diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fb273c932..3ff991aa4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,13 +11,14 @@ before_script:
- ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts
# import secret key for secrets
- echo "$secrets_gpg_key" | gpg --import
-wolf deployment test:
+deployment test:
stage: test
script:
- GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
- test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337
- git submodule update --init
- $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test)
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target /tmp -A test)
nix-shell test:
stage: test
script:
@@ -34,7 +35,6 @@ wolf deployment:
- git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
- git submodule update --init
- ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts
- # TODO, hostname wolf cannot be resolved
- $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy)
only:
changes:
@@ -42,6 +42,20 @@ wolf deployment:
- krebs/**/*
- lib/**/*
- .gitmodules
+puyak deployment:
+ stage: deploy
+ script:
+ - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
+ - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
+ - git submodule update --init
+ - ssh-keyscan -H 'puyak.shack' >> ~/.ssh/known_hosts
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target puyak.shack -A deploy)
+ only:
+ changes:
+ - .gitlab-ci.yml
+ - krebs/**/*
+ - lib/**/*
+ - .gitmodules
nur-packages makefu:
stage: deploy
script:
diff --git a/.gitmodules b/.gitmodules
index f35a9250d..5b4336510 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,3 +4,6 @@
[submodule "submodules/krops"]
path = submodules/krops
url = https://cgit.krebsco.de/krops
+[submodule "lass/5pkgs/autowifi"]
+ path = lass/5pkgs/autowifi
+ url = https://github.com/Lassulus/autowifi
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 6493c6df4..a20f6929e 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -13,6 +13,7 @@
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/news.nix>
<stockholm/krebs/2configs/news-spam.nix>
+ <stockholm/krebs/2configs/shack/ssh-keys.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
@@ -81,12 +82,6 @@
echo level disengaged > /proc/acpi/ibm/fan
'';
- # to access vorstand vm
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.ulrich.pubkey
- config.krebs.users.raute.pubkey
- ];
-
users.users.joerg = {
openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
isNormalUser = true;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index e87b7bb99..059e09ac1 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -16,6 +16,7 @@ in
# handle the worlddomination map via coap
<stockholm/krebs/2configs/shack/worlddomination.nix>
+ <stockholm/krebs/2configs/shack/ssh-keys.nix>
# drivedroid.shack for shackphone
<stockholm/krebs/2configs/shack/drivedroid.nix>
@@ -117,14 +118,6 @@ in
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
- users.extraUsers.root.openssh.authorizedKeys.keys = [
- config.krebs.users."0x4A6F".pubkey
- config.krebs.users.ulrich.pubkey
- config.krebs.users.raute.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
- ];
-
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
@@ -137,6 +130,7 @@ in
enable = true;
wideArea = false;
};
+
environment.systemPackages = [ pkgs.avahi ];
}
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index 698e20da1..224a38ac3 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -15,13 +15,12 @@ in {
makefu
tv
];
- eloop-ml = spam-ml ++ [ ciko ];
+ eloop-ml = spam-ml;
spam-ml = [
lass
makefu
tv
];
- ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"brain@krebsco.de" = brain-ml;
diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix
new file mode 100644
index 000000000..096c551ba
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/alert-rules.nix
@@ -0,0 +1,102 @@
+{ lib }:
+with lib;
+
+let
+ deviceFilter = ''device!="ramfs",device!="rpc_pipefs",device!="lxcfs",device!="nsfs",device!="borgfs"'';
+in mapAttrsToList (name: opts: {
+ alert = name;
+ expr = opts.condition;
+ for = opts.time or "2m";
+ labels = if (opts.page or true) then { severity = "page"; } else {};
+ annotations = {
+ summary = opts.summary;
+ description = opts.description;
+ };
+}) {
+ node_down = {
+ condition = ''up{job="node"} == 0'';
+ summary = "{{$labels.alias}}: Node is down.";
+ description = "{{$labels.alias}} has been down for more than 2 minutes.";
+ };
+ node_systemd_service_failed = {
+ condition = ''node_systemd_unit_state{state="failed"} == 1'';
+ summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
+ description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
+ };
+ node_filesystem_full_80percent = {
+ condition = ''sort(node_filesystem_free_bytes{${deviceFilter}} < node_filesystem_size_bytes{${deviceFilter}} * 0.2) / 1024^3'';
+ time = "10m";
+ summary = "{{$labels.alias}}: Filesystem is running out of space soon.";
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 20% space left on its filesystem.";
+ };
+ node_filesystem_full_in_7d = {
+ condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[2d], 7*24*3600) <= 0'';
+ time = "1h";
+ summary = "{{$labels.alias}}: Filesystem is running out of space in 7 days.";
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 7 days";
+ };
+ node_filesystem_full_in_30d = {
+ condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[30d], 30*24*3600) <= 0'';
+ time = "1h";
+ summary = "{{$labels.alias}}: Filesystem is running out of space in 30 days.";
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 30 days";
+ };
+ node_filedescriptors_full_in_3h = {
+ condition = ''predict_linear(node_filefd_allocated[3h], 3*3600) >= node_filefd_maximum'';
+ time = "20m";
+ summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
+ description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
+ };
+ node_filedescriptors_full_in_7d = {
+ condition = ''predict_linear(node_filefd_allocated[7d], 7*24*3600) >= node_filefd_maximum'';
+ time = "1h";
+ summary = "{{$labels.alias}} is running out of available file descriptors in 7 days.";
+ description = "{{$labels.alias}} is running out of available file descriptors in approx. 7 days";
+ };
+ node_load15 = {
+ condition = ''node_load15 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 1.0'';
+ time = "10m";
+ summary = "{{$labels.alias}}: Running on high load: {{$value}}";
+ description = "{{$labels.alias}} is running with load15 > 1 for at least 5 minutes: {{$value}}";
+ };
+ node_ram_using_90percent = {
+ condition = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
+ time = "1h";
+ summary = "{{$labels.alias}}: Using lots of RAM.";
+ description = "{{$labels.alias}} is using at least 90% of its RAM for at least 1 hour.";
+ };
+ node_swap_using_30percent = {
+ condition = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.3";
+ time = "30m";
+ summary = "{{$labels.alias}}: Using more than 30% of its swap.";
+ description = "{{$labels.alias}} is using 30% of its swap space for at least 30 minutes.";
+ };
+ node_visible_confluence_space = {
+ condition = "node_visible_confluence_space != 0";
+ summary = "crowd prometheus cann see the {{$labels.space_name}} confluence space!";
+ description = "crowd user `prometheus` can see the `{{$labels.space_name}}` confluence space.";
+ };
+ node_hwmon_temp = {
+ condition = "node_hwmon_temp_celsius > node_hwmon_temp_crit_celsius*0.9 OR node_hwmon_temp_celsius > node_hwmon_temp_max_celsius*0.95";
+ time = "5m";
+ summary = "{{$labels.alias}}: Sensor {{$labels.sensor}}/{{$labels.chip}} temp is high: {{$value}} ";
+ description = "{{$labels.alias}} reports hwmon sensor {{$labels.sensor}}/{{$labels.chip}} temperature value is nearly critical: {{$value}}";
+ };
+ node_conntrack_limit = {
+ condition = "node_nf_conntrack_entries_limit - node_nf_conntrack_entries < 1000";
+ time = "5m";
+ summary = "{{$labels.alias}}: Number of tracked connections high";
+ description = "{{$labels.alias}} has only {{$value}} free slots for connection tracking available.";
+ };
+ node_reboot = {
+ condition = "time() - node_boot_time_seconds < 300";
+ summary = "{{$labels.alias}}: Reboot";
+ description = "{{$labels.alias}} just rebooted.";
+ };
+ node_uptime = {
+ condition = "time() - node_boot_time_seconds > 2592000";
+ page = false;
+ summary = "{{$labels.alias}}: Uptime monster";
+ description = "{{$labels.alias}} has been up for more than 30 days.";
+ };
+}
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
index 7f6f38610..f5d2e7640 100644
--- a/krebs/2configs/shack/prometheus/server.nix
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -28,90 +28,12 @@
"-storage.local.index-cache-size.label-name-to-label-values 2097152"
"-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
];
- rules = [
- ''
- ALERT node_down
- IF up == 0
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Node is down.",
- description = "{{$labels.alias}} has been down for more than 5 minutes."
- }
- ALERT node_systemd_service_failed
- IF node_systemd_unit_state{state="failed"} == 1
- FOR 4m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
- description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
- }
- ALERT node_filesystem_full_90percent
- IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
- }
- ALERT node_filesystem_full_in_4h
- IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
- }
- ALERT node_filedescriptors_full_in_3h
- IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
- FOR 20m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
- description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
- }
- ALERT node_load1_90percent
- IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
- FOR 1h
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Running on high load.",
- description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
- }
- ALERT node_cpu_util_90percent
- IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
- FOR 1h
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: High CPU utilization.",
- description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
- }
- ALERT node_ram_using_90percent
- IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
- FOR 30m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary="{{$labels.alias}}: Using lots of RAM.",
- description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
- }
- ''
- ];
+ ruleFiles = lib.singleton (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON {
+ groups = lib.singleton {
+ name = "mf-alerting-rules";
+ rules = import ./alert-rules.nix { inherit lib; };
+ };
+ }));
scrapeConfigs = [
{
job_name = "node";
diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix
new file mode 100644
index 000000000..9c7f507f1
--- /dev/null
+++ b/krebs/2configs/shack/ssh-keys.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users."0x4A6F".pubkey
+ config.krebs.users.ulrich.pubkey
+ config.krebs.users.raute.pubkey
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
+ ];
+}
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 4892a8723..ffa9a29e9 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -2,10 +2,10 @@
with import <stockholm/lib>;
let
- gunicorn = pkgs.python27Packages.gunicorn;
- bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; };
- gevent = pkgs.python27Packages.gevent;
- python = pkgs.python27Packages.python;
+ gunicorn = pkgs.python3Packages.gunicorn;
+ bepasty = pkgs.bepasty;
+ gevent = pkgs.python3Packages.gevent;
+ python = pkgs.python3Packages.python;
cfg = config.krebs.bepasty;
out = {
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index cbf24effe..7695667fd 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -135,6 +135,7 @@ let
f_${name} = util.BuildFactory()
f_${name}.addStep(steps.Git(
repourl=util.Property('repository', '${head repo.urls}'),
+ method='clobber',
mode='full',
submodules=True,
))
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index c770391c7..fcdbcbc19 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -103,7 +103,6 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
- { krebs = import ./mb { inherit config; }; }
{ krebs = import ./nin { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 247dae69c..821859f3c 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -359,8 +359,8 @@ in {
nets = rec {
retiolum = {
addrs = [
- config.krebs.hosts.donna.nets.retiolum.ip4.addr
- config.krebs.hosts.donna.nets.retiolum.ip6.addr
+ config.krebs.hosts.amy.nets.retiolum.ip4.addr
+ config.krebs.hosts.amy.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.181";
aliases = [ "amy.r" ];
@@ -387,8 +387,8 @@ in {
nets = rec {
retiolum = {
addrs = [
- config.krebs.hosts.donna.nets.retiolum.ip4.addr
- config.krebs.hosts.donna.nets.retiolum.ip6.addr
+ config.krebs.hosts.clara.nets.retiolum.ip4.addr
+ config.krebs.hosts.clara.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.182";
aliases = [ "clara.r" ];
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
index f6d47f27e..e8037128d 100644
--- a/krebs/3modules/iana-etc.nix
+++ b/krebs/3modules/iana-etc.nix
@@ -23,32 +23,20 @@ with import <stockholm/lib>;
};
config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) {
- services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} ''
- exec < ${pkgs.iana_etc}/etc/services
- exec > $out
- awk -F '[ /]+' '
- BEGIN {
- port=0
- }
- ${concatMapStringsSep "\n" (entry: ''
- $2 == ${entry.port} {
- port=$2
- next
- }
- port == ${entry.port} {
- ${concatMapStringsSep "\n"
- (proto: let
- s = "${entry.${proto}.name} ${entry.port}/${proto}";
- in
- "print ${toJSON s}")
- (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
- port=0
- }
- '') (attrValues config.krebs.iana-etc.services)}
- {
- print $0
- }
- '
+ services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} /* sh */ ''
+ {
+ ${concatMapStringsSep "\n" (entry: /* sh */ ''
+ ${concatMapStringsSep "\n"
+ (proto: let
+ line = "${entry.${proto}.name} ${entry.port}/${proto}";
+ in /* sh */ ''
+ echo ${shell.escape line}
+ '')
+ (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
+ '') (attrValues config.krebs.iana-etc.services)}
+ cat ${pkgs.iana_etc}/etc/services
+ } |
+ sort -b -k 2,2 -u > $out
'');
};
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 30c7b085f..00847071a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -111,44 +111,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
};
- archprism = {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "46.4.114.247";
