From c9032105eb4abe2eecbeeb31df7b62ed082bb6fc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Nov 2015 14:04:25 +0100
Subject: [PATCH 001/142] Reaktor: bump version
---
krebs/5pkgs/Reaktor/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/Reaktor/default.nix b/krebs/5pkgs/Reaktor/default.nix
index c38aa6423..c4a362757 100644
--- a/krebs/5pkgs/Reaktor/default.nix
+++ b/krebs/5pkgs/Reaktor/default.nix
@@ -2,14 +2,14 @@
python3Packages.buildPythonPackage rec {
name = "Reaktor-${version}";
- version = "0.5.0";
+ version = "0.5.1";
propagatedBuildInputs = with pkgs;[
python3Packages.docopt
python3Packages.requests2
];
src = fetchurl {
url = "https://pypi.python.org/packages/source/R/Reaktor/Reaktor-${version}.tar.gz";
- sha256 = "1npag52xmnyqv56z0anyf6xf00q0smfzsippal0xdbxrfj7s8qim";
+ sha256 = "0dn9r0cyxi1sji2pnybsrc4hhaaq7hmf235nlgkrxqlsdb7y6n6n";
};
meta = {
homepage = http://krebsco.de/;
From 2a8485d852539c80467cb2cca33fa2bec9bf30b3 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 9 Nov 2015 02:26:12 +0100
Subject: [PATCH 002/142] l 2 baseX: add zathura to pkgs
---
lass/2configs/baseX.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index 3be3676aa..e373c3d9a 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -34,6 +34,7 @@ in {
sxiv
much
push
+ zathura
#window manager stuff
haskellPackages.xmobar
From cea5826d1f2cd81b2effbe7324b05cefac160fc6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 9 Nov 2015 02:27:22 +0100
Subject: [PATCH 003/142] l 1 prism: activate bitlbee
---
lass/1systems/prism.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 87334c3c2..8707c04c1 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -10,6 +10,7 @@ in {
../2configs/downloading.nix
../2configs/git.nix
../2configs/ts3.nix
+ ../2configs/bitlbee.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
From 870b379dd9ed6151673d6acaaf3ed2c28454a0c7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 9 Nov 2015 02:33:30 +0100
Subject: [PATCH 004/142] l 1 prism: add stuff for juhulian
---
lass/1systems/prism.nix | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 8707c04c1..ff5fad75f 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -88,6 +88,25 @@ in {
{
nixpkgs.config.allowUnfree = true;
}
+ {
+ #stuff for juhulian
+ users.extraUsers.juhulian = {
+ name = "juhulian";
+ uid = 1339;
+ home = "/home/juhulian";
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ extraGroups = [
+ ];
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian"
+ ];
+ };
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From c1565290601cd15168f08db8fd4362ae4c696070 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 9 Nov 2015 02:34:37 +0100
Subject: [PATCH 005/142] l 2 mc: fix image + pdf integration
---
lass/2configs/mc.nix | 28 ++++++++--------------------
1 file changed, 8 insertions(+), 20 deletions(-)
diff --git a/lass/2configs/mc.nix b/lass/2configs/mc.nix
index 87880ed00..b7d5a4ceb 100644
--- a/lass/2configs/mc.nix
+++ b/lass/2configs/mc.nix
@@ -159,37 +159,25 @@ let
### Images ###
- type/^GIF
+ shell/i/.gif
Include=image
- type/^JPEG
+ regex/i/\.jpe?g$
Include=image
- type/^PC\ bitmap
+ shell/i/.bmp
Include=image
- type/^PNG
+ shell/i/.png
Include=image
- type/^JNG
+ shell/i/.jng
Include=image
- type/^MNG
+ shell/i/.mng
Include=image
- type/^TIFF
- Include=image
-
- type/^PBM
- Include=image
-
- type/^PGM
- Include=image
-
- type/^PPM
- Include=image
-
- type/^Netpbm
+ shell/i/.tiff
Include=image
shell/.ico
@@ -283,7 +271,7 @@ let
### Documents ###
# PDF
- type/^PDF
+ shell/i/.pdf
Open=zathura %f
View=zathura %f
From 9ff1f770f6f3703fad34ef4ce2d24116d84a5665 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 9 Nov 2015 02:36:07 +0100
Subject: [PATCH 006/142] l 3: add wordpress_nginx.nix
---
lass/3modules/default.nix | 1 +
lass/3modules/wordpress_nginx.nix | 195 ++++++++++++++++++++++++++++++
2 files changed, 196 insertions(+)
create mode 100644 lass/3modules/wordpress_nginx.nix
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index b081dc3cc..d0b96d2fd 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -9,5 +9,6 @@ _:
./per-user.nix
./urxvtd.nix
./xresources.nix
+ ./wordpress_nginx.nix
];
}
diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix
new file mode 100644
index 000000000..65170698f
--- /dev/null
+++ b/lass/3modules/wordpress_nginx.nix
@@ -0,0 +1,195 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.lass.wordpress;
+
+ out = {
+ options.lass.wordpress = api;
+ config = imp;
+ };
+
+ api = mkOption {
+ type = with types; attrsOf (submodule ({ config, ... }: {
+ options = {
+ domain = mkOption {
+ type = str;
+ default = config._module.args.name;
+ };
+ dbUser = mkOption {
+ type = str;
+ default = replaceStrings ["."] ["_"] config.domain;
+ };
+ dbName = mkOption {
+ type = str;
+ default = replaceStrings ["."] ["_"] config.domain;
+ };
+ folder = mkOption {
+ type = str;
+ default = "/srv/http/${config.domain}";
+ };
+ auto = mkOption {
+ type = bool;
+ default = false;
+ };
+ charset = mkOption {
+ type = str;
+ default = "utf8mb4";
+ };
+ collate = mkOption {
+ type = str;
+ default = "";
+ };
+ debug = mkOption {
+ type = bool;
+ default = false;
+ };
+ };
+ }));
+ default = {};
+ };
+
+ dataFolder = "/srv/http";
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+
+ imp = {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, ... }: {
+ server-names = [
+ "${domain}"
+ "www.${domain}"
+ ];
+ locations = [
+ (nameValuePair "/" ''
+ try_files $uri $uri/ /index.php?$args;
+ '')
+ (nameValuePair "~ \.php$" ''
+ fastcgi_pass unix:${dataFolder}/${domain}/phpfpm.pool;
+ include ${pkgs.nginx}/conf/fastcgi.conf;
+ '')
+ (nameValuePair "~ /\\." ''
+ deny all;
+ '')
+ ];
+ extraConfig = ''
+ root ${dataFolder}/${domain}/;
+ index index.php;
+ access_log /tmp/nginx_acc.log;
+ error_log /tmp/nginx_err.log;
+ error_page 404 /404.html;
+ error_page 500 502 503 504 /50x.html;
+ '';
+ });
+ services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, ... }: ''
+ listen = ${dataFolder}/${domain}/phpfpm.pool
+ user = ${user}
+ group = ${group}
+ pm = dynamic
+ pm.max_children = 5
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ listen.owner = ${user}
+ listen.group = ${group}
+ # errors to journal
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '');
+ systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, ... }: {
+ name = "wordpressInit-${name}";
+ value = {
+ path = [
+ pkgs.mysql
+ pkgs.su
+ pkgs.gawk
+ pkgs.jq
+ ];
+ requiredBy = [ "nginx.service" ];
+ serviceConfig = let
+ php.define = name: value:
+ "define(${php.newdoc name}, ${php.newdoc value});";
+ php.toString = x:
+ "'${x}'";
+ php.newdoc = s:
+ let b = "EOF${builtins.hashString "sha256" s}"; in
+ ''<<<'${b}'
+ ${s}
+ ${b}
+ '';
+ in {
+ Type = "oneshot";
+ ExecStart = pkgs.writeScript "wordpressInit" ''
+ #!/bin/sh
+ set -euf
+ wp_secrets=${shell.escape "${toString <secrets>}/${domain}/wp-secrets"}
+ db_password=$(cat ${shell.escape "${toString <secrets>}/${domain}/sql-db-pw"})
+ get_secret() {
+ echo "define('$1', $(jq -r ."$1" "$wp_secrets" | to_php_string));"
+ }
+ to_php_string() {
+ echo "base64_decode('$(base64)')"
+ }
+ {
+ cat ${toString <secrets/mysql_rootPassword>}
+ password=$(cat ${shell.escape (toString (<secrets/mysql_rootPassword>))})
+ # TODO passwordhash=$(su nobody2 -c mysql <<< "SELECT PASSWORD($(toSqlString <<< "$password"));")
+ # TODO as package pkgs.sqlHashPassword
+ # TODO not using mysql
+ # SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES';
+ passwordhash=$(su nobody2 -c 'mysql -u nobody --silent' <<< "SELECT PASSWORD('$db_password');")
+ user=${shell.escape dbUser}@localhost
+ database=${shell.escape dbName}
+ cat << EOF
+ CREATE DATABASE IF NOT EXISTS $database;
+ GRANT USAGE ON *.* TO $user IDENTIFIED BY PASSWORD '$passwordhash';
+ GRANT ALL PRIVILEGES ON $database.* TO $user;
+ FLUSH PRIVILEGES;
+ EOF
+ } | mysql -u root -p
+ # TODO nix2php for wp-config.php
+ cat > ${folder}/wp-config.php << EOF
+ <?php
+ define('DB_PASSWORD', '$db_password');
+ define('DB_HOST', 'localhost');
+
+ ${concatStringsSep "\n" (mapAttrsToList (name: value:
+ "define('${name}', $(printf '%s' ${shell.escape value} | to_php_string));"
+ ) {
+ DB_NAME = dbName;
+ DB_USER = dbUser;
+ DB_CHARSET = charset;
+ DB_COLLATE = collate;
+ })}
+
+ ${concatMapStringsSep "\n" (key: "$(get_secret ${shell.escape key})") [
+ "AUTH_KEY"
+ "SECURE_AUTH_KEY"
+ "LOGGED_IN_KEY"
+ "NONCE_KEY"
+ "AUTH_SALT"
+ "SECURE_AUTH_SALT"
+ "LOGGED_IN_SALT"
+ "NONCE_SALT"
+ ]}
+
+ \$table_prefix = 'wp_';
+ define('WP_DEBUG', ${toJSON debug});
+ if ( !defined('ABSPATH') )
+ define('ABSPATH', dirname(__FILE__) . '/');
+
+ /** Sets up WordPress vars and included files. */
+ require_once(ABSPATH . 'wp-settings.php');
+ EOF
+ '';
+ };
+ };
+ });
+ users.users.nobody2 = {
+ uid = 125816384; # genid nobody2
+ useDefaultShell = true;
+ };
+ };
+
+in out
From 45cb096a879923a0842f67e23ea5f9c36be4831c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Nov 2015 12:58:09 +0100
Subject: [PATCH 007/142] krebs: expose krebs.populate
---
krebs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/default.nix b/krebs/default.nix
index bfd6175d9..ad0205426 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -11,6 +11,7 @@ let out = {
inherit infest;
inherit init;
inherit nixos-install;
+ inherit populate;
};
deploy =
From 557eefd36b446d73437c933c8ff895b910674aba Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Nov 2015 12:58:32 +0100
Subject: [PATCH 008/142] gum: prepare, add target
---
makefu/1systems/gum.nix | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 85cf4c533..a028145ce 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -9,24 +9,23 @@ in {
# TODO: copy this config or move to krebs
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
+ ../2configs/fs/single-partition-ext4.nix
# ../2configs/iodined.nix
- # Reaktor
- ../2configs/Reaktor/simpleExtend.nix
];
-
+ boot.loader.grub.device = "/dev/sda";
+ boot.loader.grub.splashImage = null;
+ boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
- krebs.Reaktor.enable = true;
-
- # prepare graphs
- krebs.nginx.enable = true;
-
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
+ '';
networking = {
firewall.allowPing = true;
- firewall.allowedTCPPorts = [ 80 443 655 ];
- firewall.allowedUDPPorts = [ 655 ];
- interfaces.enp2s1.ip4 = [{
+ interfaces.et0.ip4 = [{
address = external-ip;
prefixLength = 24;
}];
@@ -34,5 +33,4 @@ in {
nameservers = [ "8.8.8.8" ];
};
- # based on ../../tv/2configs/CAC-Developer-2.nix
}
From 94a394539dc7876a027c5d06aa623e507d82781b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Nov 2015 18:52:50 +0100
Subject: [PATCH 009/142] infest: add curl to debian deps
---
krebs/4lib/infest/prepare.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh
index 182a068ef..0bfc49380 100644
--- a/krebs/4lib/infest/prepare.sh
+++ b/krebs/4lib/infest/prepare.sh
@@ -66,6 +66,7 @@ prepare_debian() {
type bzip2 2>/dev/null || apt-get install bzip2
type git 2>/dev/null || apt-get install git
type rsync 2>/dev/null || apt-get install rsync
+ type curl 2>/dev/null || apt-get install curl
prepare_common
}
From b394c79051fbcf6cf072f2b9af75819d37cd2426 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Nov 2015 18:53:31 +0100
Subject: [PATCH 010/142] m 1 gum:update firewall
---
makefu/1systems/gum.nix | 28 +++++++++++++++++++++++-----
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index a028145ce..3a010220e 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -13,18 +13,36 @@ in {
# ../2configs/iodined.nix
];
- boot.loader.grub.device = "/dev/sda";
- boot.loader.grub.splashImage = null;
- boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
- boot.kernelModules = [ "kvm-intel" ];
+
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
+ # Hardware
+ boot.loader.grub.device = "/dev/sda";
+ boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
+ boot.kernelModules = [ "kvm-intel" ];
+
+ # Network
+
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
'';
networking = {
- firewall.allowPing = true;
+ firewall = {
+ allowPing = true;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # tinc
+ 655
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ ];
+ };
interfaces.et0.ip4 = [{
address = external-ip;
prefixLength = 24;
From cdc77bf0bc39f9c815ad5bedd47ac3a372c00315 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Nov 2015 19:36:46 +0100
Subject: [PATCH 011/142] m 1 gum: add chat tools
---
makefu/1systems/gum.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 3a010220e..8dd347b4f 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -17,6 +17,12 @@ in {
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
+ # Chat
+ environment.systemPackages = with pkgs;[
+ weechat
+ ];
+ services.bitlbee.enable = true;
+
# Hardware
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
From 9126fdc929f7e4e532292e0b2888c5d1a67e3908 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 00:42:17 +0100
Subject: [PATCH 012/142] l 2 git: get irc-announce from pkgs
---
lass/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 7e8fc03c7..f35c8fccc 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -50,7 +50,7 @@ let
inherit name desc;
public = true;
hooks = {
- post-receive = git.irc-announce {
+ post-receive = pkgs.git-hooks.irc-announce {
# TODO make nick = config.krebs.build.host.name the default
nick = config.krebs.build.host.name;
channel = "#retiolum";
From f2ec685c7cab342eefc227e6d9363d73f57d83b5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 00:43:28 +0100
Subject: [PATCH 013/142] l 2 git: adapt to new lib architecture
---
lass/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index f35c8fccc..743263022 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import ../../tv/4lib { inherit lib pkgs; };
+with lib;
let
From b1613c0a20e661205ebb203ae238600b280ab396 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 00:47:19 +0100
Subject: [PATCH 014/142] l 2 git: get secrets the new way
---
lass/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 743263022..539a9bbd2 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -43,7 +43,7 @@ let
collaborators = with config.krebs.users; [ tv makefu ];
};
} //
- import /root/src/secrets/repos.nix { inherit config lib pkgs; }
+ import <secrets/repos.nix> { inherit config lib pkgs; }
);
make-public-repo = name: { desc ? null, ... }: {
From cda6bf1abe03b679d19591e45e1f981a643a9959 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 00:48:09 +0100
Subject: [PATCH 015/142] l 2 configs: use krebs.per-user
---
lass/2configs/skype.nix | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/lass/2configs/skype.nix b/lass/2configs/skype.nix
index 7e4618a7b..6a226441b 100644
--- a/lass/2configs/skype.nix
+++ b/lass/2configs/skype.nix
@@ -4,10 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
- imports = [
- ../3modules/per-user.nix
- ];
-
users.extraUsers = {
skype = {
name = "skype";
@@ -20,7 +16,7 @@ in {
};
};
- lass.per-user.skype.packages = [
+ krebs.per-user.skype.packages = [
pkgs.skype
];
From 0580070f86ea64fd5e21ae1a212f25a3caf8b3e7 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 00:50:02 +0100
Subject: [PATCH 016/142] l 3 go: activate redis via mkDefault
---
lass/3modules/go.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/3modules/go.nix b/lass/3modules/go.nix
index aa900f118..b83d2e5a1 100644
--- a/lass/3modules/go.nix
+++ b/lass/3modules/go.nix
@@ -26,6 +26,11 @@ let
};
imp = {
+ services.redis = {
+ enable = mkDefault true;
+ bind = mkDefault "127.0.0.1";
+ };
+
users.extraUsers.go = {
name = "go";
uid = 42774411; #genid go
From b6491e3b43e6d9bc4d76ce2845645b001b9d23c1 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 00:59:07 +0100
Subject: [PATCH 017/142] l 4: remove simpleScript
---
lass/4lib/default.nix | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index 6a8a28972..a751a2995 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -1,19 +1,9 @@
-{ lib, pkgs, ... }:
+{ lib, ... }:
with lib;
{
- simpleScript = name: content:
- pkgs.stdenv.mkDerivation {
- inherit name;
- phases = [ "installPhase" ];
- installPhase = ''
- mkdir -p $out/bin
- ln -s ${pkgs.writeScript name content} $out/bin/${name}
- '';
- };
-
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
From 3c77b638c73ce6b57619371cc9636b8e701056d9 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 00:59:34 +0100
Subject: [PATCH 018/142] l 2 browsers: add simpleScript
---
lass/2configs/browsers.nix | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 5a1857973..849778a7a 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -1,7 +1,15 @@
{ config, lib, pkgs, ... }:
let
- inherit (import ../4lib { inherit pkgs lib; }) simpleScript;
+ simpleScript = name: content:
+ pkgs.stdenv.mkDerivation {
+ inherit name;
+ phases = [ "installPhase" ];
+ installPhase = ''
+ mkdir -p $out/bin
+ ln -s ${pkgs.writeScript name content} $out/bin/${name}
+ '';
+ };
mainUser = config.users.extraUsers.mainUser;
createChromiumUser = name: extraGroups: packages:
From 2fa3c56b10508400c2290937564bdd1c30b0c1d0 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 01:01:45 +0100
Subject: [PATCH 019/142] l 2 base: nixpkgs rev 6d31e9b -> 7ae05ed
---
lass/2configs/base.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 11bc4f089..944db83e0 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -48,7 +48,7 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
+ rev = "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
};
dir.secrets = {
host = config.krebs.hosts.mors;
From 40cb49f5246ad59abbda628244bb6edbe30058c0 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 01:02:28 +0100
Subject: [PATCH 020/142] l 1 echelon: disable redis
---
lass/1systems/echelon.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/echelon.nix b/lass/1systems/echelon.nix
index dc0ca0274..39af4a96f 100644
--- a/lass/1systems/echelon.nix
+++ b/lass/1systems/echelon.nix
@@ -13,7 +13,7 @@ in {
../2configs/realwallpaper-server.nix
../2configs/privoxy-retiolum.nix
../2configs/git.nix
- ../2configs/redis.nix
+ #../2configs/redis.nix
../2configs/go.nix
../2configs/ircd.nix
../2configs/newsbot-js.nix
From ccb6884708f8106a4f02dcd9dc98e9fd02668add Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 01:06:16 +0100
Subject: [PATCH 021/142] l 1 prism: add stuff for oneline httpserver
---
lass/1systems/prism.nix | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index ff5fad75f..85021887f 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -107,6 +107,14 @@ in {
{ predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";}
];
}
+ {
+ environment.systemPackages = [
+ pkgs.perlPackages.Plack
+ ];
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From 58890bc80b28ed02e98b21a054849220a69919cb Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 01:07:54 +0100
Subject: [PATCH 022/142] l: use new xserver architecture
---
lass/2configs/baseX.nix | 53 ++---
lass/2configs/xserver/Xresources.nix | 27 +++
lass/2configs/xserver/default.nix | 161 +++++++++++++++
lass/2configs/xserver/xserver.conf.nix | 40 ++++
lass/5pkgs/default.nix | 3 +
lass/5pkgs/xmonad-lass/.gitignore | 1 +
lass/5pkgs/xmonad-lass/Main.hs | 190 ++++++++++++++++++
lass/5pkgs/xmonad-lass/Makefile | 6 +
.../xmonad-lass/Util/PerWorkspaceConfig.hs | 52 +++++
lass/5pkgs/xmonad-lass/xmonad.cabal | 17 ++
10 files changed, 524 insertions(+), 26 deletions(-)
create mode 100644 lass/2configs/xserver/Xresources.nix
create mode 100644 lass/2configs/xserver/default.nix
create mode 100644 lass/2configs/xserver/xserver.conf.nix
create mode 100644 lass/5pkgs/xmonad-lass/.gitignore
create mode 100644 lass/5pkgs/xmonad-lass/Main.hs
create mode 100644 lass/5pkgs/xmonad-lass/Makefile
create mode 100644 lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
create mode 100644 lass/5pkgs/xmonad-lass/xmonad.cabal
diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index e373c3d9a..4e46c18d2 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -5,7 +5,8 @@ let
in {
imports = [
./base.nix
- ./urxvt.nix
+ #./urxvt.nix
+ ./xserver
];
users.extraUsers.mainUser.extraGroups = [ "audio" ];
@@ -37,36 +38,36 @@ in {
zathura
#window manager stuff
- haskellPackages.xmobar
- haskellPackages.yeganesh
- dmenu2
- xlibs.fontschumachermisc
+ #haskellPackages.xmobar
+ #haskellPackages.yeganesh
+ #dmenu2
+ #xlibs.fontschumachermisc
];
- fonts.fonts = [
- pkgs.xlibs.fontschumachermisc
- ];
+ #fonts.fonts = [
+ # pkgs.xlibs.fontschumachermisc
+ #];
- services.xserver = {
- enable = true;
+ #services.xserver = {
+ # enable = true;
- windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
- X11-xshape
- ];
- windowManager.xmonad.enable = true;
- windowManager.xmonad.enableContribAndExtras = true;
- windowManager.default = "xmonad";
- desktopManager.default = "none";
- desktopManager.xterm.enable = false;
- displayManager.slim.enable = true;
- displayManager.auto.enable = true;
- displayManager.auto.user = mainUser.name;
+ # windowManager.xmonad.extraPackages = hspkgs: with hspkgs; [
+ # X11-xshape
+ # ];
+ # windowManager.xmonad.enable = true;
+ # windowManager.xmonad.enableContribAndExtras = true;
+ # windowManager.default = "xmonad";
+ # desktopManager.default = "none";
+ # desktopManager.xterm.enable = false;
+ # displayManager.slim.enable = true;
+ # displayManager.auto.enable = true;
+ # displayManager.auto.user = mainUser.name;
- layout = "us";
- xkbModel = "evdev";
- xkbVariant = "altgr-intl";
- xkbOptions = "caps:backspace";
- };
+ # layout = "us";
+ # xkbModel = "evdev";
+ # xkbVariant = "altgr-intl";
+ # xkbOptions = "caps:backspace";
+ #};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
diff --git a/lass/2configs/xserver/Xresources.nix b/lass/2configs/xserver/Xresources.nix
new file mode 100644
index 000000000..d52418897
--- /dev/null
+++ b/lass/2configs/xserver/Xresources.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+pkgs.writeText "Xresources" ''
+ URxvt*scrollBar: false
+ URxvt*urgentOnBell: true
+ URxvt*font: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
+ URxvt*boldFont: -*-clean-*-*-*-*-*-*-*-*-*-*-iso10646-*
+
+ ! ref https://github.com/muennich/urxvt-perls
+ URxvt.perl-lib: ${pkgs.urxvt_perls}/lib/urxvt/perl
+ URxvt.perl-ext-common: default,clipboard,url-select,keyboard-select
+ URxvt.url-select.launcher: browser-select
+ URxvt.url-select.underline: true
+ URxvt.keysym.M-u: perl:url-select:select_next
+ URxvt.keysym.M-Escape: perl:keyboard-select:activate
+ URxvt.keysym.M-s: perl:keyboard-select:search
+
+ URxvt.intensityStyles: false
+
+ URxvt*background: #000000
+ URxvt*foreground: #ffffff
+
+ !change unreadable blue
+ URxvt*color4: #268bd2
+''
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
new file mode 100644
index 000000000..ceccf5fee
--- /dev/null
+++ b/lass/2configs/xserver/default.nix
@@ -0,0 +1,161 @@
+{ config, lib, pkgs, ... }@args:
+
+with lib;
+
+let
+ # TODO krebs.build.user
+ user = config.users.users.mainUser;
+
+ out = {
+
+ services.xserver = {
+ display = 11;
+ tty = 11;
+
+ synaptics = {
+ enable = true;
+ twoFingerScroll = true;
+ accelFactor = "0.035";
+ };
+
+ #keyboard stuff
+ layout = "us";
+ xkbVariant = "altgr-intl";
+ xkbOptions = "caps:backspace";
+ };
+
+ fonts.fonts = [
+ pkgs.xlibs.fontschumachermisc
+ ];
+
+ systemd.services.urxvtd = {
+ wantedBy = [ "multi-user.target" ];
+ reloadIfChanged = true;
+ serviceConfig = {
+ ExecReload = need-reload "urxvtd.service";
+ ExecStart = "${pkgs.rxvt_unicode}/bin/urxvtd";
+ Restart = "always";
+ RestartSec = "2s";
+ StartLimitBurst = 0;
+ User = user.name;
+ };
+ };
+
+ environment.systemPackages = [
+ pkgs.gitAndTools.qgit
+ pkgs.mpv
+ pkgs.pavucontrol
+ pkgs.slock
+ pkgs.sxiv
+ pkgs.xsel
+ pkgs.zathura
+ ];
+
+ security.setuidPrograms = [
+ "slock"
+ ];
+
+ systemd.services.display-manager = mkForce {};
+
+ services.xserver.enable = true;
+
+ systemd.services.xmonad = {
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "xserver.service" ];
+ environment = xmonad-environment;
+ serviceConfig = {
+ ExecStart = "${xmonad-start}/bin/xmonad";
+ ExecStop = "${xmonad-stop}/bin/xmonad-stop";
+ User = user.name;
+ WorkingDirectory = user.home;
+ };
+ };
+
+ systemd.services.xserver = {
+ after = [
+ "systemd-udev-settle.service"
+ "local-fs.target"
+ "acpid.service"
+ ];
+ reloadIfChanged = true;
+ environment = xserver-environment;
+ serviceConfig = {
+ ExecReload = need-reload "xserver.service";
+ ExecStart = "${xserver}/bin/xserver";
+ };
+ };
+ };
+
+ xmonad-environment = {
+ DISPLAY = ":${toString config.services.xserver.display}";
+ XMONAD_STATE = "/tmp/xmonad.state";
+
+ # XXX JSON is close enough :)
+ XMONAD_WORKSPACES0_FILE = pkgs.writeText "xmonad.workspaces0" (toJSON [
+ "cr"
+ "gm"
+ "ff"
+ "IM"
+ "mail"
+ "stockholm"
+ ]);
+ };
+
+ xmonad-start = pkgs.writeScriptBin "xmonad" ''
+ #! ${pkgs.bash}/bin/bash
+ set -efu
+ export PATH; PATH=${makeSearchPath "bin" ([
+ pkgs.rxvt_unicode
+ pkgs.i3lock
+ pkgs.haskellPackages.yeganesh
+ pkgs.haskellPackages.xmobar
+ pkgs.dmenu
+ ] ++ config.environment.systemPackages)}:/var/setuid-wrappers
+ settle() {(
+ # Use PATH for a clean journal
+ command=''${1##*/}
+ PATH=''${1%/*}; export PATH
+ shift
+ until "$command" "$@"; do
+ ${pkgs.coreutils}/bin/sleep 1
+ done
+ )&}
+ settle ${pkgs.xorg.xhost}/bin/xhost +LOCAL:
+ settle ${pkgs.xorg.xrdb}/bin/xrdb -merge ${import ./Xresources.nix args}
+ settle ${pkgs.xorg.xsetroot}/bin/xsetroot -solid '#1c1c1c'
+ exec ${pkgs.xmonad-lass}/bin/xmonad
+ '';
+
+ xmonad-stop = pkgs.writeScriptBin "xmonad-stop" ''
+ #! /bin/sh
+ exec ${pkgs.xmonad-lass}/bin/xmonad --shutdown
+ '';
+
+ xserver-environment = {
+ XKB_BINDIR = "${pkgs.xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
+ XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
+ LD_LIBRARY_PATH = concatStringsSep ":" (
+ [ "${pkgs.xorg.libX11}/lib" "${pkgs.xorg.libXext}/lib" ]
+ ++ concatLists (catAttrs "libPath" config.services.xserver.drivers));
+ };
+
+ xserver = pkgs.writeScriptBin "xserver" ''
+ #! /bin/sh
+ set -efu
+ exec ${pkgs.xorg.xorgserver}/bin/X \
+ :${toString config.services.xserver.display} \
+ vt${toString config.services.xserver.tty} \
+ -config ${import ./xserver.conf.nix args} \
+ -logfile /var/log/X.${toString config.services.xserver.display}.log \
+ -nolisten tcp \
+ -xkbdir ${pkgs.xkeyboard_config}/etc/X11/xkb \
+ '';
+
+ need-reload = s: let
+ pkg = pkgs.writeScriptBin "need-reload" ''
+ #! /bin/sh
+ echo "$*"
+ '';
+ in "${pkg}/bin/need-reload ${s}";
+
+in out
diff --git a/lass/2configs/xserver/xserver.conf.nix b/lass/2configs/xserver/xserver.conf.nix
new file mode 100644
index 000000000..e8a997a99
--- /dev/null
+++ b/lass/2configs/xserver/xserver.conf.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.xserver;
+in
+
+pkgs.stdenv.mkDerivation {
+ name = "xserver.conf";
+
+ xfs = optionalString (cfg.useXFS != false)
+ ''FontPath "${toString cfg.useXFS}"'';
+
+ inherit (cfg) config;
+
+ buildCommand =
+ ''
+ echo 'Section "Files"' >> $out
+ echo $xfs >> $out
+
+ for i in ${toString config.fonts.fonts}; do
+ if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
+ for j in $(find $i -name fonts.dir); do
+ echo " FontPath \"$(dirname $j)\"" >> $out
+ done
+ fi
+ done
+
+ for i in $(find ${toString cfg.modules} -type d); do
+ if test $(echo $i/*.so* | wc -w) -ne 0; then
+ echo " ModulePath \"$i\"" >> $out
+ fi
+ done
+
+ echo 'EndSection' >> $out
+
+ echo "$config" >> $out
+ '';
+}
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 869f808ce..844d68a45 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -15,4 +15,7 @@ rec {
};
go = callPackage ./go/default.nix {};
newsbot-js = callPackage ./newsbot-js/default.nix {};
+ xmonad-lass =
+ let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
+ pkgs.haskellPackages.callPackage src {};
}
diff --git a/lass/5pkgs/xmonad-lass/.gitignore b/lass/5pkgs/xmonad-lass/.gitignore
new file mode 100644
index 000000000..616204547
--- /dev/null
+++ b/lass/5pkgs/xmonad-lass/.gitignore
@@ -0,0 +1 @@
+/shell.nix
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
new file mode 100644
index 000000000..10a3c5638
--- /dev/null
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -0,0 +1,190 @@
+{-# LANGUAGE DeriveDataTypeable #-} -- for XS
+{-# LANGUAGE FlexibleContexts #-} -- for xmonad'
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE ScopedTypeVariables #-}
+
+
+module Main where
+
+import Control.Exception
+import Text.Read (readEither)
+import XMonad
+import System.IO (hPutStrLn, stderr)
+import System.Environment (getArgs, withArgs, getEnv, getEnvironment)
+import System.Posix.Process (executeFile)
+import XMonad.Prompt (defaultXPConfig)
+import XMonad.Actions.DynamicWorkspaces ( addWorkspacePrompt, renameWorkspace
+ , removeEmptyWorkspace)
+import XMonad.Actions.GridSelect
+import XMonad.Actions.CycleWS (toggleWS)
+--import XMonad.Actions.CopyWindow ( copy )
+import XMonad.Layout.NoBorders ( smartBorders )
+import qualified XMonad.StackSet as W
+import Data.Map (Map)
+import qualified Data.Map as Map
+-- TODO import XMonad.Layout.WorkspaceDir
+import XMonad.Hooks.UrgencyHook (SpawnUrgencyHook(..), withUrgencyHook)
+-- import XMonad.Layout.Tabbed
+--import XMonad.Layout.MouseResizableTile
+import XMonad.Layout.Reflect (reflectVert)
+import XMonad.Layout.FixedColumn (FixedColumn(..))
