Merge remote-tracking branch 'lass/master'
This commit is contained in:
commit
8290c6507e
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
url = "https://git.shackspace.de/";
|
||||
# generate token from CI-token via:
|
||||
|
@ -6,7 +6,7 @@ let
|
|||
## cat /etc/gitlab-runner/config.toml
|
||||
token = import <secrets/shackspace-gitlab-ci-token.nix> ;
|
||||
in {
|
||||
systemd.services.gitlab-runner.path = [
|
||||
systemd.services.gitlab-runner.path = [
|
||||
"/run/wrappers" # /run/wrappers/bin/su
|
||||
"/" # /bin/sh
|
||||
];
|
||||
|
@ -16,19 +16,18 @@ in {
|
|||
enable = true;
|
||||
# configFile, configOptions and gracefulTimeout not yet in stable
|
||||
# gracefulTimeout = "120min";
|
||||
configText = ''
|
||||
concurrent = 1
|
||||
check_interval = 0
|
||||
|
||||
[[runners]]
|
||||
name = "krebs-shell"
|
||||
url = "${url}"
|
||||
token = "${token}"
|
||||
executor = "shell"
|
||||
shell = "sh"
|
||||
environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
|
||||
[runners.cache]
|
||||
configFile = pkgs.writeText "gitlab-runner.cfg" ''
|
||||
concurrent = 1
|
||||
check_interval = 0
|
||||
|
||||
[[runners]]
|
||||
name = "krebs-shell"
|
||||
url = "${url}"
|
||||
token = "${token}"
|
||||
executor = "shell"
|
||||
shell = "sh"
|
||||
environment = ["PATH=/bin:/run/wrappers/bin:/etc/per-user/gitlab-runner/bin:/etc/per-user-pkgs/gitlab-runner/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"]
|
||||
[runners.cache]
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -92,6 +92,7 @@
|
|||
};
|
||||
general {
|
||||
#maybe we want ident someday?
|
||||
default_floodcount = 1000;
|
||||
disable_auth = yes;
|
||||
throttle_duration = 1;
|
||||
throttle_count = 1000;
|
||||
|
|
|
@ -12,7 +12,7 @@ let
|
|||
buildInputs = [
|
||||
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
|
||||
docopt
|
||||
requests2
|
||||
requests
|
||||
paramiko
|
||||
python
|
||||
]))
|
||||
|
|
|
@ -12,7 +12,7 @@ let
|
|||
buildInputs = [
|
||||
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
|
||||
docopt
|
||||
requests2
|
||||
requests
|
||||
python
|
||||
]))
|
||||
];
|
||||
|
|
|
@ -37,7 +37,7 @@ let
|
|||
docopt
|
||||
LinkHeader
|
||||
aiocoap
|
||||
requests2
|
||||
requests
|
||||
paramiko
|
||||
python
|
||||
]))
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
with import <stockholm/lib>;
|
||||
let
|
||||
gunicorn = pkgs.pythonPackages.gunicorn;
|
||||
bepasty = pkgs.pythonPackages.bepasty-server;
|
||||
bepasty = pkgs.bepasty;
|
||||
gevent = pkgs.pythonPackages.gevent;
|
||||
python = pkgs.pythonPackages.python;
|
||||
cfg = config.krebs.bepasty;
|
||||
|
|
|
@ -160,6 +160,8 @@ let
|
|||
# TODO: maybe also prepare buildbot.tac?
|
||||
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||
set -efux
|
||||
#remove garbage from old versions
|
||||
rm -r ${workdir}
|
||||
mkdir -p ${workdir}/info
|
||||
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
||||
echo ${contact} > ${workdir}/info/admin
|
||||
|
|
|
@ -432,8 +432,13 @@ with import <stockholm/lib>;
|
|||
eddie = {
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "129.215.90.4";
|
||||
aliases = [ "eddie.i" ];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.29.170";
|
||||
ip6.addr = "42:4992:6a6d:700::1";
|
||||
aliases = [ "eddie.r" ];
|
||||
|
@ -485,8 +490,13 @@ with import <stockholm/lib>;
|
|||
inspector = {
|
||||
ci = false;
|
||||
external = true;
|
||||
nets = {
|
||||
nets = rec {
|
||||
internet = {
|
||||
ip4.addr = "141.76.44.154";
|
||||
aliases = [ "inspector.i" ];
|
||||
};
|
||||
retiolum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.243.29.172";
|
||||
ip6.addr = "42:4992:6a6d:800::1";
|
||||
aliases = [ "inspector.r" ];
|
||||
|
|
|