- aliases = [
- "archprism.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.123";
- aliases = [
- "archprism.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG
- wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n
- f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U
- 5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H
- BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte
- s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l
- x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP
- gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5
- GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI
- l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV
- L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc
- 6j/HwgWTf85Io/tbVMTNtkECAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
- };
-
uriel = {
monitoring = false;
cores = 1;
diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix
deleted file mode 100644
index 31e01c4ab..000000000
--- a/krebs/3modules/mb/default.nix
+++ /dev/null
@@ -1,151 +0,0 @@
-with import <stockholm/lib>;
-{ config, ... }: let
-
- hostDefaults = hostName: host: flip recursiveUpdate host {
- ci = true;
- owner = config.krebs.users.mb;
- };
-
-in {
- hosts = mapAttrs hostDefaults {
- orange = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.23";
- aliases = [
- "orange.r"
- "or4ng3.r"
- "0r4n93.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7P0CkmC5HWnTdgGFzmA
- zQuJzHSkSjcGgSkIt0pvqU6xi8P/d4eJlmeXeGTpH62JfM1xhEMpxMVd/4NOON2u
- IlWnfu5bB763145IJwE0HmZziWjQXWRPAZMqYdQ5f2Pvmxv1yr3uBNzr8UlV6BjD
- FXn8sCvikXttYzts9szlz5+pkY09qfiz48+DMzRBNO6JzXYQ9kPyS+TIXlGpN4Jp
- C1TRF38eF2DTEZ58Yx8Z99dGrXVuqlSe77fehTQGxCckTpaZ0HS3XfZNa/cas8JY
- /0RzH2n2AndnPirISDZ7r4ZIFuKAaivqaEkM8v7llI77URVB9ZJb/IqCrBzueAbt
- V/5ts2HpfBAUhw0RoiH8ql+IQZsuSOpRUC2gUN8460V4SQkVtDcsVTENiD+NM5Mg
- ImBv041CsW/rSJOilT2r/rWDN8RFnz/RrAQn+L31KXr81kg1TOLxO0ybs/eMJM3r
- RnHFZPiiKdqPlA60g0AnzKXPR2JTszHIgHHoRUW16I1WJeuAJNjg0JDQ0JM7pZ27
- JEaCc7uR12TPiuExKaNEaxKZVY1J0hzxOzF2MFIbAMVz/3K2ycvvuLxKojqIAXxA
- D+UtcOfJ62k2WnLXOEIZqFU0J2bvhxYUZOFS55wIn1UJF7hemD/LUFHBiWnuhwHk
- TAEl8M851t+Zp3hZeJzgx2kCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- rofl = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.43";
- aliases = [
- "rofl.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm
- xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8
- txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D
- VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb
- VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts
- 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1
- vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC
- Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp
- 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH
- QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f
- NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f
- 3aAAePgBsZvRQozxXZfqp58CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- p1nk = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.42";
- aliases = [
- "p1nk.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48
- AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe
- zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV
- 4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ
- 888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy
- XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8
- jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9
- qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa
- 6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ
- V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC
- bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb
- 3AYi5dQXHjab/lvj6917xa0CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- gr33n = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.123";
- aliases = [
- "gr33n.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8
- kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M
- JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P
- OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO
- ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt
- JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd
- I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ
- 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X
- s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH
- oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6
- Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV
- jtTSbSJHU5esECtAuXy1XH8CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- sunsh1n3 = {
- ci = false;
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.142";
- aliases = [
- "sunsh1n3.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf
- QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU
- pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz
- idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf
- 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5
- yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD
- /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY
- Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy
- LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj
- 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H
- C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU
- 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- };
- users = {
- mb = {
- mail = "mb0@codemonkey.cc";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCHAdKGHP/De/GLEsPo5RBfbaiiitMw4Y/akOekJbImswT6Np2lzqno/WBJcfVs3D39wgPKNld4P/QZc5IwxC26q/PnBFu93KES0GqnlAqUNE63IOJ8UzNdyEqWggnRiLrBU+ZgyFZvmqp6NoSO4YEGEK4RZRMJM/GcAuQMj/nGjx2AHwPGZCkIRgz8/ctBOzX1/knZd3cOnNowH1wlqUKX6UcEzJdAVDQijHF1wl0Ri8tJKq9u8s/fw+1PSOpOHaeF1BALsXSKgeJDqUCTnZW5mAVUWJ86LvvyfCP4In9lhhLisbDm2cD96QaVvJyV6HfmegdSxZ1Phh+9Qz+3WhDJRedBTSKWfK/9j7VWSb+z/KV37q72W25ZfFMSay58LmCqn3v5fGt9qj4nlPw0By4baGLiGlA7xyvkJfdt8ZVPps5d2g6UprTbSA79lYN4qtWKq2Z9t317xch7Lix6EunQcoTkJ6QXEbDrAIk3zvkWr/CtpwEhNcSdWvQsua42dkD2oOI2F2IgFyYgOx9Iba2yj8A0TD2iqfYVhsJIYuk12QfeaR7ovQ6DhHlUxyQzeF6h0Y+I4AN6Sq/Mmj/cxfQoIaAEybUQMX+7KjFceIszT3JbGlz7DCxi7DMmNYuc7LELMRG3jNAOk+fW8u42Bhgc44tzvAondojerUGqCbUDw== mb0@codemonkey.cc";
- };
- };
-}
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index a0c00c20d..c09bb008d 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -29,7 +29,7 @@ let
cloudmap = mkOption {
type = types.str;
- default = "http://xplanetclouds.com/free/local/clouds_2048.jpg";
+ default = "http://home.megapass.co.kr/~holywatr/cloud_data/clouds_2048.jpg";
};
marker = mkOption {
diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix
index 055e6b476..0ac66f433 100644
--- a/krebs/5pkgs/simple/newsbot-js/default.nix
+++ b/krebs/5pkgs/simple/newsbot-js/default.nix
@@ -1,11 +1,11 @@
-{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs, icu }:
+{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs, pkgs, icu }:
with lib;
let
nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
- nodejs = nodejs-12_x;
+ nodejs = nodejs;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
};
@@ -36,7 +36,7 @@ in stdenv.mkDerivation {
];
buildInputs = [
- nodejs-12_x
+ nodejs
makeWrapper
];
@@ -45,7 +45,7 @@ in stdenv.mkDerivation {
cp newsbot.js $out/
cat > $out/newsbot << EOF
- ${nodejs-12_x}/bin/node $out/newsbot.js
+ ${nodejs}/bin/node $out/newsbot.js
EOF
chmod +x $out/newsbot
diff --git a/krebs/5pkgs/simple/newsbot-js/node-packages.nix b/krebs/5pkgs/simple/newsbot-js/node-packages.nix
index d6b2a06dd..ea45b93f3 100644
--- a/krebs/5pkgs/simple/newsbot-js/node-packages.nix
+++ b/krebs/5pkgs/simple/newsbot-js/node-packages.nix
@@ -1,4 +1,4 @@
-# This file has been generated by node2nix 1.5.3. Do not edit!
+# This file has been generated by node2nix 1.7.0. Do not edit!
{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}:
@@ -13,22 +13,13 @@ let
sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746";
};
};
- "ajv-5.5.2" = {
+ "ajv-6.10.2" = {
name = "ajv";
packageName = "ajv";
- version = "5.5.2";
+ version = "6.10.2";
src = fetchurl {
- url = "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz";
- sha1 = "73b5eeca3fab653e3d3f9422b341ad42205dc965";
- };
- };
- "array-filter-0.0.1" = {
- name = "array-filter";
- packageName = "array-filter";
- version = "0.0.1";
- src = fetchurl {
- url = "https://registry.npmjs.org/array-filter/-/array-filter-0.0.1.tgz";
- sha1 = "7da8cf2e26628ed732803581fd21f67cacd2eeec";
+ url = "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz";
+ sha512 = "TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw==";
};
};
"array-indexofobject-0.0.1" = {
@@ -40,31 +31,13 @@ let
sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a";
};
};
- "array-map-0.0.0" = {
- name = "array-map";
- packageName = "array-map";
- version = "0.0.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/array-map/-/array-map-0.0.0.tgz";
- sha1 = "88a2bab73d1cf7bcd5c1b118a003f66f665fa662";
- };
- };
- "array-reduce-0.0.0" = {
- name = "array-reduce";
- packageName = "array-reduce";
- version = "0.0.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/array-reduce/-/array-reduce-0.0.0.tgz";
- sha1 = "173899d3ffd1c7d9383e4479525dbe278cab5f2b";
- };
- };
- "asn1-0.2.3" = {
+ "asn1-0.2.4" = {
name = "asn1";
packageName = "asn1";
- version = "0.2.3";
+ version = "0.2.4";
src = fetchurl {
- url = "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz";
- sha1 = "dac8787713c9966849fc8180777ebe9c1ddf3b86";
+ url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz";
+ sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==";
};
};
"assert-plus-1.0.0" = {
@@ -94,40 +67,22 @@ let
sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8";
};
};
- "aws4-1.6.0" = {
+ "aws4-1.8.0" = {
name = "aws4";
packageName = "aws4";
- version = "1.6.0";
+ version = "1.8.0";
src = fetchurl {
- url = "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz";
- sha1 = "83ef5ca860b2b32e4a0deedee8c771b9db57471e";
+ url = "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz";
+ sha512 = "ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ==";
};
};
- "bcrypt-pbkdf-1.0.1" = {
+ "bcrypt-pbkdf-1.0.2" = {
name = "bcrypt-pbkdf";
packageName = "bcrypt-pbkdf";
- version = "1.0.1";
+ version = "1.0.2";
src = fetchurl {
- url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz";
- sha1 = "63bc5dcb61331b92bc05fd528953c33462a06f8d";
- };
- };
- "boom-4.3.1" = {
- name = "boom";
- packageName = "boom";
- version = "4.3.1";
- src = fetchurl {
- url = "https://registry.npmjs.org/boom/-/boom-4.3.1.tgz";
- sha1 = "4f8a3005cb4a7e3889f749030fd25b96e01d2e31";
- };
- };
- "boom-5.2.0" = {
- name = "boom";
- packageName = "boom";
- version = "5.2.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/boom/-/boom-5.2.0.tgz";
- sha512 = "19h20yqpvca08dns1rs4f057f10w63v0snxfml4h5khsk266x3x1im0w72bza4k2xn0kfz6jlv001dhcvxsjr09bmbqnysils9m7437";
+ url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz";
+ sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e";
};
};
"caseless-0.12.0" = {
@@ -139,22 +94,13 @@ let
sha1 = "1b681c21ff84033c826543090689420d187151dc";
};
};
- "co-4.6.0" = {
- name = "co";
- packageName = "co";
- version = "4.6.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/co/-/co-4.6.0.tgz";
- sha1 = "6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184";
- };
- };
- "combined-stream-1.0.6" = {
+ "combined-stream-1.0.8" = {
name = "combined-stream";
packageName = "combined-stream";
- version = "1.0.6";
+ version = "1.0.8";
src = fetchurl {
- url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz";
- sha1 = "723e7df6e801ac5613113a7e445a9b69cb632818";
+ url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz";
+ sha512 = "FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==";
};
};
"core-util-is-1.0.2" = {
@@ -166,15 +112,6 @@ let
sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7";
};
};
- "cryptiles-3.1.2" = {
- name = "cryptiles";
- packageName = "cryptiles";
- version = "3.1.2";
- src = fetchurl {
- url = "https://registry.npmjs.org/cryptiles/-/cryptiles-3.1.2.tgz";
- sha1 = "a89fbb220f5ce25ec56e8c4aa8a4fd7b5b0d29fe";
- };
- };
"dashdash-1.14.1" = {
name = "dashdash";
packageName = "dashdash";
@@ -193,22 +130,22 @@ let
sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619";
};
};
- "ecc-jsbn-0.1.1" = {
+ "ecc-jsbn-0.1.2" = {
name = "ecc-jsbn";
packageName = "ecc-jsbn";
- version = "0.1.1";
+ version = "0.1.2";
src = fetchurl {
- url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz";
- sha1 = "0fc73a9ed5f0d53c38193398523ef7e543777505";
+ url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz";
+ sha1 = "3a83a904e54353287874c564b7549386849a98c9";
};
};
- "extend-3.0.1" = {
+ "extend-3.0.2" = {
name = "extend";
packageName = "extend";
- version = "3.0.1";
+ version = "3.0.2";
src = fetchurl {
- url = "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz";
- sha1 = "a755ea7bc1adfcc5a31ce7e762dbaadc5e636444";
+ url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz";
+ sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==";
};
};
"extsprintf-1.3.0" = {
@@ -220,13 +157,13 @@ let
sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05";
};
};
- "fast-deep-equal-1.1.0" = {
+ "fast-deep-equal-2.0.1" = {
name = "fast-deep-equal";
packageName = "fast-deep-equal";
- version = "1.1.0";
+ version = "2.0.1";
src = fetchurl {
- url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.1.0.tgz";
- sha1 = "c053477817c86b51daa853c81e059b733d023614";
+ url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz";
+ sha1 = "7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49";
};
};
"fast-json-stable-stringify-2.0.0" = {
@@ -247,13 +184,13 @@ let
sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91";
};
};
- "form-data-2.3.2" = {
+ "form-data-2.3.3" = {
name = "form-data";
packageName = "form-data";
- version = "2.3.2";
+ version = "2.3.3";
src = fetchurl {
- url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz";
- sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099";
+ url = "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz";
+ sha512 = "1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==";
};
};
"getpass-0.1.7" = {
@@ -274,31 +211,13 @@ let
sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92";
};
};
- "har-validator-5.0.3" = {
+ "har-validator-5.1.3" = {
name = "har-validator";
packageName = "har-validator";
- version = "5.0.3";
+ version = "5.1.3";
