Merge remote-tracking branch 'prism/master'

2016-10-11 17:54:00 +02:00 · 2016-10-11 17:54:00 +02:00 · 798f90c0fd
parent b6c5994e03 fa5816431c
commit 798f90c0fd
19 changed files with 191 additions and 49 deletions
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@ -17,29 +17,57 @@ let
        # see `repo-sync --help`
        #   `ref` provides sane defaults and can be omitted

+        # you can have multiple repo-sync groups and therefore multiple @latest
+        # configuration entries.
        # attrset will be converted to json and be used as config
-        { repo = {
+        # each attrset defines a group of repos for syncing
+
+        { nxpkgs = {
            makefu = {
              origin = {
-                url = http://github.com/makefu/repo ;
+                url = http://github.com/makefu/nixpkgs;
                ref = "heads/dev" ;
              };
              mirror = {
-                url = "git@internal:mirror" ;
+                url = "git@internal:nixpkgs-mirror" ;
                ref = "heads/github-mirror-dev" ;
              };
            };
            lass = {
              origin = {
-                url = http://github.com/lass/repo ;
+                url = http://github.com/lass/nixpkgs;
              };
              mirror = {
-                url = "git@internal:mirror" ;
+                url = "git@internal:nixpkgs-mirror" ;
              };
            };
            "@latest" = {
              mirror = {
-                url = "git@internal:mirror";
+                url = "git@internal:nixpkgs-mirror";
+                ref = "heads/master";
+              };
+            };
+          };
+          stockholm = {
+            lass = {
+              origin = {
+                url = http://cgit.prism.r/stockholm;
+              };
+              mirror = {
+                url = "git@internal:stockholm-mirror" ;
+              };
+            };
+            makefu = {
+              origin = {
+                url = http://gum.krebsco.de/stockholm;
+              };
+              mirror = {
+                url = "git@internal:stockholm-mirror" ;
+              };
+            };
+            "@latest" = {
+              mirror = {
+                url = "git@internal:stockholm-mirror";
                ref = "heads/master";
              };
            };
--- a/krebs/5pkgs/passwdqc-utils/default.nix
+++ b/krebs/5pkgs/passwdqc-utils/default.nix
@ -1,13 +1,18 @@
-{stdenv,pam,fetchurl,...}:
+{ stdenv, pam,
+  fetchurl, lib,
+  wordset-file ? null, # set your own wordset-file
+  ... }:

 stdenv.mkDerivation rec {
  name = "passwdqc-utils-${version}";
  version = "1.3.0";
  buildInputs = [ pam ];
+
  src = fetchurl {
    url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
    sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
  };
+
  buildTargets = "utils";
  installFlags= [ "BINDIR=$(out)/bin"
                  "CONFDIR=$(out)/etc"
@ -15,7 +20,12 @@ stdenv.mkDerivation rec {
                  "DEVEL_LIBDIR=$(out)/lib"
                  "SECUREDIR=$(out)/lib/security"
                  "INCLUDEDIR=$(out)/include"
-                  "MANDIR=$(out)/man"];
+                  "MANDIR=$(out)/man" ];
+
+  patchPhase = lib.optionalString (wordset-file != null) ''
+    cp -f ${wordset-file} wordset_4k.c
+  '';
+
  installTargets = "install_lib install_utils";

  meta = {
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@ -200,6 +200,9 @@ with config.krebs.lib;
    thunderbird

    logf
+    iodine
+
+    macchanger
  ];

  #TODO: fix this shit
--- a/lass/2configs/iodined.nix
+++ b/lass/2configs/iodined.nix
@ -10,11 +10,11 @@ in {
    enable = true;
    domain = domain;
    ip = "172.16.10.1/24";
-    extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
+    extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
  };

  krebs.iptables.tables.filter.INPUT.rules = [
-    { predicate = "-p udp --dport 54"; target = "ACCEPT";}
+    { predicate = "-p udp --dport 53"; target = "ACCEPT";}
  ];

 }
--- a/lass/3modules/umts.nix
+++ b/lass/3modules/umts.nix
@ -41,10 +41,6 @@ let

  wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113

-  #modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09";
-  modem-device = "/dev/serial/by-id/usb-HUAWEI_Technologies_HUAWEI_Mobile-if00-port0";
-
-  # TODO: currently it is only netzclub
  umts-bin = pkgs.writeScriptBin "umts" ''
    #!/bin/sh
    set -euf
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@ -22,6 +22,8 @@ in {
      ../2configs/tinc/retiolum.nix
      ../2configs/urlwatch.nix
      ../2configs/torrent.nix
+      ../2configs/sabnzbd.nix
+
      ../2configs/opentracker.nix