+import XMonad.Hooks.Place (placeHook, smart)
+import XMonad.Hooks.FloatNext (floatNextHook)
+import XMonad.Actions.PerWorkspaceKeys (chooseAction)
+import XMonad.Layout.PerWorkspace (onWorkspace)
+--import XMonad.Layout.BinarySpacePartition
+import XMonad.Util.EZConfig (additionalKeysP)
+
+import XMonad.Prompt (autoComplete, defaultXPConfig, XPConfig, mkXPrompt)
+import XMonad.Hooks.UrgencyHook (focusUrgent, withUrgencyHook, urgencyBorderColor, BorderUrgencyHook(BorderUrgencyHook))
+import XMonad.Actions.DynamicWorkspaces (addWorkspacePrompt, removeEmptyWorkspace, renameWorkspace, withWorkspace)
+import XMonad.Hooks.FloatNext (floatNext, floatNextHook)
+import XMonad.Prompt.Workspace
+import XMonad.Actions.CopyWindow (copy, kill1)
+import qualified Data.Map as M
+import XMonad.Hooks.ManageDocks (avoidStruts, manageDocks, ToggleStruts(ToggleStruts))
+
+--import XMonad.Actions.Submap
+import XMonad.Stockholm.Pager
+import XMonad.Stockholm.Rhombus
+import XMonad.Stockholm.Shutdown
+
+myTerm :: String
+myTerm = "urxvtc"
+
+myRootTerm :: String
+myRootTerm = "urxvtc -name root-urxvt -e su -"
+
+myFont :: String
+myFont = "-schumacher-*-*-*-*-*-*-*-*-*-*-*-iso10646-*"
+
+main :: IO ()
+main = getArgs >>= \case
+ ["--shutdown"] -> sendShutdownEvent
+ _ -> mainNoArgs
+
+mainNoArgs :: IO ()
+mainNoArgs = do
+ xmonad'
+ -- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
+ -- urgencyConfig { remindWhen = Every 1 }
+ -- $ withUrgencyHook borderUrgencyHook "magenta"
+ -- $ withUrgencyHookC BorderUrgencyHook { urgencyBorderColor = "magenta" } urgencyConfig { suppressWhen = Never }
+ $ withUrgencyHook (SpawnUrgencyHook "echo emit Urgency ")
+ $ defaultConfig
+ { terminal = myTerm
+ , modMask = mod4Mask
+ , layoutHook = smartBorders $ myLayoutHook
+ -- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
+ --, handleEventHook = handleTimerEvent
+ , manageHook = placeHook (smart (1,0)) <+> floatNextHook
+ , startupHook = spawn "echo emit XMonadStartup"
+ , normalBorderColor = "#1c1c1c"
+ , focusedBorderColor = "#f000b0"
+ , handleEventHook = handleShutdownEvent
+ } `additionalKeysP` myKeyMap
+
+myLayoutHook = defLayout
+ where
+ defLayout = (avoidStruts $ Tall 1 (3/100) (1/2) ||| Full ||| Mirror (Tall 1 (3/100) (1/2))) ||| FixedColumn 2 80 80 1
+
+
+xmonad' :: (LayoutClass l Window, Read (l Window)) => XConfig l -> IO ()
+xmonad' conf = do
+ path <- getEnv "XMONAD_STATE"
+ try (readFile path) >>= \case
+ Right content -> do
+ hPutStrLn stderr ("resuming from " ++ path)
+ withArgs ("--resume" : lines content) (xmonad conf)
+ Left e -> do
+ hPutStrLn stderr (displaySomeException e)
+ xmonad conf
+
+
+displaySomeException :: SomeException -> String
+displaySomeException = displayException
+
+
+myKeyMap =
+ [ ("M4-<F11>", spawn "i3lock -i ~/lock.png -u" )
+ , ("M4-p", spawn "passmenu --type")
+ , ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
+ -- , ("M4-r", io (readProcess "yeganesh" ["-x"] "" >>= putStrLn ) )
+ , ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
+ , ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
+ , ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
+
+ , ("M4-a", focusUrgent)
+ , ("M4-S-r", renameWorkspace defaultXPConfig)
+ , ("M4-S-a", addWorkspacePrompt defaultXPConfig)
+ , ("M4-S-<Backspace>", removeEmptyWorkspace)
+ , ("M4-S-c", kill1)
+ , ("M4-<Esc>", toggleWS)
+ , ("M4-S-<Enter>", spawn myTerm)
+ , ("M4-x", floatNext True >> spawn myTerm)
+ , ("M4-f", floatNext True)
+ , ("M4-b", sendMessage ToggleStruts)
+
+ , ("M4-v", withWorkspace myXPConfig (windows . W.view))
+ , ("M4-S-v", withWorkspace myXPConfig (windows . W.shift))
+ , ("M4-C-v", withWorkspace myXPConfig (windows . copy))
+
+ -- , (_4 , xK_q ) & \k -> (k, goToSelected myCNConfig { gs_navigate = makeGSNav k } )
+ -- , (_4S, xK_q ) & \k -> (k, bringSelected myCNConfig { gs_navigate = makeGSNav k } )
+ -- , (_4C, xK_q ) & \k -> (k, withSelectedWindow ( \a -> get >>= \s -> put s { windowset = copyWindow a (W.tag $ W.workspace $ W.current $ windowset s) (windowset s) } ) myCNConfig { gs_navigate = makeGSNav k } )
+
+ --, ("M4-<F1>", perWorkspaceAction workspaceConfigs)
+ , ("M4-S-q", return ())
+ ]
+
+myGSConfig = defaultGSConfig
+ { gs_cellheight = 50
+ , gs_cellpadding = 2
+ , gs_navigate = navNSearch
+ , gs_font = myFont
+ }
+
+myXPConfig :: XPConfig
+myXPConfig = defaultXPConfig
+ { autoComplete = Just 5000
+ }
+
+myWSConfig = myGSConfig
+ { gs_cellwidth = 50
+ }
+
+pagerConfig :: PagerConfig
+pagerConfig = defaultPagerConfig
+ { pc_font = myFont
+ , pc_cellwidth = 64
+ --, pc_cellheight = 36 -- TODO automatically keep screen aspect
+ --, pc_borderwidth = 1
+ --, pc_matchcolor = "#f0b000"
+ , pc_matchmethod = MatchPrefix
+ --, pc_colors = pagerWorkspaceColors
+ , pc_windowColors = windowColors
+ }
+ where
+ windowColors _ _ _ True _ = ("#ef4242","#ff2323")
+ windowColors wsf m c u wf = do
+ let def = defaultWindowColors wsf m c u wf
+ if m == False && wf == True
+ then ("#402020", snd def)
+ else def
+
+wGSConfig :: GSConfig Window
+wGSConfig = defaultGSConfig
+ { gs_cellheight = 20
+ , gs_cellwidth = 192
+ , gs_cellpadding = 5
+ , gs_font = myFont
+ , gs_navigate = navNSearch
+ }
+
+�
+(&) :: a -> (a -> c) -> c
+(&) = flip ($)
+
+allWorkspaceNames :: W.StackSet i l a sid sd -> X [i]
+allWorkspaceNames ws =
+ return $ map W.tag (W.hidden ws) ++ [W.tag $ W.workspace $ W.current ws]
diff --git a/lass/5pkgs/xmonad-lass/Makefile b/lass/5pkgs/xmonad-lass/Makefile
new file mode 100644
index 000000000..cbb0776e6
--- /dev/null
+++ b/lass/5pkgs/xmonad-lass/Makefile
@@ -0,0 +1,6 @@
+.PHONY: ghci
+ghci: shell.nix
+ nix-shell --command 'exec ghci -Wall'
+
+shell.nix: xmonad.cabal
+ cabal2nix --shell . > $@
diff --git a/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs b/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
new file mode 100644
index 000000000..bba7c8c60
--- /dev/null
+++ b/lass/5pkgs/xmonad-lass/Util/PerWorkspaceConfig.hs
@@ -0,0 +1,52 @@
+module Util.PerWorkspaceConfig
+ ( WorkspaceConfig (..)
+ , WorkspaceConfigs
+ , switchToWorkspace
+ , defaultWorkspaceConfig
+ , perWorkspaceAction
+ , perWorkspaceTermAction
+-- , myLayoutHack
+ )
+where
+
+import XMonad
+import XMonad.Core (LayoutClass)
+import Control.Monad (when)
+
+import qualified Data.Map as M
+import qualified XMonad.StackSet as W
+
+data WorkspaceConfig l =
+ WorkspaceConfig
+ { switchAction :: X ()
+ , startAction :: X ()
+ , keyAction :: X ()
+ , termAction :: X ()
+ }
+
+type WorkspaceConfigs l = M.Map WorkspaceId (WorkspaceConfig l)
+
+defaultWorkspaceConfig = WorkspaceConfig
+ { switchAction = return ()
+ , startAction = return ()
+ , keyAction = return ()
+ , termAction = spawn "urxvtc"
+ }
+
+whenLookup wsId cfg a =
+ when (M.member wsId cfg) (a $ cfg M.! wsId)
+
+switchToWorkspace :: WorkspaceConfigs l -> WorkspaceId -> X ()
+switchToWorkspace cfg wsId = do
+ windows $ W.greedyView wsId
+ wins <- gets (W.integrate' . W.stack . W.workspace . W.current . windowset)
+ when (null wins) $ whenLookup wsId cfg startAction
+ whenLookup wsId cfg switchAction
+
+perWorkspaceAction :: WorkspaceConfigs l -> X ()
+perWorkspaceAction cfg = withWindowSet $ \s -> whenLookup (W.currentTag s) cfg keyAction
+
+perWorkspaceTermAction :: WorkspaceConfigs l -> X ()
+perWorkspaceTermAction cfg = withWindowSet $ \s -> case M.lookup (W.currentTag s) cfg of
+ Just x -> termAction x
+ _ -> termAction defaultWorkspaceConfig
diff --git a/lass/5pkgs/xmonad-lass/xmonad.cabal b/lass/5pkgs/xmonad-lass/xmonad.cabal
new file mode 100644
index 000000000..37809b599
--- /dev/null
+++ b/lass/5pkgs/xmonad-lass/xmonad.cabal
@@ -0,0 +1,17 @@
+Author: lass
+Build-Type: Simple
+Cabal-Version: >= 1.2
+License: MIT
+Name: xmonad-lass
+Version: 0
+
+Executable xmonad
+ Build-Depends:
+ base,
+ containers,
+ unix,
+ xmonad,
+ xmonad-contrib,
+ xmonad-stockholm
+ GHC-Options: -Wall -O3 -threaded -rtsopts
+ Main-Is: Main.hs
From c373eac636525a65d28c1f39cbf599edbcf60ebc Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 01:10:55 +0100
Subject: [PATCH 023/142] l 1 mors: use new wordpress test
---
lass/1systems/mors.nix | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 7db3f8333..803c149b8 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -18,10 +18,31 @@
../2configs/chromium-patched.nix
../2configs/git.nix
../2configs/retiolum.nix
- ../2configs/wordpress.nix
+ #../2configs/wordpress.nix
../2configs/bitlbee.nix
../2configs/firefoxPatched.nix
../2configs/skype.nix
+ {
+ #wordpress-test
+ #imports = singleton (sitesGenerators.createWordpress "testserver.de");
+ imports = [
+ ../3modules/wordpress_nginx.nix
+ ];
+ lass.wordpress."testserver.de" = {
+ };
+
+ services.mysql = {
+ enable = true;
+ package = pkgs.mariadb;
+ rootPassword = "<secrets>/mysql_rootPassword";
+ };
+ networking.extraHosts = ''
+ 10.243.0.2 testserver.de
+ '';
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; precedence = 9998; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.mors;
From 8cc4395e15498aa607e96fef09d9f7b9827567fc Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 01:12:07 +0100
Subject: [PATCH 024/142] l 1 mors: open risk of rain port for lan
---
lass/1systems/mors.nix | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 803c149b8..7b91fa6be 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -22,6 +22,12 @@
../2configs/bitlbee.nix
../2configs/firefoxPatched.nix
../2configs/skype.nix
+ {
+ #risk of rain port
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; }
+ ];
+ }
{
#wordpress-test
#imports = singleton (sitesGenerators.createWordpress "testserver.de");
From 58eab5df691efd6933063ba1ec9278cd940a1ba1 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 01:16:15 +0100
Subject: [PATCH 025/142] l 3 go -> k 3 go
---
krebs/3modules/default.nix | 1 +
{lass => krebs}/3modules/go.nix | 4 ++--
lass/3modules/default.nix | 1 -
3 files changed, 3 insertions(+), 3 deletions(-)
rename {lass => krebs}/3modules/go.nix (95%)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index b4e7f9254..6d62b2e38 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -13,6 +13,7 @@ let
./exim-smarthost.nix
./github-hosts-sync.nix
./git.nix
+ ./go.nix
./iptables.nix
./nginx.nix
./per-user.nix
diff --git a/lass/3modules/go.nix b/krebs/3modules/go.nix
similarity index 95%
rename from lass/3modules/go.nix
rename to krebs/3modules/go.nix
index b83d2e5a1..793d1f60d 100644
--- a/lass/3modules/go.nix
+++ b/krebs/3modules/go.nix
@@ -4,10 +4,10 @@ with builtins;
with lib;
let
- cfg = config.lass.go;
+ cfg = config.krebs.go;
out = {
- options.lass.go = api;
+ options.krebs.go = api;
config = mkIf cfg.enable imp;
};
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index d0b96d2fd..7c85af3a4 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -4,7 +4,6 @@ _:
./xresources.nix
./bitlbee.nix
./folderPerms.nix
- ./go.nix
./newsbot-js.nix
./per-user.nix
./urxvtd.nix
From 103f99d7a45d10b1beb67eead5c7713dd65807d6 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 01:18:40 +0100
Subject: [PATCH 026/142] l 2 go: adapt to lass.go -> krebs.go
---
lass/2configs/go.nix | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/lass/2configs/go.nix b/lass/2configs/go.nix
index 81a02ec7c..f4c2ac289 100644
--- a/lass/2configs/go.nix
+++ b/lass/2configs/go.nix
@@ -2,13 +2,10 @@
with lib;
{
- imports = [
- ../3modules/go.nix
- ];
environment.systemPackages = [
pkgs.go
];
- lass.go = {
+ krebs.go = {
enable = true;
};
krebs.nginx = {
From 222d959ee45de47bbbf70c64df8840a5f9e40aa5 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 11:08:56 +0100
Subject: [PATCH 027/142] l 2 git: make prism verbose host
---
lass/2configs/git.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix
index 539a9bbd2..16ecaefec 100644
--- a/lass/2configs/git.nix
+++ b/lass/2configs/git.nix
@@ -55,7 +55,7 @@ let
nick = config.krebs.build.host.name;
channel = "#retiolum";
server = "cd.retiolum";
- verbose = config.krebs.build.host.name == "echelon";
+ verbose = config.krebs.build.host.name == "prism";
};
};
};
From bd71d3367b73eafb1bb6c59e858c195f6cf9952a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 11:10:34 +0100
Subject: [PATCH 028/142] l 2 base: add monitoring tools
---
lass/2configs/base.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 944db83e0..a76ed4d6b 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -92,6 +92,10 @@ with lib;
most
rxvt_unicode.terminfo
+ #monitoring tools
+ htop
+ iotop
+
#network
iptables
From 525dff002e7fe360b0c9803f1004ad2c8749c319 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 13 Nov 2015 12:24:29 +0100
Subject: [PATCH 029/142] m 1 gum: disable ipv6, open up fw
---
makefu/1systems/gum.nix | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 8dd347b4f..63db7a71c 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -16,7 +16,6 @@ in {
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
-
# Chat
environment.systemPackages = with pkgs;[
weechat
@@ -33,21 +32,24 @@ in {
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
'';
+ boot.kernelParams = [ "ipv6.disable=1" ];
networking = {
- firewall = {
- allowPing = true;
- allowedTCPPorts = [
- # smtp
- 25
- # http
- 80 443
- # tinc
- 655
- ];
- allowedUDPPorts = [
- # tinc
- 655 53
- ];
+ enableIPv6 = false;
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [
+ # smtp
+ 25
+ # http
+ 80 443
+ # tinc
+ 655
+ ];
+ allowedUDPPorts = [
+ # tinc
+ 655 53
+ ];
};
interfaces.et0.ip4 = [{
address = external-ip;
From 383d8750236d58e9b7932a0c88a1245f95824045 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 13 Nov 2015 12:24:43 +0100
Subject: [PATCH 030/142] tinc_graphs: always restart
---
krebs/3modules/tinc_graphs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index e415d20ab..20aa385a9 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -89,9 +89,9 @@ let
};
restartIfChanged = true;
-
serviceConfig = {
Type = "simple";
+ restart = "always";
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
#!/bin/sh
From e0ae8c1a3fe333de8a14b04b4a7e2dd01163b727 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 13 Nov 2015 12:25:18 +0100
Subject: [PATCH 031/142] m 1 {gum,wry}: disable dropped packet logging
---
makefu/1systems/wry.nix | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index ba94972fb..cd39b4b9f 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -59,9 +59,12 @@ in {
};
networking = {
- firewall.allowPing = true;
- firewall.allowedTCPPorts = [ 53 80 443 ];
- firewall.allowedUDPPorts = [ 655 ];
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedTCPPorts = [ 53 80 443 ];
+ allowedUDPPorts = [ 655 ];
+ };
interfaces.enp2s1.ip4 = [{
address = external-ip;
prefixLength = 24;
From f8fabf4ea6f15b0c7613846e38051f83ef887933 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 13:03:48 +0100
Subject: [PATCH 032/142] shared: move stuff from 1/wolf.nix to 2/base.nix
---
shared/1systems/wolf.nix | 71 +-------------------------------------
shared/2configs/base.nix | 74 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 75 insertions(+), 70 deletions(-)
create mode 100644 shared/2configs/base.nix
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 60d1e8ce8..4fe3388c8 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -1,9 +1,8 @@
{ config, lib, pkgs, ... }:
-with lib;
-
{
imports = [
+ ../2configs/base.nix
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/collectd-base.nix
];
@@ -13,34 +12,6 @@ with lib;
krebs.build.user = config.krebs.users.shared;
krebs.build.target = "wolf";
- krebs.enable = true;
- krebs.retiolum = {
- enable = true;
- connectTo = [
- # TODO remove connectTo cd, this was only used for bootstrapping
- "cd"
- "gum"
- "pigstarter"
- ];
- };
-
- krebs.build.source = {
- git.nixpkgs = {
- url = https://github.com/NixOS/nixpkgs;
- rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
- };
- dir.secrets = {
- host = config.krebs.current.host;
- path = "${getEnv "HOME"}/secrets/krebs/wolf";
- };
- dir.stockholm = {
- host = config.krebs.current.host;
- path = "${getEnv "HOME"}/stockholm";
- };
- };
-
- networking.hostName = config.krebs.build.host.name;
-
boot.kernel.sysctl = {
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
@@ -63,45 +34,5 @@ with lib;
{ device = "/dev/disk/by-label/swap"; }
];
- nix.maxJobs = 1;
- nix.trustedBinaryCaches = [
- "https://cache.nixos.org"
- "http://cache.nixos.org"
- "http://hydra.nixos.org"
- ];
- nix.useChroot = true;
-
- nixpkgs.config.packageOverrides = pkgs: {
- nano = pkgs.vim;
- };
-
- environment.systemPackages = with pkgs; [
- git
- rxvt_unicode.terminfo
- ];
-
time.timeZone = "Europe/Berlin";
-
- programs.ssh.startAgent = false;
-
- services.openssh = {
- enable = true;
- hostKeys = [
- { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
- services.cron.enable = false;
- services.nscd.enable = false;
- services.ntp.enable = false;
-
- users.mutableUsers = false;
- users.extraUsers.root.openssh.authorizedKeys.keys = [
- # TODO
- config.krebs.users.lass.pubkey
- config.krebs.users.makefu.pubkey
- config.krebs.users.tv.pubkey
- ];
-
- # The NixOS release to be compatible with for stateful data such as databases.
- system.stateVersion = "15.09";
}
diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
new file mode 100644
index 000000000..c9f4ffa8d
--- /dev/null
+++ b/shared/2configs/base.nix
@@ -0,0 +1,74 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ krebs.enable = true;
+ krebs.retiolum = {
+ enable = true;
+ connectTo = [
+ # TODO remove connectTo cd, this was only used for bootstrapping
+ "cd"
+ "gum"
+ "pigstarter"
+ ];
+ };
+
+ krebs.build.source = {
+ git.nixpkgs = {
+ url = https://github.com/NixOS/nixpkgs;
+ rev = "6d31e9b81dcd4ab927bb3dc91b612dd5abfa2f80";
+ };
+ dir.secrets = {
+ host = config.krebs.current.host;
+ path = "${getEnv "HOME"}/secrets/krebs/wolf";
+ };
+ dir.stockholm = {
+ host = config.krebs.current.host;
+ path = "${getEnv "HOME"}/stockholm";
+ };
+ };
+
+ networking.hostName = config.krebs.build.host.name;
+
+ nix.maxJobs = 1;
+ nix.trustedBinaryCaches = [
+ "https://cache.nixos.org"
+ "http://cache.nixos.org"
+ "http://hydra.nixos.org"
+ ];
+ nix.useChroot = true;
+
+ nixpkgs.config.packageOverrides = pkgs: {
+ nano = pkgs.vim;
+ };
+
+ environment.systemPackages = with pkgs; [
+ git
+ rxvt_unicode.terminfo
+ ];
+
+ programs.ssh.startAgent = false;
+
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ services.cron.enable = false;
+ services.nscd.enable = false;
+ services.ntp.enable = false;
+
+ users.mutableUsers = false;
+ users.extraUsers.root.openssh.authorizedKeys.keys = [
+ # TODO
+ config.krebs.users.lass.pubkey
+ config.krebs.users.makefu.pubkey
+ config.krebs.users.tv.pubkey
+ ];
+
+
+ # The NixOS release to be compatible with for stateful data such as databases.