src = fetchurl {
- url = "https://registry.npmjs.org/har-validator/-/har-validator-5.0.3.tgz";
- sha1 = "ba402c266194f15956ef15e0fcf242993f6a7dfd";
- };
- };
- "hawk-6.0.2" = {
- name = "hawk";
- packageName = "hawk";
- version = "6.0.2";
- src = fetchurl {
- url = "https://registry.npmjs.org/hawk/-/hawk-6.0.2.tgz";
- sha512 = "1nl2hjr2mnhj5jlaz8mh54z7acwz5j5idkch04qgjk78756gw5d0fjk4a2immil5ij9ijdssb9ndpryvnh2xpcbgcjv8lxybn330als";
- };
- };
- "hoek-4.2.1" = {
- name = "hoek";
- packageName = "hoek";
- version = "4.2.1";
- src = fetchurl {
- url = "https://registry.npmjs.org/hoek/-/hoek-4.2.1.tgz";
- sha512 = "1y8kprb3qldxqj31zai5n8dvhydsl9nn5w4rskhnbzzhldn6pm6n5lcyam3sfkb61a62d5m58k8im7z6ngwbd9cw9zp4zm4y7ckrf20";
+ url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz";
+ sha512 = "sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==";
};
};
"http-signature-1.2.0" = {
@@ -319,22 +238,22 @@ let
sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed";
};
};
- "inherits-2.0.3" = {
+ "inherits-2.0.4" = {
name = "inherits";
packageName = "inherits";
- version = "2.0.3";
+ version = "2.0.4";
src = fetchurl {
- url = "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz";
- sha1 = "633c2c83e3da42a502f52466022480f4208261de";
+ url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz";
+ sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==";
};
};
- "irc-colors-1.4.2" = {
+ "irc-colors-1.5.0" = {
name = "irc-colors";
packageName = "irc-colors";
- version = "1.4.2";
+ version = "1.5.0";
src = fetchurl {
- url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.4.2.tgz";
- sha512 = "0f75yhavbhr8lbh3lh83rvyfrrrcxjawnd2rz7sacjd3zxj5524xr28j66f2l11vlngdkbplxz5xsq9dnwrcyqa0jh64k2pvzhn17a1";
+ url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.5.0.tgz";
+ sha512 = "HtszKchBQTcqw1DC09uD7i7vvMayHGM1OCo6AHt5pkgZEyo99ClhHTMJdf+Ezc9ovuNNxcH89QfyclGthjZJOw==";
};
};
"is-typedarray-1.0.0" = {
@@ -382,13 +301,13 @@ let
sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13";
};
};
- "json-schema-traverse-0.3.1" = {
+ "json-schema-traverse-0.4.1" = {
name = "json-schema-traverse";
packageName = "json-schema-traverse";
- version = "0.3.1";
+ version = "0.4.1";
src = fetchurl {
- url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz";
- sha1 = "349a6d44c53a51de89b40805c5d5e59b417d3340";
+ url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz";
+ sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==";
};
};
"json-stringify-safe-5.0.1" = {
@@ -400,15 +319,6 @@ let
sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb";
};
};
- "jsonify-0.0.0" = {
- name = "jsonify";
- packageName = "jsonify";
- version = "0.0.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz";
- sha1 = "2c74b6ee41d93ca51b7b5aaee8f503631d252a73";
- };
- };
"jsprim-1.4.1" = {
name = "jsprim";
packageName = "jsprim";
@@ -454,40 +364,40 @@ let
sha1 = "d0225373aeb652adc1bc82e4945339a842754773";
};
};
- "mime-db-1.33.0" = {
+ "mime-db-1.42.0" = {
name = "mime-db";
packageName = "mime-db";
- version = "1.33.0";
+ version = "1.42.0";
src = fetchurl {
- url = "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz";
- sha512 = "36xnw59ik9fqym00cmwb5nyzg0l03k70cp413f7639j93wgmzk1mh0xjc7i6zz3r6k9xnwh0g5cm5a1f3y8c6plgy4qld7fm887ywh4";
+ url = "https://registry.npmjs.org/mime-db/-/mime-db-1.42.0.tgz";
+ sha512 = "UbfJCR4UAVRNgMpfImz05smAXK7+c+ZntjaA26ANtkXLlOe947Aag5zdIcKQULAiF9Cq4WxBi9jUs5zkA84bYQ==";
};
};
- "mime-types-2.1.18" = {
+ "mime-types-2.1.25" = {
name = "mime-types";
packageName = "mime-types";
- version = "2.1.18";
+ version = "2.1.25";
src = fetchurl {
- url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz";
- sha512 = "22krj1kw7n9z10zdyx7smcaim4bzwqsqzhspwha06q58gcrxfp93hw2cd0vk5crhq5p2dwzqlpacg32lrmp5sjzb798zdzy35mdmkwm";
+ url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.25.tgz";
+ sha512 = "5KhStqB5xpTAeGqKBAMgwaYMnQik7teQN4IAzC7npDv6kzeU6prfkR67bc87J1kWMPGkoaZSq1npmexMgkmEVg==";
};
};
- "mri-1.1.0" = {
+ "mri-1.1.4" = {
name = "mri";
packageName = "mri";
- version = "1.1.0";
+ version = "1.1.4";
src = fetchurl {
- url = "https://registry.npmjs.org/mri/-/mri-1.1.0.tgz";
- sha1 = "5c0a3f29c8ccffbbb1ec941dcec09d71fa32f36a";
+ url = "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz";
+ sha512 = "6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==";
};
};
- "nan-2.10.0" = {
+ "nan-2.14.0" = {
name = "nan";
packageName = "nan";
- version = "2.10.0";
+ version = "2.14.0";
src = fetchurl {
- url = "https://registry.npmjs.org/nan/-/nan-2.10.0.tgz";
- sha512 = "349rr7x0djrlkav4gbhkg355852ingn965r0kkch8rr4cwp7qki9676zpq8cq988yszzd2hld6szsbbnd1v6rghzf11abn1nyzlj1vc";
+ url = "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz";
+ sha512 = "INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg==";
};
};
"node-icu-charset-detector-0.2.0" = {
@@ -499,13 +409,13 @@ let
sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639";
};
};
- "oauth-sign-0.8.2" = {
+ "oauth-sign-0.9.0" = {
name = "oauth-sign";
packageName = "oauth-sign";
- version = "0.8.2";
+ version = "0.9.0";
src = fetchurl {
- url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz";
- sha1 = "46a6ab7f0aead8deae9ec0565780b7d4efeb9d43";
+ url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz";
+ sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==";
};
};
"performance-now-2.1.0" = {
@@ -517,13 +427,22 @@ let
sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b";
};
};
- "process-nextick-args-2.0.0" = {
+ "process-nextick-args-2.0.1" = {
name = "process-nextick-args";
packageName = "process-nextick-args";
- version = "2.0.0";
+ version = "2.0.1";
src = fetchurl {
- url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz";
- sha512 = "0rw8xpqqkhs91722slvzf8icxfaimqp4w8zb3840jxr7r8n8035byl6dhdi5bm0yr6x7sdws0gf3m025fg6hqgaklwlbl4d7bah5l9j";
+ url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz";
+ sha512 = "3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==";
+ };
+ };
+ "psl-1.4.0" = {
+ name = "psl";
+ packageName = "psl";
+ version = "1.4.0";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/psl/-/psl-1.4.0.tgz";
+ sha512 = "HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw==";
};
};
"punycode-1.4.1" = {
@@ -535,13 +454,22 @@ let
sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e";
};
};
- "qs-6.5.1" = {
+ "punycode-2.1.1" = {
+ name = "punycode";
+ packageName = "punycode";
+ version = "2.1.1";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz";
+ sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==";
+ };
+ };
+ "qs-6.5.2" = {
name = "qs";
packageName = "qs";
- version = "6.5.1";
+ version = "6.5.2";
src = fetchurl {
- url = "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz";
- sha512 = "3waqapyj1k4g135sgj636rmswiaixq19is1rw0rpv4qp6k7dl0a9nwy06m7yl5lbdk9p6xpwwngnggbzlzaz6rh11c86j2nvnnf273r";
+ url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz";
+ sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==";
};
};
"readable-stream-2.3.6" = {
@@ -550,16 +478,34 @@ let
version = "2.3.6";
src = fetchurl {
url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz";
- sha512 = "0mj9b6190amln9rg89x5pq2n195s3v0gzicpdamv1kbabg69aw5m71l34jsjn7bqil7405l6l35x9ijnb3h4jz5vx2i00l8sl1ll2xm";
+ sha512 = "tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==";
};
};
- "safe-buffer-5.1.1" = {
+ "safe-buffer-5.1.2" = {
name = "safe-buffer";
packageName = "safe-buffer";
- version = "5.1.1";
+ version = "5.1.2";
src = fetchurl {
- url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz";
- sha512 = "1p28rllll1w65yzq5azi4izx962399xdsdlfbaynn7vmp981hiss05jhiy9hm7sbbfk3b4dhlcv0zy07fc59mnc07hdv6wcgqkcvawh";
+ url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz";
+ sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==";
+ };
+ };
+ "safe-buffer-5.2.0" = {
+ name = "safe-buffer";
+ packageName = "safe-buffer";
+ version = "5.2.0";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz";
+ sha512 = "fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==";
+ };
+ };
+ "safer-buffer-2.1.2" = {
+ name = "safer-buffer";
+ packageName = "safer-buffer";
+ version = "2.1.2";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz";
+ sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==";
};
};
"sax-1.2.4" = {
@@ -568,25 +514,16 @@ let
version = "1.2.4";
src = fetchurl {
url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz";
- sha512 = "1dn291mjsda42w8kldlbmngk6dhjxfbvvd5lckyqmwbjaj6069iq3wx0nvcfglwnpddz2qa93lzf4hv77iz43bd2qixa079sjzl799n";
+ sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==";
};
};
- "sntp-2.1.0" = {
- name = "sntp";
- packageName = "sntp";
- version = "2.1.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/sntp/-/sntp-2.1.0.tgz";
- sha512 = "0k2smmr24w5hb1cpql6vcgh58vzp4pmh9anf0bgz3arlsgq1mapnlq9fjqr6xs10aq1cmxaw987fwknqi62frax0fvs9bj3q3kmpg8l";
- };
- };
- "sshpk-1.14.1" = {
+ "sshpk-1.16.1" = {
name = "sshpk";
packageName = "sshpk";
- version = "1.14.1";
+ version = "1.16.1";
src = fetchurl {
- url = "https://registry.npmjs.org/sshpk/-/sshpk-1.14.1.tgz";
- sha1 = "130f5975eddad963f1d56f92b9ac6c51fa9f83eb";
+ url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz";
+ sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==";
};
};
"string_decoder-1.1.1" = {
@@ -595,25 +532,16 @@ let
version = "1.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz";
- sha512 = "315yd4vzwrwk3vwj1klf46y1cj2jbvf88066y2rnwhksb98phj46jkxixbwsp3h607w7czy7cby522s7sx8mvspdpdm3s72y2ga3x4z";
+ sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==";
};
};
- "stringstream-0.0.5" = {
- name = "stringstream";
- packageName = "stringstream";
- version = "0.0.5";
- src = fetchurl {
- url = "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz";
- sha1 = "4e484cd4de5a0bbbee18e46307710a8a81621878";
- };
- };
- "tough-cookie-2.3.4" = {
+ "tough-cookie-2.4.3" = {
name = "tough-cookie";
packageName = "tough-cookie";
- version = "2.3.4";
+ version = "2.4.3";
src = fetchurl {
- url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz";
- sha512 = "0ncm6j3cjq1f26mzjf04k9bkw1b08w53s4qa3a11c1bdj4pgnqv1422c1xs5jyy6y1psppjx52fhagq5zkjkgrcpdkxcdiry96r77jd";
+ url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz";
+ sha512 = "Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ==";
};
};
"tunnel-agent-0.6.0" = {
@@ -634,6 +562,15 @@ let
sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64";
};
};
+ "uri-js-4.2.2" = {
+ name = "uri-js";
+ packageName = "uri-js";
+ version = "4.2.2";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz";
+ sha512 = "KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==";
+ };
+ };
"util-deprecate-1.0.2" = {
name = "util-deprecate";
packageName = "util-deprecate";
@@ -643,13 +580,13 @@ let
sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf";
};
};
- "uuid-3.2.1" = {
+ "uuid-3.3.3" = {
name = "uuid";
packageName = "uuid";
- version = "3.2.1";
+ version = "3.3.3";
src = fetchurl {
- url = "https://registry.npmjs.org/uuid/-/uuid-3.2.1.tgz";
- sha512 = "0843vl1c974n8kw5kn0kvhvhwk8y8jydr0xkwwl2963xxmkw4ingk6xj9c8m48jw2i95giglxzq5aw5v5mij9kv7fzln8pxav1cr6cd";
+ url = "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz";
+ sha512 = "pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ==";
};
};
"verror-1.10.0" = {
@@ -676,16 +613,16 @@ in
sources."addressparser-1.0.1"
sources."array-indexofobject-0.0.1"
sources."core-util-is-1.0.2"
- sources."inherits-2.0.3"
+ sources."inherits-2.0.4"
sources."isarray-1.0.0"
sources."lodash.assign-4.2.0"
sources."lodash.get-4.4.2"
sources."lodash.has-4.5.2"
sources."lodash.uniq-4.5.0"
- sources."mri-1.1.0"
- sources."process-nextick-args-2.0.0"
+ sources."mri-1.1.4"
+ sources."process-nextick-args-2.0.1"
sources."readable-stream-2.3.6"
- sources."safe-buffer-5.1.1"
+ sources."safe-buffer-5.1.2"
sources."sax-1.2.4"
sources."string_decoder-1.1.1"
sources."util-deprecate-1.0.2"
@@ -698,29 +635,32 @@ in
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
form-data = nodeEnv.buildNodePackage {
name = "form-data";
packageName = "form-data";
- version = "2.3.2";
+ version = "3.0.0";
src = fetchurl {
- url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz";
- sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099";
+ url = "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz";
+ sha512 = "CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==";
};
dependencies = [
sources."asynckit-0.4.0"
- sources."combined-stream-1.0.6"
+ sources."combined-stream-1.0.8"
sources."delayed-stream-1.0.0"
- sources."mime-db-1.33.0"
- sources."mime-types-2.1.18"
+ sources."mime-db-1.42.0"
+ sources."mime-types-2.1.25"
];
buildInputs = globalBuildInputs;
meta = {
description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.";
+ homepage = "https://github.com/form-data/form-data#readme";
license = "MIT";
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
irc = nodeEnv.buildNodePackage {
name = "irc";
@@ -732,8 +672,8 @@ in
};
dependencies = [
sources."iconv-2.2.3"
- sources."irc-colors-1.4.2"
- sources."nan-2.10.0"
+ sources."irc-colors-1.5.0"
+ sources."nan-2.14.0"
sources."node-icu-charset-detector-0.2.0"
];
buildInputs = globalBuildInputs;
@@ -744,69 +684,66 @@ in
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
request = nodeEnv.buildNodePackage {
name = "request";
packageName = "request";
- version = "2.85.0";
+ version = "2.88.0";
src = fetchurl {
- url = "https://registry.npmjs.org/request/-/request-2.85.0.tgz";
- sha512 = "2d3hg10zs5ycnr8prmiwdhacf88fl0x0bi6szs0z2r07zcbk419laixwpjp8sqapbc2ifyyih7p3r60wgr58bmcncz3pqnx523c8zph";
+ url = "https://registry.npmjs.org/request/-/request-2.88.0.tgz";
+ sha512 = "NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg==";
};
dependencies = [
- sources."ajv-5.5.2"
- sources."asn1-0.2.3"
+ sources."ajv-6.10.2"
+ sources."asn1-0.2.4"
sources."assert-plus-1.0.0"
sources."asynckit-0.4.0"
sources."aws-sign2-0.7.0"
- sources."aws4-1.6.0"
- sources."bcrypt-pbkdf-1.0.1"
- sources."boom-4.3.1"
+ sources."aws4-1.8.0"
+ sources."bcrypt-pbkdf-1.0.2"
sources."caseless-0.12.0"
- sources."co-4.6.0"
- sources."combined-stream-1.0.6"
+ sources."combined-stream-1.0.8"
sources."core-util-is-1.0.2"
- (sources."cryptiles-3.1.2" // {
- dependencies = [
- sources."boom-5.2.0"
- ];
- })
sources."dashdash-1.14.1"
sources."delayed-stream-1.0.0"
- sources."ecc-jsbn-0.1.1"
- sources."extend-3.0.1"
+ sources."ecc-jsbn-0.1.2"
+ sources."extend-3.0.2"
sources."extsprintf-1.3.0"