  ];
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@ -43,9 +43,11 @@ in {
      # TODO: unlock home partition via ssh
      ../2configs/fs/sda-crypto-root.nix
      ../2configs/zsh-user.nix
+      ../2configs/urlwatch.nix
      ../2configs/exim-retiolum.nix
      ../2configs/smart-monitor.nix
      ../2configs/mail-client.nix
+      ../2configs/disable_v6.nix
      #../2configs/graphite-standalone.nix
      #../2configs/share-user-sftp.nix
      ../2configs/omo-share.nix
@ -56,13 +58,11 @@ in {
      # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
    ];
  makefu.full-populate = true;
-  makefu.deluge.cfg = {
-    max_active_seeding = 1;
-    stop_seed_ratio = 1;
-    natpmp = true;
-    upnp = true;
-    max_upload_speed = 200;
-
+  krebs.rtorrent = {
+    downloadDir = lib.mkForce "/media/crypt0/torrent";
+    extraConfig = ''
+      upload_rate = 200
+    '';
  };
  users.groups.share = {
    gid = config.krebs.lib.genid "share";
@ -109,6 +109,7 @@ in {
  environment.systemPackages = with pkgs;[ 
    mergerfs # hard requirement for mount
    wol # wake up filepimp
+    f3
  ];
  fileSystems = let
    cryptMount = name:
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@ -9,6 +9,7 @@
      ../.
      ../2configs/main-laptop.nix #< base-gui + zsh
      ../2configs/laptop-utils.nix
+      ../2configs/laptop-backup.nix

      # Krebs
      #../2configs/disable_v6.nix
@ -42,13 +43,14 @@
      ../2configs/tinc/retiolum.nix
      # temporary modules
      ../2configs/temp/share-samba.nix
-      ../2configs/temp/elkstack.nix
+      ../2configs/laptop-backup.nix
+      # ../2configs/temp/elkstack.nix
      # ../2configs/temp/sabnzbd.nix
      ../2configs/tinc/siem.nix
-      ../2configs/torrent.nix
+      #../2configs/torrent.nix
    ];
  makefu.full-populate = true;
-  makefu.deluge.web.enable = true;
+
  krebs.nginx = {
    default404 = false;
    servers.default.listen = [ "80 default_server" ];
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@ -22,7 +22,7 @@ with config.krebs.lib;
    build = {
      user = config.krebs.users.makefu;
      source = let inherit (config.krebs.build) host user; in {
-        nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then
+        nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
          { # stable @ 2016-07-20
            git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; };
          }
--- a/makefu/2configs/iodined.nix
+++ b/makefu/2configs/iodined.nix
@ -7,10 +7,12 @@ let
 in {

  services.iodined = {
-    enable = true;
-    domain = domain;
-    ip = "172.16.10.1/24";
-    extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
+    server = {
+      enable = true;
+      domain = domain;
+      ip = "172.16.10.1/24";
+      extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
+    };
  };

 }
--- a/makefu/2configs/laptop-backup.nix
+++ b/makefu/2configs/laptop-backup.nix
@ -0,0 +1,12 @@
+{config, lib, pkgs, ... }:
+
+{
+  systemd.user.services.duply-secrets = {
+    description = "run daily secrets backup";
+    startAt = "daily";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup";
+    };
+  };
+}
--- a/makefu/2configs/omo-share.nix
+++ b/makefu/2configs/omo-share.nix
@ -21,7 +21,6 @@ in {
          sendfile on;
          sendfile_max_chunk 512k;
          directio 512;
-          aio threads;
          mp4;
          autoindex on;
          root /media;
--- a/makefu/2configs/sabnzbd.nix
+++ b/makefu/2configs/sabnzbd.nix
@ -0,0 +1,16 @@
+{ pkgs, config, ... }:
+
+with config.krebs.lib;
+let
+  web-port = 8080;
+in {
+  services.sabnzbd.enable = true;
+  services.sabnzbd.group = "download";
+  systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+  users.users.sabnzbd.group = mkForce "download";
+
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
+  '';
+}
--- a/makefu/2configs/temp/share-samba.nix
+++ b/makefu/2configs/temp/share-samba.nix
@ -2,9 +2,11 @@
  users.users.smbguest = {
    name = "smbguest";
    uid = config.ids.uids.smbguest;
+    group = "share";
    description = "smb guest user";
    home = "/var/empty";
  };
+  users.groups.share.members = [ "makefu" ];

  networking.firewall.allowedTCPPorts = [
    139 445 # samba
--- a/makefu/2configs/udpt.nix
+++ b/makefu/2configs/udpt.nix
@ -1,6 +1,7 @@
 {pkgs, ...}:

 let
+  daemon-port = 6969;
  cfgfile = pkgs.writeText "udpt-config" ''
    [db]
    driver=sqlite3
@ -11,7 +12,9 @@ let
    port=6969
    threads=5
    allow_remotes=yes
-    allow_iana_ips=no
+
+    # allow retiolum:
+    allow_iana_ips=yes
    announce_interval=1800
    cleanup_interval=120

