From b86daca11669019d3c2218e623bfb57b5a8033d7 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 13 Jan 2016 12:20:01 +0100
Subject: [PATCH 01/22] ma 5 awesomecfg/full: remove volume field
---
makefu/5pkgs/awesomecfg/full.cfg | 3 ---
1 file changed, 3 deletions(-)
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index 15711a5d5..c1b58aa90 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -38,8 +38,6 @@ do
end)
end
-- }}}
-volwidget = wibox.widget.textbox()
-vicious.register(volwidget, vicious.widgets.volume, " $1% ", 2, "Master")
-- {{{ Mails widget type
local function worker(format,warg)
@@ -258,7 +256,6 @@ for s = 1, screen.count() do
local right_layout = wibox.layout.fixed.horizontal()
right_layout:add(mailwidget)
if s == 1 then right_layout:add(wibox.widget.systray()) end
- right_layout:add(volwidget)
right_layout:add(cpuwidget)
right_layout:add(batwidget)
right_layout:add(mytextclock)
From 3bb965c3f071f30a2ac381fb18cb2da5603193a3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 16 Jan 2016 01:36:58 +0100
Subject: [PATCH 02/22] k 5 lentil: haskellng -> haskell
---
krebs/5pkgs/lentil/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/5pkgs/lentil/default.nix b/krebs/5pkgs/lentil/default.nix
index fc9b4fd31..8a57a77fe 100644
--- a/krebs/5pkgs/lentil/default.nix
+++ b/krebs/5pkgs/lentil/default.nix
@@ -1,6 +1,6 @@
{ pkgs, ... }:
-(pkgs.haskellngPackages.override {
+(pkgs.haskellPackages.override {
overrides = self: super: {
lentil = super.lentil.override {
mkDerivation = (attrs: self.mkDerivation (attrs // {
From 6ca6e41a7998ca46e2f9d96e31255216a38a83ea Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 18 Jan 2016 12:53:07 +0100
Subject: [PATCH 03/22] k 5 forticlientsslvpn: fix license
---
krebs/5pkgs/fortclientsslvpn/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix
index 720d4004f..e1c813479 100644
--- a/krebs/5pkgs/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/fortclientsslvpn/default.nix
@@ -81,7 +81,7 @@ stdenv.mkDerivation rec {
meta = {
homepage = http://www.fortinet.com;
description = "Forticlient SSL-VPN client";
- license = lib.licenses.nonfree;
+ license = lib.licenses.unfree;
maintainers = [ lib.maintainers.makefu ];
};
}
From 0fe61d5d41aae9febdcf9dd507c67819868c8d32 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 18 Jan 2016 12:54:03 +0100
Subject: [PATCH 04/22] ma 1 vbob: remove unstable
---
makefu/1systems/vbob.nix | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index b8c02cb67..d95362919 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -2,9 +2,7 @@
#
#
{ lib, config, pkgs, ... }:
-let
- pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
-in {
+{
krebs.build.host = config.krebs.hosts.vbob;
krebs.build.target = "root@10.10.10.220";
imports =
@@ -15,14 +13,13 @@ in {
# environment
];
+ nixpkgs.config.allowUnfree = true;
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
- buildbot = pkgs-unst.buildbot;
- buildbot-slave = pkgs-unst.buildbot-slave;
};
makefu.buildbot.master = {
- enable = true;
+ enable = false;
irc = {
enable = true;
server = "cd.retiolum";
@@ -30,8 +27,9 @@ in {
allowForce = true;
};
};
+ # services.logstash.enable = true;
makefu.buildbot.slave = {
- enable = true;
+ enable = false;
masterhost = "localhost";
username = "testslave";
password = "krebspass";
@@ -41,8 +39,8 @@ in {
krebs.build.source.git.nixpkgs = {
#url = https://github.com/nixos/nixpkgs;
- # HTTP Everywhere
- rev = "a3974e";
+ # HTTP Everywhere + libredir
+ rev = "8239ac6";
};
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