- sources."fast-deep-equal-1.1.0"
+ sources."fast-deep-equal-2.0.1"
sources."fast-json-stable-stringify-2.0.0"
sources."forever-agent-0.6.1"
- sources."form-data-2.3.2"
+ sources."form-data-2.3.3"
sources."getpass-0.1.7"
sources."har-schema-2.0.0"
- sources."har-validator-5.0.3"
- sources."hawk-6.0.2"
- sources."hoek-4.2.1"
+ sources."har-validator-5.1.3"
sources."http-signature-1.2.0"
sources."is-typedarray-1.0.0"
sources."isstream-0.1.2"
sources."jsbn-0.1.1"
sources."json-schema-0.2.3"
- sources."json-schema-traverse-0.3.1"
+ sources."json-schema-traverse-0.4.1"
sources."json-stringify-safe-5.0.1"
sources."jsprim-1.4.1"
- sources."mime-db-1.33.0"
- sources."mime-types-2.1.18"
- sources."oauth-sign-0.8.2"
+ sources."mime-db-1.42.0"
+ sources."mime-types-2.1.25"
+ sources."oauth-sign-0.9.0"
sources."performance-now-2.1.0"
- sources."punycode-1.4.1"
- sources."qs-6.5.1"
- sources."safe-buffer-5.1.1"
- sources."sntp-2.1.0"
- sources."sshpk-1.14.1"
- sources."stringstream-0.0.5"
- sources."tough-cookie-2.3.4"
+ sources."psl-1.4.0"
+ sources."punycode-2.1.1"
+ sources."qs-6.5.2"
+ sources."safe-buffer-5.2.0"
+ sources."safer-buffer-2.1.2"
+ sources."sshpk-1.16.1"
+ (sources."tough-cookie-2.4.3" // {
+ dependencies = [
+ sources."punycode-1.4.1"
+ ];
+ })
sources."tunnel-agent-0.6.0"
sources."tweetnacl-0.14.5"
- sources."uuid-3.2.1"
+ sources."uri-js-4.2.2"
+ sources."uuid-3.3.3"
sources."verror-1.10.0"
];
buildInputs = globalBuildInputs;
@@ -817,28 +754,24 @@ in
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
shell-quote = nodeEnv.buildNodePackage {
name = "shell-quote";
packageName = "shell-quote";
- version = "1.6.1";
+ version = "1.7.2";
src = fetchurl {
- url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.6.1.tgz";
- sha1 = "f4781949cce402697127430ea3b3c5476f481767";
+ url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz";
+ sha512 = "mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==";
};
- dependencies = [
- sources."array-filter-0.0.1"
- sources."array-map-0.0.0"
- sources."array-reduce-0.0.0"
- sources."jsonify-0.0.0"
- ];
buildInputs = globalBuildInputs;
meta = {
description = "quote and parse shell commands";
- homepage = "https://github.com/substack/node-shell-quote#readme";
+ homepage = https://github.com/substack/node-shell-quote;
license = "MIT";
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
}
\ No newline at end of file
diff --git a/krebs/5pkgs/simple/newsbot-js/update.sh b/krebs/5pkgs/simple/newsbot-js/update.sh
index 0c1ecc58c..ee7e43f1a 100755
--- a/krebs/5pkgs/simple/newsbot-js/update.sh
+++ b/krebs/5pkgs/simple/newsbot-js/update.sh
@@ -1,2 +1,4 @@
-node2nix -8 -i pkgs.json -c combine.nix
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p nodePackages.node2nix
+node2nix -12 -i pkgs.json -c combine.nix
rm node-env.nix combine.nix
diff --git a/krebs/5pkgs/simple/tinc_graphs/default.nix b/krebs/5pkgs/simple/tinc_graphs/default.nix
index 20bbc53ba..025e85df0 100644
--- a/krebs/5pkgs/simple/tinc_graphs/default.nix
+++ b/krebs/5pkgs/simple/tinc_graphs/default.nix
@@ -2,15 +2,17 @@
python3Packages.buildPythonPackage rec {
name = "tinc_graphs-${version}";
- version = "0.3.10";
+ version = "0.3.11";
+
propagatedBuildInputs = with pkgs;[
python3Packages.pygeoip
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
];
src = fetchurl {
url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz";
- sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc";
+ sha256 = "0akvi2srwqny3cd4b9ghssq8wi4kcxd2khabnnvylzs1s9i28fpa";
};
+
preFixup = with pkgs;''
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin"
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 4829bec1d..fa22e2747 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "7827d3f4497ed722fedca57fd4d5ca1a65c38256",
- "date": "2019-11-03T11:21:05+01:00",
- "sha256": "1ixjkb2ksri83iyhvl4a7hrfnb8zd3ps5jmirgaa7b617jn31cg6",
+ "rev": "3140fa89c51233397f496f49014f6b23216667c2",
+ "date": "2019-12-05T01:28:43+01:00",
+ "sha256": "18p0d5lnfvzsyfah02mf6bi249990pfwnylwhqdh8qi70ncrk3f8",
"fetchSubmodules": false
}
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 7fe43b4b5..446f27007 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31",
- "date": "2019-10-31T21:10:56+01:00",
- "sha256": "15fwszhn6078sbrb8qk83g8afvh4qnmvff0qbkbvq3cm1fxni2w1",
+ "rev": "45ea60922036b7be302b95d107595f6eb5cd0675",
+ "date": "2019-12-10T12:38:05+01:00",
+ "sha256": "11wm7af6ab2979z8yrpcprb6d99kbrjq44a48ayi4a7c58a2xb6q",
"fetchSubmodules": false
}
diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh
index 068da5f6f..592023f20 100755
--- a/krebs/update-nixpkgs-unstable.sh
+++ b/krebs/update-nixpkgs-unstable.sh
@@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--rev refs/heads/nixos-unstable' \
> $dir/nixpkgs-unstable.json
newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev"
+git commit $dir/nixpkgs-unstable.json -m "nixpkgs-unstable: $oldrev -> $newrev"
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 1a98fc058..2b4158211 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -11,4 +11,7 @@
useChecksum = true;
};
});
+ nixpkgs-unstable = lib.mkForce {
+ file.path = "/var/empty";
+ };
}
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
index f57d275d8..d4a389a4a 100644
--- a/lass/1systems/hilum/config.nix
+++ b/lass/1systems/hilum/config.nix
@@ -10,6 +10,7 @@
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
];
krebs.build.host = config.krebs.hosts.hilum;
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 86727700f..46f0892a2 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
@@ -21,6 +22,18 @@
<stockholm/lass/2configs/ssh-cryptsetup.nix>
];
+ #media center
+ users.users.media = {
+ isNormalUser = true;
+ uid = genid_uint31 "media";
+ extraGroups = [ "video" "audio" ];
+ };
+
+ services.xserver.displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "media";
+ };
+
krebs.build.host = config.krebs.hosts.icarus;
programs.adb.enable = true;
}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index f4c011dcf..cde65ea6c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -110,14 +110,13 @@ with import <stockholm/lib>;
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
containers.hotdog = {
config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
- autoStart = true;
+ autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
@@ -265,13 +264,9 @@ with import <stockholm/lib>;
{
users.users.download.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout"
+ config.krebs.users.palo.pubkey
];
}
- {
- }
{
lass.nichtparasoup.enable = true;
services.nginx = {
@@ -322,6 +317,7 @@ with import <stockholm/lib>;
services.murmur.registerName = "lassul.us";
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
+ { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
];
}
@@ -342,6 +338,19 @@ with import <stockholm/lib>;
localAddress = "10.233.2.14";
};
+ services.nginx.virtualHosts."lassul.us".locations."^~ /flix/".extraConfig = ''
+ if ($scheme != "https") {
+ rewrite ^ https://$host$request_uri permanent;
+ }
+ auth_basic "Restricted Content";
+ auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
+ krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
+ ''};
+ proxy_pass http://10.233.2.14:80/;
+ proxy_set_header Accept-Encoding "";
+ sub_filter "https://lassul.us/" "https://lassul.us/flix/";
+ sub_filter_once off;
+ '';
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
if ($scheme != "https") {
rewrite ^ https://$host$request_uri permanent;
@@ -350,6 +359,7 @@ with import <stockholm/lib>;
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
''};
+ proxy_pass_header X-Transmission-Session-Id;
proxy_pass http://10.233.2.14:9091;
'';
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index ad510283f..b3de15837 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -18,14 +18,11 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/green-host.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/gg23.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
-
#media center
users.users.media = {
isNormalUser = true;
@@ -38,77 +35,7 @@ with import <stockholm/lib>;
user = "media";
};
- #hass
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; }
- # zerotierone
- { predicate = "-p udp --dport 9993"; target = "ACCEPT"; }
- ];
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
- services.home-assistant = let
- tasmota_s20 = name: topic: {
- platform = "mqtt";
- inherit name;
- state_topic = "stat/${topic}/POWER";
- command_topic = "cmnd/${topic}/POWER";
- payload_on = "ON";
- payload_off = "OFF";
- };
- in {
- enable = true;
- package = pkgs.home-assistant.override {
- python3 = pkgs.python36;
- #extraComponents = [
- # (pkgs.fetchgit {
- # url = "https://github.com/marcschumacher/dwd_pollen";
- # rev = "0.1";
- # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
- # })
- #];
- };
- config = {
- homeassistant = {
- name = "Home"; time_zone = "Europe/Berlin";
- latitude = "48.7687";
- longitude = "9.2478";
- elevation = 247;
- };
- sun.elevation = 66;
- discovery = {};
- frontend = { };
- mqtt = {
- broker = "localhost";
- port = 1883;
- client_id = "home-assistant";
- username = "gg23";
- password = "gg23-mqtt";
- keepalive = 60;
- protocol = 3.1;
- };
- sensor = [
- ];
- switch = [
- (tasmota_s20 "Drucker Strom" "drucker")
- (tasmota_s20 "Bett Licht" "bett")
- ];
- device_tracker = [
- {
- platform = "luci";
- }
- ];
- };
- };
-
- services.mosquitto = {
- enable = true;
- host = "0.0.0.0";
- allowAnonymous = false;
- checkPasswords = true;
- users.gg23 = {
- password = "gg23-mqtt";
- acl = [ "topic readwrite #" ];
- };
- };
- environment.systemPackages = [ pkgs.mosquitto ];
}
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 7cfeba932..39a4d9661 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -46,5 +46,6 @@
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0"
'';
}
diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix
index e4ccffe23..6e0a2385c 100644
--- a/lass/2configs/br.nix
+++ b/lass/2configs/br.nix
@@ -19,7 +19,7 @@ with import <stockholm/lib>;
netDevices = {
bra = {
model = "MFCL2700DN";
- ip = "10.42.23.221";
+ ip = "10.42.0.4";
};
};
};
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
index 5f802148b..e55090de9 100644
--- a/lass/2configs/codimd.nix
+++ b/lass/2configs/codimd.nix
@@ -1,6 +1,5 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
-
{
services.nginx.virtualHosts.codimd = {
enableACME = true;
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
new file mode 100644
index 000000000..2ec7b94d3
--- /dev/null
+++ b/lass/2configs/gg23.nix
@@ -0,0 +1,134 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ networking.networkmanager.unmanaged = [ "int0" ];
+ networking.interfaces.int0.ipv4.addresses = [{
+ address = "10.42.0.1";
+ prefixLength = 24;
+ }];
+
+ services.dhcpd4 = {
+ enable = true;
+ interfaces = [ "int0" ];
+ extraConfig = ''
+ option subnet-mask 255.255.255.0;
+ option routers 10.42.0.1;
+ option domain-name-servers 10.42.0.1;
+ subnet 10.42.0.0 netmask 255.255.255.0 {
+ range 10.42.0.100 10.42.0.200;
+ }
+ '';
+ machines = [
+ { ethernetAddress = "c8:3d:d4:2c:40:ae"; hostName = "tv"; ipAddress = "10.42.0.3"; }
+ { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; }
+ { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-bett"; ipAddress = "10.42.0.10"; }
+ { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; }
+ { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-kueche"; ipAddress = "10.42.0.12"; }
+ { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; }
+ { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; }
+ ];
+ };
+
+ services.dnsmasq = {
+ enable = true;
+ resolveLocalQueries = false;
+
+ extraConfig = ''
+ local=/gg23/
+ domain=gg23
+ expand-hosts
+ listen-address=10.42.0.1
+ interface=int0
+ '';
+ };
+
+ boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+ { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+ { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
+ { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; }
+ { v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; }
+ ];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; precedence = 1000; }
+ ];
+ krebs.iptables.tables.nat.POSTROUTING.rules = [
+ { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; }
+ ];
+
+ services.home-assistant = let
+ tasmota_s20 = name: topic: {
+ platform = "mqtt";
+ inherit name;
+ state_topic = "stat/${topic}/POWER";
+ command_topic = "cmnd/${topic}/POWER";
+ payload_on = "ON";
+ payload_off = "OFF";
+ };
+ in {
+ enable = true;
+ package = pkgs.home-assistant.override {
+ python3 = pkgs.python36;
+ #extraComponents = [
+ # (pkgs.fetchgit {
+ # url = "https://github.com/marcschumacher/dwd_pollen";
+ # rev = "0.1";
+ # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
+ # })
+ #];
+ };
+ config = {
+ homeassistant = {
+ name = "Home"; time_zone = "Europe/Berlin";
+ latitude = "48.7687";
+ longitude = "9.2478";
+ elevation = 247;
+ };
+ sun.elevation = 66;
+ discovery = {};
+ frontend = { };
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ username = "gg23";
+ password = "gg23-mqtt";
+ keepalive = 60;
+ protocol = 3.1;
+ };
+ sensor = [
+ ];
+ switch = [
+ (tasmota_s20 "Drucker Strom" "drucker")
+ (tasmota_s20 "Bett Licht" "bett")
+ (tasmota_s20 "Kueche Licht" "kueche")
+ ];
+ device_tracker = [
+ {
+ platform = "luci";
+ }
+ ];
+ };
+ };
+
+ services.mosquitto = {
+ enable = true;
+ host = "0.0.0.0";
+ allowAnonymous = false;
+ checkPasswords = true;
+ users.gg23 = {
+ password = "gg23-mqtt";
+ acl = [ "topic readwrite #" ];
+ };
+ };
+ environment.systemPackages = [ pkgs.mosquitto ];
+
+}
+
diff --git a/lass/5pkgs/autowifi b/lass/5pkgs/autowifi
new file mode 160000
index 000000000..cf3ae8f6f
--- /dev/null
+++ b/lass/5pkgs/autowifi
@@ -0,0 +1 @@
+Subproject commit cf3ae8f6fe285eab67db4f36f9a3da3762c35317
diff --git a/lass/5pkgs/autowifi/autowifi.py b/lass/5pkgs/autowifi/autowifi.py
deleted file mode 100644
index fa3d007e7..000000000
--- a/lass/5pkgs/autowifi/autowifi.py
+++ /dev/null
@@ -1,228 +0,0 @@
-import subprocess
-import time
-import urllib.request
-import logging
-import argparse
-import socket
-import struct
-import signal
-import os
-
-wifiDB = ''
-logger = logging.getLogger()
-got_signal = False
-
-
-def signal_handler(signum, frame):
- global got_signal
- got_signal = True
-
-
-def get_default_gateway() -> str:
- """Read the default gateway directly from /proc."""
