From dc3f3588b5465cef10b1798e7d294f4bc2f88e4b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 19 Sep 2016 11:47:02 +0200
Subject: [PATCH 01/30] explicitly run rfkill package
---
makefu/2configs/hw/tp-x2x0.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 9047cfb66..368465a8b 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -38,4 +38,8 @@ with config.krebs.lib;
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=30
'';
+
+ powerManagement.resumeCommands = ''
+ {pkgs.rfkill}/bin/rfkill unblock all
+ '';
}
From 1748e6ceef2c4c0b9cd25c11ac910af3164381b8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 28 Sep 2016 12:44:17 +0200
Subject: [PATCH 02/30] m 5 mergerfs: 2.14.0 -> 2.16.1
---
makefu/5pkgs/mergerfs/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/5pkgs/mergerfs/default.nix b/makefu/5pkgs/mergerfs/default.nix
index 64e8fc671..cfb7b0ae7 100644
--- a/makefu/5pkgs/mergerfs/default.nix
+++ b/makefu/5pkgs/mergerfs/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
name = "mergerfs-${version}";
- version = "2.14.0";
+ version = "2.16.1";
# not using fetchFromGitHub because of changelog being built with git log
src = fetchgit {
url = "https://github.com/trapexit/mergerfs";
rev = "refs/tags/${version}";
- sha256 = "0j5r96xddlj5gp3n1xhfwjmr6yf861xg3hgby4p078c8zfriq5rm";
+ sha256 = "12fqgk54fnnibqiq82p4g2k6qnw3iy6dd64csmlf73yi67za5iwf";
deepClone = true;
};
From 08c98a00ed75a49a34b1f0079954cd65ce2e1e1c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 13 Oct 2016 21:20:33 +0200
Subject: [PATCH 03/30] Revert "k 3 buildbot: remove override (upstream fix)"
This reverts commit 252bac92e877e0f14dbdd83a9c54ba02fe937069.
because buildbot is broken again
---
krebs/3modules/buildbot/master.nix | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 5dde50ea4..bd17c3765 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -3,8 +3,15 @@
with config.krebs.lib;
let
- buildbot = pkgs.buildbot;
- buildbot-master-config = pkgs.writePython2 "buildbot-master.cfg" ''
+ # https://github.com/NixOS/nixpkgs/issues/14026
+ nixpkgs-fix = import (pkgs.fetchgit {
+ url = https://github.com/nixos/nixpkgs;
+ rev = "e026b5c243ea39810826e68362718f5d703fb5d0";
+ sha256 = "87e0724910a6df0371f883f99a8cf42e366fb4119f676f6f74ffb404beca2632";
+ }) {};
+
+ buildbot = nixpkgs-fix.buildbot;
+ buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
# -*- python -*-
from buildbot.plugins import *
import re
From b7cba0244358beb61aaab135cbe62c331ab6c900 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 13 Oct 2016 21:49:04 +0200
Subject: [PATCH 04/30] lib: don't define defaults that require config
---
krebs/4lib/default.nix | 1 -
krebs/4lib/types.nix | 13 +------------
2 files changed, 1 insertion(+), 13 deletions(-)
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix
index 3f224edd1..c40b9a868 100644
--- a/krebs/4lib/default.nix
+++ b/krebs/4lib/default.nix
@@ -19,7 +19,6 @@ let out = lib // rec {
]));
types = import ./types.nix {
- inherit config;
lib = lib // { inherit genid optionalTrace; };
};
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix
index 02ca2b8db..8d6ace2e5 100644
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@@ -1,14 +1,9 @@
-{ config, lib, ... }:
+{ lib, ... }:
with builtins;
with lib;
with types;
-let
- # Inherited attributes are used in submodules that have their own `config`.
- inherit (config.krebs) build users;
-in
-
types // rec {
host = submodule ({ config, ... }: {
@@ -27,7 +22,6 @@ types // rec {
owner = mkOption {
type = user;
- default = users.krebs;
};
extraZones = mkOption {
@@ -49,10 +43,6 @@ types // rec {
ssh.pubkey = mkOption {
type = nullOr ssh-pubkey;
default = null;
- apply = x:
- optionalTrace (x == null && config.owner.name == build.user.name)
- "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused."
- x;
};
ssh.privkey = mkOption {
type = nullOr ssh-privkey;
@@ -187,7 +177,6 @@ types // rec {
};
owner = mkOption {
type = user;
- default = users.root;
};
group-name = mkOption {
type = str;
From f81a021f0ccf900d8fdcc2c414ebac528f043760 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 13 Oct 2016 21:53:20 +0200
Subject: [PATCH 05/30] tv q: print TODOs first
---
tv/5pkgs/q/default.nix | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/tv/5pkgs/q/default.nix b/tv/5pkgs/q/default.nix
index b19402fa4..f923950f0 100644
--- a/tv/5pkgs/q/default.nix
+++ b/tv/5pkgs/q/default.nix
@@ -178,6 +178,11 @@ in
pkgs.writeBashBin "q" ''
set -eu
export PATH=/var/empty
+ (${q-todo}) || :
+ if [ "$PWD" != "$HOME" ]; then
+ (HOME=$PWD; ${q-todo}) || :
+ fi
+ echo
${q-cal}
echo
${q-isodate}
@@ -189,8 +194,4 @@ pkgs.writeBashBin "q" ''
(${q-online}) &
(${q-thermal_zone}) &
wait
- ${q-todo}
- if [ "$PWD" != "$HOME" ]; then
- (HOME=$PWD; ${q-todo})
- fi
''
From 9fb29a7030a168046983457f6f7cf9d943661c06 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 13 Oct 2016 21:57:08 +0200
Subject: [PATCH 06/30] xu: mount /bku
---
tv/1systems/xu.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index 119399ac2..85ac23e9d 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -138,6 +138,11 @@ with config.krebs.lib;
fsType = "btrfs";
options = ["defaults" "noatime" "ssd" "compress=lzo"];
};
+ "/bku" = {
