs.vaapiVdpau ]; - security.rngd.enable = mkDefault true; - services.xserver = { videoDriver = "intel"; }; diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index d4ac9e42a..d26aa5962 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -61,7 +61,7 @@ }; privset "op" { - privs = oper:admin; + privs = oper:admin, oper:general; }; operator "aids" { diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 2da3e6fcc..84a39f95b 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,6 +68,7 @@ wantedBy = [ "multi-user.target" ]; }; + systemd.services.brockman.bindsTo = [ "solanum.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2823aabef..14e0a3d7a 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -119,6 +119,7 @@ in { users.users.reaktor2 = { uid = genid_uint31 "reaktor2"; home = stateDir; + isSystemUser = true; }; krebs.reaktor2 = { diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 481564719..951450200 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -12,6 +12,7 @@ let in { users.users.muell_mail = { inherit home; + isSystemUser = true; createHome = true; }; systemd.services.muell_mail = { diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index e894b9394..b032b4299 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -13,6 +13,7 @@ let in { users.users.muellshack = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."muell.shack" = { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 4a981ea87..2e69d5aaa 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -14,6 +14,7 @@ in { networking.firewall.allowedUDPPorts = [ 2342 ]; users.users.node-light = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."lounge.light.shack" = { diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index cc3692e85..43c743587 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -14,7 +14,10 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; - users.users.powermeter.extraGroups = [ "dialout" ]; + users.users.powermeter = { + extraGroups = [ "dialout" ]; + isSystemUser = true; + }; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index f3ea67f79..0ce8a8786 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -14,6 +14,7 @@ in { users.users.s3_power = { inherit home; createHome = true; + isSystemUser = true; }; systemd.services.s3-power = { startAt = "daily"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 807bb7e65..c9cdfd24b 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,6 +30,7 @@ in { users.users.shackDNS = { inherit home; createHome = true; + isSystemUser = true; }; services.nginx.virtualHosts."leases.shack" = { locations."/" = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d8d65d309..3eb30964e 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -1,7 +1,7 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser group = "share"; description = "smb guest user"; home = "/home/share"; diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 61b72d9a8..4bdb095f1 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -58,7 +58,7 @@ let src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; propagatedBuildInputs = [ ]; doCheck = false; # 2 errors, dunnolol - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.mit; description = "Python CoAP library"; @@ -68,7 +68,7 @@ let name = "LinkHeader-0.4.3"; src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.bsdOriginal; description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 56fb31795..0ac9d3350 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -268,6 +268,7 @@ let uid = genid "airdcpp"; home = cfg.stateDir; createHome = true; + isSystemUser = true; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index ffa9a29e9..051646b63 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -146,6 +146,7 @@ let uid = genid_uint31 "bepasty"; group = "bepasty"; home = "/var/lib/bepasty-server"; + isSystemUser = true; }; users.extraGroups.bepasty = { gid = genid_uint31 "bepasty"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 9b2ed4a71..7a78880ea 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -12,7 +12,7 @@ in { users.extraUsers.brockman = { home = "/var/lib/brockman"; createHome = true; - isNormalUser = false; + isSystemUser = true; uid = genid_uint31 "brockman"; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 8995753ac..a845bb281 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -322,6 +322,7 @@ let description = "Buildbot Master"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotMaster = { diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index c15169fba..d877b9911 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -131,6 +131,7 @@ let description = "Buildbot Slave"; home = cfg.workDir; createHome = false; + isSystemUser = true; }; users.extraGroups.buildbotSlave = { diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 83d88cb0d..972c7f437 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -78,6 +78,7 @@ in { inherit (cfg.user) home name uid; createHome = true; group = cfg.group.name; + isSystemUser = true; }; }; }; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 7a2075702..31cd9e2c3 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -563,6 +563,58 @@ in { }; }; }; + nxnx = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.126"; + aliases = [ + "nxnx.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA2JWNe54YaFM+flK3LlPwgOSgVRmZi+e+Qhc6uJYIxkQcAvJKpKJQ + 1M4h7OE7eiJLdDp/aGaHe4BuII15/0lFJwYf1Zt8E1zN54QtwuELkDgOhgkhgvVb + tO+maHh10xsQMFlhpUztEk8oQuBu5toC795nKY7lBR2o6V2dPbbVo1+qr7qArOWo + cBlshRhEDjuzJUMHLlUGu43/miWeDewAq4O7U/nNNEz/v8KbESqP9HtTjelAeWz6 + zGha8hSn+Snkt76kP15drgn1L8MMFvnm5EeJ5VkehnpOi8Vi9Yqln+VGwlvbhEdK + ST0gxNBKoSvLITS1P/ypfiEXARUOffgq+kLA2Hyet0DfBjCMD+WkTBlj1QyXLs10 + 3/xBntlOQqBcLIdpi/yRs7miyQlyblqsyiQOCukIvibdHB1RLdVBhUE3A7hgw4R+ + +3ug/mQR+fDOpNB/sOkorcTVgA04KENUHc+6OqA0dvoAYr8l7N4+az3AtyHDNr5x + 4otjxOq4fmu80sbm5Ry9SoNYMc4fOuWIZDHZ/ntDKqzHw3BaNB9vNkpKj22nArI4 + cwAMPPJMJJ+Ef7tIzZ+NKtPudqztoLa5AYNllV7K9gS6NG0Yzk6iIQ42bKgfsZFn + 9AkCdv8EycNIAIbBomPv2XIKYlKs3RfWEjRcSl3TQl4b3bilCicgnLECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + nxnv = { + owner = config.krebs.users.rtjure; + nets = { + retiolum = { + ip4.addr = "10.243.122.127"; + aliases = [ + "nxnv.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB + ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt + NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp + wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt + 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT + eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy + S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/ + 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN + ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW + 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila + jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; ada = { owner = config.krebs.users.filly; nets = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index e89b86e32..852c8f630 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -57,6 +57,7 @@ let description = "fetchWallpaper user"; home = cfg.stateDir; createHome = true; + isSystemUser = true; }; systemd.timers.fetchWallpaper = { diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 4eb881341..d31d91b7c 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -366,6 +366,7 @@ let # To allow running cgit-clear-cache via hooks. cfg.cgit.fcgiwrap.group.name ]; + isSystemUser = true; shell = "/bin/sh"; openssh.authorizedKeys.keys = unique @@ -384,6 +385,7 @@ let users.${cfg.cgit.fcgiwrap.user.name} = { inherit (cfg.cgit.fcgiwrap.user) home name uid; group = cfg.cgit.fcgiwrap.group.name; + isSystemUser = true; }; }; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index 7d618ebfd..d385ec355 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -65,6 +65,7 @@ let users.users.