From 9829d8ff9790c194e9acb3b50f2523d389402592 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 17 Oct 2019 02:28:06 +0200
Subject: [PATCH 01/67] ma pkgs._4nxci: bump to 4.03
---
makefu/5pkgs/_4nxci/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/5pkgs/_4nxci/default.nix b/makefu/5pkgs/_4nxci/default.nix
index dafa37ff6..47c02aca4 100644
--- a/makefu/5pkgs/_4nxci/default.nix
+++ b/makefu/5pkgs/_4nxci/default.nix
@@ -1,11 +1,11 @@
{ stdenv, lib, fetchFromGitHub, mbedtls, python2, perl }:
let
- version = "1.35";
+ version = "4.03";
src = fetchFromGitHub {
owner = "The-4n";
repo = "4NXCI";
rev = "v${version}";
- sha256 = "0yq0irxzi4wi71ajw8ld01zfpkrgknpq7g3m76pbnwmdzkm7dra6";
+ sha256 = "0n49sqv6s8cj2dw1dbcyskfc2zr92p27f1bdd6jqfbawv0fqr1wf";
};
mymbedtls = stdenv.mkDerivation {
From 002913eb9bb516f0f39ef6ca26593953145d42e1 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Mon, 21 Oct 2019 23:55:22 +0200
Subject: [PATCH 02/67] external: change palos ssh key
---
krebs/3modules/external/palo.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/external/palo.nix b/krebs/3modules/external/palo.nix
index e81dd9b58..aea1792f4 100644
--- a/krebs/3modules/external/palo.nix
+++ b/krebs/3modules/external/palo.nix
@@ -78,7 +78,7 @@ in {
};
users = {
palo = {
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBYNJVuyyZmc2pCkLWjhl0/hMMb7elmI81/9LAGtk8Tz4TmVderTMohwQkaTYznwPOPuKfU1sSMLCB8rYXdAO5nqWC4bGjXJ/+D8/UKfGjSqRQ7UkfpOF3NAm+pqUSFjaVXi1BWd+jxmsD0uRks0PyNSywZfgjn5LYpD3SpxyFy/17P/PJ9vX6PELjeYvNGH3l5cXDwYky3ZZJol7quBJ5yrA6I536A4wNDzg2ow+MRVu51/nIJdnbbsC/dDHgmdRWnStOzvsA+xSEMeKvLW3CaSPINr/bMGxOPrefr79bg59gkw9Wxp51fkx0o18N1liTRfWXau+GFNGMxFluELhfGXYOH9HLedLt8H38zs5vgJ9IY+tlOzMKud5njiNkuG503AiqY2H7coN7VeVA5+6L7tmwFbCMhPal4MS0VKHNBmCTDY5QMURYUajKiUh8n5IcbuTsPM+lEszm16g5iB+XQ1vpjza5ds6DRL1H6pUF/UpUzYUlqh2RnE+CyLsFO2MB/o72NoSWRfmn7/nsg6eEg/9kSn+dwj2ythjuEkMG28Yhm/XjaGnuAE/ZpIeRDozIQNGcHpzPHMd95olfNJW7+fLi+CvSFZa9l+tdS8PoRnCdHOsO4zvESJZ2rDn0Zt0Az6XNRJfYTABDlYPGCnWN4vmlnEJqQARSSiKBDhSgPw== palo@workout";
+ pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
};
};
}
From f8d1d7f938fcdeb18fc2abb97c586c1cccf6fcf1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 23 Oct 2019 00:49:48 +0200
Subject: [PATCH 03/67] reaktor2: fix invalid character crash
---
krebs/3modules/reaktor2.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix
index 9ab207d88..837a9bea7 100644
--- a/krebs/3modules/reaktor2.nix
+++ b/krebs/3modules/reaktor2.nix
@@ -53,6 +53,9 @@ with import <stockholm/lib>;
systemd.services = flip mapAttrs' config.krebs.reaktor2 (_: cfg:
nameValuePair cfg.systemd-service-name {
after = [ "network.target" ];
+ environment = {
+ LC_ALL = "en_US.UTF-8";
+ };
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.username;
From ea5b591d065b721666fc3527ad45a7545a594a77 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 23 Oct 2019 21:00:14 +0200
Subject: [PATCH 04/67] krops: 1.16.0 -> 1.17.0
---
submodules/krops | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/submodules/krops b/submodules/krops
index 8f4446000..2dc172530 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit 8f44460003ae10f543ccb6a29f15b57e42ca3aad
+Subproject commit 2dc172530965ea4f1ead8ff166004c5734daee1f
From 3e5040747ce990bcb6d86f052dd631f57ab08ea2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 28 Oct 2019 07:38:07 +0100
Subject: [PATCH 05/67] shack/muellshack: mkYarnPackage is not vendored
anymore, using pkgs.yarn2nix-moretea.mkYarnPackage
---
krebs/2configs/shack/muellshack.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix
index 9168c9ba7..179855c4c 100644
--- a/krebs/2configs/shack/muellshack.nix
+++ b/krebs/2configs/shack/muellshack.nix
@@ -6,7 +6,7 @@ let
url = "https://git.shackspace.de/rz/muellshack";
rev = "d8a5e2d4c0a22804838675ac42b468299dcd9a76";
sha256 = "0ff6q64dgdxmpszp94z100fdic175b1vvxn4crg8p0jcabzxsv0m";
- }) {};
+ }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/muellshack";
port = "8081";
in {
From f566e3433574bcecdcdee2528d73a9d202be62f6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 28 Oct 2019 11:00:11 +0100
Subject: [PATCH 06/67] rtorrent module: set listen.owner in phpfpm
---
krebs/3modules/rtorrent.nix | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index d59569317..1f88a49e1 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -8,7 +8,7 @@ let
nginx-user = config.services.nginx.user;
nginx-group = config.services.nginx.group;
- fpm-socket = "/var/run/php5-fpm-rutorrent.sock";
+ fpm-socket = config.services.phpfpm.pools.rutorrent.socket;
webdir = rucfg.webdir;
systemd-logfile = cfg.workDir + "/rtorrent-systemd.log";
@@ -332,12 +332,11 @@ let
rutorrent-imp = {
services.phpfpm = {
- # phpfpm does not have an enable option
pools.rutorrent = {
user = nginx-user;
group = nginx-group;
- listen = fpm-socket;
settings = {
+ "listen.owner" = nginx-user;
"pm" = "dynamic";
"pm.max_children" = 5;
"pm.start_servers" = 2;
From 6235c7c5bc4fda9822645b356e7db26ed46fe9d0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 28 Oct 2019 11:53:39 +0100
Subject: [PATCH 07/67] ma phpfpm: set listen.owner in config
---
makefu/2configs/deployment/owncloud.nix | 1 +
makefu/2configs/nginx/euer.wiki.nix | 1 +
2 files changed, 2 insertions(+)
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 59dfa3203..ed3155efc 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -127,6 +127,7 @@ let
group = "nginx";
listen = socket;
settings = {
+ "listen.owner" = "nginx";
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index a6766eeec..2f44d8cc1 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -27,6 +27,7 @@ in {
inherit user group;
listen = fpm-socket;
settings = {
+ "listen.owner" = user;
"pm" = "dynamic";
"pm.max_children" = 5;
"pm.start_servers" = 2;
From 6e4c26a130611da18b2b9e82b8085a0076031db5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 29 Oct 2019 17:16:12 +0100
Subject: [PATCH 08/67] ma bureautomation: set service name for google_say to
fix regression
---
makefu/2configs/bureautomation/default.nix | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index d745d894a..48c4c0b87 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -47,8 +47,14 @@ in {
elevation = 303;
auth_providers = [
{ type = "homeassistant";}
- { type = "legacy_api_password";}
+ # { type = "legacy_api_password";}
{ type = "trusted_networks";
+ trusted_networks = [
+ "127.0.0.1/32"
+ "192.168.8.0/24"
+ "::1/128"
+ "fd00::/8"
+ ];
# allow_bypass_login = true;
}
];
@@ -141,19 +147,15 @@ in {
# TODO: https://github.com/home-assistant/home-assistant/issues/16149
base_url = "http://192.168.8.11:8123";
api_password = "sistemas";
- trusted_networks = [
- "127.0.0.1/32"
- "192.168.8.0/24"
- "::1/128"
- "fd00::/8"
- ];
};
conversation = {};
history = {};
logbook = {};
tts = [
- { platform = "google";
+ { platform = "google_translate";
language = "de";
+ time_memory = 57600;
+ service_name = "google_say";
}
{ platform = "voicerss";
api_key = builtins.readFile <secrets/hass/voicerss.apikey>;
From b0e88c220985ddc76e0622cbcdb1eb782b1eb3cf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 29 Oct 2019 17:26:15 +0100
Subject: [PATCH 09/67] ma bureautomation: fix home-assistant regression with
darksky
---
makefu/2configs/bureautomation/default.nix | 1 -
makefu/2configs/bureautomation/sensor/outside.nix | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 48c4c0b87..9492f6ac2 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -34,7 +34,6 @@ in {
pkgs.pico2wave
python-forecastio jsonrpc-async jsonrpc-websocket mpd2
(callPackage ./deps/gtts-token.nix { })
- (callPackage ./deps/pyhaversion.nix { })
];
};
autoExtraComponents = true;
diff --git a/makefu/2configs/bureautomation/sensor/outside.nix b/makefu/2configs/bureautomation/sensor/outside.nix
index 7dbc192a4..596473f17 100644
--- a/makefu/2configs/bureautomation/sensor/outside.nix
+++ b/makefu/2configs/bureautomation/sensor/outside.nix
@@ -15,7 +15,7 @@
"uv_index"
];
units = "si" ;
- update_interval = { days = 0; hours = 0; minutes = 30; seconds = 0; };
+ scan_interval = "00:30:00";
}
{ platform = "luftdaten";
name = "Ditzingen";
From 4bb3f551ab8b44b623a4dd56f295d6083eb04121 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 29 Oct 2019 19:33:55 +0100
Subject: [PATCH 10/67] nixpkgs: 7952807 -> c75de8b
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 01230b439..fabd3691a 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "7952807791daf3c60c99f10f371f732d897e3de8",
- "date": "2019-10-13T01:14:01+02:00",
- "sha256": "1h9wg0arazbyj8xfgvfhzn2gw6ya8sgcxscy1n5j182b5xri1xdk",
+ "rev": "c75de8bc12cc7e713206199e5ca30b224e295041",
+ "date": "2019-10-27T17:40:06+01:00",
+ "sha256": "1awipcjfvs354spzj2la1nzmi9rh2ci2mdapzf4kkabf58ilra6x",
"fetchSubmodules": false
}
From dc543a7d507bd431dae20c77800ec877205f5108 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 30 Oct 2019 08:01:44 +0100
Subject: [PATCH 11/67] ma bureautomation: fix all the regression, add
openwrt-luci-rpc as dependency
---
makefu/2configs/bureautomation/default.nix | 9 ++---
.../bureautomation/deps/gtts-token.nix | 27 ---------------
.../bureautomation/deps/openwrt-luci-rpc.nix | 34 +++++++++++++++++++
.../bureautomation/deps/pyhaversion.nix | 33 ------------------
.../bureautomation/device_tracker/openwrt.nix | 1 -
.../bureautomation/light/statuslight.nix | 8 ++---
.../2configs/bureautomation/sensor/pollen.nix | 2 +-
7 files changed, 44 insertions(+), 70 deletions(-)
delete mode 100644 makefu/2configs/bureautomation/deps/gtts-token.nix
create mode 100644 makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix
delete mode 100644 makefu/2configs/bureautomation/deps/pyhaversion.nix
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 9492f6ac2..e07e0ddf0 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -33,7 +33,7 @@ in {
extraPackages = ps: with ps; [
pkgs.pico2wave
python-forecastio jsonrpc-async jsonrpc-websocket mpd2
- (callPackage ./deps/gtts-token.nix { })
+ (callPackage ./deps/openwrt-luci-rpc.nix { })
];
};
autoExtraComponents = true;
@@ -46,7 +46,9 @@ in {
elevation = 303;
auth_providers = [
{ type = "homeassistant";}
- # { type = "legacy_api_password";}
+ { type = "legacy_api_password";
+ api_password = "sistemas";
+ }
{ type = "trusted_networks";
trusted_networks = [
"127.0.0.1/32"
@@ -124,7 +126,7 @@ in {
aramark.binary_sensor;
sensor =
- [{ platform = "version"; }] ++
+ # [{ platform = "version"; }] ++ # pyhaversion
(import ./sensor/pollen.nix) ++
(import ./sensor/espeasy.nix) ++
(import ./sensor/airquality.nix) ++
@@ -145,7 +147,6 @@ in {
http = {
# TODO: https://github.com/home-assistant/home-assistant/issues/16149
base_url = "http://192.168.8.11:8123";
- api_password = "sistemas";
};
conversation = {};
history = {};
diff --git a/makefu/2configs/bureautomation/deps/gtts-token.nix b/makefu/2configs/bureautomation/deps/gtts-token.nix
deleted file mode 100644
index 69640f03d..000000000
--- a/makefu/2configs/bureautomation/deps/gtts-token.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ lib
-, buildPythonPackage
-, fetchPypi
-, requests
-}:
-
-buildPythonPackage rec {
- pname = "gtts-token";
- version = "1.1.3";
-
- src = fetchPypi {
- pname = "gTTS-token";
- inherit version;
- sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5";
- };
-
- propagatedBuildInputs = [
- requests
- ];
-
- meta = with lib; {
- description = "Calculates a token to run the Google Translate text to speech";
- homepage = https://github.com/boudewijn26/gTTS-token;
- license = licenses.mit;
- # maintainers = [ maintainers. ];
- };
-}
diff --git a/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix b/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix
new file mode 100644
index 000000000..4eceeb146
--- /dev/null
+++ b/makefu/2configs/bureautomation/deps/openwrt-luci-rpc.nix
@@ -0,0 +1,34 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, click
+, requests
+, packaging
+}:
+
+buildPythonPackage rec {
+ pname = "openwrt-luci-rpc";
+ version = "1.1.2";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "174a1f6c0bb2a2ed76e5299d14e2be05c612e8bcd4c15b9a9aedee1ef8e18b90";
+ };
+
+ patchPhase = ''
+ sed -i -e "s/requests==2.21.0/requests/" -e "s/packaging==19.1/packaging/" setup.py
+ '';
+
+ propagatedBuildInputs = [
+ click
+ requests
+ packaging
+ ];
+
+ meta = with lib; {
+ description = "Module for interacting with OpenWrt Luci RPC interface";
+ homepage = https://github.com/fbradyirl/openwrt-luci-rpc;
+ license = licenses.asl20;
+ maintainers = [ maintainers.makefu ];
+ };
+}
diff --git a/makefu/2configs/bureautomation/deps/pyhaversion.nix b/makefu/2configs/bureautomation/deps/pyhaversion.nix
deleted file mode 100644
index a75c6a976..000000000
--- a/makefu/2configs/bureautomation/deps/pyhaversion.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ lib
-, buildPythonPackage
-, fetchpatch
-, fetchPypi
-, aiohttp
-, async-timeout
-}:
-
-buildPythonPackage rec {
- pname = "pyhaversion";
- version = "2.2.1";
-
- src = fetchPypi {
- inherit pname version;
- sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f";
- };
- patches = [
- (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch";
- sha256 =
- "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";})
- ];
- doCheck = false;
- propagatedBuildInputs = [
- aiohttp
- async-timeout
- ];
-
- meta = with lib; {
- description = "";
- homepage = https://github.com/ludeeus/pyhaversion;
- # maintainers = [ maintainers. ];
- };
-}
diff --git a/makefu/2configs/bureautomation/device_tracker/openwrt.nix b/makefu/2configs/bureautomation/device_tracker/openwrt.nix
index d32eab60f..5de216474 100644
--- a/makefu/2configs/bureautomation/device_tracker/openwrt.nix
+++ b/makefu/2configs/bureautomation/device_tracker/openwrt.nix
@@ -3,7 +3,6 @@
[
{ platform = "luci";
- name = "router";
host = "192.168.8.1";
username = "root";
password = import <secrets/hass/router.nix>;
diff --git a/makefu/2configs/bureautomation/light/statuslight.nix b/makefu/2configs/bureautomation/light/statuslight.nix
index 31f52f492..c9d301758 100644
--- a/makefu/2configs/bureautomation/light/statuslight.nix
+++ b/makefu/2configs/bureautomation/light/statuslight.nix
@@ -24,13 +24,13 @@ let
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
brightness_scale = 100;
# color
- rgb_state_topic = "/bam/${topic}/stat/Color";
+ rgb_state_topic = "/bam/${topic}/stat/RESULT";
rgb_command_topic = "/bam/${topic}/cmnd/Color2";
- rgb_command_mode = "hex";
- rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
+ rgb_value_template = "{{(value_json.Channel[0]*2.55)|int}},{{(value_json.Channel[1]*2.55)|int}},{{(value_json.Channel[2]*2.55)|int}}";
+
# effects
effect_state_topic = "/bam/${topic}/tele/STATE";
- effects_value_template = "{{value_json.Scheme|default(0)}}";
+ effect_value_template = "{{value_json.Scheme|default(0)}}";
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
effect_list = [
0 # single color for LED light
diff --git a/makefu/2configs/bureautomation/sensor/pollen.nix b/makefu/2configs/bureautomation/sensor/pollen.nix
index 506dbf123..8ddb49e58 100644
--- a/makefu/2configs/bureautomation/sensor/pollen.nix
+++ b/makefu/2configs/bureautomation/sensor/pollen.nix
@@ -1,6 +1,6 @@
[ {
platform = "dwd_pollen";
- partsregion_ids = [
+ partregion_ids = [
112
];
}
From 2e4841969a0e10be10bae5f2b937aa74c5311de1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 30 Oct 2019 18:08:24 +0000
Subject: [PATCH 12/67] l: add host amy/clara
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
---
krebs/3modules/external/default.nix | 56 +++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 1546cac62..247dae69c 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -354,6 +354,62 @@ in {
};
};
};
+ amy = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.donna.nets.retiolum.ip4.addr
+ config.krebs.hosts.donna.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.181";
+ aliases = [ "amy.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAr3jQRA1+hLKYVgHJA2ax5W8J3GVMTnaGpYw9Q2xXXrX/jxLZ6Ia8
+ hBjIcCBDVL5Q3FnyrKB9NJeeIvCOKg8WG+8O0+wKcePKd0Vhbsx4Whog/6PWs6qh
+ q2sURs2tp1hjHks4kZo2WtiYD7Ue9HHdV6FlUO6yuBV0bW2RzHdLPCDSGxnQVkBM
+ tSwAvMCZwvVBiv4m6RyMXqmpdbAPBzgJcmJS0FY+zGxpiwsR/AdoVvnzYyFMCVpG
+ iFl5+k9OGhUJq72MwAXzjW5ZdCPrG+2Dd+QBhhtIMJGA2sJiJteT8vdvpTNCiHJ/
+ HnW7movliN2mW86qwo7QqB5v0c9f9TjfpOld7sS/4vE3zlGi/Stf6SQWaoXez/u3
+ /P9GzupcYgj76m8Z3j7BMHXCBw8iwP2pZpL9hnLdIyCcyLrzXDIzq4hlt60DPhSU
+ klTDBUA/cUdSJGcSn2N+WHLOTfI6qeBNKqcTk70OQsa69jAJeAtA+I9OprNYOXqb
+ MmQakNNlrTaNtGQxfQqEL+wqHlo8CVDGm3O9pQSNF309P4TLNU1EYm+ItScNiVCE
+ DKhcgvE6xHCwZnVyJN8MMy1CVyDmnHVYoaTEZ2cCvNi/hXIXgO9KWjSpAv5tP764
+ UkOE4dlDpEW6G1pNf84BERfRYGDj29A/Jk9LJC/6D09QJXNu18HR0sUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+ clara = {
+ owner = config.krebs.users.Mic92;
+ nets = rec {
+ retiolum = {
+ addrs = [
+ config.krebs.hosts.donna.nets.retiolum.ip4.addr
+ config.krebs.hosts.donna.nets.retiolum.ip6.addr
+ ];
+ ip4.addr = "10.243.29.182";
+ aliases = [ "clara.r" ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEA07G1n2sA804nnjWQzq0Fi9i6kxJUo+jVJjtkm5unw3hjflAAd/3d
+ WN+01GdJCk/gr7DfU/Xr5KnR39Z3ADoT1tbUb+i5AJZ5/8VHUwWM8D8mQAam6LBf
+ UEeLxhVH8rG6lHaKwVi9oe4gPhgptUOzX/YIlJOMYDlYRxc7Wbj7YQOAKlPuTAjY
+ Z5bLswfkqTMO0cioJNwwMCNWSMJf3jbKi3eTQ36sf7TDMEneNGSBUpeSjGddoNT/
+ rrVIDDT8tGmtACKr+3Y0H+EA2K5IxdQKKfnPRR31RBWiTkEXBbaJzYO/ZV5/xlbN
+ wmblskwq9d9IwDY7qeMctci+ZUZ3epG8MUwYa4faOrgmmkQpa5B+6UOMzw/WDJEc
+ jTfvSzfPo4anoj8C+MOQYzRvYmp60YEZKomv2BQdBvpGIpUul8WAR2aV0K+wz66e
+ mUamljAXmLiPxgGKduX5VFVuXzYxeMiBBujQCLTjc+xTB2EdwihxNX1rkxz10BDc
+ WrgPV+/VVyThKhOvVCifWARHtT2VGcZazfQOW/y3ZmEPOYuc5ZvrSEiMeG3f64+v
+ UU8cQZ3yBLIhTtC+38pRlsdBQHt526q0j0rrnd30JXVAUdWBunP2UJ5QGtA8/mWn
+ cWSlvRf5sfbyrISz6+mLPM2qGHnCkKwORNxmv/1DY07O3Rn6hX0OY4ECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
inspector = {
owner = config.krebs.users.Mic92;
nets = rec {
From e6349797cfa86b664783e3f772fed2580209ee66 Mon Sep 17 00:00:00 2001
From: lassulus <lass@blue.r>
Date: Thu, 31 Oct 2019 13:09:39 +0100
Subject: [PATCH 13/67] l mors.r: remove broken ts3 client
---
lass/1systems/mors/config.nix | 1 -
1 file changed, 1 deletion(-)
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 1477d6d8b..03ff42132 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -129,7 +129,6 @@ with import <stockholm/lib>;
cac-api
sshpass
get
- teamspeak_client
hashPassword
urban
mk_sql_pair
From a52e2d79168da4154a95a8d91cf7592995e66e55 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 31 Oct 2019 15:17:18 +0100
Subject: [PATCH 14/67] shack/*: fix regression with mkYarnPackage and pypi2nix
generated files
---
krebs/2configs/shack/muell_mail.nix | 4 +-
krebs/2configs/shack/muellshack.nix | 4 +-