@@ -56,9 +54,12 @@ in {
};
};
environment.systemPackages = with pkgs;[
+ fortclientsslvpn
buildbot
buildbot-slave
get
+ genid
+ logstash
];
networking.firewall.allowedTCPPorts = [
From 18ec8f67af2d36d420b0f3b79852cc9bd8de7f3f Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 18 Jan 2016 16:59:44 +0100
Subject: [PATCH 05/22] s 2 base: use current unstable
---
shared/2configs/base.nix | 2 +-
shared/2configs/buildbot-standalone.nix | 9 ++-------
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
index 4d509d7a6..5e6072661 100644
--- a/shared/2configs/base.nix
+++ b/shared/2configs/base.nix
@@ -18,7 +18,7 @@ with lib;
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
+ rev = "d0e3cca";
target-path = "/var/src/nixpkgs";
};
dir.secrets = {
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
index 3275189a5..2ea19e8aa 100644
--- a/shared/2configs/buildbot-standalone.nix
+++ b/shared/2configs/buildbot-standalone.nix
@@ -1,11 +1,6 @@
{ lib, config, pkgs, ... }:
-let
- pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
-in {
- nixpkgs.config.packageOverrides = pkgs: {
- buildbot = pkgs-unst.buildbot;
- buildbot-slave = pkgs-unst.buildbot-slave;
- };
+
+{
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
krebs.buildbot.master = {
secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
From a3d2a86e38c4c9cf710be041e94791f046493f01 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 18 Jan 2016 17:22:14 +0100
Subject: [PATCH 06/22] k 5 test: add cac panel crt
---
.../5pkgs/test/infest-cac-centos7/default.nix | 3 +-
.../panel.cloudatcost.com.crt | 88 +++++++++++++++++++
2 files changed, 90 insertions(+), 1 deletion(-)
create mode 100644 krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index 7f2e3f231..b4e1e3987 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -28,7 +28,8 @@ stdenv.mkDerivation rec {
cp ${src} $out/bin/${shortname}
chmod +x $out/bin/${shortname}
wrapProgram $out/bin/${shortname} \
- --prefix PATH : ${path}
+ --prefix PATH : ${path} \
+ --set SSL_CERT_FILE ${./panel.cloudatcost.com.crt}
'';
meta = with stdenv.lib; {
homepage = http://krebsco.de;
diff --git a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt b/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
new file mode 100644
index 000000000..9d02b6bcf
--- /dev/null
+++ b/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
@@ -0,0 +1,88 @@
+-----BEGIN CERTIFICATE-----
+MIIFWzCCBEOgAwIBAgIQXWIKGWRZf838+wW1zLdK0DANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlk
+YXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMjMwMDAwMDBaFw0xODEwMjIyMzU5NTlaMF8x
+ITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEeMBwGA1UECxMVRXNzZW50aWFsU1NM
+IFdpbGRjYXJkMRowGAYDVQQDDBEqLmNsb3VkYXRjb3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAM9CyL8uUPoE3zYbvnwtUW69h0f+rkND1/Jsi15EEBFPQqiYCmPiSaJLn6JB
+Hri34t4lArGrPA6K01x18LJqFoYDy5ya37J8Bd4jF3cijWe/IQEWAw0r2ufhd4LTNMvEyJIECida
+LMhBxpORRdijmvEXCf9D0OEGBV3qfizcCH7+VPordCY3y9fwgbk0wAB1lAk29aRosK3gZJceu57Q
+YkEKjee6pZ473+xpCjaeTBUlPuGA95A2jPf8c+QSPegczOd9Hwo4JqAJSjTzzuHiSbEhd+8JIC/P
+6GYVOvwnNqCPuuXsoBy8xBQ8lHuZcWd5sh4MDRvm5YxVFhYN6kOgf1ECAwEAAaOCAd8wggHbMB8G
+A1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBSC9dSGoIEPHBTUQJjOxxPg
+lhRLPDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwTwYDVR0gBEgwRjA6BgsrBgEEAbIxAQICBzArMCkGCCsGAQUFBwIBFh1odHRwczov
+L3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgEwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDov
+L2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB
+LmNybDCBhQYIKwYBBQUHAQEEeTB3ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LmNvbW9kb2NhLmNv
+bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzAB
+hhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wLQYDVR0RBCYwJIIRKi5jbG91ZGF0Y29zdC5jb22C
+D2Nsb3VkYXRjb3N0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAPfUXBGDYOQnJuykm8I9cB2rBFVvt
+HgzKIM+SXRz/jRt4HN/fsQkq2mI8SUPigWbtrtL1yim0hHdTR4m6vn7eHqj8erjjEJy16OfyRwp8
+LfjjHvcPxAxiRcFdv+8Pu/o0umqtxmRn4enyAZWhqAp3TBjkJPkJgh/toJqGpE7dN1Jw1AF75rrA
+DXS8J5fcJYZQydJce+kacMHLh4C0Q37NgZKPfM+9jsygqY3Fhqh5GIt/CXNx2vlDPQP87QEtK7y7
+dCGd/MwrdKkUvOpsmqWiO1+02DesZSdIow/YW+8cUhPvYMqpM9zKbqVdRj3FJK56+/xNfNX5tiU1
+1VE7rIcEbw==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTQwMjEyMDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRp
+b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI7CAhnh
+oFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28ShbXcDow+G+eMGnD4LgYqbSRutA776S9uM
+IO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4Tg
+llfQcBhglo/uLQeTnaG6ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh
+7lgUq/51UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0nc13c
+RTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQYMBaAFLuvfgI9+qbx
+PISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz30O0Oija5zAOBgNVHQ8BAf8EBAMC
+AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYD
+VR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNv
+bW9kb2NhLmNvbS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
+AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRy
+dXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcN
+AQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx
+3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsI
+tG8kO3KdY3RYPBpsP0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdo
+ltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js
+9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxGV/Iz2tDIY+3GH5QFlkoa
+kdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBm
+GqW5prU5wfWYQ//u+aen/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODc
+QgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje
+3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf+AZx
+AeKCINT+b72x
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
+-----END CERTIFICATE-----
From b31d847a7858f143d1f783efa9230c9aac60c501 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 18 Jan 2016 17:51:42 +0100
Subject: [PATCH 07/22] k 5 cac: temporarily disable tasks from update
---
krebs/5pkgs/cac/default.nix | 3 ++-
krebs/5pkgs/cac/disable-tasks.patch | 10 ++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
create mode 100644 krebs/5pkgs/cac/disable-tasks.patch
diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix
index 4d39ce2fb..970cd1993 100644
--- a/krebs/5pkgs/cac/default.nix
+++ b/krebs/5pkgs/cac/default.nix
@@ -11,9 +11,10 @@ stdenv.mkDerivation {
phases = [
"unpackPhase"
+ "patchPhase"
"installPhase"
];
-
+ patches = [ ./disable-tasks.patch ];
installPhase =
let
path = stdenv.lib.makeSearchPath "bin" [
diff --git a/krebs/5pkgs/cac/disable-tasks.patch b/krebs/5pkgs/cac/disable-tasks.patch
new file mode 100644
index 000000000..cbff567e2
--- /dev/null
+++ b/krebs/5pkgs/cac/disable-tasks.patch
@@ -0,0 +1,10 @@
+--- cac-orig/cac 2016-01-18 17:48:24.492284682 +0100
++++ cac/cac 2016-01-18 17:48:43.529736771 +0100
+@@ -121,7 +121,6 @@
+ for x in \
+ resources \
+ servers \
+- tasks \
+ templates \
+ # This line intentionally left blank.