- with open("/proc/net/route") as fh:
- for line in fh:
- fields = line.strip().split()
- if fields[1] != '00000000' or not int(fields[3], 16) & 2:
- continue
-
- return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16)))
-
-
-def connect(ssid, psk=None):
- subprocess.run(
- ["nmcli", "connection", "delete", "autowifi"],
- stdout=subprocess.PIPE,
- )
- logging.info('connecting to %s', ssid)
- if psk is None:
- subprocess.run(
- [
- "nmcli",
- "device",
- "wifi",
- "connect",
- ssid,
- "name",
- "autowifi",
- ],
- stdout=subprocess.PIPE,
- )
- else:
- subprocess.run(
- [
- "nmcli",
- "device",
- "wifi",
- "connect",
- ssid,
- "name",
- "autowifi",
- "password",
- psk,
- ],
- stdout=subprocess.PIPE,
- )
- time.sleep(5)
-
-
-def scan():
- logging.debug('scanning wifis')
- wifis_raw = subprocess.check_output([
- "nmcli",
- "-t",
- "device",
- "wifi",
- "list",
- "--rescan",
- "yes",
- ])
- wifis_list = wifis_raw.split(b'\n')
- logging.debug('scanning wifis finished')
- wifis = []
- for line in wifis_list:
- logging.debug(line)
- ls = line.split(b':')
- if len(ls) == 8:
- wifis.append({
- "ssid": ls[1],
- "signal": int(ls[5]),
- "crypto": ls[7]
- })
- return wifis
-
-
-def get_known_wifis():
- wifis_lines = []
- with open(wifiDB) as f:
- wifis_lines = f.read().splitlines()
- wifis = []
- for line in wifis_lines:
- ls = line.split('/')
- wifis.append({"ssid": ls[0].encode(), "psk": ls[1].encode()})
- return wifis
-
-
-def check_network():
- logging.debug('checking network')
-
- global got_signal
- if got_signal:
- logging.info('got disconnect signal')
- got_signal = False
- return False
- else:
- gateway = get_default_gateway()
- if gateway:
- response = subprocess.run(
- [
- 'ping',
- '-q',
- '-c',
- '1',
- gateway,
- ],
- stdout=subprocess.PIPE,
- )
- if response.returncode == 0:
- logging.debug('host %s is up', gateway)
- return True
- else:
- logging.debug('host %s is down', gateway)
- return False
- else:
- logging.debug('no gateway')
- return False
-
-
-def check_internet():
- logging.debug('checking internet')
-
- try:
- with open('./dummy_internet') as f:
- dummy_content = f.read()
- if dummy_content == 'xxx\n':
- return True
- beacon = urllib.request.urlopen('http://krebsco.de/secret')
- except Exception as e: # noqa
- logging.debug(e)
- logging.info('no internet exc')
- return False
- if beacon.read() == b'1337\n':
- return True
- logging.info('no internet oh')
- return False
-
-
-def is_wifi_open(wifi):
- if wifi['crypto'] == b'':
- return True
- else:
- return False
-
-
-def is_wifi_seen(wifi, seen_wifis):
- for seen_wifi in seen_wifis:
- if seen_wifi["ssid"] == wifi["ssid"]:
- return True
- return False
-
-
-def main():
- parser = argparse.ArgumentParser()
-
- parser.add_argument(
- '-c', '--config',
- dest='config',
- help='wifi config file to use',
- default='/etc/wifis',
- )
-
- parser.add_argument(
- '-l', '--loglevel',
- dest='loglevel',
- help='loglevel to use',
- default=logging.INFO,
- )
-
- parser.add_argument(
- '-p', '--pidfile',
- dest='pidfile',
- help='file to write the pid to',
- default=None,
- )
-
- args = parser.parse_args()
-
- global wifiDB
- wifiDB = args.config
- logger.setLevel(args.loglevel)
-
- signal.signal(signal.SIGUSR1, signal_handler)
-
- if args.pidfile:
- with open(args.pidfile, 'w+') as f:
- f.write(str(os.getpid()))
-
- while True:
- if not check_network():
- wifis = scan()
- known_wifis = get_known_wifis()
- known_seen_wifis = [
- wifi for wifi in known_wifis if is_wifi_seen(wifi, wifis)
- ]
- for wifi in known_seen_wifis:
- connect(wifi['ssid'], wifi['psk'])
- if check_network():
- break
- open_wifis = filter(is_wifi_open, wifis)
- for wifi in open_wifis:
- connect(wifi['ssid'])
-
- if check_network():
- break
- time.sleep(10)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lass/5pkgs/autowifi/default.nix b/lass/5pkgs/autowifi/default.nix
deleted file mode 100644
index d565a6bb6..000000000
--- a/lass/5pkgs/autowifi/default.nix
+++ /dev/null
@@ -1 +0,0 @@
-pkgs.writers.writePython3Bin "autowifi" {} ./autowifi.py
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
index fdf203d5b..6c4f62310 100644
--- a/makefu/1systems/iso/config.nix
+++ b/makefu/1systems/iso/config.nix
@@ -3,20 +3,32 @@
with import <stockholm/lib>;
{
imports = [
- <stockholm/makefu>
+ #<stockholm/makefu>
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
- <stockholm/makefu/2configs/tools/core.nix>
+ # <stockholm/makefu/2configs/tools/core.nix>
+ ./justdoit.nix
+ {
+ kexec.justdoit = {
+ # bootSize = 512;
+ rootDevice = "/dev/sdb";
+ swapSize = 1024;
+ bootType = "vfat";
+ luksEncrypt = true;
+ uefi = true;
+ };
+ }
];
+ boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
- # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
- krebs.build.host = { cores = 0; };
+ # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
+ #krebs.build.host = { cores = 0; };
isoImage.isoBaseName = lib.mkForce "stockholm";
- krebs.hidden-ssh.enable = true;
- environment.systemPackages = with pkgs; [
- aria2
- ddrescue
- ];
+ #krebs.hidden-ssh.enable = true;
+ # environment.systemPackages = with pkgs; [
+ # aria2
+ # ddrescue
+ # ];
environment.extraInit = ''
EDITOR=vim
'';
diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix
new file mode 100644
index 000000000..7947953f9
--- /dev/null
+++ b/makefu/1systems/iso/justdoit.nix
@@ -0,0 +1,128 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ cfg = config.kexec.justdoit;
+ x = if cfg.nvme then "p" else "";
+in {
+ options = {
+ kexec.justdoit = {
+ rootDevice = mkOption {
+ type = types.str;
+ default = "/dev/sda";
+ description = "the root block device that justdoit will nuke from orbit and force nixos onto";
+ };
+ bootSize = mkOption {
+ type = types.int;
+ default = 256;
+ description = "size of /boot in mb";
+ };
+ bootType = mkOption {
+ type = types.enum [ "ext4" "vfat" "zfs" ];
+ default = "ext4";
+ };
+ swapSize = mkOption {
+ type = types.int;
+ default = 1024;
+ description = "size of swap in mb";
+ };
+ poolName = mkOption {
+ type = types.str;
+ default = "tank";
+ description = "zfs pool name";
+ };
+ luksEncrypt = mkOption {
+ type = types.bool;
+ default = false;
+ description = "encrypt all of zfs and swap";
+ };
+ uefi = mkOption {
+ type = types.bool;
+ default = false;
+ description = "create a uefi install";
+ };
+ nvme = mkOption {
+ type = types.bool;
+ default = false;
+ description = "rootDevice is nvme";
+ };
+ };
+ };
+ config = let
+ mkBootTable = {
+ ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT";
+ vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT";
+ zfs = "";
+ };
+ in lib.mkIf true {
+ system.build.justdoit = pkgs.writeScriptBin "justdoit" ''
+ #!${pkgs.stdenv.shell}
+ set -e
+ vgchange -a n
+ wipefs -a ${cfg.rootDevice}
+ dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000
+ sfdisk ${cfg.rootDevice} <<EOF
+ label: gpt
+ device: ${cfg.rootDevice}
+ unit: sectors
+ ${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"}
+ ${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"}
+ 2 : size=${toString (2048 * cfg.swapSize)}, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F
+ 3 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
+ EOF
+ ${if cfg.luksEncrypt then ''
+ cryptsetup luksFormat ${cfg.rootDevice}${x}2
+ cryptsetup open --type luks ${cfg.rootDevice}${x}2 swap
+ cryptsetup luksFormat ${cfg.rootDevice}${x}3
+ cryptsetup open --type luks ${cfg.rootDevice}${x}3 root
+ export ROOT_DEVICE=/dev/mapper/root
+ export SWAP_DEVICE=/dev/mapper/swap
+ '' else ''
+ export ROOT_DEVICE=${cfg.rootDevice}${x}3
+ export SWAP_DEVICE=${cfg.rootDevice}${x}2
+ ''}
+ ${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"}
+ mkdir -p /mnt
+ ${mkBootTable.${cfg.bootType}}
+ mkswap $SWAP_DEVICE -L NIXOS_SWAP
+ zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE
+ zfs create -o mountpoint=legacy ${cfg.poolName}/root
+ zfs create -o mountpoint=legacy ${cfg.poolName}/home
+ zfs create -o mountpoint=legacy ${cfg.poolName}/nix
+ swapon $SWAP_DEVICE
+ mount -t zfs ${cfg.poolName}/root /mnt/
+ mkdir /mnt/{home,nix,boot}
+ mount -t zfs ${cfg.poolName}/home /mnt/home/
+ mount -t zfs ${cfg.poolName}/nix /mnt/nix/
+ ${lib.optionalString (cfg.bootType != "zfs") "mount $NIXOS_BOOT /mnt/boot/"}
+ nixos-generate-config --root /mnt/
+ hostId=$(echo $(head -c4 /dev/urandom | od -A none -t x4))
+ cp ${./target-config.nix} /mnt/etc/nixos/configuration.nix
+ cat > /mnt/etc/nixos/generated.nix <<EOF
+ { ... }:
+ {
+ ${if cfg.uefi then ''
+ boot.loader.grub.efiInstallAsRemovable = true;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.device = "nodev";
+ '' else ''
+ boot.loader.grub.device = "${cfg.rootDevice}";
+ ''}
+ networking.hostId = "$hostId"; # required for zfs use
+ ${lib.optionalString cfg.luksEncrypt ''
+ boot.initrd.luks.devices = [
+ { name = "swap"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
+ { name = "root"; device = "${cfg.rootDevice}${x}3"; preLVM = true; }
+ ];
+ ''}
+ }
+ EOF
+ nixos-install
+ umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt
+ zpool export ${cfg.poolName}
+ swapoff $SWAP_DEVICE
+ '';
+ environment.systemPackages = [ config.system.build.justdoit ];
+ boot.supportedFilesystems = [ "zfs" ];
+ };
+}
diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix
new file mode 100644
index 000000000..ba4e3207b
--- /dev/null
+++ b/makefu/1systems/iso/target-config.nix
@@ -0,0 +1,40 @@
+{ ... }:
+
+{
+ imports = [ ./hardware-configuration.nix ./generated.nix ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+ boot.zfs.forceImportRoot = false;
+ boot.zfs.forceImportAll = false;
+ boot.kernelParams = [
+ "boot.shell_on_fail"
+ "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+ ];
+ users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
+ boot.tmpOnTmpfs = true;
+ programs.bash.enableCompletion = true;
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ # minimal
+ programs.command-not-found.enable = false;
+ time.timeZone = "Europe/Berlin";
+ programs.ssh.startAgent = false;
+ nix.useSandbox = true;
+ users.mutableUsers = false;
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+ services.openssh.enable = true;
+ i18n = {
+ consoleKeyMap = "us";
+ defaultLocale = "en_US.UTF-8";
+ };
+ boot.kernel.sysctl = {
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+ services.nscd.enable = false;
+}
diff --git a/makefu/2configs/nginx/share-download.nix b/makefu/2configs/nginx/dl.euer.krebsco.de.nix
similarity index 100%
rename from makefu/2configs/nginx/share-download.nix
rename to makefu/2configs/nginx/dl.euer.krebsco.de.nix
diff --git a/mb/1systems/gr33n/configuration.nix b/mb/1systems/gr33n/configuration.nix
deleted file mode 100644
index dcf987791..000000000
--- a/mb/1systems/gr33n/configuration.nix
+++ /dev/null
@@ -1,144 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.gr33n;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.allowUnfree = true;
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override {
- pkcs11Support = true;
- useSystemd = false;
- };
- };
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- environment.systemPackages = with pkgs; [
- curl
- fish
- git
- htop
- nmap
- ranger
- tcpdump
- tmux
- traceroute
- tree
- vim
- wcalc
- wget
- xz
- zbackup
- ];
-
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
-
- sound.enable = false;
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- services.codimd = {
- enable = true;
- workDir = "/storage/codimd";
- configuration = {
- port = 1337;
- host = "0.0.0.0";
- db = {
- dialect = "sqlite";
- storage = "/storage/codimd/db.codimd.sqlite";
- };
- };
- };
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/gr33n/hardware-configuration.nix b/mb/1systems/gr33n/hardware-configuration.nix
deleted file mode 100644
index 1d13b8dc7..000000000
--- a/mb/1systems/gr33n/hardware-configuration.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- boot.initrd.mdadmConf = ''
- ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 name=gr33n:0 UUID=5b715fd9:0be6bfa6:19f07db4:c16836d6
- devices=/dev/sda1,/dev/sdb1,/dev/sdc1,/dev/sdd1
- '';
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/a9f2c19b-f60f-450c-87f1-146a54c4198b";
- fsType = "ext4";
- };
- fileSystems."/storage" =
- { device = "/dev/disk/by-label/storage";
- fsType = "ext4";
- };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/93EB-BCA3";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix
deleted file mode 100644
index b43bd8a0f..000000000
--- a/mb/1systems/orange/configuration.nix
+++ /dev/null
@@ -1,238 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- <stockholm/mb/2configs/nvim.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.orange;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/09a36f91-a713-4b82-8b41-4e7a6acc4acf";
- preLVM = true;
- allowDiscards = true;
- }
- ];
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
-
- # Select internationalisation properties.