krebs/2configs/shack/node-light.nix | 6 +--
krebs/2configs/shack/s3-power.nix | 7 ++--
krebs/2configs/shack/worlddomination.nix | 2 +-
.../2configs/bureautomation/person/team.nix | 38 ++++++++++++++++++-
6 files changed, 49 insertions(+), 12 deletions(-)
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
index 5ae80d780..409278954 100644
--- a/krebs/2configs/shack/muell_mail.nix
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -4,8 +4,8 @@ let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/muell_mail";
- rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f";
- sha256 = "sha256:18cw95zbr7isv4cw80cbpd84n5z208fwh5390i6j10jkn398mjq2";
+ rev = "57b67c95052d90044137b2c89007a371dc389afd";
+ sha256 = "1grkzs6fxjnc2bv4kskj63d5sb4qxz6yyr85nj0da9hn7qkk4jkj";
}) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/muell_mail";
cfg = toString <secrets/shack/muell_mail.js>;
diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix
index 179855c4c..c1c957da3 100644
--- a/krebs/2configs/shack/muellshack.nix
+++ b/krebs/2configs/shack/muellshack.nix
@@ -4,8 +4,8 @@ let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/muellshack";
- rev = "d8a5e2d4c0a22804838675ac42b468299dcd9a76";
- sha256 = "0ff6q64dgdxmpszp94z100fdic175b1vvxn4crg8p0jcabzxsv0m";
+ rev = "4601f59787de090c83be6dbae6ca72d7fc84ab9f";
+ sha256 = "1cshbd6ipvynbm3gmnsm58ccc1m5xc87cpd3b6jx0s6pr2j19g9j";
}) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/muellshack";
port = "8081";
diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix
index 8cf0007b8..38cb3b55d 100644
--- a/krebs/2configs/shack/node-light.nix
+++ b/krebs/2configs/shack/node-light.nix
@@ -4,9 +4,9 @@ let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/node-light.git";
- rev = "a32c782650c4cc0adf51250fe249167d7246c59b";
- sha256 = "0clvcp1m2ay0a9ibh7s21q7d9a6nam3497bysvc6mdygblks22qy";
- }) {};
+ rev = "32d8064db5172b8068f633211c8bd5688b2c8773";
+ sha256 = "14jzhs7pp3hq42wq3cwqarivn1z7vcgksfzfqfc4yyh21096yi1j";
+ }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/node-light";
port = "8082";
in {
diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix
index 40c42260f..f3ea67f79 100644
--- a/krebs/2configs/shack/s3-power.nix
+++ b/krebs/2configs/shack/s3-power.nix
@@ -4,9 +4,10 @@ let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/s3-power";
- rev = "b2b87b56bb40d714dbbecd1285566870b256aec4";
- sha256 = "sha256:02wikwf3rgkkggwbwqisdvhlwd38w5pw011xhwvhnj114s3rynan";
- }) {};
+ rev = "0687ab64";
+ sha256 = "1m8h4bwykv24bbgr5v51mam4wsbp5424xcrawhs4izv563jjf130";
+ }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
+
home = "/var/lib/s3-power";
cfg = toString <secrets/shack/s3-power.json>;
in {
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index 44176a341..b38b9cab4 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -65,7 +65,7 @@ let
};
LinkHeader = pythonPackages.buildPythonPackage {
name = "LinkHeader-0.4.3";
- src = pkgs.fetchurl { url = "https://pypi.python.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
+ src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
propagatedBuildInputs = [ ];
meta = with pkgs.stdenv.lib; {
homepage = "";
diff --git a/makefu/2configs/bureautomation/person/team.nix b/makefu/2configs/bureautomation/person/team.nix
index e18c42194..fc2d9ba17 100644
--- a/makefu/2configs/bureautomation/person/team.nix
+++ b/makefu/2configs/bureautomation/person/team.nix
@@ -3,7 +3,7 @@
id = 1;
device_trackers = [
"device_tracker.thorsten_phone"
- "device_tracker.thorsten_arbeitphone"
+ #"device_tracker.thorsten_arbeitphone"
];
}
{ name = "Felix";
@@ -26,4 +26,40 @@
"device_tracker.daniel_phone"
];
}
+ { name = "Thierry";
+ id = 5;
+ device_trackers = [
+ "device_tracker.thierry_phone"
+ ];
+ }
+ { name = "Frank";
+ id = 6;
+ device_trackers = [
+ "device_tracker.frank_phone"
+ ];
+ }
+ { name = "Carsten";
+ id = 7;
+ device_trackers = [
+ "device_tracker.carsten_phone"
+ ];
+ }
+ { name = "Emeka";
+ id = 8;
+ device_trackers = [
+ "device_tracker.emeka_phone"
+ ];
+ }
+ #{ name = "Sabine";
+ # id = 9;
+ # device_trackers = [
+ # "device_tracker.sabine_phone"
+ # ];
+ #}
+ { name = "Tobias";
+ id = 10;
+ device_trackers = [
+ "device_tracker.tobias_phone"
+ ];
+ }
]
From d3b0e07fbb7e2cbe54a766e202de0fb952da8fa7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 31 Oct 2019 15:19:04 +0100
Subject: [PATCH 15/67] wolf.r: disable swap
---
krebs/1systems/wolf/config.nix | 4 ----
1 file changed, 4 deletions(-)
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index e47c43fe1..e87b7bb99 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -117,10 +117,6 @@ in
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
- swapDevices = [
- { device = "/dev/disk/by-label/swap"; }
- ];
-
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users."0x4A6F".pubkey
config.krebs.users.ulrich.pubkey
From 50732436d799f81a13f9c05b5179b52882fac512 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 2 Nov 2019 14:03:14 +0100
Subject: [PATCH 16/67] l uriel: enableAllFirmware ->
enableRedistributableFirmware
---
lass/1systems/uriel/physical.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix
index 9ac3468a8..2d21f00d5 100644
--- a/lass/1systems/uriel/physical.nix
+++ b/lass/1systems/uriel/physical.nix
@@ -3,7 +3,7 @@
./config.nix
];
- hardware.enableAllFirmware = true;
+ hardware.enableRedistributableFirmware = true;
boot = {
#kernelParams = [
# "acpi.brightness_switch_enabled=0"
From 4b5e3cbc6155ee807a9b6c474972df3e4fcd237b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 2 Nov 2019 15:05:01 +0100
Subject: [PATCH 17/67] nixpkgs-unstable: 4cd2cb4 -> 471869c
---
krebs/nixpkgs-unstable.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 5f8f0c771..a772c83a2 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "d484f2b7fc0834a068e8ace851faa449a03963f5",
- "date": "2019-09-20T22:58:43+02:00",
- "sha256": "0jk93ikryi2hqc30l2n5i4vlgmklrlzb8cf7b3sg1q3k70q344jn",
+ "rev": "471869c9185fb610e67940a701eb13b1cfb335a4",
+ "date": "2019-10-31T16:03:13+01:00",
+ "sha256": "1klbclz8n4b9k1kfwv806bqdavld1mg32l1vxsmnrqzr6zck1c54",
"fetchSubmodules": false
}
From 1f6e39ee3552fd8f0c94def1d4f7a7a8a59d2275 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 5 Nov 2019 22:13:43 +0100
Subject: [PATCH 18/67] nixpkgs: c75de8b -> c5aabb0
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index fabd3691a..7fe43b4b5 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "c75de8bc12cc7e713206199e5ca30b224e295041",
- "date": "2019-10-27T17:40:06+01:00",
- "sha256": "1awipcjfvs354spzj2la1nzmi9rh2ci2mdapzf4kkabf58ilra6x",
+ "rev": "c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31",
+ "date": "2019-10-31T21:10:56+01:00",
+ "sha256": "15fwszhn6078sbrb8qk83g8afvh4qnmvff0qbkbvq3cm1fxni2w1",
"fetchSubmodules": false
}
From ae8dede5f875042eba73f0035f20defb55cfc97f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 5 Nov 2019 23:01:37 +0100
Subject: [PATCH 19/67] ma bureautomation: add frosch,daily-standup
---
makefu/2configs/bureautomation/default.nix | 84 +++++++++++--------
.../bureautomation/multi/10h_timers.nix | 4 +-
.../bureautomation/multi/daily-standup.nix | 54 ++++++++++++
.../2configs/bureautomation/multi/frosch.nix | 2 +-
4 files changed, 107 insertions(+), 37 deletions(-)
create mode 100644 makefu/2configs/bureautomation/multi/daily-standup.nix
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index e07e0ddf0..c55bc1d14 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -4,7 +4,9 @@ let
ten_hours = import ./multi/10h_timers.nix { inherit lib; }; # provides: timer automation script
mittagessen = import ./multi/mittagessen.nix { inherit lib; }; # provides: automation script
matrix = import ./multi/matrix.nix { inherit lib; }; # provides: matrix automation
- aramark = import ./multi/aramark.nix { inherit lib; }; # provides: pommes sensor
+ frosch = import ./multi/frosch.nix { inherit lib; }; # provides: sensor binary_sensor switch light script automation
+ aramark = import ./multi/aramark.nix { inherit lib; }; # provides: sensor binary_sensor
+ standup = import ./multi/daily-standup.nix { inherit lib; }; # provides: automation script
in {
imports = [
./ota.nix
@@ -88,10 +90,12 @@ in {
retain = true;
};
};
- switch = (import ./switch/tasmota_switch.nix) ++
- (import ./switch/rfbridge.nix);
- light = (import ./light/statuslight.nix) ++
- (import ./light/buzzer.nix);
+ switch = (import ./switch/tasmota_switch.nix)
+ ++ frosch.switch
+ ++ (import ./switch/rfbridge.nix);
+ light = (import ./light/statuslight.nix)
+ ++ (import ./light/buzzer.nix)
+ ++ frosch.light;
timer = ten_hours.timer;
notify = [
{
@@ -117,31 +121,34 @@ in {
];
script = lib.fold lib.recursiveUpdate {} [
((import ./script/multi_blink.nix) {inherit lib;})
+ frosch.script
ten_hours.script
mittagessen.script
+ standup.script
];
binary_sensor =
- (import ./binary_sensor/buttons.nix) ++
- (import ./binary_sensor/motion.nix) ++
- aramark.binary_sensor;
+ (import ./binary_sensor/buttons.nix)
+ ++ (import ./binary_sensor/motion.nix)
+ ++ frosch.binary_sensor
+ ++ aramark.binary_sensor;
sensor =
# [{ platform = "version"; }] ++ # pyhaversion
- (import ./sensor/pollen.nix) ++
- (import ./sensor/espeasy.nix) ++
- (import ./sensor/airquality.nix) ++
- ((import ./sensor/outside.nix) {inherit lib;}) ++
- (import ./sensor/influxdb.nix) ++
- (import ./sensor/tasmota_firmware.nix) ++
- aramark.sensor;
+ (import ./sensor/pollen.nix)
+ ++ (import ./sensor/espeasy.nix)
+ ++ (import ./sensor/airquality.nix)
+ ++ ((import ./sensor/outside.nix) {inherit lib;})
+ ++ (import ./sensor/influxdb.nix)
+ ++ (import ./sensor/tasmota_firmware.nix)
+ ++ frosch.sensor
+ ++ aramark.sensor;
camera =
(import ./camera/verkehrskamera.nix)
++ (import ./camera/comic.nix);
- # not yet released
- #person =
- # (import ./person/team.nix );
+ person =
+ (import ./person/team.nix );
frontend = { };
http = {
@@ -196,13 +203,22 @@ in {
"light.buslicht"
];
team = [
- "device_tracker.thorsten_phone"
- "device_tracker.felix_phone"
- "device_tracker.ecki_tablet"
- "device_tracker.daniel_phone"
- "device_tracker.carsten_phone"
- "device_tracker.thierry_phone"
- "device_tracker.frank_phone"
+ "person.thorsten"
+ #"device_tracker.thorsten_phone"
+ "person.felix"
+ "person.ecki"
+ "person.daniel"
+ # "person.carsten"
+ "person.thierry"
+ "person.frank"
+ "person.emeka"
+ #"device_tracker.felix_phone"
+ #"device_tracker.ecki_tablet"
+ #"device_tracker.daniel_phone"
+ #"device_tracker.carsten_phone"
+ #"device_tracker.thierry_phone"
+ #"device_tracker.frank_phone"
+ #"device_tracker.emeka_phone"
# "person.thorsten"
# "person.felix"
# "person.ecki"
@@ -237,8 +253,6 @@ in {
];
sensors = [
"media_player.kodi"
- "script.blitz_10s"
- "script.buzz_red_led_fast"
"timer.felix_10h"
"timer.frank_10h"
"sensor.easy2_dht22_humidity"
@@ -262,13 +276,15 @@ in {
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
# we don't use imports because the expressions do not merge in
# home-assistant
- automation = (import ./automation/bureau-shutdown.nix) ++
- (import ./automation/nachtlicht.nix) ++
- (import ./automation/schlechteluft.nix) ++
- (import ./automation/hass-restart.nix) ++
- ten_hours.automation ++
- matrix.automation ++
- mittagessen.automation;
+ automation = (import ./automation/bureau-shutdown.nix)
+ ++ (import ./automation/nachtlicht.nix)
+ ++ (import ./automation/schlechteluft.nix)
+ ++ (import ./automation/hass-restart.nix)
+ ++ ten_hours.automation
+ ++ matrix.automation
+ ++ standup.automation
+ ++ frosch.automation
+ ++ mittagessen.automation;
device_tracker = (import ./device_tracker/openwrt.nix );
};
};
diff --git a/makefu/2configs/bureautomation/multi/10h_timers.nix b/makefu/2configs/bureautomation/multi/10h_timers.nix
index 8cdaa8cfd..73709e738 100644
--- a/makefu/2configs/bureautomation/multi/10h_timers.nix
+++ b/makefu/2configs/bureautomation/multi/10h_timers.nix
@@ -122,7 +122,7 @@ let
trigger = {
platform = "state";
# TODO: ecki
- entity_id = [ "device_tracker.${name}_phone"];
+ entity_id = [ "person.${name}"];
from = "not_home";
to = "home";
};
@@ -166,7 +166,7 @@ let
condition =
{
condition = "state";
- entity_id = "device_tracker.${name}_phone";
+ entity_id = "person.${name}";
state = "home";
};
diff --git a/makefu/2configs/bureautomation/multi/daily-standup.nix b/makefu/2configs/bureautomation/multi/daily-standup.nix
new file mode 100644
index 000000000..f5bd85b9d
--- /dev/null
+++ b/makefu/2configs/bureautomation/multi/daily-standup.nix
@@ -0,0 +1,54 @@
+{ lib }:
+let
+ random_daily_text = ''{{ [
+ "Es ist so weit, es ist Standup Zeit!",
+ "Zehn Uhr Fünfunddreissig ist genau die richtige Zeit für ein Standup!",
+ "Hat jeder seine Hausaufgaben gemacht? Bitte einmal aufstehen und den Zettel nach rechts geben",
+ "Aufstehen zum Appell, es wird die Anwesenheit kontrolliert!",
+ "Hallo Kinder, wisst ihr welche Zeit es ist??? ... Genau! ... Standup Zeit!",
+ "Morgens, halb elf in Deutschland - das Standupchen" ] | random }}'';
+
+in {
+ script =
+ { "random_daily" = {
+ alias = "Random Daily Introduction";
+
+ sequence = [
+ { service = "media_player.play_media";
+ data = {
+ entity_id = "media_player.mpd";
+ media_content_type = "playlist";
+ media_content_id = "ansage";
+ };
+ }
+ { delay.seconds = 5; }
+ { service = "tts.google_say";
+ entity_id = "media_player.mpd";
+ data_template = {
+ message = random_daily_text;
+ language = "de";
+ };
+ }
+ ];
+ };
+ };
+ automation = [
+ {
+ alias = "Daily Standup";
+ trigger = {
+ platform = "time";
+ at = "10:35:00";
+ };
+ action =
+ [
+ { service = "homeassistant.turn_on";
+ entity_id = [
+ "script.blitz_10s"
+ "script.random_daily"
+ ];
+ }
+ ];
+
+ }
+ ];
+}
diff --git a/makefu/2configs/bureautomation/multi/frosch.nix b/makefu/2configs/bureautomation/multi/frosch.nix
index de93ce2b7..c0e267b69 100644
--- a/makefu/2configs/bureautomation/multi/frosch.nix
+++ b/makefu/2configs/bureautomation/multi/frosch.nix
@@ -1,6 +1,6 @@
{ lib }:
+# needs: binary_sensor.pommes
let
-
random_pommes = '' {{ [
"Nur ein Pommes Tag ist ein guter Tag",
"Schaut wie schön sie fliegen, die Pommes Seifenblasen",
From c41e974b28e538f5e982e2daec134a2b12fa537b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 6 Nov 2019 08:56:20 +0100
Subject: [PATCH 20/67] nixpkgs-unstable: 471869c -> 7827d3f
---
krebs/nixpkgs-unstable.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index a772c83a2..4829bec1d 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "471869c9185fb610e67940a701eb13b1cfb335a4",
- "date": "2019-10-31T16:03:13+01:00",
- "sha256": "1klbclz8n4b9k1kfwv806bqdavld1mg32l1vxsmnrqzr6zck1c54",
+ "rev": "7827d3f4497ed722fedca57fd4d5ca1a65c38256",
+ "date": "2019-11-03T11:21:05+01:00",
+ "sha256": "1ixjkb2ksri83iyhvl4a7hrfnb8zd3ps5jmirgaa7b617jn31cg6",
"fetchSubmodules": false
}
From d40ee24dd506a8e9b1d6128208a36132eeb4e5cc Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 7 Nov 2019 00:25:01 +0100
Subject: [PATCH 21/67] shack/node-light: bump to latest hash
---
krebs/2configs/shack/node-light.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix
index 38cb3b55d..9e3828463 100644
--- a/krebs/2configs/shack/node-light.nix
+++ b/krebs/2configs/shack/node-light.nix
@@ -4,8 +4,8 @@ let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/node-light.git";
- rev = "32d8064db5172b8068f633211c8bd5688b2c8773";
- sha256 = "14jzhs7pp3hq42wq3cwqarivn1z7vcgksfzfqfc4yyh21096yi1j";
+ rev = "9c3fe451897cf170fb192a2643180fdfe22388e8";
+ sha256 = "1zsc38idg452r8wpcna5m3yqx0ri11bd1bw60bl0kpz96dqqnyba";
}) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/node-light";
port = "8082";
From 42694196ee104c5e6a9a1b6d4c8c8580df73af00 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 7 Nov 2019 00:25:42 +0100
Subject: [PATCH 22/67] shack/glados: fix regression, disable influx publisher,
disable archiving
---
krebs/2configs/shack/glados/default.nix | 43 ++++++++++++-------------
1 file changed, 20 insertions(+), 23 deletions(-)
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
index dc345cc4e..a94e28375 100644
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@@ -53,20 +53,24 @@ in {
elevation = 303;
auth_providers = [
{ type = "homeassistant";}
- { type = "legacy_api_password";}
{ type = "trusted_networks";
- # allow_bypass_login = true;
+ trusted_networks = [
+ "127.0.0.1/32"
+ "10.42.0.0/16"
+ "::1/128"
+ "fd00::/8"
+ ];
}
];
};
# https://www.home-assistant.io/components/influxdb/
- influxdb = {
- database = "hass";
- tags = {
- instance = "wolf";
- source = "hass";
- };
- };
+ #influxdb = {
+ # database = "hass";
+ # tags = {
+ # instance = "wolf";
+ # source = "hass";
+ # };
+ #};
mqtt = {
broker = "localhost";
port = 1883;
@@ -110,26 +114,19 @@ in {
base_url = "http://hass.shack";
use_x_forwarded_for = true;
trusted_proxies = "127.0.0.1";
- api_password = "shackit";
- trusted_networks = [
- "127.0.0.1/32"
- "10.42.0.0/16"
- "::1/128"
- "fd00::/8"
- ];
};
- conversation = {};
- history = {};
- logbook = {};
+ #conversation = {};
+ #history = {};
+ #logbook = {};
tts = [
{ platform = "google";
language = "de";
}
- { platform = "picotts";
- language = "de-DE";
- }
+ #{ platform = "picotts";
+ # language = "de-DE";
+ #}
];
- recorder = {};
+ #recorder = {};
sun = {};
automation = wasser.automation;
From 16e1495490f11a48dab42a769fbed7dffcbbdebf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 7 Nov 2019 09:47:29 +0100
Subject: [PATCH 23/67] shack/glados: remove version, google ->
google_translate
---
krebs/2configs/shack/glados/default.nix | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
index a94e28375..d000af397 100644
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@@ -39,8 +39,6 @@ in {
})).override {
extraPackages = ps: with ps; [
python-forecastio jsonrpc-async jsonrpc-websocket mpd2
- (callPackage ./deps/gtts-token.nix { })
- (callPackage ./deps/pyhaversion.nix { })
];
};
autoExtraComponents = true;
@@ -99,8 +97,7 @@ in {
];
sensor =
- [{ platform = "version"; }]
- ++ (import ./sensors/hass.nix)
+ (import ./sensors/hass.nix)
++ (import ./sensors/power.nix)
++ shackopen.sensor;
@@ -109,8 +106,8 @@ in {
camera = [];
frontend = { };
+ config = { };
http = {
- # TODO: https://github.com/home-assistant/home-assistant/issues/16149
base_url = "http://hass.shack";
use_x_forwarded_for = true;
trusted_proxies = "127.0.0.1";
@@ -119,7 +116,7 @@ in {
#history = {};
#logbook = {};
tts = [
- { platform = "google";
+ { platform = "google_translate";
language = "de";
}
#{ platform = "picotts";
From 07712994e0a59201a498ec1815375f80a7aca122 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 7 Nov 2019 10:59:12 +0100
Subject: [PATCH 24/67] ma: hardware.enableAllFirmware ->
hardware.enableRedistributableFirmware
what could possibly go wrong?!