+ device = "/dev/mapper/xuvga-bku";
+ fsType = "btrfs";
+ options = ["defaults" "noatime" "ssd" "compress=lzo"];
+ };
"/home" = {
device = "/dev/mapper/xuvga-home";
fsType = "btrfs";
From f82013c2c60d63f1867add9089076df78bd25af0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 12:17:04 +0200
Subject: [PATCH 07/30] m 2 elchos: init
---
makefu/2configs/elchos/stats.nix | 96 ++++++++++++++++++++++++++++++++
makefu/2configs/urlwatch.nix | 2 +
2 files changed, 98 insertions(+)
create mode 100644 makefu/2configs/elchos/stats.nix
diff --git a/makefu/2configs/elchos/stats.nix b/makefu/2configs/elchos/stats.nix
new file mode 100644
index 000000000..0282b04cf
--- /dev/null
+++ b/makefu/2configs/elchos/stats.nix
@@ -0,0 +1,96 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+with config.krebs.lib;
+let
+ sec = toString <secrets>;
+ acmepath = "/var/lib/acme/";
+ acmechall = acmepath + "/challenges/";
+ ext-dom = "stats.nsupdate.info";
+ #ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+ #ssl_key = "${sec}/wildcard.krebsco.de.key";
+ ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem";
+ ssl_key = "${acmepath}/${ext-dom}/key.pem";
+in {
+ networking.firewall = {
+ allowedTCPPorts = [ 2003 80 443 ];
+ allowedUDPPorts = [ 2003 ];
+ };
+
+ services.grafana = {
+ enable = true;
+ addr = "127.0.0.1";
+ extraOptions = { "AUTH_ANONYMOUS_ENABLED" = "true"; };
+ users.allowSignUp = false;
+ users.allowOrgCreate = false;
+ users.autoAssignOrg = false;
+ security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.elch-stats = {
+ server-names = [ ext-dom ];
+ listen = [ "80" "443 ssl" ];
+ ssl = {
+ enable = true;
+ # these certs will be needed if acme has not yet created certificates:
+ certificate = ssl_cert;
+ certificate_key = ssl_key;
+ force_encryption = true;
+ };
+
+ locations = [
+ (nameValuePair "/" ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:3000/;
+ '')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root ${acmechall}/${ext-dom}/;
+ '')
+ ];
+ };
+ };
+
+ security.acme.certs."${ext-dom}" = {
+ email = "acme@syntax-fehler.de";
+ webroot = "${acmechall}/${ext-dom}/";
+ group = "nginx";
+ allowKeysForGroup = true;
+ postRun = "systemctl reload nginx.service";
+ extraDomains."${ext-dom}" = null ;
+ };
+
+ services.graphite = {
+ web = {
+ enable = true;
+ host = "127.0.0.1";
+ port = 8080;
+ };
+ carbon = {
+ enableCache = true;
+ # save disk usage by restricting to 1 bulk update per second
+ config = ''
+ [cache]
+ MAX_CACHE_SIZE = inf
+ MAX_UPDATES_PER_SECOND = 1
+ MAX_CREATES_PER_MINUTE = 500
+ '';
+ storageSchemas = ''
+ [carbon]
+ pattern = ^carbon\.
+ retentions = 60:90d
+
+ [elchos]
+ patterhn = ^elchos\.
+ retention = 10s:30d,60s:1y
+
+ [default]
+ pattern = .*
+ retentions = 30s:30d,300s:1y
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index e0fbefa36..189167f71 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -14,6 +14,8 @@
https://pypi.python.org/simple/xstatic/
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
+ https://github.com/amadvance/snapraid/releases.atom
+ https://erdgeist.org/gitweb/opentracker/log/
];
};
}
From cd506f30fac481e95637fa8dfa62cb4cdc27e3e4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 12:17:32 +0200
Subject: [PATCH 08/30] m 2 backup: working config
---
makefu/2configs/backup.nix | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/makefu/2configs/backup.nix b/makefu/2configs/backup.nix
index 6f79ed4f4..57fd7a64d 100644
--- a/makefu/2configs/backup.nix
+++ b/makefu/2configs/backup.nix
@@ -1,6 +1,10 @@
{ config, lib, ... }:
with config.krebs.lib;
let
+ # preparation:
+ # mkdir -p defaultBackupDir/host.name/src
+ # as root on omo:
+ # ssh-copy-id root@src
startAt = "0,6,12,18:00";
defaultBackupServer = config.krebs.hosts.omo;
defaultBackupDir = "/home/backup";
@@ -12,7 +16,7 @@ let
};
dst = {
host = defaultBackupServer;
- path = defaultBackupDir + src;
+ path = "${defaultBackupDir}/${host.name}${src}";
};
startAt = "0,6,12,18:00";
snapshots = {
@@ -25,6 +29,6 @@ let
};
in {
krebs.backup.plans = {
- wry-to-omo_var-www = defaultPull wry "/var/www";
+ wry-to-omo_var-www = defaultPull config.krebs.hosts.wry "/";
};
}
From ccd89b19f3fbbb6acb94be8f9f54d4e673ee33dc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 12:31:13 +0200
Subject: [PATCH 09/30] m *: minor changes
---
makefu/1systems/filepimp.nix | 5 +++++
makefu/1systems/gum.nix | 1 +
makefu/1systems/omo.nix | 1 +
makefu/1systems/wbob.nix | 4 ++++
makefu/1systems/wry.nix | 4 +++-
makefu/1systems/x.nix | 3 +--
makefu/2configs/base-gui.nix | 1 -
makefu/2configs/filepimp-share.nix | 33 ++++++++++++++++++++++++++++++
makefu/2configs/hw/tp-x220.nix | 2 +-
makefu/2configs/iodined.nix | 3 ++-
makefu/2configs/nginx/icecult.nix | 28 +++++++++++++++++++++++++
makefu/2configs/rad1o.nix | 2 +-
makefu/2configs/solr.nix | 24 ++++++++++++++++++++++
makefu/2configs/urlwatch.nix | 2 +-
14 files changed, 105 insertions(+), 8 deletions(-)
create mode 100644 makefu/2configs/filepimp-share.nix
create mode 100644 makefu/2configs/nginx/icecult.nix
create mode 100644 makefu/2configs/solr.nix
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index 4037f693d..0fabf6d93 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -24,7 +24,9 @@ in {