+ do
From 818ea249f08846a1b5efdf4cb09ba94e07e44e74 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 19 Jan 2016 20:04:29 +0100
Subject: [PATCH 08/22] ma 2 git/cgit: add init-stockholm repo
---
makefu/2configs/git/cgit-retiolum.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 35bb169cf..7d85eb8d1 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -16,6 +16,9 @@ let
desc = "Tinc Advanced Graph Generation";
};
cac = { };
+ init-stockholm = {
+ desc = "Init stuff for stockholm";
+ };
};
priv-repos = mapAttrs make-priv-repo {
From 1b39a26933966c5da8316f81ae67ff88e56d348d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 19 Jan 2016 20:37:46 +0100
Subject: [PATCH 09/22] ma 2 tinc-basic-retiolum: remove obsolete hosts path -
corresponds with defaults
---
makefu/2configs/tinc-basic-retiolum.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix
index 2abf4f188..f49c596fc 100644
--- a/makefu/2configs/tinc-basic-retiolum.nix
+++ b/makefu/2configs/tinc-basic-retiolum.nix
@@ -4,7 +4,6 @@ with lib;
{
krebs.retiolum = {
enable = true;
- hosts = ../../krebs/Zhosts;
connectTo = [
"gum"
"pigstarter"
From 93c217475155f4a7770607b854da9c95ff7b336c Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 13 Jan 2016 12:20:01 +0100
Subject: [PATCH 10/22] ma 5 awesomecfg/full: remove volume field
---
makefu/5pkgs/awesomecfg/full.cfg | 3 ---
1 file changed, 3 deletions(-)
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index 15711a5d5..c1b58aa90 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -38,8 +38,6 @@ do
end)
end
-- }}}
-volwidget = wibox.widget.textbox()
-vicious.register(volwidget, vicious.widgets.volume, " $1% ", 2, "Master")
-- {{{ Mails widget type
local function worker(format,warg)
@@ -258,7 +256,6 @@ for s = 1, screen.count() do
local right_layout = wibox.layout.fixed.horizontal()
right_layout:add(mailwidget)
if s == 1 then right_layout:add(wibox.widget.systray()) end
- right_layout:add(volwidget)
right_layout:add(cpuwidget)
right_layout:add(batwidget)
right_layout:add(mytextclock)
From 0c290c98f00b11c8239fea6450667323137c6321 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 18 Jan 2016 12:53:07 +0100
Subject: [PATCH 11/22] k 5 forticlientsslvpn: fix license
---
krebs/5pkgs/fortclientsslvpn/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix
index 720d4004f..e1c813479 100644
--- a/krebs/5pkgs/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/fortclientsslvpn/default.nix
@@ -81,7 +81,7 @@ stdenv.mkDerivation rec {
meta = {
homepage = http://www.fortinet.com;
description = "Forticlient SSL-VPN client";
- license = lib.licenses.nonfree;
+ license = lib.licenses.unfree;
maintainers = [ lib.maintainers.makefu ];
};
}
From fbe826ba2ae916b8f8fab1293e302e22a5d0b579 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 18 Jan 2016 12:54:03 +0100
Subject: [PATCH 12/22] ma 1 vbob: remove unstable
---
makefu/1systems/vbob.nix | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index b8c02cb67..d95362919 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -2,9 +2,7 @@
#
#
{ lib, config, pkgs, ... }:
-let
- pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
-in {
+{
krebs.build.host = config.krebs.hosts.vbob;
krebs.build.target = "root@10.10.10.220";
imports =
@@ -15,14 +13,13 @@ in {
# environment
];
+ nixpkgs.config.allowUnfree = true;
nixpkgs.config.packageOverrides = pkgs: {
tinc = pkgs.tinc_pre;
- buildbot = pkgs-unst.buildbot;
- buildbot-slave = pkgs-unst.buildbot-slave;
};
makefu.buildbot.master = {
- enable = true;
+ enable = false;
irc = {
enable = true;
server = "cd.retiolum";
@@ -30,8 +27,9 @@ in {
allowForce = true;
};
};
+ # services.logstash.enable = true;
makefu.buildbot.slave = {
- enable = true;
+ enable = false;
masterhost = "localhost";
username = "testslave";
password = "krebspass";
@@ -41,8 +39,8 @@ in {
krebs.build.source.git.nixpkgs = {
#url = https://github.com/nixos/nixpkgs;
- # HTTP Everywhere