---
makefu/1systems/darth/config.nix | 2 +-
makefu/1systems/repunit/config.nix | 2 +-
makefu/1systems/tsp/config.nix | 2 +-
makefu/2configs/fs/cac-boot-partition.nix | 3 +--
makefu/2configs/hw/tp-x2x0.nix | 2 +-
5 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/makefu/1systems/darth/config.nix b/makefu/1systems/darth/config.nix
index 046c1574c..4e71d1426 100644
--- a/makefu/1systems/darth/config.nix
+++ b/makefu/1systems/darth/config.nix
@@ -41,7 +41,7 @@ in {
makefu.server.primary-itf = "enp0s25";
# krebs.hidden-ssh.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
- hardware.enableAllFirmware = true;
+ hardware.enableRedistributableFirmware = true;
nixpkgs.config.allowUnfree = true;
networking = {
wireless.enable = true;
diff --git a/makefu/1systems/repunit/config.nix b/makefu/1systems/repunit/config.nix
index 996abff08..5589cc0a2 100644
--- a/makefu/1systems/repunit/config.nix
+++ b/makefu/1systems/repunit/config.nix
@@ -21,7 +21,7 @@
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
- hardware.enableAllFirmware = true;
+ hardware.enableRedistributableFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
# networking.firewall is enabled by default
diff --git a/makefu/1systems/tsp/config.nix b/makefu/1systems/tsp/config.nix
index 2921e2bcf..bbfaebd44 100644
--- a/makefu/1systems/tsp/config.nix
+++ b/makefu/1systems/tsp/config.nix
@@ -34,6 +34,6 @@
25
];
- hardware.enableAllFirmware = true;
+ hardware.enableRedistributableFirmware = true;
nixpkgs.config.allowUnfree = true;
}
diff --git a/makefu/2configs/fs/cac-boot-partition.nix b/makefu/2configs/fs/cac-boot-partition.nix
index 3d59a25dd..14480bc4a 100644
--- a/makefu/2configs/fs/cac-boot-partition.nix
+++ b/makefu/2configs/fs/cac-boot-partition.nix
@@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }:
# vda1 ext4 (label nixos) -> only root partition
-with import <stockholm/lib>;
{
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
@@ -16,6 +15,6 @@ with import <stockholm/lib>;
fsType = "ext4";
};
- hardware.enableAllFirmware = true;
+ hardware.enableRedistributableFirmware = true;
nixpkgs.config.allowUnfree = true;
}
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 564925db5..f4578bf77 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -15,7 +15,7 @@
networking.wireless.enable = lib.mkDefault true;
- hardware.enableAllFirmware = true;
+ hardware.enableRedistributableFirmware = true;
nixpkgs.config.allowUnfree = true;
hardware.cpu.intel.updateMicrocode = true;
From ef95a336406d7b0f49051b421ac3c85bb5614103 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 7 Nov 2019 11:28:54 +0100
Subject: [PATCH 25/67] ma pkgs.bin2iso: use mirror of original sources
---
makefu/5pkgs/bin2iso/default.nix | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/makefu/5pkgs/bin2iso/default.nix b/makefu/5pkgs/bin2iso/default.nix
index 31d05fab3..676fa5b83 100644
--- a/makefu/5pkgs/bin2iso/default.nix
+++ b/makefu/5pkgs/bin2iso/default.nix
@@ -1,19 +1,17 @@
-{ stdenv, lib, pkgs, fetchurl }:
+{ stdenv, lib, pkgs, fetchFromGitHub }:
stdenv.mkDerivation rec {
pname = "bin2iso";
version = "1.9b";
- _dlver = builtins.replaceStrings ["."] [""] version;
- name = "${pname}-${version}";
- src = fetchurl {
- url = "http://users.eastlink.ca/~doiron/${pname}/linux/${pname}${_dlver}_linux.c";
- sha256 = "0gg4hbzlm83nnbccy79dnxbwpn7lxl3fb87ka36mlclikvknm2hy";
+ src = fetchFromGitHub {
+ owner = "einsteinx2";
+ repo = "bin2iso";
+ rev = "a08f6f93b833878dc009fe59da072643f06a7830";
+ sha256 = "1bnhj8z7wbq2v070zkx0xal6hx37y20a068gpy95zh13vihvbgh3";
};
- unpackPhase = "true";
-
buildPhase =''
- gcc -Wall -o $pname $src
+ gcc -Wall -o $pname $src/src/linux_macos/${pname}_v${version}_linux.c
'';
installPhase = ''
@@ -21,7 +19,7 @@ stdenv.mkDerivation rec {
'';
meta = {
- homepage = http://users.eastlink.ca/~doiron/bin2iso/ ;
+ homepage = https://github.com/einsteinx2/bin2iso;
description = "converts bin+cue to iso";
license = lib.licenses.gpl3;
};
From cb014289287ca198418fb7ce3a253c87e7adc662 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 7 Nov 2019 11:51:32 +0100
Subject: [PATCH 26/67] ma wbob.r: hardware.enableRedistributableFirmware
---
makefu/1systems/wbob/config.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index 3306279b9..d8cf380e7 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -145,7 +145,7 @@ in {
#};
# rt2870.bin wifi card, part of linux-unfree
- hardware.enableAllFirmware = true;
+ hardware.enableRedistributableFirmware = true;
nixpkgs.config.allowUnfree = true;
# rt2870 with nonfree creates wlp2s0 from wlp0s20u2
# not explicitly setting the interface results in wpa_supplicant to crash
From 46cdc3ed4238965553d734b614b212fd96cba447 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 12 Nov 2019 18:52:08 +0100
Subject: [PATCH 27/67] exim: remove because upstream has caught up
---
krebs/5pkgs/override/default.nix | 12 ------------
1 file changed, 12 deletions(-)
delete mode 100644 krebs/5pkgs/override/default.nix
diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix
deleted file mode 100644
index 704831823..000000000
--- a/krebs/5pkgs/override/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-with import <stockholm/lib>;
-self: super: {
-
- exim = super.exim.overrideAttrs (old: rec {
- name = warnOldVersion old.name "exim-4.92.2";
- src = self.fetchurl {
- url = "https://ftp.exim.org/pub/exim/exim4/${name}.tar.xz";
- sha256 = "0m56jsh2fzvwj4rdpcc3pkd5vsi40cjrpzalis7l1zq33m4axmq1";
- };
- });
-
-}
From d89080f8fab1f854461be15199dfa87f15c665e3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 14 Nov 2019 21:06:49 +0100
Subject: [PATCH 28/67] nixpkgs: c5aabb0 -> cb2cdab
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 7fe43b4b5..47ff9864d 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "c5aabb0d603e2c1ea05f5a93b3be82437f5ebf31",
- "date": "2019-10-31T21:10:56+01:00",
- "sha256": "15fwszhn6078sbrb8qk83g8afvh4qnmvff0qbkbvq3cm1fxni2w1",
+ "rev": "cb2cdab71368885ce6408b3ad7cfcf544a8c38a0",
+ "date": "2019-11-13T08:06:47+01:00",
+ "sha256": "02vyx2ccrfqxz7ndlfww1ivqbq1qlmglq5690r6nvmylcm976dqw",
"fetchSubmodules": false
}
From 7ec0d0aec76bed83642486e8503272c2a358c275 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 15 Nov 2019 10:31:07 +0000
Subject: [PATCH 29/67] m: use correct tinc addresses for amy/clara
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
---
krebs/3modules/external/default.nix | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 247dae69c..821859f3c 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -359,8 +359,8 @@ in {
nets = rec {
retiolum = {
addrs = [
- config.krebs.hosts.donna.nets.retiolum.ip4.addr
- config.krebs.hosts.donna.nets.retiolum.ip6.addr
+ config.krebs.hosts.amy.nets.retiolum.ip4.addr
+ config.krebs.hosts.amy.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.181";
aliases = [ "amy.r" ];
@@ -387,8 +387,8 @@ in {
nets = rec {
retiolum = {
addrs = [
- config.krebs.hosts.donna.nets.retiolum.ip4.addr
- config.krebs.hosts.donna.nets.retiolum.ip6.addr
+ config.krebs.hosts.clara.nets.retiolum.ip4.addr
+ config.krebs.hosts.clara.nets.retiolum.ip6.addr
];
ip4.addr = "10.243.29.182";
aliases = [ "clara.r" ];
From 99c985c77ff0933616f01bc7dc881d5abd214a28 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 17 Nov 2019 11:57:54 +0100
Subject: [PATCH 30/67] nixpkgs: cb2cdab -> 07e6648
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 47ff9864d..ba4b327f3 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "cb2cdab71368885ce6408b3ad7cfcf544a8c38a0",
- "date": "2019-11-13T08:06:47+01:00",
- "sha256": "02vyx2ccrfqxz7ndlfww1ivqbq1qlmglq5690r6nvmylcm976dqw",
+ "rev": "07e66484e679d0e28533543f762be20d6d425b66",
+ "date": "2019-11-16T11:23:08+00:00",
+ "sha256": "1d3n1yfp9xhl7nh377sp2wwnh0gscislg6gzj8sgdq169d18lgsg",
"fetchSubmodules": false
}
From 6a102630063c01909fd1a5f383326834557b2c65 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 17 Nov 2019 12:01:31 +0100
Subject: [PATCH 31/67] nixpkgs-unstable: 7827d3f -> c196652
---
krebs/nixpkgs-unstable.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 4829bec1d..be96d5f7e 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "7827d3f4497ed722fedca57fd4d5ca1a65c38256",
- "date": "2019-11-03T11:21:05+01:00",
- "sha256": "1ixjkb2ksri83iyhvl4a7hrfnb8zd3ps5jmirgaa7b617jn31cg6",
+ "rev": "c1966522d7d5fa54db068140d212cba18731dd98",
+ "date": "2019-11-15T22:50:52+00:00",
+ "sha256": "104481nxv0hi1rk3g0fjzyki1668p4b46bz0j3lsqv5gv1nm43vm",
"fetchSubmodules": false
}
From 62a59ad233ad9bcfdaad6a23f6994d1d90354c6b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 17 Nov 2019 15:45:06 +0100
Subject: [PATCH 32/67] l codimd: fix by using old version
---
lass/2configs/codimd.nix | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
index 5f802148b..b2d44d135 100644
--- a/lass/2configs/codimd.nix
+++ b/lass/2configs/codimd.nix
@@ -1,7 +1,18 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
+let
+
+ nixpkgs_pre_node_10_17 = import (pkgs.fetchFromGitHub {
+ owner = "nixos";
+ repo = "nixpkgs";
+ rev = "81f4c491afbc8f0fe994ef946b1ac61cf1261577";
+ sha256 = "0xvawrd9nq3ybvq2pdp5gyi8gygf0yimgp0bx1xggq6l8mvgrj71";
+ }) {};
+in {
+ nixpkgs.config.packageOverrides = pkgs: {
+ codimd = nixpkgs_pre_node_10_17.codimd;
+ };
-{
services.nginx.virtualHosts.codimd = {
enableACME = true;
addSSL = true;
From 7f41109bc9e52cf3b8a7e74efc7bb1480dbbc574 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 20 Nov 2019 21:38:16 +0100
Subject: [PATCH 33/67] l autowifi: convert to submodule
---
.gitmodules | 6 +
lass/5pkgs/autowifi | 1 +
lass/5pkgs/autowifi/autowifi.py | 228 --------------------------------
lass/5pkgs/autowifi/default.nix | 1 -
4 files changed, 7 insertions(+), 229 deletions(-)
create mode 160000 lass/5pkgs/autowifi
delete mode 100644 lass/5pkgs/autowifi/autowifi.py
delete mode 100644 lass/5pkgs/autowifi/default.nix
diff --git a/.gitmodules b/.gitmodules
index f35a9250d..15d1b41de 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,3 +4,9 @@
[submodule "submodules/krops"]
path = submodules/krops
url = https://cgit.krebsco.de/krops
+[submodule "lass/5pkgs/autowifi"]
+ path = lass/5pkgs/autowifi
+ url = https://github.com/Lassulus/autowifi
+[submodule "lass/5pkgs/--force"]
+ path = lass/5pkgs/--force
+ url = https://github.com/Lassulus/autowifi
diff --git a/lass/5pkgs/autowifi b/lass/5pkgs/autowifi
new file mode 160000
index 000000000..cf3ae8f6f
--- /dev/null
+++ b/lass/5pkgs/autowifi
@@ -0,0 +1 @@
+Subproject commit cf3ae8f6fe285eab67db4f36f9a3da3762c35317
diff --git a/lass/5pkgs/autowifi/autowifi.py b/lass/5pkgs/autowifi/autowifi.py
deleted file mode 100644
index fa3d007e7..000000000
--- a/lass/5pkgs/autowifi/autowifi.py
+++ /dev/null
@@ -1,228 +0,0 @@
-import subprocess
-import time
-import urllib.request
-import logging
-import argparse
-import socket
-import struct
-import signal
-import os
-
-wifiDB = ''
-logger = logging.getLogger()
-got_signal = False
-
-
-def signal_handler(signum, frame):
- global got_signal
- got_signal = True
-
-
-def get_default_gateway() -> str:
- """Read the default gateway directly from /proc."""
- with open("/proc/net/route") as fh:
- for line in fh:
- fields = line.strip().split()
- if fields[1] != '00000000' or not int(fields[3], 16) & 2:
- continue
-
- return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16)))
-
-
-def connect(ssid, psk=None):
- subprocess.run(
- ["nmcli", "connection", "delete", "autowifi"],
- stdout=subprocess.PIPE,
- )
- logging.info('connecting to %s', ssid)
- if psk is None:
- subprocess.run(
- [
- "nmcli",
- "device",
- "wifi",
- "connect",
- ssid,
- "name",
- "autowifi",
- ],
- stdout=subprocess.PIPE,
- )
- else:
- subprocess.run(
- [
- "nmcli",
- "device",
- "wifi",
- "connect",
- ssid,
- "name",
- "autowifi",
- "password",
- psk,
- ],
- stdout=subprocess.PIPE,
- )
- time.sleep(5)
-
-
-def scan():
- logging.debug('scanning wifis')
- wifis_raw = subprocess.check_output([
- "nmcli",
- "-t",
- "device",
- "wifi",
- "list",
- "--rescan",
- "yes",
- ])
- wifis_list = wifis_raw.split(b'\n')
- logging.debug('scanning wifis finished')
- wifis = []
- for line in wifis_list:
- logging.debug(line)
- ls = line.split(b':')
- if len(ls) == 8:
- wifis.append({
- "ssid": ls[1],
- "signal": int(ls[5]),
- "crypto": ls[7]
- })
- return wifis
-
-
-def get_known_wifis():
- wifis_lines = []
- with open(wifiDB) as f:
- wifis_lines = f.read().splitlines()
- wifis = []
- for line in wifis_lines:
- ls = line.split('/')
- wifis.append({"ssid": ls[0].encode(), "psk": ls[1].encode()})
- return wifis
-
-
-def check_network():
- logging.debug('checking network')
-
- global got_signal
- if got_signal:
- logging.info('got disconnect signal')
- got_signal = False
- return False
- else:
- gateway = get_default_gateway()
- if gateway:
- response = subprocess.run(
- [
- 'ping',
- '-q',
- '-c',
- '1',
- gateway,
- ],
- stdout=subprocess.PIPE,
- )
- if response.returncode == 0:
- logging.debug('host %s is up', gateway)
- return True
- else:
- logging.debug('host %s is down', gateway)
- return False
- else:
- logging.debug('no gateway')
- return False
-
-
-def check_internet():
- logging.debug('checking internet')
-
- try:
- with open('./dummy_internet') as f:
- dummy_content = f.read()
- if dummy_content == 'xxx\n':
- return True
- beacon = urllib.request.urlopen('http://krebsco.de/secret')
- except Exception as e: # noqa
- logging.debug(e)
- logging.info('no internet exc')
- return False
- if beacon.read() == b'1337\n':
- return True
- logging.info('no internet oh')
- return False
-
-
-def is_wifi_open(wifi):
- if wifi['crypto'] == b'':
- return True
- else:
- return False
-
-
-def is_wifi_seen(wifi, seen_wifis):
- for seen_wifi in seen_wifis:
- if seen_wifi["ssid"] == wifi["ssid"]:
- return True
- return False
-
-
-def main():
- parser = argparse.ArgumentParser()
-
- parser.add_argument(
- '-c', '--config',
- dest='config',
- help='wifi config file to use',
- default='/etc/wifis',
- )
-
- parser.add_argument(
- '-l', '--loglevel',
- dest='loglevel',
- help='loglevel to use',
- default=logging.INFO,
- )
-
- parser.add_argument(
- '-p', '--pidfile',
- dest='pidfile',
- help='file to write the pid to',
- default=None,
- )
-
- args = parser.parse_args()
-
- global wifiDB
- wifiDB = args.config
- logger.setLevel(args.loglevel)
-
- signal.signal(signal.SIGUSR1, signal_handler)
-
- if args.pidfile:
- with open(args.pidfile, 'w+') as f:
- f.write(str(os.getpid()))
-
- while True:
- if not check_network():
- wifis = scan()
- known_wifis = get_known_wifis()
- known_seen_wifis = [
- wifi for wifi in known_wifis if is_wifi_seen(wifi, wifis)
- ]
- for wifi in known_seen_wifis:
- connect(wifi['ssid'], wifi['psk'])
- if check_network():
- break
- open_wifis = filter(is_wifi_open, wifis)
- for wifi in open_wifis:
- connect(wifi['ssid'])
-
- if check_network():
- break
- time.sleep(10)
-
-
-if __name__ == '__main__':
- main()
diff --git a/lass/5pkgs/autowifi/default.nix b/lass/5pkgs/autowifi/default.nix
deleted file mode 100644
index d565a6bb6..000000000
--- a/lass/5pkgs/autowifi/default.nix
+++ /dev/null
@@ -1 +0,0 @@
-pkgs.writers.writePython3Bin "autowifi" {} ./autowifi.py
From 63d2b0eb8860df60f988f4ec940fabd83d654b3b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Nov 2019 10:14:07 +0100
Subject: [PATCH 34/67] nixpkgs-unstable: c196652 -> e89b215
---
krebs/nixpkgs-unstable.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index be96d5f7e..d77432258 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "c1966522d7d5fa54db068140d212cba18731dd98",
- "date": "2019-11-15T22:50:52+00:00",
- "sha256": "104481nxv0hi1rk3g0fjzyki1668p4b46bz0j3lsqv5gv1nm43vm",
+ "rev": "e89b21504f3e61e535229afa0b121defb52d2a50",
+ "date": "2019-11-19T07:59:43-05:00",
+ "sha256": "0jqcv3rfki3mwda00g66d27k6q2y7ca5mslrnshfpbdm7j8ya0kj",
"fetchSubmodules": false
}
From 1144633bd009f24180067e93f1e7fdc0deb41a8c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Nov 2019 10:21:25 +0100
Subject: [PATCH 35/67] nixpkgs: 07e6648 -> 4ad6f14
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index ba4b327f3..bb35a51b0 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "07e66484e679d0e28533543f762be20d6d425b66",
- "date": "2019-11-16T11:23:08+00:00",
- "sha256": "1d3n1yfp9xhl7nh377sp2wwnh0gscislg6gzj8sgdq169d18lgsg",
+ "rev": "4ad6f1404a8cd69a11f16edba09cc569e5012e42",
+ "date": "2019-11-23T00:42:36+01:00",
+ "sha256": "1pclh0hvma66g3yxrrh9rlzpscqk5ylypnmiczz1bwwrl8n21q3h",
"fetchSubmodules": false
}
From 5fa963b6bc879e1307978234c884e3a88d88c7a5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Nov 2019 18:15:14 +0100
Subject: [PATCH 36/67] delete mb
---
krebs/3modules/default.nix | 1 -
krebs/3modules/mb/default.nix | 151 ------
mb/1systems/gr33n/configuration.nix | 144 ------
mb/1systems/gr33n/hardware-configuration.nix | 37 --
mb/1systems/orange/configuration.nix | 238 ----------
mb/1systems/orange/hardware-configuration.nix | 28 --
mb/1systems/p1nk/configuration.nix | 227 ---------
mb/1systems/p1nk/hardware-configuration.nix | 29 --
mb/1systems/rofl/configuration.nix | 103 ----
mb/1systems/sunsh1n3/configuration.nix | 181 -------
.../sunsh1n3/hardware-configuration.nix | 29 --
mb/2configs/default.nix | 222 ---------
mb/2configs/google-compute-config.nix | 231 ---------
mb/2configs/headless.nix | 25 -
mb/2configs/neovimrc | 446 ------------------
mb/2configs/nvim.nix | 70 ---
mb/2configs/qemu-guest.nix | 19 -
mb/2configs/retiolum.nix | 33 --
mb/2configs/tests/dummy-secrets/retiolum.rsa | 4 -
mb/3modules/default.nix | 6 -
mb/3modules/hosts.nix | 12 -
mb/5pkgs/default.nix | 11 -
mb/default.nix | 14 -
mb/krops.nix | 54 ---
24 files changed, 2315 deletions(-)
delete mode 100644 krebs/3modules/mb/default.nix
delete mode 100644 mb/1systems/gr33n/configuration.nix
delete mode 100644 mb/1systems/gr33n/hardware-configuration.nix
delete mode 100644 mb/1systems/orange/configuration.nix
delete mode 100644 mb/1systems/orange/hardware-configuration.nix
delete mode 100644 mb/1systems/p1nk/configuration.nix
delete mode 100644 mb/1systems/p1nk/hardware-configuration.nix
delete mode 100644 mb/1systems/rofl/configuration.nix
delete mode 100644 mb/1systems/sunsh1n3/configuration.nix
delete mode 100644 mb/1systems/sunsh1n3/hardware-configuration.nix
delete mode 100644 mb/2configs/default.nix
delete mode 100644 mb/2configs/google-compute-config.nix
delete mode 100644 mb/2configs/headless.nix
delete mode 100644 mb/2configs/neovimrc
delete mode 100644 mb/2configs/nvim.nix
delete mode 100644 mb/2configs/qemu-guest.nix
delete mode 100644 mb/2configs/retiolum.nix
delete mode 100644 mb/2configs/tests/dummy-secrets/retiolum.rsa
delete mode 100644 mb/3modules/default.nix
delete mode 100644 mb/3modules/hosts.nix
delete mode 100644 mb/5pkgs/default.nix
delete mode 100644 mb/default.nix
delete mode 100644 mb/krops.nix
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index c770391c7..fcdbcbc19 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -103,7 +103,6 @@ let
{ krebs = import ./krebs { inherit config; }; }
{ krebs = import ./lass { inherit config; }; }
{ krebs = import ./makefu { inherit config; }; }
- { krebs = import ./mb { inherit config; }; }
{ krebs = import ./nin { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }
{ krebs = import ./tv { inherit config; }; }
diff --git a/krebs/3modules/mb/default.nix b/krebs/3modules/mb/default.nix
deleted file mode 100644
index 31e01c4ab..000000000
--- a/krebs/3modules/mb/default.nix
+++ /dev/null
@@ -1,151 +0,0 @@
-with import <stockholm/lib>;
-{ config, ... }: let
-
- hostDefaults = hostName: host: flip recursiveUpdate host {
- ci = true;
- owner = config.krebs.users.mb;
- };
-
-in {
- hosts = mapAttrs hostDefaults {
- orange = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.23";
- aliases = [
- "orange.r"
- "or4ng3.r"
- "0r4n93.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7P0CkmC5HWnTdgGFzmA
- zQuJzHSkSjcGgSkIt0pvqU6xi8P/d4eJlmeXeGTpH62JfM1xhEMpxMVd/4NOON2u
- IlWnfu5bB763145IJwE0HmZziWjQXWRPAZMqYdQ5f2Pvmxv1yr3uBNzr8UlV6BjD
- FXn8sCvikXttYzts9szlz5+pkY09qfiz48+DMzRBNO6JzXYQ9kPyS+TIXlGpN4Jp
- C1TRF38eF2DTEZ58Yx8Z99dGrXVuqlSe77fehTQGxCckTpaZ0HS3XfZNa/cas8JY
- /0RzH2n2AndnPirISDZ7r4ZIFuKAaivqaEkM8v7llI77URVB9ZJb/IqCrBzueAbt
- V/5ts2HpfBAUhw0RoiH8ql+IQZsuSOpRUC2gUN8460V4SQkVtDcsVTENiD+NM5Mg
- ImBv041CsW/rSJOilT2r/rWDN8RFnz/RrAQn+L31KXr81kg1TOLxO0ybs/eMJM3r
- RnHFZPiiKdqPlA60g0AnzKXPR2JTszHIgHHoRUW16I1WJeuAJNjg0JDQ0JM7pZ27
- JEaCc7uR12TPiuExKaNEaxKZVY1J0hzxOzF2MFIbAMVz/3K2ycvvuLxKojqIAXxA
- D+UtcOfJ62k2WnLXOEIZqFU0J2bvhxYUZOFS55wIn1UJF7hemD/LUFHBiWnuhwHk
- TAEl8M851t+Zp3hZeJzgx2kCAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- rofl = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.43";
- aliases = [
- "rofl.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnysdVVwxkmSroNUleYZm
- xdaIB9EdZYCo2xj3WyhsD2lWMpj51FzSH6Y052Vy1V1TCuIXIwjidpmMohBvflG8
- txKCaBGQOZbVqRgzyCDXsNisbr05ayYuHcRrXTpn5ask4HN0Vtx2uJOn8YmOxA0D
- VhyEnf8xWu+vi8dwDqRVR17QnPBYqgenzIBmAuRngvNqg6WZg+E9X2e1Dco/PMzb
- VW0AgC2+zFCl4+G7dEW7uhsI6IJLy4LsJuEN4TlvWAf7tfdFEnBzTfODW8quGdts
- 1Yzah4svPNNt9F1ZhOR/1bDsfVoOjI76BgB0G+ZZPQAGV1zxgn8DXSKi/tJTLNu1
- vj/n9sUJfXMYQdTAOkABghCyEDFUspPKCffQqUXUcJbLKY9fNssGGBeanMsobUQC
- Ch9z7kIJ52JDcP/D58z9Yf62P5ENqXzeVPCcodIOey1EizOu/FH3jVo52we1M5sp
- 1iM4hMc3ZINUBI9AA1nLWWlB3lBnErAXrhmMMHjcO4nO7/M0YU+EalkDB5eIhqiH
- QJx7VnOE2UZYU9Y0vVNSWfYocU12aABK98T7lr5Tde4dI1J81sk2MUZcbNHger3f
- NxpvNzOBpeC5xvq/ENCRR7MDf/59xWW5P5N7PbGprLQAi8cfdSoIEhSPz17Taq1f
- 3aAAePgBsZvRQozxXZfqp58CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- p1nk = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.42";
- aliases = [
- "p1nk.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5YVML71oW3iJrzZKuX48
- AKrGitO5zNvsAHOI8BVsGfZTyxAAZgG4OaDX45kr27K39NcBU43LdDD0I1yjNvGe
- zAoL5MIiCPD/QR1kAvLmgpMUSqOVvrk+uoGLVt6dOGvxlOiG1AAaN0gA8Q0B/jZV
- 4tZlBpZ7MX9xeK10wqVT56msN69P3EzKQn1uoVRrBxEnNvI1iqmmkgMLcrFVJFBQ
- 888Uuw9Hx5MO7ES/ATe8mt0zReUGvn91jYVVsPpmAopWnjCol271gflY0RomFXKy
- XaIuvbeF+3otF0+MNqJfm4IsAKJjvl92pjVX0f0eBCSPCYR7D1EtgQrqflLkZKZ8
- jBGDlgpsFWt/Omz1BYcuGZU/djM4+SNxr4YRYMi3lMix3s2PmHvm304I7eEEBlC9
- qy1jq/sLaf8mHJrF6Htl7W5WS/Famkwv/VreI92iHrhsmIDiX7OIbXzYDCxT/PQa
- 6uCm/3jIbcHG/ZHZ12H6thkafK0Aoe009+p1n+5Y7V2oNvYe3KzZTnCN5t6z1QHZ
- V5iypsd6lNDzlodjleTgGK8FmHGRPRdq1wb3eOLE8mWZj7ygDT50FwaC8FzAcHgC
- bLN/zlHvCbYmk9IJhktO3B6wtMrZl60+XCpb5rTulM94RirifFYsnTIDJApI11yb
- 3AYi5dQXHjab/lvj6917xa0CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- gr33n = {
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.123";
- aliases = [
- "gr33n.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqecLfk8TlGFF7JJpv8
- kjLFNgoNfu9FYRMNG4GSxWL5w+49n6b+GC5ciOC+RJ+N56jfB9JYE0MtbuOmkY5M
- JUphuvgOCNhTbBJsjnmG9n02evpxZn9HWypNC3oQCvY2K7vHpIxGKR5PyTVKPO0P
- OOYKAbCLD9F2bmuLaBQ/dFXFQxfu3tjvJI9mYDWBpSkh1mYeMZLw2xxnRZLs0bEO
- ZWdzxCh9UM/mgb4WYuNED9+sz7MSsaMPAqquarFCguUxhjp6rElGFcNWjXaxA5zt
- JGS6VompUViVSHjSaQ5/3VRKoIQjr4NOFYQqLpmB5S2OpiggV6I9OpB7QUGlvcYd
- I3j+1AeK11HuEyPqSwxjNCCrI12bSIo3685BPHbl+AMhWGhzrCkAGcOCbAefreXQ
- 5v4SaKUIDlCYhN+vyNdlu2jvqQlxfJrPAfBt+jJBK6gMcAEKc7P/Oj4B9Fsl331X
- s0kWH5G9t6OhO/Of8/kb2/P+YEbM6zi1QQdZAOr6Cg0y4cMt9zxLWknaM4yEDAXH
- oSM33PTv9DOvBjfxRXqOHqOHRq5ayqZdIFgfLUlPTdbWRkhNzjG8f7k7p32m20A6
- Kal+OF//I2c9E9vKFzyepyTcnwi3B8+cFJ74+XYaNApdwHSb1BU/+c3O9RJExZGV
- jtTSbSJHU5esECtAuXy1XH8CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- sunsh1n3 = {
- ci = false;
- nets = {
- retiolum = {
- ip4.addr = "10.243.42.142";
- aliases = [
- "sunsh1n3.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo2VCqp6mUbyo3n+1XpKf
- QavpgRYQyv9wAZzYSYHjxThuLmNb/wERPbWJFMZfAGuku0blKWJISSgFWd9YL7dU
- pZQZxfqo/9xnS/r0xIKrKSsBiTZt7JZmTQzj1ri11TIO0S1QPjIP5HsxlZZAw0nz
- idEDlKmgWs74FPdezlXqvJyEUKDqL/ZQBtdhZZIDMkSJnCdBzXxKwv+uLVE46ZBf
- 4HrtQjcj+dyVMogMIoseAgf5lS6V3pyCM7/NHZFxrIxoIAxSsUoB59i2EbK6aUK5
- yuiWHI6ZHToxN2K/0SX96hzxcwrUmdk49tTHBY0Zhn2ku6NjQPU3LuxgIwrSaSJD
- /KWh6XkqR7EsCVN0AIsLvFelI2ckSyNyAlnYbMAHDt7GwHlNp4Lsy+x4ZQ6m0xTY
- Z+/jt6sfoMiulPcwWEpqNCCf5A65lF77DldQhH3qYrdQ756n/kOqSfQtPCnVNYXy
- LlN5rKCOgxKxxtKkwMUif2OM9RPHpM7wS09Rvek6zpL9ymhU5THF7UylLKxKGjYj
- 6dTooyRVQRJdrwIYLrJIy0MfGyYiGAJxf/C0KOOZnJPCW2b51+bo5Zh+BhKZYN8H
- C2DEGc8+4h5hX1TAaUfTpfVm3mMTh8H2m9N8Pdl5ji+A0m0IwHDLQyaoskcxSjvU
- 9IxYLfkSD6AJqasnHlz0L08CAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- };
- };
- users = {
- mb = {
- mail = "mb0@codemonkey.cc";
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCHAdKGHP/De/GLEsPo5RBfbaiiitMw4Y/akOekJbImswT6Np2lzqno/WBJcfVs3D39wgPKNld4P/QZc5IwxC26q/PnBFu93KES0GqnlAqUNE63IOJ8UzNdyEqWggnRiLrBU+ZgyFZvmqp6NoSO4YEGEK4RZRMJM/GcAuQMj/nGjx2AHwPGZCkIRgz8/ctBOzX1/knZd3cOnNowH1wlqUKX6UcEzJdAVDQijHF1wl0Ri8tJKq9u8s/fw+1PSOpOHaeF1BALsXSKgeJDqUCTnZW5mAVUWJ86LvvyfCP4In9lhhLisbDm2cD96QaVvJyV6HfmegdSxZ1Phh+9Qz+3WhDJRedBTSKWfK/9j7VWSb+z/KV37q72W25ZfFMSay58LmCqn3v5fGt9qj4nlPw0By4baGLiGlA7xyvkJfdt8ZVPps5d2g6UprTbSA79lYN4qtWKq2Z9t317xch7Lix6EunQcoTkJ6QXEbDrAIk3zvkWr/CtpwEhNcSdWvQsua42dkD2oOI2F2IgFyYgOx9Iba2yj8A0TD2iqfYVhsJIYuk12QfeaR7ovQ6DhHlUxyQzeF6h0Y+I4AN6Sq/Mmj/cxfQoIaAEybUQMX+7KjFceIszT3JbGlz7DCxi7DMmNYuc7LELMRG3jNAOk+fW8u42Bhgc44tzvAondojerUGqCbUDw== mb0@codemonkey.cc";
- };
- };
-}
diff --git a/mb/1systems/gr33n/configuration.nix b/mb/1systems/gr33n/configuration.nix
deleted file mode 100644
index dcf987791..000000000
--- a/mb/1systems/gr33n/configuration.nix
+++ /dev/null
@@ -1,144 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.gr33n;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.allowUnfree = true;
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override {
- pkcs11Support = true;
- useSystemd = false;
- };
- };
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- environment.systemPackages = with pkgs; [
- curl
- fish
- git
- htop
- nmap
- ranger
- tcpdump
- tmux
- traceroute
- tree
- vim
- wcalc
- wget
- xz
- zbackup
- ];
-
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
-
- sound.enable = false;
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- services.codimd = {
- enable = true;
- workDir = "/storage/codimd";
- configuration = {
- port = 1337;
- host = "0.0.0.0";
- db = {
- dialect = "sqlite";
- storage = "/storage/codimd/db.codimd.sqlite";
- };
- };
- };
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/gr33n/hardware-configuration.nix b/mb/1systems/gr33n/hardware-configuration.nix
deleted file mode 100644
index 1d13b8dc7..000000000
--- a/mb/1systems/gr33n/hardware-configuration.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- boot.initrd.mdadmConf = ''
- ARRAY /dev/md0 level=raid6 num-devices=4 metadata=1.2 name=gr33n:0 UUID=5b715fd9:0be6bfa6:19f07db4:c16836d6
- devices=/dev/sda1,/dev/sdb1,/dev/sdc1,/dev/sdd1
- '';
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/a9f2c19b-f60f-450c-87f1-146a54c4198b";
- fsType = "ext4";
- };
- fileSystems."/storage" =
- { device = "/dev/disk/by-label/storage";
- fsType = "ext4";
- };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/93EB-BCA3";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/1systems/orange/configuration.nix b/mb/1systems/orange/configuration.nix
deleted file mode 100644
index b43bd8a0f..000000000
--- a/mb/1systems/orange/configuration.nix
+++ /dev/null
@@ -1,238 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- <stockholm/mb/2configs/nvim.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.orange;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
- boot.extraModulePackages = with config.boot.kernelPackages; [ wireguard ];
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/09a36f91-a713-4b82-8b41-4e7a6acc4acf";
- preLVM = true;
- allowDiscards = true;
- }
- ];
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
-
- # Select internationalisation properties.