../2configs/fs/single-partition-ext4.nix
../2configs/smart-monitor.nix
../2configs/tinc/retiolum.nix
+ ../2configs/filepimp-share.nix
];
+
krebs.build.host = config.krebs.hosts.filepimp;
# AMD N54L
boot = {
@@ -76,6 +78,9 @@ in {
(xfsmount "j2" (part1 jDisk2)) //
(xfsmount "par0" (part1 jDisk3))
;
+
+ networking.firewall.trustedInterfaces = [ primary-interface ];
+
services.wakeonlan.interfaces = [
{
interface = primary-interface;
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 401ec6093..20731c847 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -22,6 +22,7 @@ in {
../2configs/tinc/retiolum.nix
../2configs/urlwatch.nix
../2configs/torrent.nix
+ ../2configs/graphite-standalone.nix
../2configs/sabnzbd.nix
../2configs/opentracker.nix
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 71fb85ff6..2e09e345e 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -44,6 +44,7 @@ in {
../2configs/fs/sda-crypto-root.nix
../2configs/zsh-user.nix
../2configs/urlwatch.nix
+ ../2configs/backup.nix
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index ff176edd9..184f74147 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -55,6 +55,10 @@ in {
# rt2870 with nonfree creates wlp2s0 from wlp0s20u2
# not explicitly setting the interface results in wpa_supplicant to crash
networking.wireless.interfaces = [ "wlp2s0" ];
+ networking.interfaces.virbr1.ip4 = [{
+ address = "10.8.8.11";
+ prefixLength = 24;
+ }];
# nuc hardware
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 81cd362e6..238b740a6 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -16,13 +16,15 @@ in {
../2configs/bepasty-dual.nix
../2configs/iodined.nix
-
+ ../2configs/backup.nix
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
../2configs/nginx/euer.test.nix
+ #../2configs/elchos/stats.nix
+
# collectd
# ../2configs/collectd/collectd-base.nix
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 0243856ab..00eca87c4 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -63,11 +63,10 @@
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 ];
+ networking.firewall.allowedTCPPorts = [ 80 24800 26061 8000 3000 ];
networking.firewall.allowedUDPPorts = [ 665 26061 ];
krebs.build.host = config.krebs.hosts.x;
- krebs.hosts.omo.nets.retiolum.via.ip4.addr = "192.168.1.11";
krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" ];
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index b039c12ca..cbc3efbac 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -82,7 +82,6 @@ in
URxvt.perl-ext: default,url-select
URxvt.keysym.M-u: perl:url-select:select_next
- #URxvt.url-select.launcher: firefox -new-tab
URxvt.url-select.launcher: chromium
URxvt.url-select.underline: true
URxvt.searchable-scrollback: CM-s
diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix
new file mode 100644
index 000000000..23fa8da08
--- /dev/null
+++ b/makefu/2configs/filepimp-share.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ hostname = config.krebs.build.host.name;
+in {
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/var/empty";
+ };
+ services.samba = {
+ enable = true;
+ shares = {
+ media = {
+ path = "/media/";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+}
diff --git a/makefu/2configs/hw/tp-x220.nix b/makefu/2configs/hw/tp-x220.nix
index 58390e48d..2ec531e56 100644
--- a/makefu/2configs/hw/tp-x220.nix
+++ b/makefu/2configs/hw/tp-x220.nix
@@ -5,7 +5,7 @@ with config.krebs.lib;
imports = [ ./tp-x2x0.nix ];
boot = {
- kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" ];
+ kernelModules = [ "kvm-intel" "acpi_call" "tpm-rng" "tp_smapi" ];
extraModulePackages = [ config.boot.kernelPackages.tp_smapi ];
};
hardware.opengl.extraPackages = [ pkgs.vaapiIntel pkgs.vaapiVdpau ];
diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix
index ca489d073..b1446eab4 100644
--- a/makefu/2configs/iodined.nix
+++ b/makefu/2configs/iodined.nix
@@ -5,8 +5,9 @@ let
domain = "io.krebsco.de";
pw = import <secrets/iodinepw.nix>;
in {
+ networking.firewall.allowedUDPPorts = [ 53 ];
- services.iodined = {
+ services.iodine = {
server = {
enable = true;
domain = domain;
diff --git a/makefu/2configs/nginx/icecult.nix b/makefu/2configs/nginx/icecult.nix
new file mode 100644
index 000000000..a11f92af7
--- /dev/null
+++ b/makefu/2configs/nginx/icecult.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, lib, ... }:
+
+with config.krebs.lib;
+
+let
+ icecult = pkgs.fetchFromGitHub {
+ owner = "kraiz";
+ repo = "icecult";
+ rev = "1942d43381a97f30111a48725f7532c343a6f4d7";
+ sha256 = "0l8q7kw3w1kpvmy8hza9vr5liiycivbljkmwpacaifbay5y98z58";
+ };
+in{
+ krebs.nginx = {
+ enable = true;
+ servers.default = {
+ extraConfig = ''
+ root ${icecult}/app;
+ '';
+ locations = [
+ (nameValuePair "/rpc" ''
+ rewrite /rpc/(.*) /$1 break;
+ proxy_http_version 1.1;
+ proxy_pass http://10.42.22.163:3121;
+ '')
+ ];
+ };
+ };
+}
diff --git a/makefu/2configs/rad1o.nix b/makefu/2configs/rad1o.nix
index 03bb9bc7e..6eca69e0c 100644
--- a/makefu/2configs/rad1o.nix
+++ b/makefu/2configs/rad1o.nix
@@ -3,7 +3,7 @@
{
environment.systemPackages = with pkgs; [
- gnuradio-full
+ gnuradio-with-packages
gnuradio-osmosdr
gqrx
];
diff --git a/makefu/2configs/solr.nix b/makefu/2configs/solr.nix