@ -1 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEZgGgImN/9D4yJBjYlkAvT3X45kzt4n8hmgsqPcdcHWNC7fofWG4fZe8NNrTLdKsK+xYxTstj49l8Vb3YDvw4fAyyyhms/eFRlD2BRqAISwc39EIeTC4g3PXNeUtUGdczXKxsJf5iWf4kxUrUOuZ3FeKxeYXDMSqzzk1oKalhWNl4PmgRc5FzjeRJ2WziilwFq7ntLswoeTBW3c53fbcp3XuPza3M1/sN3NHJx9ZMpWVfJhZ/CXr+nqpc25ZIr5HZVZbgDTyJQimlTF5JCfU0NiiBIh7ep7x4o93tARmilit7+mWUkkxk6ba+zG6nr+s+zyd85AFAYRioOEczbC6mI44UZUB11KkEzOon5JWSA8pK+DPqsqhFkwWYMHLXZp8zemdp9kushRZ6nuI9MzBwacngro1vAvDL6jrS5MR7zf7rMAo6wexovWoEowvZz629mjC3OAt9iOm4VJdvEmq+rHLfjjznVEY6llF7DUu2QNEazaXhxZH9V9N1gyubIE97SQVqmwDrf8BGC0Hq+hC4OOweqfo4XP0etbqAfDozZbqcqyE1m9Bj8DpjrSXka1PuJf5fgEtoxPadd2qdiHMfIx9sM+4uu2nI5aFvWO3OlJmhF80QzNdFzZWjsyvJ24C1/a2FAyzoab1Sg9ljstQThseTtvlXcX8jfFn0U3RbgXgCgOWad3Oy9vA0OCdsHut0nzv3UO+T5+wv2+lvE3QSSKOlmVtdKMhCFb+Rg+FliKxyd820h9yR3wDYmkurVkAxaj8Kx5MaY/7aypOi8fRAV2FSDtCKkuMyPv4xEtdPi/4lj55pRBEO8lJkeb+WurCzZ7ZeaPdrW1YIQtToPpiz3dXeRhkts6jq8247xIplzHh9Iu18gOrnZ+ygn70g19x842vvcfLQNAghDPS93msJdSe+EtulMCwNTjUaF9LyzhW9ptLG9NmwgbT5kGsFiRw3BFdyfcQVWVzDhuP3hPPx+hjiZtFfpIKpxV9MjO1xQ830Ngk3JpSphMZTQ432yfvu9yEsUWmAa8ax1jxJ361AiIp0U2xioJmdVd3E2sxkpOUYqE89IR9X6hS3fH38Gc5IL5+BnhuZvRgXuA+nrqdU4pMB3TIoC5oXlOMRXpxaS91YiO4ERx2t6WkBRCoaDuRWnLpewV6lhjwi1+4Emlrs2q1R0K64emZTv7O1MKwWRHOlBJD3HLyCCS763OzYW4mEQcfBAQtbm6sTooJ+D/zbmYgbnZt0z/nP9R/n25pzlSPpZ49fCiRV7QN6D9mksISTz8qIiCzNBn1F7DUewXqkrdPopl4npeNVcOyyo7P1lFFGde+jq/7REdzD+vno1h9+17WZbyzQtlOyipQYzb6l4QuXq/zejJrELJAQdN4yRQq5NJzIh0HXaPnPC083T791moBflyqiwPEIWsSMfILqSqL1jVVNgvV4fHnMixgH2zK9f0EyE3fG9PnuRribPR2DlESqpHZTcBixgh660EPKh0gCLYoWKgU= lass-android@XperiaXCompact
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
out = {
|
||||
options.krebs.tinc = api;
|
||||
|
@ -11,7 +11,7 @@ let
|
|||
description = ''
|
||||
define a tinc network
|
||||
'';
|
||||
type = with types; attrsOf (submodule (tinc: {
|
||||
type = types.attrsOf (types.submodule (tinc: {
|
||||
options = let
|
||||
netname = tinc.config._module.args.name;
|
||||
in {
|
||||
|
@ -116,7 +116,7 @@ let
|
|||
phases = [ "installPhase" ];
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
${concatStrings (lib.mapAttrsToList (_: host: ''
|
||||
${concatStrings (mapAttrsToList (_: host: ''
|
||||
echo ${shell.escape host.nets."${tinc.config.netname}".tinc.config} \
|
||||
> $out/${shell.escape host.name}
|
||||
'') tinc.config.hosts)}
|
||||
|
|
|
@ -8,7 +8,7 @@ python3Packages.buildPythonPackage rec {
|
|||
|
||||
propagatedBuildInputs = with pkgs;[
|
||||
python3Packages.docopt
|
||||
python3Packages.requests2
|
||||
python3Packages.requests
|
||||
];
|
||||
src = fetchurl {
|
||||
url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
|
||||
|
|
|
@ -5,7 +5,7 @@ with pythonPackages; buildPythonPackage rec {
|
|||
propagatedBuildInputs = [
|
||||
python_magic
|
||||
click
|
||||
requests2
|
||||
requests
|
||||
];
|
||||
|
||||
src = fetchFromGitHub {
|
||||
|
|
|
@ -11,7 +11,7 @@ python3Packages.buildPythonPackage rec {
|
|||
|
||||
propagatedBuildInputs = with python3Packages; [
|
||||
docopt
|
||||
requests2
|
||||
requests
|
||||
beautifulsoup4
|
||||
];
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@ pythonPackages.buildPythonPackage rec {
|
|||
propagatedBuildInputs = with pythonPackages; [
|
||||
twisted
|
||||
pyopenssl
|
||||
requests2
|
||||
requests
|
||||
service-identity
|
||||
];
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@ python3Packages.buildPythonPackage rec {
|
|||
minidb
|
||||
pycodestyle
|
||||
pyyaml
|
||||
requests2
|
||||
requests
|
||||
];
|
||||
|
||||
meta = {
|
||||
|
|
|
@ -14,6 +14,6 @@ in
|
|||
stockholm.file = toString <stockholm>;
|
||||
nixpkgs.git = {
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
ref = "8ed299faacbf8813fc47b4fca34f32b835d6481e"; # nixos-17.03 @ 2017-09-09
|
||||
ref = "07ca7b64d2ff2fa7a79e4eab1aba70ff746fed8c"; # nixos-17.09 @ 2017-10-02
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/otp-ssh.nix>
|
||||
<stockholm/lass/2configs/git.nix>
|
||||
<stockholm/lass/2configs/dcso-vpn.nix>
|
||||
{ # automatic hardware detection
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
@ -94,4 +95,17 @@ with import <stockholm/lib>;
|
|||
programs.ssh.startAgent = lib.mkForce true;
|
||||
|
||||
services.tlp.enable = true;
|
||||
|
||||
services.xserver.videoDrivers = [ "nvidia" ];