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- environment.systemPackages = with pkgs; [
- adapta-gtk-theme
- aircrackng
- ag
- arandr
- binutils
- chromium
- cifs-utils
- curl
- evince
- exfat
- feh
- file
- firefox
- freetype
- gimp
- git
- gnupg
- graphite2
- hicolor_icon_theme
- htop
- i3lock
- jq
- keepassx2
- kvm
- lxappearance
- man-pages
- moc
- mpv
- mpvc
- mupdf
- ncdu
- nmap
- openvpn
- pass
- p7zip
- powertop
- ranger
- rofi
- sshfs
- tcpdump
- tmux
- traceroute
- tree
- unstable.alacritty
- unstable.ponyc
- unstable.sublime3
- unstable.youtube-dl
- virt-viewer
- virtmanager
- vulnix
- wcalc
- wget
- xz
- zbackup
- ];
-
- environment.variables = {
- EDITOR = ["nvim"];
- };
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- virtualisation.libvirtd.enable = true;
- #virtualisation.kvmgt.enable = true;
-
- programs.gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
-
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
- nixpkgs.config.pulseaudio = true;
-
- services.xserver = {
- enable = true;
- layout = "de";
- xkbVariant = "nodeadkeys";
- libinput.enable = true;
- desktopManager = {
- default = "xfce";
- xterm.enable = false;
- xfce = {
- enable = true;
- noDesktop = true;
- enableXfwm = false;
- };
- };
- windowManager.ratpoison.enable = true;
- };
-
- services.openssh.enable = true;
- #services.openssh.permitRootLogin = "yes";
- services.openssh.passwordAuthentication = false;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- #networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.maxJobs = 4;
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/orange/hardware-configuration.nix b/mb/1systems/orange/hardware-configuration.nix
deleted file mode 100644
index 8aa191269..000000000
--- a/mb/1systems/orange/hardware-configuration.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/b1d32c54-35f8-4bf1-9fd2-82adc760af01";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/BF9B-03A2";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
-}
diff --git a/mb/1systems/p1nk/configuration.nix b/mb/1systems/p1nk/configuration.nix
deleted file mode 100644
index 19efc75b0..000000000
--- a/mb/1systems/p1nk/configuration.nix
+++ /dev/null
@@ -1,227 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- <stockholm/mb/2configs/nvim.nix>
- ];
-
- krebs.build.host = config.krebs.hosts.p1nk;
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/0392257b-f6cf-484d-8c46-e20aab4fddb7";
- preLVM = true;
- allowDiscards = true;
- }
- ];
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
- fileSystems."/mnt/public" = {
- device = "//192.168.0.4/public";
- fsType = "cifs";
- options = let
- automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
- in [ "${automount_opts},user,rw,username=mb0,iocharset=utf8,credentials=${config.users.users.mb.home}/.smbcredentials" ];
- };
-
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- nixpkgs.config.packageOverrides = super: {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = false; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- adapta-gtk-theme
- aircrackng
- ag
- arandr
- binutils
- chromium
- cifs-utils
- curl
- evince
- exfat
- feh
- file
- firefox
- freetype
- gimp
- git
- gnupg
- graphite2
- hicolor_icon_theme
- htop
- i3lock
- jq
- keepassx2
- kvm
- lxappearance
- man-pages
- moc
- mpv
- mpvc
- mupdf
- ncdu
- nmap
- openvpn
- pass
- p7zip
- powertop
- ranger
- rofi
- sshfs
- tcpdump
- tmux
- traceroute
- tree
- unstable.alacritty
- unstable.ponyc
- unstable.sublime3
- youtube-dl
- virt-viewer
- virtmanager
- vulnix
- wcalc
- wget
- xz
- zbackup
- ];
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- virtualisation.libvirtd.enable = true;
- virtualisation.kvmgt.enable = true;
-
- programs.gnupg.agent = {
- enable = true;
- enableSSHSupport = true;
- };
-
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
-
- services.xserver = {
- enable = true;
- layout = "de";
- xkbOptions = "nodeadkeys";
- libinput.enable = true;
- desktopManager = {
- default = "xfce";
- xterm.enable = false;
- xfce = {
- enable = true;
- noDesktop = true;
- enableXfwm = false;
- };
- };
- windowManager.ratpoison.enable = true;
- windowManager.pekwm.enable = true;
- };
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- krebs.iptables.enable = true;
- networking.networkmanager.enable = false;
- networking.wireless.enable = true;
- networking.nameservers = [ "8.8.8.8" "141.1.1.1" ];
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color magenta) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.maxJobs = 4;
- nix.buildCores = 4;
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/p1nk/hardware-configuration.nix b/mb/1systems/p1nk/hardware-configuration.nix
deleted file mode 100644
index ab5b6e204..000000000
--- a/mb/1systems/p1nk/hardware-configuration.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/4cc2add6-ed19-4685-bbd9-b992bd8d51fb";
- fsType = "btrfs";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/9F87-AEAA";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/1systems/rofl/configuration.nix b/mb/1systems/rofl/configuration.nix
deleted file mode 100644
index 3c5c56c84..000000000
--- a/mb/1systems/rofl/configuration.nix
+++ /dev/null
@@ -1,103 +0,0 @@
-{ config, pkgs, callPackage, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- <stockholm/mb/2configs/google-compute-config.nix>
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.rofl;
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.allowUnfree = true;
-
- environment.shellAliases = {
- ll = "ls -alh";
- ls = "ls --color=tty";
- };
-
- environment.systemPackages = with pkgs; [
- curl
- fish
- git
- htop
- nmap
- ranger
- tcpdump
- tmux
- traceroute
- tree
- vim
- xz
- zbackup
- ];
-
- sound.enable = false;
-
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- networking.wireless.enable = false;
- networking.networkmanager.enable = false;
- krebs.iptables.enable = true;
- networking.enableIPv6 = false;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color green) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- system.autoUpgrade.enable = false;
- system.autoUpgrade.channel = "https://nixos.org/channels/nixos-19.03";
- system.stateVersion = "19.03";
-
-}
diff --git a/mb/1systems/sunsh1n3/configuration.nix b/mb/1systems/sunsh1n3/configuration.nix
deleted file mode 100644
index 633d122ea..000000000
--- a/mb/1systems/sunsh1n3/configuration.nix
+++ /dev/null
@@ -1,181 +0,0 @@
-
-{ config, pkgs, ... }: let
- unstable = import <nixpkgs-unstable> { config = { allowUnfree = true; }; };
-in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- <stockholm/mb>
- ];
-
- krebs.build.host = config.krebs.hosts.sunsh1n3;
-
- boot.kernelPackages = pkgs.linuxPackages_latest;
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- fileSystems."/".options = [ "noatime" "nodiratime" "discard" ];
-
- boot.initrd.luks.devices = [
- {
- name = "root";
- device = "/dev/disk/by-uuid/5354ba31-c7de-4b55-8f86-a2a437dfbb21";
- preLVM = true;
- allowDiscards = true;
- }
- ];
-
- i18n = {
- consoleFont = "Lat2-Terminus16";
- consoleKeyMap = "de";
- defaultLocale = "en_US.UTF-8";
- };
-
- time.timeZone = "Europe/Berlin";
-
- nixpkgs.config.packageOverrides = super : {
- openvpn = super.openvpn.override { pkcs11Support = true; useSystemd = true ; };
- };
-
- nixpkgs.config.allowUnfree = true;
-
- fonts = {
- enableCoreFonts = true;
- enableGhostscriptFonts = true;
- fonts = with pkgs; [
- anonymousPro
- corefonts
- dejavu_fonts
- envypn-font
- fira
- gentium
- gohufont
- inconsolata
- liberation_ttf
- powerline-fonts
- source-code-pro
- terminus_font
- ttf_bitstream_vera
- ubuntu_font_family
- unifont
- unstable.cherry
- xorg.fontbitstream100dpi
- xorg.fontbitstream75dpi
- xorg.fontbitstreamtype1
- ];
- };
-
- environment.systemPackages = with pkgs; [
- wget vim git curl fish
- ag
- chromium
- firefox
- gimp
- p7zip
- htop
- mpv
- mpvc
- nmap
- ntfs3g
- keepassx2
- sshfs
- #unstable.skrooge
- skrooge
- unstable.alacritty
- tmux
- tree
- wcalc
- virtmanager
- virt-viewer
- (wine.override { wineBuild = "wineWow"; })
- xz
- zbackup
- ];
-
- virtualisation.libvirtd.enable = true;
- virtualisation.kvmgt.enable = true;
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
-
- programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
- programs.dconf.enable = true;
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
- services.openssh.passwordAuthentication = false;
-
- krebs.iptables.enable = true;
- #networking.wireless.enable = true;
- networking.networkmanager.enable = true;
- networking.enableIPv6 = false;
-
- # Enable sound.
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- hardware.pulseaudio.support32Bit = true;
- nixpkgs.config.pulseaudio = true;
-
- services.xserver.enable = true;
- services.xserver.layout = "de";
- services.xserver.xkbOptions = "nodeadkeys";
- services.xserver.libinput.enable = true;
-
- # Enable the KDE Desktop Environment.
- services.xserver.displayManager.sddm.enable = true;
- services.xserver.desktopManager.plasma5.enable = true;
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- nix.buildCores = 4;
-
- system.stateVersion = "19.09";
-
-}
diff --git a/mb/1systems/sunsh1n3/hardware-configuration.nix b/mb/1systems/sunsh1n3/hardware-configuration.nix
deleted file mode 100644
index 2beee7c4f..000000000
--- a/mb/1systems/sunsh1n3/hardware-configuration.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, ... }:
-
-{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/a3257922-d2d4-45ae-87cc-cc38d32e0774";
- fsType = "ext4";
- };
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/60A6-4DAB";
- fsType = "vfat";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 4;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/mb/2configs/default.nix b/mb/2configs/default.nix
deleted file mode 100644
index 3066d1c36..000000000
--- a/mb/2configs/default.nix
+++ /dev/null
@@ -1,222 +0,0 @@
-with import <stockholm/lib>;
-{ config, pkgs, ... }:
-{
- imports = [
- {
- users.users = {
- root = {
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- mb = {
- name = "mb";
- uid = 1337;
- home = "/home/mb";
- group = "users";
- createHome = true;
- shell = "/run/current-system/sw/bin/fish";
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "kvm"
- "qemu-libvirtd"
- "libvirtd"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- xo = {
- name = "xo";
- uid = 2323;
- home = "/home/xo";
- group = "users";
- createHome = true;
- shell = "/run/current-system/sw/bin/fish";
- extraGroups = [
- "audio"
- "video"
- "fuse"
- "wheel"
- "kvm"
- "qemu-libvirtd"
- "libvirtd"
- ];
- openssh.authorizedKeys.keys = [
- config.krebs.users.mb.pubkey
- ];
- };
- };
- }
- {
- environment.variables = {
- NIX_PATH = mkForce "secrets=/var/src/stockholm/null:/var/src";
- };
- }
- (let ca-bundle = "/etc/ssl/certs/ca-bundle.crt"; in {
- environment.variables = {
- CURL_CA_BUNDLE = ca-bundle;
- GIT_SSL_CAINFO = ca-bundle;
- SSL_CERT_FILE = ca-bundle;
- };
- })
- ];
-
- networking.hostName = config.krebs.build.host.name;
-
- krebs = {
- enable = true;
- build.user = config.krebs.users.mb;
- };
-
- users.mutableUsers = true;
-
- services.timesyncd.enable = mkForce true;
-
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
-
- # multiple-definition-problem when defining environment.variables.EDITOR
- environment.extraInit = ''
- EDITOR=vim
- '';
-
- nixpkgs.config.allowUnfree = true;
-
- environment.systemPackages = with pkgs; [
- #stockholm
- git
- git-preview
- gnumake
- jq
- parallel
- proot
- populate
-
- #style
- most
- rxvt_unicode.terminfo
-
- #monitoring tools
- htop
- iotop
-
- #network
- iptables
- iftop
- tcpdump
-
- #stuff for dl
- aria2
-
- #neat utils
- fish
- file
- kpaste
- krebspaste
- mosh
- pciutils
- psmisc
- tmux
- untilport
- usbutils
-
- #unpack stuff
- p7zip
-
- (pkgs.writeDashBin "sshn" ''
- ${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"
- '')
- ];
-
- services.openssh = {
- enable = true;
- permitRootLogin = "yes";
- passwordAuthentication = false;
- hostKeys = [
- # XXX bits here make no science
- { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
- ];
- };
-
- programs.fish = {
- enable = true;
- shellInit = ''
- function ssh_agent --description 'launch the ssh-agent and add the id_rsa identity'
- if begin
- set -q SSH_AGENT_PID
- and kill -0 $SSH_AGENT_PID
- and grep -q '^ssh-agent' /proc/$SSH_AGENT_PID/cmdline
- end
- echo "ssh-agent running on pid $SSH_AGENT_PID"
- else
- eval (command ssh-agent -c | sed 's/^setenv/set -Ux/')
- end
- set -l identity $HOME/.ssh/id_rsa
- set -l fingerprint (ssh-keygen -lf $identity | awk '{print $2}')
- ssh-add -l | grep -q $fingerprint
- or ssh-add $identity
- end
- '';
- promptInit = ''
- function fish_prompt --description 'Write out the prompt'
- set -l color_cwd
- set -l suffix
- set -l nix_shell_info (
- if test "$IN_NIX_SHELL" != ""
- echo -n " <nix-shell>"
- end
- )
- switch "$USER"
- case root toor
- if set -q fish_color_cwd_root
- set color_cwd $fish_color_cwd_root
- else
- set color_cwd $fish_color_cwd
- end
- set suffix '#'
- case '*'
- set color_cwd $fish_color_cwd
- set suffix '>'
- end
-
- echo -n -s "$USER" @ (set_color yellow) (prompt_hostname) (set_color normal) "$nix_shell_info" ' ' (set_color $color_cwd) (prompt_pwd) (set_color normal) "$suffix "
- end
- '';
- };
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
-
- krebs.iptables = {
- enable = true;
- tables = {
- nat.PREROUTING.rules = [
- { predicate = "! -i retiolum -p tcp -m tcp --dport 22"; target = "REDIRECT --to-ports 0"; precedence = 100; }
- { predicate = "-p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 99; }
- ];
- nat.OUTPUT.rules = [
- { predicate = "-o lo -p tcp -m tcp --dport 45621"; target = "REDIRECT --to-ports 22"; precedence = 100; }
- ];
- filter.INPUT.policy = "DROP";
- filter.FORWARD.policy = "DROP";
- filter.INPUT.rules = [
- { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";}
- { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
- { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
- { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
- { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
- { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
- { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
- { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; }
- { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; }
- ];
- };
- };
-}
diff --git a/mb/2configs/google-compute-config.nix b/mb/2configs/google-compute-config.nix
deleted file mode 100644
index b201bd4b8..000000000
--- a/mb/2configs/google-compute-config.nix
+++ /dev/null
@@ -1,231 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
- gce = pkgs.google-compute-engine;
-in
-{
- imports = [
- ./headless.nix
- ./qemu-guest.nix
- ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-label/nixos";
- autoResize = true;
- };
-
- boot.growPartition = true;
- boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
- boot.initrd.kernelModules = [ "virtio_scsi" ];
- boot.kernelModules = [ "virtio_pci" "virtio_net" ];
-
- # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd.
- boot.loader.grub.device = "/dev/sda";
- boot.loader.timeout = 0;
-
- # Don't put old configurations in the GRUB menu. The user has no
- # way to select them anyway.
- boot.loader.grub.configurationLimit = 0;
-
- # Allow root logins only using the SSH key that the user specified
- # at instance creation time.
- #services.openssh.enable = true;
- #services.openssh.permitRootLogin = "prohibit-password";
- #services.openssh.passwordAuthentication = mkDefault false;
-
- # Use GCE udev rules for dynamic disk volumes
- services.udev.packages = [ gce ];
-
- # Force getting the hostname from Google Compute.
- networking.hostName = mkDefault "";
-
- # Always include cryptsetup so that NixOps can use it.
- environment.systemPackages = [ pkgs.cryptsetup ];
-
- # Make sure GCE image does not replace host key that NixOps sets
- environment.etc."default/instance_configs.cfg".text = lib.mkDefault ''
- [InstanceSetup]
- set_host_keys = false
- '';
-
- # Rely on GCP's firewall instead
- networking.firewall.enable = mkDefault false;
-
- # Configure default metadata hostnames
- networking.extraHosts = ''
- 169.254.169.254 metadata.google.internal metadata
- '';
-
- networking.timeServers = [ "metadata.google.internal" ];
-
- networking.usePredictableInterfaceNames = false;
-
- # GC has 1460 MTU
- networking.interfaces.eth0.mtu = 1460;
-
- security.googleOsLogin.enable = true;
-
- systemd.services.google-clock-skew-daemon = {
- description = "Google Compute Engine Clock Skew Daemon";
- after = [
- "network.target"
- "google-instance-setup.service"
- "google-network-setup.service"
- ];
- requires = ["network.target"];
- wantedBy = ["multi-user.target"];
- serviceConfig = {
- Type = "simple";
- ExecStart = "${gce}/bin/google_clock_skew_daemon --debug";
- };
- };
-
- systemd.services.google-instance-setup = {
- description = "Google Compute Engine Instance Setup";
- after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service"];
- before = ["sshd.service"];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "sshd.service" "multi-user.target" ];
- path = with pkgs; [ ethtool openssh ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_instance_setup --debug";
- Type = "oneshot";
- };
- };
-
- systemd.services.google-network-daemon = {
- description = "Google Compute Engine Network Daemon";
- after = ["local-fs.target" "network-online.target" "network.target" "rsyslog.service" "google-instance-setup.service"];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- requires = ["network.target"];
- partOf = ["network.target"];
- wantedBy = [ "multi-user.target" ];
- path = with pkgs; [ iproute ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_network_daemon --debug";
- };
- };
-
- systemd.services.google-shutdown-scripts = {
- description = "Google Compute Engine Shutdown Scripts";
- after = [
- "local-fs.target"
- "network-online.target"
- "network.target"
- "rsyslog.service"
- "systemd-resolved.service"
- "google-instance-setup.service"
- "google-network-daemon.service"
- ];
- wants = [ "local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${pkgs.coreutils}/bin/true";
- ExecStop = "${gce}/bin/google_metadata_script_runner --debug --script-type shutdown";
- Type = "oneshot";
- RemainAfterExit = true;
- TimeoutStopSec = "infinity";
- };
- };
-
- systemd.services.google-startup-scripts = {
- description = "Google Compute Engine Startup Scripts";
- after = [
- "local-fs.target"
- "network-online.target"
- "network.target"
- "rsyslog.service"
- "google-instance-setup.service"
- "google-network-daemon.service"
- ];
- wants = ["local-fs.target" "network-online.target" "network.target"];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${gce}/bin/google_metadata_script_runner --debug --script-type startup";
- KillMode = "process";
- Type = "oneshot";
- };
- };
-
-
- # Settings taken from https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
- boot.kernel.sysctl = {
- # Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
- # of TCP functionality/features under normal conditions. When flood
- # protections kick in under high unanswered-SYN load, the system
- # should remain more stable, with a trade off of some loss of TCP
- # functionality/features (e.g. TCP Window scaling).
- "net.ipv4.tcp_syncookies" = mkDefault "1";
-
- # ignores source-routed packets
- "net.ipv4.conf.all.accept_source_route" = mkDefault "0";
-
- # ignores source-routed packets
- "net.ipv4.conf.default.accept_source_route" = mkDefault "0";
-
- # ignores ICMP redirects
- "net.ipv4.conf.all.accept_redirects" = mkDefault "0";
-
- # ignores ICMP redirects
- "net.ipv4.conf.default.accept_redirects" = mkDefault "0";
-
- # ignores ICMP redirects from non-GW hosts
- "net.ipv4.conf.all.secure_redirects" = mkDefault "1";
-
- # ignores ICMP redirects from non-GW hosts
- "net.ipv4.conf.default.secure_redirects" = mkDefault "1";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.ip_forward" = mkDefault "0";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.conf.all.send_redirects" = mkDefault "0";
-
- # don't allow traffic between networks or act as a router
- "net.ipv4.conf.default.send_redirects" = mkDefault "0";
-
- # reverse path filtering - IP spoofing protection
- "net.ipv4.conf.all.rp_filter" = mkDefault "1";
-
- # reverse path filtering - IP spoofing protection
- "net.ipv4.conf.default.rp_filter" = mkDefault "1";
-
- # ignores ICMP broadcasts to avoid participating in Smurf attacks
- "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1";
-
- # ignores bad ICMP errors
- "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1";
-
- # logs spoofed, source-routed, and redirect packets
- "net.ipv4.conf.all.log_martians" = mkDefault "1";
-
- # log spoofed, source-routed, and redirect packets
- "net.ipv4.conf.default.log_martians" = mkDefault "1";
-
- # implements RFC 1337 fix
- "net.ipv4.tcp_rfc1337" = mkDefault "1";
-
- # randomizes addresses of mmap base, heap, stack and VDSO page
- "kernel.randomize_va_space" = mkDefault "2";
-
- # Reboot the machine soon after a kernel panic.
- "kernel.panic" = mkDefault "10";
-
- ## Not part of the original config
-
- # provides protection from ToCToU races
- "fs.protected_hardlinks" = mkDefault "1";
-
- # provides protection from ToCToU races
- "fs.protected_symlinks" = mkDefault "1";
-
- # makes locating kernel addresses more difficult
- "kernel.kptr_restrict" = mkDefault "1";
-
- # set ptrace protections
- "kernel.yama.ptrace_scope" = mkOverride 500 "1";
-
- # set perf only available to root
- "kernel.perf_event_paranoid" = mkDefault "2";
- };
-}
diff --git a/mb/2configs/headless.nix b/mb/2configs/headless.nix
deleted file mode 100644
index 46a9b6a7d..000000000
--- a/mb/2configs/headless.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Common configuration for headless machines (e.g., Amazon EC2
-# instances).