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- environment.systemPackages = with pkgs; [
- adapta-gtk-theme
- aircrackng
- ag
- arandr
- binutils
- chromium
- cifs-utils
- curl
- evince
- exfat
- feh
- file
- firefox
- freetype
- gimp
- git
- gnupg
- graphite2
- hicolor_icon_theme
- htop
- i3lock
- jq
- keepassx2
- kvm
- lxappearance
- man-pages
- moc
- mpv
- mpvc
- mupdf
- ncdu
- nmap
- openvpn
- pass
- p7zip
- powertop
- ranger
- rofi
- sshfs
- tcpdump
- tmux
- traceroute
- tree
- unstable.alacritty
- unstable.ponyc
- unstable.sublime3
- unstable.youtube-dl
- virt-viewer
- virtmanager
- vulnix
- wcalc
- wget
- xz
- zbackup
- ];
-
- environment.variables = {
- EDITOR = ["nvim"];
- };
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- virtualisation.libvirtd.enable = true;
- #virtualisation.kvmgt.enable = true;
-
- programs.gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
-
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
- nixpkgs.config.pulseaudio = true;
-
- services.xserver = {
- enable = true;
- layout = "de";
- xkbVariant = "nodeadkeys";
- libinput.enable = true;
- desktopManager = {
- default = "xfce";
- xterm.enable = false;
- xfce = {
- enable = true;
- noDesktop = true;
- enableXfwm = false;
- };
- };
- windowManager.ratpoison.enable = true;
- };
-
- services.openssh.enable = true;
- #services.openssh.permitRootLogin = "yes";
- services.openssh.passwordAuthentication = false;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- #networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.maxJobs = 4;
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/orange/hardware-configuration.nix b/mb/1systems/orange/hardware-configuration.nix
deleted file mode 100644
index 8aa191269..000000000
--- a/mb/1systems/orange/hardware-configuration.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b1d32c54-35f8-4bf1-9fd2-82adc760af01";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/BF9B-03A2";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
-}
diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix
deleted file mode 100644
index 19efc75b0..000000000
--- a/mb/1systems/p1nk/configuration.nix
+++ /dev/null
@@ -1,227 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- <stockholm/mb/2configs/nvim.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.p1nk;
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7";
- preLVM = true;
- allowDiscards = true;
- }
- ];
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- adapta-gtk-theme
- aircrackng
- ag
- arandr
- binutils
- chromium
- cifs-utils
- curl
- evince
- exfat
- feh
- file
- firefox
- freetype
- gimp
- git
- gnupg
- graphite2
- hicolor_icon_theme
- htop
- i3lock
- jq
- keepassx2
- kvm
- lxappearance
- man-pages
- moc
- mpv
- mpvc
- mupdf
- ncdu
- nmap
- openvpn
- pass
- p7zip
- powertop
- ranger
- rofi
- sshfs
- tcpdump
- tmux
- traceroute
- tree
- unstable.alacritty
- unstable.ponyc
- unstable.sublime3
- youtube-dl
- virt-viewer
- virtmanager
- vulnix
- wcalc
- wget
- xz
- zbackup
- ];
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- virtualisation.libvirtd.enable = true;
- virtualisation.kvmgt.enable = true;
-
- programs.gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
-
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
-
- services.xserver = {
- enable = true;
- layout = "de";
- xkbOptions = "nodeadkeys";
- libinput.enable = true;
- desktopManager = {
- default = "xfce";
- xterm.enable = false;
- xfce = {
- enable = true;
- noDesktop = true;
- enableXfwm = false;
- };
- };
- windowManager.ratpoison.enable = true;
- windowManager.pekwm.enable = true;
- };
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- krebs.iptables.enable = true;
- networking.networkmanager.enable = false;
- networking.wireless.enable = true;
- networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.maxJobs = 4;
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/p1nk/hardware-configuration.nix b/mb/1systems/p1nk/hardware-configuration.nix
deleted file mode 100644
index ab5b6e204..000000000
--- a/mb/1systems/p1nk/hardware-configuration.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/9F87-AEAA";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix
deleted file mode 100644
index 3c5c56c84..000000000
--- a/mb/1systems/rofl/configuration.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- <stockholm/mb/2configs/google-compute-config.nix>
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.rofl;
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- environment.systemPackages = with pkgs; [
- curl
- fish
- git
- htop
- nmap
- ranger
- tcpdump
- tmux
- traceroute
- tree
- vim
- xz
- zbackup
- ];
-
- sound.enable = false;
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix
deleted file mode 100644
index 633d122ea..000000000
--- a/mb/1systems/sunsh1n3/configuration.nix
+++ /dev/null
@@ -1,181 +0,0 @@
-
-{ config, pkgs, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.sunsh1n3;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21";
- preLVM = true;
- allowDiscards = true;
- }
- ];
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.packageOverrides = super : {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- environment.systemPackages = with pkgs; [
- wget vim git curl fish
- ag
- chromium
- firefox
- gimp
- p7zip
- htop
- mpv
- mpvc
- nmap
- ntfs3g
- keepassx2
- sshfs
- #unstable.skrooge
- skrooge
- unstable.alacritty
- tmux
- tree
- wcalc
- virtmanager
- virt-viewer
- (wine.override { wineBuild = "wineWow"; })
- xz
- zbackup
- ];
-
- virtualisation.libvirtd.enable = true;
- virtualisation.kvmgt.enable = true;
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
-
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
- programs.dconf.enable = true;
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- krebs.iptables.enable = true;
- #networking.wireless.enable = true;
- networking.networkmanager.enable = true;
- networking.enableIPv6 = false;
-
- # Enable sound.
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
- nixpkgs.config.pulseaudio = true;
-
- services.xserver.enable = true;
- services.xserver.layout = "de";
- services.xserver.xkbOptions = "nodeadkeys";
- services.xserver.libinput.enable = true;
-
- # Enable the KDE Desktop Environment.
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.buildCores = 4;
-
- system.stateVersion = "19.09";
-
-}
diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix
deleted file mode 100644
index 2beee7c4f..000000000
--- a/mb/1systems/sunsh1n3/hardware-configuration.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/60A6-4DAB";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix
deleted file mode 100644
index 3066d1c36..000000000
--- a/mb/2configs/default.nix
+++ /dev/null
@@ -1,222 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-{
- imports = [
- {
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- mb = {
- name = "mb";
- uid = 1337;
- home = "/home/mb";
- group = "users";
- createHome = true;
- shell = "/run/current-system/sw/bin/fish";
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "kvm"
- "qemu-libvirtd"
- "libvirtd"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- xo = {
- name = "xo";
- uid = 2323;
- home = "/home/xo";
- group = "users";
- createHome = true;
- shell = "/run/current-system/sw/bin/fish";
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "kvm"
- "qemu-libvirtd"
- "libvirtd"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- ];
-
- networking.hostName = config.krebs.build.host.name;
-
- krebs = {
- enable = true;
- build.user = config.krebs.users.mb;
- };
-
- users.mutableUsers = true;
-
- services.timesyncd.enable = mkForce true;
-
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- git-preview
- gnumake
- jq
- parallel
- proot
- populate
-
- #style
- most
- rxvt_unicode.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
- tcpdump
-
- #stuff for dl
- aria2
-
- #neat utils
- fish
- file
- kpaste
- krebspaste
- mosh
- pciutils
- psmisc
- tmux
- untilport
- usbutils
-
- #unpack stuff
- p7zip
-
- (pkgs.writeDashBin "sshn" ''
- ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
- '')
- ];
-
- services.openssh = {
- enable = true;
- permitRootLogin = "yes";
- passwordAuthentication = false;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
- };
-}
diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix
deleted file mode 100644
index b201bd4b8..000000000
--- a/mb/2configs/google-compute-config.nix
+++ /dev/null
@@ -1,231 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
- gce = pkgs.google-compute-engine;
-in
-{
- imports = [
- ./headless.nix
- ./qemu-guest.nix
- ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-label/nixos";
- autoResize = true;
- };
-
- boot.growPartition = true;
- boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
- boot.initrd.kernelModules = [ "virtio_scsi" ];
- boot.kernelModules = [ "virtio_pci" "virtio_net" ];
-
- # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
- boot.loader.grub.device = "/dev/sda";
- boot.loader.timeout = 0;
-
- # Don't put old configurations in the GRUB menu. The user has no
- # way to select them anyway.
- boot.loader.grub.configurationLimit = 0;
-
- # Allow root logins only using the SSH key that the user specified
- # at instance creation time.
- #services.openssh.enable = true;
- #services.openssh.permitRootLogin = "prohibit-password";
- #services.openssh.passwordAuthentication = mkDefault false;
-
- # Use GCE udev rules for dynamic disk volumes
- services.udev.packages = [ gce ];
-
- # Force getting the hostname from Google Compute.
- networking.hostName = mkDefault "";
-
- # Always include cryptsetup so that NixOps can use it.
- environment.systemPackages = [ pkgs.cryptsetup ];
-
- # Make sure GCE image does not replace host key that NixOps sets
- environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
- [InstanceSetup]
- set_host_keys = false
- '';
-
- # Rely on GCP's firewall instead
- networking.firewall.enable = mkDefault false;
-
- # Configure default metadata hostnames
- networking.extraHosts = ''
- 169.254.169.254 metadata.google.internal metadata
- '';
-
- networking.timeServers = [ "metadata.google.internal" ];
-
- networking.usePredictableInterfaceNames = false;
-
- # GC has 1460 MTU
- networking.interfaces.eth0.mtu = 1460;
-
- security.googleOsLogin.enable = true;
-
- systemd.services.google-clock-skew-daemon = {
- description = "Google Compute Engine Clock Skew Daemon";
- after = [
- "network.target"
- "google-instance-setup.service"
- "google-network-setup.service"
- ];
- requires = ["network.target"];
- wantedBy = ["multi-user.target"];
- serviceConfig = {
- Type = "simple";
- ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
- };
- };
-
- systemd.services.google-instance-setup = {
- description = "Google Compute Engine Instance Setup";
- after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
- before = ["sshd.service"];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "sshd.service" "multi-user.target" ];
- path = with pkgs; [ ethtool openssh ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_instance_setup --debug";
- Type = "oneshot";
- };
- };
-
- systemd.services.google-network-daemon = {
- description = "Google Compute Engine Network Daemon";
- after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- requires = ["network.target"];
- partOf = ["network.target"];
- wantedBy = [ "multi-user.target" ];
- path = with pkgs; [ iproute ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_network_daemon --debug";
- };
- };
-
- systemd.services.google-shutdown-scripts = {
- description = "Google Compute Engine Shutdown Scripts";
- after = [
- "local-fs.target"
- "network-online.target"
- "network.target"
- "rsyslog.service"
- "systemd-resolved.service"
- "google-instance-setup.service"
- "google-network-daemon.service"
- ];
- wants = [ "local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${pkgs.coreutils}/bin/true";
- ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
- Type = "oneshot";
- RemainAfterExit = true;
- TimeoutStopSec = "infinity";
- };
- };
-
- systemd.services.google-startup-scripts = {
- description = "Google Compute Engine Startup Scripts";
- after = [
- "local-fs.target"
- "network-online.target"
- "network.target"
- "rsyslog.service"
- "google-instance-setup.service"
- "google-network-daemon.service"
- ];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
- KillMode = "process";
- Type = "oneshot";
- };
- };
-
-
- # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
- boot.kernel.sysctl = {
- # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
- # of TCP functionality/features under normal conditions. When flood
- # protections kick in under high unanswered-SYN load, the system
- # should remain more stable, with a trade off of some loss of TCP
- # functionality/features (e.g. TCP Window scaling).