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC1G1.pem"; sha256 = "14vz9c0fk6li0a26vx0s5ha6y3yivnshx9pjlh9vmnpkbph5a7rh"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC2G1.pem"; sha256 = "0r1dd48a850cv7whk4g2maik550rd0vsrsl73r6x0ivzz7ap1xz5"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAROOTC3G1.pem"; sha256 = "0b5cdchdkvllnr0kz35d8jrmrf9cjw0kd98mmvzr0x6nkc8hwpdy"; })
|
||||
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC2G1.pem"; sha256 = "0rn57zv1ry9vj4p2248mxmafmqqmdhbrfx1plszrxsphshbk2hfz"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCACOMPC3G1.pem"; sha256 = "0w88qaqhwxzvdkx40kzj2gka1yi85ipppjdkxah4mscwfhlryrnk"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC2G1.pem"; sha256 = "1z2qkyhgjvri13bvi06ynkb7mjmpcznmc9yw8chx1lnwc3cxa7kf"; })
|
||||
(pkgs.fetchurl { url = "http://pki.dcso.de/ca/PEM/DCSOCAIDENC3G1.pem"; sha256 = "0smdjjvz95n652cb45yhzdb2lr83zg52najgbzf6lm3w71f8mv7f"; })
|
||||
];
|
||||
}
|
||||
|
|
|
@ -115,7 +115,12 @@ in {
|
|||
};
|
||||
services.nginx.virtualHosts."hackerfleet.de-s" = {
|
||||
serverName = "hackerfleet.de";
|
||||
port = 443;
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 443;
|
||||
}
|
||||
];
|
||||
serverAliases = [
|
||||
"*.hackerfleet.de"
|
||||
];
|
||||
|
|
|
@ -31,7 +31,6 @@ in {
|
|||
} //
|
||||
genAttrs ext-doms (ext-dom: {
|
||||
nginx = {
|
||||
enableSSL = true;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
|
|
|
@ -25,12 +25,15 @@ in {
|
|||
environment = {
|
||||
DISPLAY = ":0";
|
||||
};
|
||||
path = with pkgs; [
|
||||
qt5.full
|
||||
];
|
||||
serviceConfig = {
|
||||
SyslogIdentifier = "copyq";
|
||||
ExecStart = "${pkgs.copyq}/bin/copyq";
|
||||
ExecStartPost = copyqConfig;
|
||||
Restart = "always";
|
||||
RestartSec = "2s";
|
||||
RestartSec = "15s";
|
||||
StartLimitBurst = 0;
|
||||
User = "lass";
|
||||
};
|
||||
|
|
44
lass/2configs/dcso-vpn.nix
Normal file
44
lass/2configs/dcso-vpn.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
with import <stockholm/lib>;
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
|
||||
users.extraUsers = {
|
||||
dcsovpn = rec {
|
||||
name = "dcsovpn";
|
||||
uid = genid "dcsovpn";
|
||||
description = "user for running dcso openvpn";
|
||||
home = "/home/${name}";
|
||||
};
|
||||
};
|
||||
|
||||
users.extraGroups.dcsovpn.gid = genid "dcsovpn";
|
||||
|
||||
services.openvpn.servers = {
|
||||
dcso = {
|
||||
config = ''
|
||||
client
|
||||
dev tun
|
||||
tun-mtu 1356
|
||||
mssfix
|
||||
proto udp
|
||||
float
|
||||
remote 217.111.55.41 1194
|
||||
nobind
|
||||
user dcsovpn
|
||||
group dcsovpn
|
||||
persist-key
|
||||
persist-tun
|
||||
ca ${toString <secrets/dcsovpn/ca.pem>}
|
||||
cert ${toString <secrets/dcsovpn/cert.pem>}
|
||||
key ${toString <secrets/dcsovpn/cert.key>}
|
||||
verb 3
|
||||
mute 20
|
||||
auth-user-pass ${toString <secrets/dcsovpn/login.txt>}
|
||||
route-method exe
|
||||
route-delay 2
|
||||
'';
|
||||
updateResolvConf = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,6 +3,6 @@
|
|||
with import <stockholm/lib>;
|
||||
{
|
||||
nix.gc = {
|
||||
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" ];
|
||||
automatic = ! elem config.krebs.build.host.name [ "prism" "mors" "helios" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
{
|
||||
krebs.per-user.lass.packages = with pkgs; [
|
||||
pass
|
||||
gnupg1
|
||||
gnupg
|
||||
];
|
||||
|
||||
programs.gnupg.agent.enable = true;
|
||||
}
|
||||
|
|
0
lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem
Normal file
0
lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem
Normal file
0
lass/2configs/tests/dummy-secrets/dcsovpn/cert.key
Normal file
0
lass/2configs/tests/dummy-secrets/dcsovpn/cert.key
Normal file
0
lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem
Normal file
0
lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem
Normal file
0
lass/2configs/tests/dummy-secrets/dcsovpn/login.txt
Normal file
0
lass/2configs/tests/dummy-secrets/dcsovpn/login.txt
Normal file
|
@ -73,17 +73,6 @@ in {
|
|||
allowKeysForGroup = true;
|
||||
group = "lasscert";
|
||||
};
|
||||
certs."cgit.lassul.us" = {