-
-{ lib, ... }:
-
-with lib;
-
-{
- boot.vesa = false;
-
- # Don't start a tty on the serial consoles.
- systemd.services."serial-getty@ttyS0".enable = false;
- systemd.services."serial-getty@hvc0".enable = false;
- systemd.services."getty@tty1".enable = false;
- systemd.services."autovt@".enable = false;
-
- # Since we can't manually respond to a panic, just reboot.
- boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
-
- # Don't allow emergency mode, because we don't have a console.
- systemd.enableEmergencyMode = false;
-
- # Being headless, we don't need a GRUB splash image.
- boot.loader.grub.splashImage = null;
-}
diff --git a/mb/2configs/neovimrc b/mb/2configs/neovimrc
deleted file mode 100644
index 8dbeaec7b..000000000
--- a/mb/2configs/neovimrc
+++ /dev/null
@@ -1,446 +0,0 @@
-
-"*****************************************************************************
-"" Functions
-"*****************************************************************************
-
-function! GetBufferList()
- redir =>buflist
- silent! ls!
- redir END
- return buflist
-endfunction
-
-function! ToggleList(bufname, pfx)
- let buflist = GetBufferList()
- for bufnum in map(filter(split(buflist, '\n'), 'v:val =~ "'.a:bufname.'"'), 'str2nr(matchstr(v:val, "\\d\\+"))')
- if bufwinnr(bufnum) != -1
- exec(a:pfx.'close')
- return
- endif
- endfor
- if a:pfx == 'l' && len(getloclist(0)) == 0
- echohl ErrorMsg
- echo "Location List is Empty."
- return
- endif
- let winnr = winnr()
- exec(a:pfx.'open')
- if winnr() != winnr
- wincmd p
- endif
-endfunction
-
-
-"*****************************************************************************
-"" Basic Setup
-"*****************************************************************************"
-" General
-let no_buffers_menu=1
-syntax on
-set ruler
-set number
-set mousemodel=popup
-set t_Co=256
-set guioptions=egmrti
-set gfn=Monospace\ 10
-
-" TODO: Testing if this works against automatically setting paste mode
-" Issue: https://github.com/neovim/neovim/issues/7994
-au InsertLeave * set nopaste
-
-
-" undofile - This allows you to use undos after exiting and restarting
-" This, like swap and backups, uses .vim-undo first, then ~/.vim/undo
-" :help undo-persistence
-if exists("+undofile")
- if isdirectory($HOME . '/.vim/undo') == 0
- :silent !mkdir -p ~/.vim/undo > /dev/null 2>&1
- endif
- set undodir=./.vim-undo//
- set undodir+=~/.vim/undo//
- set undofile
-endif
-
-" Encoding
-set encoding=utf-8
-set fileencoding=utf-8
-set fileencodings=utf-8
-set bomb
-set binary
-
-" Fix backspace indent
-set backspace=indent,eol,start
-
-" Tabs. May be overriten by autocmd rules
-set tabstop=4
-set softtabstop=0
-set shiftwidth=4
-set expandtab
-
-" Map leader to ,
-let mapleader=','
-
-" Enable hidden buffers
-set hidden
-
-" Searching
-set hlsearch
-set incsearch
-set ignorecase
-set smartcase
-
-" Directories for swp files
-set nobackup
-set noswapfile
-
-set fileformats=unix,dos,mac
-
-" File overview
-set wildmode=list:longest,list:full
-set wildignore+=*.o,*.obj,.git,*.rbc,*.pyc,__pycache__
-
-" Shell to emulate
-if exists('$SHELL')
- set shell=$SHELL
-else
- set shell=/bin/bash
-endif
-
-" Set color scheme
-colorscheme molokai
-
-"Show always Status bar
-set laststatus=2
-
-" Use modeline overrides
-set modeline
-set modelines=10
-
-" Set terminal title
-set title
-set titleold="Terminal"
-set titlestring=%F
-
-" search will center on the line it's found in.
-nnoremap n nzzzv
-nnoremap N Nzzzv
-
-
-
-"*****************************************************************************
-"" Abbreviations
-"*****************************************************************************
-" no one is really happy until you have this shortcuts
-cnoreabbrev W! w!
-cnoreabbrev Q! q!
-cnoreabbrev Qall! qall!
-cnoreabbrev Wq wq
-cnoreabbrev Wa wa
-cnoreabbrev wQ wq
-cnoreabbrev WQ wq
-cnoreabbrev W w
-cnoreabbrev Q q
-cnoreabbrev Qall qall
-
-" NERDTree configuration
-let g:NERDTreeChDirMode=2
-let g:NERDTreeIgnore=['\.rbc$', '\~$', '\.pyc$', '\.db$', '\.sqlite$', '__pycache__']
-let g:NERDTreeSortOrder=['^__\.py$', '\/$', '*', '\.swp$', '\.bak$', '\~$']
-let g:NERDTreeShowBookmarks=1
-let g:nerdtree_tabs_focus_on_files=1
-let g:NERDTreeMapOpenInTabSilent = '<RightMouse>'
-let g:NERDTreeWinSize = 50
-set wildignore+=*/tmp/*,*.so,*.swp,*.zip,*.pyc,*.db,*.sqlite
-nnoremap <silent> <F1> :NERDTreeFind<CR>
-nnoremap <silent> <F2> :NERDTreeToggle<CR>
-
-" open terminal emulation
-nnoremap <silent> <leader>sh :terminal<CR>:startinsert<CR>
-
-"*****************************************************************************
-"" Autocmd Rules
-"*****************************************************************************
-"" The PC is fast enough, do syntax highlight syncing from start unless 200 lines
-augroup vimrc-sync-fromstart
- autocmd!
- autocmd BufEnter * :syntax sync maxlines=200
-augroup END
-
-" Nasm filetype
-augroup nasm
- autocmd!
- autocmd BufRead,BufNewFile *.nasm set ft=nasm
-augroup END
-
-" Binary filetype
-augroup Binary
- au!
- au BufReadPre *.bin,*.exe,*.elf let &bin=1
- au BufReadPost *.bin,*.exe,*.elf if &bin | %!xxd
- au BufReadPost *.bin,*.exe,*.elf set ft=xxd | endif
- au BufWritePre *.bin,*.exe,*.elf if &bin | %!xxd -r
- au BufWritePre *.bin,*.exe,*.elf endif
- au BufWritePost *.bin,*.exe,*.elf if &bin | %!xxd
- au BufWritePost *.bin,*.exe,*.elf set nomod | endif
-augroup END
-
-" Binary filetype
-augroup fasm
- au!
- au BufReadPost *.fasm set ft=fasm
-augroup END
-
-augroup deoplete-update
- autocmd!
- autocmd VimEnter * UpdateRemotePlugin
-augroup END
-
-"" Remember cursor position
-augroup vimrc-remember-cursor-position
- autocmd!
- autocmd BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
-augroup END
-
-"" txt
-" augroup vimrc-wrapping
-" autocmd!
-" autocmd BufRead,BufNewFile *.txt call s:setupWrapping()
-" augroup END
-
-"" make/cmake
-augroup vimrc-make-cmake
- autocmd!
- autocmd FileType make setlocal noexpandtab
- autocmd BufNewFile,BufRead CMakeLists.txt setlocal filetype=cmake
-augroup END
-
-set autoread
-
-"*****************************************************************************
-"" Mappings
-"*****************************************************************************
-
-" Split
-noremap <Leader>h :<C-u>split<CR>
-noremap <Leader>v :<C-u>vsplit<CR>
-
-" Git
-noremap <Leader>ga :Gwrite<CR>
-noremap <Leader>gc :Gcommit<CR>
-noremap <Leader>gsh :Gpush<CR>
-noremap <Leader>gll :Gpull<CR>
-noremap <Leader>gs :Gstatus<CR>
-noremap <Leader>gb :Gblame<CR>
-noremap <Leader>gd :Gvdiff<CR>
-noremap <Leader>gr :Gremove<CR>
-
-" Tabs
-nnoremap <Tab> gt
-nnoremap <S-Tab> gT
-nnoremap <silent> <S-t> :tabnew<CR>
-
-" Set working directory
-nnoremap <leader>. :lcd %:p:h<CR>
-
-" Opens an edit command with the path of the currently edited file filled in
-noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
-
-" Opens a tab edit command with the path of the currently edited file filled
-noremap <Leader>te :tabe <C-R>=expand("%:p:h") . "/" <CR>
-
-" Tagbar
-nmap <silent> <F3> :TagbarToggle<CR>
-let g:tagbar_autofocus = 1
-
-" Copy/Paste/Cut
-set clipboard^=unnamed,unnamedplus
-
-noremap YY "+y<CR>
-noremap <leader>p "+gP<CR>
-noremap XX "+x<CR>
-
-" Enable mouse for vim
-set mouse=a
-
-" Buffer nav
-noremap <leader>z :bp<CR>
-noremap <leader>q :bp<CR>
-noremap <leader>x :bn<CR>
-noremap <leader>w :bn<CR>
-
-" Close buffer
-noremap <leader>c :bd<CR>
-
-" Clean search (highlight)
-nnoremap <silent> <leader><space> :noh<cr>
-
-" Switching windows
-noremap <C-j> <C-w>j
-noremap <C-k> <C-w>k
-noremap <C-l> <C-w>l
-noremap <C-h> <C-w>h
-
-" Vmap for maintain Visual Mode after shifting > and <
-vmap < <gv
-vmap > >gv
-
-" Move visual block
-vnoremap J :m '>+1<CR>gv=gv
-vnoremap K :m '<-2<CR>gv=gv
-
-" Open current line on GitHub
-nnoremap <Leader>o :.Gbrowse<CR>
-
-
-" Save on strg+s if not in paste mode
-nmap <c-s> :w<CR>
-vmap <c-s> <Esc><c-s>gv
-imap <c-s> <Esc><c-s>
-
-" Quit on strg+q in normal mode
-nnoremap <c-q> :q<cr>
-
-" Strg+d to replace word under cursor
-nnoremap <c-d> :%s/\<<C-r><C-w>\>//g<Left><Left>
-
-" Strg+f ro find word under cursor
-nnoremap <c-f> :/<C-r><C-w><Left><Left>
-
-" Remove unneccessary spaces
-nnoremap <silent> <F5> :let _s=@/ <Bar> :%s/\s\+$//e <Bar> :let @/=_s <Bar> :nohl <Bar> :unlet _s <CR>
-
-" Reindent whole file with F6
-map <F6> mzgg=G`z
-
-" Toggle location list
-nmap <silent> <F4> :call ToggleList("Quickfix List", 'c')<CR>
-
-" Replacing text in visual mode doesn't copy it anymore
-xmap p <Plug>ReplaceWithRegisterVisual
-xmap <MiddleMouse> <Plug>ReplaceWithRegisterVisual
-
-" ALE mappings
-nmap <Leader>i <Plug>(ale_hover)
-nmap <Leader>d <Plug>(ale_go_to_definition_in_tab)
-nmap <Leader>rf <Plug>(ale_find_references)
-nmap <silent><F7> <Plug>(ale_fix)
-
-" Vim-Go mappings
-au FileType go nmap <Leader>i :GoDoc<cr>
-au FileType go nmap <Leader>d :GoDef<cr>
-au FileType go nmap <Leader>rf :GoReferrers<cr>
-
-
-"" Opens an edit command with the path of the currently edited file filled in
-noremap <Leader>e :e <C-R>=expand("%:p:h") . "/" <CR>
-
-" Use tab for navigatin in autocompletion window
-inoremap <expr> <Tab> pumvisible() ? "\<C-n>" : "\<Tab>"
-inoremap <expr> <S-Tab> pumvisible() ? "\<C-p>" : "\<S-Tab>"
-
-
-"*****************************************************************************
-"" Plugin settings
-"*****************************************************************************
-
-" vim-airline
-set statusline+=%{fugitive#statusline()}
-let g:airline_theme = 'powerlineish'
-let g:airline#extensions#syntastic#enabled = 1
-let g:airline#extensions#branch#enabled = 1
-let g:airline#extensions#tabline#enabled = 1
-let g:airline#extensions#tagbar#enabled = 1
-let g:airline_skip_empty_sections = 1
-let g:airline#extensions#ale#enabled = 1
-
-" show indent lines
-let g:indent_guides_enable_on_vim_startup = 1
-let g:indent_guides_auto_colors = 0
-hi IndentGuidesOdd ctermbg=235
-hi IndentGuidesEven ctermbg=235
-let g:indent_guides_guide_size = 1
-let g:indent_guides_start_level = 2
-
-" Enable autocompletion
-let g:deoplete#enable_at_startup = 1
-set completeopt-=preview
-
-" Ale no preview on hover
-let g:ale_close_preview_on_insert = 0
-let g:ale_cursor_detail = 0
-
-" Ale skip if file size over 2G
-let g:ale_maximum_file_size = "2147483648"
-
-" Ale to loclist and quickfix
-let g:ale_set_quickfix = 1
-" let g:ale_set_loclist = 1
-
-
-" Ale language server
-let g:ale_linters = {
- \ 'python': ['pyls'],
- \ 'c': ['cquery'],
- \ 'cpp': ['cquery'],
- \ 'xml': ['xmllint']
- \ }
-
-
-" ALE fixers
-let g:ale_fixers = { '*': ['remove_trailing_lines', 'trim_whitespace'] }
-let g:ale_fixers.python = ['black']
-let g:ale_fixers.go = ['gofmt']
-let g:ale_fixers.c = ['clang-format']
-let g:ale_fixers.cpp = ['clang-format']
-let g:ale_fixers.json = ['jq']
-let g:ale_fixers.xml = ['xmllint']
-
-let g:ale_completion_enabled = 1
-let g:ale_sign_error = '⤫'
-let g:ale_sign_warning = '⚠'
-let g:ale_lint_on_insert_leave = 1
-
-" Vim-Go Settings
-let g:go_auto_sameids = 1
-let g:go_fmt_command = "goimports"
-let g:go_auto_type_info = 1
-
-" Disable syntastic for langserver supported languages
-let g:syntastic_mode_map = {
- \ "mode": "active",
- \ "passive_filetypes": ["go", "python", "c", "cpp", "xml" ]
- \ }
-let g:syntastic_always_populate_loc_list = 1
-let g:syntastic_auto_loc_list = 2
-let g:syntastic_aggregate_errors = 1
-let g:syntastic_check_on_open = 1
-let g:syntastic_check_on_wq = 0
-let g:syntastic_error_symbol='✗'
-let g:syntastic_warning_symbol='⚠'
-let g:syntastic_style_error_symbol = '✗'
-let g:syntastic_style_warning_symbol = '⚠'
-
-"*****************************************************************************
-"" Shortcuts overview
-"*****************************************************************************
-" Shortcuts overview
-" F1 --> Filetree find
-" F2 --> Filetree toggle
-" F3 --> Function overview
-" F4 --> Toggle error bar
-
-" F5 --> Remove trailing whitespaces
-" F6 --> Reindent whole file
-" F7 --> Format and lint file
-" ,i --> Information about function
-" ,d --> Jump to definition
-" ,r --> Rename in all occurences
-" ,rf --> Find references of function/variable
-" ,e --> Change current file
-" ,te --> Open file in new tab
-" strg+f --> Find current selected word
-" strg+d --> Replace current selected word
-" strg+s --> Save file
-" strg+q --> Close current file
-" space+, --> Stop highlighting words after search
-
diff --git a/mb/2configs/nvim.nix b/mb/2configs/nvim.nix
deleted file mode 100644
index a8e4173e2..000000000
--- a/mb/2configs/nvim.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ pkgs, config, ... }: let
- #unstable = import <nixos-unstable> { };
-in
-
-{
- environment.variables = {
- EDITOR = ["nvim"];
- };
-
- nixpkgs.config.packageOverrides = pkgs: with pkgs;{
- neovim_custom = neovim.override {
- configure = {
- customRC = builtins.readFile ./neovimrc;
-
- packages.myVimPackage = with pkgs.vimPlugins;
- {
- # loaded on launch
- start = [
- nerdtree # file manager
- commentary # comment stuff out based on language
- fugitive # full git integration
- vim-airline-themes # lean & mean status/tabline
- vim-airline # status bar
- gitgutter # git diff in the gutter (sign column)
- vim-trailing-whitespace # trailing whitspaces in red
- tagbar # F3 function overview
- syntastic # Fallback to singlethreaded but huge syntax support
- ReplaceWithRegister # For better copying/replacing
- polyglot # Language pack
- vim-indent-guides # for displaying indent levels
- ale # threaded language client
- vim-go # go linting
- deoplete-go # go autocompletion completion
- deoplete-nvim # general autocompletion
- molokai # color scheme
- ];
-
- # manually loadable by calling `:packadd $plugin-name`
- opt = [];
- };
- };
- };
- };
-
- environment.systemPackages = with pkgs; [
- ctags
- neovim_custom
- jq # For fixing json files
- xxd # .bin files will be displayed with xxd
- shellcheck # Shell linting
- ansible-lint # Ansible linting
- unzip # To vim into unzipped files
- nodePackages.jsonlint # json linting
- #python36Packages.python-language-server # python linting
- #python36Packages.pyls-mypy # Python static type checker
- #python36Packages.black # Python code formatter
- #python37Packages.yamllint # For linting yaml files
- #python37Packages.libxml2 # For fixing yaml files
- cquery # C/C++ support
- clang-tools # C++ fixer
- ];
-
- fonts = {
- fonts = with pkgs; [
- font-awesome_5
- ];
- };
-
-}
-
diff --git a/mb/2configs/qemu-guest.nix b/mb/2configs/qemu-guest.nix
deleted file mode 100644
index 315d04093..000000000
--- a/mb/2configs/qemu-guest.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-# Common configuration for virtual machines running under QEMU (using
-# virtio).
-
-{ ... }:
-
-{
- boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ];
- boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
-
- boot.initrd.postDeviceCommands =
- ''
- # Set the system time from the hardware clock to work around a
- # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised
- # to the *boot time* of the host).
- hwclock -s
- '';
-
- security.rngd.enable = false;
-}
diff --git a/mb/2configs/retiolum.nix b/mb/2configs/retiolum.nix
deleted file mode 100644
index 5a87d52af..000000000
--- a/mb/2configs/retiolum.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
- krebs.iptables = {
- tables = {
- filter.INPUT.rules = let
- tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
- in [
- { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
- ];
- };
- };
-
- krebs.tinc.retiolum = {
- enableLegacy = true;
- enable = true;
- connectTo = [
- "prism"
- "gum"
- "ni"
- ];
- };
-
- nixpkgs.config.packageOverrides = pkgs: {
- tinc = pkgs.tinc_pre;
- };
-
- environment.systemPackages = [
- pkgs.tinc
- ];
-}
diff --git a/mb/2configs/tests/dummy-secrets/retiolum.rsa b/mb/2configs/tests/dummy-secrets/retiolum.rsa
deleted file mode 100644
index 99a4033f6..000000000
--- a/mb/2configs/tests/dummy-secrets/retiolum.rsa
+++ /dev/null
@@ -1,4 +0,0 @@
-
------BEGIN RSA PRIVATE KEY-----
-this is a private key
------END RSA PRIVATE KEY-----
diff --git a/mb/3modules/default.nix b/mb/3modules/default.nix
deleted file mode 100644
index 99d09d4ec..000000000
--- a/mb/3modules/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-_:
-{
- imports = [
- ./hosts.nix
- ];
-}
diff --git a/mb/3modules/hosts.nix b/mb/3modules/hosts.nix
deleted file mode 100644
index 5dc9b5ca4..000000000
--- a/mb/3modules/hosts.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ config, ... }:
-
-with import <stockholm/lib>;
-
-{
- options.mb.hosts = mkOption {
- type = types.attrsOf types.host;
- default =
- filterAttrs (_: host: host.owner.name == "mb" && host.ci)
- config.krebs.hosts;
- };
-}
diff --git a/mb/5pkgs/default.nix b/mb/5pkgs/default.nix
deleted file mode 100644
index 3fa5b5e85..000000000
--- a/mb/5pkgs/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-with import <stockholm/lib>;
-
-self: super:
-
-# Import files and subdirectories like they are overlays.
-foldl' mergeAttrs {}
- (map
- (name: import (./. + "/${name}") self super)
- (filter
- (name: name != "default.nix" && !hasPrefix "." name)
- (attrNames (readDir ./.))))
diff --git a/mb/default.nix b/mb/default.nix
deleted file mode 100644
index 0bec0c2c2..000000000
--- a/mb/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ config, pkgs, ... }:
-{
- imports = [
- ../krebs
- ./2configs
- ./3modules
- ];
- nixpkgs.config.packageOverrides = import ./5pkgs pkgs;
- krebs.tinc.retiolum.privkey = {
- source-path = toString <secrets> + "/${config.krebs.tinc.retiolum.netname}.rsa";
- path = "${config.krebs.tinc.retiolum.user.home}/tinc.rsa_key.priv";
- owner = config.krebs.tinc.retiolum.user;
- };
-}
diff --git a/mb/krops.nix b/mb/krops.nix
deleted file mode 100644
index cb9ab3fdb..000000000
--- a/mb/krops.nix
+++ /dev/null
@@ -1,54 +0,0 @@
-{ name }: let
- inherit (import ../krebs/krops.nix { inherit name; })
- krebs-source
- lib
- pkgs
- ;
-
- host-source = if lib.pathExists (./. + "/1systems/${name}/source.nix") then
- import (./. + "/1systems/${name}/source.nix") { inherit lib pkgs; }
- else
- {}
- ;
-
- source = { test }: lib.evalSource ([
- (krebs-source { test = test; })
- {
- nixos-config.symlink = "stockholm/mb/1systems/${name}/configuration.nix";
- nixpkgs-unstable.git = {
- url = "https://github.com/nixos/nixpkgs-channels";
- ref = "nixos-unstable";
- };
- secrets = if test then {
- file = toString ./2configs/tests/dummy-secrets;
- } else {
- pass = {
- dir = "${lib.getEnv "HOME"}/.password-store";
- name = "hosts/${name}";
- };
- };
- }
- ] ++ (lib.optional (! test) host-source));
-
-in {
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
- deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeDeploy "${name}-deploy" {
- source = source { test = false; };
- inherit target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A populate)
- populate = { target, force ? false }: pkgs.populate {
- inherit force;
- source = source { test = false; };
- target = lib.mkTarget target;
- };
-
- # usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
- test = { target }: pkgs.krops.writeTest "${name}-test" {
- force = true;
- inherit target;
- source = source { test = true; };
- };
-}
From 0d404b0c1e25ede892fc856bf8c619ead35c6863 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Nov 2019 18:48:13 +0100
Subject: [PATCH 37/67] newsbot-js: fix build on 19.09
---
.gitmodules | 3 -
krebs/5pkgs/simple/newsbot-js/default.nix | 8 +-
.../5pkgs/simple/newsbot-js/node-packages.nix | 461 ++++++++----------
krebs/5pkgs/simple/newsbot-js/update.sh | 4 +-
4 files changed, 204 insertions(+), 272 deletions(-)
diff --git a/.gitmodules b/.gitmodules
index 15d1b41de..5b4336510 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,6 +7,3 @@
[submodule "lass/5pkgs/autowifi"]
path = lass/5pkgs/autowifi
url = https://github.com/Lassulus/autowifi
-[submodule "lass/5pkgs/--force"]
- path = lass/5pkgs/--force
- url = https://github.com/Lassulus/autowifi
diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix
index 055e6b476..0ac66f433 100644
--- a/krebs/5pkgs/simple/newsbot-js/default.nix
+++ b/krebs/5pkgs/simple/newsbot-js/default.nix
@@ -1,11 +1,11 @@
-{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs, icu }:
+{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs, pkgs, icu }:
with lib;
let
nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> {
inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile;
- nodejs = nodejs-12_x;
+ nodejs = nodejs;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
};
@@ -36,7 +36,7 @@ in stdenv.mkDerivation {
];
buildInputs = [
- nodejs-12_x
+ nodejs
makeWrapper
];
@@ -45,7 +45,7 @@ in stdenv.mkDerivation {
cp newsbot.js $out/
cat > $out/newsbot << EOF
- ${nodejs-12_x}/bin/node $out/newsbot.js
+ ${nodejs}/bin/node $out/newsbot.js
EOF
chmod +x $out/newsbot
diff --git a/krebs/5pkgs/simple/newsbot-js/node-packages.nix b/krebs/5pkgs/simple/newsbot-js/node-packages.nix
index d6b2a06dd..ea45b93f3 100644
--- a/krebs/5pkgs/simple/newsbot-js/node-packages.nix
+++ b/krebs/5pkgs/simple/newsbot-js/node-packages.nix
@@ -1,4 +1,4 @@
-# This file has been generated by node2nix 1.5.3. Do not edit!
+# This file has been generated by node2nix 1.7.0. Do not edit!