- "net.ipv4.tcp_syncookies" = mkDefault "1";
-
- # ignores source-routed packets
- "net.ipv4.conf.all.accept_source_route" = mkDefault "0";
-
- # ignores source-routed packets
- "net.ipv4.conf.default.accept_source_route" = mkDefault "0";
-
- # ignores ICMP redirects
- "net.ipv4.conf.all.accept_redirects" = mkDefault "0";
-
- # ignores ICMP redirects
- "net.ipv4.conf.default.accept_redirects" = mkDefault "0";
-
- # ignores ICMP redirects from non-GW hosts
- "net.ipv4.conf.all.secure_redirects" = mkDefault "1";
-
- # ignores ICMP redirects from non-GW hosts
- "net.ipv4.conf.default.secure_redirects" = mkDefault "1";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.ip_forward" = mkDefault "0";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.conf.all.send_redirects" = mkDefault "0";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.conf.default.send_redirects" = mkDefault "0";
-
- # reverse path filtering - IP spoofing protection
- "net.ipv4.conf.all.rp_filter" = mkDefault "1";
-
- # reverse path filtering - IP spoofing protection
- "net.ipv4.conf.default.rp_filter" = mkDefault "1";
-
- # ignores ICMP broadcasts to avoid participating in Smurf attacks
- "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
-
- # ignores bad ICMP errors
- "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
-
- # logs spoofed, source-routed, and redirect packets
- "net.ipv4.conf.all.log_martians" = mkDefault "1";
-
- # log spoofed, source-routed, and redirect packets
- "net.ipv4.conf.default.log_martians" = mkDefault "1";
-
- # implements RFC 1337 fix
- "net.ipv4.tcp_rfc1337" = mkDefault "1";
-
- # randomizes addresses of mmap base, heap, stack and VDSO page
- "kernel.randomize_va_space" = mkDefault "2";
-
- # Reboot the machine soon after a kernel panic.
- "kernel.panic" = mkDefault "10";
-
- ## Not part of the original config
-
- # provides protection from ToCToU races
- "fs.protected_hardlinks" = mkDefault "1";
-
- # provides protection from ToCToU races
- "fs.protected_symlinks" = mkDefault "1";
-
- # makes locating kernel addresses more difficult
- "kernel.kptr_restrict" = mkDefault "1";
-
- # set ptrace protections
- "kernel.yama.ptrace_scope" = mkOverride 500 "1";
-
- # set perf only available to root
- "kernel.perf_event_paranoid" = mkDefault "2";
- };
-}
diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix
deleted file mode 100644
index 46a9b6a7d..000000000
--- a/mb/2configs/headless.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Common configuration for headless machines (e.g., Amazon EC2
-# instances).
-
-{ lib, ... }:
-
-with lib;
-
-{
- boot.vesa = false;
-
- # Don't start a tty on the serial consoles.
- systemd.services."serial-getty@ttyS0".enable = false;
- systemd.services."serial-getty@hvc0".enable = false;
- systemd.services."getty@tty1".enable = false;
- systemd.services."autovt@".enable = false;
-
- # Since we can't manually respond to a panic, just reboot.
- boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
-
- # Don't allow emergency mode, because we don't have a console.
- systemd.enableEmergencyMode = false;
-
- # Being headless, we don't need a GRUB splash image.
- boot.loader.grub.splashImage = null;
-}
diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc
deleted file mode 100644
index 8dbeaec7b..000000000
--- a/mb/2configs/neovimrc
+++ /dev/null
@@ -1,446 +0,0 @@
-
-"*****************************************************************************
-"" Functions
-"*****************************************************************************
-
-function! GetBufferList()
- redir =>buflist
- silent! ls!
- redir END
- return buflist
-endfunction
-
-function! ToggleList(bufname, pfx)
- let buflist = GetBufferList()
- for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))')
- if bufwinnr(bufnum) != -1
- exec(a:pfx.'close')
- return
- endif
- endfor
- if a:pfx == 'l' && len(getloclist(0)) == 0
- echohl ErrorMsg
- echo "Location List is Empty."
- return
- endif
- let winnr = winnr()
- exec(a:pfx.'open')
- if winnr() != winnr
- wincmd p
- endif
-endfunction
-
-
-"*****************************************************************************
-"" Basic Setup
-"*****************************************************************************"
-" General
-let no_buffers_menu=1
-syntax on
-set ruler
-set number
-set mousemodel=popup
-set t_Co=256
-set guioptions=egmrti
-set gfn=Monospace\ 10
-
-" TODO: Testing if this works against automatically setting paste mode
-" Issue: https://github.com/neovim/neovim/issues/7994
-au InsertLeave * set nopaste
-
-
-" undofile - This allows you to use undos after exiting and restarting
-" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo
-" :help undo-persistence
-if exists("+undofile")
- if isdirectory($HOME . '/.vim/undo') == 0
- :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1
- endif
- set undodir=./.vim-undo//
- set undodir+=~/.vim/undo//
- set undofile
-endif
-
-" Encoding
-set encoding=utf-8
-set fileencoding=utf-8
-set fileencodings=utf-8
-set bomb
-set binary
-
-" Fix backspace indent
-set backspace=indent,eol,start
-
-" Tabs. May be overriten by autocmd rules
-set tabstop=4
-set softtabstop=0
-set shiftwidth=4
-set expandtab
-
-" Map leader to ,
-let mapleader=','
-
-" Enable hidden buffers
-set hidden
-
-" Searching
-set hlsearch
-set incsearch
-set ignorecase
-set smartcase
-
-" Directories for swp files
-set nobackup
-set noswapfile
-
-set fileformats=unix,dos,mac
-
-" File overview
-set wildmode=list:longest,list:full
-set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__
-
-" Shell to emulate
-if exists('$SHELL')
- set shell=$SHELL
-else
- set shell=/bin/bash
-endif
-
-" Set color scheme
-colorscheme molokai
-
-"Show always Status bar
-set laststatus=2
-
-" Use modeline overrides
-set modeline
-set modelines=10
-
-" Set terminal title
-set title
-set titleold="Terminal"
-set titlestring=%F
-
-" search will center on the line it's found in.
-nnoremap n nzzzv
-nnoremap N Nzzzv
-
-
-
-"*****************************************************************************
-"" Abbreviations
-"*****************************************************************************
-" no one is really happy until you have this shortcuts
-cnoreabbrev W! w!
-cnoreabbrev Q! q!
-cnoreabbrev Qall! qall!
-cnoreabbrev Wq wq
-cnoreabbrev Wa wa
-cnoreabbrev wQ wq
-cnoreabbrev WQ wq
-cnoreabbrev W w
-cnoreabbrev Q q
-cnoreabbrev Qall qall
-
-" NERDTree configuration
-let g:NERDTreeChDirMode=2
-let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__']
-let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$']
-let g:NERDTreeShowBookmarks=1
-let g:nerdtree_tabs_focus_on_files=1
-let g:NERDTreeMapOpenInTabSilent = '<RightMouse>'
-let g:NERDTreeWinSize = 50
-set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite
-nnoremap <silent> <F1> :NERDTreeFind<CR>
-nnoremap <silent> <F2> :NERDTreeToggle<CR>
-
-" open terminal emulation
-nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR>
-
-"*****************************************************************************
-"" Autocmd Rules
-"*****************************************************************************
-"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines
-augroup vimrc-sync-fromstart
- autocmd!
- autocmd BufEnter * :syntax sync maxlines=200
-augroup END
-
-" Nasm filetype
-augroup nasm
- autocmd!
- autocmd BufRead,BufNewFile *.nasm set ft=nasm
-augroup END
-
-" Binary filetype
-augroup Binary
- au!
- au BufReadPre *.bin,*.exe,*.elf let &bin=1
- au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd
- au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif
- au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r
- au BufWritePre *.bin,*.exe,*.elf endif
- au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd
- au BufWritePost *.bin,*.exe,*.elf set nomod | endif
-augroup END
-
-" Binary filetype
-augroup fasm
- au!
- au BufReadPost *.fasm set ft=fasm
-augroup END
-
-augroup deoplete-update
- autocmd!
- autocmd VimEnter * UpdateRemotePlugin
-augroup END
-
-"" Remember cursor position
-augroup vimrc-remember-cursor-position
- autocmd!
- autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
-augroup END
-
-"" txt
-" augroup vimrc-wrapping
-" autocmd!
-" autocmd BufRead,BufNewFile *.txt call s:setupWrapping()
-" augroup END
-
-"" make/cmake
-augroup vimrc-make-cmake
- autocmd!
- autocmd FileType make setlocal noexpandtab
- autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake
-augroup END
-
-set autoread
-
-"*****************************************************************************
-"" Mappings
-"*****************************************************************************
-
-" Split
-noremap <Leader>h :<C-u>split<CR>
-noremap <Leader>v :<C-u>vsplit<CR>
-
-" Git
-noremap <Leader>ga :Gwrite<CR>
-noremap <Leader>gc :Gcommit<CR>
-noremap <Leader>gsh :Gpush<CR>
-noremap <Leader>gll :Gpull<CR>
-noremap <Leader>gs :Gstatus<CR>
-noremap <Leader>gb :Gblame<CR>
-noremap <Leader>gd :Gvdiff<CR>
-noremap <Leader>gr :Gremove<CR>
-
-" Tabs
-nnoremap <Tab> gt
-nnoremap <S-Tab> gT
-nnoremap <silent> <S-t> :tabnew<CR>
-
-" Set working directory
-nnoremap <leader>. :lcd %:p:h<CR>
-
-" Opens an edit command with the path of the currently edited file filled in
-noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
-
-" Opens a tab edit command with the path of the currently edited file filled
-noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR>
-
-" Tagbar
-nmap <silent> <F3> :TagbarToggle<CR>
-let g:tagbar_autofocus = 1
-
-" Copy/Paste/Cut
-set clipboard^=unnamed,unnamedplus
-
-noremap YY "+y<CR>
-noremap <leader>p "+gP<CR>
-noremap XX "+x<CR>
-
-" Enable mouse for vim
-set mouse=a
-
-" Buffer nav
-noremap <leader>z :bp<CR>
-noremap <leader>q :bp<CR>
-noremap <leader>x :bn<CR>
-noremap <leader>w :bn<CR>
-
-" Close buffer
-noremap <leader>c :bd<CR>
-
-" Clean search (highlight)
-nnoremap <silent> <leader><space> :noh<cr>
-
-" Switching windows
-noremap <C-j> <C-w>j
-noremap <C-k> <C-w>k
-noremap <C-l> <C-w>l
-noremap <C-h> <C-w>h
-
-" Vmap for maintain Visual Mode after shifting > and <
-vmap < <gv
-vmap > >gv
-
-" Move visual block
-vnoremap J :m '>+1<CR>gv=gv
-vnoremap K :m '<-2<CR>gv=gv
-
-" Open current line on GitHub
-nnoremap <Leader>o :.Gbrowse<CR>
-
-
-" Save on strg+s if not in paste mode
-nmap <c-s> :w<CR>
-vmap <c-s> <Esc><c-s>gv
-imap <c-s> <Esc><c-s>
-
-" Quit on strg+q in normal mode
-nnoremap <c-q> :q<cr>
-
-" Strg+d to replace word under cursor
-nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left>
-
-" Strg+f ro find word under cursor
-nnoremap <c-f> :/<C-r><C-w><Left><Left>
-
-" Remove unneccessary spaces
-nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR>
-
-" Reindent whole file with F6
-map <F6> mzgg=G`z
-
-" Toggle location list
-nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR>
-
-" Replacing text in visual mode doesn't copy it anymore
-xmap p <Plug>ReplaceWithRegisterVisual
-xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual
-
-" ALE mappings
-nmap <Leader>i <Plug>(ale_hover)
-nmap <Leader>d <Plug>(ale_go_to_definition_in_tab)
-nmap <Leader>rf <Plug>(ale_find_references)
-nmap <silent><F7> <Plug>(ale_fix)
-
-" Vim-Go mappings
-au FileType go nmap <Leader>i :GoDoc<cr>
-au FileType go nmap <Leader>d :GoDef<cr>
-au FileType go nmap <Leader>rf :GoReferrers<cr>
-
-
-"" Opens an edit command with the path of the currently edited file filled in
-noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
-
-" Use tab for navigatin in autocompletion window
-inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>"
-inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>"
-
-
-"*****************************************************************************
-"" Plugin settings
-"*****************************************************************************
-
-" vim-airline
-set statusline+=%{fugitive#statusline()}
-let g:airline_theme = 'powerlineish'
-let g:airline#extensions#syntastic#enabled = 1
-let g:airline#extensions#branch#enabled = 1
-let g:airline#extensions#tabline#enabled = 1
-let g:airline#extensions#tagbar#enabled = 1
-let g:airline_skip_empty_sections = 1
-let g:airline#extensions#ale#enabled = 1
-
-" show indent lines
-let g:indent_guides_enable_on_vim_startup = 1
-let g:indent_guides_auto_colors = 0
-hi IndentGuidesOdd ctermbg=235
-hi IndentGuidesEven ctermbg=235
-let g:indent_guides_guide_size = 1
-let g:indent_guides_start_level = 2
-
-" Enable autocompletion
-let g:deoplete#enable_at_startup = 1
-set completeopt-=preview
-
-" Ale no preview on hover
-let g:ale_close_preview_on_insert = 0
-let g:ale_cursor_detail = 0
-
-" Ale skip if file size over 2G