+ system.stateVersion = "15.09";
+
+}
From a204949071a964584bf27889277c8890ed724979 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 13:05:19 +0100
Subject: [PATCH 033/142] move testhosts to shared from lass
---
krebs/3modules/lass/default.nix | 32 ++--------------------
krebs/3modules/shared/default.nix | 32 ++++++++++++++++++++--
{lass => shared}/1systems/test-arch.nix | 8 ++----
{lass => shared}/1systems/test-centos6.nix | 4 +--
{lass => shared}/1systems/test-centos7.nix | 4 +--
5 files changed, 38 insertions(+), 42 deletions(-)
rename {lass => shared}/1systems/test-arch.nix (79%)
rename {lass => shared}/1systems/test-centos6.nix (79%)
rename {lass => shared}/1systems/test-centos7.nix (79%)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 2ad4353bd..c99263fe8 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -2,35 +2,7 @@
with lib;
-let
- testHosts = lib.genAttrs [
- "test-arch"
- "test-centos6"
- "test-centos7"
- ] (name: {
- inherit name;
- cores = 1;
- nets = {
- retiolum = {
- addrs4 = ["10.243.111.111"];
- addrs6 = ["42:0:0:0:0:0:0:7357"];
- aliases = [
- "test.retiolum"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
- mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
- TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
- K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
- QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
- VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- };
- };
- });
-in {
+{
hosts = addNames {
echelon = {
cores = 2;
@@ -241,7 +213,7 @@ in {
};
};
- } // testHosts;
+ };
users = addNames {
lass = {
pubkey = readFile ../../Zpubkeys/lass.ssh.pub;
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 24dd7b782..13aae886b 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -2,7 +2,35 @@
with lib;
-{
+let
+ testHosts = lib.genAttrs [
+ "test-arch"
+ "test-centos6"
+ "test-centos7"
+ ] (name: {
+ inherit name;
+ cores = 1;
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.111.111"];
+ addrs6 = ["42:0:0:0:0:0:0:7357"];
+ aliases = [
+ "test.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAy41YKF/wpHLnN370MSdnAo63QUW30aw+6O79cnaJyxoL6ZQkk4Nd
+ mrX2tBIfb2hhhgm4Jecy33WVymoEL7EiRZ6gshJaYwte51Jnrac6IFQyiRGMqHY5
+ TG/6IzzTOkeQrT1fw3Yfh0NRfqLBZLr0nAFoqgzIVRxvy+QO1gCU2UDKkQ/y5df1
+ K+YsMipxU08dsOkPkmLdC/+vDaZiEdYljIS3Omd+ED5JmLM3MSs/ZPQ8xjkjEAy8
+ QqD9/67bDoeXyg1ZxED2n0+aRKtU/CK/66Li//yev6yv38OQSEM4t/V0dr9sjLcY
+ VIdkxKf96F9r3vcDf/9xw2HrqVoy+D5XYQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ });
+in {
hosts = addNames {
wolf = {
#dc = "shack";
@@ -32,7 +60,7 @@ with lib;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYMXMWZIK0jjnZDM9INiYAKcwjXs2241vew54K8veCR";
};
- };
+ } // testHosts;
users = addNames {
shared = {
mail = "spam@krebsco.de";
diff --git a/lass/1systems/test-arch.nix b/shared/1systems/test-arch.nix
similarity index 79%
rename from lass/1systems/test-arch.nix
rename to shared/1systems/test-arch.nix
index 0ab9da2f3..ece209490 100644
--- a/lass/1systems/test-arch.nix
+++ b/shared/1systems/test-arch.nix
@@ -1,10 +1,6 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
-let
- inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
- inherit (lib) head;
-
-in {
+{
imports = [
../2configs/base.nix
{
diff --git a/lass/1systems/test-centos6.nix b/shared/1systems/test-centos6.nix
similarity index 79%
rename from lass/1systems/test-centos6.nix
rename to shared/1systems/test-centos6.nix
index 7270c2262..a8b5f9b9c 100644
--- a/lass/1systems/test-centos6.nix
+++ b/shared/1systems/test-centos6.nix
@@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
let
- inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = "168.235.148.52";
+ gw = "168.235.148.1";
in {
imports = [
../2configs/base.nix
@@ -16,7 +16,7 @@ in {
prefixLength = 24;
}
];
- networking.defaultGateway = getDefaultGateway ip;
+ networking.defaultGateway = gw;
networking.nameservers = [
"8.8.8.8"
];
diff --git a/lass/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix
similarity index 79%
rename from lass/1systems/test-centos7.nix
rename to shared/1systems/test-centos7.nix
index 91bd3e0fe..51e99600c 100644
--- a/lass/1systems/test-centos7.nix
+++ b/shared/1systems/test-centos7.nix
@@ -1,10 +1,10 @@
{ config, lib, pkgs, ... }:
let
- inherit (import ../4lib { inherit pkgs lib; }) getDefaultGateway;
inherit (lib) head;
ip = "168.235.145.85";
+ gw = "168.235.145.1";
in {
imports = [
../2configs/base.nix
@@ -16,7 +16,7 @@ in {
prefixLength = 24;
}
];
- networking.defaultGateway = getDefaultGateway ip;
+ networking.defaultGateway = gw;
networking.nameservers = [
"8.8.8.8"
];
From 07dca519636f07ee4887e14e0e9a9739ec9f8034 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 14:53:26 +0100
Subject: [PATCH 034/142] l 5 go -> k 5 go
---
{lass => krebs}/5pkgs/go/default.nix | 0
{lass => krebs}/5pkgs/go/packages.nix | 0
lass/5pkgs/default.nix | 7 +++----
3 files changed, 3 insertions(+), 4 deletions(-)
rename {lass => krebs}/5pkgs/go/default.nix (100%)
rename {lass => krebs}/5pkgs/go/packages.nix (100%)
diff --git a/lass/5pkgs/go/default.nix b/krebs/5pkgs/go/default.nix
similarity index 100%
rename from lass/5pkgs/go/default.nix
rename to krebs/5pkgs/go/default.nix
diff --git a/lass/5pkgs/go/packages.nix b/krebs/5pkgs/go/packages.nix
similarity index 100%
rename from lass/5pkgs/go/packages.nix
rename to krebs/5pkgs/go/packages.nix
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index 844d68a45..b3857ce97 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -5,15 +5,14 @@ let
in
rec {
- bitlbee-dev = callPackage ./bitlbee-dev.nix {};
- bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };
- bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; };
+ #bitlbee-dev = callPackage ./bitlbee-dev.nix {};
+ #bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };
+ #bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; };
firefoxPlugins = {
noscript = callPackage ./firefoxPlugins/noscript.nix {};
ublock = callPackage ./firefoxPlugins/ublock.nix {};
vimperator = callPackage ./firefoxPlugins/vimperator.nix {};
};
- go = callPackage ./go/default.nix {};
newsbot-js = callPackage ./newsbot-js/default.nix {};
xmonad-lass =
let src = pkgs.writeNixFromCabal "xmonad-lass.nix" ./xmonad-lass; in
From 88e0f5b0370efe9b93493c21d487917a29e44a1c Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 14:54:52 +0100
Subject: [PATCH 035/142] l 2 base: nixpkgs 7ae05ed -> 8d1ce12
---
lass/2configs/base.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index a76ed4d6b..61023057b 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -48,7 +48,7 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "7ae05edcdd14f6ace83ead9bf0d114e97c89a83a";
+ rev = "8d1ce129361312334bf914ce0d27e463cb0bb21b";
};
dir.secrets = {
host = config.krebs.hosts.mors;
From 2e2e5196d149379643244f92239f88f5d2eb2237 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 14:56:37 +0100
Subject: [PATCH 036/142] l: use bitlbee plugin architecture from nixpkgs
---
lass/2configs/bitlbee.nix | 16 +++-----
lass/5pkgs/bitlbee-dev.nix | 20 ----------
lass/5pkgs/bitlbee-steam.nix | 31 ----------------
lass/5pkgs/bitlbee.nix | 71 ------------------------------------
lass/5pkgs/default.nix | 3 --
5 files changed, 6 insertions(+), 135 deletions(-)
delete mode 100644 lass/5pkgs/bitlbee-dev.nix
delete mode 100644 lass/5pkgs/bitlbee-steam.nix
delete mode 100644 lass/5pkgs/bitlbee.nix
diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix
index fa14c7fea..b23628dc5 100644
--- a/lass/2configs/bitlbee.nix
+++ b/lass/2configs/bitlbee.nix
@@ -1,16 +1,12 @@
{ config, pkgs, ... }:
-let
- lpkgs = import ../5pkgs { inherit pkgs; };
-in {
-
- imports = [
- ../3modules/bitlbee.nix
- ];
-
- lass.bitlbee = {
+{
+ services.bitlbee = {
enable = true;
- bitlbeePkg = lpkgs.bitlbee;
portNumber = 6666;
+ plugins = [
+ pkgs.bitlbee-facebook
+ pkgs.bitlbee-steam
+ ];
};
}
diff --git a/lass/5pkgs/bitlbee-dev.nix b/lass/5pkgs/bitlbee-dev.nix
deleted file mode 100644
index dd129591e..000000000
--- a/lass/5pkgs/bitlbee-dev.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python }:
-
-stdenv.mkDerivation rec {
- name = "bitlbee-3.4.1";
-
- src = fetchurl {
- url = "mirror://bitlbee/src/${name}.tar.gz";
- sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
- };
-
- buildInputs = [ gnutls glib pkgconfig libotr python ];
-
- buildPhase = "";
-
- installPhase = ''
- make install-dev
- '';
-
-}
-
diff --git a/lass/5pkgs/bitlbee-steam.nix b/lass/5pkgs/bitlbee-steam.nix
deleted file mode 100644
index d869eaac5..000000000
--- a/lass/5pkgs/bitlbee-steam.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ stdenv, fetchgit, autoconf, automake, bitlbee-dev, glib, libgcrypt, libtool, pkgconfig }:
-
-stdenv.mkDerivation rec {
- name = "bitlbee-steam-1.3.1";
-
- src = fetchgit {
- url = "https://github.com/jgeboski/bitlbee-steam";
- rev = "439d777c7e8d06712ffc15c3e51d61799f4c0d0c";
- sha256 = "493924da1083a3b23073c595a9e1989a7ae09a196524ad66ca99c4d8ccc20d2a";
- };
-
- buildInputs = [
- autoconf
- automake
- bitlbee-dev
- glib
- libgcrypt
- libtool
- pkgconfig
- ];
-
- configurePhase = ''
- ./autogen.sh
- '';
-
- installPhase = ''
- mkdir -p $out
- cp steam/.libs/steam.la $out/
- cp steam/.libs/steam.so $out/
- '';
-}
diff --git a/lass/5pkgs/bitlbee.nix b/lass/5pkgs/bitlbee.nix
deleted file mode 100644
index 2a5a8d86d..000000000
--- a/lass/5pkgs/bitlbee.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-{ fetchurl, stdenv, gnutls, glib, pkgconfig, check, libotr, python
- , bitlbee-facebook ? null
- , bitlbee-steam ? null
-}:
-
-with stdenv.lib;
-stdenv.mkDerivation rec {
- name = "bitlbee-3.4.1";
-
- src = fetchurl {
- url = "mirror://bitlbee/src/${name}.tar.gz";
- sha256 = "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh";
- };
-
-
- buildInputs = [ gnutls glib pkgconfig libotr python ]
- ++ optional doCheck check;
-
- configureFlags = [
- "--gcov=1"
- "--otr=1"
- "--ssl=gnutls"
- ];
-
- postBuild = ''
- ${if (bitlbee-steam != null) then
- ''
- mkdir -p $out/lib/bitlbee/
- find ${bitlbee-steam}
- cp ${bitlbee-steam}/* $out/lib/bitlbee/
- ''
- else
- ""
- }
- '';
- #${concatMapStringsSep "\n" ([] ++
- # (if (bitlbee-facebook != null) then
- # "cp ${bitlbee-faceook}/* $out/"
- # else
- # ""
- # ) ++
- # (if (bitlbee-steam != null) then
- # "cp ${bitlbee-steam}/* $out/"
- # else
- # ""
- # )
- #)}
-
- doCheck = true;
-
- meta = {
- description = "IRC instant messaging gateway";
-
- longDescription = ''
- BitlBee brings IM (instant messaging) to IRC clients. It's a
- great solution for people who have an IRC client running all the
- time and don't want to run an additional MSN/AIM/whatever
- client.
-
- BitlBee currently supports the following IM networks/protocols:
- XMPP/Jabber (including Google Talk), MSN Messenger, Yahoo!
- Messenger, AIM and ICQ.
- '';
-
- homepage = http://www.bitlbee.org/;
- license = licenses.gpl2Plus;
-
- maintainers = with maintainers; [ wkennington pSub ];
- platforms = platforms.gnu; # arbitrary choice
- };
-}
diff --git a/lass/5pkgs/default.nix b/lass/5pkgs/default.nix
index b3857ce97..2b9582912 100644
--- a/lass/5pkgs/default.nix
+++ b/lass/5pkgs/default.nix
@@ -5,9 +5,6 @@ let
in
rec {
- #bitlbee-dev = callPackage ./bitlbee-dev.nix {};
- #bitlbee-steam = callPackage ./bitlbee-steam.nix { inherit bitlbee-dev; };
- #bitlbee = callPackage ./bitlbee.nix { inherit bitlbee-steam; };
firefoxPlugins = {
noscript = callPackage ./firefoxPlugins/noscript.nix {};
ublock = callPackage ./firefoxPlugins/ublock.nix {};
From f2e4288052b8b21e45a577fde8b8761e6295be5a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 14:57:19 +0100
Subject: [PATCH 037/142] l 2 weechat: bring everything up2date
---
lass/2configs/weechat.nix | 31 +++++++++++++++++++++++--------
1 file changed, 23 insertions(+), 8 deletions(-)
diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix
index cfcc1a2f6..18007ed61 100644
--- a/lass/2configs/weechat.nix
+++ b/lass/2configs/weechat.nix
@@ -1,22 +1,37 @@
{ config, lib, pkgs, ... }:
-with lib;
{
- imports = [
- ../3modules/per-user.nix
- ];
-
- lass.per-user.chat.packages = [
+ krebs.per-user.chat.packages = [
pkgs.weechat
pkgs.tmux
];
users.extraUsers.chat = {
home = "/home/chat";
+ uid = 986764891; # genid chat
useDefaultShell = true;
createHome = true;
- openssh.authorizedKeys.keys = map readFile [
- ../../krebs/Zpubkeys/lass.ssh.pub
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.lass.pubkey
];
};
+
+ #systemd.services.chat = {
+ # description = "chat environment setup";
+ # after = [ "network.target" ];
+ # wantedBy = [ "multi-user.target" ];
+
+ # path = with pkgs; [
+ # weechat
+ # tmux
+ # ];
+
+ # restartIfChanged = true;
+
+ # serviceConfig = {
+ # User = "chat";
+ # Restart = "always";
+ # ExecStart = "${pkgs.tmux}/bin/tmux new -s IM weechat";
+ # };
+ #};
}
From a1142b25c62e4009e56b881234829fb734196d93 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 14:57:51 +0100
Subject: [PATCH 038/142] l 1 prism: import weechat.nix
---
lass/1systems/prism.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 85021887f..599f4704e 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -11,6 +11,7 @@ in {
../2configs/git.nix
../2configs/ts3.nix
../2configs/bitlbee.nix
+ ../2configs/weechat.nix
{
users.extraGroups = {
# ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
From e7d22252dcad25fd5594e9a431f5a39aa620906d Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Fri, 13 Nov 2015 14:59:48 +0100
Subject: [PATCH 039/142] shared: add os templates to 2
---
.../os-templates/CAC-CentOS-6.5-64bit.nix | 47 +++++++++++++++++++
.../os-templates/CAC-CentOS-7-64bit.nix | 47 +++++++++++++++++++
2 files changed, 94 insertions(+)
create mode 100644 shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
create mode 100644 shared/2configs/os-templates/CAC-CentOS-7-64bit.nix
diff --git a/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
new file mode 100644
index 000000000..b5ec722a0
--- /dev/null
+++ b/shared/2configs/os-templates/CAC-CentOS-6.5-64bit.nix
@@ -0,0 +1,47 @@
+_:
+
+{
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/VolGroup/lv_root";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/sda1";
+ fsType = "ext4";
+ };
+
+ swapDevices = [
+ { device = "/dev/VolGroup/lv_swap"; }
+ ];
+
+ users.extraGroups = {
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+ # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+ # warning: error(s) occured while switching to the new configuration
+ lock.gid = 10001;
+ };
+}
diff --git a/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix
new file mode 100644
index 000000000..168d1d97b
--- /dev/null
+++ b/shared/2configs/os-templates/CAC-CentOS-7-64bit.nix
@@ -0,0 +1,47 @@
+_:
+
+{
+ boot.loader.grub = {
+ device = "/dev/sda";
+ splashImage = null;
+ };
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "vmw_pvscsi"
+ ];
+
+ fileSystems."/" = {
+ device = "/dev/centos/root";
+ fsType = "xfs";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/sda1";
+ fsType = "xfs";
+ };
+
+ swapDevices = [
+ { device = "/dev/centos/swap"; }
+ ];
+
+ users.extraGroups = {
+ # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
+ # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service)
+ # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago
+ # Docs: man:tmpfiles.d(5)
+ # man:systemd-tmpfiles(8)
+ # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE)
+ # Main PID: 19272 (code=exited, status=1/FAILURE)
+ #
+ # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring.
+ # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE
+ # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories.
+ # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state.
+ # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed.
+ # warning: error(s) occured while switching to the new configuration
+ lock.gid = 10001;
+ };
+}
From 78660ea002d5912eb8d06da1895cc6e34bd5e6eb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 14 Nov 2015 01:48:49 +0100
Subject: [PATCH 040/142] m 1 filepimp: remove legacy imports
---
makefu/1systems/filepimp.nix | 2 --
1 file changed, 2 deletions(-)
diff --git a/makefu/1systems/filepimp.nix b/makefu/1systems/filepimp.nix
index fb1a57552..66ea2ce90 100644
--- a/makefu/1systems/filepimp.nix
+++ b/makefu/1systems/filepimp.nix
@@ -7,8 +7,6 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/default.nix
- ../2configs/fs/vm-single-partition.nix
../2configs/fs/single-partition-ext4.nix
../2configs/tinc-basic-retiolum.nix
];
From 2b9d7bdda10689e8bd8f7ed39830fd274c02457b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 14 Nov 2015 01:49:31 +0100
Subject: [PATCH 041/142] m 1 gum: add swap to server config
---
makefu/1systems/gum.nix | 1 +
makefu/2configs/fs/simple-swap.nix | 11 +++++++++++
2 files changed, 12 insertions(+)
create mode 100644 makefu/2configs/fs/simple-swap.nix
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 8dd347b4f..44ab8c6f8 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -9,6 +9,7 @@ in {
# TODO: copy this config or move to krebs
../2configs/tinc-basic-retiolum.nix
../2configs/headless.nix
+ ../2configs/fs/simple-swap.nix
../2configs/fs/single-partition-ext4.nix
# ../2configs/iodined.nix
diff --git a/makefu/2configs/fs/simple-swap.nix b/makefu/2configs/fs/simple-swap.nix
new file mode 100644
index 000000000..8c161b287
--- /dev/null
+++ b/makefu/2configs/fs/simple-swap.nix
@@ -0,0 +1,11 @@
+_:
+{
+ # do not swap that often
+ boot.kernel.sysctl = {
+ "vm.swappiness" = 25;
+ };
+
+ swapDevices = [
+ { device = "/dev/disk/by-label/swap"; }
+ ];
+}
From 79b890670100d08c3640fffade2caf3eced192d8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 14 Nov 2015 01:50:24 +0100
Subject: [PATCH 042/142] m 2 vbox: up version number
---
makefu/2configs/main-laptop.nix | 2 +-
makefu/2configs/virtualization-virtualbox.nix | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index 294ee7510..dfc8c1c07 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -12,7 +12,7 @@ with lib;
firefox
chromium
keepassx
-
+ ntfs3g
virtmanager
at_spi2_core # dep for virtmanager?
];
diff --git a/makefu/2configs/virtualization-virtualbox.nix b/makefu/2configs/virtualization-virtualbox.nix
index 610b63732..aaabcd50e 100644
--- a/makefu/2configs/virtualization-virtualbox.nix
+++ b/makefu/2configs/virtualization-virtualbox.nix
@@ -2,11 +2,11 @@
let
mainUser = config.krebs.build.user;
- version = "5.0.4";
- rev = "102546";
+ version = "5.0.6";
+ rev = "103037";
vboxguestpkg = pkgs.fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/Oracle_VM_VirtualBox_Extension_Pack-${version}-${rev}.vbox-extpack";
- sha256 = "1ykwpjvfgj11iwhx70bh2hbxhyy3hg6rnqzl4qac7xzg8xw8wqg4";
+ sha256 = "1dc70x2m7x266zzw5vw36mxqj7xykkbk357fc77f9zrv4lylzvaf";
};
in {
#inherit vboxguestpkg;
From 452f8d8e23b14d10158e748c222228a6704f9a11 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 14 Nov 2015 14:11:38 +0100
Subject: [PATCH 043/142] l 3: remove bitlbee
---
lass/3modules/bitlbee.nix | 153 --------------------------------------
lass/3modules/default.nix | 1 -
2 files changed, 154 deletions(-)
delete mode 100644 lass/3modules/bitlbee.nix
diff --git a/lass/3modules/bitlbee.nix b/lass/3modules/bitlbee.nix
deleted file mode 100644
index 8ce560146..000000000
--- a/lass/3modules/bitlbee.nix
+++ /dev/null
@@ -1,153 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-
-let
-
- inherit (lib)
- mkIf
- mkOption
- types
- singleton
- ;
-
- authModeCheck = v:
- v == "Open" ||
- v == "Closed" ||
- v == "Registered"
- ;
-
- bitlbeeConfig = pkgs.writeText "bitlbee.conf" ''
- [settings]
- RunMode = Daemon
- User = bitlbee
- ConfigDir = ${cfg.configDir}
- DaemonInterface = ${cfg.interface}
- DaemonPort = ${toString cfg.portNumber}
- AuthMode = ${cfg.authMode}
- ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"}
- ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"}
- ${cfg.extraSettings}
-
- [defaults]
- ${cfg.extraDefaults}
- '';
-
- cfg = config.lass.bitlbee;
-
- out = {
- options.lass.bitlbee = api;
- config = mkIf cfg.enable imp;
- };
-
- api = {
- enable = mkOption {
- default = false;
- description = ''
- Whether to run the BitlBee IRC to other chat network gateway.
- Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat
- networks via an IRC client.
- '';
- };
-
- interface = mkOption {
- default = "127.0.0.1";
- description = ''
- The interface the BitlBee deamon will be listening to. If `127.0.0.1',
- only clients on the local host can connect to it; if `0.0.0.0', clients
- can access it from any network interface.
- '';
- };
-
- portNumber = mkOption {
- default = 6667;
- description = ''
- Number of the port BitlBee will be listening to.
- '';
- };
-
- authMode = mkOption {
- default = "Open";
- type = types.addCheck types.str authModeCheck;
- description = ''
- The following authentication modes are available:
- Open -- Accept connections from anyone, use NickServ for user authentication.
- Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all.
- Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
- '';
- };
-
- hostName = mkOption {
- default = "";
- type = types.str;
- description = ''
- Normally, BitlBee gets a hostname using getsockname(). If you have a nicer
- alias for your BitlBee daemon, you can set it here and BitlBee will identify
- itself with that name instead.
- '';
- };
-
- configDir = mkOption {
- default = "/var/lib/bitlbee";
- type = types.path;
- description = ''
- Specify an alternative directory to store all the per-user configuration
- files.
- '';
- };
-
- protocols = mkOption {
- default = "";
- type = types.str;
- description = ''
- This option allows to remove the support of protocol, even if compiled
- in. If nothing is given, there are no restrictions.
- '';
- };
-
- extraSettings = mkOption {
- default = "";
- description = ''
- Will be inserted in the Settings section of the config file.
- '';
- };
-
- extraDefaults = mkOption {
- default = "";
- description = ''
- Will be inserted in the Default section of the config file.
- '';
- };
-
- bitlbeePkg = mkOption {
- default = pkgs.bitlbee;
- description = ''
- the bitlbee pkg to use.
- '';
- };
- };
-
- imp = {
- users.extraUsers = singleton {
- name = "bitlbee";
- uid = config.ids.uids.bitlbee;
- description = "BitlBee user";
- home = "/var/lib/bitlbee";
- createHome = true;
- };
-
- users.extraGroups = singleton {
- name = "bitlbee";
- gid = config.ids.gids.bitlbee;
- };
-
- systemd.services.bitlbee = {
- description = "BitlBee IRC to other chat networks gateway";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig.User = "bitlbee";
- serviceConfig.ExecStart = "${cfg.bitlbeePkg}/sbin/bitlbee -F -n -c ${bitlbeeConfig}";
- };
- };
-
-in
-out
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 7c85af3a4..0dcad971c 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -2,7 +2,6 @@ _:
{
imports = [
./xresources.nix
- ./bitlbee.nix
./folderPerms.nix
./newsbot-js.nix
./per-user.nix
From d0a573c4c514ca0bd64c3ed8b0dd265129010969 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 14 Nov 2015 17:54:08 +0100
Subject: [PATCH 044/142] k 3 l: bump echelon internet addr
---
krebs/3modules/lass/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index c99263fe8..26b0947bb 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -9,7 +9,7 @@ with lib;
dc = "lass"; #dc = "cac";
nets = rec {
internet = {
- addrs4 = ["167.88.34.158"];
+ addrs4 = ["162.252.241.33"];
aliases = [
"echelon.internet"
];
From ff3dc90d1c1ced94bf4105febee7cb9afd687064 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 14 Nov 2015 17:54:45 +0100
Subject: [PATCH 045/142] l 3 dnsmasq: remove dead code
---
lass/3modules/dnsmasq.nix | 7 -------
1 file changed, 7 deletions(-)
diff --git a/lass/3modules/dnsmasq.nix b/lass/3modules/dnsmasq.nix
index 99c165479..83a9cb180 100644
--- a/lass/3modules/dnsmasq.nix
+++ b/lass/3modules/dnsmasq.nix
@@ -25,13 +25,6 @@ let
configFile = pkgs.writeText "dnsmasq.conf" cfg.config;
imp = {
- #users.extraUsers.go = {
- # name = "go";
- # uid = 42774411; #genid go
- # description = "go url shortener user";
- # home = "/var/lib/go";
- # createHome = true;
- #};
systemd.services.dnsmasq = {
description = "dnsmasq";
From 48c9789141957c0c65dcb4df5a0e22d6002cafd3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 12:16:51 +0100
Subject: [PATCH 046/142] apt-cacher-ng: init package and module
once apt-cacher-ng arrives in nixos stable it will be removed from stockholm
---
krebs/3modules/apt-cacher-ng.nix | 155 ++++++++++++++++++++++++++
krebs/5pkgs/apt-cacher-ng/default.nix | 21 ++++
2 files changed, 176 insertions(+)
create mode 100644 krebs/3modules/apt-cacher-ng.nix
create mode 100644 krebs/5pkgs/apt-cacher-ng/default.nix
diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
new file mode 100644
index 000000000..c2c2f2661
--- /dev/null
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -0,0 +1,155 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ acng-config = pkgs.writeTextFile {
+ name = "acng-configuration";
+ destination = "/acng.conf";
+ text = ''
+ ForeGround: 1
+ CacheDir: ${cfg.cacheDir}
+ LogDir: ${cfg.logDir}
+ PidFile: /var/run/apt-cacher-ng.pid
+ ExTreshold: ${toString cfg.cacheExpiration}
+
+ Port: ${toString cfg.port}
+ BindAddress: ${cfg.bindAddress}
+
+ # defaults:
+ Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian
+ Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
+ Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol
+ Remap-cygwin: file:cygwin_mirrors /cygwin
+ Remap-sfnet: file:sfnet_mirrors
+ Remap-alxrep: file:archlx_mirrors /archlinux
+ Remap-fedora: file:fedora_mirrors
+ Remap-epel: file:epel_mirrors
+ Remap-slrep: file:sl_mirrors # Scientific Linux
+ Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo
+
+ ReportPage: acng-report.html
+ SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng
+ LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng
+
+ # Nix cache
+ ${optionalString cfg.enableNixCache ''
+ Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org
+ PfilePatternEx: (^|.*?/).*\.narinfo(|\.gz|\.xz|\.bz2)$
+ VfilePatternEx: (^|.*?/)nix-cache-info$
+ ''}
+
+ ${cfg.extraConfig}
+ ''; };
+
+ acng-home = "/var/cache/acng";
+ cfg = config.krebs.apt-cacher-ng;
+
+ api = {
+ enable = mkEnableOption "apt-cacher-ng";
+
+ cacheDir = mkOption {
+ default = acng-home + "/cache";
+ type = types.str;
+ description = ''
+ Path to apt-cacher-ng cache directory.
+ Will be created and chowned to acng-user
+ '';
+ };
+
+ logDir = mkOption {
+ default = acng-home + "/log";
+ type = types.str;
+ description = ''
+ Path to apt-cacher-ng log directory.
+ Will be created and chowned to acng-user
+ '';
+ };
+
+ port = mkOption {
+ default = 3142;
+ type = types.int;
+ description = ''
+ port of apt-cacher-ng
+ '';
+ };
+
+ bindAddress = mkOption {
+ default = "";
+ type = types.str;
+ example = "localhost 192.168.7.254 publicNameOnMainInterface";
+ description = ''
+ listen address of apt-cacher-ng. Defaults to every interface.
+ '';
+ };
+
+ cacheExpiration = mkOption {
+ default = 4;
+ type = types.int;
+ description = ''
+ number of days before packages expire in the cache without being
+ requested.
+ '';
+ };
+
+ enableNixCache = mkOption {
+ default = true;
+ type = types.bool;
+ description = ''
+ enable cache.nixos.org caching via PfilePatternEx and VfilePatternEx.
+
+ to use the apt-cacher-ng in your nixos configuration:
+ nix.binary-cache = [ http://acng-host:port/nixos ];
+
+ These options cannot be used in extraConfig, use SVfilePattern and
+ SPfilePattern or disable this option.