{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}:
@@ -13,22 +13,13 @@ let
sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746";
};
};
- "ajv-5.5.2" = {
+ "ajv-6.10.2" = {
name = "ajv";
packageName = "ajv";
- version = "5.5.2";
+ version = "6.10.2";
src = fetchurl {
- url = "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz";
- sha1 = "73b5eeca3fab653e3d3f9422b341ad42205dc965";
- };
- };
- "array-filter-0.0.1" = {
- name = "array-filter";
- packageName = "array-filter";
- version = "0.0.1";
- src = fetchurl {
- url = "https://registry.npmjs.org/array-filter/-/array-filter-0.0.1.tgz";
- sha1 = "7da8cf2e26628ed732803581fd21f67cacd2eeec";
+ url = "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz";
+ sha512 = "TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw==";
};
};
"array-indexofobject-0.0.1" = {
@@ -40,31 +31,13 @@ let
sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a";
};
};
- "array-map-0.0.0" = {
- name = "array-map";
- packageName = "array-map";
- version = "0.0.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/array-map/-/array-map-0.0.0.tgz";
- sha1 = "88a2bab73d1cf7bcd5c1b118a003f66f665fa662";
- };
- };
- "array-reduce-0.0.0" = {
- name = "array-reduce";
- packageName = "array-reduce";
- version = "0.0.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/array-reduce/-/array-reduce-0.0.0.tgz";
- sha1 = "173899d3ffd1c7d9383e4479525dbe278cab5f2b";
- };
- };
- "asn1-0.2.3" = {
+ "asn1-0.2.4" = {
name = "asn1";
packageName = "asn1";
- version = "0.2.3";
+ version = "0.2.4";
src = fetchurl {
- url = "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz";
- sha1 = "dac8787713c9966849fc8180777ebe9c1ddf3b86";
+ url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz";
+ sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==";
};
};
"assert-plus-1.0.0" = {
@@ -94,40 +67,22 @@ let
sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8";
};
};
- "aws4-1.6.0" = {
+ "aws4-1.8.0" = {
name = "aws4";
packageName = "aws4";
- version = "1.6.0";
+ version = "1.8.0";
src = fetchurl {
- url = "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz";
- sha1 = "83ef5ca860b2b32e4a0deedee8c771b9db57471e";
+ url = "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz";
+ sha512 = "ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ==";
};
};
- "bcrypt-pbkdf-1.0.1" = {
+ "bcrypt-pbkdf-1.0.2" = {
name = "bcrypt-pbkdf";
packageName = "bcrypt-pbkdf";
- version = "1.0.1";
+ version = "1.0.2";
src = fetchurl {
- url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz";
- sha1 = "63bc5dcb61331b92bc05fd528953c33462a06f8d";
- };
- };
- "boom-4.3.1" = {
- name = "boom";
- packageName = "boom";
- version = "4.3.1";
- src = fetchurl {
- url = "https://registry.npmjs.org/boom/-/boom-4.3.1.tgz";
- sha1 = "4f8a3005cb4a7e3889f749030fd25b96e01d2e31";
- };
- };
- "boom-5.2.0" = {
- name = "boom";
- packageName = "boom";
- version = "5.2.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/boom/-/boom-5.2.0.tgz";
- sha512 = "19h20yqpvca08dns1rs4f057f10w63v0snxfml4h5khsk266x3x1im0w72bza4k2xn0kfz6jlv001dhcvxsjr09bmbqnysils9m7437";
+ url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz";
+ sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e";
};
};
"caseless-0.12.0" = {
@@ -139,22 +94,13 @@ let
sha1 = "1b681c21ff84033c826543090689420d187151dc";
};
};
- "co-4.6.0" = {
- name = "co";
- packageName = "co";
- version = "4.6.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/co/-/co-4.6.0.tgz";
- sha1 = "6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184";
- };
- };
- "combined-stream-1.0.6" = {
+ "combined-stream-1.0.8" = {
name = "combined-stream";
packageName = "combined-stream";
- version = "1.0.6";
+ version = "1.0.8";
src = fetchurl {
- url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz";
- sha1 = "723e7df6e801ac5613113a7e445a9b69cb632818";
+ url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz";
+ sha512 = "FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==";
};
};
"core-util-is-1.0.2" = {
@@ -166,15 +112,6 @@ let
sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7";
};
};
- "cryptiles-3.1.2" = {
- name = "cryptiles";
- packageName = "cryptiles";
- version = "3.1.2";
- src = fetchurl {
- url = "https://registry.npmjs.org/cryptiles/-/cryptiles-3.1.2.tgz";
- sha1 = "a89fbb220f5ce25ec56e8c4aa8a4fd7b5b0d29fe";
- };
- };
"dashdash-1.14.1" = {
name = "dashdash";
packageName = "dashdash";
@@ -193,22 +130,22 @@ let
sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619";
};
};
- "ecc-jsbn-0.1.1" = {
+ "ecc-jsbn-0.1.2" = {
name = "ecc-jsbn";
packageName = "ecc-jsbn";
- version = "0.1.1";
+ version = "0.1.2";
src = fetchurl {
- url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz";
- sha1 = "0fc73a9ed5f0d53c38193398523ef7e543777505";
+ url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz";
+ sha1 = "3a83a904e54353287874c564b7549386849a98c9";
};
};
- "extend-3.0.1" = {
+ "extend-3.0.2" = {
name = "extend";
packageName = "extend";
- version = "3.0.1";
+ version = "3.0.2";
src = fetchurl {
- url = "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz";
- sha1 = "a755ea7bc1adfcc5a31ce7e762dbaadc5e636444";
+ url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz";
+ sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==";
};
};
"extsprintf-1.3.0" = {
@@ -220,13 +157,13 @@ let
sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05";
};
};
- "fast-deep-equal-1.1.0" = {
+ "fast-deep-equal-2.0.1" = {
name = "fast-deep-equal";
packageName = "fast-deep-equal";
- version = "1.1.0";
+ version = "2.0.1";
src = fetchurl {
- url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.1.0.tgz";
- sha1 = "c053477817c86b51daa853c81e059b733d023614";
+ url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz";
+ sha1 = "7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49";
};
};
"fast-json-stable-stringify-2.0.0" = {
@@ -247,13 +184,13 @@ let
sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91";
};
};
- "form-data-2.3.2" = {
+ "form-data-2.3.3" = {
name = "form-data";
packageName = "form-data";
- version = "2.3.2";
+ version = "2.3.3";
src = fetchurl {
- url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz";
- sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099";
+ url = "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz";
+ sha512 = "1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==";
};
};
"getpass-0.1.7" = {
@@ -274,31 +211,13 @@ let
sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92";
};
};
- "har-validator-5.0.3" = {
+ "har-validator-5.1.3" = {
name = "har-validator";
packageName = "har-validator";
- version = "5.0.3";
+ version = "5.1.3";
src = fetchurl {
- url = "https://registry.npmjs.org/har-validator/-/har-validator-5.0.3.tgz";
- sha1 = "ba402c266194f15956ef15e0fcf242993f6a7dfd";
- };
- };
- "hawk-6.0.2" = {
- name = "hawk";
- packageName = "hawk";
- version = "6.0.2";
- src = fetchurl {
- url = "https://registry.npmjs.org/hawk/-/hawk-6.0.2.tgz";
- sha512 = "1nl2hjr2mnhj5jlaz8mh54z7acwz5j5idkch04qgjk78756gw5d0fjk4a2immil5ij9ijdssb9ndpryvnh2xpcbgcjv8lxybn330als";
- };
- };
- "hoek-4.2.1" = {
- name = "hoek";
- packageName = "hoek";
- version = "4.2.1";
- src = fetchurl {
- url = "https://registry.npmjs.org/hoek/-/hoek-4.2.1.tgz";
- sha512 = "1y8kprb3qldxqj31zai5n8dvhydsl9nn5w4rskhnbzzhldn6pm6n5lcyam3sfkb61a62d5m58k8im7z6ngwbd9cw9zp4zm4y7ckrf20";
+ url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz";
+ sha512 = "sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==";
};
};
"http-signature-1.2.0" = {
@@ -319,22 +238,22 @@ let
sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed";
};
};
- "inherits-2.0.3" = {
+ "inherits-2.0.4" = {
name = "inherits";
packageName = "inherits";
- version = "2.0.3";
+ version = "2.0.4";
src = fetchurl {
- url = "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz";
- sha1 = "633c2c83e3da42a502f52466022480f4208261de";
+ url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz";
+ sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==";
};
};
- "irc-colors-1.4.2" = {
+ "irc-colors-1.5.0" = {
name = "irc-colors";
packageName = "irc-colors";
- version = "1.4.2";
+ version = "1.5.0";
src = fetchurl {
- url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.4.2.tgz";
- sha512 = "0f75yhavbhr8lbh3lh83rvyfrrrcxjawnd2rz7sacjd3zxj5524xr28j66f2l11vlngdkbplxz5xsq9dnwrcyqa0jh64k2pvzhn17a1";
+ url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.5.0.tgz";
+ sha512 = "HtszKchBQTcqw1DC09uD7i7vvMayHGM1OCo6AHt5pkgZEyo99ClhHTMJdf+Ezc9ovuNNxcH89QfyclGthjZJOw==";
};
};
"is-typedarray-1.0.0" = {
@@ -382,13 +301,13 @@ let
sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13";
};
};
- "json-schema-traverse-0.3.1" = {
+ "json-schema-traverse-0.4.1" = {
name = "json-schema-traverse";
packageName = "json-schema-traverse";
- version = "0.3.1";
+ version = "0.4.1";
src = fetchurl {
- url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz";
- sha1 = "349a6d44c53a51de89b40805c5d5e59b417d3340";
+ url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz";
+ sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==";
};
};
"json-stringify-safe-5.0.1" = {
@@ -400,15 +319,6 @@ let
sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb";
};
};
- "jsonify-0.0.0" = {
- name = "jsonify";
- packageName = "jsonify";
- version = "0.0.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz";
- sha1 = "2c74b6ee41d93ca51b7b5aaee8f503631d252a73";
- };
- };
"jsprim-1.4.1" = {
name = "jsprim";
packageName = "jsprim";
@@ -454,40 +364,40 @@ let
sha1 = "d0225373aeb652adc1bc82e4945339a842754773";
};
};
- "mime-db-1.33.0" = {
+ "mime-db-1.42.0" = {
name = "mime-db";
packageName = "mime-db";
- version = "1.33.0";
+ version = "1.42.0";
src = fetchurl {
- url = "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz";
- sha512 = "36xnw59ik9fqym00cmwb5nyzg0l03k70cp413f7639j93wgmzk1mh0xjc7i6zz3r6k9xnwh0g5cm5a1f3y8c6plgy4qld7fm887ywh4";
+ url = "https://registry.npmjs.org/mime-db/-/mime-db-1.42.0.tgz";
+ sha512 = "UbfJCR4UAVRNgMpfImz05smAXK7+c+ZntjaA26ANtkXLlOe947Aag5zdIcKQULAiF9Cq4WxBi9jUs5zkA84bYQ==";
};
};
- "mime-types-2.1.18" = {
+ "mime-types-2.1.25" = {
name = "mime-types";
packageName = "mime-types";
- version = "2.1.18";
+ version = "2.1.25";
src = fetchurl {
- url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz";
- sha512 = "22krj1kw7n9z10zdyx7smcaim4bzwqsqzhspwha06q58gcrxfp93hw2cd0vk5crhq5p2dwzqlpacg32lrmp5sjzb798zdzy35mdmkwm";
+ url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.25.tgz";
+ sha512 = "5KhStqB5xpTAeGqKBAMgwaYMnQik7teQN4IAzC7npDv6kzeU6prfkR67bc87J1kWMPGkoaZSq1npmexMgkmEVg==";
};
};
- "mri-1.1.0" = {
+ "mri-1.1.4" = {
name = "mri";
packageName = "mri";
- version = "1.1.0";
+ version = "1.1.4";
src = fetchurl {
- url = "https://registry.npmjs.org/mri/-/mri-1.1.0.tgz";
- sha1 = "5c0a3f29c8ccffbbb1ec941dcec09d71fa32f36a";
+ url = "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz";
+ sha512 = "6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w==";
};
};
- "nan-2.10.0" = {
+ "nan-2.14.0" = {
name = "nan";
packageName = "nan";
- version = "2.10.0";
+ version = "2.14.0";
src = fetchurl {
- url = "https://registry.npmjs.org/nan/-/nan-2.10.0.tgz";
- sha512 = "349rr7x0djrlkav4gbhkg355852ingn965r0kkch8rr4cwp7qki9676zpq8cq988yszzd2hld6szsbbnd1v6rghzf11abn1nyzlj1vc";
+ url = "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz";
+ sha512 = "INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg==";
};
};
"node-icu-charset-detector-0.2.0" = {
@@ -499,13 +409,13 @@ let
sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639";
};
};
- "oauth-sign-0.8.2" = {
+ "oauth-sign-0.9.0" = {
name = "oauth-sign";
packageName = "oauth-sign";
- version = "0.8.2";
+ version = "0.9.0";
src = fetchurl {
- url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz";
- sha1 = "46a6ab7f0aead8deae9ec0565780b7d4efeb9d43";
+ url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz";
+ sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==";
};
};
"performance-now-2.1.0" = {
@@ -517,13 +427,22 @@ let
sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b";
};
};
- "process-nextick-args-2.0.0" = {
+ "process-nextick-args-2.0.1" = {
name = "process-nextick-args";
packageName = "process-nextick-args";
- version = "2.0.0";
+ version = "2.0.1";
src = fetchurl {
- url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz";
- sha512 = "0rw8xpqqkhs91722slvzf8icxfaimqp4w8zb3840jxr7r8n8035byl6dhdi5bm0yr6x7sdws0gf3m025fg6hqgaklwlbl4d7bah5l9j";
+ url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz";
+ sha512 = "3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==";
+ };
+ };
+ "psl-1.4.0" = {
+ name = "psl";
+ packageName = "psl";
+ version = "1.4.0";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/psl/-/psl-1.4.0.tgz";
+ sha512 = "HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw==";
};
};
"punycode-1.4.1" = {
@@ -535,13 +454,22 @@ let
sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e";
};
};
- "qs-6.5.1" = {
+ "punycode-2.1.1" = {
+ name = "punycode";
+ packageName = "punycode";
+ version = "2.1.1";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz";
+ sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==";
+ };
+ };
+ "qs-6.5.2" = {
name = "qs";
packageName = "qs";
- version = "6.5.1";
+ version = "6.5.2";
src = fetchurl {
- url = "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz";
- sha512 = "3waqapyj1k4g135sgj636rmswiaixq19is1rw0rpv4qp6k7dl0a9nwy06m7yl5lbdk9p6xpwwngnggbzlzaz6rh11c86j2nvnnf273r";
+ url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz";
+ sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==";
};
};
"readable-stream-2.3.6" = {
@@ -550,16 +478,34 @@ let
version = "2.3.6";
src = fetchurl {
url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz";
- sha512 = "0mj9b6190amln9rg89x5pq2n195s3v0gzicpdamv1kbabg69aw5m71l34jsjn7bqil7405l6l35x9ijnb3h4jz5vx2i00l8sl1ll2xm";
+ sha512 = "tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==";
};
};
- "safe-buffer-5.1.1" = {
+ "safe-buffer-5.1.2" = {
name = "safe-buffer";
packageName = "safe-buffer";
- version = "5.1.1";
+ version = "5.1.2";
src = fetchurl {
- url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz";
- sha512 = "1p28rllll1w65yzq5azi4izx962399xdsdlfbaynn7vmp981hiss05jhiy9hm7sbbfk3b4dhlcv0zy07fc59mnc07hdv6wcgqkcvawh";
+ url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz";
+ sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==";
+ };
+ };
+ "safe-buffer-5.2.0" = {
+ name = "safe-buffer";
+ packageName = "safe-buffer";
+ version = "5.2.0";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz";
+ sha512 = "fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg==";
+ };
+ };
+ "safer-buffer-2.1.2" = {
+ name = "safer-buffer";
+ packageName = "safer-buffer";
+ version = "2.1.2";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz";
+ sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==";
};
};
"sax-1.2.4" = {
@@ -568,25 +514,16 @@ let
version = "1.2.4";
src = fetchurl {
url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz";
- sha512 = "1dn291mjsda42w8kldlbmngk6dhjxfbvvd5lckyqmwbjaj6069iq3wx0nvcfglwnpddz2qa93lzf4hv77iz43bd2qixa079sjzl799n";
+ sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==";
};
};
- "sntp-2.1.0" = {
- name = "sntp";
- packageName = "sntp";
- version = "2.1.0";
- src = fetchurl {
- url = "https://registry.npmjs.org/sntp/-/sntp-2.1.0.tgz";
- sha512 = "0k2smmr24w5hb1cpql6vcgh58vzp4pmh9anf0bgz3arlsgq1mapnlq9fjqr6xs10aq1cmxaw987fwknqi62frax0fvs9bj3q3kmpg8l";
- };
- };
- "sshpk-1.14.1" = {
+ "sshpk-1.16.1" = {
name = "sshpk";
packageName = "sshpk";
- version = "1.14.1";
+ version = "1.16.1";
src = fetchurl {
- url = "https://registry.npmjs.org/sshpk/-/sshpk-1.14.1.tgz";
- sha1 = "130f5975eddad963f1d56f92b9ac6c51fa9f83eb";
+ url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz";
+ sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==";
};
};
"string_decoder-1.1.1" = {
@@ -595,25 +532,16 @@ let
version = "1.1.1";
src = fetchurl {
url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz";
- sha512 = "315yd4vzwrwk3vwj1klf46y1cj2jbvf88066y2rnwhksb98phj46jkxixbwsp3h607w7czy7cby522s7sx8mvspdpdm3s72y2ga3x4z";
+ sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==";
};
};
- "stringstream-0.0.5" = {
- name = "stringstream";
- packageName = "stringstream";
- version = "0.0.5";
- src = fetchurl {
- url = "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz";
- sha1 = "4e484cd4de5a0bbbee18e46307710a8a81621878";
- };
- };
- "tough-cookie-2.3.4" = {
+ "tough-cookie-2.4.3" = {
name = "tough-cookie";
packageName = "tough-cookie";
- version = "2.3.4";
+ version = "2.4.3";
src = fetchurl {
- url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz";
- sha512 = "0ncm6j3cjq1f26mzjf04k9bkw1b08w53s4qa3a11c1bdj4pgnqv1422c1xs5jyy6y1psppjx52fhagq5zkjkgrcpdkxcdiry96r77jd";
+ url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz";
+ sha512 = "Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ==";
};
};
"tunnel-agent-0.6.0" = {
@@ -634,6 +562,15 @@ let
sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64";
};
};
+ "uri-js-4.2.2" = {
+ name = "uri-js";
+ packageName = "uri-js";
+ version = "4.2.2";
+ src = fetchurl {
+ url = "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz";
+ sha512 = "KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==";
+ };
+ };
"util-deprecate-1.0.2" = {
name = "util-deprecate";
packageName = "util-deprecate";
@@ -643,13 +580,13 @@ let
sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf";
};
};
- "uuid-3.2.1" = {
+ "uuid-3.3.3" = {
name = "uuid";
packageName = "uuid";
- version = "3.2.1";
+ version = "3.3.3";
src = fetchurl {
- url = "https://registry.npmjs.org/uuid/-/uuid-3.2.1.tgz";
- sha512 = "0843vl1c974n8kw5kn0kvhvhwk8y8jydr0xkwwl2963xxmkw4ingk6xj9c8m48jw2i95giglxzq5aw5v5mij9kv7fzln8pxav1cr6cd";
+ url = "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz";
+ sha512 = "pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ==";
};
};
"verror-1.10.0" = {
@@ -676,16 +613,16 @@ in
sources."addressparser-1.0.1"
sources."array-indexofobject-0.0.1"
sources."core-util-is-1.0.2"
- sources."inherits-2.0.3"
+ sources."inherits-2.0.4"
sources."isarray-1.0.0"
sources."lodash.assign-4.2.0"
sources."lodash.get-4.4.2"
sources."lodash.has-4.5.2"
sources."lodash.uniq-4.5.0"
- sources."mri-1.1.0"
- sources."process-nextick-args-2.0.0"
+ sources."mri-1.1.4"
+ sources."process-nextick-args-2.0.1"
sources."readable-stream-2.3.6"
- sources."safe-buffer-5.1.1"
+ sources."safe-buffer-5.1.2"
sources."sax-1.2.4"
sources."string_decoder-1.1.1"
sources."util-deprecate-1.0.2"
@@ -698,29 +635,32 @@ in
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
form-data = nodeEnv.buildNodePackage {
name = "form-data";
packageName = "form-data";
- version = "2.3.2";
+ version = "3.0.0";
src = fetchurl {
- url = "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz";
- sha1 = "4970498be604c20c005d4f5c23aecd21d6b49099";
+ url = "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz";
+ sha512 = "CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg==";
};
dependencies = [
sources."asynckit-0.4.0"
- sources."combined-stream-1.0.6"
+ sources."combined-stream-1.0.8"
sources."delayed-stream-1.0.0"
- sources."mime-db-1.33.0"
- sources."mime-types-2.1.18"
+ sources."mime-db-1.42.0"
+ sources."mime-types-2.1.25"
];
buildInputs = globalBuildInputs;
meta = {
description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.";
+ homepage = "https://github.com/form-data/form-data#readme";
license = "MIT";
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
irc = nodeEnv.buildNodePackage {
name = "irc";
@@ -732,8 +672,8 @@ in
};
dependencies = [
sources."iconv-2.2.3"
- sources."irc-colors-1.4.2"
- sources."nan-2.10.0"
+ sources."irc-colors-1.5.0"
+ sources."nan-2.14.0"
sources."node-icu-charset-detector-0.2.0"
];
buildInputs = globalBuildInputs;
@@ -744,69 +684,66 @@ in
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
request = nodeEnv.buildNodePackage {
name = "request";
packageName = "request";
- version = "2.85.0";
+ version = "2.88.0";
src = fetchurl {
- url = "https://registry.npmjs.org/request/-/request-2.85.0.tgz";
- sha512 = "2d3hg10zs5ycnr8prmiwdhacf88fl0x0bi6szs0z2r07zcbk419laixwpjp8sqapbc2ifyyih7p3r60wgr58bmcncz3pqnx523c8zph";
+ url = "https://registry.npmjs.org/request/-/request-2.88.0.tgz";
+ sha512 = "NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg==";
};
dependencies = [
- sources."ajv-5.5.2"
- sources."asn1-0.2.3"
+ sources."ajv-6.10.2"
+ sources."asn1-0.2.4"
sources."assert-plus-1.0.0"
sources."asynckit-0.4.0"
sources."aws-sign2-0.7.0"
- sources."aws4-1.6.0"
- sources."bcrypt-pbkdf-1.0.1"
- sources."boom-4.3.1"
+ sources."aws4-1.8.0"
+ sources."bcrypt-pbkdf-1.0.2"
sources."caseless-0.12.0"
- sources."co-4.6.0"
- sources."combined-stream-1.0.6"
+ sources."combined-stream-1.0.8"
sources."core-util-is-1.0.2"
- (sources."cryptiles-3.1.2" // {
- dependencies = [
- sources."boom-5.2.0"
- ];
- })
sources."dashdash-1.14.1"
sources."delayed-stream-1.0.0"
- sources."ecc-jsbn-0.1.1"
- sources."extend-3.0.1"
+ sources."ecc-jsbn-0.1.2"
+ sources."extend-3.0.2"
sources."extsprintf-1.3.0"
- sources."fast-deep-equal-1.1.0"
+ sources."fast-deep-equal-2.0.1"
sources."fast-json-stable-stringify-2.0.0"
sources."forever-agent-0.6.1"
- sources."form-data-2.3.2"
+ sources."form-data-2.3.3"
sources."getpass-0.1.7"
sources."har-schema-2.0.0"
- sources."har-validator-5.0.3"
- sources."hawk-6.0.2"
- sources."hoek-4.2.1"
+ sources."har-validator-5.1.3"
sources."http-signature-1.2.0"
sources."is-typedarray-1.0.0"
sources."isstream-0.1.2"
sources."jsbn-0.1.1"
sources."json-schema-0.2.3"
- sources."json-schema-traverse-0.3.1"
+ sources."json-schema-traverse-0.4.1"
sources."json-stringify-safe-5.0.1"
sources."jsprim-1.4.1"
- sources."mime-db-1.33.0"
- sources."mime-types-2.1.18"
- sources."oauth-sign-0.8.2"
+ sources."mime-db-1.42.0"
+ sources."mime-types-2.1.25"
+ sources."oauth-sign-0.9.0"
sources."performance-now-2.1.0"
- sources."punycode-1.4.1"
- sources."qs-6.5.1"
- sources."safe-buffer-5.1.1"
- sources."sntp-2.1.0"
- sources."sshpk-1.14.1"
- sources."stringstream-0.0.5"
- sources."tough-cookie-2.3.4"
+ sources."psl-1.4.0"
+ sources."punycode-2.1.1"
+ sources."qs-6.5.2"
+ sources."safe-buffer-5.2.0"
+ sources."safer-buffer-2.1.2"
+ sources."sshpk-1.16.1"
+ (sources."tough-cookie-2.4.3" // {
+ dependencies = [
+ sources."punycode-1.4.1"
+ ];
+ })
sources."tunnel-agent-0.6.0"
sources."tweetnacl-0.14.5"
- sources."uuid-3.2.1"
+ sources."uri-js-4.2.2"
+ sources."uuid-3.3.3"
sources."verror-1.10.0"
];
buildInputs = globalBuildInputs;
@@ -817,28 +754,24 @@ in
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
shell-quote = nodeEnv.buildNodePackage {
name = "shell-quote";
packageName = "shell-quote";
- version = "1.6.1";
+ version = "1.7.2";
src = fetchurl {
- url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.6.1.tgz";
- sha1 = "f4781949cce402697127430ea3b3c5476f481767";
+ url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz";
+ sha512 = "mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg==";
};
- dependencies = [
- sources."array-filter-0.0.1"
- sources."array-map-0.0.0"
- sources."array-reduce-0.0.0"
- sources."jsonify-0.0.0"
- ];
buildInputs = globalBuildInputs;
meta = {
description = "quote and parse shell commands";
- homepage = "https://github.com/substack/node-shell-quote#readme";
+ homepage = https://github.com/substack/node-shell-quote;
license = "MIT";
};
production = true;
bypassCache = true;
+ reconstructLock = true;
};
}
\ No newline at end of file
diff --git a/krebs/5pkgs/simple/newsbot-js/update.sh b/krebs/5pkgs/simple/newsbot-js/update.sh
index 0c1ecc58c..ee7e43f1a 100755
--- a/krebs/5pkgs/simple/newsbot-js/update.sh
+++ b/krebs/5pkgs/simple/newsbot-js/update.sh
@@ -1,2 +1,4 @@
-node2nix -8 -i pkgs.json -c combine.nix
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p nodePackages.node2nix
+node2nix -12 -i pkgs.json -c combine.nix
rm node-env.nix combine.nix
From aa341e428a489133061a3e898ed6a93a5c290b54 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Nov 2019 23:46:08 +0100
Subject: [PATCH 38/67] l codimd: remove deprecated override
---
lass/2configs/codimd.nix | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
index b2d44d135..e55090de9 100644
--- a/lass/2configs/codimd.nix
+++ b/lass/2configs/codimd.nix
@@ -1,18 +1,6 @@
{ config, pkgs, lib, ... }:
with import <stockholm/lib>;
-let
-
- nixpkgs_pre_node_10_17 = import (pkgs.fetchFromGitHub {
- owner = "nixos";
- repo = "nixpkgs";