- rev = "a3974e";
+ # HTTP Everywhere + libredir
+ rev = "8239ac6";
};
fileSystems."/nix" = {
device ="/dev/disk/by-label/nixstore";
@@ -56,9 +54,12 @@ in {
};
};
environment.systemPackages = with pkgs;[
+ fortclientsslvpn
buildbot
buildbot-slave
get
+ genid
+ logstash
];
networking.firewall.allowedTCPPorts = [
From 64a69bd1537a2000208bd3bbb5f1be6be08220f6 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 18 Jan 2016 16:59:44 +0100
Subject: [PATCH 13/22] s 2 base: use current unstable
---
shared/2configs/base.nix | 2 +-
shared/2configs/buildbot-standalone.nix | 9 ++-------
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
index 4d509d7a6..5e6072661 100644
--- a/shared/2configs/base.nix
+++ b/shared/2configs/base.nix
@@ -18,7 +18,7 @@ with lib;
krebs.build.source = {
git.nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
- rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
+ rev = "d0e3cca";
target-path = "/var/src/nixpkgs";
};
dir.secrets = {
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
index 3275189a5..2ea19e8aa 100644
--- a/shared/2configs/buildbot-standalone.nix
+++ b/shared/2configs/buildbot-standalone.nix
@@ -1,11 +1,6 @@
{ lib, config, pkgs, ... }:
-let
- pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
-in {
- nixpkgs.config.packageOverrides = pkgs: {
- buildbot = pkgs-unst.buildbot;
- buildbot-slave = pkgs-unst.buildbot-slave;
- };
+
+{
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
krebs.buildbot.master = {
secrets = [ "retiolum-ci.rsa_key.priv" "cac.json" ];
From 440e78fc9946d3abf74ae1eeeea1532e84fddec6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 19 Jan 2016 20:26:38 +0100
Subject: [PATCH 14/22] makefu: init wbob
---
krebs/3modules/makefu/default.nix | 24 ++++++++++++++++++++++++
krebs/Zhosts/wbob | 10 ++++++++++
makefu/1systems/wbob.nix | 19 +++++++++++++++++++
3 files changed, 53 insertions(+)
create mode 100644 krebs/Zhosts/wbob
create mode 100644 makefu/1systems/wbob.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 31516d591..38e773b53 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -297,6 +297,30 @@ with lib;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch";
};
+ wbob = rec {
+ cores = 1;
+ dc = "none";
+ nets = {
+ retiolm = {
+ addrs4 = ["10.243.214.15/32"];
+ addrs6 = ["42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128"];
+ aliases = [
+ "wbob.retiolum"
+ ];
+ tinc.pubkey = ''
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
+QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
+cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
+khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
+rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
+TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+-----END RSA PUBLIC KEY-----
+'';
+ };
+ };
+ };
+
gum = rec {
cores = 1;
dc = "online.net"; #root-server
diff --git a/krebs/Zhosts/wbob b/krebs/Zhosts/wbob
new file mode 100644
index 000000000..829a59110
--- /dev/null
+++ b/krebs/Zhosts/wbob
@@ -0,0 +1,10 @@
+Subnet = 10.243.214.15/32
+Subnet = 42:5a02:2c30:c1b1:3f2e:7c19:2496:a732/128
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAqLTJx91OdR0FlJAc2JGh+AJde95oMzzh8o36JBFpsaN7styNfD3e
+QGM/bDXFjk4ieIe5At0Z63P2KWxRp3cz8LWKJsn5cGsX2074YWMAGmKX+ZZJNlal
+cJ994xX+8MJ6L2tVKpY7Ace7gqDN+l650PrEzV2SLisIqOdxoBlbAupdwHieUBt8
+khm4NLNUCxPYUx2RtHn4iGdgSgUD/SnyHEFdyDA17lWAGfEi4yFFjFMYQce/TFrs
+rQV9t5hGaofu483Epo6mEfcBcsR4GIHI4a4WKYANsIyvFvzyGFEHOMusG6nRRqE9
+TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
new file mode 100644
index 000000000..d6916f006
--- /dev/null
+++ b/makefu/1systems/wbob.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/main-laptop.nix
+ ];
+ krebs = {
+ enable = true;
+ retiolum.enable = true;
+ build.host = config.krebs.hosts.wbob;
+ };
+ boot.loader.grub.device = "/dev/sda";
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ fileSystems."/" = {
+ device = "/dev/sda1";