|
||||
email = "lassulus@gmail.com";
|
||||
webroot = "/var/lib/acme/acme-challenges";
|
||||
plugins = [
|
||||
"account_key.json"
|
||||
"key.pem"
|
||||
"fullchain.pem"
|
||||
];
|
||||
group = "nginx";
|
||||
allowKeysForGroup = true;
|
||||
};
|
||||
};
|
||||
|
||||
krebs.tinc_graphs.enable = true;
|
||||
|
@ -119,8 +108,8 @@ in {
|
|||
];
|
||||
|
||||
services.nginx.virtualHosts."lassul.us" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
serverAliases = [ "lassul.us" ];
|
||||
locations."/".extraConfig = ''
|
||||
root /srv/http/lassul.us;
|
||||
'';
|
||||
|
@ -158,30 +147,12 @@ in {
|
|||
in ''
|
||||
alias ${initscript};
|
||||
'';
|
||||
|
||||
enableSSL = true;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
'';
|
||||
sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.cgit = {
|
||||
serverAliases = [
|
||||
"cgit.lassul.us"
|
||||
];
|
||||
locations."/.well-known/acme-challenge".extraConfig = ''
|
||||
root /var/lib/acme/acme-challenges;
|
||||
'';
|
||||
enableSSL = true;
|
||||
extraConfig = ''
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
'';
|
||||
sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
|
||||
serverName = "cgit.lassul.us";
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
|
||||
users.users.blog = {
|
||||
|
|
|
@ -3,12 +3,13 @@
|
|||
{
|
||||
krebs.secret.files.mysql_rootPassword = {
|
||||
path = "${config.services.mysql.dataDir}/mysql_rootPassword";
|
||||
owner.name = "root";
|
||||
owner.name = "mysql";
|
||||
source-path = toString <secrets> + "/mysql_rootPassword";
|
||||
};
|
||||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
dataDir = "/var/mysql";
|
||||
package = pkgs.mariadb;
|
||||
rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
|
||||
};
|
||||
|
|
|
@ -21,6 +21,11 @@ in {
|
|||
];
|
||||
};
|
||||
|
||||
# mosh
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
|
||||
];
|
||||
|
||||
#systemd.services.chat = {
|
||||
# description = "chat environment setup";
|
||||
# after = [ "network.target" ];
|
||||
|
|
|
@ -5,7 +5,7 @@ let
|
|||
|
||||
in {
|
||||
krebs.per-user.wine.packages = with pkgs; [
|
||||
wineFull
|
||||
wine
|
||||
#(wineFull.override { wineBuild = "wine64"; })
|
||||
];
|
||||
users.users= {
|
||||
|
|
|
@ -1,93 +1,129 @@
|
|||
{ config, ... }: with import <stockholm/lib>; let
|
||||
cfg = config.lass.ejabberd;
|
||||
with import <stockholm/lib>;
|
||||
{ config, ... }: let
|
||||
|
||||
# XXX this is a placeholder that happens to work the default strings.
|
||||
toErlang = builtins.toJSON;
|
||||
in toFile "ejabberd.conf" ''
|
||||
{loglevel, 3}.
|
||||
{hosts, ${toErlang cfg.hosts}}.
|
||||
{listen,
|
||||
[
|
||||
{5222, ejabberd_c2s, [
|
||||
starttls,
|
||||
{certfile, ${toErlang cfg.certfile.path}},
|
||||
{access, c2s},
|
||||
{shaper, c2s_shaper},
|
||||
{max_stanza_size, 65536}
|
||||
]},
|
||||
{5269, ejabberd_s2s_in, [
|
||||
{shaper, s2s_shaper},
|
||||
{max_stanza_size, 131072}
|
||||
]},
|
||||
{5280, ejabberd_http, [
|
||||
captcha,
|
||||
http_bind,
|
||||
http_poll,
|
||||
web_admin
|
||||
]}
|
||||
]}.
|
||||
{s2s_use_starttls, required}.
|
||||
{s2s_certfile, ${toErlang cfg.s2s_certfile.path}}.
|
||||
{auth_method, internal}.
|
||||
{shaper, normal, {maxrate, 1000}}.
|
||||
{shaper, fast, {maxrate, 50000}}.
|
||||
{max_fsm_queue, 1000}.
|
||||
{acl, local, {user_regexp, ""}}.
|
||||
{access, max_user_sessions, [{10, all}]}.
|
||||
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
|
||||
{access, local, [{allow, local}]}.
|
||||
{access, c2s, [{deny, blocked},
|
||||
{allow, all}]}.
|
||||
{access, c2s_shaper, [{none, admin},
|
||||
{normal, all}]}.
|
||||
{access, s2s_shaper, [{fast, all}]}.
|
||||
{access, announce, [{allow, admin}]}.
|
||||
{access, configure, [{allow, admin}]}.
|
||||
{access, muc_admin, [{allow, admin}]}.
|
||||
{access, muc_create, [{allow, local}]}.
|
||||
{access, muc, [{allow, all}]}.
|
||||
{access, pubsub_createnode, [{allow, local}]}.
|
||||
{access, register, [{allow, local}]}.
|
||||
{language, "en"}.