new file mode 100644
index 000000000..cad9eabc1
--- /dev/null
+++ b/makefu/2configs/solr.nix
@@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+with config.krebs.lib;
+let
+ solrHome = "/var/db/solr";
+in {
+ imports = [ ];
+ users.users.solr = {
+ home = solrHome;
+ uid = genid "solr";
+ createHome = true;
+ group = "solr";
+ };
+ users.groups.solr.gid = genid "solr";
+
+ services.solr = {
+ enable = true;
+ inherit solrHome;
+ user = "solr";
+ group = "solr";
+ };
+}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index 189167f71..0d8f888fa 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -15,7 +15,7 @@
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
https://github.com/amadvance/snapraid/releases.atom
- https://erdgeist.org/gitweb/opentracker/log/
+ https://erdgeist.org/gitweb/opentracker/commit/
];
};
}
From 591b8793e31d9f698e4a55a563ab0ca227e4813d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 12:33:15 +0200
Subject: [PATCH 10/30] k 3 rtorrent: with 16.09 tmux provides explicit .bin
output
---
krebs/3modules/rtorrent.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index d53482339..bc65739ea 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -223,7 +223,7 @@ let
touch ${systemd-logfile}
cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc
'';
- ExecStart = "${pkgs.tmux}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'";
+ ExecStart = "${pkgs.tmux.bin}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'";
## you can simply sudo -u rtorrent tmux a if privateTmp is set to false
## otherwise the tmux session is stored in some private folder in /tmp
From 7ebecdc99cd9a1ad9ec7c047348e6ea6faf566c5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 12:33:56 +0200
Subject: [PATCH 11/30] k 3 m: init sdev, use ssh secrets
---
krebs/3modules/makefu/default.nix | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index f5190b6ba..e79e54aa6 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -374,8 +374,8 @@ with config.krebs.lib;
'';
};
};
- #ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
- #ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBGboU/P00yYiwYje53G0oqDFWmcSJ+hIpMsl4f/HH";
};
wbob = rec {
cores = 1;
@@ -512,6 +512,32 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
+ sdev = rec {
+ cores = 1;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtm6ETzNgLcXNkrKs2VUEiGsTKBmOFpW2fazbzdUfOg sdev";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.83.237";
+ ip6.addr = "42:af50:99cf:c185:f1a8:14d5:acb:8101";
+ aliases = [
+ "sdev.retiolum"
+ "sdev.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA8BwHwQ4pLZpskVnQONJsmzRPll4ZKMjAC56sY5p+GfT9ZBMkVDn+
+ LeH9wuTRiX/ehgtBiyu8w37cz62hz/71H+3mnWJlTm9bbBTc5N0y8l9b+YYeExW4
+ XPm4bUbJWKNRG9tHQAns/OREYDsHLsY6UoyNFmB0wTDpgs7egDCoe7E2eT+pG428
+ ysCDYlaZaigOyW+bj/HFLj8FSfpF5C/ug7NE/D7QocadsRUiLtVYrJsfmT+KHWf+
+ f5rLWLvuFiz1SWf7wZ9sICF3RCaC9Qhz7zplgHbvwbOHtF+Z/6DxduRMkggZUsUD
+ nm+40Ex1XJTe+s4V4GKLgh/fDKBTS6JwewIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
# non-stockholm
From 564d5bc37d8533f0d1d3c31a87cd4a32c9451d20 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 14:55:27 +0200
Subject: [PATCH 12/30] k 3 rtorrent: revert .bin
---
krebs/3modules/rtorrent.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index bc65739ea..d53482339 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -223,7 +223,7 @@ let
touch ${systemd-logfile}
cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc
'';
- ExecStart = "${pkgs.tmux.bin}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'";
+ ExecStart = "${pkgs.tmux}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'";
## you can simply sudo -u rtorrent tmux a if privateTmp is set to false
## otherwise the tmux session is stored in some private folder in /tmp
From e3cce01913c6a22946cc01438079bc3410ded9b2 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 14:58:46 +0200
Subject: [PATCH 13/30] l: add lassulus-blog config, repair ssl for cgit
---
lass/1systems/prism.nix | 49 +---------------
lass/2configs/websites/lassulus.nix | 91 +++++++++++++++++++++++++++++
2 files changed, 92 insertions(+), 48 deletions(-)
create mode 100644 lass/2configs/websites/lassulus.nix
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 51d106b5e..9fa210d08 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -24,26 +24,6 @@ in {
../2configs/repo-sync.nix
../2configs/binary-cache/server.nix
../2configs/iodined.nix
- {
- imports = [
- ../2configs/git.nix
- ];
- krebs.nginx.servers.cgit = {
- server-names = [
- "cgit.lassul.us"
- ];
- locations = [
- (nameValuePair "/.well-known/acme-challenge" ''
- root /var/lib/acme/challenges/cgit.lassul.us/;
- '')
- ];
- ssl = {
- enable = true;
- certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
- certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
- };
- };
- }
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
@@ -174,6 +154,7 @@ in {
imports = [
../2configs/websites/wohnprojekt-rhh.de.nix
../2configs/websites/domsen.nix
+ ../2configs/websites/lassulus.nix
];
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport http"; target = "ACCEPT"; }
@@ -186,34 +167,6 @@ in {
};
}
{
- security.acme = {