-let g:ale_maximum_file_size = "2147483648"
-
-" Ale to loclist and quickfix
-let g:ale_set_quickfix = 1
-" let g:ale_set_loclist = 1
-
-
-" Ale language server
-let g:ale_linters = {
- \ 'python': ['pyls'],
- \ 'c': ['cquery'],
- \ 'cpp': ['cquery'],
- \ 'xml': ['xmllint']
- \ }
-
-
-" ALE fixers
-let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] }
-let g:ale_fixers.python = ['black']
-let g:ale_fixers.go = ['gofmt']
-let g:ale_fixers.c = ['clang-format']
-let g:ale_fixers.cpp = ['clang-format']
-let g:ale_fixers.json = ['jq']
-let g:ale_fixers.xml = ['xmllint']
-
-let g:ale_completion_enabled = 1
-let g:ale_sign_error = '⤫'
-let g:ale_sign_warning = '⚠'
-let g:ale_lint_on_insert_leave = 1
-
-" Vim-Go Settings
-let g:go_auto_sameids = 1
-let g:go_fmt_command = "goimports"
-let g:go_auto_type_info = 1
-
-" Disable syntastic for langserver supported languages
-let g:syntastic_mode_map = {
- \ "mode": "active",
- \ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ]
- \ }
-let g:syntastic_always_populate_loc_list = 1
-let g:syntastic_auto_loc_list = 2
-let g:syntastic_aggregate_errors = 1
-let g:syntastic_check_on_open = 1
-let g:syntastic_check_on_wq = 0
-let g:syntastic_error_symbol='✗'
-let g:syntastic_warning_symbol='⚠'
-let g:syntastic_style_error_symbol = '✗'
-let g:syntastic_style_warning_symbol = '⚠'
-
-"*****************************************************************************
-"" Shortcuts overview
-"*****************************************************************************
-" Shortcuts overview
-" F1 --> Filetree find
-" F2 --> Filetree toggle
-" F3 --> Function overview
-" F4 --> Toggle error bar
-
-" F5 --> Remove trailing whitespaces
-" F6 --> Reindent whole file
-" F7 --> Format and lint file
-" ,i --> Information about function
-" ,d --> Jump to definition
-" ,r --> Rename in all occurences
-" ,rf --> Find references of function/variable
-" ,e --> Change current file
-" ,te --> Open file in new tab
-" strg+f --> Find current selected word
-" strg+d --> Replace current selected word
-" strg+s --> Save file
-" strg+q --> Close current file
-" space+, --> Stop highlighting words after search
-
diff --git a/mb/2configs/nvim.nix b/mb/2configs/nvim.nix
deleted file mode 100644
index a8e4173e2..000000000
--- a/mb/2configs/nvim.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ pkgs, config, ... }: let
- #unstable = import <nixos-unstable> { };
-in
-
-{
- environment.variables = {
- EDITOR = ["nvim"];
- };
-
- nixpkgs.config.packageOverrides = pkgs: with pkgs;{
- neovim_custom = neovim.override {
- configure = {
- customRC = builtins.readFile ./neovimrc;
-
- packages.myVimPackage = with pkgs.vimPlugins;
- {
- # loaded on launch
- start = [
- nerdtree # file manager
- commentary # comment stuff out based on language
- fugitive # full git integration
- vim-airline-themes # lean & mean status/tabline
- vim-airline # status bar
- gitgutter # git diff in the gutter (sign column)
- vim-trailing-whitespace # trailing whitspaces in red
- tagbar # F3 function overview
- syntastic # Fallback to singlethreaded but huge syntax support
- ReplaceWithRegister # For better copying/replacing
- polyglot # Language pack
- vim-indent-guides # for displaying indent levels
- ale # threaded language client
- vim-go # go linting
- deoplete-go # go autocompletion completion
- deoplete-nvim # general autocompletion
- molokai # color scheme
- ];
-
- # manually loadable by calling `:packadd $plugin-name`
- opt = [];
- };
- };
- };
- };
-
- environment.systemPackages = with pkgs; [
- ctags
- neovim_custom
- jq # For fixing json files
- xxd # .bin files will be displayed with xxd
- shellcheck # Shell linting
- ansible-lint # Ansible linting
- unzip # To vim into unzipped files
- nodePackages.jsonlint # json linting
- #python36Packages.python-language-server # python linting
- #python36Packages.pyls-mypy # Python static type checker
- #python36Packages.black # Python code formatter
- #python37Packages.yamllint # For linting yaml files
- #python37Packages.libxml2 # For fixing yaml files
- cquery # C/C++ support
- clang-tools # C++ fixer
- ];
-
- fonts = {
- fonts = with pkgs; [
- font-awesome_5
- ];
- };
-
-}
-
diff --git a/mb/2configs/qemu-guest.nix b/mb/2configs/qemu-guest.nix
deleted file mode 100644
index 315d04093..000000000
--- a/mb/2configs/qemu-guest.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-# Common configuration for virtual machines running under QEMU (using
-# virtio).
-
-{ ... }:
-
-{
- boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
- boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
-
- boot.initrd.postDeviceCommands =
- ''
- # Set the system time from the hardware clock to work around a
- # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
- # to the *boot time* of the host).
- hwclock -s
- '';
-
- security.rngd.enable = false;
-}
diff --git a/mb/2configs/retiolum.nix b/mb/2configs/retiolum.nix
deleted file mode 100644
index 5a87d52af..000000000
--- a/mb/2configs/retiolum.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = let
- tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
- in [
- { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enableLegacy = true;
- enable = true;
- connectTo = [
- "prism"
- "gum"
- "ni"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-
- environment.systemPackages = [
- pkgs.tinc
- ];
-}
diff --git a/mb/2configs/tests/dummy-secrets/retiolum.rsa b/mb/2configs/tests/dummy-secrets/retiolum.rsa
deleted file mode 100644
index 99a4033f6..000000000
--- a/mb/2configs/tests/dummy-secrets/retiolum.rsa
+++ /dev/null
@@ -1,4 +0,0 @@
-
------BEGIN RSA PRIVATE KEY-----
-this is a private key
------END RSA PRIVATE KEY-----
diff --git a/mb/3modules/default.nix b/mb/3modules/default.nix
deleted file mode 100644
index 99d09d4ec..000000000
--- a/mb/3modules/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-_:
-{
- imports = [
- ./hosts.nix
- ];
-}
diff --git a/mb/3modules/hosts.nix b/mb/3modules/hosts.nix
deleted file mode 100644
index 5dc9b5ca4..000000000
--- a/mb/3modules/hosts.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.mb.hosts = mkOption {
- type = types.attrsOf types.host;
- default =
- filterAttrs (_: host: host.owner.name == "mb" && host.ci)
- config.krebs.hosts;
- };
-}
diff --git a/mb/5pkgs/default.nix b/mb/5pkgs/default.nix
deleted file mode 100644
index 3fa5b5e85..000000000
--- a/mb/5pkgs/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-# Import files and subdirectories like they are overlays.
-foldl' mergeAttrs {}
- (map
- (name: import (./. + "/${name}") self super)
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))))
diff --git a/mb/default.nix b/mb/default.nix
deleted file mode 100644
index 0bec0c2c2..000000000
--- a/mb/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
-{
- imports = [
- ../krebs
- ./2configs
- ./3modules
- ];
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
- krebs.tinc.retiolum.privkey = {
- source-path = toString <secrets> + "/${config.krebs.tinc.retiolum.netname}.rsa";
- path = "${config.krebs.tinc.retiolum.user.home}/tinc.rsa_key.priv";
- owner = config.krebs.tinc.retiolum.user;
- };
-}
diff --git a/mb/krops.nix b/mb/krops.nix
deleted file mode 100644
index cb9ab3fdb..000000000
--- a/mb/krops.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
-
- host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then
- import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; }
- else
- {}
- ;
-
- source = { test }: lib.evalSource ([
- (krebs-source { test = test; })
- {
- nixos-config.symlink = "stockholm/mb/1systems/${name}/configuration.nix";
- nixpkgs-unstable.git = {
- url = "https://github.com/nixos/nixpkgs-channels";
- ref = "nixos-unstable";
- };
- secrets = if test then {
- file = toString ./2configs/tests/dummy-secrets;
- } else {
- pass = {
- dir = "${lib.getEnv "HOME"}/.password-store";
- name = "hosts/${name}";
- };
- };
- }
- ] ++ (lib.optional (! test) host-source));
-
-in {
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
- deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
- source = source { test = false; };
- inherit target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
- populate = { target, force ? false }: pkgs.populate {
- inherit force;
- source = source { test = false; };
- target = lib.mkTarget target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- force = true;
- inherit target;
- source = source { test = true; };
- };
-}
diff --git a/submodules/krops b/submodules/krops
index 2dc172530..f2f8cbf1a 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit 2dc172530965ea4f1ead8ff166004c5734daee1f
+Subproject commit f2f8cbf1afcb2c26d11e5f82c0b523b2cb10205c
diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix
index a89f07e8a..86f9b7ec2 100644
--- a/tv/1systems/nomic/config.nix
+++ b/tv/1systems/nomic/config.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/exim-retiolum.nix>
<stockholm/tv/2configs/gitrepos.nix>
- <stockholm/tv/2configs/im.nix>
<stockholm/tv/2configs/mail-client.nix>
<stockholm/tv/2configs/nginx/public_html.nix>
<stockholm/tv/2configs/pulse.nix>
diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix
deleted file mode 100644
index 82f1be042..000000000
--- a/tv/2configs/im.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
- environment.systemPackages = with pkgs; [
- (pkgs.writeDashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- ];
- services.bitlbee = {
- enable = true;
- plugins = [
- pkgs.bitlbee-facebook
- ];
- };
-}
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index db2cdcd1f..5be1beef8 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -5,6 +5,7 @@
./ejabberd
./focus.nix
./hosts.nix
+ ./im.nix
./iptables.nix
./slock.nix
./x0vncserver.nix
diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix
new file mode 100644
index 000000000..8cb137510
--- /dev/null
+++ b/tv/3modules/im.nix
@@ -0,0 +1,110 @@
+{ config, pkgs, ... }: let
+ im = config.tv.im;
+ lib = import <stockholm/lib>;
+in {
+ options = {
+ tv.im.client.enable = lib.mkEnableOption "tv.im.client" // {
+ default = config.krebs.build.host.name == im.client.host.name;
+ };
+ tv.im.client.term = lib.mkOption {
+ default = "rxvt-unicode-256color";
+ type = lib.types.filename;
+ };
+ tv.im.client.useIPv6 = lib.mkEnableOption "tv.im.client.useIPv6" // {
+ default = true;
+ };
+ tv.im.client.host = lib.mkOption {
+ default = config.krebs.hosts.xu;
+ type = lib.types.host;
+ };
+ tv.im.client.user = lib.mkOption {
+ default = config.krebs.users.tv;
+ type = lib.types.user;
+ };
+
+ tv.im.server.enable = lib.mkEnableOption "tv.im.server" // {
+ default = config.krebs.build.host.name == im.server.host.name;
+ };
+ tv.im.server.host = lib.mkOption {
+ default = config.krebs.hosts.nomic;
+ type = lib.types.host;
+ };
+ tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // {
+ default = true;
+ };
+ tv.im.server.weechat.relay.enable =
+ lib.mkEnableOption "tv.im.server.weechat.relay";
+ tv.im.server.user = lib.mkOption {
+ default = config.krebs.users.tv;
+ type = lib.types.user;
+ };
+ };
+ imports = [
+ (lib.mkIf im.client.enable {
+ users.users.${im.client.user.name}.packages = [
+ (pkgs.writeDashBin "im" ''
+ ${if im.server.mosh.enable then /* sh */ ''
+ exec ${pkgs.mosh}/bin/mosh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ env TERM=${im.client.term} im
+ '' else /* sh */ ''
+ exec ${pkgs.openssh}/bin/ssh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ -t \
+ im
+ ''}
+ '')
+ ];
+ })
+ (lib.mkIf im.server.enable {
+ services.bitlbee = {
+ enable = true;
+ plugins = [
+ pkgs.bitlbee-facebook
+ ];
+ };
+ users.users.${im.server.user.name}.packages = [
+ pkgs.mosh
+ (pkgs.writeDashBin "im" ''
+ export PATH=${lib.makeSearchPath "bin" [
+ pkgs.tmux
+ pkgs.gnugrep
+ pkgs.weechat
+ ]}
+ if tmux list-sessions -F\#S | grep -q '^im''$'; then
+ exec tmux attach -t im
+ else
+ exec tmux new -s im weechat
+ fi
+ '')
+ ];
+ })
+ (lib.mkIf im.server.mosh.enable {
+ krebs.setuid.utempter = {
+ filename = "${pkgs.libutempter}/lib/utempter/utempter";
+ owner = "nobody";
+ group = "utmp";
+ mode = "2111";
+ };
+ tv.iptables.extra4.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip4.addr} -p udp --dport 60000:61000 -j ACCEPT"
+ ];
+ tv.iptables.extra6.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT"
+ ];
+ })
+ (lib.mkIf im.server.weechat.relay.enable {
+ krebs.iana-etc.services = {
+ "9001".tcp.name = "weechat-ssl";
+ };
+ tv.iptables.extra4.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip4.addr} -p tcp -m tcp --dport 9001 -j ACCEPT"
+ ];
+ tv.iptables.extra6.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip6.addr} -p tcp -m tcp --dport 9001 -j ACCEPT"
+ ];
+ })
+ ];
+}