|
||||
{modules,
|
||||
[
|
||||
{mod_adhoc, []},
|
||||
{mod_announce, [{access, announce}]},
|
||||
{mod_blocking,[]},
|
||||
{mod_caps, []},
|
||||
{mod_configure,[]},
|
||||
{mod_disco, []},
|
||||
{mod_irc, []},
|
||||
{mod_http_bind, []},
|
||||
{mod_last, []},
|
||||
{mod_muc, [
|
||||
{access, muc},
|
||||
{access_create, muc_create},
|
||||
{access_persistent, muc_create},
|
||||
{access_admin, muc_admin}
|
||||
]},
|
||||
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
|
||||
{mod_ping, []},
|
||||
{mod_privacy, []},
|
||||
{mod_private, []},
|
||||
{mod_pubsub, [
|
||||
{access_createnode, pubsub_createnode},
|
||||
{ignore_pep_from_offline, true},
|
||||
{last_item_cache, false},
|
||||
{plugins, ["flat", "hometree", "pep"]}
|
||||
]},
|
||||
{mod_register, [
|
||||
{welcome_message, {"Welcome!",
|
||||
"Hi.\nWelcome to this XMPP server."}},
|
||||
{ip_access, [{allow, "127.0.0.0/8"},
|
||||
{allow, "0.0.0.0/0"}]},
|
||||
{access, register}
|
||||
]},
|
||||
{mod_roster, []},
|
||||
{mod_shared_roster,[]},
|
||||
{mod_stats, []},
|
||||
{mod_time, []},
|
||||
{mod_vcard, []},
|
||||
{mod_version, []}
|
||||
]}.
|
||||
# See https://github.com/processone/ejabberd/blob/master/ejabberd.yml.example
|
||||
|
||||
ciphers = concatStringsSep ":" [
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384"
|
||||
"ECDHE-RSA-AES256-GCM-SHA384"
|
||||
"ECDHE-ECDSA-CHACHA20-POLY1305"
|
||||
"ECDHE-RSA-CHACHA20-POLY1305"
|
||||
"ECDHE-ECDSA-AES128-GCM-SHA256"
|
||||
"ECDHE-RSA-AES128-GCM-SHA256"
|
||||
"ECDHE-ECDSA-AES256-SHA384"
|
||||
"ECDHE-RSA-AES256-SHA384"
|
||||
"ECDHE-ECDSA-AES128-SHA256"
|
||||
"ECDHE-RSA-AES128-SHA256"
|
||||
];
|
||||
|
||||
protocol_options = [
|
||||
"no_sslv2"
|
||||
"no_sslv3"
|
||||
"no_tlsv1"
|
||||
"no_tlsv1_10"
|
||||
];
|
||||
|
||||
in /* yaml */ ''
|
||||
|
||||
access_rules:
|
||||
announce:
|
||||
- allow: admin
|
||||
local:
|
||||
- allow: local
|
||||
configure:
|
||||
- allow: admin
|
||||
register:
|
||||
- allow
|
||||
s2s:
|
||||
- allow
|
||||
trusted_network:
|
||||
- allow: loopback
|
||||
|
||||
acl:
|
||||
local:
|
||||
user_regexp: ""
|
||||
loopback:
|
||||
ip:
|
||||
- "127.0.0.0/8"
|
||||
- "::1/128"
|
||||
- "::FFFF:127.0.0.1/128"
|
||||
|
||||
hosts: ${toJSON config.hosts}
|
||||
|
||||
language: "en"
|
||||
|
||||
listen:
|
||||
-
|
||||
port: 5222
|
||||
ip: "::"
|
||||
module: ejabberd_c2s
|
||||
shaper: c2s_shaper
|
||||
certfile: ${toJSON config.certfile.path}
|
||||
ciphers: ${toJSON ciphers}
|
||||
dhfile: ${toJSON config.dhfile.path}
|
||||
protocol_options: ${toJSON protocol_options}
|
||||
starttls: true
|
||||
starttls_required: true
|
||||
tls: false
|
||||
tls_compression: false
|
||||
max_stanza_size: 65536
|
||||
-
|
||||
port: 5269
|
||||
ip: "::"
|
||||
module: ejabberd_s2s_in
|
||||
shaper: s2s_shaper
|
||||
max_stanza_size: 131072
|
||||
|
||||
loglevel: 4
|
||||
|
||||
modules:
|
||||
mod_adhoc: {}
|
||||
mod_admin_extra: {}
|
||||
mod_announce:
|
||||
access: announce
|
||||
mod_caps: {}
|
||||
mod_carboncopy: {}
|
||||
mod_client_state: {}
|
||||
mod_configure: {}
|
||||
mod_disco: {}
|
||||
mod_echo: {}
|
||||
mod_irc: {}
|
||||
mod_bosh: {}
|
||||
mod_last: {}
|
||||
mod_offline:
|
||||
access_max_user_messages: max_user_offline_messages
|
||||
mod_ping: {}
|
||||
mod_privacy: {}
|
||||
mod_private: {}
|
||||
mod_register:
|
||||
access_from: deny
|
||||
access: register
|
||||
ip_access: trusted_network
|
||||
registration_watchers: ${toJSON config.registration_watchers}
|
||||
mod_roster: {}
|
||||
mod_shared_roster: {}
|
||||
mod_stats: {}
|
||||
mod_time: {}
|
||||
mod_vcard:
|
||||
search: false
|
||||
mod_version: {}
|
||||
mod_http_api: {}
|
||||
|
||||
s2s_access: s2s
|
||||
s2s_certfile: ${toJSON config.s2s_certfile.path}
|
||||
s2s_ciphers: ${toJSON ciphers}
|
||||
s2s_dhfile: ${toJSON config.dhfile.path}
|
||||
s2s_protocol_options: ${toJSON protocol_options}
|
||||
s2s_tls_compression: false
|
||||
s2s_use_starttls: required
|
||||
|
||||
shaper_rules:
|
||||
max_user_offline_messages:
|
||||
- 5000: admin
|
||||
- 100
|
||||
max_user_sessions: 10
|
||||
c2s_shaper:
|
||||
- none: admin
|
||||
- normal
|
||||
s2s_shaper: fast
|
||||
''
|
||||
|
|
|
@ -1,5 +1,16 @@
|
|||
{ config, lib, pkgs, ... }@args: with import <stockholm/lib>; let
|
||||
cfg = config.lass.ejabberd;
|
||||
|
||||
gen-dhparam = pkgs.writeDash "gen-dhparam" ''