- certs."lassul.us" = {
- email = "lass@lassul.us";
- webroot = "/var/lib/acme/challenges/lassul.us";
- plugins = [
- "account_key.json"
- "key.pem"
- "fullchain.pem"
- "full.pem"
- ];
- allowKeysForGroup = true;
- group = "lasscert";
- };
- };
- users.groups.lasscert.members = [
- "dovecot2"
- "ejabberd"
- "exim"
- "nginx"
- ];
- krebs.nginx.servers."lassul.us" = {
- server-names = [ "lassul.us" ];
- locations = [
- (lib.nameValuePair "/.well-known/acme-challenge" ''
- root /var/lib/acme/challenges/lassul.us/;
- '')
- ];
- };
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
new file mode 100644
index 000000000..04c19fad0
--- /dev/null
+++ b/lass/2configs/websites/lassulus.nix
@@ -0,0 +1,91 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ inherit (import <stockholm/krebs/4lib> { config = {}; inherit lib; })
+ genid
+ ;
+
+in {
+ imports = [
+ ../git.nix
+ ];
+
+ security.acme = {
+ certs."lassul.us" = {
+ email = "lass@lassul.us";
+ webroot = "/var/lib/acme/challenges/lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ "full.pem"
+ ];
+ allowKeysForGroup = true;
+ group = "lasscert";
+ };
+ certs."cgit.lassul.us" = {
+ email = "lassulus@gmail.com";
+ webroot = "/var/lib/acme/challenges/cgit.lassul.us";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ group = "nginx";
+ allowKeysForGroup = true;
+ };
+ };
+
+ users.groups.lasscert.members = [
+ "dovecot2"
+ "ejabberd"
+ "exim"
+ "nginx"
+ ];
+
+ krebs.nginx.servers."lassul.us" = {
+ server-names = [ "lassul.us" ];
+ locations = [
+ (nameValuePair "/" ''
+ root /srv/http/lassul.us;
+ '')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/lassul.us/key.pem";
+ };
+ };
+
+ krebs.nginx.servers.cgit = {
+ server-names = [
+ "cgit.lassul.us"
+ ];
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/cgit.lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+ };
+ };
+
+ users.users.blog = {
+ uid = genid "blog";
+ description = "lassul.us blog deployment";
+ home = "/srv/http/lassul.us";
+ useDefaultShell = true;
+ createHome = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
+ ];
+ };
+}
+
From c47b5e3d8b2a9a7215a74b5b9f63b52ceb170c2f Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 14:59:12 +0200
Subject: [PATCH 14/30] l 2 baseX: add youtube-tools to pkgs
---
lass/2configs/baseX.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 2649ecab9..4b05e3296 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -49,6 +49,8 @@ in {
mpv-poll
yt-next
+
+ youtube-tools
#window manager stuff
#haskellPackages.xmobar
#haskellPackages.yeganesh
From 0bc0ccf58c4c1523a101c188eeab9f63a89cef4c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 14:59:35 +0200
Subject: [PATCH 15/30] l 2 repo-sync: sync lassulus-blog from github
---
lass/2configs/repo-sync.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix
index 027f31fe0..eae583a84 100644
--- a/lass/2configs/repo-sync.nix
+++ b/lass/2configs/repo-sync.nix
@@ -92,6 +92,7 @@ in {
(sync-remote "skytraq-datalogger" "https://github.com/makefu/skytraq-datalogger")
(sync-remote "xintmap" "https://github.com/4z3/xintmap")
(sync-remote "realwallpaper" "https://github.com/lassulus/realwallpaper")
+ (sync-remote "lassulus-blog" "https://github.com/lassulus/lassulus-blog")
(sync-remote-silent "nixpkgs" "https://github.com/nixos/nixpkgs")
(sync-retiolum "go")
(sync-retiolum "much")
From a4f71a9ed0d7db878d40c49589ae6803a1e74017 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 15:01:36 +0200
Subject: [PATCH 16/30] l 2 websites domsen: dma@apanowicz.de -> gmx
---
lass/2configs/websites/domsen.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index e05f40d97..3a3e60d39 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -191,7 +191,7 @@ in {
server_set_id = $auth1
'';
internet-aliases = [
- { from = "dominik@apanowicz.de"; to = "dma@ubikmedia.eu"; }
+ { from = "dominik@apanowicz.de"; to = "dominik_a@gmx.de"; }
{ from = "mail@jla-trading.com"; to = "jla-trading"; }
{ from = "testuser@lassul.us"; to = "testuser"; }
];
From d0d3cd8e54a78ea1bf16b2b9de5366d15aad7581 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 15:02:06 +0200
Subject: [PATCH 17/30] l 1 prism: remove obsolete key
---
lass/1systems/prism.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 9fa210d08..8b4f1d7a2 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -144,7 +144,6 @@ in {
users.users.chat.openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHF9tijlMoEevRZCG1AggukxWggfxPHUwg6Ye113ODG6PZ2m98oSmnsjixDy4GfIJjy+8HBbkwS6iH+fsNk86QtAgFNMjBl+9YvEzNRBzcyCqdOkZFvvZvV2oYA7I15il4ln62PDPKjEIS3YPhZPSwc6GhrlsFTnIG56NF/93IhF7R/FA== JuiceSSH"
config.krebs.users.lass-uriel.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ8DJhHAqmdrB2+qkV/OuKjR4QDXUww2TWItyDrs+/6F58WacMozgaZr2goA5JQJ5d19nC3LzYb4yLGguADsp987I6cAu5iXPT5PHKc0eRWDN+AGlpTgUtN1BvVrnJZaUJrR9WlHhFYlkOkzAsB15fKYciVWsyxBCVZ+3oiTEjs2L/sfbrgailWqHIUWDftUnJx8EFmSUVZ2GZWklMcgBo0FJD1i0x5u2dQGguNY+28DzQmKgUMS+xD/uUZvrFIWr9I6CBqhsuHJo8n85BT3B3QdG8ARLt5FKPr5L3My6UjlxOkKrDNLjJFjERFCsuIxnrO3tQhvKXQYlOyskHokocYSdcIq8svghJLA3kmRYIjHjZ4y1BNENsk79WyYNMAi5y+A0Evmu+g3ks/DiW3vI/Sw/D3Uc7ilbImpaoL5qUC4+WZM3J2b3Z1AU5D1QiojpKkB9Qt1bokCm8hrRCG9ZDKqAD6IqmI1ARRjfgA4zKwKUhmMqG4p55YGGVf9OeK0rXgX0Z2InyFXeBaU2aBcDfdKD/65w5MnC9CsJnjELdd4r9u2ugTPExzOo3WUlNuOTB1WoZ8CiY2OVGle/E/MzKUDfGuIFhUsFeX0YcLHPbo+mesISNUPaeadSuMuHE8W4FOeEq51toBo/gkxgjtqqWMOd9SxnDQTMBKq3L/w7nEQ== lass@mors"