- rev = "81f4c491afbc8f0fe994ef946b1ac61cf1261577";
- sha256 = "0xvawrd9nq3ybvq2pdp5gyi8gygf0yimgp0bx1xggq6l8mvgrj71";
- }) {};
-in {
- nixpkgs.config.packageOverrides = pkgs: {
- codimd = nixpkgs_pre_node_10_17.codimd;
- };
-
+{
services.nginx.virtualHosts.codimd = {
enableACME = true;
addSSL = true;
From d48d88dab343088fb765adced8bbb862a81a8d14 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 25 Nov 2019 08:48:14 +0100
Subject: [PATCH 39/67] ma shack/prometheus: import alerting-rules from
mayflower
see: https://github.com/mayflower/nixexprs/blob/master/modules/monitoring/alert-rules.nix
---
.../2configs/shack/prometheus/alert-rules.nix | 102 ++++++++++++++++++
krebs/2configs/shack/prometheus/server.nix | 90 ++--------------
2 files changed, 108 insertions(+), 84 deletions(-)
create mode 100644 krebs/2configs/shack/prometheus/alert-rules.nix
diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix
new file mode 100644
index 000000000..096c551ba
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/alert-rules.nix
@@ -0,0 +1,102 @@
+{ lib }:
+with lib;
+
+let
+ deviceFilter = ''device!="ramfs",device!="rpc_pipefs",device!="lxcfs",device!="nsfs",device!="borgfs"'';
+in mapAttrsToList (name: opts: {
+ alert = name;
+ expr = opts.condition;
+ for = opts.time or "2m";
+ labels = if (opts.page or true) then { severity = "page"; } else {};
+ annotations = {
+ summary = opts.summary;
+ description = opts.description;
+ };
+}) {
+ node_down = {
+ condition = ''up{job="node"} == 0'';
+ summary = "{{$labels.alias}}: Node is down.";
+ description = "{{$labels.alias}} has been down for more than 2 minutes.";
+ };
+ node_systemd_service_failed = {
+ condition = ''node_systemd_unit_state{state="failed"} == 1'';
+ summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.";
+ description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}.";
+ };
+ node_filesystem_full_80percent = {
+ condition = ''sort(node_filesystem_free_bytes{${deviceFilter}} < node_filesystem_size_bytes{${deviceFilter}} * 0.2) / 1024^3'';
+ time = "10m";
+ summary = "{{$labels.alias}}: Filesystem is running out of space soon.";
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 20% space left on its filesystem.";
+ };
+ node_filesystem_full_in_7d = {
+ condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[2d], 7*24*3600) <= 0'';
+ time = "1h";
+ summary = "{{$labels.alias}}: Filesystem is running out of space in 7 days.";
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 7 days";
+ };
+ node_filesystem_full_in_30d = {
+ condition = ''predict_linear(node_filesystem_free_bytes{${deviceFilter}}[30d], 30*24*3600) <= 0'';
+ time = "1h";
+ summary = "{{$labels.alias}}: Filesystem is running out of space in 30 days.";
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 30 days";
+ };
+ node_filedescriptors_full_in_3h = {
+ condition = ''predict_linear(node_filefd_allocated[3h], 3*3600) >= node_filefd_maximum'';
+ time = "20m";
+ summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.";
+ description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours";
+ };
+ node_filedescriptors_full_in_7d = {
+ condition = ''predict_linear(node_filefd_allocated[7d], 7*24*3600) >= node_filefd_maximum'';
+ time = "1h";
+ summary = "{{$labels.alias}} is running out of available file descriptors in 7 days.";
+ description = "{{$labels.alias}} is running out of available file descriptors in approx. 7 days";
+ };
+ node_load15 = {
+ condition = ''node_load15 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 1.0'';
+ time = "10m";
+ summary = "{{$labels.alias}}: Running on high load: {{$value}}";
+ description = "{{$labels.alias}} is running with load15 > 1 for at least 5 minutes: {{$value}}";
+ };
+ node_ram_using_90percent = {
+ condition = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
+ time = "1h";
+ summary = "{{$labels.alias}}: Using lots of RAM.";
+ description = "{{$labels.alias}} is using at least 90% of its RAM for at least 1 hour.";
+ };
+ node_swap_using_30percent = {
+ condition = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.3";
+ time = "30m";
+ summary = "{{$labels.alias}}: Using more than 30% of its swap.";
+ description = "{{$labels.alias}} is using 30% of its swap space for at least 30 minutes.";
+ };
+ node_visible_confluence_space = {
+ condition = "node_visible_confluence_space != 0";
+ summary = "crowd prometheus cann see the {{$labels.space_name}} confluence space!";
+ description = "crowd user `prometheus` can see the `{{$labels.space_name}}` confluence space.";
+ };
+ node_hwmon_temp = {
+ condition = "node_hwmon_temp_celsius > node_hwmon_temp_crit_celsius*0.9 OR node_hwmon_temp_celsius > node_hwmon_temp_max_celsius*0.95";
+ time = "5m";
+ summary = "{{$labels.alias}}: Sensor {{$labels.sensor}}/{{$labels.chip}} temp is high: {{$value}} ";
+ description = "{{$labels.alias}} reports hwmon sensor {{$labels.sensor}}/{{$labels.chip}} temperature value is nearly critical: {{$value}}";
+ };
+ node_conntrack_limit = {
+ condition = "node_nf_conntrack_entries_limit - node_nf_conntrack_entries < 1000";
+ time = "5m";
+ summary = "{{$labels.alias}}: Number of tracked connections high";
+ description = "{{$labels.alias}} has only {{$value}} free slots for connection tracking available.";
+ };
+ node_reboot = {
+ condition = "time() - node_boot_time_seconds < 300";
+ summary = "{{$labels.alias}}: Reboot";
+ description = "{{$labels.alias}} just rebooted.";
+ };
+ node_uptime = {
+ condition = "time() - node_boot_time_seconds > 2592000";
+ page = false;
+ summary = "{{$labels.alias}}: Uptime monster";
+ description = "{{$labels.alias}} has been up for more than 30 days.";
+ };
+}
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
index 7f6f38610..f5d2e7640 100644
--- a/krebs/2configs/shack/prometheus/server.nix
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -28,90 +28,12 @@
"-storage.local.index-cache-size.label-name-to-label-values 2097152"
"-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
];
- rules = [
- ''
- ALERT node_down
- IF up == 0
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Node is down.",
- description = "{{$labels.alias}} has been down for more than 5 minutes."
- }
- ALERT node_systemd_service_failed
- IF node_systemd_unit_state{state="failed"} == 1
- FOR 4m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
- description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
- }
- ALERT node_filesystem_full_90percent
- IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
- }
- ALERT node_filesystem_full_in_4h
- IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
- FOR 5m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
- description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
- }
- ALERT node_filedescriptors_full_in_3h
- IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
- FOR 20m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
- description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
- }
- ALERT node_load1_90percent
- IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
- FOR 1h
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: Running on high load.",
- description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
- }
- ALERT node_cpu_util_90percent
- IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
- FOR 1h
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary = "{{$labels.alias}}: High CPU utilization.",
- description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
- }
- ALERT node_ram_using_90percent
- IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
- FOR 30m
- LABELS {
- severity="page"
- }
- ANNOTATIONS {
- summary="{{$labels.alias}}: Using lots of RAM.",
- description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
- }
- ''
- ];
+ ruleFiles = lib.singleton (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON {
+ groups = lib.singleton {
+ name = "mf-alerting-rules";
+ rules = import ./alert-rules.nix { inherit lib; };
+ };
+ }));
scrapeConfigs = [
{
job_name = "node";
From 4908f1f4ebb77640acf0150f400a25188f906911 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 25 Nov 2019 12:32:12 +0100
Subject: [PATCH 40/67] gitlab-ci: add puyak deployment
---
.gitlab-ci.yml | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fb273c932..3ff991aa4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,13 +11,14 @@ before_script:
- ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts
# import secret key for secrets
- echo "$secrets_gpg_key" | gpg --import
-wolf deployment test:
+deployment test:
stage: test
script:
- GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
- test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337
- git submodule update --init
- $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test)
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target /tmp -A test)
nix-shell test:
stage: test
script:
@@ -34,7 +35,6 @@ wolf deployment:
- git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
- git submodule update --init
- ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts
- # TODO, hostname wolf cannot be resolved
- $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy)
only:
changes:
@@ -42,6 +42,20 @@ wolf deployment:
- krebs/**/*
- lib/**/*
- .gitmodules
+puyak deployment:
+ stage: deploy
+ script:
+ - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
+ - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
+ - git submodule update --init
+ - ssh-keyscan -H 'puyak.shack' >> ~/.ssh/known_hosts
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name puyak --argstr target puyak.shack -A deploy)
+ only:
+ changes:
+ - .gitlab-ci.yml
+ - krebs/**/*
+ - lib/**/*
+ - .gitmodules
nur-packages makefu:
stage: deploy
script:
From 71d782a50a52f1db917aabec71ce924bd7416904 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 25 Nov 2019 13:26:32 +0100
Subject: [PATCH 41/67] shack: streamline ssh-key deployment onto puyak and
wolf
---
krebs/1systems/puyak/config.nix | 7 +------
krebs/1systems/wolf/config.nix | 10 ++--------
krebs/2configs/shack/ssh-keys.nix | 10 ++++++++++
3 files changed, 13 insertions(+), 14 deletions(-)
create mode 100644 krebs/2configs/shack/ssh-keys.nix
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 6493c6df4..a20f6929e 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -13,6 +13,7 @@
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/news.nix>
<stockholm/krebs/2configs/news-spam.nix>
+ <stockholm/krebs/2configs/shack/ssh-keys.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
@@ -81,12 +82,6 @@
echo level disengaged > /proc/acpi/ibm/fan
'';
- # to access vorstand vm
- users.users.root.openssh.authorizedKeys.keys = [
- config.krebs.users.ulrich.pubkey
- config.krebs.users.raute.pubkey
- ];
-
users.users.joerg = {
openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ];
isNormalUser = true;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index e87b7bb99..059e09ac1 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -16,6 +16,7 @@ in
# handle the worlddomination map via coap
<stockholm/krebs/2configs/shack/worlddomination.nix>
+ <stockholm/krebs/2configs/shack/ssh-keys.nix>
# drivedroid.shack for shackphone
<stockholm/krebs/2configs/shack/drivedroid.nix>
@@ -117,14 +118,6 @@ in
fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; };
- users.extraUsers.root.openssh.authorizedKeys.keys = [
- config.krebs.users."0x4A6F".pubkey
- config.krebs.users.ulrich.pubkey
- config.krebs.users.raute.pubkey
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
- ];
-
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
@@ -137,6 +130,7 @@ in
enable = true;
wideArea = false;
};
+
environment.systemPackages = [ pkgs.avahi ];
}
diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix
new file mode 100644
index 000000000..9c7f507f1
--- /dev/null
+++ b/krebs/2configs/shack/ssh-keys.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+ users.users.root.openssh.authorizedKeys.keys = [
+ config.krebs.users."0x4A6F".pubkey
+ config.krebs.users.ulrich.pubkey
+ config.krebs.users.raute.pubkey
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
+ ];
+}
From dc75a54cfb8b431e9ea43be6dc7207fd77f54c2f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 27 Nov 2019 09:52:53 +0100
Subject: [PATCH 42/67] krebs exim-smarthost: RIP slash16
---
krebs/2configs/exim-smarthost.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index 698e20da1..224a38ac3 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -15,13 +15,12 @@ in {
makefu
tv
];
- eloop-ml = spam-ml ++ [ ciko ];
+ eloop-ml = spam-ml;
spam-ml = [
lass
makefu
tv
];
- ciko.mail = "ciko@slash16.net";
in {
"anmeldung@eloop.org" = eloop-ml;
"brain@krebsco.de" = brain-ml;
From 7dff5292e959ac977939273101c84dd39f3cb86d Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Fri, 29 Nov 2019 13:42:44 +0100
Subject: [PATCH 43/67] krops: 1.17.0 -> 1.18.0
---
submodules/krops | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/submodules/krops b/submodules/krops
index 2dc172530..53dfb30af 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit 2dc172530965ea4f1ead8ff166004c5734daee1f
+Subproject commit 53dfb30af324408c34fc7f664a05992e186ca4e9
From 001acc5a523db45414ebfdca808e308f027e39b5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 29 Nov 2019 13:43:27 +0100
Subject: [PATCH 44/67] ma iso: add justdoit,target-config.nix
---
makefu/1systems/iso/config.nix | 30 ++--
makefu/1systems/iso/justdoit.nix | 128 ++++++++++++++++++
makefu/1systems/iso/target-config.nix | 40 ++++++
...re-download.nix => dl.euer.krebsco.de.nix} | 0
4 files changed, 189 insertions(+), 9 deletions(-)
create mode 100644 makefu/1systems/iso/justdoit.nix
create mode 100644 makefu/1systems/iso/target-config.nix
rename makefu/2configs/nginx/{share-download.nix => dl.euer.krebsco.de.nix} (100%)
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
index fdf203d5b..6c4f62310 100644
--- a/makefu/1systems/iso/config.nix
+++ b/makefu/1systems/iso/config.nix
@@ -3,20 +3,32 @@
with import <stockholm/lib>;
{
imports = [
- <stockholm/makefu>
+ #<stockholm/makefu>
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
- <stockholm/makefu/2configs/tools/core.nix>
+ # <stockholm/makefu/2configs/tools/core.nix>
+ ./justdoit.nix
+ {
+ kexec.justdoit = {
+ # bootSize = 512;
+ rootDevice = "/dev/sdb";
+ swapSize = 1024;
+ bootType = "vfat";
+ luksEncrypt = true;
+ uefi = true;
+ };
+ }
];
+ boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
- # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
- krebs.build.host = { cores = 0; };
+ # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
+ #krebs.build.host = { cores = 0; };
isoImage.isoBaseName = lib.mkForce "stockholm";
- krebs.hidden-ssh.enable = true;
- environment.systemPackages = with pkgs; [
- aria2
- ddrescue
- ];
+ #krebs.hidden-ssh.enable = true;
+ # environment.systemPackages = with pkgs; [
+ # aria2
+ # ddrescue
+ # ];
environment.extraInit = ''
EDITOR=vim
'';
diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix
new file mode 100644
index 000000000..7947953f9
--- /dev/null
+++ b/makefu/1systems/iso/justdoit.nix
@@ -0,0 +1,128 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+let
+ cfg = config.kexec.justdoit;
+ x = if cfg.nvme then "p" else "";
+in {
+ options = {
+ kexec.justdoit = {
+ rootDevice = mkOption {
+ type = types.str;
+ default = "/dev/sda";
+ description = "the root block device that justdoit will nuke from orbit and force nixos onto";
+ };
+ bootSize = mkOption {
+ type = types.int;
+ default = 256;
+ description = "size of /boot in mb";
+ };
+ bootType = mkOption {
+ type = types.enum [ "ext4" "vfat" "zfs" ];
+ default = "ext4";
+ };
+ swapSize = mkOption {
+ type = types.int;
+ default = 1024;
+ description = "size of swap in mb";
+ };
+ poolName = mkOption {
+ type = types.str;
+ default = "tank";
+ description = "zfs pool name";
+ };
+ luksEncrypt = mkOption {
+ type = types.bool;
+ default = false;
+ description = "encrypt all of zfs and swap";
+ };
+ uefi = mkOption {
+ type = types.bool;
+ default = false;
+ description = "create a uefi install";
+ };
+ nvme = mkOption {
+ type = types.bool;
+ default = false;
+ description = "rootDevice is nvme";
+ };
+ };
+ };
+ config = let
+ mkBootTable = {
+ ext4 = "mkfs.ext4 $NIXOS_BOOT -L NIXOS_BOOT";
+ vfat = "mkfs.vfat $NIXOS_BOOT -n NIXOS_BOOT";
+ zfs = "";
+ };
+ in lib.mkIf true {
+ system.build.justdoit = pkgs.writeScriptBin "justdoit" ''
+ #!${pkgs.stdenv.shell}
+ set -e
+ vgchange -a n
+ wipefs -a ${cfg.rootDevice}
+ dd if=/dev/zero of=${cfg.rootDevice} bs=512 count=10000
+ sfdisk ${cfg.rootDevice} <<EOF
+ label: gpt
+ device: ${cfg.rootDevice}
+ unit: sectors
+ ${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"}
+ ${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"}
+ 2 : size=${toString (2048 * cfg.swapSize)}, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F
+ 3 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
+ EOF
+ ${if cfg.luksEncrypt then ''
+ cryptsetup luksFormat ${cfg.rootDevice}${x}2
+ cryptsetup open --type luks ${cfg.rootDevice}${x}2 swap
+ cryptsetup luksFormat ${cfg.rootDevice}${x}3
+ cryptsetup open --type luks ${cfg.rootDevice}${x}3 root
+ export ROOT_DEVICE=/dev/mapper/root
+ export SWAP_DEVICE=/dev/mapper/swap
+ '' else ''
+ export ROOT_DEVICE=${cfg.rootDevice}${x}3
+ export SWAP_DEVICE=${cfg.rootDevice}${x}2
+ ''}
+ ${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"}
+ mkdir -p /mnt
+ ${mkBootTable.${cfg.bootType}}
+ mkswap $SWAP_DEVICE -L NIXOS_SWAP
+ zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE
+ zfs create -o mountpoint=legacy ${cfg.poolName}/root
+ zfs create -o mountpoint=legacy ${cfg.poolName}/home
+ zfs create -o mountpoint=legacy ${cfg.poolName}/nix
+ swapon $SWAP_DEVICE
+ mount -t zfs ${cfg.poolName}/root /mnt/
+ mkdir /mnt/{home,nix,boot}
+ mount -t zfs ${cfg.poolName}/home /mnt/home/
+ mount -t zfs ${cfg.poolName}/nix /mnt/nix/
+ ${lib.optionalString (cfg.bootType != "zfs") "mount $NIXOS_BOOT /mnt/boot/"}
+ nixos-generate-config --root /mnt/
+ hostId=$(echo $(head -c4 /dev/urandom | od -A none -t x4))
+ cp ${./target-config.nix} /mnt/etc/nixos/configuration.nix
+ cat > /mnt/etc/nixos/generated.nix <<EOF
+ { ... }:
+ {
+ ${if cfg.uefi then ''
+ boot.loader.grub.efiInstallAsRemovable = true;
+ boot.loader.grub.efiSupport = true;
+ boot.loader.grub.device = "nodev";
+ '' else ''
+ boot.loader.grub.device = "${cfg.rootDevice}";
+ ''}
+ networking.hostId = "$hostId"; # required for zfs use
+ ${lib.optionalString cfg.luksEncrypt ''
+ boot.initrd.luks.devices = [
+ { name = "swap"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
+ { name = "root"; device = "${cfg.rootDevice}${x}3"; preLVM = true; }
+ ];
+ ''}
+ }
+ EOF
+ nixos-install
+ umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt
+ zpool export ${cfg.poolName}
+ swapoff $SWAP_DEVICE
+ '';
+ environment.systemPackages = [ config.system.build.justdoit ];
+ boot.supportedFilesystems = [ "zfs" ];
+ };
+}
diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix
new file mode 100644
index 000000000..ba4e3207b
--- /dev/null
+++ b/makefu/1systems/iso/target-config.nix
@@ -0,0 +1,40 @@
+{ ... }:
+
+{
+ imports = [ ./hardware-configuration.nix ./generated.nix ];
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+ boot.zfs.forceImportRoot = false;
+ boot.zfs.forceImportAll = false;
+ boot.kernelParams = [
+ "boot.shell_on_fail"
+ "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+ ];
+ users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
+ boot.tmpOnTmpfs = true;
+ programs.bash.enableCompletion = true;
+ services.journald.extraConfig = ''
+ SystemMaxUse=1G
+ RuntimeMaxUse=128M
+ '';
+
+ # minimal
+ programs.command-not-found.enable = false;
+ time.timeZone = "Europe/Berlin";
+ programs.ssh.startAgent = false;
+ nix.useSandbox = true;
+ users.mutableUsers = false;
+ networking.firewall.rejectPackets = true;
+ networking.firewall.allowPing = true;
+ services.openssh.enable = true;
+ i18n = {
+ consoleKeyMap = "us";
+ defaultLocale = "en_US.UTF-8";
+ };
+ boot.kernel.sysctl = {
+ "net.ipv6.conf.all.use_tempaddr" = 2;
+ "net.ipv6.conf.default.use_tempaddr" = 2;
+ };
+ services.nscd.enable = false;
+}
diff --git a/makefu/2configs/nginx/share-download.nix b/makefu/2configs/nginx/dl.euer.krebsco.de.nix
similarity index 100%
rename from makefu/2configs/nginx/share-download.nix
rename to makefu/2configs/nginx/dl.euer.krebsco.de.nix
From b025e28b42194cc6316596b954024b41abab81f5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 29 Nov 2019 14:11:18 +0100
Subject: [PATCH 45/67] ci: redownload all repos
---
krebs/3modules/ci.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix
index cbf24effe..7695667fd 100644
--- a/krebs/3modules/ci.nix
+++ b/krebs/3modules/ci.nix
@@ -135,6 +135,7 @@ let
f_${name} = util.BuildFactory()
f_${name}.addStep(steps.Git(
repourl=util.Property('repository', '${head repo.urls}'),
+ method='clobber',
mode='full',
submodules=True,
))
From 33d48ec6ee52374151a79a086e0f5d463f05cac7 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Dec 2019 16:16:17 +0100
Subject: [PATCH 46/67] bepasty-server use python3
---
krebs/3modules/bepasty-server.nix | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 4892a8723..ffa9a29e9 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -2,10 +2,10 @@
with import <stockholm/lib>;
let
- gunicorn = pkgs.python27Packages.gunicorn;
- bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; };
- gevent = pkgs.python27Packages.gevent;
- python = pkgs.python27Packages.python;
+ gunicorn = pkgs.python3Packages.gunicorn;
+ bepasty = pkgs.bepasty;
+ gevent = pkgs.python3Packages.gevent;
+ python = pkgs.python3Packages.python;
cfg = config.krebs.bepasty;
out = {
From 40572ba261cbd2d01ca18b2473834a4719255fd5 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Dec 2019 16:23:19 +0100
Subject: [PATCH 47/67] l: remove archprism
---
krebs/3modules/lass/default.nix | 38 ---------------------------------
1 file changed, 38 deletions(-)
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 30c7b085f..00847071a 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -111,44 +111,6 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
syncthing.id = "QITFKYQ-VEPIPL2-AZIXHMD-BBT62ML-YHSB35A-BSUIBXS-QYMPFHW-M7XN2QU";
};
- archprism = {
- cores = 1;
- nets = rec {
- internet = {
- ip4.addr = "46.4.114.247";
- aliases = [
- "archprism.i"
- ];
- ssh.port = 45621;
- };
- retiolum = {
- via = internet;
- ip4.addr = "10.243.0.123";
- aliases = [
- "archprism.r"
- ];
- tinc.pubkey = ''
- -----BEGIN PUBLIC KEY-----
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6dK0jsPSb7kWMGjfyWbG
- wQYYt8vi5pY/1/Ohk0iy84+mfb1SCJdm5IOC4WXgHtmfd468OluUpU5etAu13D3n
- f0iDeCuohH0uTjP+EojnKrAXYTiTRpySqXjVmhaWwFyMAACFdzKFb9cgMoByrP0U
- 5qruBcupK8Zwxt+Pe8IadRpPuOmz/bMYS7r+NKwybttoIX+YVm4myNzqdtMT77+H
- BYR2mzW99T5YI54YZoCe0+XiIEQsosd6IL/9dP0+6vku6nHLD4qb81Q9AgaT+hte
- s/ivHL+Fe2GULEQUi8aoEfXrPwnGFVY+QYxLw2G9A0Gfe9KnYBXDn99HXUGcFu2l
- x7duN6mnT3WNC6VReh9m5+rPMnih/3l82W0tH1lBWUtdKcxx6yhkyUFgKOvkm4UP
- gf1+EIpxf+bM7jlWylKGc+bD+dTMFV+tzHE6qHlcnzdZQrhYd0zjOXGnm4Kl1ec5
- GSlpmqTcjgR+42l6frAENo3fndqYw1WkDtswImDz3Wjuco7BiOULHTJvQN+Ao1DI
- l2MQDOWJoN4eYIE4XPqLSvdOSavHQB2WGv+dFDDpWOxnDLNi19aubtynIfpGJXxV
- L8s9kUTG00Hdv08BG06hGt0+2Sy1PTVniDcTftHKmEOPS6Y5rJzQih7JdakSUQCc
- 6j/HwgWTf85Io/tbVMTNtkECAwEAAQ==
- -----END PUBLIC KEY-----
- '';
- };
- };
- ssh.privkey.path = <secrets/ssh.id_ed25519>;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
- };
-
uriel = {
monitoring = false;
cores = 1;
From 5ad00a189b85f2deb9c7035f4b515a3b5733d382 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 1 Dec 2019 16:26:04 +0100
Subject: [PATCH 48/67] update-nixpkgs-unstable: fix commit msg
---
krebs/update-nixpkgs-unstable.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/update-nixpkgs-unstable.sh b/krebs/update-nixpkgs-unstable.sh
index 068da5f6f..592023f20 100755
--- a/krebs/update-nixpkgs-unstable.sh
+++ b/krebs/update-nixpkgs-unstable.sh
@@ -6,4 +6,4 @@ nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--rev refs/heads/nixos-unstable' \
> $dir/nixpkgs-unstable.json
newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
-git commit $dir/nixpkgs.json -m "nixpkgs-unstable: $oldrev -> $newrev"
+git commit $dir/nixpkgs-unstable.json -m "nixpkgs-unstable: $oldrev -> $newrev"
From 53fd88bcef4d0cd45de4c4d48e8e282f4b225cba Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 2 Dec 2019 01:11:37 +0100
Subject: [PATCH 49/67] iana-etc module: allow adding new services
This fixes a bug which only allowed modifying existing services.