${user.name} = { inherit (user) uid; home = cfg.dataDir; + isSystemUser = true; }; }; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 70c4fcd2b..063bccc68 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -66,6 +66,7 @@ let nameValuePair htgen.user.name { inherit (htgen.user) home name uid; createHome = true; + isSystemUser = true; } ) cfg; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index 86b74a8ca..76f333963 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -60,6 +60,7 @@ let uid = genid "realwallpaper"; home = cfg.workingDir; createHome = true; + isSystemUser = true; }; }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 4252c8d3b..a8a78a43e 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -236,6 +236,7 @@ let nameValuePair "${netname}" { inherit (cfg.user) home name uid; createHome = true; + isSystemUser = true; } ) config.krebs.tinc; diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 33a24871f..19cce8aa4 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -127,6 +127,7 @@ let users.extraUsers.tinc_graphs = { uid = genid_uint31 "tinc_graphs"; home = "/var/spool/tinc_graphs"; + isSystemUser = true; }; services.nginx = mkIf cfg.nginx.enable { enable = mkDefault true; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 0b7a71db5..6a159a5b2 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -193,6 +193,7 @@ let inherit (user) uid; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; }; diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix index 926e9dccd..4cb6a1cb4 100644 --- a/krebs/5pkgs/override/default.nix +++ b/krebs/5pkgs/override/default.nix @@ -11,44 +11,14 @@ self: super: { }); flameshot = super.flameshot.overrideAttrs (old: rec { - patches = old.patches or [] ++ [ - (self.writeText "flameshot-imgur.patch" /* diff */ '' ---- a/src/tools/imgur/imguruploader.cpp -+++ b/src/tools/imgur/imguruploader.cpp -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include - - ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) : - QWidget(parent), m_pixmap(capture) -@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) { - QJsonObject json = response.object(); - QJsonObject data = json["data"].toObject(); - m_imageURL.setUrl(data["link"].toString()); -- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg( -+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL"); -+ if (deleteImageURLPattern == NULL) -+ deleteImageURLPattern = "https://imgur.com/delete/%1"; -+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg( - data["deletehash"].toString())); - onUploadOk(); - } else { -@@ -105,7 +109,10 @@ void ImgurUploader::upload() { - QString description = FileNameHandler().parsedPattern(); - urlQuery.addQueryItem("description", description); - -- QUrl url("https://api.imgur.com/3/image"); -+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL"); -+ if (createImageURLPattern == NULL) -+ createImageURLPattern = "https://api.imgur.com/3/image"; -+ QUrl url(createImageURLPattern); - url.setQuery(urlQuery); - QNetworkRequest request(url); - request.setHeader(QNetworkRequest::ContentTypeHeader, - '') - ]; + patches = old.patches or [] ++ { + "0.6.0" = [ + ./flameshot/flameshot_imgur_0.6.0.patch + ]; + "0.9.0" = [ + ./flameshot/flameshot_imgur_0.9.0.patch + ]; + }.${old.version}; }); # https://github.com/proot-me/PRoot/issues/106 diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch new file mode 100644 index 000000000..92023554a --- /dev/null +++ b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch @@ -0,0 +1,34 @@ +--- a/src/tools/imgur/imguruploader.cpp ++++ b/src/tools/imgur/imguruploader.cpp +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) : + QWidget(parent), m_pixmap(capture) +@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) { + QJsonObject json = response.object(); + QJsonObject data = json["data"].toObject(); + m_imageURL.setUrl(data["link"].toString()); +- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg( ++ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL"); ++ if (deleteImageURLPattern == NULL) ++ deleteImageURLPattern = "https://imgur.com/delete/%1"; ++ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg( + data["deletehash"].toString())); + onUploadOk(); + } else { +@@ -105,7 +109,10 @@ void ImgurUploader::upload() { + QString description = FileNameHandler().parsedPattern(); + urlQuery.addQueryItem("description", description); + +- QUrl url("https://api.imgur.com/3/image"); ++ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL"); ++ if (createImageURLPattern == NULL) ++ createImageURLPattern = "https://api.imgur.com/3/image"; ++ QUrl url(createImageURLPattern); + url.setQuery(urlQuery); + QNetworkRequest request(url); + request.setHeader(QNetworkRequest::ContentTypeHeader, diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch new file mode 100644 index 000000000..c4c0bf38a --- /dev/null +++ b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch @@ -0,0 +1,35 @@ +--- a/src/tools/imgur/imguruploader.cpp ++++ b/src/tools/imgur/imguruploader.cpp +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + ImgurUploader::ImgurUploader(const QPixmap& capture, QWidget* parent) + : QWidget(parent) +@@ -79,8 +80,11 @@ void ImgurUploader::handleReply(QNetworkReply* reply) + m_imageURL.setUrl(data[QStringLiteral("link")].toString()); + + auto deleteToken = data[QStringLiteral("deletehash")].toString(); ++ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL"); ++ if (deleteImageURLPattern == NULL) ++ deleteImageURLPattern = "https://imgur.com/delete/%1"; + m_deleteImageURL.setUrl( +- QStringLiteral("https://imgur.com/delete/%1").arg(deleteToken)); ++ QString::fromUtf8(deleteImageURLPattern).arg(deleteToken)); + + // save history + QString imageName = m_imageURL.toString(); +@@ -133,7 +137,10 @@ void ImgurUploader::upload() + QString description = FileNameHandler().parsedPattern(); + urlQuery.addQueryItem(QStringLiteral("description"), description); + +- QUrl url(QStringLiteral("https://api.imgur.com/3/image")); ++ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL"); ++ if (createImageURLPattern == NULL) ++ createImageURLPattern = "https://api.imgur.com/3/image"; ++ QUrl url(QString::fromUtf8(createImageURLPattern)); + url.setQuery(urlQuery); + QNetworkRequest request(url); + request.setHeader(QNetworkRequest::ContentTypeHeader, diff --git a/krebs/5pkgs/simple/airdcpp-webclient/default.nix b/krebs/5pkgs/simple/airdcpp-webclient/default.nix index 2bc6cdca9..754fecf9c 100644 --- a/krebs/5pkgs/simple/airdcpp-webclient/default.nix +++ b/krebs/5pkgs/simple/airdcpp-webclient/default.nix @@ -1,4 +1,5 @@ -{ stdenv, fetchurl, makeWrapper, which +{ fetchurl, lib, makeWrapper, stdenv +, which }: stdenv.mkDerivation rec { name = "airdcpp-webclient-${version}"; @@ -17,7 +18,7 @@ stdenv.mkDerivation rec { ''; nativeBuildInputs = [ makeWrapper ]; - meta = with stdenv.lib; { + meta = with lib; { # to start it: airdcpp -p= -c= --configure description = "dcpp client (statically precompiled)"; homepage = http://fixme; diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index c127d2987..49d6ff322 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -1,6 +1,6 @@ -{ pkgs, fetchFromGitHub, python2Packages, git, ... }: +{ pkgs, fetchFromGitHub, python3Packages, git, ... }: -python2Packages.buildPythonApplication rec { +python3Packages.buildPythonApplication rec { name = "buildbot-classic-${version}"; version = "0.8.18"; namePrefix = ""; @@ -15,11 +15,10 @@ python2Packages.buildPythonApplication rec { postUnpack = "sourceRoot=\${sourceRoot}/master"; propagatedBuildInputs = [ - python2Packages.jinja2 - python2Packages.twisted - python2Packages.dateutil - python2Packages.sqlalchemy_migrate - python2Packages.pysqlite + python3Packages.jinja2 + python3Packages.twisted + python3Packages.dateutil + python3Packages.sqlalchemy_migrate pkgs.coreutils ]; doCheck = false; diff --git a/krebs/5pkgs/simple/cac-api/default.nix b/krebs/5pkgs/simple/cac-api/default.nix index e2bd8c148..5f37f6682 100644 --- a/krebs/5pkgs/simple/cac-api/default.nix +++ b/krebs/5pkgs/simple/cac-api/default.nix @@ -1,4 +1,6 @@ -{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnugrep, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }: +{ fetchgit, lib, stdenv +, bc, cac-cert, coreutils, curl, dash, gnugrep, gnused, inotifyTools, jq, ncurses, openssh, sshpass +}: stdenv.mkDerivation { name = "cac-api-1.1.2"; @@ -18,7 +20,7 @@ stdenv.mkDerivation { mkdir -p $out/bin { cat <<\EOF #! ${dash}/bin/dash - export PATH=${stdenv.lib.makeBinPath [ + export PATH=${lib.makeBinPath [ bc coreutils curl diff --git a/krebs/5pkgs/simple/dic/default.nix b/krebs/5pkgs/simple/dic/default.nix index a74899630..1825e4ee7 100644 --- a/krebs/5pkgs/simple/dic/default.nix +++ b/krebs/5pkgs/simple/dic/default.nix @@ -1,4 +1,6 @@ -{ coreutils, curl, fetchgit, gnugrep, gnused, stdenv, utillinux }: +{ fetchgit, lib, stdenv +, coreutils, curl, gnugrep, gnused, utillinux +}: stdenv.mkDerivation { name = "dic"; @@ -16,7 +18,7 @@ stdenv.mkDerivation { installPhase = let - path = stdenv.lib.makeBinPath [ + path = lib.makeBinPath [ coreutils curl gnused diff --git a/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix b/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix index de8046c4a..dee96d784 100644 --- a/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix +++ b/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix @@ -1,10 +1,10 @@ -{stdenv,fetchurl,pkgs,python3Packages, ... }: +{ fetchurl, lib, stdenv, python3Packages }: python3Packages.buildPythonPackage rec { name = "drivedroid-gen-repo-${version}"; version = "0.4.4"; - propagatedBuildInputs = with pkgs;[ + propagatedBuildInputs = [ python3Packages.docopt ]; @@ -16,7 +16,7 @@ python3Packages.buildPythonPackage rec { meta = { homepage = http://krebsco.de/; description = "Generate Drivedroid repos"; - license = stdenv.lib.licenses.wtfpl; + license = lib.licenses.wtfpl; }; } diff --git a/krebs/5pkgs/simple/ergo.nix b/krebs/5pkgs/simple/ergo.nix new file mode 100644 index 000000000..1c84cb4a6 --- /dev/null +++ b/krebs/5pkgs/simple/ergo.nix @@ -0,0 +1,23 @@ +{ buildGo116Module , fetchFromGitHub, lib }: + +buildGo116Module rec { + pname = "ergo"; + version = "2.7.0-rc1"; + + src = fetchFromGitHub { + owner = "ergochat"; + repo = "ergo"; + rev = "v${version}"; + sha256 = "0vdrvr991an6f6zsadpsy0npmb4058b278xgc7rh8vhp12m501b4"; + }; + + vendorSha256 = null; + + meta = { + description = "A modern IRC server (daemon/ircd) written in Go"; + homepage = "https://github.com/ergochat/ergo"; + license = lib.licenses.mit; + maintainers = [ lib.maintainers.tv ]; + platforms = lib.platforms.linux; + }; +} diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix index ab7d6e651..8007eaa52 100644 --- a/krebs/5pkgs/simple/ftb/default.nix +++ b/krebs/5pkgs/simple/ftb/default.nix @@ -1,9 +1,9 @@ -{ stdenv, fetchurl +{ fetchurl, lib, stdenv , jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm , openjdk , mesa_glu, openal , useAlsa ? false, alsaOss ? null }: -with stdenv.lib; +with lib; assert useAlsa -> alsaOss != null; diff --git a/krebs/5pkgs/simple/get/default.nix b/krebs/5pkgs/simple/get/default.nix index 83f6b0228..5c024a00d 100644 --- a/krebs/5pkgs/simple/get/default.nix +++ b/krebs/5pkgs/simple/get/default.nix @@ -1,4 +1,6 @@ -{ coreutils, gnugrep, gnused, fetchgit, jq, nix, stdenv, ... }: +{ fetchgit, lib, stdenv +, coreutils, gnugrep, gnused, jq, nix +}: stdenv.mkDerivation { name = "get-1.4.1"; @@ -16,7 +18,7 @@ stdenv.mkDerivation { installPhase = let - path = stdenv.lib.makeBinPath [ + path = lib.makeBinPath [ coreutils gnugrep gnused diff --git a/krebs/5pkgs/simple/github-hosts-sync/default.nix b/krebs/5pkgs/simple/github-hosts-sync/default.nix index fbc48fa3f..60dd58ee7 100644 --- a/krebs/5pkgs/simple/github-hosts-sync/default.nix +++ b/krebs/5pkgs/simple/github-hosts-sync/default.nix @@ -1,4 +1,4 @@ -{ pkgs, stdenv, ... }: +{ lib, pkgs, stdenv }: stdenv.mkDerivation rec { name = "github-hosts-sync-${version}"; @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { installPhase = let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - path = stdenv.lib.makeBinPath [ + path = lib.makeBinPath [ pkgs.git pkgs.nettools pkgs.openssh diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix index 3c83093be..dfe93befd 100644 --- a/krebs/5pkgs/simple/internetarchive/default.nix +++ b/krebs/5pkgs/simple/internetarchive/default.nix @@ -1,4 +1,4 @@ -{ stdenv, pkgs, ... }: +{ lib, pkgs, stdenv, pkgs }: with pkgs.python3Packages; buildPythonPackage rec { pname = "internetarchive"; @@ -32,7 +32,7 @@ buildPythonPackage rec { sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py ''; - meta = with stdenv.lib; { + meta = with lib; { description = "python library and cli for uploading files to internet archive"; license = licenses.agpl3; }; diff --git a/krebs/5pkgs/simple/passwdqc-utils/default.nix b/krebs/5pkgs/simple/passwdqc-utils/default.nix index 53e7f5482..4cc8d5b21 100644 --- a/krebs/5pkgs/simple/passwdqc-utils/default.nix +++ b/krebs/5pkgs/simple/passwdqc-utils/default.nix @@ -1,7 +1,7 @@ -{ stdenv, pam, - fetchurl, lib, - wordset-file ? null, # set your own wordset-file - ... }: +{ fetchurl, lib, stdenv +, pam +, wordset-file ? null, # set your own wordset-file +}: stdenv.mkDerivation rec { name = "passwdqc-utils-${version}"; @@ -30,8 +30,8 @@ stdenv.mkDerivation rec { meta = { description = "passwdqc utils (pwqgen,pwqcheck) and library"; - license = stdenv.lib.licenses.bsd3; - maintainers = [ stdenv.lib.maintainers.makefu ]; - patforms = stdenv.lib.platforms.linux; # more installFlags must be set for Darwin,Solaris + license = lib.licenses.bsd3; + maintainers = [ lib.maintainers.makefu ]; + patforms = lib.platforms.linux; # more installFlags must be set for Darwin,Solaris }; } diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix index e35423b49..ef9ff04bf 100644 --- a/krebs/5pkgs/simple/populate/default.nix +++ b/krebs/5pkgs/simple/populate/default.nix @@ -1,8 +1,9 @@ -{ coreutils, fetchgit, findutils, git, gnused, jq, openssh, pass, rsync, stdenv +{ fetchgit, lib, stdenv +, coreutils, findutils, git, gnused, jq, openssh, pass, rsync }: let - PATH = stdenv.lib.makeBinPath [ + PATH = lib.makeBinPath [ coreutils findutils git diff --git a/krebs/5pkgs/simple/slog/default.nix b/krebs/5pkgs/simple/slog/default.nix index c74a2ad80..bd10bac5e 100644 --- a/krebs/5pkgs/simple/slog/default.nix +++ b/krebs/5pkgs/simple/slog/default.nix @@ -1,4 +1,4 @@ -{ pkgs, stdenv, fetchFromGitHub }: +{ fetchFromGitHub, lib, pkgs, stdenv }: ## use with: # . $(command -v slog.sh) @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { install -m755 slog.sh $out/bin ''; - meta = with stdenv.lib; { + meta = with lib; { description = "POSIX shell logging"; license = licenses.mit; }; diff --git a/krebs/5pkgs/simple/solanum/default.nix b/krebs/5pkgs/simple/solanum/default.nix deleted file mode 100644 index 3fa765c94..000000000 --- a/krebs/5pkgs/simple/solanum/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ lib, stdenv -, fetchFromGitHub -, autoreconfHook -, pkg-config -, bison -, flex -, openssl -, sqlite -, lksctp-tools -}: - -stdenv.mkDerivation rec { - pname = "solanum"; - version = "unstable-2021-04-27"; - - src = fetchFromGitHub { - owner = "solanum-ircd"; - repo = pname; - rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925"; - sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f"; - }; - - patches = [ - ./dont-create-logdir.patch - ]; - - configureFlags = [ - "--enable-epoll" - "--enable-ipv6" - "--enable-openssl=${openssl.dev}" - "--with-program-prefix=solanum-" - "--localstatedir=/var/lib" - "--with-rundir=/run" - "--with-logdir=/var/log" - ] ++ lib.optionals (stdenv.isLinux) [ - "--enable-sctp=${lksctp-tools.out}/lib" - ]; - - nativeBuildInputs = [ - autoreconfHook - bison - flex - pkg-config - ]; - - buildInputs = [ - openssl - sqlite - ]; - - doCheck = !stdenv.isDarwin; - - enableParallelBuilding = true; - - meta = with lib; { - description = "An IRCd for unified networks"; - homepage = "https://github.com/solanum-ircd/solanum"; - license = licenses.gpl2Only; - maintainers = with maintainers; [ hexa ]; - platforms = platforms.unix; - }; -} diff --git a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch b/krebs/5pkgs/simple/solanum/dont-create-logdir.patch deleted file mode 100644 index e348dd7b8..000000000 --- a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 19e7b396..21093521 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -35,9 +35,6 @@ include/serno.h: - echo '#define DATECODE 0UL' >>include/serno.h; \ - fi - --install-data-hook: -- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir} -- - install-exec-hook: - rm -f ${DESTDIR}${libdir}/*.la - rm -f ${DESTDIR}${moduledir}/*.la diff --git a/krebs/5pkgs/simple/ssh-audit.nix b/krebs/5pkgs/simple/ssh-audit.nix index 7d2e6fb34..4574eb644 100644 --- a/krebs/5pkgs/simple/ssh-audit.nix +++ b/krebs/5pkgs/simple/ssh-audit.nix @@ -1,4 +1,4 @@ -{ fetchFromGitHub, python3Packages, stdenv }: +{ fetchFromGitHub, lib, python3Packages, stdenv }: python3Packages.buildPythonPackage rec { inherit (meta) version; @@ -46,9 +46,9 @@ python3Packages.buildPythonPackage rec { meta = { description = "tool for ssh server auditing"; homepage = "https://github.com/arthepsy/ssh-audit"; - license = stdenv.lib.licenses.mit; + license = lib.licenses.mit; maintainers = [ - stdenv.lib.maintainers.tv + lib.maintainers.tv ]; version = "1.7.0"; }; diff --git a/krebs/5pkgs/simple/tinc_graphs/default.nix b/krebs/5pkgs/simple/tinc_graphs/default.nix index 025e85df0..d281c9b50 100644 --- a/krebs/5pkgs/simple/tinc_graphs/default.nix +++ b/krebs/5pkgs/simple/tinc_graphs/default.nix @@ -1,4 +1,4 @@ -{stdenv,fetchurl,pkgs,python3Packages, ... }: +{ fetchurl, lib, pkgs, python3Packages, stdenv }: python3Packages.buildPythonPackage rec { name = "tinc_graphs-${version}"; @@ -22,7 +22,7 @@ python3Packages.buildPythonPackage rec { meta = { homepage = http://krebsco.de/; description = "Create Graphs from Tinc Stats"; - license = stdenv.lib.licenses.wtfpl; + license = lib.licenses.wtfpl; }; } diff --git a/krebs/5pkgs/simple/translate-shell/default.nix b/krebs/5pkgs/simple/translate-shell/default.nix index 00ab226e5..cd698a2bd 100644 --- a/krebs/5pkgs/simple/translate-shell/default.nix +++ b/krebs/5pkgs/simple/translate-shell/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl,pkgs,... }: +{ fetchurl, lib, pkgs, stdenv }: let s = rec { @@ -8,7 +8,7 @@ let url=https://github.com/soimort/translate-shell/archive/v0.9.0.9.tar.gz; sha256="1269j4yr9dr1d8c5kmysbzfplbgdg8apqnzs5w57d29sd7gz2i34"; }; - searchpath = with pkgs; stdenv.lib.makeSearchPath "bin" [ + searchpath = with pkgs; lib.makeSearchPath "bin" [ fribidi gawk bash @@ -35,9 +35,9 @@ stdenv.mkDerivation { meta = { inherit (s) version; description = ''translate using google api''; - license = stdenv.lib.licenses.free; - maintainers = [stdenv.lib.maintainers.makefu]; - platforms = stdenv.lib.platforms.linux ; + license = lib.licenses.free; + maintainers = [ lib.maintainers.makefu ]; + platforms = lib.platforms.linux ; }; } diff --git a/krebs/5pkgs/simple/whatsupnix/default.nix b/krebs/5pkgs/simple/whatsupnix/default.nix index 62ef597c8..61972bb05 100644 --- a/krebs/5pkgs/simple/whatsupnix/default.nix +++ b/krebs/5pkgs/simple/whatsupnix/default.nix @@ -1,4 +1,6 @@ -{ bash, coreutils, gawk, makeWrapper, nix, openssh, stdenv }: +{ lib, makeWrapper, stdenv +, bash, coreutils, gawk, nix, openssh +}: stdenv.mkDerivation { name = "whatsupnix"; @@ -8,7 +10,7 @@ stdenv.mkDerivation { mkdir -p $out/bin cat - ${./whatsupnix.bash} > $out/bin/whatsupnix <<\EOF #! ${bash}/bin/bash - export PATH=${stdenv.lib.makeBinPath [ coreutils gawk nix openssh ]} + export PATH=${lib.makeBinPath [ coreutils gawk nix openssh ]} EOF chmod +x $out/bin/whatsupnix ''; diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index 9b14bf486..c3fc0ee2b 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -1,6 +1,6 @@ -{ stdenv, coreutils, makeWrapper, - cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, sshpass, proot, - ... }: +{ lib, makeWrapper, stdenv +, cac-api, cac-cert, cac-panel, coreutils, gnumake, gnused, jq, openssh, proot, sshpass +}: stdenv.mkDerivation rec { name = "${shortname}-${version}"; @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { buildInputs = [ makeWrapper ]; - path = stdenv.lib.makeSearchPath "bin" [ + path = lib.makeSearchPath "bin" [ coreutils cac-api cac-panel @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { --set REQUESTS_CA_BUNDLE ${cac-cert} \ --set SSL_CERT_FILE ${cac-cert} ''; - meta = with stdenv.lib; { + meta = with lib; { homepage = http://krebsco.de; description = "infest a CaC box with stockholm"; license = licenses.wtfpl; diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 06b865cc8..3887ab917 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "33824cdf8e4fec30c5b9ddc91b18991c3c375227", - "date": "2021-05-18T19:08:44-04:00", - "path": "/nix/store/s3f1q2a5hn60jdnz8h66z7yahrmzifin-nixpkgs", - "sha256": "1sad0x998k3iid2vp57kv4skvf90yh4gbs61dv3p45c2qi3sql46", + "rev": "aa576357673d609e618d87db43210e49d4bb1789", + "date": "2021-06-04T17:36:38+02:00", + "path": "/nix/store/qqz5xq0dg8zm8blba5cg7704kbrhqhki-nixpkgs", + "sha256": "1868s3mp0lwg1jpxsgmgijzddr90bjkncf6k6zhdjqihf0i1n2np", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 9a0ea7ed4..368a3ecb3 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs \ - --rev refs/heads/nixos-20.09' \ + --rev refs/heads/nixos-21.05' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 3e0b1674a..227c5e1e9 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -16,38 +16,54 @@ - + # + + + + + # ]; krebs.build.host = config.krebs.hosts.coaxmetal; - environment.shellAliases = { - deploy = pkgs.writeDash "deploy" '' + environment.systemPackages = with pkgs; [ + brain + bank + l-gen-secrets + (pkgs.writeDashBin "deploy" '' set -eu export SYSTEM="$1" $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) - ''; - usb-tether-on = pkgs.writeDash "usb-tether-on" '' + '') + (pkgs.writeDashBin "usb-tether-on" '' adb shell su -c service call connectivity 33 i32 1 s16 text - ''; - usb-tether-off = pkgs.writeDash "usb-tether-off" '' + '') + (pkgs.writeDashBin "usb-tether-off" '' adb shell su -c service call connectivity 33 i32 0 s16 text - ''; - }; + '') + ]; programs.adb.enable = true; hardware.bluetooth = { enable = true; powerOnBoot = true; - # config.General.Disable = "Headset"; - extraConfig = '' - [General] - Disable = Headset - ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; + + lass.browser.config = { + dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; }; + fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; + }; + + nix.trustedUsers = [ "root" "lass" ]; + + services.tor = { + enable = true; + client.enable = true; + }; } diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix index c94740c54..3632ffd3e 100644 --- a/lass/1systems/coaxmetal/physical.nix +++ b/lass/1systems/coaxmetal/physical.nix @@ -7,6 +7,7 @@ networking.hostId = "e0c335ea"; boot.zfs.requestEncryptionCredentials = true; + boot.zfs.enableUnstable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index d84502b3f..b84ce6acf 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -19,6 +19,7 @@ with import ; "networkmanager" ]; useDefaultShell = true; + isNormalUser = true; }; networking.networkmanager.enable = true; networking.wireless.enable = mkForce false; diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index fbd2d223f..d7bf62b40 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -23,7 +23,7 @@ with import ; users.users.mainUser.openssh.authorizedKeys.keys = [ config.krebs.users.lass-android.pubkey - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMe23IAHn4Ow4J4i8M9GJshqvY80U11NKPLum6b1XLn" # weechat ssh tunnel + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0rn3003CkJMk3jZrh/3MC6nVorHRymlFSI4x1brCKY" # weechat ssh tunnel ]; krebs.bindfs = { diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index 837872bf5..0b1aff4a8 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -45,16 +45,5 @@ SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:71:cb:35", NAME="et0" ''; - services.thinkfan.enable = true; - services.thinkfan.levels = '' - (0, 0, 55) - (1, 48, 60) - (2, 50, 61) - (3, 52, 63) - (6, 60, 85) - (7, 80, 90) - (127, 89, 32767) - ''; - services.logind.lidSwitch = "ignore"; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 25d688696..89a386139 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -345,6 +345,7 @@ with import ; home = "/var/download"; useDefaultShell = true; uid = genid "download"; + isSystemUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-android.pubkey diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix index b50dc63f5..c3ce8fced 100644 --- a/lass/1systems/uriel/config.nix +++ b/lass/1systems/uriel/config.nix @@ -23,6 +23,7 @@ with import ; "networkmanager" ]; useDefaultShell = true; + isNormalUser = true; }; networking.networkmanager.enable = true; hardware.pulseaudio = { diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index 22c80b4da..bf818a9b2 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -81,11 +81,6 @@ hardware.bluetooth = { enable = true; powerOnBoot = true; - # config.General.Disable = "Headset"; - extraConfig = '' - [General] - Disable = Headset - ''; }; hardware.pulseaudio.package = pkgs.pulseaudioFull; # hardware.pulseaudio.configFile = pkgs.writeText "default.pa" '' diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index 9f6fd3bf0..9aa97a8ce 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -4,12 +4,6 @@ let mainUser = config.users.extraUsers.mainUser; in { - krebs.per-user.bch.packages = [ - pkgs.electron-cash - ]; - krebs.per-user.bitcoin.packages = [ - pkgs.electrum - ]; users.extraUsers = { bch = { name = "bch"; @@ -17,6 +11,8 @@ in { home = "/home/bch"; useDefaultShell = true; createHome = true; + packages = [ pkgs.electron-cash ]; + isNormalUser = true; }; bitcoin = { name = "bitcoin"; @@ -24,10 +20,25 @@ in { home = "/home/bitcoin"; useDefaultShell = true; createHome = true; + packages = [ pkgs.electrum ]; + isNormalUser = true; + }; + monero = { + name = "monero"; + description = "user for monero stuff"; + home = "/home/monero"; + useDefaultShell = true; + createHome = true; + packages = [ + pkgs.monero + pkgs.monero-gui + ]; + isNormalUser = true; }; }; security.sudo.extraConfig = '' - ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL - ${mainUser.name} ALL=(bch) NOPASSWD: ALL + ${mainUser.name} ALL=(bch) ALL + ${mainUser.name} ALL=(bitcoin) ALL + ${mainUser.name} ALL=(monero) ALL ''; } diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix index 3d87fb620..f32f062ff 100644 --- a/lass/2configs/ciko.nix +++ b/lass/2configs/ciko.nix @@ -10,6 +10,7 @@ with import ; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr" ]; + isNormalUser = true; }; system.activationScripts.user-shadow = '' diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 7b6f01148..193f4bef1 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -32,6 +32,7 @@ with import ; group = "users"; createHome = true; useDefaultShell = true; + isNormalUser = true; extraGroups = [ "audio" "fuse" @@ -88,9 +89,7 @@ with import ; services.timesyncd.enable = mkForce true; - systemd.tmpfiles.rules = [ - "d /tmp 1777 root root - -" - ]; + boot.tmpOnTmpfs = true; # multiple-definition-problem when defining environment.variables.EDITOR environment.extraInit = '' diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix index e3a88c789..5d68def35 100644 --- a/lass/2configs/elster.nix +++ b/lass/2configs/elster.nix @@ -12,6 +12,7 @@ in { useDefaultShell = true; extraGroups = []; createHome = true; + isNormalUser = true; }; }; krebs.per-user.elster.packages = [ diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 67f250ef3..829773b87 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -78,6 +78,7 @@ in { # vdoomserver retroarchBare ]; + isNormalUser = true; }; }; diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 3d4c1e306..89ccae408 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -8,6 +8,8 @@ with import ; prefixLength = 24; }]; + networking.domain = "gg23"; + services.dhcpd4 = { enable = true; interfaces = [ "int0" ]; diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix index d9307347e..629d74235 100644 --- a/lass/2configs/htop.nix +++ b/lass/2configs/htop.nix @@ -3,7 +3,6 @@ with import ; { - security.hideProcessInformation = true; nixpkgs.config.packageOverrides = super: { htop = pkgs.symlinkJoin { name = "htop"; diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 210551a62..7512787fe 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -80,7 +80,7 @@ let name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config --script=${autosub} "$@" + exec ${pkgs.mpv}/bin/mpv -vo=gpu --no-config "$@" # TODO renable autosub when subliminal is in 21.05 again '') pkgs.mpv ]; diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix index 6b2a0142a..48070ea06 100644 --- a/lass/2configs/pass.nix +++ b/lass/2configs/pass.