];
}
{
From 77c741b8d7631f534ecb63df6da84abb740aa892 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 15:05:19 +0200
Subject: [PATCH 18/30] l 2 exim-smarthost: add feed@lassul.us
---
lass/2configs/exim-smarthost.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index 00a3612fd..d96db359b 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -29,6 +29,7 @@ with config.krebs.lib;
{ from = "finanzamt@lassul.us"; to = lass.mail; }
{ from = "netzclub@lassul.us"; to = lass.mail; }
{ from = "nebenan@lassul.us"; to = lass.mail; }
+ { from = "feed@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From fe8069802d9fbd61a93ea3959622c7d4c7edbaec Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 15:05:33 +0200
Subject: [PATCH 19/30] l 2 exim-smarthost: add art@lassul.us
---
lass/2configs/exim-smarthost.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix
index d96db359b..3ed8be77f 100644
--- a/lass/2configs/exim-smarthost.nix
+++ b/lass/2configs/exim-smarthost.nix
@@ -30,6 +30,7 @@ with config.krebs.lib;
{ from = "netzclub@lassul.us"; to = lass.mail; }
{ from = "nebenan@lassul.us"; to = lass.mail; }
{ from = "feed@lassul.us"; to = lass.mail; }
+ { from = "art@lassul.us"; to = lass.mail; }
];
system-aliases = [
{ from = "mailer-daemon"; to = "postmaster"; }
From 56350bc8ddae4bf4e475ff4817faa158c283be30 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 15:06:02 +0200
Subject: [PATCH 20/30] l 2 nixpkgs: 354fd37 -> b8ede35
---
lass/2configs/nixpkgs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 6e9138b61..73c96e876 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs.git = {
url = https://github.com/nixos/nixpkgs;
- ref = "354fd3728952c229fee4f2924737c601d7ab4725";
+ ref = "b8ede35d2efa96490857c22c751e75d600bea44f";
};
}
From 185c5644dcdd33d24ce7fe41fdf704e8e66a8784 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 15:40:46 +0200
Subject: [PATCH 21/30] m 5 default: remove cups fallback
---
makefu/5pkgs/default.nix | 7 -------
1 file changed, 7 deletions(-)
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 6d020406d..0d375a510 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -2,16 +2,9 @@
let
inherit (pkgs) callPackage;
- nixpkgs-1509 = import (pkgs.fetchFromGitHub {
- owner = "NixOS"; repo = "nixpkgs-channels";
- rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
- sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
- }) {};
-
in
{
nixpkgs.config.packageOverrides = rec {
- cups = nixpkgs-1509.cups;
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
From 8fe9262b5f56052c8376f601ae1fd0bef9c079e3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 18:33:42 +0200
Subject: [PATCH 22/30] s 2: fix obsolete option
---
shared/2configs/default.nix | 4 ++--
shared/2configs/graphite.nix | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/shared/2configs/default.nix b/shared/2configs/default.nix
index 31f786d1d..f5377db94 100644
--- a/shared/2configs/default.nix
+++ b/shared/2configs/default.nix
@@ -11,7 +11,7 @@ with config.krebs.lib;
nixos-config.symlink = "stockholm/${user.name}/1systems/${host.name}.nix";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "9cb194cfa449c43f63185a25c8d10307aea3b358"; # nixos-16.03 @ 2016-08-05
+ ref = "b8ede35d2efa96490857c22c751e75d600bea44f"; # nixos-16.09 @ 2016-10-19
};
secrets.file =
if getEnv "dummy_secrets" == "true"
@@ -28,7 +28,7 @@ with config.krebs.lib;
"http://cache.nixos.org"
"http://hydra.nixos.org"
];
- nix.useChroot = true;
+ nix.useSandbox = true;
nixpkgs.config.packageOverrides = pkgs: {
nano = pkgs.vim;
diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix
index 37c6b09fd..bfa2b2966 100644
--- a/shared/2configs/graphite.nix
+++ b/shared/2configs/graphite.nix
@@ -12,7 +12,7 @@ with config.krebs.lib;
services.graphite = {
web = {
enable = true;
- host = "0.0.0.0";
+ listenAddress = "0.0.0.0";
};
carbon = {
enableCache = true;
From 6cdb8d86893679a6eb32669f796f2cab9acb8bba Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 20:46:54 +0200
Subject: [PATCH 23/30] m 5 devpi: bump
---
makefu/5pkgs/devpi/default.nix | 72 ++++++++++++++++-------
makefu/5pkgs/devpi/py3-fix-encoding.patch | 11 ++++
2 files changed, 62 insertions(+), 21 deletions(-)
create mode 100644 makefu/5pkgs/devpi/py3-fix-encoding.patch
diff --git a/makefu/5pkgs/devpi/default.nix b/makefu/5pkgs/devpi/default.nix
index 3ccc35c79..020b2fdc2 100644
--- a/makefu/5pkgs/devpi/default.nix
+++ b/makefu/5pkgs/devpi/default.nix
@@ -1,33 +1,43 @@
{ pkgs ? import <nixpkgs> {} }:
with pkgs.stdenv.lib;
let
- execnet14 = pkgs.python3Packages.buildPythonPackage rec {
- name = "execnet-1.4.1";
+
+ readme-renderer = pkgs.python3Packages.buildPythonPackage rec {
+ name = "readme_renderer";
+ version = "0.7.0";
src = pkgs.fetchurl {
- url = "https://pypi.python.org/packages/source/e/execnet/${name}.tar.gz";
- sha256 = "1rpk1vyclhg911p3hql0m0nrpq7q7mysxnaaw6vs29cpa6kx8vgn";
+ url = "mirror://pypi/r/readme_renderer/readme_renderer-${version}.tar.gz";
+ sha256 = "1kh9ggff8m9sdgr631vf2n4k97h4z1871vay6qgk3ydy3rd856ak";
};