|
||||
set -efu
|
||||
path=$1
|
||||
bits=2048
|
||||
# TODO regenerate dhfile after some time?
|
||||
if ! test -e "$path"; then
|
||||
${pkgs.openssl}/bin/openssl dhparam "$bits" > "$path"
|
||||
fi
|
||||
'';
|
||||
|
||||
in {
|
||||
options.lass.ejabberd = {
|
||||
enable = mkEnableOption "lass.ejabberd";
|
||||
|
@ -11,20 +22,36 @@ in {
|
|||
source-path = "/var/lib/acme/lassul.us/full.pem";
|
||||
};
|
||||
};
|
||||
dhfile = mkOption {
|
||||
type = types.secret-file;
|
||||
default = {
|
||||
path = "${cfg.user.home}/dhparams.pem";
|
||||
owner = cfg.user;
|
||||
source-path = "/dev/null";
|
||||
};
|
||||
};
|
||||
hosts = mkOption {
|
||||
type = with types; listOf str;
|
||||
};
|
||||
pkgs.ejabberdctl = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.writeDashBin "ejabberdctl" ''
|
||||
set -efu
|
||||
export SPOOLDIR=${shell.escape cfg.user.home}
|
||||
export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
|
||||
exec ${pkgs.ejabberd}/bin/ejabberdctl \
|
||||
--config ${toFile "ejabberd.yaml" (import ./config.nix {
|
||||
inherit pkgs;
|
||||
config = cfg;
|
||||
})} \
|
||||
--logs ${shell.escape cfg.user.home} \
|
||||
--spool ${shell.escape cfg.user.home} \
|
||||
"$@"
|
||||
'';
|
||||
};
|
||||
registration_watchers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
config.krebs.users.tv.mail
|
||||
];
|
||||
};
|
||||
s2s_certfile = mkOption {
|
||||
type = types.secret-file;
|
||||
default = cfg.certfile;
|
||||
|
@ -50,12 +77,12 @@ in {
|
|||
requires = [ "secret.service" ];
|
||||
after = [ "network.target" "secret.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = "yes";
|
||||
PermissionsStartOnly = "true";
|
||||
ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
|
||||
ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
|
||||
PermissionsStartOnly = true;
|
||||
SyslogIdentifier = "ejabberd";
|
||||
User = cfg.user.name;
|
||||
ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl start";
|
||||
TimeoutStartSec = 60;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -4,9 +4,6 @@
|
|||
nixpkgs.config.packageOverrides = rec {
|
||||
acronym = pkgs.callPackage ./acronym/default.nix {};
|
||||
dpass = pkgs.callPackage ./dpass {};
|
||||
ejabberd = pkgs.callPackage ./ejabberd {
|
||||
erlang = pkgs.erlangR16;
|
||||
};
|
||||
firefoxPlugins = {
|
||||
noscript = pkgs.callPackage ./firefoxPlugins/noscript.nix {};
|
||||
ublock = pkgs.callPackage ./firefoxPlugins/ublock.nix {};
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
{stdenv, fetchurl, expat, erlang, zlib, openssl, pam, lib}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "2.1.13";
|
||||
name = "ejabberd-${version}";
|
||||
src = fetchurl {
|
||||
url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
|
||||
sha256 = "0vf8mfrx7vr3c5h3nfp3qcgwf2kmzq20rjv1h9sk3nimwir1q3d8";
|
||||
};
|
||||
buildInputs = [ expat erlang zlib openssl pam ];
|
||||
patchPhase = ''
|
||||
sed -i \
|
||||
-e "s|erl \\\|${erlang}/bin/erl \\\|" \
|
||||
-e 's|EXEC_CMD=\"sh -c\"|EXEC_CMD=\"${stdenv.shell} -c\"|' \
|
||||
src/ejabberdctl.template
|
||||
'';
|
||||
preConfigure = ''
|
||||
cd src
|
||||
'';
|
||||
configureFlags = ["--enable-pam"];
|
||||
|
||||
meta = {
|
||||
description = "Open-source XMPP application server written in Erlang";
|
||||
license = stdenv.lib.licenses.gpl2;
|
||||
homepage = http://www.ejabberd.im;
|
||||
maintainers = [ lib.maintainers.sander ];
|
||||
};
|
||||
}
|
|
@ -31,6 +31,7 @@ import XMonad.Actions.CycleWS (toggleWS)
|
|||
import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace, removeEmptyWorkspace)
|
||||
import XMonad.Actions.DynamicWorkspaces (withWorkspace)
|
||||
import XMonad.Actions.GridSelect (GSConfig(..), gridselectWorkspace, navNSearch)
|
||||
import XMonad.Actions.UpdatePointer (updatePointer)
|
||||
import XMonad.Hooks.FloatNext (floatNext)
|
||||
import XMonad.Hooks.FloatNext (floatNextHook)
|
||||
import XMonad.Hooks.ManageDocks (avoidStruts, ToggleStruts(ToggleStruts))
|
||||
|
@ -63,14 +64,15 @@ mainNoArgs = do
|
|||
xmonad'
|
||||
$ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
|
||||
$ def
|
||||
{ terminal = urxvtcPath
|
||||
, modMask = mod4Mask
|
||||
, layoutHook = smartBorders $ myLayoutHook