@ -19,7 +22,7 @@ let
    enable=yes

    [logging]
-    filename=-
+    filename=/tmp/udpt.log
    level=warning
  '';
 in {
@ -27,5 +30,8 @@ in {
    enable = true;
    inherit cfgfile;
  };
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -i retiolum -p udp --dport ${toString daemon-port} -j ACCEPT
+  '';

 }
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@ -1,22 +1,6 @@
 { config, lib, ... }:

 {
-  nixpkgs.config.packageOverrides = pkgs: {
-    urlwatch = with pkgs.pythonPackages; buildPythonPackage rec {
-      name = "urlwatch-1.18";
-
-      propagatedBuildInputs =  [ futures ];
-
-      src = pkgs.fetchurl {
-        url = "http://thp.io/2008/urlwatch/${name}.tar.gz";
-        sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb";
-      };
-
-      postFixup = ''
-        wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH"
-      '';
-    };
-  };
  krebs.urlwatch = {
    enable = true;
    mailto = config.krebs.users.makefu.mail;
--- a/makefu/3modules/udpt.nix
+++ b/makefu/3modules/udpt.nix
@ -40,8 +40,9 @@ let
      restartIfChanged = true;
      serviceConfig = {
        Type = "simple";
-        ExecStart = "${cfg.package}/bin/udpt -c ${shell.escape cfg.cfgfile}";
+        ExecStart = "${cfg.package}/bin/udpt -i -c ${shell.escape cfg.cfgfile}";
        PrivateTmp = true;
+        WorkingDirectory = "/tmp";
        User = "${cfg.user}";
      };
    };
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@ -2,9 +2,16 @@

 let
  inherit (pkgs) callPackage;
+  nixpkgs-1509 = import (pkgs.fetchFromGitHub {
+    owner = "NixOS"; repo = "nixpkgs-channels";
+    rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
+    sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
+  }) {};
+
 in
 {
  nixpkgs.config.packageOverrides = rec {
+    cups = nixpkgs-1509.cups;
    alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
    alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
    alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
@ -18,6 +25,13 @@ in
    mycube-flask = callPackage ./mycube-flask {};
    nodemcu-uploader = callPackage ./nodemcu-uploader {};
    ps3netsrv = callPackage ./ps3netsrv {};
+    pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils {
+      wordset-file = pkgs.fetchurl {
+        url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
+        sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
+      };
+    };
+    qcma = pkgs.qt5.callPackage ./qcma {};
    tw-upload-plugin = callPackage ./tw-upload-plugin {};
    skytraq-logger = callPackage ./skytraq-logger {};
    taskserver = callPackage ./taskserver {};
--- a/makefu/5pkgs/qcma/default.nix
+++ b/makefu/5pkgs/qcma/default.nix
@ -0,0 +1,64 @@
+{ lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git,
+gettext, automake, libxml2 , qmakeHook, makeQtWrapper,
+qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }:
+let
+  libvitamtp = stdenv.mkDerivation rec {
+    name = "libvitamtp-${version}";
+    version = "2.5.9";
+
+    src = fetchFromGitHub {
+      owner = "codestation";
+      repo = "vitamtp";
+      rev = "v"+version;
+      sha256 = "09c9f7gqpyicfpnhrfb4r67s2hci6hh31bzmqlpds4fywv5mzaf8";
+    };
+
+    buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig ];
+    preConfigure = "sh ./autogen.sh";
+
+    meta = {
+      description = "Content Manager Assistant for the PS Vita";
+      homepage = https://github.com/codestation/qcma;
+      license = stdenv.lib.licenses.gpl2;
+      platforms = stdenv.lib.platforms.linux;
+      maintainers = with stdenv.lib.maintainers; [ makefu ];
+    };
+  };
+in stdenv.mkDerivation rec {
+  name = "qcma-${version}";
+  version = "0.3.13";
+
+  src = fetchgit {
+    url = "git://github.com/codestation/qcma.git";
+    rev = "refs/tags/v"+version;
+    leaveDotGit = true;
+    sha256 = "164abjwlw2nw2i30wlwpsavz1zjkp6a14yprvinma5hflkw4yj6i";
+  };
+
+  preConfigure = ''
+    lrelease common/resources/translations/*.ts
+  '';
+
+  # TODO: manually adding qtbase and qtmultimedia to the library path is shit,
+  # this should be done somewhere before when building the project, idk.
+  installPhase = ''
+    make INSTALL_ROOT="$(out)" install
+    for i in qcma qcma_cli; do
+      wrapQtProgram $out/bin/$i --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [
+    qtbase qtmultimedia ]}
+    done
+  '';
+
+  enableParallelBuilding = true;
+
+  buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ];
+  nativeBuildInputs = [ qmakeHook qttools pkgconfig makeQtWrapper ];
+
+  meta = {
+    description = "Content Manager Assistant for the PS Vita";
+    homepage = https://github.com/codestation/qcma;
+    license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ makefu ];
+  };
+}