- doCheck = false; # http://prism:8010/builders/build-all/builds/177/steps/build-vbob/logs/stdio
- propagatedBuildInputs = with pkgs.python3Packages;
- [ setuptools_scm apipkg ];
- meta = {
- description = "rapid multi-Python deployment";
- license = licenses.gpl2;
- };
- };
+ buildInputs = with pkgs.python3Packages; [ pytest ];
+ propagatedBuildInputs = with pkgs.python3Packages; [ docutils bleach pygments ];
+ };
+ devpi-client = pkgs.python3Packages.buildPythonPackage rec {
+ name = "devpi-client";
+ version = "2.7.0";
+
+ src = pkgs.fetchurl {
+ url = "mirror://pypi/d/devpi-client/devpi-client-${version}.tar.gz";
+ sha256 = "0z7vaf0a66n82mz0vx122pbynjvkhp2mjf9lskgyv09y3bxzzpj3";
+ };
+ patches = [ ./py3-fix-encoding.patch ];
+ buildInputs = with pkgs.python3Packages; [ tox check-manifest pkginfo ];
+ propagatedBuildInputs = with pkgs.python3Packages; [ devpi-common py ];
+ };
devpi-web = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-web";
- version = "3.0.0";
+ version = "3.1.1";
+
src = pkgs.fetchurl {
- url = "https://pypi.python.org/packages/source/d/devpi-web/devpi-web-${version}.tar.gz";
- sha256 = "156abxyhj17a8cg38hpyr31qkjb61mb2kggsxij4p4xvy9jwkbwi";
+ url = "mirror://pypi/d/devpi-web/devpi-web-${version}.tar.gz";
+ sha256 = "0bvqv52jmasfm4sdyccwsgvk9a663d3grj7zjw8r9x7xm7l3svqv";
};
propagatedBuildInputs = with pkgs.python3Packages;
- [ devpi-server pyramid_chameleon beautifulsoup4 Whoosh defusedxml ];
+ [ devpi-server pyramid_chameleon beautifulsoup4 defusedxml readme-renderer ];
meta = {
homepage = https://bitbucket.org/hpk42/devpi;
@@ -36,9 +46,29 @@ let
maintainers = with maintainers; [ makefu ];
};
};
+
+ devpi-common-3 = pkgs.python3Packages.buildPythonPackage rec {
+ name = "devpi-common";
+ version = "3.0.1";
+
+ src = pkgs.fetchurl {
+ url = "mirror://pypi/d/devpi-common/devpi-common-${version}.tar.gz";
+ sha256 = "0l3a7iyk596x6pvzg7604lzzi012qszr804fqn6f517zcy1xz23j";
+ };
+
+ propagatedBuildInputs = with pkgs.python3Packages; [ requests2 py ];
+
+ meta = {
+ homepage = https://bitbucket.org/hpk42/devpi;
+ description = "Utilities jointly used by devpi-server and devpi-client";
+ license = licenses.mit;
+ maintainers = with maintainers; [ lewo makefu ];
+ };
+ };
+
devpi-server = pkgs.python3Packages.buildPythonPackage rec {
name = "devpi-server";
- version = "3.0.2";
+ version = "4.1.1";
# original postFixup adds "import sys; sys.argv[0] = 'devpi-server'" to
# `.devpi-server-wrapped` which
@@ -46,12 +76,12 @@ let
postFixup = "";
src = pkgs.fetchurl {
- url = "https://pypi.python.org/packages/source/d/devpi-server/devpi-server-${version}.tar.gz";
- sha256 = "14r1024i3x2pb72khyzvi56sh9smpdswmrbc88xvjxnalmzfn99d";
+ url = "mirror://pypi/d/devpi-server/devpi-server-${version}.tar.gz";
+ sha256 = "1icbn1nw6w0sc5150fr69rlhs0j5ldnnxfzl2qabq2wi0dbar8hf";
};
propagatedBuildInputs = with pkgs.python3Packages;
- [ devpi-common execnet14 itsdangerous pluggy waitress pyramid ];
+ [ devpi-common-3 execnet itsdangerous pluggy waitress pyramid ];
buildInputs = with pkgs.python3Packages; [ pytest beautifulsoup4 webtest ];
meta = {
@@ -63,7 +93,7 @@ let
};
in {
- inherit devpi-server;
+ inherit devpi-server devpi-client;
devpi-web = pkgs.python3.buildEnv.override {
extraLibs = [ devpi-web devpi-server ];
};
diff --git a/makefu/5pkgs/devpi/py3-fix-encoding.patch b/makefu/5pkgs/devpi/py3-fix-encoding.patch
new file mode 100644
index 000000000..e5f940699
--- /dev/null
+++ b/makefu/5pkgs/devpi/py3-fix-encoding.patch
@@ -0,0 +1,11 @@
++++ a/setup.py
+--- b/setup.py
+@@ -26,7 +26,7 @@
+
+
+ def get_changelog():
+- text = open(os.path.join(here, 'CHANGELOG')).read()
++ text = open(os.path.join(here, 'CHANGELOG'),encoding='utf-8').read()
+ header_matches = list(re.finditer('^-+$', text, re.MULTILINE))
+ # until fifth header
+ text = text[:header_matches[5].start()]
From b6fc3af1430e318f781a417e0d7366e1013c0c44 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 21:53:18 +0200
Subject: [PATCH 24/30] m 2 default: bump ref to stable
---
makefu/2configs/default.nix | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index a7c2a983e..56a87d7af 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -21,10 +21,13 @@ with config.krebs.lib;
search-domain = "retiolum";
build = {
user = config.krebs.users.makefu;
- source = let inherit (config.krebs.build) host user; in {
+ source = let
+ inherit (config.krebs.build) host user;
+ ref = "b8ede35"; # stable @ 2016-10-19
+ in {
nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
- { # stable @ 2016-07-20
- git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; };
+ {
+ git = { url = https://github.com/nixos/nixpkgs; inherit ref; };
}
else
# TODO use http, once it is implemented
@@ -32,7 +35,7 @@ with config.krebs.lib;
## prepare so we do not have to wait for rsync:
## cd /var/src; curl https://github.com/nixos/nixpkgs/tarball/125ffff -L | tar zx && mv NixOS-nixpkgs-125ffff nixpkgs
- { file = "/home/makefu/store/125ffff";};
+ { file = "/home/makefu/store/${ref}";};
secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/makefu/6tests/data/secrets>
From a2605f25ee48daaf883c6823564686fa49bff0f3 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 23:47:00 +0200