+ '';
+ };
+
+ extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ description = ''
+ extra config appended to the generated acng.conf
+ '';
+ };
+ };
+
+ imp = {
+
+ users.extraUsers.acng = {
+ # uid = config.ids.uids.acng;
+ uid = 897955083; #genid Reaktor
+ description = "apt-cacher-ng";
+ home = acng-home;
+ createHome = false;
+ };
+
+ users.extraGroups.acng = {
+ gid = 897955083; #genid Reaktor
+ # gid = config.ids.gids.Reaktor;
+ };
+
+ systemd.services.apt-cacher-ng = {
+ description = "apt-cacher-ng";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ PermissionsStartOnly = true;
+ ExecStartPre = pkgs.writeScript "acng-init" ''
+ #!/bin/sh
+ mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
+ chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
+ '';
+ ExecStart = "${pkgs.apt-cacher-ng}/bin/apt-cacher-ng -c ${acng-config}";
+ PrivateTmp = "true";
+ User = "acng";
+ Restart = "always";
+ RestartSec = "10";
+ };
+ };
+ };
+in
+{
+ options.krebs.apt-cacher-ng = api;
+ config = mkIf cfg.enable imp;
+}
diff --git a/krebs/5pkgs/apt-cacher-ng/default.nix b/krebs/5pkgs/apt-cacher-ng/default.nix
new file mode 100644
index 000000000..f253cdba0
--- /dev/null
+++ b/krebs/5pkgs/apt-cacher-ng/default.nix
@@ -0,0 +1,21 @@
+{ stdenv, fetchurl, cmake, doxygen, zlib, openssl, bzip2, pkgconfig, libpthreadstubs }:
+
+stdenv.mkDerivation rec {
+ name = "apt-cacher-ng-${version}";
+ version = "0.8.6";
+
+ src = fetchurl {
+ url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz";
+ sha256 = "0044dfks8djl11fs28jj8894i4rq424xix3d3fkvzz2i6lnp8nr5";
+ };
+
+ NIX_LDFLAGS = "-lpthread";
+ buildInputs = [ doxygen cmake zlib openssl bzip2 pkgconfig libpthreadstubs ];
+
+ meta = {
+ description = "A caching proxy specialized for linux distribution files";
+ homepage = http://www.unix-ag.uni-kl.de/~bloch/acng/;
+ license = stdenv.lib.licenses.gpl2;
+ maintainers = [ stdenv.lib.maintainers.makefu ];
+ };
+}
From 4c26fb9383a822309c05523774c9f7bebfbb5201 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 13:29:56 +0100
Subject: [PATCH 047/142] k 3 apt-cacher-ng: fix whitespace
---
krebs/3modules/apt-cacher-ng.nix | 59 ++++++++++++++++----------------
1 file changed, 30 insertions(+), 29 deletions(-)
diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
index c2c2f2661..9224c72a0 100644
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -6,40 +6,41 @@ let
name = "acng-configuration";
destination = "/acng.conf";
text = ''
- ForeGround: 1
- CacheDir: ${cfg.cacheDir}
- LogDir: ${cfg.logDir}
- PidFile: /var/run/apt-cacher-ng.pid
- ExTreshold: ${toString cfg.cacheExpiration}
+ ForeGround: 1
+ CacheDir: ${cfg.cacheDir}
+ LogDir: ${cfg.logDir}
+ PidFile: /var/run/apt-cacher-ng.pid
+ ExTreshold: ${toString cfg.cacheExpiration}
- Port: ${toString cfg.port}
- BindAddress: ${cfg.bindAddress}
+ Port: ${toString cfg.port}
+ BindAddress: ${cfg.bindAddress}
- # defaults:
- Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian
- Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
- Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol
- Remap-cygwin: file:cygwin_mirrors /cygwin
- Remap-sfnet: file:sfnet_mirrors
- Remap-alxrep: file:archlx_mirrors /archlinux
- Remap-fedora: file:fedora_mirrors
- Remap-epel: file:epel_mirrors
- Remap-slrep: file:sl_mirrors # Scientific Linux
- Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo
+ # defaults:
+ Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian
+ Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu
+ Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol
+ Remap-cygwin: file:cygwin_mirrors /cygwin
+ Remap-sfnet: file:sfnet_mirrors
+ Remap-alxrep: file:archlx_mirrors /archlinux
+ Remap-fedora: file:fedora_mirrors
+ Remap-epel: file:epel_mirrors
+ Remap-slrep: file:sl_mirrors # Scientific Linux
+ Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo
- ReportPage: acng-report.html
- SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng
- LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng
+ ReportPage: acng-report.html
+ SupportDir: ${pkgs.apt-cacher-ng}/lib/apt-cacher-ng
+ LocalDirs: acng-doc ${pkgs.apt-cacher-ng}/share/doc/apt-cacher-ng
- # Nix cache
- ${optionalString cfg.enableNixCache ''
- Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org
- PfilePatternEx: (^|.*?/).*\.narinfo(|\.gz|\.xz|\.bz2)$
- VfilePatternEx: (^|.*?/)nix-cache-info$
- ''}
+ # Nix cache
+ ${optionalString cfg.enableNixCache ''
+ Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org
+ PfilePatternEx: (^|.*?/).*\.narinfo(|\.gz|\.xz|\.bz2)$
+ VfilePatternEx: (^|.*?/)nix-cache-info$
+ ''}
- ${cfg.extraConfig}
- ''; };
+ ${cfg.extraConfig}
+ '';
+ };
acng-home = "/var/cache/acng";
cfg = config.krebs.apt-cacher-ng;
From 5a450ad787a4738d2338c1e6e2709a680ceeb413 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 13:49:29 +0100
Subject: [PATCH 048/142] apt-cacher-ng is imported by krebs modules
---
krebs/3modules/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6d62b2e38..a627d5657 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -6,6 +6,7 @@ let
out = {
imports = [
+ ./apt-cacher-ng.nix
./bepasty-server.nix
./build.nix
./current.nix
From b69dcc6086c16ae996575bb00a1f55a14c26b63e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 13:54:55 +0100
Subject: [PATCH 049/142] m 1 gum: add ssh repo
---
makefu/1systems/gum.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index d8b7ed5f9..63ad18339 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -12,6 +12,7 @@ in {
../2configs/fs/simple-swap.nix
../2configs/fs/single-partition-ext4.nix
# ../2configs/iodined.nix
+ ../2configs/git/cgit-retiolum.nix
];
From 4fec1920fb8fb9392c7a5c363a8392230eb64de8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 13:55:30 +0100
Subject: [PATCH 050/142] m 2 git: fix library and irc hooks
---
makefu/2configs/git/brain-retiolum.nix | 4 +--
makefu/2configs/git/cgit-retiolum.nix | 50 +++++++++++++++++---------
2 files changed, 35 insertions(+), 19 deletions(-)
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
index 793373859..066d50a28 100644
--- a/makefu/2configs/git/brain-retiolum.nix
+++ b/makefu/2configs/git/brain-retiolum.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
# TODO: remove tv lib :)
-with import ../../../tv/4lib { inherit lib pkgs; };
+with lib;
let
repos = priv-repos // krebs-repos ;
@@ -26,7 +26,7 @@ let
inherit name desc;
public = false;
hooks = {
- post-receive = git.irc-announce {
+ post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
channel = "#retiolum";
# TODO remove the hardcoded hostname
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 189dd66c8..748cd6427 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -1,10 +1,12 @@
{ config, lib, pkgs, ... }:
# TODO: remove tv lib :)
-with import ../../../tv/4lib { inherit lib pkgs; };
+with lib;
let
- repos = priv-repos // krebs-repos ;
- rules = concatMap krebs-rules (attrValues krebs-repos) ++ concatMap priv-rules (attrValues priv-repos);
+ repos = priv-repos // krebs-repos // connector-repos ;
+ rules = concatMap krebs-rules (attrValues krebs-repos)
+ ++ concatMap priv-rules (attrValues priv-repos)
+ ++ concatMap connector-rules (attrValues connector-repos);
krebs-repos = mapAttrs make-krebs-repo {
stockholm = {
@@ -19,6 +21,10 @@ let
autosync = { };
};
+ connector-repos = mapAttrs make-priv-repo {
+ autosync = { };
+ };
+
# TODO move users to separate module
make-priv-repo = name: { desc ? null, ... }: {
@@ -40,12 +46,19 @@ let
};
};
- set-owners = with git;repo: user:
- singleton {
- inherit user;
- repo = [ repo ];
- perm = push "refs/*" [ non-fast-forward create delete merge ];
- };
+
+
+ # TODO: get the list of all krebsministers
+ krebsminister = with config.krebs.users; [ lass tv uriel ];
+ all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
+ exco = with config.krebs.users; [ exco ];
+
+ priv-rules = repo: set-owners repo all-makefu;
+
+ connector-rules = repo: set-owners repo (all-makefu ++ exco);
+
+ krebs-rules = repo:
+ set-owners repo all-makefu ++ set-ro-access repo krebsminister;
set-ro-access = with git; repo: user:
optional repo.public {
@@ -54,14 +67,12 @@ let
perm = fetch;
};
- # TODO: get the list of all krebsministers
- krebsminister = with config.krebs.users; [ lass tv uriel ];
- all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
-
- priv-rules = repo: set-owners repo all-makefu;
-
- krebs-rules = repo:
- set-owners repo all-makefu ++ set-ro-access repo krebsminister;
+ set-owners = with git;repo: user:
+ singleton {
+ inherit user;
+ repo = [ repo ];
+ perm = push "refs/*" [ non-fast-forward create delete merge ];
+ };
in {
imports = [{
@@ -73,6 +84,11 @@ in {
name = "makefu-tsp" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
};
+
+ krebs.users.exco = {
+ name = "exco" ;
+ pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub;
+ };
}];
krebs.git = {
enable = true;
From a4ab19181b312a64a14f7da694e994959ce2b147 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 13:57:43 +0100
Subject: [PATCH 051/142] shared 2 base: add makefu_omo to allowed pubkeys
---
shared/2configs/base.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix
index c9f4ffa8d..df41eae1a 100644
--- a/shared/2configs/base.nix
+++ b/shared/2configs/base.nix
@@ -64,6 +64,8 @@ with lib;
# TODO
config.krebs.users.lass.pubkey
config.krebs.users.makefu.pubkey
+ # TODO HARDER:
+ (readFile ../../krebs/Zpubkeys/makefu_omo.ssh.pub)
config.krebs.users.tv.pubkey
];
From 5aed0a395b2f78216bc02a7178527034bb079d28 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 22:15:07 +0100
Subject: [PATCH 052/142] shared wolf: static ip, fix todo
---
krebs/3modules/default.nix | 1 +
krebs/3modules/shared/default.nix | 15 ++++++++++-----
shared/1systems/wolf.nix | 21 ++++++++++++++++++++-
shared/2configs/shack-drivedroid.nix | 18 ++++++++++++++++++
shared/2configs/shack-nix-cacher.nix | 25 +++++++++++++++++++++++++
5 files changed, 74 insertions(+), 6 deletions(-)
create mode 100644 shared/2configs/shack-drivedroid.nix
create mode 100644 shared/2configs/shack-nix-cacher.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index a627d5657..ce52c148c 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -86,6 +86,7 @@ let
krebs.dns.providers = {
de.krebsco = "zones";
gg23 = "hosts";
+ shack = "hosts";
internet = "hosts";
retiolum = "hosts";
};
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index 13aae886b..d5bce469b 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -33,12 +33,17 @@ let
in {
hosts = addNames {
wolf = {
- #dc = "shack";
+ dc = "shack";
nets = {
- #shack = {
- # addrs4 = [ TODO ];
- # aliases = ["wolf.shack"];
- #};
+ shack = {
+ addrs4 = [ "10.42.2.136" ];
+ aliases = [
+ "wolf.shack"
+ "graphite.shack"
+ "acng.shack"
+ "drivedroid.shack"
+ ];
+ };
retiolum = {
addrs4 = ["10.243.77.1"];
addrs6 = ["42:0:0:0:0:0:77:1"];
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 4fe3388c8..30e6e1d07 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -1,12 +1,31 @@
{ config, lib, pkgs, ... }:
+let
+ shack-ip = lib.head config.krebs.build.host.nets.shack.addrs4;
+ internal-ip = lib.head config.krebs.build.host.nets.retiolum.addrs4;
+in
{
imports = [
../2configs/base.nix
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/collectd-base.nix
+ ../2configs/shack-nix-cacher.nix
+ ../2configs/shack-drivedroid.nix
];
+ networking = {
+ interfaces.eth0.ip4 = [{
+ address = shack-ip;
+ prefixLength = 20;
+ }];
+
+ defaultGateway = "10.42.0.1";
+ nameservers = [ "8.8.8.8" ];
+ };
+
+ #####################
+ # uninteresting stuff
+ #####################
krebs.build.host = config.krebs.hosts.wolf;
# TODO rename shared user to "krebs"
krebs.build.user = config.krebs.users.shared;
@@ -31,7 +50,7 @@
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
swapDevices = [
- { device = "/dev/disk/by-label/swap"; }
+ { device = "/dev/disk/by-label/swap"; }
];
time.timeZone = "Europe/Berlin";
diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix
new file mode 100644
index 000000000..294f3a369
--- /dev/null
+++ b/shared/2configs/shack-drivedroid.nix
@@ -0,0 +1,18 @@
+{ pkgs, lib, ... }:
+
+{
+ krebs.nginx = {
+ enable = lib.mkDefault true;
+ servers = {
+ drivedroid-repo = {
+ server-names = [ "drivedroid.shack" ];
+ # TODO: prepare this somehow
+ locations = lib.singleton (lib.nameValuePair "/" ''
+ root /var/srv/drivedroid
+ index main.json
+ '');
+ };
+ };
+ };
+
+}
diff --git a/shared/2configs/shack-nix-cacher.nix b/shared/2configs/shack-nix-cacher.nix
new file mode 100644
index 000000000..7519bb3ac
--- /dev/null
+++ b/shared/2configs/shack-nix-cacher.nix
@@ -0,0 +1,25 @@
+{ pkgs, lib, ... }:
+
+{
+ krebs.nginx = {
+ enable = lib.mkDefault true;
+ servers = {
+ apt-cacher-ng = {
+ server-names = [ "acng.shack" ];
+ locations = lib.singleton (lib.nameValuePair "/" ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:3142/;
+ '');
+ };
+ };
+ };
+
+ krebs.apt-cacher-ng = {
+ enable = true;
+ port = 3142;
+ bindAddress = "localhost";
+ cacheExpiration = 30;
+ };
+}
From 7346527c4f0444d33f8c6eda353cad94cecd930f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 22:15:31 +0100
Subject: [PATCH 053/142] pubkeys: add exco
---
krebs/Zpubkeys/exco.ssh.pub | 1 +
1 file changed, 1 insertion(+)
create mode 100644 krebs/Zpubkeys/exco.ssh.pub
diff --git a/krebs/Zpubkeys/exco.ssh.pub b/krebs/Zpubkeys/exco.ssh.pub
new file mode 100644
index 000000000..e2afcf3fb
--- /dev/null
+++ b/krebs/Zpubkeys/exco.ssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com
From b2ac9b092a36c3196469099c73c64c8ca6626be0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 22:16:55 +0100
Subject: [PATCH 054/142] makefu: fix cgit for wry, add gc to wry
---
makefu/1systems/wry.nix | 8 ++++++--
makefu/2configs/git/cgit-retiolum.nix | 23 ++++++++++++-----------
2 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index cd39b4b9f..cd2b3f657 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -24,11 +24,11 @@ in {
# other nginx
../2configs/nginx/euer.wiki.nix
../2configs/nginx/euer.blog.nix
+ ../2configs/nginx/euer.test.nix
# collectd
../2configs/collectd/collectd-base.nix
];
-
krebs.build.host = config.krebs.hosts.wry;
krebs.Reaktor.enable = true;
@@ -73,5 +73,9 @@ in {
nameservers = [ "8.8.8.8" ];
};
- environment.systemPackages = [ pkgs.translate-shell ];
+ # small machine - do not forget to gc every day
+ nix.gc.automatic = true;
+ nix.gc.dates = "03:10";
+
+ environment.systemPackages = [ ];
}
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 748cd6427..e12827697 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -22,7 +22,7 @@ let
};
connector-repos = mapAttrs make-priv-repo {
- autosync = { };
+ connector = { };
};
@@ -36,7 +36,7 @@ let
inherit name desc;
public = true;
hooks = {
- post-receive = git.irc-announce {
+ post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
verbose = config.krebs.build.host.name == "pnp";
channel = "#retiolum";
@@ -51,11 +51,11 @@ let
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv uriel ];
all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
- exco = with config.krebs.users; [ exco ];
+ all-exco = with config.krebs.users; [ exco ];
priv-rules = repo: set-owners repo all-makefu;
- connector-rules = repo: set-owners repo (all-makefu ++ exco);
+ connector-rules = repo: set-owners repo all-makefu ++ set-owners repo all-exco;
krebs-rules = repo:
set-owners repo all-makefu ++ set-ro-access repo krebsminister;
@@ -76,18 +76,19 @@ let
in {
imports = [{
- krebs.users.makefu-omo = {
+ krebs.users = {
+ makefu-omo = {
name = "makefu-omo" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
- };
- krebs.users.makefu-tsp = {
+ };
+ makefu-tsp = {
name = "makefu-tsp" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
- };
-
- krebs.users.exco = {
- name = "exco" ;
+ };
+ exco = {
+ name = "exco";
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub;
+ };
};
}];
krebs.git = {
From 9e2ac199d52d84fd615894068d15edb2a511301f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 22:18:32 +0100
Subject: [PATCH 055/142] k 5 drivedroid-gen-repo: init at 0.4.2
---
krebs/5pkgs/drivedroid-gen-repo/default.nix | 22 +++++++++++++++++++++
1 file changed, 22 insertions(+)
create mode 100644 krebs/5pkgs/drivedroid-gen-repo/default.nix
diff --git a/krebs/5pkgs/drivedroid-gen-repo/default.nix b/krebs/5pkgs/drivedroid-gen-repo/default.nix
new file mode 100644
index 000000000..087f97c9a
--- /dev/null
+++ b/krebs/5pkgs/drivedroid-gen-repo/default.nix
@@ -0,0 +1,22 @@
+{stdenv,fetchurl,pkgs,python3Packages, ... }:
+
+python3Packages.buildPythonPackage rec {
+ name = "drivedroid-gen-repo-${version}";
+ version = "0.4.2";
+
+ propagatedBuildInputs = with pkgs;[
+ python3Packages.docopt
+ ];
+
+ src = fetchurl {
+ url = "https://pypi.python.org/packages/source/d/drivedroid-gen-repo/drivedroid-gen-repo-${version}.tar.gz";
+ sha256 = "1w4dqc9ndyiv5kjh2y8n4p4c280vhqyj8s7y6al2klchcp2ab7q7";
+ };
+
+ meta = {
+ homepage = http://krebsco.de/;
+ description = "Generate Drivedroid repos";
+ license = stdenv.lib.licenses.wtfpl;
+ };
+}
+
From b8dea556e9ccaa999ccb8c18cab730ce535cd873 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 22:26:11 +0100
Subject: [PATCH 056/142] k 3 shared: shack ip was already in use
---
krebs/3modules/shared/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/shared/default.nix b/krebs/3modules/shared/default.nix
index d5bce469b..b332676c6 100644
--- a/krebs/3modules/shared/default.nix
+++ b/krebs/3modules/shared/default.nix
@@ -36,7 +36,7 @@ in {
dc = "shack";
nets = {
shack = {
- addrs4 = [ "10.42.2.136" ];
+ addrs4 = [ "10.42.2.150" ];
aliases = [
"wolf.shack"
"graphite.shack"
From a3e074094b8c260825b0ae4caeb2170e562019a5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 23:03:21 +0100
Subject: [PATCH 057/142] k 3 apt-cacher-ng: add CAfile
---
krebs/3modules/apt-cacher-ng.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
index 9224c72a0..6f0ff8159 100644
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -11,6 +11,7 @@ let
LogDir: ${cfg.logDir}
PidFile: /var/run/apt-cacher-ng.pid
ExTreshold: ${toString cfg.cacheExpiration}
+ CAfile: ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
Port: ${toString cfg.port}
BindAddress: ${cfg.bindAddress}
From 0f54a195b7d1a3b02bd70c31c2d05c2a1dc186bd Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 23:11:29 +0100
Subject: [PATCH 058/142] acng: also add nar files to cache
---
krebs/3modules/apt-cacher-ng.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
index 6f0ff8159..75296bafb 100644
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -35,7 +35,7 @@ let
# Nix cache
${optionalString cfg.enableNixCache ''
Remap-nix: http://cache.nixos.org /nixos ; https://cache.nixos.org
- PfilePatternEx: (^|.*?/).*\.narinfo(|\.gz|\.xz|\.bz2)$
+ PfilePatternEx: (^|.*?/).*\.nar(info)?(|\.gz|\.xz|\.bz2)$
VfilePatternEx: (^|.*?/)nix-cache-info$
''}
From 7e4eefa91bb3d06baf8c2bd53c26d5b5337b66d8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 23:11:55 +0100
Subject: [PATCH 059/142] s 2 drivedroid: fix syntax error
---
shared/2configs/shack-drivedroid.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix
index 294f3a369..44b62a807 100644
--- a/shared/2configs/shack-drivedroid.nix
+++ b/shared/2configs/shack-drivedroid.nix
@@ -8,8 +8,8 @@
server-names = [ "drivedroid.shack" ];
# TODO: prepare this somehow
locations = lib.singleton (lib.nameValuePair "/" ''
- root /var/srv/drivedroid
- index main.json
+ root /var/srv/drivedroid;
+ index main.json;
'');
};
};
From e4c46c2ec22613830c5839001550f5fa155e260d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 17 Nov 2015 23:13:09 +0100
Subject: [PATCH 060/142] shared 1 wolf: add self to binaryCache
---
shared/1systems/wolf.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 30e6e1d07..8c5295bb3 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -12,8 +12,12 @@ in
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
];
+ # use your own binary cache, fallback use cache.nixos.org (which is used by
+ # apt-cacher-ng in first place)
+ nix.binaryCaches = [ "http://localhost:3142/nixos" "https://cache.nixos.org" ];
networking = {
+ firewall.enable = false;
interfaces.eth0.ip4 = [{
address = shack-ip;
prefixLength = 20;
From a8d007868342517c235963a8ab13cff7c0e5d59e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 18 Nov 2015 14:05:54 +0100
Subject: [PATCH 061/142] unstable -> s 2 shack-drivedroid
---
shared/2configs/shack-drivedroid.nix | 30 +++++++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix
index 44b62a807..66940bc08 100644
--- a/shared/2configs/shack-drivedroid.nix
+++ b/shared/2configs/shack-drivedroid.nix
@@ -1,6 +1,30 @@
-{ pkgs, lib, ... }:
-
+{ pkgs, lib, config, ... }:
+let
+ repodir = "/var/srv/drivedroid";
+ srepodir = lib.shell.escape repodir;
+in
{
+ systemd.paths.drivedroid = {
+ wantedBy = [ "multi-user.target" ];
+ Description = "triggers for changes in drivedroid dir";
+ pathConfig = {
+ PathModified = repodir;
+ };
+ };
+
+ systemd.services.drivedroid = {
+ ServiceConfig = {
+ ExecStartPre = pkgs.writeScript "prepare-drivedroid-repo-gen" ''
+ #!/bin/sh
+ mkdir -p ${srepodir}/repos
+ '';
+ ExecStart = pkgs.writeScript "start-drivedroid-repo-gen" ''
+ #!/bin/sh
+ {pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json"
+ '';
+ };
+ };
+
krebs.nginx = {
enable = lib.mkDefault true;
servers = {
@@ -8,7 +32,7 @@
server-names = [ "drivedroid.shack" ];
# TODO: prepare this somehow
locations = lib.singleton (lib.nameValuePair "/" ''
- root /var/srv/drivedroid;
+ root ${repodir};
index main.json;
'');
};
From e28930340b9d84710cc579897aabffe6a1931ca8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 22 Nov 2015 13:19:36 +0100
Subject: [PATCH 062/142] k 5 cacpy: init at 0.6.0
---
krebs/5pkgs/cacpy/default.nix | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 krebs/5pkgs/cacpy/default.nix
diff --git a/krebs/5pkgs/cacpy/default.nix b/krebs/5pkgs/cacpy/default.nix
new file mode 100644
index 000000000..a367aefb1
--- /dev/null
+++ b/krebs/5pkgs/cacpy/default.nix
@@ -0,0 +1,20 @@
+{pkgs, python3Packages, ...}:
+
+python3Packages.buildPythonPackage rec {
+ name = "cacpy-${version}";
+ version = "0.6.5";
+
+ src = pkgs.fetchFromGitHub {
+ owner = "makefu";
+ repo = "python-cloudatcost";
+ rev = "2bb4f940d4762938c06da380cd14767eafb171c9";
+ sha256 = "1zl73q5iap76wfwjzvc25yqdrlmy9vqd7g4k31g5ig2ljy6sgwgc";
+ };
+
+ propagatedBuildInputs = with python3Packages; [
+ docopt
+ requests2
+ beautifulsoup4
+ ];
+}
+
From f12ded12c688e6641f81caae42010affb85a67f6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 23 Nov 2015 07:53:42 +0100
Subject: [PATCH 063/142] k 5: cacpy -> cacpanel
---
krebs/5pkgs/cacpanel/default.nix | 18 ++++++++++++++++++
krebs/5pkgs/cacpy/default.nix | 20 --------------------
2 files changed, 18 insertions(+), 20 deletions(-)
create mode 100644 krebs/5pkgs/cacpanel/default.nix
delete mode 100644 krebs/5pkgs/cacpy/default.nix
diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix
new file mode 100644
index 000000000..55d1e2ca8
--- /dev/null
+++ b/krebs/5pkgs/cacpanel/default.nix
@@ -0,0 +1,18 @@
+{pkgs, python3Packages, ...}:
+
+python3Packages.buildPythonPackage rec {
+ name = "cacpanel-${version}";
+ version = "0.2.0";
+
+ src = pkgs.fetchurl {
+ url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
+ sha256 = "1rcylbiy6488lpw4s4bildb48fljdq9kn12ksjrl81shmhhq9fcj";
+ };
+
+ propagatedBuildInputs = with python3Packages; [
+ docopt
+ requests2
+ beautifulsoup4
+ ];
+}
+
diff --git a/krebs/5pkgs/cacpy/default.nix b/krebs/5pkgs/cacpy/default.nix
deleted file mode 100644
index a367aefb1..000000000
--- a/krebs/5pkgs/cacpy/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{pkgs, python3Packages, ...}:
-
-python3Packages.buildPythonPackage rec {
- name = "cacpy-${version}";
- version = "0.6.5";
-
- src = pkgs.fetchFromGitHub {
- owner = "makefu";
- repo = "python-cloudatcost";
- rev = "2bb4f940d4762938c06da380cd14767eafb171c9";
- sha256 = "1zl73q5iap76wfwjzvc25yqdrlmy9vqd7g4k31g5ig2ljy6sgwgc";
- };
-
- propagatedBuildInputs = with python3Packages; [
- docopt
- requests2
- beautifulsoup4
- ];
-}
-
From 42347456453b864d83d26ec952cfb770095d0a81 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 25 Nov 2015 22:00:54 +0100
Subject: [PATCH 064/142] k 5 drivedroid-gen-repo: bump version
---
krebs/5pkgs/drivedroid-gen-repo/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/drivedroid-gen-repo/default.nix b/krebs/5pkgs/drivedroid-gen-repo/default.nix
index 087f97c9a..de8046c4a 100644
--- a/krebs/5pkgs/drivedroid-gen-repo/default.nix
+++ b/krebs/5pkgs/drivedroid-gen-repo/default.nix
@@ -2,7 +2,7 @@
python3Packages.buildPythonPackage rec {
name = "drivedroid-gen-repo-${version}";
- version = "0.4.2";
+ version = "0.4.4";
propagatedBuildInputs = with pkgs;[
python3Packages.docopt
@@ -10,7 +10,7 @@ python3Packages.buildPythonPackage rec {
src = fetchurl {
url = "https://pypi.python.org/packages/source/d/drivedroid-gen-repo/drivedroid-gen-repo-${version}.tar.gz";
- sha256 = "1w4dqc9ndyiv5kjh2y8n4p4c280vhqyj8s7y6al2klchcp2ab7q7";
+ sha256 = "09p58hzp61r5fp025lak9z52y0aakmaqpi59p9w5xq42dvy2hnvl";
};
meta = {
From c7568df0e28ac34e4858b39defb5ca447c0595d3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 27 Nov 2015 23:10:05 +0100
Subject: [PATCH 065/142] k 5 cacpanel: bump version
---
krebs/5pkgs/cacpanel/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix
index 55d1e2ca8..3e3e2e1fc 100644
--- a/krebs/5pkgs/cacpanel/default.nix
+++ b/krebs/5pkgs/cacpanel/default.nix
@@ -2,11 +2,11 @@
python3Packages.buildPythonPackage rec {
name = "cacpanel-${version}";
- version = "0.2.0";
+ version = "0.2.1";
src = pkgs.fetchurl {
url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
- sha256 = "1rcylbiy6488lpw4s4bildb48fljdq9kn12ksjrl81shmhhq9fcj";
+ sha256 = "1zaazg5r10kgva32zh4fhpw6l6h51ijkwpa322na0kh4x6f6aqj3";
};
propagatedBuildInputs = with python3Packages; [
From c7bb244bdf40cbcac76c23cda58e745021fa7247 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 27 Nov 2015 23:10:44 +0100
Subject: [PATCH 066/142] m 1 gum: provides mattermost via docker container
---
krebs/3modules/makefu/default.nix | 2 ++
makefu/1systems/gum.nix | 9 +++--
makefu/2configs/mattermost-docker.nix | 47 +++++++++++++++++++++++++++
3 files changed, 56 insertions(+), 2 deletions(-)
create mode 100644 makefu/2configs/mattermost-docker.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 652527da2..037abbdfd 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -245,6 +245,8 @@ with lib;
extraZones = {
"krebsco.de" = ''
share.euer IN A ${head nets.internet.addrs4}
+ mattermost.euer IN A ${head nets.internet.addrs4}
+ git.euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
'';
};
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 63ad18339..46bf3a970 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -13,14 +13,20 @@ in {
../2configs/fs/single-partition-ext4.nix
# ../2configs/iodined.nix
../2configs/git/cgit-retiolum.nix
-
+ ../2configs/mattermost-docker.nix
];
+
+
+ ###### stable
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
+
+
# Chat
environment.systemPackages = with pkgs;[
weechat
+ get
];
services.bitlbee.enable = true;
@@ -30,7 +36,6 @@ in {
boot.kernelModules = [ "kvm-intel" ];
# Network
-
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
'';
diff --git a/makefu/2configs/mattermost-docker.nix b/makefu/2configs/mattermost-docker.nix
new file mode 100644
index 000000000..20a93dff1
--- /dev/null
+++ b/makefu/2configs/mattermost-docker.nix
@@ -0,0 +1,47 @@
+{config, lib, ...}:
+
+with lib;
+let
+ sec = toString <secrets>;
+ ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+ ssl_key = "${sec}/wildcard.krebsco.de.key";
+in {
+ # mattermost docker config and deployment guide: git.euer.krebsco.de
+ virtualisation.docker.enable = true;
+ users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "docker" ];
+ krebs.nginx = {
+ enable = true;
+ servers.mattermost = {
+ listen = [ "80" "443 ssl" ];
+ server-names = [ "mattermost.euer.krebsco.de" ];
+ extraConfig = ''
+ gzip on;
+ gzip_buffers 4 32k;
+ gzip_types text/plain application/x-javascript text/css;
+ ssl_certificate ${ssl_cert};
+ ssl_certificate_key ${ssl_key};
+ default_type text/plain;
+
+ if ($scheme = http){
+ return 301 https://$server_name$request_uri;
+ }
+
+ client_max_body_size 4G;
+ keepalive_timeout 10;
+
+ '';
+ locations = [
+ (nameValuePair "/" ''
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_redirect off;
+ proxy_pass http://localhost:8065/;
+ '')
+ ];
+ };
+ };
+}
From 61d9ec179b3d1a55602a1ae188e70c84e5721107 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 3 Dec 2015 20:36:09 +0100
Subject: [PATCH 067/142] m 2 git: add mattermost
---
makefu/2configs/git/cgit-retiolum.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index e12827697..304d39fcd 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -15,6 +15,7 @@ let
tinc_graphs = {
desc = "Tinc Advanced Graph Generation";
};
+ cac = { };
};
priv-repos = mapAttrs make-priv-repo {
@@ -23,6 +24,9 @@ let
connector-repos = mapAttrs make-priv-repo {
connector = { };
+ mattermost = {
+ desc = "Mattermost Docker files";
+ };
};
From ada1aa277ce40df309e7440905e94a0b11d6e163 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 3 Dec 2015 20:36:42 +0100
Subject: [PATCH 068/142] m 2 default: do not restart ssh agent
---
makefu/2configs/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 3d9174788..760c70789 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -65,6 +65,7 @@ with lib;
time.timeZone = "Europe/Berlin";
#nix.maxJobs = 1;
+ programs.ssh.startAgent = false;
services.openssh.enable = true;
nix.useChroot = true;
From b5ffb88ba3a77d4f399d7a2815e2c61d53545f5d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 3 Dec 2015 20:37:04 +0100
Subject: [PATCH 069/142] m 2 base-gui: add TODO
---
makefu/2configs/base-gui.nix | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index 7b7f85f13..16a5386ca 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -10,6 +10,17 @@
#
# if this is not enough, check out main-laptop.nix
+## TODO: .Xdefaults:
+# URxvt*termName: rxvt
+# URxvt.scrollBar : false
+# URxvt*scrollBar_right: false
+# URxvt*borderLess: false
+# URxvt.foreground: white
+# URxvt.background: black
+# URxvt.urgentOnBell: true
+# URxvt.visualBell: false
+# URxvt.font : xft:Terminus
+
with lib;
let
mainUser = config.krebs.build.user.name;
From 0b76b1081eb89aabd07225380659d79c881ab9f9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 3 Dec 2015 20:39:01 +0100
Subject: [PATCH 070/142] m 1 gum: add bepasty
---
makefu/1systems/gum.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 63ad18339..9de07266e 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -21,6 +21,7 @@ in {
# Chat
environment.systemPackages = with pkgs;[
weechat
+ bepasty-client-cli
];
services.bitlbee.enable = true;
From 597f9e8597c95ac9e4cba1689322c433bb0c9a75 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 3 Dec 2015 20:39:29 +0100
Subject: [PATCH 071/142] k 3 tinc_graphs: add timeout
---
krebs/3modules/tinc_graphs.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 20aa385a9..ba81dd416 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -91,6 +91,7 @@ let
restartIfChanged = true;
serviceConfig = {
Type = "simple";
+ TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
restart = "always";
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
@@ -103,7 +104,6 @@ let
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/external/." "${external_dir}"
fi
'';
-
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
From f9aceee5cce66503c069be2e01510f2a6215fb62 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 4 Dec 2015 10:22:18 +0100
Subject: [PATCH 072/142] s 2 drivedroid: update service
---
shared/2configs/shack-drivedroid.nix | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/shared/2configs/shack-drivedroid.nix b/shared/2configs/shack-drivedroid.nix
index 66940bc08..08a6b0697 100644
--- a/shared/2configs/shack-drivedroid.nix
+++ b/shared/2configs/shack-drivedroid.nix
@@ -4,23 +4,25 @@ let
srepodir = lib.shell.escape repodir;
in
{
- systemd.paths.drivedroid = {
- wantedBy = [ "multi-user.target" ];
- Description = "triggers for changes in drivedroid dir";
- pathConfig = {
- PathModified = repodir;
- };
- };
+ environment.systemPackages = [ pkgs.drivedroid-gen-repo ];
systemd.services.drivedroid = {
- ServiceConfig = {
- ExecStartPre = pkgs.writeScript "prepare-drivedroid-repo-gen" ''
+ description = "generates drivedroid repo file";
+ restartIfChanged = true;
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ Type = "simple";
+ Restart = "always";
+ ExecStartPre = pkgs.writeScript "prepare-drivedroid-gen-repo" ''
#!/bin/sh
mkdir -p ${srepodir}/repos
'';
- ExecStart = pkgs.writeScript "start-drivedroid-repo-gen" ''
+ ExecStart = pkgs.writeScript "start-drivedroid-gen-repo" ''
#!/bin/sh
- {pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json"
+ while sleep 60; do
+ ${pkgs.inotify-tools}/bin/inotifywait -r ${srepodir} && ${pkgs.drivedroid-gen-repo}/bin/drivedroid-gen-repo --chdir "${srepodir}" repos/ > "${srepodir}/main.json"
+ done
'';
};
};
From a2461b2a8216ee49ca260d54fb91596ecf5cd45d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 4 Dec 2015 22:42:44 +0100
Subject: [PATCH 073/142] m 1 pornocauster: add printing,virtualbox
---
makefu/1systems/pornocauster.nix | 4 +++-
makefu/2configs/printer.nix | 10 ++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
create mode 100644 makefu/2configs/printer.nix
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 8624cb2d1..1a51618c1 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -16,11 +16,13 @@
../2configs/zsh-user.nix
# applications
+
../2configs/exim-retiolum.nix
../2configs/mail-client.nix
+ ../2configs/printer.nix
#../2configs/virtualization.nix
../2configs/virtualization.nix
- #../2configs/virtualization-virtualbox.nix
+ ../2configs/virtualization-virtualbox.nix
../2configs/wwan.nix
# services
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
new file mode 100644
index 000000000..35ad54bd9
--- /dev/null
+++ b/makefu/2configs/printer.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+ services.printing = {
+ enable = true;
+ drivers = [
+ pkgs.samsungUnifiedLinuxDriver
+ ];
+ };
+}
From 273d9c6c9c9d2419dc3f3d773b4ce8d2fa4601b4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 4 Dec 2015 22:43:35 +0100
Subject: [PATCH 074/142] m 1 pornocauster: use tinc_pre
---
makefu/1systems/pornocauster.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 1a51618c1..977289470 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -36,6 +36,7 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
#krebs.Reaktor.enable = true;
#krebs.Reaktor.nickname = "makefu|r";
@@ -45,6 +46,7 @@
get
virtmanager
gnome3.dconf
+ krebspaste
];
services.logind.extraConfig = "HandleLidSwitch=ignore";
From d83489feb1005dae7161909fcd0bf81a37e1ca41 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 8 Dec 2015 18:05:46 +0100
Subject: [PATCH 075/142] m 2 Reaktor: init of sed-plugin
---
makefu/2configs/Reaktor/sed-plugin.py | 43 +++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
create mode 100644 makefu/2configs/Reaktor/sed-plugin.py
diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py
new file mode 100644
index 000000000..6d6e1f8b8
--- /dev/null
+++ b/makefu/2configs/Reaktor/sed-plugin.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+
+# Usage:
+# _from=krebs statedir=. python sed-plugin.py 'dick butt'
+# _from=krebs statedir=. python sed-plugin.py 's/t/l/g'
+## dick bull
+import shelve
+from os import environ
+from os.path import join
+from sys import argv
+d = shelve.open(join(environ['statedir'],'sed-plugin.shelve'),writeback=True)
+import re
+
+def is_regex(line):
+ # TODO: match s/di\/ck/butt/ but not s/di/ck/butt/
+ myre = re.compile(r'^s/((?:\\/|[^/])+)/((?:\\/|[^/])*)/([ig]*)$')
+ return myre.match(line)
+
+line = argv[1]
+m = is_regex(line)
+
+if m:
+ f,t,flagstr = m.groups()
+ f = f.replace('\/','/')
+ t = t.replace('\/','/')
+ flags = 0
+ count = 1
+ if flagstr:
+ if 'i' in flagstr:
+ flags = re.IGNORECASE
+ if 'g' in flagstr:
+ count = 0
+ last = d.get(environ['_from'],None)
+ if last:
+ print(f,t,last)
+ print(re.sub(f,t,last,count=count,flags=flags))
+ else:
+ print("no last message")
+else:
+ print("setting line")
+ d[environ['_from']] = line
+
+d.close()
From 869a278aa8bdaf981222a4e72a4cfc3fbb740f95 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 8 Dec 2015 18:26:08 +0100
Subject: [PATCH 076/142] m 2 Reaktor: use sed-plugin
---
makefu/2configs/Reaktor/sed-plugin.py | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py
index 6d6e1f8b8..677a1a44f 100644
--- a/makefu/2configs/Reaktor/sed-plugin.py
+++ b/makefu/2configs/Reaktor/sed-plugin.py
@@ -21,8 +21,8 @@ m = is_regex(line)
if m:
f,t,flagstr = m.groups()
- f = f.replace('\/','/')
- t = t.replace('\/','/')
+ fn = f.replace('\/','/')
+ tn = t.replace('\/','/')
flags = 0
count = 1
if flagstr:
@@ -30,10 +30,20 @@ if m:
flags = re.IGNORECASE
if 'g' in flagstr:
count = 0
+ else:
+ flagstr = ''
last = d.get(environ['_from'],None)
if last:
- print(f,t,last)
- print(re.sub(f,t,last,count=count,flags=flags))
+ print(fn,tn,last)
+ #print(re.sub(fn,tn,last,count=count,flags=flags))
+ from subprocess import Popen,PIPE
+ p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE )
+ so,_ = p.communicate(last+"\n")
+ if p.returncode:
+ print("something went wrong when trying to process your regex")
+ print(so)
+
+
else:
print("no last message")
else:
From ee4546c9a4de6886f370f7ef59f327ef5f2251b1 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 8 Dec 2015 19:38:19 +0100
Subject: [PATCH 077/142] m 2 Reaktor: finish sed-plugin
---
makefu/2configs/Reaktor/sed-plugin.nix | 18 ++++++++++++++++++
makefu/2configs/Reaktor/sed-plugin.py | 24 ++++++++++++------------
2 files changed, 30 insertions(+), 12 deletions(-)
create mode 100644 makefu/2configs/Reaktor/sed-plugin.nix
diff --git a/makefu/2configs/Reaktor/sed-plugin.nix b/makefu/2configs/Reaktor/sed-plugin.nix
new file mode 100644
index 000000000..1ec977116
--- /dev/null
+++ b/makefu/2configs/Reaktor/sed-plugin.nix
@@ -0,0 +1,18 @@
+{ config, lib, pkgs, ... }:
+
+with pkgs;
+let
+ script = ./sed-plugin.py;
+in {
+ #TODO: this will eat up the last regex, fix Reaktor
+ krebs.Reaktor.extraConfig = ''
+ public_commands.append({
+ 'capname' : "shack-correct",
+ # only support s///gi
+ 'pattern' : '^(?P<args>.*)$$',
+ 'argv' : ["${pkgs.python3}/bin/python3","${script}"],
+ 'env' : { 'state_dir' : workdir,
+ 'PATH':'${lib.makeSearchPath "bin" [pkgs.gnused]}' }})
+ '';
+}
+
diff --git a/makefu/2configs/Reaktor/sed-plugin.py b/makefu/2configs/Reaktor/sed-plugin.py
index 677a1a44f..8103c9585 100644
--- a/makefu/2configs/Reaktor/sed-plugin.py
+++ b/makefu/2configs/Reaktor/sed-plugin.py
@@ -1,18 +1,18 @@
#!/usr/bin/env python3
# Usage:
-# _from=krebs statedir=. python sed-plugin.py 'dick butt'
-# _from=krebs statedir=. python sed-plugin.py 's/t/l/g'
+# _from=krebs state_dir=. python sed-plugin.py 'dick butt'
+# _from=krebs state_dir=. python sed-plugin.py 's/t/l/g'
## dick bull
import shelve
from os import environ
from os.path import join
from sys import argv
-d = shelve.open(join(environ['statedir'],'sed-plugin.shelve'),writeback=True)
+d = shelve.open(join(environ['state_dir'],'sed-plugin.shelve'),writeback=True)
+usr = environ['_from']
import re
def is_regex(line):
- # TODO: match s/di\/ck/butt/ but not s/di/ck/butt/
myre = re.compile(r'^s/((?:\\/|[^/])+)/((?:\\/|[^/])*)/([ig]*)$')
return myre.match(line)
@@ -32,22 +32,22 @@ if m:
count = 0
else:
flagstr = ''
- last = d.get(environ['_from'],None)
+ last = d.get(usr,None)
if last:
- print(fn,tn,last)
#print(re.sub(fn,tn,last,count=count,flags=flags))
from subprocess import Popen,PIPE
p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE )
- so,_ = p.communicate(last+"\n")
+ so,se = p.communicate(bytes("{}\n".format(last),"UTF-8"))
if p.returncode:
- print("something went wrong when trying to process your regex")
- print(so)
-
+ print("something went wrong when trying to process your regex: {}".format(se.decode()))
+ ret = so.decode()
+ print("\x1b[1m{}\x1b[0m meinte: {}".format(usr,ret.strip()))
+ if ret:
+ d[usr] = ret
else:
print("no last message")
else:
- print("setting line")
- d[environ['_from']] = line
+ d[usr] = line
d.close()
From 5fde514b88336b3ed00d41ef2e72ad4e2da23deb Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 17:50:33 +0100
Subject: [PATCH 078/142] l 3: add fetchWallpaper.nix
---
lass/3modules/default.nix | 1 +
lass/3modules/fetchWallpaper.nix | 89 ++++++++++++++++++++++++++++++++
2 files changed, 90 insertions(+)
create mode 100644 lass/3modules/fetchWallpaper.nix
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 0dcad971c..5fa5160ee 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -8,5 +8,6 @@ _:
./urxvtd.nix
./xresources.nix
./wordpress_nginx.nix
+ ./fetchWallpaper.nix
];
}
diff --git a/lass/3modules/fetchWallpaper.nix b/lass/3modules/fetchWallpaper.nix
new file mode 100644
index 000000000..9baebedbd
--- /dev/null
+++ b/lass/3modules/fetchWallpaper.nix
@@ -0,0 +1,89 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.lass.fetchWallpaper;
+
+ out = {
+ options.lass.fetchWallpaper = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "fetch wallpaper";
+ predicate = mkOption {
+ type = with types; nullOr path;
+ default = null;
+ };
+ url = mkOption {
+ type = types.str;
+ };
+ timerConfig = mkOption {
+ type = types.unspecified;
+ default = {
+ OnCalendar = "*:00,10,20,30,40,50";
+ };
+ };
+ stateDir = mkOption {
+ type = types.str;
+ default = "/tmp/wallpaper";
+ };
+ display = mkOption {
+ type = types.str;
+ default = ":11";
+ };
+ };
+
+ fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
+ #! ${pkgs.bash}/bin/bash
+ ${if (cfg.predicate == null) then "" else ''
+ ${cfg.predicate}
+ if [ $? -ne 0 ]; then
+ echo "predicate failed"
+ exit 23
+ fi
+ ''}
+ mkdir -p ${shell.escape cfg.stateDir}
+ curl -s -o ${shell.escape cfg.stateDir}/wallpaper -z ${shell.escape cfg.stateDir}/wallpaper ${shell.escape cfg.url}
+ feh --no-fehbg --bg-scale ${shell.escape cfg.stateDir}/wallpaper
+ '';
+
+ imp = {
+ users.extraUsers.fetchWallpaper = {
+ name = "fetchWallpaper";
+ uid = 3332383611; #genid fetchWallpaper
+ description = "fetchWallpaper user";
+ home = "/var/empty";
+ };
+
+ systemd.timers.fetchWallpaper = {
+ description = "fetch wallpaper timer";
+ wantedBy = [ "timers.target" ];
+
+ timerConfig = cfg.timerConfig;
+ };
+ systemd.services.fetchWallpaper = {
+ description = "fetch wallpaper";
+ after = [ "network.target" ];
+
+ path = with pkgs; [
+ curl
+ feh
+ ];
+
+ environment = {
+ URL = cfg.url;
+ DISPLAY = cfg.display;
+ };
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = fetchWallpaperScript;
+ User = "fetchWallpaper";
+ };
+ };
+ };
+in out
From 576483bc63e1c6e5531f90ebd2133a29a7923943 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 17:56:49 +0100
Subject: [PATCH 079/142] l 2 base: remove video permission for gm
---
lass/2configs/base.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index 61023057b..fa5ee4f19 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -17,6 +17,7 @@ with lib;
root = {
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.uriel.pubkey
];
};
mainUser = {
@@ -30,6 +31,7 @@ with lib;
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
+ config.krebs.users.uriel.pubkey
];
};
};
From 866c9f69d9e6233fd2f39a8dbee4e7facf365d55 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 17:58:21 +0100
Subject: [PATCH 080/142] l 1 prism: add juiceSSH key for chat
---
lass/1systems/prism.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 599f4704e..d65f4a185 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -116,6 +116,11 @@ in {
{ predicate = "-p tcp --dport 8080"; target = "ACCEPT";}
];
}
+ {
+ users.users.chat.openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH"
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From 1e81cb2151336859eed949bb6d8a17a93960bf10 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 17:58:58 +0100
Subject: [PATCH 081/142] l 1 prism: set timezone to Europe/Berlin
---
lass/1systems/prism.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index d65f4a185..fe9967837 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -121,6 +121,9 @@ in {
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJJKlOeAHyi7lToCqRF/hdA2TrtVbrTUd2ayuWsXe9JWiyeyKH/LNY3SrgxCWPZSItE9VK68ghMuVYK/A8IAcgzNhzFYLDxmtsidjiOJBj2ZGsjqevoQ5HuKB/pob8CLW3dr1Rx38Any/XXxpfeO6vemCJMGLTe5gSlrCI+Tk1qNt0Rz+rke73Hwt9wW39g8X3prF2q9ryL9OFCcsoYUE7PIOV9xM1GaDFfTR4bKux7HyFKmG+rBvmJHB5OPW8UAtVZGY/FIChwlmF6QNO5Zym497bG1RCOGplaLpRXVJrmoUkZUO7EazePPxIjz2duWYqFtwl5R9YGy1+a+F58G19DS7wJHM29td117/ZANjRTxE5q/aJm2okJYOVSqhYzdhji+BWVZ5ai7cktpAdtPo++yiZN90LvogXNB64kFxVGuX52xZcA3KLKmvrd47o9k0pzO+oCoArxPFIx0YkHfy/yw7OG8Z+KLK8l9WXWBZO5TpjcydnEcRZ8OEqVhtmDh+9h1zhPphuFBtT1JPbt8m132RUy23qsNRtZ/lnnfQbrxgHPRzVuvA8o4ahOEUdvV9SYnzKb6qMFXGp25EhlcWnR4/toyG6I3paBtByeHkaxjgCuvm9Hob6f/xFr3kEJ4WXTVguyrcFgNg2EcEfdkrTMhNn9OIHEFFQ8whIBv5jlw== JuiceSSH"
];
}
+ {
+ time.timeZone = "Europe/Berlin";
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From e59542f12d269f4f10b1f32f2f58e3c26c27585a Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:04:51 +0100
Subject: [PATCH 082/142] l 2: add teamviewer.nix
---
lass/2configs/teamviewer.nix | 6 ++++++
1 file changed, 6 insertions(+)
create mode 100644 lass/2configs/teamviewer.nix
diff --git a/lass/2configs/teamviewer.nix b/lass/2configs/teamviewer.nix
new file mode 100644
index 000000000..48053d7db
--- /dev/null
+++ b/lass/2configs/teamviewer.nix
@@ -0,0 +1,6 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ services.teamviewer.enable = true;
+}
From c8b82b0336f0913c70b5d1e51b0c1194ba9570d4 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:05:19 +0100
Subject: [PATCH 083/142] l 2: add libvirt.nix
---
lass/2configs/libvirt.nix | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
create mode 100644 lass/2configs/libvirt.nix
diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix
new file mode 100644
index 000000000..368722e77
--- /dev/null
+++ b/lass/2configs/libvirt.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+let
+ mainUser = config.users.extraUsers.mainUser;
+
+in {
+ virtualisation.libvirtd.enable = true;
+
+ users.extraUsers = {
+ libvirt = {
+ uid = 358821352; # genid libvirt
+ description = "user for running libvirt stuff";
+ home = "/home/libvirt";
+ useDefaultShell = true;
+ extraGroups = [ "libvirtd" "audio" ];
+ createHome = true;
+ };
+ };
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(libvirt) NOPASSWD: ALL
+ '';
+}
From 717c6f4adec48ac65050c693fd0722cd93355e81 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:20:50 +0100
Subject: [PATCH 084/142] l 3: add nginx site modules
---
lass/3modules/owncloud_nginx.nix | 215 ++++++++++++++++++++++++++++++
lass/3modules/static_nginx.nix | 49 +++++++
lass/3modules/wordpress_nginx.nix | 66 +++++++--
3 files changed, 319 insertions(+), 11 deletions(-)
create mode 100644 lass/3modules/owncloud_nginx.nix
create mode 100644 lass/3modules/static_nginx.nix
diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix
new file mode 100644
index 000000000..a0db87b0b
--- /dev/null
+++ b/lass/3modules/owncloud_nginx.nix
@@ -0,0 +1,215 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.lass.owncloud;
+
+ out = {
+ options.lass.owncloud = api;
+ config = imp;
+ };
+
+ api = mkOption {
+ type = with types; attrsOf (submodule ({ config, ... }: {
+ options = {
+ domain = mkOption {
+ type = str;
+ default = config._module.args.name;
+ };
+ dataDir = mkOption {
+ type = str;
+ default = "${config.folder}/data";
+ };
+ dbUser = mkOption {
+ type = str;
+ default = replaceStrings ["."] ["_"] config.domain;
+ };
+ dbName = mkOption {
+ type = str;
+ default = replaceStrings ["."] ["_"] config.domain;
+ };
+ dbType = mkOption {
+ # TODO: check for valid dbType
+ type = str;
+ default = "mysql";
+ };
+ folder = mkOption {
+ type = str;
+ default = "/srv/http/${config.domain}";
+ };
+ auto = mkOption {
+ type = bool;
+ default = false;
+ };
+ instanceid = mkOption {
+ type = str;
+ };
+ ssl = mkOption {
+ type = bool;
+ default = false;
+ };
+ };
+ }));
+ default = {};
+ };
+
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+
+ imp = {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
+ server-names = [
+ "${domain}"
+ "www.${domain}"
+ ];
+ locations = [
+ (nameValuePair "/" ''
+ # The following 2 rules are only needed with webfinger
+ rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+ rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+ rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+ rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+
+ rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+
+ try_files $uri $uri/ /index.php;
+ '')
+ (nameValuePair "~ \.php$" ''
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ include ${pkgs.nginx}/conf/fastcgi.conf;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_pass unix:${folder}/phpfpm.pool;
+ '')
+ (nameValuePair "~ /\\." ''
+ deny all;
+ '')
+ ];
+ extraConfig = ''
+ root ${folder}/;
+ #index index.php;
+ access_log /tmp/nginx_acc.log;
+ error_log /tmp/nginx_err.log;
+
+ # set max upload size
+ client_max_body_size 10G;
+ fastcgi_buffers 64 4K;
+
+ rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+ rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+ rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+
+ error_page 403 /core/templates/403.php;
+ error_page 404 /core/templates/404.php;
+ '';
+ });
+ services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
+ listen = ${folder}/phpfpm.pool
+ user = ${user}
+ group = ${group}
+ pm = dynamic
+ pm.max_children = 5
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ listen.owner = ${user}
+ listen.group = ${group}
+ # errors to journal
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ '');
+ #systemd.services = flip mapAttrs' cfg (name: { domain, folder, dbName, dbUser, dbType, dataDir, instanceid, ... }: {
+ # name = "owncloudInit-${name}";
+ # value = {
+ # path = [
+ # pkgs.mysql
+ # pkgs.su
+ # pkgs.gawk
+ # pkgs.jq
+ # ];
+ # requiredBy = [ "nginx.service" ];
+ # serviceConfig = let
+ # php.define = name: value:
+ # "define(${php.newdoc name}, ${php.newdoc value});";
+ # php.toString = x:
+ # "'${x}'";
+ # php.newdoc = s:
+ # let b = "EOF${builtins.hashString "sha256" s}"; in
+ # ''<<<'${b}'
+ # ${s}
+ # ${b}
+ # '';
+ # in {
+ # Type = "oneshot";
+ # ExecStart = pkgs.writeScript "wordpressInit" ''
+ # #!/bin/sh
+ # set -euf
+ # oc_secrets=${shell.escape "${toString <secrets>}/${domain}/oc-secrets"}
+ # db_password=$(cat ${shell.escape "${toString <secrets>}/${domain}/sql-db-pw"})
+ # get_secret() {
+ # echo "'$1' => $(jq -r ."$1" "$oc_secrets" | to_php_string),"
+ # }
+ # to_php_string() {
+ # echo "base64_decode('$(base64)')"
+ # }
+ # {
+ # cat ${toString <secrets/mysql_rootPassword>}
+ # password=$(cat ${shell.escape (toString (<secrets/mysql_rootPassword>))})
+ # # TODO passwordhash=$(su nobody_oc -c mysql <<< "SELECT PASSWORD($(toSqlString <<< "$password"));")
+ # # TODO as package pkgs.sqlHashPassword
+ # # TODO not using mysql
+ # # SET SESSION sql_mode = 'NO_BACKSLASH_ESCAPES';
+ # passwordhash=$(su nobody_oc -c 'mysql -u nobody --silent' <<< "SELECT PASSWORD('$db_password');")
+ # user=${shell.escape dbUser}@localhost
+ # database=${shell.escape dbName}
+ # cat << EOF
+ # CREATE DATABASE IF NOT EXISTS $database;
+ # GRANT USAGE ON *.* TO $user IDENTIFIED BY PASSWORD '$passwordhash';
+ # GRANT ALL PRIVILEGES ON $database.* TO $user;
+ # FLUSH PRIVILEGES;
+ # EOF
+ # } | mysql -u root -p
+ # # TODO nix2php for wp-config.php
+ # mkdir -p ${folder}/config
+ # cat > ${folder}/config/config.php << EOF
+ # <?php
+ # \$CONFIG = array (
+ # 'dbhost' => 'localhost',
+ # 'dbtableprefix' => 'oc_',
+ # 'dbpassword' => '$db_password',
+ # 'installed' => 'true',
+ # 'trusted_domains' =>
+ # array (
+ # 0 => '${domain}',
+ # ),
+ # 'overwrite.cli.url' => 'http://${domain}',
+
+ # ${concatStringsSep "\n" (mapAttrsToList (name: value:
+ # "'${name}' => $(printf '%s' ${shell.escape value} | to_php_string),"
+ # ) {
+ # instanceid = instanceid;
+ # datadirectory = dataDir;
+ # dbtype = dbType;
+ # dbname = dbName;
+ # dbuser = dbUser;
+ # })}
+
+ # ${concatMapStringsSep "\n" (key: "$(get_secret ${shell.escape key})") [
+ # "secret"
+ # "passwordsalt"
+ # ]}
+ # );
+ # EOF
+ # '';
+ # };
+ # };
+ #});
+ users.users.nobody_oc = {
+ uid = 1651469147; # genid nobody_oc
+ useDefaultShell = true;
+ };
+ };
+
+in out
diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix
new file mode 100644
index 000000000..cc2641af2
--- /dev/null
+++ b/lass/3modules/static_nginx.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.lass.staticPage;
+
+ out = {
+ options.lass.staticPage = api;
+ config = imp;
+ };
+
+ api = mkOption {
+ type = with types; attrsOf (submodule ({ config, ... }: {
+ options = {
+ domain = mkOption {
+ type = str;
+ default = config._module.args.name;
+ };
+ folder = mkOption {
+ type = str;
+ default = "/srv/http/${config.domain}";
+ };
+ };
+ }));
+ default = {};
+ };
+
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+
+ imp = {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
+ server-names = [
+ "${domain}"
+ "www.${domain}"
+ ];
+ locations = [
+ (nameValuePair "/" ''
+ root ${folder};
+ '')
+ (nameValuePair "~ /\\." ''
+ deny all;
+ '')
+ ];
+ });
+ };
+
+in out
diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix
index 65170698f..2f31f6e02 100644
--- a/lass/3modules/wordpress_nginx.nix
+++ b/lass/3modules/wordpress_nginx.nix
@@ -45,35 +45,70 @@ let
type = bool;
default = false;
};
+ multiSite = mkOption {
+ type = attrsOf str;
+ default = {};
+ example = {
+ "0" = "bla.testsite.de";
+ "1" = "test.testsite.de";
+ };
+ };
};
}));
default = {};
};
- dataFolder = "/srv/http";
user = config.services.nginx.user;
group = config.services.nginx.group;
imp = {
- krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, ... }: {
+ #services.nginx.appendConfig = mkIf (cfg.multiSite != {}) ''
+ # map $http_host $blogid {
+ # ${concatStringsSep "\n" (mapAttrsToList (n: v: indent "v n;") multiSite)}
+ # }
+ #'';
+
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ... }: {
server-names = [
"${domain}"
"www.${domain}"
];
- locations = [
+ #(mkIf (multiSite != {})
+ #)
+ locations = (if (multiSite != {}) then
+ [
+ (nameValuePair "~ ^/files/(.*)$" ''
+ try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ;
+ '')
+ (nameValuePair "^~ /blogs.dir" ''
+ internal;
+ alias ${folder}/wp-content/blogs.dir ;
+ access_log off; log_not_found off; expires max;
+ '')
+ ]
+ else
+ []
+ ) ++
+ [
(nameValuePair "/" ''
try_files $uri $uri/ /index.php?$args;
'')
(nameValuePair "~ \.php$" ''
- fastcgi_pass unix:${dataFolder}/${domain}/phpfpm.pool;
+ fastcgi_pass unix:${folder}/phpfpm.pool;
include ${pkgs.nginx}/conf/fastcgi.conf;
'')
(nameValuePair "~ /\\." ''
deny all;
'')
+ #Directives to send expires headers and turn off 404 error logging.