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||
{ terminal = urxvtcPath
|
||||
, modMask = mod4Mask
|
||||
, layoutHook = smartBorders $ myLayoutHook
|
||||
, logHook = updatePointer (0.25, 0.25) (0.25, 0.25)
|
||||
, manageHook = placeHook (smart (1,0)) <+> floatNextHook
|
||||
, normalBorderColor = "#1c1c1c"
|
||||
, focusedBorderColor = "#f000b0"
|
||||
, handleEventHook = handleShutdownEvent
|
||||
, workspaces = [ "dashboard" ]
|
||||
, handleEventHook = handleShutdownEvent
|
||||
, workspaces = [ "dashboard", "sys", "wp" ]
|
||||
} `additionalKeysP` myKeyMap
|
||||
|
||||
myLayoutHook = defLayout
|
||||
|
@ -119,7 +121,7 @@ myKeyMap =
|
|||
, ("M4-f", floatNext True)
|
||||
, ("M4-b", sendMessage ToggleStruts)
|
||||
|
||||
, ("M4-v", withWorkspace autoXPConfig (windows . W.view))
|
||||
, ("M4-v", withWorkspace autoXPConfig (windows . W.greedyView))
|
||||
, ("M4-S-v", withWorkspace autoXPConfig (windows . W.shift))
|
||||
, ("M4-C-v", withWorkspace autoXPConfig (windows . copy))
|
||||
|
||||
|
@ -131,12 +133,12 @@ myKeyMap =
|
|||
|
||||
, ("M4-S-q", return ())
|
||||
|
||||
, ("M4-w", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
|
||||
, ("M4-d", floatNext True >> spawn "${pkgs.copyq}/bin/copyq show")
|
||||
|
||||
, ("M4-<F1>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
|
||||
, ("M4-<F2>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
|
||||
, ("M4-<F3>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
|
||||
, ("M4-<F4>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
|
||||
, ("M4-<F5>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 1")
|
||||
, ("M4-<F6>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 10")
|
||||
, ("M4-<F7>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 33")
|
||||
, ("M4-<F8>", spawn "${pkgs.xorg.xbacklight}/bin/xbacklight -set 100")
|
||||
]
|
||||
|
||||
forkFile :: FilePath -> [String] -> Maybe [(String, String)] -> X ()
|
||||
|
|
|
@ -9,13 +9,8 @@ in
|
|||
{
|
||||
nixos-config.symlink = "stockholm/lass/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
url = http://cgit.lassul.us/nixpkgs;
|
||||
# nixos-17.03
|
||||
# + copytoram:
|
||||
# 87a4615 & 334ac4f
|
||||
# + acme permissions for groups
|
||||
# fd7a8f1
|
||||
ref = "2d3b4fe";
|
||||
url = https://github.com/nixos/nixpkgs;
|
||||
ref = "1987983";
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
buildbot = toString <stockholm/lass/2configs/tests/dummy-secrets>;
|
||||
|
|
|
@ -9,8 +9,8 @@ in
|
|||
{
|
||||
nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
# nixos-17.03
|
||||
ref = mkDefault "3d04a557b72aa0987d9bf079e1445280b6bfd907";
|
||||
# nixos-17.09
|
||||
ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import <stockholm/tv/source.nix> {
|
||||
name = "alnus";
|
||||
override.nixpkgs.git.ref = "9b948ea439ddbaa26740ce35543e7e35d2aa6d18";
|
||||
override.nixpkgs.git.ref = "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
|
||||
}
|
||||
|
|
|
@ -52,11 +52,13 @@ with import <stockholm/lib>;
|
|||
networking.networkmanager.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
(pkgs.kdeApplications.callPackage
|
||||
(import <nixpkgs/pkgs/applications/kde/kde-locale-5.nix> "de" {})
|
||||
{})
|
||||
chromium
|
||||
firefoxWrapper
|
||||
gimp
|
||||
iptables
|
||||
kdeApplications.l10n.de.qt5
|
||||
libreoffice
|
||||
pidginotr
|
||||
pidgin-with-plugins
|
||||
|
|
|
@ -45,5 +45,4 @@ with import <stockholm/lib>;
|
|||
];
|
||||
};
|
||||
|
||||
systemd.services.cups.serviceConfig.PrivateTmp = true;
|
||||
}
|
||||
|
|
|
@ -100,7 +100,7 @@ let {
|
|||
);
|
||||
|
||||
irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate {
|
||||
channel = "#krebs";
|
||||
channel = "#xxx";
|
||||
# TODO make nick = config.krebs.build.host.name the default
|
||||
nick = config.krebs.build.host.name;
|
||||
server = "irc.r";
|
||||
|
|
|
@ -13,6 +13,14 @@ foldl' mergeAttrs {}
|
|||
//
|
||||
|
||||
{
|
||||
brscan4 = overrideDerivation super.brscan4 (original: rec {
|
||||
name = "brscan4-0.4.4-4";
|
||||
src = super.fetchurl {
|
||||
url = "http://download.brother.com/welcome/dlf006645/${name}.amd64.deb";
|
||||
sha256 = "0xy5px96y1saq9l80vwvfn6anr2q42qlxdhm6ci2a0diwib5q9fd";
|
||||
};
|
||||
});