Subject: [PATCH 25/30] l 1 uriel: set defaultLocale to de_DE
---
lass/1systems/uriel.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index aa5286ae0..acc7348e8 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -9,6 +9,7 @@ with config.krebs.lib;
../2configs/exim-retiolum.nix
{
# locke config
+ i18n.defaultLocale ="de_DE.UTF-8";
time.timeZone = "Europe/Berlin";
services.xserver.enable = true;
users.users.locke = {
From bbaee1993c9786bf01f15c34d0d8993842712477 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 23:47:27 +0200
Subject: [PATCH 26/30] l 1 uriel: add pavucontrol to pkgs
---
lass/1systems/uriel.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index acc7348e8..1068da114 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -29,6 +29,7 @@ with config.krebs.lib;
systemWide = true;
};
environment.systemPackages = with pkgs; [
+ pavucontrol
firefox
hexchat
networkmanagerapplet
From c7be88d76a359379d8d75126a746fd3772aa5036 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Wed, 19 Oct 2016 23:47:48 +0200
Subject: [PATCH 27/30] l 1 uriel: gummiboot -> systemd-boot
---
lass/1systems/uriel.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lass/1systems/uriel.nix b/lass/1systems/uriel.nix
index 1068da114..e1417c83d 100644
--- a/lass/1systems/uriel.nix
+++ b/lass/1systems/uriel.nix
@@ -53,8 +53,8 @@ with config.krebs.lib;
#loader.grub.version = 2;
#loader.grub.device = "/dev/sda";
- loader.gummiboot.enable = true;
- loader.gummiboot.timeout = 5;
+ loader.systemd-boot.enable = true;
+ loader.timeout = 5;
initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ];
initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ];
From 789dbe2b2657760a5cebcf320f6807847d4fba64 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 20 Oct 2016 08:49:22 +0200
Subject: [PATCH 28/30] m 5 go: buildNodePackage via callPackage
---
krebs/5pkgs/go/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/5pkgs/go/default.nix b/krebs/5pkgs/go/default.nix
index fb8b65ea1..2871e5a99 100644
--- a/krebs/5pkgs/go/default.nix
+++ b/krebs/5pkgs/go/default.nix
@@ -1,9 +1,9 @@
-{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }:
+{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }:
with lib;
let
- np = nodePackages.override {
+ np = (callPackage <nixpkgs/pkgs/top-level/node-packages.nix>) {
generated = ./packages.nix;
self = np;
};
@@ -18,7 +18,7 @@ let
ignoreCollisions = true;
};
-in nodePackages.buildNodePackage {
+in np.buildNodePackage {
name = "go";
src = fetchgit {
From bb2d4b10d3a1a835711e6b4fa459f9b0aaba4a88 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 09:13:15 +0200
Subject: [PATCH 29/30] m 5 newsbot-js: buildNodePackage via callPackage
---
krebs/5pkgs/newsbot-js/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/5pkgs/newsbot-js/default.nix b/krebs/5pkgs/newsbot-js/default.nix
index 9e4a51306..b52454ca4 100644
--- a/krebs/5pkgs/newsbot-js/default.nix
+++ b/krebs/5pkgs/newsbot-js/default.nix
@@ -1,9 +1,9 @@
-{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodePackages, nodejs }:
+{ stdenv, makeWrapper, callPackage, lib, buildEnv, fetchgit, nodePackages, nodejs }:
with lib;
let
- np = nodePackages.override {
+ np = (callPackage <nixpkgs/pkgs/top-level/node-packages.nix>) {
generated = ./packages.nix;
self = np;
};
@@ -21,7 +21,7 @@ let
ignoreCollisions = true;
};
-in nodePackages.buildNodePackage {
+in np.buildNodePackage {
name = "newsbot-js";
src = fetchgit {
From 0f2a9778315c3126794c0f1ad63710d38e7a67f7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 20 Oct 2016 09:48:42 +0200
Subject: [PATCH 30/30] remove haskellPackges.megaparsec
---
krebs/5pkgs/haskell-overrides/megaparsec.nix | 20 --------------------
lass/2configs/buildbot-standalone.nix | 1 -
2 files changed, 21 deletions(-)
delete mode 100644 krebs/5pkgs/haskell-overrides/megaparsec.nix
diff --git a/krebs/5pkgs/haskell-overrides/megaparsec.nix b/krebs/5pkgs/haskell-overrides/megaparsec.nix
deleted file mode 100644
index 5ade6006e..000000000
--- a/krebs/5pkgs/haskell-overrides/megaparsec.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ mkDerivation, base, bytestring, fetchzip, HUnit, mtl, QuickCheck
-, stdenv, test-framework, test-framework-hunit
-, test-framework-quickcheck2, text, transformers
-}:
-mkDerivation {
- pname = "megaparsec";
- version = "4.1.0";
- src = fetchzip {
- url = "https://hackage.haskell.org/package/megaparsec-4.1.0/megaparsec-4.1.0.tar.gz";
- sha256 = "1a1ka53a3r91lwnlvzaa8nyk1dxvfd1ij1i5x5vp83q2r9z9dcmi";
- };
- libraryHaskellDepends = [ base bytestring mtl text transformers ];
- testHaskellDepends = [
- base HUnit mtl QuickCheck test-framework test-framework-hunit
- test-framework-quickcheck2 transformers
- ];
- homepage = "https://github.com/mrkkrp/megaparsec";
- description = "Monadic parser combinators";
- license = stdenv.lib.licenses.bsd3;
-}
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix
index 2fc3d3732..628fdf61f 100644
--- a/lass/2configs/buildbot-standalone.nix
+++ b/lass/2configs/buildbot-standalone.nix
@@ -172,7 +172,6 @@ in {
"hashPassword",
"haskellPackages.blessings",
"haskellPackages.email-header",
- "haskellPackages.megaparsec",
"haskellPackages.scanner",
"haskellPackages.xmonad-stockholm",
"krebspaste",