+ (nameValuePair "~* ^.+\.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$" ''
+ access_log off;
+ log_not_found off;
+ expires max;
+ '')
];
extraConfig = ''
- root ${dataFolder}/${domain}/;
+ root ${folder}/;
index index.php;
access_log /tmp/nginx_acc.log;
error_log /tmp/nginx_err.log;
@@ -81,8 +116,8 @@ let
error_page 500 502 503 504 /50x.html;
'';
});
- services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, ... }: ''
- listen = ${dataFolder}/${domain}/phpfpm.pool
+ services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
+ listen = ${folder}/phpfpm.pool
user = ${user}
group = ${group}
pm = dynamic
@@ -97,7 +132,7 @@ let
php_admin_flag[log_errors] = on
catch_workers_output = yes
'');
- systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, ... }: {
+ systemd.services = flip mapAttrs' cfg (name: { domain, folder, charset, collate, dbName, dbUser, debug, multiSite, ... }: {
name = "wordpressInit-${name}";
value = {
path = [
@@ -175,6 +210,13 @@ let
]}
\$table_prefix = 'wp_';
+
+ ${if (multiSite != {}) then
+ "define('WP_ALLOW_MULTISITE', true);"
+ else
+ ""
+ }
+
define('WP_DEBUG', ${toJSON debug});
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
@@ -186,10 +228,12 @@ let
};
};
});
- users.users.nobody2 = {
- uid = 125816384; # genid nobody2
- useDefaultShell = true;
+ users.users.nobody2 = mkDefault {
+ uid = mkDefault 125816384; # genid nobody2
+ useDefaultShell = mkDefault true;
};
};
+ indent = replaceChars ["\n"] ["\n "];
+
in out
From ec8cd8502dd3439cf7c9f1069d875d0291a51130 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:21:50 +0100
Subject: [PATCH 085/142] l 2: add websites
---
lass/2configs/websites/domsen.nix | 35 +++++++++++++++++++
lass/2configs/websites/wohnprojekt-rhh.de.nix | 12 +++++++
2 files changed, 47 insertions(+)
create mode 100644 lass/2configs/websites/domsen.nix
create mode 100644 lass/2configs/websites/wohnprojekt-rhh.de.nix
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
new file mode 100644
index 000000000..109c216c0
--- /dev/null
+++ b/lass/2configs/websites/domsen.nix
@@ -0,0 +1,35 @@
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ../../3modules/static_nginx.nix
+ ../../3modules/owncloud_nginx.nix
+ ../../3modules/wordpress_nginx.nix
+ ];
+
+ lass.staticPage = {
+ "karlaskop.de" = {};
+ "makeup.apanowicz.de" = {};
+ "pixelpocket.de" = {};
+ "reich-gebaeudereinigung.de" = {};
+ };
+
+ lass.owncloud = {
+ "o.ubikmedia.de" = {
+ instanceid = "oc8n8ddbftgh";
+ };
+ };
+
+ services.mysql = {
+ enable = true;
+ package = pkgs.mariadb;
+ rootPassword = toString (<secrets/mysql_rootPassword>);
+ };
+
+ #lass.wordpress = {
+ # "ubikmedia.de" = {
+ # };
+ #};
+
+}
+
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
new file mode 100644
index 000000000..cd31450c5
--- /dev/null
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+
+{
+ imports = [
+ ../../3modules/static_nginx.nix
+ ];
+
+ lass.staticPage = {
+ "wohnprojekt-rhh.de" = {};
+ };
+}
+
From 75ab577d4922f3b57a890af668b9c0fb405a50b0 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:22:09 +0100
Subject: [PATCH 086/142] l 1 mors: import stuff
---
lass/1systems/mors.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/1systems/mors.nix b/lass/1systems/mors.nix
index 7b91fa6be..4ba9df6f9 100644
--- a/lass/1systems/mors.nix
+++ b/lass/1systems/mors.nix
@@ -22,6 +22,9 @@
../2configs/bitlbee.nix
../2configs/firefoxPatched.nix
../2configs/skype.nix
+ ../2configs/teamviewer.nix
+ ../2configs/libvirt.nix
+ ../2configs/fetchWallpaper.nix
{
#risk of rain port
krebs.iptables.tables.filter.INPUT.rules = [
From 24105297bd9ff8af57befeb56f4ef42d439a531d Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:22:47 +0100
Subject: [PATCH 087/142] l 1 prism: activate websites
---
lass/1systems/prism.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index fe9967837..95c55533c 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -124,6 +124,15 @@ in {
{
time.timeZone = "Europe/Berlin";
}
+ {
+ imports = [
+ ../2configs/websites/wohnprojekt-rhh.de.nix
+ ../2configs/websites/domsen.nix
+ ];
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;
From 43613fa6fca279301fcf0d014c0c9f71f394d9a1 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:23:32 +0100
Subject: [PATCH 088/142] l 2 base: nixpkgs 8d1ce12 -> 363c843
---
lass/2configs/base.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/base.nix b/lass/2configs/base.nix
index fa5ee4f19..40f4e12c7 100644
--- a/lass/2configs/base.nix
+++ b/lass/2configs/base.nix
@@ -50,7 +50,7 @@ with lib;
source = {
git.nixpkgs = {
url = https://github.com/Lassulus/nixpkgs;
- rev = "8d1ce129361312334bf914ce0d27e463cb0bb21b";
+ rev = "363c8430f1efad8b03d5feae6b3a4f2fe7b29251";
};
dir.secrets = {
host = config.krebs.hosts.mors;
From d567f9374529bf3fb2517ff270f8f0c973605722 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:24:32 +0100
Subject: [PATCH 089/142] l 2 browsers: use writeScriptBin
---
lass/2configs/browsers.nix | 20 +++++---------------
1 file changed, 5 insertions(+), 15 deletions(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 849778a7a..580db8b2c 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -1,16 +1,6 @@
{ config, lib, pkgs, ... }:
let
- simpleScript = name: content:
- pkgs.stdenv.mkDerivation {
- inherit name;
- phases = [ "installPhase" ];
- installPhase = ''
- mkdir -p $out/bin
- ln -s ${pkgs.writeScript name content} $out/bin/${name}
- '';
- };
-
mainUser = config.users.extraUsers.mainUser;
createChromiumUser = name: extraGroups: packages:
{
@@ -26,8 +16,8 @@ let
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
environment.systemPackages = [
- (simpleScript name ''
- sudo -u ${name} -i chromium $@
+ (pkgs.writeScriptBin name ''
+ /var/setuid-wrappers/sudo -u ${name} -i chromium $@
'')
];
};
@@ -46,8 +36,8 @@ let
${mainUser.name} ALL=(${name}) NOPASSWD: ALL
'';
environment.systemPackages = [
- (simpleScript name ''
- sudo -u ${name} -i firefox $@
+ (pkgs.writeScriptBin name ''
+ /var/setuid-wrappers/sudo -u ${name} -i firefox $@
'')
];
};
@@ -57,7 +47,7 @@ let
in {
environment.systemPackages = [
- (simpleScript "browser-select" ''
+ (pkgs.writeScriptBin "browser-select" ''
BROWSER=$(echo -e "ff\ncr\nfb\ngm\nflash" | dmenu)
$BROWSER $@
'')
From f913904eba26b0819c7ed02c69ee09fb310f8478 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:25:08 +0100
Subject: [PATCH 090/142] l 2 browsers: activate flash browser
---
lass/2configs/browsers.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix
index 580db8b2c..d36801863 100644
--- a/lass/2configs/browsers.nix
+++ b/lass/2configs/browsers.nix
@@ -60,7 +60,7 @@ in {
( createChromiumUser "cr" [ "audio" ] [ pkgs.chromium ] )
( createChromiumUser "fb" [ ] [ pkgs.chromium ] )
( createChromiumUser "gm" [ ] [ pkgs.chromium ] )
- # ( createChromiumUser "flash" [ ] [ pkgs.flash ] )
+ ( createChromiumUser "flash" [ ] [ pkgs.flash ] )
];
nixpkgs.config.packageOverrides = pkgs : {
From e5d46002e5aded1780c3a00a28866a5569978335 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:25:37 +0100
Subject: [PATCH 091/142] l 2 elster: use chromium package
---
lass/2configs/elster.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix
index 1edd01896..e3a88c789 100644
--- a/lass/2configs/elster.nix
+++ b/lass/2configs/elster.nix
@@ -14,6 +14,9 @@ in {
createHome = true;
};
};
+ krebs.per-user.elster.packages = [
+ pkgs.chromium
+ ];
security.sudo.extraConfig = ''
${mainUser.name} ALL=(elster) NOPASSWD: ALL
'';
From bd25fd61c8eaa780e827419760accd47140f9236 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:27:17 +0100
Subject: [PATCH 092/142] l 2: add fetchWallpaper.nix
---
lass/2configs/fetchWallpaper.nix | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 lass/2configs/fetchWallpaper.nix
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
new file mode 100644
index 000000000..effbd6c85
--- /dev/null
+++ b/lass/2configs/fetchWallpaper.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+let
+
+in {
+ lass.fetchWallpaper = {
+ enable = true;
+ url = "echelon/wallpaper.png";
+ };
+}
+
From 8bb93b93fdacdcca75176392ad9f66dd3b2dc6dc Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 18:27:45 +0100
Subject: [PATCH 093/142] l 2 xserver: remove xmobar
---
lass/2configs/xserver/default.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/2configs/xserver/default.nix b/lass/2configs/xserver/default.nix
index ceccf5fee..da337f6a7 100644
--- a/lass/2configs/xserver/default.nix
+++ b/lass/2configs/xserver/default.nix
@@ -108,7 +108,6 @@ let
pkgs.rxvt_unicode
pkgs.i3lock
pkgs.haskellPackages.yeganesh
- pkgs.haskellPackages.xmobar
pkgs.dmenu
] ++ config.environment.systemPackages)}:/var/setuid-wrappers
settle() {(
From 1b9a044b44d12096dbad27db3a44d5c911ec9eb4 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 19:37:13 +0100
Subject: [PATCH 094/142] l 3 fetchWallpaper -> k 3 fetchWallpaper
---
krebs/3modules/default.nix | 1 +
{lass => krebs}/3modules/fetchWallpaper.nix | 4 ++--
lass/2configs/fetchWallpaper.nix | 2 +-
lass/3modules/default.nix | 1 -
4 files changed, 4 insertions(+), 4 deletions(-)
rename {lass => krebs}/3modules/fetchWallpaper.nix (96%)
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 6d2b090a2..740ba67b8 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -12,6 +12,7 @@ let
./current.nix
./exim-retiolum.nix
./exim-smarthost.nix
+ ./fetchWallpaper.nix
./github-hosts-sync.nix
./git.nix
./go.nix
diff --git a/lass/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
similarity index 96%
rename from lass/3modules/fetchWallpaper.nix
rename to krebs/3modules/fetchWallpaper.nix
index 9baebedbd..a3eddcc27 100644
--- a/lass/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -3,10 +3,10 @@
with lib;
let
- cfg = config.lass.fetchWallpaper;
+ cfg = config.krebs.fetchWallpaper;
out = {
- options.lass.fetchWallpaper = api;
+ options.krebs.fetchWallpaper = api;
config = mkIf cfg.enable imp;
};
diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix
index effbd6c85..9c27706cb 100644
--- a/lass/2configs/fetchWallpaper.nix
+++ b/lass/2configs/fetchWallpaper.nix
@@ -3,7 +3,7 @@
let
in {
- lass.fetchWallpaper = {
+ krebs.fetchWallpaper = {
enable = true;
url = "echelon/wallpaper.png";
};
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 5fa5160ee..0dcad971c 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -8,6 +8,5 @@ _:
./urxvtd.nix
./xresources.nix
./wordpress_nginx.nix
- ./fetchWallpaper.nix
];
}
From 25c1a1c5eeffd59af84eb3eda167ac81622e5198 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 19:37:52 +0100
Subject: [PATCH 095/142] k 3 fetchWallpaper: default stateDir in /var
---
krebs/3modules/fetchWallpaper.nix | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index a3eddcc27..b5eb00e9c 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -27,7 +27,7 @@ let
};
stateDir = mkOption {
type = types.str;
- default = "/tmp/wallpaper";
+ default = "/var/lib/wallpaper";
};
display = mkOption {
type = types.str;
@@ -50,11 +50,12 @@ let
'';
imp = {
- users.extraUsers.fetchWallpaper = {
+ users.users.fetchWallpaper = {
name = "fetchWallpaper";
uid = 3332383611; #genid fetchWallpaper
description = "fetchWallpaper user";
- home = "/var/empty";
+ home = cfg.stateDir;
+ createHome = true;
};
systemd.timers.fetchWallpaper = {
From c0786aee72507e08ab61b5e9391afb4e7fba76fa Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Sat, 12 Dec 2015 19:40:44 +0100
Subject: [PATCH 096/142] l 5 xmonad-lass: deactivate yeganesh, workspace0
---
lass/5pkgs/xmonad-lass/Main.hs | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/lass/5pkgs/xmonad-lass/Main.hs b/lass/5pkgs/xmonad-lass/Main.hs
index 10a3c5638..ce5afe33a 100644
--- a/lass/5pkgs/xmonad-lass/Main.hs
+++ b/lass/5pkgs/xmonad-lass/Main.hs
@@ -49,6 +49,7 @@ import XMonad.Stockholm.Pager
import XMonad.Stockholm.Rhombus
import XMonad.Stockholm.Shutdown
+
myTerm :: String
myTerm = "urxvtc"
@@ -65,6 +66,7 @@ main = getArgs >>= \case
mainNoArgs :: IO ()
mainNoArgs = do
+ workspaces0 <- getWorkspaces0
xmonad'
-- $ withUrgencyHookC dzenUrgencyHook { args = ["-bg", "magenta", "-fg", "magenta", "-h", "2"], duration = 500000 }
-- urgencyConfig { remindWhen = Every 1 }
@@ -74,6 +76,7 @@ mainNoArgs = do
$ defaultConfig
{ terminal = myTerm
, modMask = mod4Mask
+ , workspaces = workspaces0
, layoutHook = smartBorders $ myLayoutHook
-- , handleEventHook = myHandleEventHooks <+> handleTimerEvent
--, handleEventHook = handleTimerEvent
@@ -100,16 +103,26 @@ xmonad' conf = do
hPutStrLn stderr (displaySomeException e)
xmonad conf
+getWorkspaces0 :: IO [String]
+getWorkspaces0 =
+ try (getEnv "XMONAD_WORKSPACES0_FILE") >>= \case
+ Left e -> warn (displaySomeException e)
+ Right p -> try (readFile p) >>= \case
+ Left e -> warn (displaySomeException e)
+ Right x -> case readEither x of
+ Left e -> warn e
+ Right y -> return y
+ where
+ warn msg = hPutStrLn stderr ("getWorkspaces0: " ++ msg) >> return []
displaySomeException :: SomeException -> String
displaySomeException = displayException
myKeyMap =
- [ ("M4-<F11>", spawn "i3lock -i ~/lock.png -u" )
+ [ ("M4-<F11>", spawn "/var/setuid-wrappers/slock")
, ("M4-p", spawn "passmenu --type")
- , ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
- -- , ("M4-r", io (readProcess "yeganesh" ["-x"] "" >>= putStrLn ) )
+ --, ("M4-r", spawn "exe=$(yeganesh -x) && eval \"exec $exe\"")
, ("<XF86AudioRaiseVolume>", spawn "pactl -- set-sink-volume 0 +4%")
, ("<XF86AudioLowerVolume>", spawn "pactl -- set-sink-volume 0 -4%")
, ("<XF86Launch1>", gridselectWorkspace myWSConfig W.view)
From 1c17881aede650e114b43dfb4efb10249c2bcaea Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 13 Dec 2015 13:50:39 +0100
Subject: [PATCH 097/142] k 3 fetchWallpaper: change predicate handling
a failed predicate does not result in a failed system service
it will just not download the remote
---
krebs/3modules/fetchWallpaper.nix | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index b5eb00e9c..83ecf4177 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -37,11 +37,10 @@ let
fetchWallpaperScript = pkgs.writeScript "fetchWallpaper" ''
#! ${pkgs.bash}/bin/bash
- ${if (cfg.predicate == null) then "" else ''
- ${cfg.predicate}
- if [ $? -ne 0 ]; then
- echo "predicate failed"
- exit 23
+ ${optionalString (cfg.predicate != null) ''
+ if ! ${cfg.predicate}; then
+ echo "predicate failed - will not fetch from remote"
+ exit 0
fi
''}
mkdir -p ${shell.escape cfg.stateDir}
From 6a07012a2f2ab8673c464256bd46efedf95366c3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 13 Dec 2015 13:52:15 +0100
Subject: [PATCH 098/142] m 2 fetchWallpaper: default enabled for mainlaptop
---
makefu/2configs/fetchWallpaper.nix | 24 ++++++++++++++++++++++++
makefu/2configs/main-laptop.nix | 5 ++++-
2 files changed, 28 insertions(+), 1 deletion(-)
create mode 100644 makefu/2configs/fetchWallpaper.nix
diff --git a/makefu/2configs/fetchWallpaper.nix b/makefu/2configs/fetchWallpaper.nix
new file mode 100644
index 000000000..b071a128d
--- /dev/null
+++ b/makefu/2configs/fetchWallpaper.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+
+let
+ # check if laptop runs on umts
+ weaksauce-internet = with pkgs;writeScript "weaksauce-internet" ''
+ #! /bin/sh
+ if ${iproute}/bin/ip addr show dev ppp0 2>/dev/null \
+ | ${gnugrep}/bin/grep -q inet;then
+ exit 1
+ fi
+ '';
+
+in {
+ krebs.fetchWallpaper = {
+ enable = true;
+ display = ":0";
+ predicate = weaksauce-internet;
+ timerConfig = {
+ OnCalendar = "*:0/30";
+ };
+ url = "http://echelon/wallpaper.png";
+ };
+}
+
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index dfc8c1c07..00a3e73ca 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -6,7 +6,10 @@
with lib;
{
- imports = [ ./base-gui.nix ];
+ imports = [
+ ./base-gui.nix
+ ./fetchWallpaper.nix
+ ];
environment.systemPackages = with pkgs;[
vlc
firefox
From 4578f701ba01bfdf0745a8c73461070f0f7d2f0e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 13 Dec 2015 14:26:33 +0100
Subject: [PATCH 099/142] m 5 awesomecfg: beautiful was loaded too late
resulted in missing icons, colors for border.
i just discovered this today, 2 months after i wrote the config hahah :D
---
makefu/5pkgs/awesomecfg/full.cfg | 30 +++++++++++++++++-------------
1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg
index b3f94e655..15711a5d5 100644
--- a/makefu/5pkgs/awesomecfg/full.cfg
+++ b/makefu/5pkgs/awesomecfg/full.cfg
@@ -12,6 +12,8 @@ local beautiful = require("beautiful")
local naughty = require("naughty")
local menubar = require("menubar")
+
+
-- {{{ Error handling
-- Check if awesome encountered an error during startup and fell back to
-- another config (This code will only ever execute for the fallback config)
@@ -90,6 +92,20 @@ vicious.register(batwidget, vicious.widgets.bat, "$2%", 61, "BAT0")
--
-- beautiful.init("/nix/store/qbx8r72yzaxpz41zq00902zwajl31b5h-awesome-3.5.6/share/awesome/themes/default/theme.lua")
+function find_default_theme()
+ -- find the default lua theme in the package path
+ for path in package.path:gmatch('([^;]+);') do
+ if path:match('awesome.*share') then
+ theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua'
+ if awful.util.file_readable(theme_path) then return theme_path end
+ end
+ end
+end
+
+beautiful.init(find_default_theme())
+client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end)
+client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
+
-- This is used later as the default terminal and editor to run.
terminal = "urxvt"
editor = os.getenv("EDITOR") or "vim"
@@ -494,21 +510,9 @@ local os = {
date = os.date,
time = os.time
}
+
-- }}}
-function find_default_theme()
- -- find the default lua theme in the package path
- for path in package.path:gmatch('([^;]+);') do
- if path:match('awesome.*share') then
- theme_path = path:match('^([^?]*)') .. '../themes/default/theme.lua'
- if awful.util.file_readable(theme_path) then return theme_path end
- end
- end
-end
-
-beautiful.init(find_default_theme())
-client.connect_signal("focus", function(c) c.border_color = beautiful.border_focus end)
-client.connect_signal("unfocus", function(c) c.border_color = beautiful.border_normal end)
-- }}}
From 809ffa435c4ba759a6cfd7fdffc976499d470d82 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 13 Dec 2015 14:35:30 +0100
Subject: [PATCH 100/142] m 2 default: use timesyncd instead of ntpd
---
makefu/2configs/default.nix | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 760c70789..519635281 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -80,7 +80,14 @@ with lib;
"d /tmp 1777 root root - -"
];
- environment.variables.EDITOR = mkForce "vim";
+ environment.variables = {
+ NIX_PATH = with config.krebs.build.source; with dir; with git;
+ mkForce (concatStringsSep ":" [
+ "nixpkgs=${nixpkgs.target-path}"
+ "${nixpkgs.target-path}"
+ ]);
+ EDITOR = mkForce "vim";
+ };
environment.systemPackages = with pkgs; [
jq
@@ -124,6 +131,14 @@ with lib;
services.cron.enable = false;
services.nscd.enable = false;
+ services.ntp.enable = false;
+ services.timesyncd.enable = true;
+ services.ntp.servers = [
+ "pool.ntp.org"
+ "time.windows.com"
+ "time.apple.com"
+ "time.nist.gov"
+ ];
security.setuidPrograms = [ "sendmail" ];
services.journald.extraConfig = ''
From c3bd222b9f8c4b7d08a447760ae5ae28b90f217e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 14:17:21 +0100
Subject: [PATCH 101/142] m 2 tinc: add ire as potential supernode
---
makefu/2configs/tinc-basic-retiolum.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/2configs/tinc-basic-retiolum.nix b/makefu/2configs/tinc-basic-retiolum.nix
index fd6d1683d..2abf4f188 100644
--- a/makefu/2configs/tinc-basic-retiolum.nix
+++ b/makefu/2configs/tinc-basic-retiolum.nix
@@ -9,6 +9,7 @@ with lib;
"gum"
"pigstarter"
"fastpoke"
+ "ire"
];
};
}
From 27ca97b78f66d6fca96e303cc650cc68065e9a1c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 14:18:08 +0100
Subject: [PATCH 102/142] k 3 retiolum: add extraConfig
---
krebs/3modules/retiolum.nix | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 633642537..28ac67306 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -50,6 +50,14 @@ let
'';
};
+ extraConfig = mkOption {
+ type = types.str;
+ default = "";
+ description = ''
+ Extra Configuration to be appended to tinc.conf
+ '';
+ };
+
tincPackage = mkOption {
type = types.package;
default = pkgs.tinc;
@@ -203,6 +211,7 @@ let
Interface = ${cfg.network}
${concatStrings (map (c : "ConnectTo = " + c + "\n") cfg.connectTo)}
PrivateKeyFile = /tmp/retiolum-rsa_key.priv
+ ${cfg.extraConfig}
EOF
# source: krebscode/painload/retiolum/scripts/tinc_setup/tinc-up
From 72238439c5c8010323030112b9b041f5d6fd27e3 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 14:18:34 +0100
Subject: [PATCH 103/142] m 1 gum: add extra ports to gum retiolum
---
makefu/1systems/gum.nix | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 75607aa46..417a020fa 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -14,14 +14,20 @@ in {
# ../2configs/iodined.nix
../2configs/git/cgit-retiolum.nix
../2configs/mattermost-docker.nix
+ ../2configs/nginx/euer.test.nix
];
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
###### stable
krebs.build.target = "root@gum.krebsco.de";
krebs.build.host = config.krebs.hosts.gum;
-
+ krebs.retiolum.extraConfig = ''
+ ListenAddress = ${external-ip} 53
+ ListenAddress = ${external-ip} 655
+ ListenAddress = ${external-ip} 21031
+ '';
# Chat
environment.systemPackages = with pkgs;[
@@ -53,10 +59,18 @@ in {
80 443
# tinc
655
+ # tinc-shack
+ 21032
+ # tinc-retiolum
+ 21031
];
allowedUDPPorts = [
# tinc
655 53
+ # tinc-retiolum
+ 21031
+ # tinc-shack
+ 21032
];
};
interfaces.et0.ip4 = [{
From 83208910bbedc70018c5a7f0e4b18baed418f9cf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 14:32:20 +0100
Subject: [PATCH 104/142] m 2 git: add vbob pubkey
---
krebs/Zpubkeys/makefu_vbob.ssh.pub | 1 +
makefu/2configs/git/cgit-retiolum.nix | 7 ++++++-
2 files changed, 7 insertions(+), 1 deletion(-)
create mode 100644 krebs/Zpubkeys/makefu_vbob.ssh.pub
diff --git a/krebs/Zpubkeys/makefu_vbob.ssh.pub b/krebs/Zpubkeys/makefu_vbob.ssh.pub
new file mode 100644
index 000000000..e5063aeb5
--- /dev/null
+++ b/krebs/Zpubkeys/makefu_vbob.ssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 304d39fcd..5143ca5aa 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -24,6 +24,7 @@ let
connector-repos = mapAttrs make-priv-repo {
connector = { };
+ minikrebs = { };
mattermost = {
desc = "Mattermost Docker files";
};
@@ -54,7 +55,7 @@ let
# TODO: get the list of all krebsministers
krebsminister = with config.krebs.users; [ lass tv uriel ];
- all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp ];
+ all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob ];
all-exco = with config.krebs.users; [ exco ];
priv-rules = repo: set-owners repo all-makefu;
@@ -85,6 +86,10 @@ in {
name = "makefu-omo" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
};
+ makefu-vbob = {
+ name = "makefu-vbob" ;
+ pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
+ };
makefu-tsp = {
name = "makefu-tsp" ;
pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
From c865a5593e240c0a602e1f70b314d139087c4e45 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 14:32:41 +0100
Subject: [PATCH 105/142] k Zhosts: add gum extra port
---
krebs/Zhosts/gum | 2 ++
1 file changed, 2 insertions(+)
diff --git a/krebs/Zhosts/gum b/krebs/Zhosts/gum
index d43bb0d08..7a1a305d6 100644
--- a/krebs/Zhosts/gum
+++ b/krebs/Zhosts/gum
@@ -1,5 +1,7 @@
Address= 195.154.108.70
Address= 195.154.108.70 53
+Address= 195.154.108.70 21031
+
Subnet = 10.243.0.211
Subnet = 42:f9f0:0000:0000:0000:0000:0000:70d2
From 83924b9b6c84d7238fd0abb173a2c1dcbfe11ece Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 14:33:06 +0100
Subject: [PATCH 106/142] m 1 vbob:init
---
krebs/3modules/makefu/default.nix | 25 ++++++++++++++++++
makefu/1systems/vbob.nix | 44 +++++++++++++++++++++++++++++++
2 files changed, 69 insertions(+)
create mode 100644 makefu/1systems/vbob.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 037abbdfd..82a5635d2 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -84,6 +84,31 @@ with lib;
};
};
};
+
+ vbob = {
+ cores = 2;
+ dc = "makefu"; #vm local
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.1.91"];
+ addrs6 = ["42:0b2c:d90e:e717:03dd:9ac1:0000:a400"];
+ aliases = [
+ "vbob.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+ 4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+ AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+ hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+ Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+ AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+ -----END RSA PUBLIC KEY-----
+
+ '';
+ };
+ };
+ };
flap = rec {
cores = 1;
dc = "cac"; #vps
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
new file mode 100644
index 000000000..4d8e8ced1
--- /dev/null
+++ b/makefu/1systems/vbob.nix
@@ -0,0 +1,44 @@
+#
+#
+#
+{ config, pkgs, ... }:
+
+{
+ krebs.build.host = config.krebs.hosts.vbob;
+ krebs.build.target = "root@10.10.10.220";
+ imports =
+ [ # Include the results of the hardware scan.