|
||||
|
||||
# TODO use XDG_RUNTIME_DIR?
|
||||
cr = self.writeDashBin "cr" ''
|
||||
set -efu
|
||||
|
@ -32,7 +40,7 @@ foldl' mergeAttrs {}
|
|||
exec ${self.firefoxWrapper}/bin/firefox "$@"
|
||||
'';
|
||||
|
||||
gnupg = self.gnupg21;
|
||||
gnupg = self.gnupg22;
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/16113
|
||||
wvdial = let
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
{ coreutils, dpkg, fetchurl, gnugrep, gnused, makeWrapper, mfcl2700dnlpr,
|
||||
perl, stdenv }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "mfcl2700dncupswrapper-${meta.version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://download.brother.com/welcome/dlf102086/${name}.i386.deb";
|
||||
sha256 = "07w48mah0xbv4h8vsh1qd5cd4b463bx8y6gc5x9pfgsxsy6h6da1";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ dpkg makeWrapper ];
|
||||
|
||||
phases = [ "installPhase" ];
|
||||
|
||||
installPhase = ''
|
||||
dpkg-deb -x $src $out
|
||||
|
||||
basedir=${mfcl2700dnlpr}/opt/brother/Printers/MFCL2700DN
|
||||
dir=$out/opt/brother/Printers/MFCL2700DN
|
||||
|
||||
substituteInPlace $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \
|
||||
--replace /usr/bin/perl ${perl}/bin/perl \
|
||||
--replace "basedir =~" "basedir = \"$basedir\"; #" \
|
||||
--replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #"
|
||||
|
||||
wrapProgram $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \
|
||||
--prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gnugrep gnused ]}
|
||||
|
||||
mkdir -p $out/lib/cups/filter
|
||||
mkdir -p $out/share/cups/model
|
||||
|
||||
ln $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN $out/lib/cups/filter
|
||||
ln $dir/cupswrapper/brother-MFCL2700DN-cups-en.ppd $out/share/cups/model
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "Brother MFC-L2700DN CUPS wrapper driver";
|
||||
homepage = "http://www.brother.com/";
|
||||
license = stdenv.lib.licenses.gpl2Plus;
|
||||
maintainers = [ stdenv.lib.maintainers.tv ];
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
version = "3.2.0-1";
|
||||
};
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
{ coreutils, dpkg, fetchurl, ghostscript, gnugrep, gnused, pkgsi686Linux, makeWrapper, perl, stdenv, which }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "mfcl2700dnlpr-${meta.version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://download.brother.com/welcome/dlf102085/${name}.i386.deb";
|
||||
sha256 = "170qdzxlqikzvv2wphvfb37m19mn13az4aj88md87ka3rl5knk4m";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ dpkg makeWrapper ];
|
||||
|
||||
phases = [ "installPhase" ];
|
||||
|
||||
installPhase = ''
|
||||
dpkg-deb -x $src $out
|
||||
|
||||
dir=$out/opt/brother/Printers/MFCL2700DN
|
||||
|
||||
substituteInPlace $dir/lpd/filter_MFCL2700DN \
|
||||
--replace /usr/bin/perl ${perl}/bin/perl \
|
||||
--replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$dir\"; #" \
|
||||
--replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #"
|
||||
|
||||
wrapProgram $dir/lpd/filter_MFCL2700DN \
|
||||
--prefix PATH : ${stdenv.lib.makeBinPath [
|
||||
coreutils ghostscript gnugrep gnused which
|
||||
]}
|
||||
|
||||
interpreter=${pkgsi686Linux.stdenv.cc.libc.out}/lib/ld-linux.so.2
|
||||
patchelf --set-interpreter "$interpreter" $dir/inf/braddprinter
|
||||
patchelf --set-interpreter "$interpreter" $dir/lpd/brprintconflsr3
|
||||
patchelf --set-interpreter "$interpreter" $dir/lpd/rawtobr3
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "Brother MFC-L2700DN LPR driver";
|
||||
homepage = "http://www.brother.com/";
|
||||
license = stdenv.lib.licenses.unfree;
|
||||
maintainers = [ stdenv.lib.maintainers.tv ];
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
version = "3.2.0-1";
|
||||
};
|
||||
}
|
|
@ -9,8 +9,8 @@ in
|
|||
{
|
||||
nixos-config.symlink = "stockholm/tv/1systems/${name}/config.nix";
|
||||
nixpkgs.git = {
|
||||
# nixos-17.03
|
||||
ref = mkDefault "94941cb0455bfc50b1bf63186cfad7136d629f78";
|
||||
# nixos-17.09
|
||||
ref = mkDefault "d0f0657ca06cc8cb239cb94f430b53bcdf755887";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
secrets.file = getAttr builder {
|
||||
|
|
Loading…
Reference in a new issue