+ fsType = "ext4";
+ };
+}
From 462921984914029b87a2c3dc7b7a9f6a658eb8fe Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 19 Jan 2016 22:39:43 +0100
Subject: [PATCH 15/22] s 2 buildbot: add show-trace
---
shared/2configs/buildbot-standalone.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/shared/2configs/buildbot-standalone.nix b/shared/2configs/buildbot-standalone.nix
index 2ea19e8aa..c614bd3c1 100644
--- a/shared/2configs/buildbot-standalone.nix
+++ b/shared/2configs/buildbot-standalone.nix
@@ -84,6 +84,7 @@
nix-instantiate --eval -A \
users.shared.test-all-krebs-modules.system \
-I stockholm=. \
+ --show-trace \
-I secrets=. '<stockholm>' \
--argstr current-date lol \
--argstr current-user-name shared \
@@ -96,6 +97,7 @@
users.shared.test-minimal-deploy.system \
-I stockholm=. \
-I secrets=. '<stockholm>' \
+ --show-trace \
--argstr current-date lol \
--argstr current-user-name shared \
--argstr current-host-name lol \
From ed4e0241d5aba830f31a7271435c93c7299b884b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 19 Jan 2016 23:45:12 +0100
Subject: [PATCH 16/22] k 5 acng: bump to 0.8.8
---
krebs/5pkgs/apt-cacher-ng/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/apt-cacher-ng/default.nix b/krebs/5pkgs/apt-cacher-ng/default.nix
index f253cdba0..f71d17c54 100644
--- a/krebs/5pkgs/apt-cacher-ng/default.nix
+++ b/krebs/5pkgs/apt-cacher-ng/default.nix
@@ -2,11 +2,11 @@
stdenv.mkDerivation rec {
name = "apt-cacher-ng-${version}";
- version = "0.8.6";
+ version = "0.8.8";
src = fetchurl {
url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
- sha256 = "0044dfks8djl11fs28jj8894i4rq424xix3d3fkvzz2i6lnp8nr5";
+ sha256 = "0n7yy4h8g7j0g94xngbywmfhrkg9xl3j2c4wzrjknfwvxmqgjivq";
};
NIX_LDFLAGS = "-lpthread";
From 69daaa8f3477cdfbe8d0b508c12ee5d976586e11 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 23 Jan 2016 00:22:56 +0100
Subject: [PATCH 17/22] ma 2 urlwatch: add acng
---
makefu/2configs/urlwatch.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index a83279ba2..f869f5a78 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -29,6 +29,7 @@
https://pypi.python.org/simple/bepasty/
https://pypi.python.org/simple/xstatic/
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
+ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
];
};
}
From 19f599c559798bbc0969c4ff6c677db68a5cc557 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 23 Jan 2016 00:27:33 +0100
Subject: [PATCH 18/22] s 1 wolf: add grafana service
---
shared/1systems/wolf.nix | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index f05356f0f..8cf5be71c 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -12,10 +12,21 @@ in
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
../2configs/buildbot-standalone.nix
- ../2configs/graphite.nix
+ # ../2configs/graphite.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
+
+ services.grafana = {
+ enable = true;
+ addr = "0.0.0.0";
+ extraOptions = { "AUTH_ANONYMOUS_ENABLED" = "true"; };
+ users.allowSignUp = true;
+ users.allowOrgCreate = true;
+ users.autoAssignOrg = true;
+ security = import <secrets/grafana_security.nix>;
+ };
+
nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
networking = {
From 43751d79e81ac6b6e75da3f449ed7e71254286ad Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 23 Jan 2016 00:27:33 +0100
Subject: [PATCH 19/22] s 1 wolf: add grafana service
---
shared/1systems/wolf.nix | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index f05356f0f..8cf5be71c 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -12,10 +12,21 @@ in
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
../2configs/buildbot-standalone.nix
- ../2configs/graphite.nix
+ # ../2configs/graphite.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
+
+ services.grafana = {
+ enable = true;
+ addr = "0.0.0.0";
+ extraOptions = { "AUTH_ANONYMOUS_ENABLED" = "true"; };
+ users.allowSignUp = true;
+ users.allowOrgCreate = true;