+ <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix>
+ ../2configs/main-laptop.nix #< base-gui
+
+ # environment
+ ../2configs/zsh-user.nix
+ ../2configs/virtualization.nix
+ ];
+ nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+ environment.systemPackages = with pkgs;[
+ get
+ ];
+
+ networking.firewall.allowedTCPPorts = [
+ 25
+ 80
+ ];
+
+ krebs.retiolum = {
+ enable = true;
+ extraConfig = "Proxy = http global.proxy.alcatel-lucent.com 8000";
+ hosts = ../../krebs/Zhosts;
+ connectTo = [
+ "gum"
+ ];
+
+ };
+ networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
+ fileSystems."/media/share" = {
+ fsType = "vboxsf";
+ device = "share";
+ options = "rw,uid=9001,gid=9001";
+ };
+
+}
From 9900811f941abf5e31f3c7b616e3fa27f88ffb35 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 14:36:36 +0100
Subject: [PATCH 107/142] m 2 git: use gum as primary git host
---
makefu/2configs/git/cgit-retiolum.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 5143ca5aa..68fd976d6 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -43,7 +43,7 @@ let
hooks = {
post-receive = pkgs.git-hooks.irc-announce {
nick = config.networking.hostName;
- verbose = config.krebs.build.host.name == "pnp";
+ verbose = config.krebs.build.host.name == "gum";
channel = "#retiolum";
# TODO remove the hardcoded hostname
server = "cd.retiolum";
From 6f150af8acf2195188518bf53d0330da7a4bb8f8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 14:47:52 +0100
Subject: [PATCH 108/142] k Zhosts vbob: init
---
krebs/Zhosts/vbob | 9 +++++++++
1 file changed, 9 insertions(+)
create mode 100644 krebs/Zhosts/vbob
diff --git a/krebs/Zhosts/vbob b/krebs/Zhosts/vbob
new file mode 100644
index 000000000..b233a46b0
--- /dev/null
+++ b/krebs/Zhosts/vbob
@@ -0,0 +1,9 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEA+0TIo0dS9LtSdrmH0ClPHLO7dHtV9Dj7gaBAsbyuwxAI5cQgYKwr
+4G6t7IcJW+Gu2bh+LKtPP91+zYXq4Qr1nAaKw4ajsify6kpxsCBzknmwi6ibIJMI
+AK114dr/XSk/Pc6hOSA8kqDP4c0MZXwitRBiNjrWbTrQh6GJ3CXhmpZ2lJkoAyNP
+hjdPerbTUrhQlNW8FanyQQzOgN5I7/PXsZShmb3iNKz1Ban5yWKFCVpn8fjWQs5o
+Un2AKowH4Y+/g8faGemL8uy/k5xrHSrn05L92TPDUpAXrcZXzo6ao1OBiwJJVl7s
+AVduOY18FU82GUw7edR0e/b2UC6hUONflwIDAQAB
+-----END RSA PUBLIC KEY-----
+Subnet = 10.243.1.91/32
From 781573b9dd393aa4d2d7e34a1fa8d831441b545b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 17:04:16 +0100
Subject: [PATCH 109/142] k Zpubkeys: makefu* -> 3modules
---
krebs/3modules/makefu/default.nix | 16 ++++++++++++++--
krebs/Zpubkeys/exco.ssh.pub | 1 -
krebs/Zpubkeys/makefu_arch.ssh.pub | 1 -
krebs/Zpubkeys/makefu_omo.ssh.pub | 1 -
krebs/Zpubkeys/makefu_tsp.ssh.pub | 1 -
5 files changed, 14 insertions(+), 6 deletions(-)
delete mode 100644 krebs/Zpubkeys/exco.ssh.pub
delete mode 100644 krebs/Zpubkeys/makefu_arch.ssh.pub
delete mode 100644 krebs/Zpubkeys/makefu_omo.ssh.pub
delete mode 100644 krebs/Zpubkeys/makefu_tsp.ssh.pub
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 037abbdfd..5a128a28f 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -277,10 +277,22 @@ with lib;
};
};
};
- users = addNames {
+ users = addNames rec {
makefu = {
mail = "makefu@pornocauster.retiolum";
- pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
+ };
+ makefu_omo = {
+ inherit (makefu) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
+ };
+ makefu_tsp = {
+ inherit (makefu) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
+ };
+ exco = {
+ mail = "dickbutt@excogitation.de";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
};
};
}
diff --git a/krebs/Zpubkeys/exco.ssh.pub b/krebs/Zpubkeys/exco.ssh.pub
deleted file mode 100644
index e2afcf3fb..000000000
--- a/krebs/Zpubkeys/exco.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com
diff --git a/krebs/Zpubkeys/makefu_arch.ssh.pub b/krebs/Zpubkeys/makefu_arch.ssh.pub
deleted file mode 100644
index 6092ec469..000000000
--- a/krebs/Zpubkeys/makefu_arch.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster
diff --git a/krebs/Zpubkeys/makefu_omo.ssh.pub b/krebs/Zpubkeys/makefu_omo.ssh.pub
deleted file mode 100644
index 5567040fb..000000000
--- a/krebs/Zpubkeys/makefu_omo.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch
diff --git a/krebs/Zpubkeys/makefu_tsp.ssh.pub b/krebs/Zpubkeys/makefu_tsp.ssh.pub
deleted file mode 100644
index 9a9c9b6f8..000000000
--- a/krebs/Zpubkeys/makefu_tsp.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp
From 9bc0c474ace8e1bcccb5301a1726ed75a6241bff Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 17:12:51 +0100
Subject: [PATCH 110/142] m 2 Reaktor: add full profile
---
krebs/3modules/makefu/default.nix | 8 ++++++--
krebs/Zpubkeys/makefu_vbob.ssh.pub | 1 -
makefu/2configs/Reaktor/full.nix | 18 ++++++++++++++++++
makefu/2configs/git/cgit-retiolum.nix | 20 --------------------
4 files changed, 24 insertions(+), 23 deletions(-)
delete mode 100644 krebs/Zpubkeys/makefu_vbob.ssh.pub
create mode 100644 makefu/2configs/Reaktor/full.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index d9cb83aaf..14cafd3ed 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -307,14 +307,18 @@ with lib;
mail = "makefu@pornocauster.retiolum";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster";
};
- makefu_omo = {
+ makefu-omo = {
inherit (makefu) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch";
};
- makefu_tsp = {
+ makefu-tsp = {
inherit (makefu) mail;
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp";
};
+ makefu-vbob = {
+ inherit (makefu) mail;
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob";
+ };
exco = {
mail = "dickbutt@excogitation.de";
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de";
diff --git a/krebs/Zpubkeys/makefu_vbob.ssh.pub b/krebs/Zpubkeys/makefu_vbob.ssh.pub
deleted file mode 100644
index e5063aeb5..000000000
--- a/krebs/Zpubkeys/makefu_vbob.ssh.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos
diff --git a/makefu/2configs/Reaktor/full.nix b/makefu/2configs/Reaktor/full.nix
new file mode 100644
index 000000000..50620890f
--- /dev/null
+++ b/makefu/2configs/Reaktor/full.nix
@@ -0,0 +1,18 @@
+_:
+{
+ # implementation of the complete Reaktor bot
+ imports = [
+ #./stockholmLentil.nix
+ ./simpleExtend.nix
+ ./random-emoji.nix
+ ./titlebot.nix
+ ./shack-correct.nix
+ ./sed-plugin.nix
+ ];
+ krebs.Reaktor.nickname = "Reaktor|bot";
+ krebs.Reaktor.enable = true;
+
+ krebs.Reaktor.extraEnviron = {
+ REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace";
+ };
+}
diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix
index 68fd976d6..35bb169cf 100644
--- a/makefu/2configs/git/cgit-retiolum.nix
+++ b/makefu/2configs/git/cgit-retiolum.nix
@@ -80,26 +80,6 @@ let
};
in {
- imports = [{
- krebs.users = {
- makefu-omo = {
- name = "makefu-omo" ;
- pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
- };
- makefu-vbob = {
- name = "makefu-vbob" ;
- pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub;
- };
- makefu-tsp = {
- name = "makefu-tsp" ;
- pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
- };
- exco = {
- name = "exco";
- pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub;
- };
- };
- }];
krebs.git = {
enable = true;
root-title = "public repositories";
From b3cb94ef818f4aa966d53fc0be927435156eab5a Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 14 Dec 2015 17:43:08 +0100
Subject: [PATCH 111/142] k 5 forticlientsslvpn: init
---
krebs/5pkgs/fortclientsslvpn/default.nix | 87 ++++++++++++++++++++++++
1 file changed, 87 insertions(+)
create mode 100644 krebs/5pkgs/fortclientsslvpn/default.nix
diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix
new file mode 100644
index 000000000..720d4004f
--- /dev/null
+++ b/krebs/5pkgs/fortclientsslvpn/default.nix
@@ -0,0 +1,87 @@
+{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
+ makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
+stdenv.mkDerivation rec {
+ name = "forticlientsslvpn";
+ # forticlient will be copied into /tmp before execution. this is necessary as
+ # the software demands $base to be writeable
+
+ src = fetchurl {
+ # archive.org mirror:
+ # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz
+ url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz;
+ sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr";
+ };
+ phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ];
+
+ buildInputs = [ makeWrapper ];
+
+ binPath = lib.makeSearchPath "bin" [
+ coreutils
+ gawk
+ ];
+
+
+ libPath = lib.makeLibraryPath [
+ stdenv.cc.cc
+ ];
+
+ guiLibPath = lib.makeLibraryPath [
+ gtk
+ glib
+ libSM
+ gdk_pixbuf
+ libX11
+ libXinerama
+ pango
+ ];
+
+ buildPhase = ''
+ # TODO: 32bit, use the 32bit folder
+ patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
+ --set-rpath "$libPath" \
+ 64bit/forticlientsslvpn_cli
+
+ patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
+ --set-rpath "$libPath:$guiLibPath" \
+ 64bit/forticlientsslvpn
+
+ patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
+ --set-rpath "$libPath" \
+ 64bit/helper/subproc
+
+ sed -i 's#\(export PATH=\).*#\1"${binPath}"#' 64bit/helper/waitppp.sh
+ '';
+
+ installPhase = ''
+ mkdir -p "$out/opt/fortinet"
+
+ cp -r 64bit/. "$out/opt/fortinet"
+ wrapProgram $out/opt/fortinet/forticlientsslvpn \
+ --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
+ --set NIX_REDIRECTS /usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/ppp=${ppp}/bin/ppp
+
+ mkdir -p "$out/bin/"
+
+ cat > $out/bin/forticlientsslvpn <<EOF
+ #!/bin/sh
+ # prepare suid bit in tmp
+ # TODO maybe tmp does not support suid
+ set -euf
+ tmpforti=\$(${coreutils}/bin/mktemp -d)
+ trap "rm -rf \$tmpforti;" INT TERM EXIT
+ cp -r $out/opt/fortinet/. \$tmpforti
+ chmod +s \$tmpforti/helper/subproc
+ cd \$tmpforti
+ "./forticlientsslvpn" "\$@"
+ EOF
+
+ chmod +x $out/bin/forticlientsslvpn
+ chmod -x $out/opt/fortinet/helper/showlicense
+ '';
+ meta = {
+ homepage = http://www.fortinet.com;
+ description = "Forticlient SSL-VPN client";
+ license = lib.licenses.nonfree;
+ maintainers = [ lib.maintainers.makefu ];
+ };
+}
From 0449569b3d966f9d81107034def5adf5e6bf3cad Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Mon, 14 Dec 2015 17:56:50 +0100
Subject: [PATCH 112/142] m 1 vbob: allow to deploy self
---
makefu/1systems/vbob.nix | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 4d8e8ced1..b121a730a 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -1,7 +1,7 @@
#
#
#
-{ config, pkgs, ... }:
+{ lib, config, pkgs, ... }:
{
krebs.build.host = config.krebs.hosts.vbob;
@@ -12,13 +12,21 @@
../2configs/main-laptop.nix #< base-gui
# environment
+
../2configs/zsh-user.nix
../2configs/virtualization.nix
];
+
+ # allow vbob to deploy self
+ users.extraUsers = {
+ root = {
+ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
+ };
+ };
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
environment.systemPackages = with pkgs;[
get
- ];
+ ];
networking.firewall.allowedTCPPorts = [
25
From 55ad05879b8ba97e369bfd72810028dd4622e356 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 14 Dec 2015 19:36:06 +0100
Subject: [PATCH 113/142] s 1 wolf: initial preparation of ci packaging
---
makefu/2configs/nginx/euer.test.nix | 26 ++++++++++++++++++++++++++
shared/1systems/wolf.nix | 3 ++-
shared/2configs/cac-ci.nix | 11 +++++++++++
3 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 makefu/2configs/nginx/euer.test.nix
create mode 100644 shared/2configs/cac-ci.nix
diff --git a/makefu/2configs/nginx/euer.test.nix b/makefu/2configs/nginx/euer.test.nix
new file mode 100644
index 000000000..ffdc0bc60
--- /dev/null
+++ b/makefu/2configs/nginx/euer.test.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ hostname = config.krebs.build.host.name;
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+ external-ip = head config.krebs.build.host.nets.internet.addrs4;
+ internal-ip = head config.krebs.build.host.nets.retiolum.addrs4;
+in {
+ krebs.nginx = {
+ enable = mkDefault true;
+ servers = {
+ euer-share = {
+ listen = [ ];
+ server-names = [ "share.euer.krebsco.de" ];
+ locations = singleton (nameValuePair "/" ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:8000/;
+ '');
+ };
+ };
+ };
+}
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index 8c5295bb3..a3e527a3b 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -11,6 +11,7 @@ in
../2configs/collectd-base.nix
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
+ ../2configs/cac-ci.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
@@ -24,7 +25,7 @@ in
}];
defaultGateway = "10.42.0.1";
- nameservers = [ "8.8.8.8" ];
+ nameservers = [ "10.42.0.100" "10.42.0.200" ];
};
#####################
diff --git a/shared/2configs/cac-ci.nix b/shared/2configs/cac-ci.nix
new file mode 100644
index 000000000..06cce2746
--- /dev/null
+++ b/shared/2configs/cac-ci.nix
@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+{
+ environment.systemPackages = with pkgs;[
+ get
+ cac
+ cacpanel
+ jq
+ ];
+}
From b5eafa4c03e9f7059e30ec137c5b0bbe6e47e3a7 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Tue, 15 Dec 2015 12:44:41 +0100
Subject: [PATCH 114/142] k 3 makefu: gum provides cgit.gum
---
krebs/3modules/makefu/default.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 14cafd3ed..3d1ac6cfb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -273,6 +273,7 @@ with lib;
mattermost.euer IN A ${head nets.internet.addrs4}
git.euer IN A ${head nets.internet.addrs4}
gum IN A ${head nets.internet.addrs4}
+ cgit.euer IN A ${head nets.internet.addrs4}
'';
};
nets = {
@@ -287,6 +288,7 @@ with lib;
addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"];
aliases = [
"gum.retiolum"
+ "cgit.gum.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
From d4792eb7231acf5bf66409adb4e777433998678b Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Tue, 15 Dec 2015 15:33:34 +0100
Subject: [PATCH 115/142] prepare zshrc, makes ~/.zshrc obsolete
---
makefu/2configs/zsh-user.nix | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 3089b706a..266ce256a 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -5,6 +5,36 @@ let
mainUser = config.krebs.build.user.name;
in
{
- programs.zsh.enable = true;
users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh";
+ programs.zsh= {
+ enable = true;
+ interactiveShellInit = ''
+ HISTSIZE=900001
+ HISTFILESIZE=$HISTSIZE
+ SAVEHIST=$HISTSIZE
+
+ setopt HIST_IGNORE_ALL_DUPS
+ setopt HIST_IGNORE_SPACE
+ setopt HIST_FIND_NO_DUPS
+ bindkey -e
+ # shift-tab
+ bindkey '^[[Z' reverse-menu-complete
+
+ autoload -U compinit && compinit
+ zstyle ':completion:*' menu select
+ '';
+
+ promptInit = ''
+ RPROMPT=""
+ autoload colors && colors
+ case $UID in
+ 0) PROMPT="%{$fg[red]%}%~%{$reset_color%} " ;;
+ 9001) PROMPT="%{$fg[green]%}%~%{$reset_color%} " ;;
+ *) PROMPT="%{$fg[yellow]%}%n %{$fg[green]%}%~%{$reset_color%} " ;;
+ esac
+ if test -n "$SSH_CLIENT"; then
+ PROMPT="%{$fg[magenta]%}%m $PROMPT"
+ fi
+ '';
+ };
}
From 3371d54618aa017be77e2494c1cf82331152f3b7 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Tue, 15 Dec 2015 18:43:40 +0100
Subject: [PATCH 116/142] m 3 buildbot: master init
---
makefu/3modules/buildbot/master.nix | 179 ++++++++++++++++++++++++++++
1 file changed, 179 insertions(+)
create mode 100644 makefu/3modules/buildbot/master.nix
diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix
new file mode 100644
index 000000000..310b8460d
--- /dev/null
+++ b/makefu/3modules/buildbot/master.nix
@@ -0,0 +1,179 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ buildbot = pkgs.buildbot;
+ buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
+ # -*- python -*-
+ from buildbot.plugins import *
+
+ c = BuildmasterConfig = {}
+
+ c['slaves'] = []
+ # TODO: template potential buildslaves
+ # TODO: set password?
+ for i in [ 'testslave' ]:
+ c['slaves'].append(buildslave.BuildSlave(i, "krebspass"))
+
+ c['protocols'] = {'pb': {'port': 9989}}
+
+ ####### Build Inputs
+ stockholm_repo = 'http://cgit.gum/stockholm'
+ c['change_source'] = []
+ c['change_source'].append(changes.GitPoller(
+ stockholm_repo,
+ workdir='stockholm-poller', branch='master',
+ project='stockholm',
+ pollinterval=300))
+
+ ####### Build Scheduler
+ # TODO: configure scheduler
+ important_files = util.ChangeFilter(
+ project_re="^((krebs|share)/.*|Makefile|default.nix)",
+ branch='master')
+ c['schedulers'] = []
+ c['schedulers'].append(schedulers.SingleBranchScheduler(
+ name="all-important-files",
+ change_filter=important_files,
+ # 3 minutes stable tree
+ treeStableTimer=3*60,
+ builderNames=["runtests"]))
+ c['schedulers'].append(schedulers.ForceScheduler(
+ name="force",
+ builderNames=["runtests"]))
+ ###### The actual build
+ factory = util.BuildFactory()
+ factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental'))
+
+ deps = [ "gnumake", "jq" ]
+ factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps ))
+ factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"},
+ command=["make", "get=krebs.deploy",
+ "system=test-centos7"]))
+
+ # TODO: different Builders?
+ c['builders'] = []
+ c['builders'].append(
+ util.BuilderConfig(name="runtests",
+ # TODO: only some slaves being used in builder?
+ slavenames=c['slaves'],
+ factory=factory))
+
+ ####### Status of Builds
+ c['status'] = []
+
+ from buildbot.status import html
+ from buildbot.status.web import authz, auth
+ # TODO: configure if http is wanted
+ authz_cfg=authz.Authz(
+ # TODO: configure user/pw
+ auth=auth.BasicAuth([("krebs","bob")]),
+ gracefulShutdown = False,
+ forceBuild = 'auth',
+ forceAllBuilds = 'auth',
+ pingBuilder = False,
+ stopBuild = False,
+ stopAllBuilds = False,
+ cancelPendingBuild = False,
+ )
+ # TODO: configure nginx
+ c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg))
+
+ from buildbot.status import words
+ # TODO: configure IRC Bot
+ irc = words.IRC("irc.freenode.net", "krebsbuild",
+ channels=["krebs"],
+ notify_events={
+ 'sucess': 1,
+ 'failure': 1,
+ 'exception': 1,
+ 'successToFailure': 1,
+ 'failureToSuccess': 1,
+ },allowForce=True)
+ c['status'].append(irc)
+
+ ####### PROJECT IDENTITY
+ c['title'] = "Stockholm"
+ c['titleURL'] = "http://krebsco.de"
+
+ c['buildbotURL'] = "http://buildbot.krebsco.de/"
+
+ ####### DB URL
+ c['db'] = {
+ 'db_url' : "sqlite:///state.sqlite",
+ }
+ ${cfg.extraConfig}
+ '';
+
+ cfg = config.makefu.buildbot.master;
+
+ api = {
+ enable = mkEnableOption "Buildbot Master";
+
+ workDir = mkOption {
+ default = "/var/lib/buildbot/master";
+ type = types.str;
+ description = ''
+ Path to build bot master directory.
+ Will be created on startup.
+ '';
+ };
+
+ extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ description = ''
+ extra config appended to the generated master.cfg
+ '';
+ };
+ };
+
+ imp = {
+
+ users.extraUsers.buildbotMaster = {
+ uid = 672626386; #genid buildbotMaster
+ description = "Buildbot Master";
+ home = cfg.workDir;
+ createHome = false;
+ };
+
+ users.extraGroups.buildbotMaster = {
+ gid = 672626386;
+ };
+
+ systemd.services.buildbotMaster = {
+ description = "Buildbot Master";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ PermissionsStartOnly = true;
+ # TODO: maybe also prepare buildbot.tac?
+ ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
+ #!/bin/sh
+ set -efux
+ workdir=${lib.shell.escape cfg.workDir}
+ if [ ! -e $workdir ];then
+ mkdir -p $workdir
+ ${buildbot}/bin/buildbot create-master -r -l 10 -f $workdir
+ chown buildbotMaster:buildbotMaster $workdir
+ fi
+ # always override the master.cfg
+ cp ${toString buildbot-master-config} "$workdir/master.cfg"
+ # sanity
+ ${buildbot}/bin/buildbot checkconfig $workdir
+ # upgrade
+ ${buildbot}/bin/buildbot upgrade-master $workdir
+ '';
+ ExecStart = "${buildbot}/bin/buildbot ${lib.shell.escape cfg.workDir}";
+ PrivateTmp = "true";
+ User = "buildbotMaster";
+ Restart = "always";
+ RestartSec = "10";
+ };
+ };
+ };
+in
+{
+ options.makefu.buildbot.master = api;
+ config = mkIf cfg.enable imp;
+}
From cf5a1ba6bcf657396bc6b8c2fbc32143d27849d0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 15 Dec 2015 21:18:29 +0100
Subject: [PATCH 117/142] m 1 pornocauster: use latest buildbot for stable
build
---
makefu/1systems/pornocauster.nix | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 977289470..6f176b7fa 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -36,11 +36,17 @@
# ../2configs/mediawiki.nix
#../2configs/wordpress.nix
];
- nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
+ nixpkgs.config.packageOverrides = pkgs: {
+ tinc = pkgs.tinc_pre;
+ buildbot = let
+ pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+ in pkgs1509.buildbot;
+ };
+ makefu.buildbot.master.enable = true;
+
#krebs.Reaktor.enable = true;
#krebs.Reaktor.nickname = "makefu|r";
-
- krebs.build.host = config.krebs.hosts.pornocauster;
+ # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ];
environment.systemPackages = with pkgs;[
get
@@ -58,4 +64,5 @@
25
];
+ krebs.build.host = config.krebs.hosts.pornocauster;
}
From a907f926c120f10945c47cdaba7405fe08cfd9ee Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 15 Dec 2015 22:25:46 +0100
Subject: [PATCH 118/142] m 3 buildbot: first working commit for buildbot
master
---
makefu/3modules/buildbot/master.nix | 37 ++++++++++++++++++-----------
1 file changed, 23 insertions(+), 14 deletions(-)
diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix
index 310b8460d..d8e917a21 100644
--- a/makefu/3modules/buildbot/master.nix
+++ b/makefu/3modules/buildbot/master.nix
@@ -12,7 +12,8 @@ let
c['slaves'] = []
# TODO: template potential buildslaves
# TODO: set password?
- for i in [ 'testslave' ]:
+ slavenames= [ 'testslave' ]
+ for i in slavenames:
c['slaves'].append(buildslave.BuildSlave(i, "krebspass"))
c['protocols'] = {'pb': {'port': 9989}}
@@ -56,7 +57,7 @@ let
c['builders'].append(
util.BuilderConfig(name="runtests",
# TODO: only some slaves being used in builder?
- slavenames=c['slaves'],
+ slavenames=slavenames,
factory=factory))
####### Status of Builds
@@ -84,7 +85,7 @@ let
irc = words.IRC("irc.freenode.net", "krebsbuild",
channels=["krebs"],
notify_events={
- 'sucess': 1,
+ 'success': 1,
'failure': 1,
'exception': 1,
'successToFailure': 1,
@@ -145,26 +146,34 @@ let
description = "Buildbot Master";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
- serviceConfig = {
+ serviceConfig = let
+ workdir="${lib.shell.escape cfg.workDir}";
+ in {
+ pidfile="${workdir}/twistd.pid";
PermissionsStartOnly = true;
+ Type = "forking";
+ PIDFile = "${workdir}/twistd.pid";
# TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
#!/bin/sh
set -efux
- workdir=${lib.shell.escape cfg.workDir}
- if [ ! -e $workdir ];then
- mkdir -p $workdir
- ${buildbot}/bin/buildbot create-master -r -l 10 -f $workdir
- chown buildbotMaster:buildbotMaster $workdir
+ if [ ! -e ${workdir} ];then
+ mkdir -p ${workdir}
+ ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir}
fi
# always override the master.cfg
- cp ${toString buildbot-master-config} "$workdir/master.cfg"
+ cp ${buildbot-master-config} ${workdir}/master.cfg
# sanity
- ${buildbot}/bin/buildbot checkconfig $workdir
- # upgrade
- ${buildbot}/bin/buildbot upgrade-master $workdir
+ ${buildbot}/bin/buildbot checkconfig ${workdir}
+
+ # TODO: maybe upgrade?
+ # ${buildbot}/bin/buildbot upgrade-master ${workdir}
+
+ chown buildbotMaster:buildbotMaster -R ${workdir}
'';
- ExecStart = "${buildbot}/bin/buildbot ${lib.shell.escape cfg.workDir}";
+ ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
+ ExecStop = "${buildbot}/bin/buildbot stop ${workdir}";
+ ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}";
PrivateTmp = "true";
User = "buildbotMaster";
Restart = "always";
From c95085d875ac72152dcfbaceb35364203f97db7d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 10:42:20 +0100
Subject: [PATCH 119/142] m 3 buildbot: add to imports
---
makefu/3modules/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index a8a1f69d0..4b2b36e64 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -2,6 +2,7 @@ _:
{
imports = [
+ ./buildbot/master.nix
];
}
From 09f4611f38ecaf471a54c09fc3fa9350ffe3f0b9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 10:42:40 +0100
Subject: [PATCH 120/142] m 2 default: add aliases, pythonstartup env
---
makefu/2configs/default.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index 519635281..c0d7685e3 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -104,6 +104,8 @@ with lib;
HISTSIZE=900001
HISTFILESIZE=$HISTSIZE
+ PYTHONSTARTUP="~/.pythonrc";
+
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
@@ -123,6 +125,9 @@ with lib;
environment.shellAliases = {
lsl = "ls -lAtr";
+ psg = "ps -ef | grep";
+ nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
+ grep = "grep --color=auto";
};
nixpkgs.config.packageOverrides = pkgs: {
From c20d38e11ecf38dda8931769a04cdcdf96f88c3f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 11:40:18 +0100
Subject: [PATCH 121/142] m 2 base-gui: write xdefaults, obsoletes ~/.Xdefaults
---
makefu/2configs/base-gui.nix | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix
index 16a5386ca..1d6750284 100644
--- a/makefu/2configs/base-gui.nix
+++ b/makefu/2configs/base-gui.nix
@@ -73,4 +73,33 @@ in
enable = true;
# systemWide = true;
};
+ services.xserver.displayManager.sessionCommands = let
+ xdefaultsfile = pkgs.writeText "Xdefaults" ''
+ cat |derp <<EOF
+ XTerm*background: black
+ XTerm*foreground: white
+ XTerm*FaceName : Terminus:pixelsize=14
+
+ URxvt*termName: rxvt
+ URxvt.scrollBar : False
+ URxvt*scrollBar_right: false
+ URxvt*borderLess: false
+ URxvt.foreground: white
+ URxvt.background: black
+ URxvt.urgentOnBell: true
+ URxvt.visualBell: false
+ URxvt.font : xft:Terminus
+
+ ! blue
+ URxvt*color4: #268bd2
+
+
+ URxvt.perl-ext: default,url-select
+ URxvt.keysym.M-u: perl:url-select:select_next
+ #URxvt.url-select.launcher: firefox -new-tab
+ URxvt.url-select.launcher: chromium
+ URxvt.url-select.underline: true
+ URxvt.searchable-scrollback: CM-s
+ '';
+ in "cat ${xdefaultsfile} | xrdb -merge";
}
From cf033f051a14e90e7526fee0d63eef86ba3c75fc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 11:40:48 +0100
Subject: [PATCH 122/142] m 2 zsh-user: load gpg-agent, obsoletes oh-my-zsh ssh
plugin
---
makefu/2configs/zsh-user.nix | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix
index 266ce256a..1b1762418 100644
--- a/makefu/2configs/zsh-user.nix
+++ b/makefu/2configs/zsh-user.nix
@@ -22,6 +22,16 @@ in
autoload -U compinit && compinit
zstyle ':completion:*' menu select
+
+ # load gpg-agent
+ envfile="$HOME/.gnupg/gpg-agent.env"
+ if [ -e "$envfile" ] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
+ eval "$(cat "$envfile")"
+ else
+ eval "$(${pkgs.gnupg}/bin/gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")"
+ fi
+ export GPG_AGENT_INFO
+ export SSH_AUTH_SOCK
'';
promptInit = ''
From 27746f9a3dffe6adde137d300e498249843174d9 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 11:43:56 +0100
Subject: [PATCH 123/142] m 2 wwan: add alias for umts when wwan is loaded
---
makefu/2configs/wwan.nix | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix
index dd1c63090..29a610ac6 100644
--- a/makefu/2configs/wwan.nix
+++ b/makefu/2configs/wwan.nix
@@ -9,6 +9,10 @@ in {
wvdial
];
+ environment.shellAliases = {
+ umts = "sudo wvdial netzclub";
+ };
+
# configure for NETZCLUB
environment.wvdial.dialerDefaults = ''
Phone = *99***1#
From 5af1d1c7b14c08ba1c0198cc9771c452218670b0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 11:54:58 +0100
Subject: [PATCH 124/142] m 2 Reaktor: sed-plugin fix name
---
makefu/2configs/Reaktor/sed-plugin.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/2configs/Reaktor/sed-plugin.nix b/makefu/2configs/Reaktor/sed-plugin.nix
index 1ec977116..a451e0d3e 100644
--- a/makefu/2configs/Reaktor/sed-plugin.nix
+++ b/makefu/2configs/Reaktor/sed-plugin.nix
@@ -7,7 +7,7 @@ in {
#TODO: this will eat up the last regex, fix Reaktor
krebs.Reaktor.extraConfig = ''
public_commands.append({
- 'capname' : "shack-correct",
+ 'capname' : "sed-plugin",
# only support s///gi
'pattern' : '^(?P<args>.*)$$',
'argv' : ["${pkgs.python3}/bin/python3","${script}"],
From 104381af7cf34602064e57b0f2cfae18f2ecc063 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 11:59:01 +0100
Subject: [PATCH 125/142] k 5 snapraid: init
---
krebs/5pkgs/snapraid/default.nix | 33 ++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
create mode 100644 krebs/5pkgs/snapraid/default.nix
diff --git a/krebs/5pkgs/snapraid/default.nix b/krebs/5pkgs/snapraid/default.nix
new file mode 100644
index 000000000..41db0f284
--- /dev/null
+++ b/krebs/5pkgs/snapraid/default.nix
@@ -0,0 +1,33 @@
+{stdenv, fetchurl}:
+let
+ s = # Generated upstream information
+ rec {
+ baseName="jq";
+ version="1.5";
+ name="${baseName}-${version}";
+ url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz;
+ sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4";
+ };
+ buildInputs = [
+ ];
+in
+stdenv.mkDerivation {
+ inherit (s) name version;
+ inherit buildInputs;
+ src = fetchurl {
+ inherit (s) url sha256;
+ };
+
+ # jq is linked to libjq:
+ configureFlags = [
+ "LDFLAGS=-Wl,-rpath,\\\${libdir}"
+ ];
+ meta = {
+ inherit (s) version;
+ description = ''A lightweight and flexible command-line JSON processor'';
+ license = stdenv.lib.licenses.mit ;
+ maintainers = [stdenv.lib.maintainers.raskin];
+ platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
+ };
+}
+
From edf646ee9211920a7eb85c13e567ecc748d014f4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 11:59:26 +0100
Subject: [PATCH 126/142] s 2 graphite: init config
---
shared/2configs/graphite.nix | 37 ++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
create mode 100644 shared/2configs/graphite.nix
diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix
new file mode 100644
index 000000000..707ec6e9a
--- /dev/null
+++ b/shared/2configs/graphite.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+
+# TODO: krebs.graphite.minimal.enable
+# TODO: configure firewall
+with lib;
+{
+ imports = [ ];
+
+ services.graphite = {
+ web = {
+ enable = true;
+ host = "0.0.0.0";
+ };
+ carbon = {
+ enableCache = true;
+ # save disk usage by restricting to 1 bulk update per second
+ config = ''
+ [cache]
+ MAX_CACHE_SIZE = inf
+ MAX_UPDATES_PER_SECOND = 1
+ MAX_CREATES_PER_MINUTE = 50
+ '';
+ storageSchemas = ''
+ [carbon]
+ pattern = ^carbon\.