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - users.users.lass.packages = with pkgs; [ + users.users.mainUser.packages = with pkgs; [ (pass.withExtensions (ext: [ ext.pass-otp ])) gnupg ]; diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix index c7bdb525d..648ffc784 100644 --- a/lass/2configs/power-action.nix +++ b/lass/2configs/power-action.nix @@ -32,9 +32,12 @@ in { user = "lass"; }; - users.users.power-action.extraGroups = [ - "audio" - ]; + users.users.power-action = { + isNormalUser = true; + extraGroups = [ + "audio" + ]; + }; security.sudo.extraConfig = '' ${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend} diff --git a/lass/2configs/review.nix b/lass/2configs/review.nix new file mode 100644 index 000000000..658f32084 --- /dev/null +++ b/lass/2configs/review.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: + +let + mainUser = config.users.extraUsers.mainUser; +in { + + users.users.review = { + isNormalUser = true; + packages = [ pkgs.nixpkgs-review ]; + }; + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(review) NOPASSWD: ALL + ''; +} diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c43c8c902..e603f49da 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -170,6 +170,7 @@ in { home = "/home/UBIK-SFTP"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.xanf = { @@ -178,6 +179,7 @@ in { home = "/home/xanf"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.domsen = { @@ -185,8 +187,9 @@ in { description = "maintenance acc for domsen"; home = "/home/domsen"; useDefaultShell = true; - extraGroups = [ "nginx" "download" ]; + extraGroups = [ "syncthing" "download" "xanf" ]; createHome = true; + isNormalUser = true; }; users.users.bruno = { @@ -194,6 +197,7 @@ in { home = "/home/bruno"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.jla-trading = { @@ -201,6 +205,7 @@ in { home = "/home/jla-trading"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.jms = { @@ -208,6 +213,7 @@ in { home = "/home/jms"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.ms = { @@ -215,6 +221,7 @@ in { home = "/home/ms"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.testuser = { @@ -222,20 +229,23 @@ in { home = "/home/testuser"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; - users.users.akayguen = { - uid = genid_uint31 "akayguen"; - home = "/home/akayguen"; - useDefaultShell = true; - createHome = true; - }; + #users.users.akayguen = { + # uid = genid_uint31 "akayguen"; + # home = "/home/akayguen"; + # useDefaultShell = true; + # createHome = true; + # isNormalUser = true; + #}; users.users.bui = { uid = genid_uint31 "bui"; home = "/home/bui"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.klabusterbeere = { @@ -243,6 +253,7 @@ in { home = "/home/klabusterbeere"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.kasia = { @@ -250,6 +261,7 @@ in { home = "/home/kasia"; useDefaultShell = true; createHome = true; + isNormalUser = true; }; users.users.XANF_TEAM = { @@ -258,6 +270,25 @@ in { home = "/home/XANF_TEAM"; useDefaultShell = true; createHome = true; + isNormalUser = true; + }; + + users.users.dif = { + uid = genid_uint31 "dif"; + home = "/home/dif"; + useDefaultShell = true; + extraGroups = [ "xanf" ]; + createHome = true; + isNormalUser = true; + }; + + users.users.lavafilms = { + uid = genid_uint31 "lavafilms"; + home = "/home/lavafilms"; + useDefaultShell = true; + extraGroups = [ "xanf" ]; + createHome = true; + isNormalUser = true; }; users.groups.xanf = {}; diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix index 17df71310..bb983b78e 100644 --- a/lass/2configs/websites/lassulus.nix +++ b/lass/2configs/websites/lassulus.nix @@ -97,6 +97,7 @@ in { home = "/srv/http/lassul.us"; useDefaultShell = true; createHome = true; + isSystemUser = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey lass-mors.pubkey diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix index 5cb019c13..5476624c9 100644 --- a/lass/2configs/wine.nix +++ b/lass/2configs/wine.nix @@ -14,8 +14,9 @@ in { ]; createHome = true; packages = [ - pkgs.wineMinimal + pkgs.wineWowPackages.stable ]; + isNormalUser = true; }; }; security.sudo.extraConfig = '' diff --git a/lass/2configs/xonsh.nix b/lass/2configs/xonsh.nix new file mode 100644 index 000000000..23ed28847 --- /dev/null +++ b/lass/2configs/xonsh.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.xonsh + pkgs.xonsh2 + ]; +} diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix index 0c77d4da8..4171abdb6 100644 --- a/lass/3modules/browsers.nix +++ b/lass/3modules/browsers.nix @@ -5,7 +5,9 @@ let cfg = config.lass.browser; browserScripts = { - chromium = "${pkgs.chromium}/bin/chromium"; + brave = "${pkgs.brave}/bin/brave"; + chrome = "${pkgs.google-chrome}/bin/chrome"; + chromium = "${pkgs.ungoogled-chromium}/bin/chromium"; firefox = "${pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; }}/bin/firefox"; @@ -14,8 +16,9 @@ let browser-select = let sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) + (filter (x: ! x.value.hidden) (mapAttrsToList (name: value: { inherit name value; }) - cfg.config); + cfg.config)); in if (lib.length sortedPaths) > 1 then pkgs.writeScriptBin "browser-select" '' BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) @@ -48,6 +51,10 @@ in { type = types.str; default = config._module.args.name; }; + hidden = mkOption { + type = types.bool; + default = false; + }; precedence = mkOption { type = types.int; default = 0; @@ -58,7 +65,7 @@ in { }; browser = mkOption { type = types.enum (attrNames browserScripts); - default = "chromium"; + default = "brave"; }; groups = mkOption { type = types.listOf types.str; diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix index 37f90ee1c..526e12db7 100644 --- a/lass/3modules/xjail.nix +++ b/lass/3modules/xjail.nix @@ -147,6 +147,7 @@ with import ; useDefaultShell = true; createHome = true; extraGroups = cfg.groups; + isNormalUser = true; } ) config.lass.xjail; diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix index 54841588e..d7937da58 100644 --- a/lass/5pkgs/tdlib-purple/default.nix +++ b/lass/5pkgs/tdlib-purple/default.nix @@ -1,6 +1,24 @@ -{ stdenv, fetchFromGitHub, cmake, tdlib, pidgin, libwebp, libtgvoip } : +{ stdenv, pkgs, fetchFromGitHub, cmake, pidgin, libwebp, libtgvoip } : -stdenv.mkDerivation rec { +let + + tdlib = stdenv.mkDerivation rec { + version = "1.6.0"; + pname = "tdlib"; + + src = fetchFromGitHub { + owner = "tdlib"; + repo = "td"; + rev = "v${version}"; + sha256 = "0zlzpl6fgszg18kwycyyyrnkm255dvc6fkq0b0y32m5wvwwl36cv"; + }; + + buildInputs = with pkgs; [ gperf openssl readline zlib ]; + nativeBuildInputs = [ pkgs.cmake ]; + + }; + +in stdenv.mkDerivation rec { pname = "tdlib-purple"; version = "0.7.8"; diff --git a/lass/5pkgs/xonsh2/default.nix b/lass/5pkgs/xonsh2/default.nix new file mode 100644 index 000000000..d55d22445 --- /dev/null +++ b/lass/5pkgs/xonsh2/default.nix @@ -0,0 +1,56 @@ +{ lib, stdenv +, fetchFromGitHub +, python39Packages +, glibcLocales +, coreutils +, git +, extraInputs ? [] +}: let + + python3Packages = python39Packages; + +in python3Packages.buildPythonApplication rec { + pname = "xonsh2"; + version = "master"; + + # fetch from github because the pypi package ships incomplete tests + src = fetchFromGitHub { + owner = "anki-code"; + repo = "xonsh2"; + rev = "bd96fcdce9319ab6b90c7d9ac47d2249b61144d0"; + sha256 = "0b632rac8macfp2mmvhh1f34cf1m5qfpjajwnf676qk7jzn79vx6"; + }; + + LC_ALL = "en_US.UTF-8"; + + postPatch = '' + sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' scripts/xon.sh + find scripts -name 'xonsh*' -exec sed -i -e "s|env -S|env|" {} \; + find -name "*.xsh" | xargs sed -ie 's|/usr/bin/env|${coreutils}/bin/env|' + patchShebangs . + ''; + + doCheck = false; + + checkPhase = '' + HOME=$TMPDIR pytest -k 'not test_repath_backslash and not test_os and not test_man_completion and not test_builtins and not test_main and not test_ptk_highlight and not test_pyghooks' + HOME=$TMPDIR pytest -k 'test_builtins or test_main' --reruns 5 + HOME=$TMPDIR pytest -k 'test_ptk_highlight' + ''; + + checkInputs = [ python3Packages.pytest python3Packages.pytest-rerunfailures glibcLocales git ]; + + propagatedBuildInputs = with python3Packages; [ ply prompt_toolkit pygments ] ++ extraInputs; + + meta = with lib; { + description = "A Python-ish, BASHwards-compatible shell"; + homepage = "https://xon.sh/"; + # changelog = "https://github.com/xonsh/xonsh/releases/tag/${version}"; + license = licenses.bsd3; + platforms = platforms.all; + }; + + passthru = { + shellPath = "/bin/xonsh2"; + }; +} diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 857e7d6e7..6afe792ec 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -43,7 +43,6 @@ in { - { environment.systemPackages = [ pkgs.esniper ]; } # # @@ -141,6 +140,7 @@ in { ]; makefu.full-populate = true; nixpkgs.config.allowUnfree = true; + users.users.share.isNormalUser = true; users.groups.share = { gid = (import ).genid "share"; members = [ "makefu" "misa" ]; @@ -152,6 +152,7 @@ in { users.users.misa = { uid = 9002; name = "misa"; + isNormalUser = true; }; zramSwap.enable = true; diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index f0d663ee9..ea557bbef 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -8,7 +8,7 @@ # close enough # - + # ]; boot.zfs.requestEncryptionCredentials = true; networking.hostId = "f8b8e0a2"; diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix index adfebbf96..d6b99df41 100644 --- a/makefu/1systems/x/x13/zfs.nix +++ b/makefu/1systems/x/x13/zfs.nix @@ -13,6 +13,7 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; + boot.zfs.enableUnstable = true; # required for 21.05 fileSystems."/" = { device = "zroot/root/nixos"; fsType = "zfs"; diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 4abc7d345..6ce0606a8 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -22,6 +22,7 @@ in { uid = genid "auphonic"; group = "nginx"; useDefaultShell = true; + isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix index c1a31b8dc..56d319e39 100644 --- a/makefu/2configs/bgt/hidden_service.nix +++ b/makefu/2configs/bgt/hidden_service.nix @@ -41,8 +41,8 @@ in services.tor = { enable = true; hiddenServices."${name}".map = [ - { port = "80"; } - # { port = "443"; toHost = "blog.binaergewitter.de"; } + { port = 80; } + # { port = 443; toHost = "blog.binaergewitter.de"; } ]; }; } diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 669754caf..46bf05963 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -6,7 +6,7 @@ in { imports = [ ./ota.nix ./comic-updater.nix - ./puppy-proxy.nix + # ./puppy-proxy.nix ./zigbee2mqtt diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index fbbce1f09..d9a2869cc 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -33,10 +33,11 @@ let uhubDir = "/var/lib/uhub"; in { - users.extraUsers."${ddclientUser}" = { + users.users."${ddclientUser}" = { uid = genid "ddclient"; description = "ddclient daemon user"; home = stateDir; + isSystemUser = true; createHome = true; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index be64e402e..52206c380 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -23,6 +23,7 @@ with import ; group = "users"; home = "/home/makefu"; createHome = true; + isNormalUser = true; useDefaultShell = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 86bd4b524..0593cf7fc 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -75,7 +75,7 @@ in { }; }; services.redis.enable = true; - systemd.services.redis.serviceConfig.LimitNOFILE=65536; + systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536"; services.postgresql = { enable = true; # Ensure the database, user, and permissions always exist diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix index a7ada9395..098ffcdd5 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix @@ -7,6 +7,11 @@ in { virtualHost = fqdn; selfUrlPath = "https://${fqdn}"; }; + + nixpkgs.config.permittedInsecurePackages = [ + "python2.7-Pillow-6.2.2" + ]; + systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; services.postgresql.package = pkgs.postgresql_9_6; state = [ config.services.postgresqlBackup.location ]; diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index 70c0320a1..abbdcbbb2 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -6,7 +6,7 @@ let in { users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; }; diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix index 50646d210..e6008d475 100644 --- a/makefu/2configs/home/metube.nix +++ b/makefu/2configs/home/metube.nix @@ -26,7 +26,10 @@ in ]; user = "metube"; }; - users.users.metube.uid = uid; + users.users.metube = { + uid = uid; + isSystemUser = true; + }; systemd.services.docker-metube.serviceConfig = { StandardOutput = lib.mkForce "journal"; diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 95ee56835..1c4582ed5 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -20,7 +20,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 4176d7b35..0bd29497d 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -3,7 +3,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser description = "smb guest user"; home = "/data/lanparty"; createHome = true; diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix index cfa6193c6..2f8f4acc4 100644 --- a/makefu/2configs/nsupdate-data.nix +++ b/makefu/2configs/nsupdate-data.nix @@ -34,6 +34,7 @@ in { description = "ddclient daemon user"; home = stateDir; createHome = true; + isSystemUser = true; }; systemd.services = { diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index 0227f512a..039698f1d 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,12 @@ {config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { - name = "nixBuild"; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.buildbotSlave.pubkey - config.krebs.users.makefu-remote-builder.pubkey - ]; - }; + name = "nixBuild"; + isNormalUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.buildbotSlave.pubkey + config.krebs.users.makefu-remote-builder.pubkey + ]; + }; } diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix index 2c93143ec..26f1d3ba3 100644 --- a/makefu/2configs/share-user-sftp.nix +++ b/makefu/2configs/share-user-sftp.nix @@ -5,6 +5,7 @@ share = { uid = 9002; home = "/var/empty"; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; }; diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index 27e0c638b..fd81f28ca 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -11,7 +11,10 @@ in { # home = "/var/empty"; # }; environment.systemPackages = [ pkgs.samba ]; - users.users.download.uid = genid "download"; + users.users.download = { + uid = genid "download"; + isNormalUser = true; + }; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index ac0eaa978..56beb5b42 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -9,7 +9,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index 9695751ff..f2c36b551 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -3,7 +3,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index e96daa038..c8ccbfbb9 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -23,6 +23,7 @@ in { uid = genid "arafetch"; inherit home; createHome = true; + isSystemUser = true; }; systemd.services.ara2mqtt = { diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index 34f0ab0b4..106f8fac6 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -1,7 +1,7 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser group = "share"; description = "smb guest user"; home = "/var/empty"; diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 5a6ef7c97..763603dfd 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -20,5 +20,6 @@ # rambox vscode + chitubox ]; } diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index d66ea7760..14e782e3f 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -15,6 +15,6 @@ streamripper youtube-dl - pulseeffects + pulseeffects-legacy # for pulse ]; } diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 17a980ef7..acc22d647 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -4,7 +4,7 @@ users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy - pythonPackages.binwalk-full + python3Packages.binwalk-full dnsmasq iodine mtr diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix index 5222e50ac..30070430c 100644 --- a/makefu/3modules/ps3netsrv.nix +++ b/makefu/3modules/ps3netsrv.nix @@ -50,6 +50,7 @@ let # TODO only create if user is ps3netsrv users.users.ps3netsrv = { uid = genid "ps3netsrv"; + isSystemUser = true; }; users.groups.ps3netsrv.gid = genid "ps3netsrv"; }; diff --git a/makefu/5pkgs/droidcam/default.nix b/makefu/5pkgs/droidcam/default.nix deleted file mode 100644 index d30fb01a6..000000000 --- a/makefu/5pkgs/droidcam/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ stdenv, fetchFromGitHub -, pkg-config -, alsaLib -, libjpeg_turbo -, ffmpeg -, libusbmuxd -, speex -, gtk3 -, libappindicator-gtk3 -}: - -stdenv.mkDerivation rec { - pname = "droidcam"; - version = "1.6"; - - src = fetchFromGitHub { - owner = "aramg"; - repo = "droidcam"; - rev = "v${version}"; - sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx"; - }; - - sourceRoot = "source/linux"; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ - alsaLib - libjpeg_turbo - ffmpeg - libusbmuxd - speex - gtk3 - libappindicator-gtk3 - ]; - - buildPhase = '' - runHook preBuild - make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)" - ''; - installPhase = '' - runHook preInstall - install -Dm755 "droidcam" "$out/bin/droidcam" - install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli" - install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png" - install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE" - ''; - - meta = with stdenv.lib; { - description = "A kernel module to create V4L2 loopback devices"; - homepage = "https://github.com/aramg/droidcam"; - license = licenses.gpl2; - maintainers = [ maintainers.makefu ]; - platforms = platforms.linux; - }; -} diff --git a/makefu/5pkgs/shiori/default.nix b/makefu/5pkgs/shiori/default.nix index ee4aa9304..7de1e5ae1 100644 --- a/makefu/5pkgs/shiori/default.nix +++ b/makefu/5pkgs/shiori/default.nix @@ -1,6 +1,6 @@ -{ go_1_14, buildGoPackage, fetchFromGitHub }: +{ buildGoPackage, fetchFromGitHub }: let - builder = buildGoPackage.override { go = go_1_14; }; + builder = buildGoPackage; in builder rec { name = "shiori-${version}"; diff --git a/makefu/5pkgs/tt-rss/default.nix b/makefu/5pkgs/tt-rss/default.nix deleted file mode 100644 index 4907a73a5..000000000 --- a/makefu/5pkgs/tt-rss/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ stdenv, fetchurl }: - -stdenv.mkDerivation rec { - pname = "tt-rss"; - version = "2020-09-23"; - rev = "d0ed7890df"; - - src = fetchurl { - url = "https://git.tt-rss.org/git/tt-rss/archive/${rev}.tar.gz"; - sha256 = "1b2fczd41bqg9bq37r99svrqswr9qrp35m6gn3nz032yqcwc22ij"; - }; - - installPhase = '' - mkdir $out - cp -ra * $out/ - ''; - - meta = with stdenv.lib; { - description = "Web-based news feed (RSS/Atom) aggregator"; - license = licenses.gpl2Plus; - homepage = "https://tt-rss.org"; - maintainers = with maintainers; [ globin zohl ]; - platforms = platforms.all; - }; -} diff --git a/makefu/krops.nix b/makefu/krops.nix index 697039720..fd53f004e 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -77,7 +77,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "63f299b"; + ref = "fd5fbb0a241f644908cdf01ccd1821d0606fb4fd"; }; }) ]; diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 07e7ff11d..19e191b7b 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -38,7 +38,6 @@ with import ; } { i18n.defaultLocale = mkDefault "C.UTF-8"; - security.hideProcessInformation = true; security.sudo.extraConfig = '' Defaults env_keep+="SSH_CLIENT XMONAD_SPAWN_WORKSPACE" Defaults mailto="${config.krebs.users.tv.mail}" diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 2e73640ff..1586f3b33 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -33,7 +33,7 @@ let { cgit = { settings = { about-filter = pkgs.exec "krebs.cgit.about-filter" rec { - filename = "${pkgs.pythonPackages.markdown2}/bin/markdown2"; + filename = "${pkgs.python3Packages.markdown2}/bin/markdown2"; argv = [ filename "--extras=fenced-code-blocks" diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix index 79c31e9ec..f720ad473 100644 --- a/tv/2configs/pulse.nix +++ b/tv/2configs/pulse.nix @@ -116,6 +116,7 @@ in group = "pulse"; extraGroups = [ "audio" ]; home = "${runDir}/home"; + isSystemUser = true; }; }; } diff --git a/tv/2configs/xp-332.nix b/tv/2configs/xp-332.nix index a66b884c8..a97fb3679 100644 --- a/tv/2configs/xp-332.nix +++ b/tv/2configs/xp-332.nix @@ -3,7 +3,7 @@ with import ; environment.etc."utsushi.conf".text = '' [devices] - dev1.udi = esci:networkscan://EPSON79678C.fritz.box:1865 + dev1.udi = esci:networkscan://ep.hkw:1865 dev1.model = XP-332 dev1.vendor = EPSON ''; @@ -19,17 +19,14 @@ with import ; packageName pkg == "imagescan-plugin-networkscan"; nixpkgs.overlays = singleton (self: super: { - utsushi-customized = self.utsushi.override { - guiSupport = false; - jpegSupport = false; - networkSupport = true; - ocrSupport = false; - saneSupport = true; - tiffSupport = true; - - logCategory = "ALL"; - logLevel = "BRIEF"; - }; + utsushi-customized = self.utsushi.overrideAttrs (old: { + postInstall = '' + ${old.postInstall or ""} + ln -s /etc/utsushi.conf $out/etc/utsushi/utsushi.conf + ln -s ${pkgs.imagescan-plugin-networkscan}/lib/utsushi/networkscan \ + $out/libexec/utsushi/ + ''; + }); }); services = { diff --git a/tv/5pkgs/override/default.nix b/tv/5pkgs/override/default.nix index e6aae0f26..4fb2e8061 100644 --- a/tv/5pkgs/override/default.nix +++ b/tv/5pkgs/override/default.nix @@ -4,14 +4,16 @@ self: super: { # XXX cannot use `patches` because fzf has a custom patchPhase patchPhase = '' patch -Np1 < ${./fzf.complete1.patch} - ${old.patchPhase} + ${old.patchPhase or ""} ''; }); input-fonts = super.input-fonts.overrideAttrs (old: rec { - src = self.fetchurl { + src = self.fetchzip { url = "http://xu.r/~tv/mirrors/input-fonts/Input-Font-2.zip"; - sha256 = "1vvipqcflz4ximy7xpqy9idrdpq3a0c490hp5137r2dq03h865y0"; + sha256 = "1q58x92nm7dk9ylp09pvgj74nxkywvqny3xmfighnsl30dv42fcr"; + stripRoot = false; }; + sourceRoot = null; outputHash = null; outputHashAlgo = null; outputHashMode = null; diff --git a/tv/5pkgs/rpi/433Utils/default.nix b/tv/5pkgs/rpi/433Utils/default.nix index 78be6de35..136e3dbca 100644 --- a/tv/5pkgs/rpi/433Utils/default.nix +++ b/tv/5pkgs/rpi/433Utils/default.nix @@ -1,4 +1,4 @@ -{ fetchFromGitHub, stdenv +{ fetchFromGitHub, lib, stdenv , wiringPi ? WiringPi.wiringPi , wiringPiDev ? WiringPi.wiringPiDev , WiringPi ? rpiPackages.WiringPi @@ -9,7 +9,7 @@ stdenv.mkDerivation { pname = "433Utils-RPi_utils"; version = "2018-06-07"; - src = fetchFromGitHub (stdenv.lib.importJSON ./src.json); + src = fetchFromGitHub (lib.importJSON ./src.json); patches = [ ./rc-switch.protocols.patch diff --git a/tv/5pkgs/rpi/WiringPi/default.nix b/tv/5pkgs/rpi/WiringPi/default.nix index 61c43556d..40fcaeae4 100644 --- a/tv/5pkgs/rpi/WiringPi/default.nix +++ b/tv/5pkgs/rpi/WiringPi/default.nix @@ -1,4 +1,4 @@ -{ fetchFromGitHub, runCommand, stdenv }: +{ fetchFromGitHub, lib, runCommand, stdenv }: let generic = name: extraAttrs: @@ -6,7 +6,7 @@ let pname = "WiringPi-${name}"; version = "2020-09-14"; - src = fetchFromGitHub (stdenv.lib.importJSON ./src.json); + src = fetchFromGitHub (lib.importJSON ./src.json); buildPhase = '' runHook postBuild diff --git a/tv/5pkgs/simple/diff-so-fancy.nix b/tv/5pkgs/simple/diff-so-fancy.nix index 9ce6d9234..d57e6e75c 100644 --- a/tv/5pkgs/simple/diff-so-fancy.nix +++ b/tv/5pkgs/simple/diff-so-fancy.nix @@ -1,4 +1,6 @@ -{stdenv, git, perl, ncurses, coreutils, fetchFromGitHub, makeWrapper, ...}: +{ fetchFromGitHub, lib, stdenv +, coreutils, git, makeWrapper, ncurses, perl +}: stdenv.mkDerivation rec { name = "diff-so-fancy-${version}"; @@ -34,7 +36,7 @@ stdenv.mkDerivation rec { --prefix PATH : "${ncurses.out}/bin" ''; - meta = with stdenv.lib; { + meta = with lib; { homepage = https://github.com/so-fancy/diff-so-fancy; description = "Good-looking diffs filter for git"; license = licenses.mit; diff --git a/tv/5pkgs/simple/fzmenu/default.nix b/tv/5pkgs/simple/fzmenu/default.nix index 35918ff77..1f1b82848 100644 --- a/tv/5pkgs/simple/fzmenu/default.nix +++ b/tv/5pkgs/simple/fzmenu/default.nix @@ -1,4 +1,7 @@ -{ coreutils, dash, gnused, fzf, pass-otp, runCommand, rxvt_unicode, stdenv, utillinux, xdotool }: +{ lib, stdenv +, runCommand +, coreutils, dash, gnused, fzf, pass-otp, rxvt_unicode, utillinux, xdotool +}: runCommand "fzmenu" { } /* sh */ '' @@ -8,7 +11,7 @@ runCommand "fzmenu" { substituteInPlace $out/bin/otpmenu \ --replace '#! /bin/sh' '#! ${dash}/bin/dash' \ - --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [ + --replace '#PATH=' PATH=${lib.makeBinPath [ coreutils dash fzf @@ -21,7 +24,7 @@ runCommand "fzmenu" { substituteInPlace $out/bin/passmenu \ --replace '#! /bin/sh' '#! ${dash}/bin/dash' \ - --replace '#PATH=' PATH=${stdenv.lib.makeBinPath [ + --replace '#PATH=' PATH=${lib.makeBinPath [ coreutils dash fzf diff --git a/tv/5pkgs/simple/hc.nix b/tv/5pkgs/simple/hc.nix index 4d325e16c..086445ec0 100644 --- a/tv/5pkgs/simple/hc.nix +++ b/tv/5pkgs/simple/hc.nix @@ -1,4 +1,6 @@ -{ coreutils, fetchgit, findutils, gawk, gnugrep, makeWrapper, qrencode, stdenv, texlive, utillinux, zbar }: +{ fetchgit, lib, makeWrapper, stdenv +, coreutils, findutils, gawk, gnugrep, qrencode, texlive, utillinux, zbar +}: stdenv.mkDerivation rec { name = "hc-${meta.version}"; @@ -19,7 +21,7 @@ stdenv.mkDerivation rec { cp $src/bin/hc $out/bin/hc wrapProgram $out/bin/hc \ - --prefix PATH : ${stdenv.lib.makeBinPath [ + --prefix PATH : ${lib.makeBinPath [ coreutils findutils gawk diff --git a/tv/5pkgs/simple/imagescan-plugin-networkscan.nix b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix new file mode 100644 index 000000000..c3f2deaca --- /dev/null +++ b/tv/5pkgs/simple/imagescan-plugin-networkscan.nix @@ -0,0 +1,55 @@ +{ fetchurl, lib, pkgs, stdenv }: + +stdenv.mkDerivation rec { + pname = "imagescan-plugin-networkscan"; + version = "1.1.3"; + + src = + if stdenv.system == "x86_64-linux" then + fetchurl { + urls = [ + "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-10-3.63.0.x64.deb.tar.gz" + "http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-10-3.63.0.x64.deb.tar.gz" + ]; + hash = "sha256:1rbz6mjfinag7c2vnyl7lls3gpn8n91sv0p18ilnbw0vaddssn4j"; + } + else throw "${pname} is not supported on ${stdenv.system}; supported systems: x86_64-linux"; + + dontBuild = true; + + nativeBuildInputs = [ + pkgs.dpkg + ]; + + installPhase = '' + # Wildcard * stand for either i386 or amd64 + dpkg -x \ + plugins/imagescan-plugin-networkscan_${version}-1epson4debian10_*.deb \ + tmp + + mv tmp/usr $out + ''; + + preFixup = '' + patchelf --set-interpreter \ + ${stdenv.glibc}/lib/ld-linux-x86-64.so.2 \ + $out/lib/utsushi/networkscan + + # libstdc++.so.6 + patchelf --set-rpath \ + ${stdenv.cc.cc.lib}/lib \ + $out/lib/utsushi/networkscan + ''; + + meta = { + description = "Epson Image Scan v3 networkscan plugin"; + longDescription = '' + This package provides the unfree networkscan plugin from the Epson + Image Scan v3 scanner driver bundle, which can be used by Utsushi. + ''; + homepage = "http://support.epson.net/linux/en/imagescanv3.php?version=${version}"; + license = lib.licenses.eapl; + maintainers = [ lib.maintainers.tv ]; + platforms = lib.platforms.linux; + }; +} diff --git a/tv/5pkgs/simple/rox-filer.nix b/tv/5pkgs/simple/rox-filer.nix index bce89cacd..b380bdff9 100644 --- a/tv/5pkgs/simple/rox-filer.nix +++ b/tv/5pkgs/simple/rox-filer.nix @@ -1,4 +1,5 @@ -{ autoconf, stdenv, fetchFromGitLab, pkgconfig, libxml2, libSM, shared-mime-info +{ fetchFromGitLab, lib, stdenv +, autoconf, pkgconfig, libxml2, libSM, shared-mime-info , libxslt, docbook_xml_dtd_412, docbook_xsl , gtk ? gtk2, gtk2 }: @@ -84,7 +85,7 @@ stdenv.mkDerivation { ln -sv application-{msword,rtf}.png ''; - meta = with stdenv.lib; { + meta = with lib; { description = "Fast, lightweight, gtk2 file manager"; homepage = "http://rox.sourceforge.net/desktop"; license = with licenses; [ gpl2 lgpl2 ]; diff --git a/tv/5pkgs/simple/utsushi.nix b/tv/5pkgs/simple/utsushi.nix deleted file mode 100644 index 0414eae09..000000000 --- a/tv/5pkgs/simple/utsushi.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ boost, fetchurl, file, imagemagick, libudev, libusb, pkgconfig, stdenv -, coreutils, dash, patchelf, writeScriptBin # for add-rpath - -, guiSupport ? false, gtkmm2 ? null -, jpegSupport ? true -, networkSupport ? false, dpkg ? null -, ocrSupport ? false, tesseract ? null -, saneSupport ? true, saneBackends ? null -, tiffSupport ? true, libtiff ? null - -# Logging defaults copied from Utsushi source (lib/log.cpp) -, logCategory ? "NOTHING" -, logLevel ? "FATAL" -}: - -# Logging possibilities copied from Utsushi source (utsushi/log.hpp) -assert builtins.elem logCategory [ - "NOTHING" - "SANE_BACKEND" - "ALL" -]; -assert builtins.elem logLevel [ - "FATAL" # famous last words - "ALERT" # outside intervention required - "ERROR" # something went wrong - "BRIEF" # short informational notes - "TRACE" # more chattery feedback - "DEBUG" # the gory details - "QUARK" # stack tracing feedback -]; - -let - - # usage: add-rpath LIBPATH [SOFILE...] - # Adds LIBPATH to each SOFILE's RPATH - add-rpath = writeScriptBin "add-rpath" '' - #! ${dash}/bin/dash - set -efu - path=$1; shift - for file; do - file=$(${coreutils}/bin/readlink -f "$file") - old_rpath=$(${patchelf}/bin/patchelf --print-rpath "$file") - new_rpath=''${old_rpath+$old_rpath:}$path - ${patchelf}/bin/patchelf --set-rpath "$new_rpath" "$file" - done - ''; - - imagescan-plugin-networkscan = stdenv.mkDerivation rec { - pname = "imagescan-plugin-networkscan"; - version = "1.1.3"; - - src = - if stdenv.system == "i686-linux" then - fetchurl { - urls = [ - "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x86/imagescan-bundle-debian-9-3.59.2.x86.deb.tar.gz" - "http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-9-3.59.2.x86.deb.tar.gz" - ]; - sha256 = "1whw96kcfj65h2jnk72xgyr9jj05fa07d0xjxpaqb0zwdag3465g"; - } - else if stdenv.system == "x86_64-linux" then - fetchurl { - urls = [ - "https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-9-3.59.2.x64.deb.tar.gz" - "http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-9-3.59.2.x64.deb.tar.gz" - ]; - sha256 = "0kd6mrs48wwss54gw4v9fm7ss5ma2xpn6gd1pz26cgjvp6n8hknn"; - } - else throw "${pname} is not supported on ${stdenv.system} (only i686-linux and x86_64 linux are supported)"; - - dontBuild = true; - - installPhase = '' - # Wildcard * stand for either i386 or amd64 - ${dpkg}/bin/dpkg -x \ - plugins/imagescan-plugin-networkscan_${version}-1epson4debian9_*.deb \ - tmp - - mv tmp/usr $out - ''; - - preFixup = '' - patchelf --set-interpreter \ - ${stdenv.glibc}/lib/ld-linux${stdenv.lib.optionalString stdenv.is64bit "-x86-64"}.so.2 \ - $out/lib/utsushi/networkscan - - # libstdc++.so.6 - patchelf --set-rpath ${stdenv.cc.cc.lib}/lib \ - $out/lib/utsushi/networkscan - ''; - - meta = { - description = "Epson Image Scan v3 networkscan plugin"; - longDescription = '' - This package provides the unfree networkscan plugin from the Epson - Image Scan v3 scanner driver bundle, which can be used by Utsushi. - ''; - homepage = "http://support.epson.net/linux/en/imagescanv3.php?version=${version}"; - license = stdenv.lib.licenses.eapl; - maintainers = [ stdenv.lib.maintainers.tv ]; - platforms = stdenv.lib.platforms.linux; - }; - }; - -in - -stdenv.mkDerivation rec { - pname = "utsushi"; - version = "3.59.2"; - - src = fetchurl { - urls = [ - "http://support.epson.net/linux/src/scanner/imagescanv3/debian/imagescan_${version}.orig.tar.gz" - "http://ni.r/~tv/mirrors/epson/imagescan_${version}.orig.tar.gz" - ]; - sha256 = "1mns10mpyjprkrh2bjcg2nda9iyrnd0pf1did9py84glpapkzrdq"; - }; - - preConfigure = '' - substituteInPlace configure \ - --replace /usr/bin/file ${file}/bin/file - - substituteInPlace lib/log.cpp \ - --replace FATAL ${logLevel} \ - --replace NOTHING ${logCategory} - ''; - - postInstall = '' - # Allow configuration to be done via /etc/utsushi.conf - ln -s /etc/utsushi.conf $out/etc/utsushi/utsushi.conf - - ${stdenv.lib.optionalString saneSupport '' - # Make this package compatible with hardware.sane.extraBackends - mkdir $out/etc/sane.d - echo utsushi > $out/etc/sane.d/dll.conf - mkdir $out/lib/sane - ln -s $out/lib/utsushi/sane/libsane-utsushi.* $out/lib/sane - ''} - - ${stdenv.lib.optionalString networkSupport '' - ln -s ${imagescan-plugin-networkscan}/lib/utsushi/networkscan \ - $out/libexec/utsushi/ - ''} - ''; - - # Fixup libraries which otherwise would end up broken like this: - # - # $ ldd .../blah.so | grep libboost_system - # libboost_system.so.X.Y.Z => not found - # libboost_system.so.X.Y.Z => /nix/store/.../libboost_system.so.X.Y.Z (...) - # - preFixup = '' - add-rpath ${boost}/lib $out/lib/utsushi/libdrv-esci.so - ${stdenv.lib.optionalString saneSupport '' - add-rpath ${boost}/lib $out/lib/utsushi/sane/libsane-utsushi.so - ''} - ''; - - nativeBuildInputs = [ - add-rpath - pkgconfig - ]; - - buildInputs = [ - boost - imagemagick - libudev - libusb - ] - ++ stdenv.lib.optional guiSupport gtkmm2 - ++ stdenv.lib.optional ocrSupport tesseract - ++ stdenv.lib.optional saneSupport saneBackends - ++ stdenv.lib.optional tiffSupport libtiff - ; - - NIX_CFLAGS_COMPILE = [ - "-Wno-error=deprecated-declarations" - "-Wno-error=unused-variable" - ]; - - configureFlags = [ - "--with-boost=${boost}" - "--with-magick" - "--with-magick-pp" - "--with-udev-confdir=$(out)/etc/udev" - ] - ++ stdenv.lib.optionals guiSupport [ - "--with-gtkmm" - ] - ++ stdenv.lib.optionals jpegSupport [ - "--with-jpeg" - ] - ++ stdenv.lib.optionals saneSupport [ - "--with-sane" - ] - ++ stdenv.lib.optionals tiffSupport [ - "--with-tiff" - ] - ; - - meta = { - description = "Utsushi - Next Generation Image Acquisition"; - longDescription = '' - This software provides applications to easily turn hard-copy - documents and imagery into formats that are more amenable to - computer processing. - - Included are a native driver for a number of EPSON scanners - and a compatibility driver to interface with software built - around the SANE standard. - ''; - homepage = http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX; - license = stdenv.lib.licenses.gpl3; - maintainers = [ stdenv.lib.maintainers.tv ]; - platforms = stdenv.lib.platforms.linux; - }; -}