+ users.autoAssignOrg = true;
+ security = import <secrets/grafana_security.nix>;
+ };
+
nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
networking = {
From d1a371f48b95140279528c2a2ff619d39c177a7c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Jan 2016 22:00:50 +0100
Subject: [PATCH 20/22] ma 1 omo: add samba share
---
makefu/1systems/omo.nix | 49 ++++++++++++++++++++++++++++++++++++-----
1 file changed, 44 insertions(+), 5 deletions(-)
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 552af4e4f..9162f2ed4 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -32,9 +32,35 @@ in {
../3modules
];
# services.openssh.allowSFTP = false;
- krebs.build.host = config.krebs.hosts.omo;
krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+ # samba share /media/crypt1/share
+ users.extraUsers.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/var/empty";
+ };
+ services.samba = {
+ enable = true;
+ shares = {
+ winshare = {
+ path = "/media/crypt1/share";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
@@ -97,9 +123,22 @@ in {
extraModulePackages = [ ];
};
- networking.firewall.allowedUDPPorts = [ 655 ];
- # 8080: sabnzbd
- networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+ networking.firewall.allowedUDPPorts = [
+ # tinc
+ 655
+ # samba
+ 137 138
+ ];
+ networking.firewall.allowedTCPPorts = [
+ # nginx
+ 80
+ # tinc
+ 655
+ # samba
+ 445 139
+ # sabnzbd
+ 8080
+ ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
@@ -107,5 +146,5 @@ in {
zramSwap.enable = true;
zramSwap.numDevices = 2;
-
+ krebs.build.host = config.krebs.hosts.omo;
}
From f6a3c1f3d6b013641b077baf8ddb3a78e75d8b95 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 27 Jan 2016 22:20:32 +0100
Subject: [PATCH 21/22] ma 1 omo: cleanup, fix firewalling
---
makefu/1systems/omo.nix | 29 +++++++++++------------------
1 file changed, 11 insertions(+), 18 deletions(-)
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 9162f2ed4..19183fea8 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -31,11 +31,19 @@ in {
../2configs/nginx/omo-share.nix
../3modules
];
+ networking.firewall.trustedInterfaces = [ "enp3s0" ];
+ # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
+ # tcp:80 - nginx for sharing files
+ # tcp:655 udp:655 - tinc
+ # tcp:8080 - sabnzbd
+ networking.firewall.allowedUDPPorts = [ 655 ];
+ networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+
# services.openssh.allowSFTP = false;
krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
# samba share /media/crypt1/share
- users.extraUsers.smbguest = {
+ users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
@@ -61,6 +69,7 @@ in {
disable spoolss = yes
'';
};
+
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
@@ -93,6 +102,7 @@ in {
${pkgs.hdparm}/sbin/hdparm -y ${disk}
'') allDisks);
+ # crypto unlocking
boot = {
initrd.luks = {
devices = let
@@ -123,23 +133,6 @@ in {
extraModulePackages = [ ];
};
- networking.firewall.allowedUDPPorts = [
- # tinc
- 655
- # samba
- 137 138
- ];
- networking.firewall.allowedTCPPorts = [
- # nginx
- 80
- # tinc
- 655
- # samba
- 445 139
- # sabnzbd
- 8080
- ];
-
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
From b38a821c31de84af6567073bd65ac76c5fc02b5d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Jan 2016 16:00:46 +0100
Subject: [PATCH 22/22] k 5/test/infest-cac: add ca-bundle for python
---
krebs/5pkgs/test/infest-cac-centos7/default.nix | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index b4e1e3987..886e250e2 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -29,7 +29,8 @@ stdenv.mkDerivation rec {
chmod +x $out/bin/${shortname}
wrapProgram $out/bin/${shortname} \
--prefix PATH : ${path} \
- --set SSL_CERT_FILE ${./panel.cloudatcost.com.crt}
+ --set SSL_CERT_FILE ${./panel.cloudatcost.com.crt} \
+ --set REQUESTS_CA_BUNDLE ${./panel.cloudatcost.com.crt}
'';
meta = with stdenv.lib; {
homepage = http://krebsco.de;