+ retentions = 60:90d
+
+ [default]
+ pattern = .*
+ retentions = 60s:30d,300s:1y
+ '';
+ };
+ };
+}
From f7da5211f3fe930f9a01317cf7fa9d52915c06e8 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2015 12:06:44 +0100
Subject: [PATCH 127/142] m 1 omo: init
---
krebs/3modules/makefu/default.nix | 25 +++++++++++++++++++++
makefu/1systems/omo.nix | 37 +++++++++++++++++++++++++++++++
2 files changed, 62 insertions(+)
create mode 100644 makefu/1systems/omo.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 3d1ac6cfb..1970a0777 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -263,6 +263,31 @@ with lib;
};
};
};
+
+ omo = rec {
+ cores = 2;
+ dc = "makefu"; #AMD E350
+
+ nets = {
+ retiolum = {
+ addrs4 = ["10.243.0.89"];
+ addrs6 = ["42:f9f0::10"];
+ aliases = [
+ "omo.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM
+ ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn
+ sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm
+ s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6
+ GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6
+ 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
gum = rec {
cores = 1;
dc = "online.net"; #root-server
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
new file mode 100644
index 000000000..6ae79398a
--- /dev/null
+++ b/makefu/1systems/omo.nix
@@ -0,0 +1,37 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [ # Include the results of the hardware scan.
+ ../2configs/fs/single-partition-ext4.nix
+ ../2configs/tinc-basic-retiolum.nix
+ ../2configs/exim-retiolum.nix
+ ];
+ krebs.build.host = config.krebs.hosts.omo;
+
+ # AMD E350
+ boot = {
+ loader.grub.device = "/dev/sda";
+
+ initrd.availableKernelModules = [
+ "usb_storage"
+ "ahci"
+ "xhci_hcd"
+ "ata_piix"
+ "uhci_hcd"
+ "ehci_pci"
+ ];
+
+ kernelModules = [ ];
+ extraModulePackages = [ ];
+ };
+
+ hardware.enableAllFirmware = true;
+ hardware.cpu.amd.updateMicrocode = true;
+
+ networking.firewall.allowPing = true;
+}
From 3d26e0b58f4c692f2f412ecc838f0b766b97947e Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 12:23:55 +0100
Subject: [PATCH 128/142] m 1 vbob: use custom nixpkgs, /nix mount
---
makefu/1systems/vbob.nix | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index b121a730a..6bcdb3ecd 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -13,10 +13,17 @@
# environment
- ../2configs/zsh-user.nix
- ../2configs/virtualization.nix
];
-
+ krebs.build.source.git.nixpkgs = {
+ #url = https://github.com/nixos/nixpkgs;
+ # HTTP Everywhere
+ rev = "a3974e";
+ };
+ fileSystems."/nix" = {
+ device ="/dev/disk/by-label/nixstore";
+ fsType = "ext4";
+ };
+ #makefu.buildbot.master.enable = true;
# allow vbob to deploy self
users.extraUsers = {
root = {
@@ -40,8 +47,8 @@
connectTo = [
"gum"
];
-
};
+
networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000";
fileSystems."/media/share" = {
fsType = "vboxsf";
@@ -50,3 +57,4 @@
};
}
+
From a4abf300d8adea5a454f8664f2de6dd8e9095216 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 12:29:24 +0100
Subject: [PATCH 129/142] m 2 main-laptop: use zsh for main-laptop
---
makefu/1systems/pornocauster.nix | 4 +---
makefu/2configs/main-laptop.nix | 1 +
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix
index 6f176b7fa..28b77d330 100644
--- a/makefu/1systems/pornocauster.nix
+++ b/makefu/1systems/pornocauster.nix
@@ -6,14 +6,12 @@
{
imports =
[ # Include the results of the hardware scan.
- ../2configs/main-laptop.nix #< base-gui
+ ../2configs/main-laptop.nix #< base-gui + zsh
# Krebs
../2configs/tinc-basic-retiolum.nix
#../2configs/disable_v6.nix
- # environment
- ../2configs/zsh-user.nix
# applications
diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix
index 00a3e73ca..b725f661d 100644
--- a/makefu/2configs/main-laptop.nix
+++ b/makefu/2configs/main-laptop.nix
@@ -9,6 +9,7 @@ with lib;
imports = [
./base-gui.nix
./fetchWallpaper.nix
+ ./zsh-user.nix
];
environment.systemPackages = with pkgs;[
vlc
From 20a52c8dee414e89dba49f4a4a12e20d6555c55e Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 14:29:46 +0100
Subject: [PATCH 130/142] m 3 buildbot/master: make irc configurable
---
makefu/3modules/buildbot/master.nix | 66 +++++++++++++++++++++++------
1 file changed, 52 insertions(+), 14 deletions(-)
diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix
index d8e917a21..5d340f899 100644
--- a/makefu/3modules/buildbot/master.nix
+++ b/makefu/3modules/buildbot/master.nix
@@ -81,17 +81,19 @@ let
c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg))
from buildbot.status import words
- # TODO: configure IRC Bot
- irc = words.IRC("irc.freenode.net", "krebsbuild",
- channels=["krebs"],
- notify_events={
- 'success': 1,
- 'failure': 1,
- 'exception': 1,
- 'successToFailure': 1,
- 'failureToSuccess': 1,
- },allowForce=True)
- c['status'].append(irc)
+ ${optionalString (cfg.irc.enable) ''
+ irc = words.IRC("${cfg.irc.server}", "krebsbuild",
+ # TODO: multiple channels
+ channels=["${cfg.irc.channel}"],
+ notify_events={
+ 'success': 1,
+ 'failure': 1,
+ 'exception': 1,
+ 'successToFailure': 1,
+ 'failureToSuccess': 1,
+ }${optionalString cfg.irc.allowForce ",allowForce=True"})
+ c['status'].append(irc)
+ ''}
####### PROJECT IDENTITY
c['title'] = "Stockholm"
@@ -119,7 +121,42 @@ let
Will be created on startup.
'';
};
-
+ irc = mkOption {
+ default = {};
+ type = types.submodule ({ config, ... }: {
+ options = {
+ enable = mkEnableOption "Buildbot Master IRC Status";
+ channel = mkOption {
+ default = "nix-buildbot-meetup";
+ type = types.str;
+ description = ''
+ irc channel the bot should connect to
+ '';
+ };
+ allowForce = mkOption {
+ default = false;
+ type = types.bool;
+ description = ''
+ Determines if builds can be forced via IRC
+ '';
+ };
+ nick = mkOption {
+ default = "nix-buildbot";
+ type = types.str;
+ description = ''
+ nickname for IRC
+ '';
+ };
+ server = mkOption {
+ default = "irc.freenode.net";
+ type = types.str;
+ description = ''
+ Buildbot Status IRC Server to connect to
+ '';
+ };
+ };
+ });
+ };
extraConfig = mkOption {
default = "";
type = types.lines;
@@ -149,7 +186,6 @@ let
serviceConfig = let
workdir="${lib.shell.escape cfg.workDir}";
in {
- pidfile="${workdir}/twistd.pid";
PermissionsStartOnly = true;
Type = "forking";
PIDFile = "${workdir}/twistd.pid";
@@ -166,9 +202,11 @@ let
# sanity
${buildbot}/bin/buildbot checkconfig ${workdir}
- # TODO: maybe upgrade?
+ # TODO: maybe upgrade? not sure about this
+ # normally we should write buildbot.tac by our own
# ${buildbot}/bin/buildbot upgrade-master ${workdir}
+ chmod 700 -R ${workdir}
chown buildbotMaster:buildbotMaster -R ${workdir}
'';
ExecStart = "${buildbot}/bin/buildbot start ${workdir}";
From 2156aa4d37071408b8e5385a4f639ed029f70620 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 14:30:01 +0100
Subject: [PATCH 131/142] m 3 buildbot/slave: init
---
makefu/3modules/buildbot/slave.nix | 159 +++++++++++++++++++++++++++++
1 file changed, 159 insertions(+)
create mode 100644 makefu/3modules/buildbot/slave.nix
diff --git a/makefu/3modules/buildbot/slave.nix b/makefu/3modules/buildbot/slave.nix
new file mode 100644
index 000000000..188a9283c
--- /dev/null
+++ b/makefu/3modules/buildbot/slave.nix
@@ -0,0 +1,159 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" ''
+ import os
+
+ from buildslave.bot import BuildSlave
+ from twisted.application import service
+
+ basedir = '${cfg.workDir}'
+ rotateLength = 10000000
+ maxRotatedFiles = 10
+
+ application = service.Application('buildslave')
+
+ from twisted.python.logfile import LogFile
+ from twisted.python.log import ILogObserver, FileLogObserver
+ logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength,
+ maxRotatedFiles=maxRotatedFiles)
+ application.setComponent(ILogObserver, FileLogObserver(logfile).emit)
+
+ buildmaster_host = '${cfg.masterhost}'
+ # TODO: masterport?
+ port = 9989
+ slavename = '${cfg.username}'
+ passwd = '${cfg.password}'
+ keepalive = 600
+ usepty = 0
+ umask = None
+ maxdelay = 300
+ allow_shutdown = None
+
+ ${cfg.extraConfig}
+
+ s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir,
+ keepalive, usepty, umask=umask, maxdelay=maxdelay,
+ allow_shutdown=allow_shutdown)
+ s.setServiceParent(application)
+ '';
+
+ cfg = config.makefu.buildbot.slave;
+
+ api = {
+ enable = mkEnableOption "Buildbot Slave";
+
+ workDir = mkOption {
+ default = "/var/lib/buildbot/slave";
+ type = types.str;
+ description = ''
+ Path to build bot slave directory.
+ Will be created on startup.
+ '';
+ };
+
+ masterhost = mkOption {
+ default = "localhost";
+ type = types.str;
+ description = ''
+ Hostname/IP of the buildbot master
+ '';
+ };
+
+ username = mkOption {
+ type = types.str;
+ description = ''
+ slavename used to authenticate with master
+ '';
+ };
+
+ password = mkOption {
+ type = types.str;
+ description = ''
+ slave password used to authenticate with master
+ '';
+ };
+
+ contact = mkOption {
+ default = "nix slave <buildslave@${config.networking.hostName}>";
+ type = types.str;
+ description = ''
+ contact to be announced by buildslave
+ '';
+ };
+
+ description = mkOption {
+ default = "Nix Generated BuildSlave";
+ type = types.str;
+ description = ''
+ description for hostto be announced by buildslave
+ '';
+ };
+
+ extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ example = ''
+ port = 443
+ keepalive = 600
+ '';
+ description = ''
+ extra config evaluated before calling BuildSlave init in .tac file
+ '';
+ };
+ };
+
+ imp = {
+
+ users.extraUsers.buildbotSlave = {
+ uid = 1408105834; #genid buildbotMaster
+ description = "Buildbot Slave";
+ home = cfg.workDir;
+ createHome = false;
+ };
+
+ users.extraGroups.buildbotSlave = {
+ gid = 1408105834;
+ };
+
+ systemd.services."buildbotSlave-${cfg.username}-${cfg.masterhost}" = {
+ description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = let
+ workdir = "${lib.shell.escape cfg.workDir}";
+ contact = "${lib.shell.escape cfg.contact}";
+ description = "${lib.shell.escape cfg.description}";
+ buildbot = pkgs.buildbot-slave;
+ # TODO:make this
+ in {
+ PermissionsStartOnly = true;
+ Type = "forking";
+ PIDFile = "${workdir}/twistd.pid";
+ # TODO: maybe also prepare buildbot.tac?
+ ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
+ #!/bin/sh
+ set -efux
+ mkdir -p ${workdir}/info
+ cp ${buildbot-slave-init} ${workdir}/buildbot.tac
+ echo ${contact} > ${workdir}/info/admin
+ echo ${description} > ${workdir}/info/host
+
+ chown buildbotSlave:buildbotSlave -R ${workdir}
+ chmod 700 -R ${workdir}
+ '';
+ ExecStart = "${buildbot}/bin/buildslave start ${workdir}";
+ ExecStop = "${buildbot}/bin/buildslave stop ${workdir}";
+ PrivateTmp = "true";
+ User = "buildbotSlave";
+ Restart = "always";
+ RestartSec = "10";
+ };
+ };
+ };
+in
+{
+ options.makefu.buildbot.slave = api;
+ config = mkIf cfg.enable imp;
+}
From 8f18b00ab141df92b7df4725a18bb3283b184d76 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 14:30:21 +0100
Subject: [PATCH 132/142] m 1 vbob: configure buildbot master and slave
---
makefu/1systems/vbob.nix | 31 ++++++++++++++++++++++++++++---
1 file changed, 28 insertions(+), 3 deletions(-)
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 6bcdb3ecd..5b03d40a8 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -2,8 +2,9 @@
#
#
{ lib, config, pkgs, ... }:
-
-{
+let
+ pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {};
+in {
krebs.build.host = config.krebs.hosts.vbob;
krebs.build.target = "root@10.10.10.220";
imports =
@@ -14,6 +15,28 @@
# environment
];
+ nixpkgs.config.packageOverrides = pkgs: {
+ tinc = pkgs.tinc_pre;
+ buildbot = pkgs-unst.buildbot;
+ buildbot-slave = pkgs-unst.buildbot-slave;
+ };
+
+ makefu.buildbot.master = {
+ enable = true;
+ irc = {
+ enable = true;
+ server = "cd.retiolum";
+ channel = "retiolum";
+ allowForce = true;
+ };
+ };
+ makefu.buildbot.slave = {
+ enable = true;
+ masterhost = "localhost";
+ username = "testslave";
+ password = "krebspass";
+ };
+
krebs.build.source.git.nixpkgs = {
#url = https://github.com/nixos/nixpkgs;
# HTTP Everywhere
@@ -30,9 +53,11 @@
openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ];
};
};
- nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
environment.systemPackages = with pkgs;[
+ buildbot
+ buildbot-slave
get
+ genid
];
networking.firewall.allowedTCPPorts = [
From c2fd296ad671a73e85f830c84d860e988587d9ac Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 17:01:22 +0100
Subject: [PATCH 133/142] s 1 wolf: provide graphite
---
shared/1systems/wolf.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix
index a3e527a3b..2c51ac8fe 100644
--- a/shared/1systems/wolf.nix
+++ b/shared/1systems/wolf.nix
@@ -12,6 +12,7 @@ in
../2configs/shack-nix-cacher.nix
../2configs/shack-drivedroid.nix
../2configs/cac-ci.nix
+ ../2configs/graphite.nix
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
From bdc9f6f18813e5840c6a20a0f507d72da49cd759 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 17:10:44 +0100
Subject: [PATCH 134/142] m 3 buildbot.slave: add extra packages and environ to
configuration
---
makefu/3modules/buildbot/slave.nix | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/makefu/3modules/buildbot/slave.nix b/makefu/3modules/buildbot/slave.nix
index 188a9283c..69d0361bf 100644
--- a/makefu/3modules/buildbot/slave.nix
+++ b/makefu/3modules/buildbot/slave.nix
@@ -38,7 +38,7 @@ let
allow_shutdown=allow_shutdown)
s.setServiceParent(application)
'';
-
+ default-packages = [ pkgs.git pkgs.bash ];
cfg = config.makefu.buildbot.slave;
api = {
@@ -91,6 +91,26 @@ let
'';
};
+ packages = mkOption {
+ default = [ pkgs.git ];
+ type = with types; listOf package;
+ description = ''
+ packages which should be in path for buildslave
+ '';
+ };
+
+ extraEnviron = mkOption {
+ default = {};
+ example = {
+ NIX_PATH = "nixpkgs=/path/to/my/nixpkgs";
+ };
+ type = types.attrsOf types.str;
+ description = ''
+ extra environment variables to be provided to the buildslave service
+ if you need nixpkgs, e.g. for running nix-shell you can set NIX_PATH here.
+ '';
+ };
+
extraConfig = mkOption {
default = "";
type = types.lines;
@@ -121,6 +141,12 @@ let
description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
+ path = default-packages ++ cfg.packages;
+
+ environment = {
+ NIX_REMOTE="daemon";
+ } // cfg.extraEnviron;
+
serviceConfig = let
workdir = "${lib.shell.escape cfg.workDir}";
contact = "${lib.shell.escape cfg.contact}";
From 87694e24df0ebbaaa08d4f632fea72f48bc430f5 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 17:11:42 +0100
Subject: [PATCH 135/142] m 3 buildbot.master: add deps, refactor
---
makefu/3modules/buildbot/master.nix | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix
index 5d340f899..0073e5aed 100644
--- a/makefu/3modules/buildbot/master.nix
+++ b/makefu/3modules/buildbot/master.nix
@@ -43,14 +43,26 @@ let
name="force",
builderNames=["runtests"]))
###### The actual build
- factory = util.BuildFactory()
- factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental'))
+ f = util.BuildFactory()
+ f.addStep(steps.Git(repourl=stockholm_repo, mode='incremental'))
+ # the dependencies which are used by the test script
deps = [ "gnumake", "jq" ]
- factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps ))
- factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"},
- command=["make", "get=krebs.deploy",
- "system=test-centos7"]))
+ nixshell = ["nix-shell", "-p" ] + deps + [ "--run" ]
+ def addShell(**kwargs):
+ f.addStep(steps.ShellCommand(**kwargs))
+
+ # TODO: combined strings somewhat defeat the reason why an array was used in first place
+ addShell(name=env={"LOGNAME": "shared",
+ "get" : "krebs.deploy",
+ "filter" : "json"
+ },
+ command=nixshell + ["make -s eval system=test-centos7"])
+ addShell(env={"LOGNAME": "shared",
+ "get" : "krebs.deploy",
+ "filter" : "json"
+ },
+ command=nixshell + ["make -s eval system=wolf"])
# TODO: different Builders?
c['builders'] = []
@@ -58,7 +70,7 @@ let
util.BuilderConfig(name="runtests",
# TODO: only some slaves being used in builder?
slavenames=slavenames,
- factory=factory))
+ factory=f))
####### Status of Builds
c['status'] = []
@@ -183,8 +195,10 @@ let
description = "Buildbot Master";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
+ path = [ pkgs.git ];
serviceConfig = let
workdir="${lib.shell.escape cfg.workDir}";
+ # TODO: check if git is the only dep
in {
PermissionsStartOnly = true;
Type = "forking";
From ad625d6d6830c7d7f7a61cc5ee1e2ad398ab70a6 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 17:48:49 +0100
Subject: [PATCH 136/142] m 3 buildbot.master: add fast and full tests
---
makefu/3modules/buildbot/master.nix | 67 +++++++++++++++++++----------
1 file changed, 45 insertions(+), 22 deletions(-)
diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix
index 0073e5aed..1a9ef4db6 100644
--- a/makefu/3modules/buildbot/master.nix
+++ b/makefu/3modules/buildbot/master.nix
@@ -25,50 +25,71 @@ let
stockholm_repo,
workdir='stockholm-poller', branch='master',
project='stockholm',
- pollinterval=300))
+ pollinterval=120))
####### Build Scheduler
# TODO: configure scheduler
- important_files = util.ChangeFilter(
- project_re="^((krebs|share)/.*|Makefile|default.nix)",
- branch='master')
c['schedulers'] = []
- c['schedulers'].append(schedulers.SingleBranchScheduler(
- name="all-important-files",
- change_filter=important_files,
- # 3 minutes stable tree
- treeStableTimer=3*60,
- builderNames=["runtests"]))
- c['schedulers'].append(schedulers.ForceScheduler(
+
+ # test the master real quick
+ fast = schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ name="fast-master-test",
+ builderNames=["fast-tests"])
+
+ force = schedulers.ForceScheduler(
name="force",
- builderNames=["runtests"]))
+ builderNames=["full-tests"])
+
+ # files everyone depends on or are part of the share branch
+ def shared_files(change):
+ import re
+ r =re.compile("^((krebs|share)/.*|Makefile|default.nix)")
+ for file in change.files:
+ if r.match(file):
+ return True
+ return False
+
+ full = schedulers.SingleBranchScheduler(
+ change_filter=util.ChangeFilter(branch="master"),
+ fileIsImportant=shared_files,
+ name="full-master-test",
+ builderNames=["full-tests"])
+ c['schedulers'] = [ fast, force, full ]
###### The actual build
+ # couple of fast steps:
f = util.BuildFactory()
- f.addStep(steps.Git(repourl=stockholm_repo, mode='incremental'))
+ ## fetch repo
+ grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental')
+ f.addStep(grab_repo)
# the dependencies which are used by the test script
deps = [ "gnumake", "jq" ]
nixshell = ["nix-shell", "-p" ] + deps + [ "--run" ]
- def addShell(**kwargs):
+ def addShell(f,**kwargs):
f.addStep(steps.ShellCommand(**kwargs))
- # TODO: combined strings somewhat defeat the reason why an array was used in first place
- addShell(name=env={"LOGNAME": "shared",
+ addShell(f,name="centos7-eval",env={"LOGNAME": "shared",
"get" : "krebs.deploy",
"filter" : "json"
},
command=nixshell + ["make -s eval system=test-centos7"])
- addShell(env={"LOGNAME": "shared",
+
+ addShell(f,name="wolf-eval",env={"LOGNAME": "shared",
"get" : "krebs.deploy",
"filter" : "json"
},
command=nixshell + ["make -s eval system=wolf"])
- # TODO: different Builders?
c['builders'] = []
c['builders'].append(
- util.BuilderConfig(name="runtests",
- # TODO: only some slaves being used in builder?
+ util.BuilderConfig(name="fast-tests",
+ slavenames=slavenames,
+ factory=f))
+
+ # TODO slow build
+ c['builders'].append(
+ util.BuilderConfig(name="full-tests",
slavenames=slavenames,
factory=f))
@@ -111,7 +132,9 @@ let
c['title'] = "Stockholm"
c['titleURL'] = "http://krebsco.de"
- c['buildbotURL'] = "http://buildbot.krebsco.de/"
+ #c['buildbotURL'] = "http://buildbot.krebsco.de/"
+ # TODO: configure url
+ c['buildbotURL'] = "http://vbob:8010/"
####### DB URL
c['db'] = {
@@ -124,7 +147,6 @@ let
api = {
enable = mkEnableOption "Buildbot Master";
-
workDir = mkOption {
default = "/var/lib/buildbot/master";
type = types.str;
@@ -169,6 +191,7 @@ let
};
});
};
+
extraConfig = mkOption {
default = "";
type = types.lines;
From 20d9a610189da29cd1f4abf60089d0579a1e291a Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 17:53:35 +0100
Subject: [PATCH 137/142] m 1 vbob: add firewall exception, extraEnviron
---
makefu/1systems/vbob.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix
index 5b03d40a8..a24cefd0d 100644
--- a/makefu/1systems/vbob.nix
+++ b/makefu/1systems/vbob.nix
@@ -35,6 +35,8 @@ in {
masterhost = "localhost";
username = "testslave";
password = "krebspass";
+ packages = with pkgs;[ git nix ];
+ extraEnviron = { NIX_PATH="nixpkgs=${toString <nixpkgs>}"; };
};
krebs.build.source.git.nixpkgs = {
@@ -63,6 +65,7 @@ in {
networking.firewall.allowedTCPPorts = [
25
80
+ 8010
];
krebs.retiolum = {
From 956d2091ec2ba931080ee8a09f12f5c645fbf672 Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 17:58:29 +0100
Subject: [PATCH 138/142] m 3 buildbot.master: only alert on state change
---
makefu/3modules/buildbot/master.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix
index 1a9ef4db6..58e2f8175 100644
--- a/makefu/3modules/buildbot/master.nix
+++ b/makefu/3modules/buildbot/master.nix
@@ -6,6 +6,7 @@ let
buildbot-master-config = pkgs.writeText "buildbot-master.cfg" ''
# -*- python -*-
from buildbot.plugins import *
+ import re
c = BuildmasterConfig = {}
@@ -43,7 +44,6 @@ let
# files everyone depends on or are part of the share branch
def shared_files(change):
- import re
r =re.compile("^((krebs|share)/.*|Makefile|default.nix)")
for file in change.files:
if r.match(file):
@@ -119,8 +119,8 @@ let
# TODO: multiple channels
channels=["${cfg.irc.channel}"],
notify_events={
- 'success': 1,
- 'failure': 1,
+ #'success': 1,
+ #'failure': 1,
'exception': 1,
'successToFailure': 1,
'failureToSuccess': 1,
From c666325c15726107598dbac3c64de175e6ff13ca Mon Sep 17 00:00:00 2001
From: makefu <makefu@nixos.dev>
Date: Wed, 16 Dec 2015 18:01:14 +0100
Subject: [PATCH 139/142] m 3 buildbot.slave: add to imports
---
makefu/3modules/default.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 4b2b36e64..ffbf54cc0 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -3,6 +3,7 @@ _:
{
imports = [
./buildbot/master.nix
+ ./buildbot/slave.nix
];
}
From 3f4bd94233164a9b12d61c1a460b6eff83c39209 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 17 Dec 2015 17:38:33 +0100
Subject: [PATCH 140/142] m 2 git/brain-retiolum: remove obsolete users
---
makefu/2configs/git/brain-retiolum.nix | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix
index 066d50a28..25ef584bf 100644
--- a/makefu/2configs/git/brain-retiolum.nix
+++ b/makefu/2configs/git/brain-retiolum.nix
@@ -59,16 +59,7 @@ let
set-owners repo all-makefu ++ set-ro-access repo krebsminister;
in {
- imports = [{
- krebs.users.makefu-omo = {
- name = "makefu-omo" ;
- pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub;
- };
- krebs.users.makefu-tsp = {
- name = "makefu-tsp" ;
- pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub;
- };
- }];
+ imports = [ ];
krebs.git = {
enable = true;
cgit = false;
From cfe266c222123c41fb7645a3739ac2ef448f527c Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 19 Dec 2015 16:02:27 +0100
Subject: [PATCH 141/142] k 5 cac: bump version
---
krebs/5pkgs/cac/default.nix | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix
index e29f091e4..40dd56412 100644
--- a/krebs/5pkgs/cac/default.nix
+++ b/krebs/5pkgs/cac/default.nix
@@ -4,9 +4,9 @@ stdenv.mkDerivation {
name = "cac-1.0.0";
src = fetchgit {
- url = http://cgit.cd.retiolum/cac;
- rev = "14de1d3c78385e3f8b6d694f5d799eb1b613159e";
- sha256 = "9b2a3d47345d6f8f27d9764c4f2f2acff17d3dde145dd0e674e4183e9312fec3";
+ url = http://cgit.gum/cac;
+ rev = "fe3b2ecb0aaf7d863842b896e18cd2b829f2297b";
+ sha256 = "05bnd7wyjhqy8srmpnc8d234rv3jxdjgb4z0hlfb9kg7mb12w1ya";
};
phases = [
From 5821d8438578db623a3e248c52fefa424fad0b51 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 19 Dec 2015 16:02:52 +0100
Subject: [PATCH 142/142] s 1 test-centos7: prepare to use generated networking
---
shared/1systems/test-centos7.nix | 20 ++------------------
1 file changed, 2 insertions(+), 18 deletions(-)
diff --git a/shared/1systems/test-centos7.nix b/shared/1systems/test-centos7.nix
index 51e99600c..077a5d61b 100644
--- a/shared/1systems/test-centos7.nix
+++ b/shared/1systems/test-centos7.nix
@@ -3,29 +3,13 @@
let
inherit (lib) head;
- ip = "168.235.145.85";
- gw = "168.235.145.1";
in {
imports = [
../2configs/base.nix
../2configs/os-templates/CAC-CentOS-7-64bit.nix
- {
- networking.interfaces.enp2s1.ip4 = [
- {
- address = ip;
- prefixLength = 24;
- }
- ];
- networking.defaultGateway = gw;
- networking.nameservers = [
- "8.8.8.8"
- ];
-
- }
- {
- sound.enable = false;
- }
+ ../2configs/os-templates/temp-networking.nix
];
+ sound.enable = false;
krebs.build.host = config.krebs.hosts.test-centos7;
}