---
krebs/3modules/iana-etc.nix | 40 +++++++++++++------------------------
1 file changed, 14 insertions(+), 26 deletions(-)
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
index f6d47f27e..e8037128d 100644
--- a/krebs/3modules/iana-etc.nix
+++ b/krebs/3modules/iana-etc.nix
@@ -23,32 +23,20 @@ with import <stockholm/lib>;
};
config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) {
- services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} ''
- exec < ${pkgs.iana_etc}/etc/services
- exec > $out
- awk -F '[ /]+' '
- BEGIN {
- port=0
- }
- ${concatMapStringsSep "\n" (entry: ''
- $2 == ${entry.port} {
- port=$2
- next
- }
- port == ${entry.port} {
- ${concatMapStringsSep "\n"
- (proto: let
- s = "${entry.${proto}.name} ${entry.port}/${proto}";
- in
- "print ${toJSON s}")
- (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
- port=0
- }
- '') (attrValues config.krebs.iana-etc.services)}
- {
- print $0
- }
- '
+ services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} /* sh */ ''
+ {
+ ${concatMapStringsSep "\n" (entry: /* sh */ ''
+ ${concatMapStringsSep "\n"
+ (proto: let
+ line = "${entry.${proto}.name} ${entry.port}/${proto}";
+ in /* sh */ ''
+ echo ${shell.escape line}
+ '')
+ (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
+ '') (attrValues config.krebs.iana-etc.services)}
+ cat ${pkgs.iana_etc}/etc/services
+ } |
+ sort -b -k 2,2 -u > $out
'');
};
From 37b0c5ae490bf94bf2e5df1502d0a284e3d60c37 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 2 Dec 2019 01:15:57 +0100
Subject: [PATCH 50/67] tv im: configs -> modules
---
tv/1systems/nomic/config.nix | 1 -
tv/2configs/im.nix | 24 ------------
tv/3modules/default.nix | 1 +
tv/3modules/im.nix | 72 ++++++++++++++++++++++++++++++++++++
4 files changed, 73 insertions(+), 25 deletions(-)
delete mode 100644 tv/2configs/im.nix
create mode 100644 tv/3modules/im.nix
diff --git a/tv/1systems/nomic/config.nix b/tv/1systems/nomic/config.nix
index a89f07e8a..86f9b7ec2 100644
--- a/tv/1systems/nomic/config.nix
+++ b/tv/1systems/nomic/config.nix
@@ -8,7 +8,6 @@ with import <stockholm/lib>;
<stockholm/tv/2configs/hw/x220.nix>
<stockholm/tv/2configs/exim-retiolum.nix>
<stockholm/tv/2configs/gitrepos.nix>
- <stockholm/tv/2configs/im.nix>
<stockholm/tv/2configs/mail-client.nix>
<stockholm/tv/2configs/nginx/public_html.nix>
<stockholm/tv/2configs/pulse.nix>
diff --git a/tv/2configs/im.nix b/tv/2configs/im.nix
deleted file mode 100644
index 82f1be042..000000000
--- a/tv/2configs/im.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-with import <stockholm/lib>;
-{
- environment.systemPackages = with pkgs; [
- (pkgs.writeDashBin "im" ''
- export PATH=${makeSearchPath "bin" (with pkgs; [
- tmux
- gnugrep
- weechat
- ])}
- if tmux list-sessions -F\#S | grep -q '^im''$'; then
- exec tmux attach -t im
- else
- exec tmux new -s im weechat
- fi
- '')
- ];
- services.bitlbee = {
- enable = true;
- plugins = [
- pkgs.bitlbee-facebook
- ];
- };
-}
diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix
index db2cdcd1f..5be1beef8 100644
--- a/tv/3modules/default.nix
+++ b/tv/3modules/default.nix
@@ -5,6 +5,7 @@
./ejabberd
./focus.nix
./hosts.nix
+ ./im.nix
./iptables.nix
./slock.nix
./x0vncserver.nix
diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix
new file mode 100644
index 000000000..830c4baef
--- /dev/null
+++ b/tv/3modules/im.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }: let
+ im = config.tv.im;
+ lib = import <stockholm/lib>;
+in {
+ options = {
+ tv.im.client.enable = lib.mkEnableOption "tv.im.client" // {
+ default = config.krebs.build.host.name == im.client.host.name;
+ };
+ tv.im.client.term = lib.mkOption {
+ default = "rxvt-unicode-256color";
+ type = lib.types.filename;
+ };
+ tv.im.client.useIPv6 = lib.mkEnableOption "tv.im.client.useIPv6" // {
+ default = true;
+ };
+ tv.im.client.host = lib.mkOption {
+ default = config.krebs.hosts.xu;
+ type = lib.types.host;
+ };
+ tv.im.client.user = lib.mkOption {
+ default = config.krebs.users.tv;
+ type = lib.types.user;
+ };
+
+ tv.im.server.enable = lib.mkEnableOption "tv.im.server" // {
+ default = config.krebs.build.host.name == im.server.host.name;
+ };
+ tv.im.server.host = lib.mkOption {
+ default = config.krebs.hosts.nomic;
+ type = lib.types.host;
+ };
+ tv.im.server.user = lib.mkOption {
+ default = config.krebs.users.tv;
+ type = lib.types.user;
+ };
+ };
+ imports = [
+ (lib.mkIf im.client.enable {
+ users.users.${im.client.user.name}.packages = [
+ (pkgs.writeDashBin "im" ''
+ exec ${pkgs.openssh}/bin/ssh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ -t \
+ im
+ '')
+ ];
+ })
+ (lib.mkIf im.server.enable {
+ services.bitlbee = {
+ enable = true;
+ plugins = [
+ pkgs.bitlbee-facebook
+ ];
+ };
+ users.users.${im.server.user.name}.packages = [
+ (pkgs.writeDashBin "im" ''
+ export PATH=${lib.makeSearchPath "bin" [
+ pkgs.tmux
+ pkgs.gnugrep
+ pkgs.weechat
+ ]}
+ if tmux list-sessions -F\#S | grep -q '^im''$'; then
+ exec tmux attach -t im
+ else
+ exec tmux new -s im weechat
+ fi
+ '')
+ ];
+ })
+ ];
+}
From 3a02da9677be9c200be3972e4c358a388a63e4fd Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 2 Dec 2019 01:27:22 +0100
Subject: [PATCH 51/67] tv im: add mosh support
---
tv/3modules/im.nix | 35 ++++++++++++++++++++++++++++++-----
1 file changed, 30 insertions(+), 5 deletions(-)
diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix
index 830c4baef..905b7803b 100644
--- a/tv/3modules/im.nix
+++ b/tv/3modules/im.nix
@@ -29,6 +29,9 @@ in {
default = config.krebs.hosts.nomic;
type = lib.types.host;
};
+ tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // {
+ default = true;
+ };
tv.im.server.user = lib.mkOption {
default = config.krebs.users.tv;
type = lib.types.user;
@@ -38,11 +41,18 @@ in {
(lib.mkIf im.client.enable {
users.users.${im.client.user.name}.packages = [
(pkgs.writeDashBin "im" ''
- exec ${pkgs.openssh}/bin/ssh \
- ${lib.optionalString im.client.useIPv6 "-6"} \
- ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
- -t \
- im
+ ${if im.server.mosh.enable then /* sh */ ''
+ exec ${pkgs.mosh}/bin/mosh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ env TERM=${im.client.term} im
+ '' else /* sh */ ''
+ exec ${pkgs.openssh}/bin/ssh \
+ ${lib.optionalString im.client.useIPv6 "-6"} \
+ ${im.server.user.name}@${lib.head im.server.host.nets.retiolum.aliases} \
+ -t \
+ im
+ ''}
'')
];
})
@@ -54,6 +64,7 @@ in {
];
};
users.users.${im.server.user.name}.packages = [
+ pkgs.mosh
(pkgs.writeDashBin "im" ''
export PATH=${lib.makeSearchPath "bin" [
pkgs.tmux
@@ -68,5 +79,19 @@ in {
'')
];
})
+ (lib.mkIf im.server.mosh.enable {
+ krebs.setuid.utempter = {
+ filename = "${pkgs.libutempter}/lib/utempter/utempter";
+ owner = "nobody";
+ group = "utmp";
+ mode = "2111";
+ };
+ tv.iptables.extra4.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip4.addr} -p udp --dport 60000:61000 -j ACCEPT"
+ ];
+ tv.iptables.extra6.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT"
+ ];
+ })
];
}
From 8878105178928069a09fd56c22523cb041b3dfa3 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 2 Dec 2019 01:29:07 +0100
Subject: [PATCH 52/67] tv im: add weechat relay support
---
tv/3modules/im.nix | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/tv/3modules/im.nix b/tv/3modules/im.nix
index 905b7803b..8cb137510 100644
--- a/tv/3modules/im.nix
+++ b/tv/3modules/im.nix
@@ -32,6 +32,8 @@ in {
tv.im.server.mosh.enable = lib.mkEnableOption "tv.im.server.mosh" // {
default = true;
};
+ tv.im.server.weechat.relay.enable =
+ lib.mkEnableOption "tv.im.server.weechat.relay";
tv.im.server.user = lib.mkOption {
default = config.krebs.users.tv;
type = lib.types.user;
@@ -93,5 +95,16 @@ in {
"-s ${im.client.host.nets.retiolum.ip6.addr} -p udp --dport 60000:61000 -j ACCEPT"
];
})
+ (lib.mkIf im.server.weechat.relay.enable {
+ krebs.iana-etc.services = {
+ "9001".tcp.name = "weechat-ssl";
+ };
+ tv.iptables.extra4.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip4.addr} -p tcp -m tcp --dport 9001 -j ACCEPT"
+ ];
+ tv.iptables.extra6.filter.Retiolum = [
+ "-s ${im.client.host.nets.retiolum.ip6.addr} -p tcp -m tcp --dport 9001 -j ACCEPT"
+ ];
+ })
];
}
From 9b79b05f3282d405dcd7f737c9424b11464ac3e1 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 2 Dec 2019 14:32:19 +0100
Subject: [PATCH 53/67] krops: 1.18.0 -> 1.18.1
---
submodules/krops | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/submodules/krops b/submodules/krops
index 53dfb30af..f2f8cbf1a 160000
--- a/submodules/krops
+++ b/submodules/krops
@@ -1 +1 @@
-Subproject commit 53dfb30af324408c34fc7f664a05992e186ca4e9
+Subproject commit f2f8cbf1afcb2c26d11e5f82c0b523b2cb10205c
From b7ca39ac003e76f8f912ed6a18c8342cec3ad3e4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:52:32 +0100
Subject: [PATCH 54/67] l blue.r: dont populate nixpkgs-unstable
---
lass/1systems/blue/source.nix | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix
index 1a98fc058..2b4158211 100644
--- a/lass/1systems/blue/source.nix
+++ b/lass/1systems/blue/source.nix
@@ -11,4 +11,7 @@
useChecksum = true;
};
});
+ nixpkgs-unstable = lib.mkForce {
+ file.path = "/var/empty";
+ };
}
From 7b9e4ac1425aea47b2ca8510db7a406b9712871a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:53:34 +0100
Subject: [PATCH 55/67] l hilum.r: mount nfs-dl
---
lass/1systems/hilum/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix
index f57d275d8..d4a389a4a 100644
--- a/lass/1systems/hilum/config.nix
+++ b/lass/1systems/hilum/config.nix
@@ -10,6 +10,7 @@
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/syncthing.nix>
+ <stockholm/lass/2configs/nfs-dl.nix>
];
krebs.build.host = config.krebs.hosts.hilum;
From 77dc0b8034999c6a060c785b8b74134a2c5b7555 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:54:07 +0100
Subject: [PATCH 56/67] l icarus.r: add media center
---
lass/1systems/icarus/config.nix | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 86727700f..46f0892a2 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
{
imports = [
<stockholm/lass>
@@ -21,6 +22,18 @@
<stockholm/lass/2configs/ssh-cryptsetup.nix>
];
+ #media center
+ users.users.media = {
+ isNormalUser = true;
+ uid = genid_uint31 "media";
+ extraGroups = [ "video" "audio" ];
+ };
+
+ services.xserver.displayManager.lightdm.autoLogin = {
+ enable = true;
+ user = "media";
+ };
+
krebs.build.host = config.krebs.hosts.icarus;
programs.adb.enable = true;
}
From 49af8cbd2f998ad945000ac863aca28748009c3e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:55:24 +0100
Subject: [PATCH 57/67] l prism.r: don't rebuild hotdog onchange
---
lass/1systems/prism/config.nix | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index f4c011dcf..3dd194436 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -110,14 +110,13 @@ with import <stockholm/lib>;
systemd.services."container@hotdog".reloadIfChanged = mkForce false;
containers.hotdog = {
config = { ... }: {
- imports = [ <stockholm/lass/2configs/rebuild-on-boot.nix> ];
environment.systemPackages = [ pkgs.git ];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
];
};
- autoStart = true;
+ autoStart = false;
enableTun = true;
privateNetwork = true;
hostAddress = "10.233.2.1";
From 48831924206127edf3771e9aa8f47b8dc96e8f66 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:56:06 +0100
Subject: [PATCH 58/67] l prism.r: merge palos keys
---
lass/1systems/prism/config.nix | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 3dd194436..a8d409d7f 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -264,13 +264,9 @@ with import <stockholm/lib>;
{
users.users.download.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout"
+ config.krebs.users.palo.pubkey
];
}
- {
- }
{
lass.nichtparasoup.enable = true;
services.nginx = {
From 79fce4068fb939077f2430baa27e6e55c9f65726 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:57:00 +0100
Subject: [PATCH 59/67] l prism.r: open udp for murmur
---
lass/1systems/prism/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index a8d409d7f..e7330c359 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -317,6 +317,7 @@ with import <stockholm/lib>;
services.murmur.registerName = "lassul.us";
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 64738"; target = "ACCEPT";}
+ { predicate = "-p udp --dport 64738"; target = "ACCEPT";}
];
}
From f33c977511d3bac5dbf2c6c6e84a1e508ca4aeb1 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:57:25 +0100
Subject: [PATCH 60/67] l prism.r: add flix endpoint
---
lass/1systems/prism/config.nix | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e7330c359..9028843dd 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -338,6 +338,19 @@ with import <stockholm/lib>;
localAddress = "10.233.2.14";
};
+ services.nginx.virtualHosts."lassul.us".locations."^~ /flix/".extraConfig = ''
+ if ($scheme != "https") {
+ rewrite ^ https://$host$request_uri permanent;
+ }
+ auth_basic "Restricted Content";
+ auth_basic_user_file ${pkgs.writeText "flix-user-pass" ''
+ krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
+ ''};
+ proxy_pass http://10.233.2.14:80/;
+ proxy_set_header Accept-Encoding "";
+ sub_filter "https://lassul.us/" "https://lassul.us/flix/";
+ sub_filter_once off;
+ '';
services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = ''
if ($scheme != "https") {
rewrite ^ https://$host$request_uri permanent;
From b4098f19780ba38ab20531ecdeee11a31f15030d Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:57:50 +0100
Subject: [PATCH 61/67] l prism.r: add transmission session id header
---
lass/1systems/prism/config.nix | 1 +
1 file changed, 1 insertion(+)
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 9028843dd..cde65ea6c 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -359,6 +359,7 @@ with import <stockholm/lib>;
auth_basic_user_file ${pkgs.writeText "transmission-user-pass" ''
krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0
''};
+ proxy_pass_header X-Transmission-Session-Id;
proxy_pass http://10.233.2.14:9091;
'';
From 03ce170299ec26808b56ea4c7490cd913c80203c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 2 Dec 2019 15:58:40 +0100
Subject: [PATCH 62/67] l shodan.r: add gg23 config
---
lass/1systems/shodan/config.nix | 79 +-----------------
lass/1systems/shodan/physical.nix | 1 +
lass/2configs/gg23.nix | 134 ++++++++++++++++++++++++++++++
3 files changed, 138 insertions(+), 76 deletions(-)
create mode 100644 lass/2configs/gg23.nix
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index ad510283f..b3de15837 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -18,14 +18,11 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/green-host.nix>
<stockholm/lass/2configs/ssh-cryptsetup.nix>
<stockholm/lass/2configs/nfs-dl.nix>
+ <stockholm/lass/2configs/gg23.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
-
#media center
users.users.media = {
isNormalUser = true;
@@ -38,77 +35,7 @@ with import <stockholm/lib>;
user = "media";
};
- #hass
- krebs.iptables.tables.filter.INPUT.rules = [
- { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; }
- # zerotierone
- { predicate = "-p udp --dport 9993"; target = "ACCEPT"; }
- ];
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchDocked = "ignore";
- services.home-assistant = let
- tasmota_s20 = name: topic: {
- platform = "mqtt";
- inherit name;
- state_topic = "stat/${topic}/POWER";
- command_topic = "cmnd/${topic}/POWER";
- payload_on = "ON";
- payload_off = "OFF";
- };
- in {
- enable = true;
- package = pkgs.home-assistant.override {
- python3 = pkgs.python36;
- #extraComponents = [
- # (pkgs.fetchgit {
- # url = "https://github.com/marcschumacher/dwd_pollen";
- # rev = "0.1";
- # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
- # })
- #];
- };
- config = {
- homeassistant = {
- name = "Home"; time_zone = "Europe/Berlin";
- latitude = "48.7687";
- longitude = "9.2478";
- elevation = 247;
- };
- sun.elevation = 66;
- discovery = {};
- frontend = { };
- mqtt = {
- broker = "localhost";
- port = 1883;
- client_id = "home-assistant";
- username = "gg23";
- password = "gg23-mqtt";
- keepalive = 60;
- protocol = 3.1;
- };
- sensor = [
- ];
- switch = [
- (tasmota_s20 "Drucker Strom" "drucker")
- (tasmota_s20 "Bett Licht" "bett")
- ];
- device_tracker = [
- {
- platform = "luci";
- }
- ];
- };
- };
-
- services.mosquitto = {
- enable = true;
- host = "0.0.0.0";
- allowAnonymous = false;
- checkPasswords = true;
- users.gg23 = {
- password = "gg23-mqtt";
- acl = [ "topic readwrite #" ];
- };
- };
- environment.systemPackages = [ pkgs.mosquitto ];
}
diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix
index 7cfeba932..39a4d9661 100644
--- a/lass/1systems/shodan/physical.nix
+++ b/lass/1systems/shodan/physical.nix
@@ -46,5 +46,6 @@
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0"
SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0"
+ SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0"
'';
}
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
new file mode 100644
index 000000000..2ec7b94d3
--- /dev/null
+++ b/lass/2configs/gg23.nix
@@ -0,0 +1,134 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+
+{
+ networking.networkmanager.unmanaged = [ "int0" ];
+ networking.interfaces.int0.ipv4.addresses = [{
+ address = "10.42.0.1";
+ prefixLength = 24;
+ }];
+
+ services.dhcpd4 = {
+ enable = true;
+ interfaces = [ "int0" ];
+ extraConfig = ''
+ option subnet-mask 255.255.255.0;
+ option routers 10.42.0.1;
+ option domain-name-servers 10.42.0.1;
+ subnet 10.42.0.0 netmask 255.255.255.0 {
+ range 10.42.0.100 10.42.0.200;
+ }
+ '';
+ machines = [
+ { ethernetAddress = "c8:3d:d4:2c:40:ae"; hostName = "tv"; ipAddress = "10.42.0.3"; }
+ { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; }
+ { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-bett"; ipAddress = "10.42.0.10"; }
+ { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; }
+ { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-kueche"; ipAddress = "10.42.0.12"; }
+ { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; }
+ { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; }
+ ];
+ };
+
+ services.dnsmasq = {
+ enable = true;
+ resolveLocalQueries = false;
+
+ extraConfig = ''
+ local=/gg23/
+ domain=gg23
+ expand-hosts
+ listen-address=10.42.0.1
+ interface=int0
+ '';
+ };
+
+ boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+ { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass
+ { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto
+ { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; }
+ { v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; }
+ { v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; }
+ ];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; precedence = 1000; }
+ ];
+ krebs.iptables.tables.nat.POSTROUTING.rules = [
+ { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; }
+ ];
+
+ services.home-assistant = let
+ tasmota_s20 = name: topic: {
+ platform = "mqtt";
+ inherit name;
+ state_topic = "stat/${topic}/POWER";
+ command_topic = "cmnd/${topic}/POWER";
+ payload_on = "ON";
+ payload_off = "OFF";
+ };
+ in {
+ enable = true;
+ package = pkgs.home-assistant.override {
+ python3 = pkgs.python36;
+ #extraComponents = [
+ # (pkgs.fetchgit {
+ # url = "https://github.com/marcschumacher/dwd_pollen";
+ # rev = "0.1";
+ # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p";
+ # })
+ #];
+ };
+ config = {
+ homeassistant = {
+ name = "Home"; time_zone = "Europe/Berlin";
+ latitude = "48.7687";
+ longitude = "9.2478";
+ elevation = 247;
+ };
+ sun.elevation = 66;
+ discovery = {};
+ frontend = { };
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ username = "gg23";
+ password = "gg23-mqtt";
+ keepalive = 60;
+ protocol = 3.1;
+ };
+ sensor = [
+ ];
+ switch = [
+ (tasmota_s20 "Drucker Strom" "drucker")
+ (tasmota_s20 "Bett Licht" "bett")
+ (tasmota_s20 "Kueche Licht" "kueche")
+ ];
+ device_tracker = [
+ {
+ platform = "luci";
+ }
+ ];
+ };
+ };
+
+ services.mosquitto = {
+ enable = true;
+ host = "0.0.0.0";
+ allowAnonymous = false;
+ checkPasswords = true;
+ users.gg23 = {
+ password = "gg23-mqtt";
+ acl = [ "topic readwrite #" ];
+ };
+ };
+ environment.systemPackages = [ pkgs.mosquitto ];
+
+}
+
From 96fab2da57b6b4bf862c05ea99df31139bde9b9a Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 7 Dec 2019 22:43:59 +0100
Subject: [PATCH 63/67] l br: set new ip
---
lass/2configs/br.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix
index e4ccffe23..6e0a2385c 100644
--- a/lass/2configs/br.nix
+++ b/lass/2configs/br.nix
@@ -19,7 +19,7 @@ with import <stockholm/lib>;
netDevices = {
bra = {
model = "MFCL2700DN";
- ip = "10.42.23.221";
+ ip = "10.42.0.4";
};
};
};
From 58031cd50f2f7c8f3b9713077bdc5829b092f4e4 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 8 Dec 2019 23:13:04 +0100
Subject: [PATCH 64/67] realwallpaper: use working cloudmap
---
krebs/3modules/realwallpaper.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index a0c00c20d..c09bb008d 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -29,7 +29,7 @@ let
cloudmap = mkOption {
type = types.str;
- default = "http://xplanetclouds.com/free/local/clouds_2048.jpg";
+ default = "http://home.megapass.co.kr/~holywatr/cloud_data/clouds_2048.jpg";
};
marker = mkOption {
From 46da29b95bd78f0229642547c25a3fff2686adaf Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Dec 2019 15:56:20 +0100
Subject: [PATCH 65/67] pkgs.tinc_graphs: bump to 3.11
---
krebs/5pkgs/simple/tinc_graphs/default.nix | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/krebs/5pkgs/simple/tinc_graphs/default.nix b/krebs/5pkgs/simple/tinc_graphs/default.nix
index 20bbc53ba..025e85df0 100644
--- a/krebs/5pkgs/simple/tinc_graphs/default.nix
+++ b/krebs/5pkgs/simple/tinc_graphs/default.nix
@@ -2,15 +2,17 @@
python3Packages.buildPythonPackage rec {
name = "tinc_graphs-${version}";
- version = "0.3.10";
+ version = "0.3.11";
+
propagatedBuildInputs = with pkgs;[
python3Packages.pygeoip
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
];
src = fetchurl {
url = "mirror://pypi/t/tinc_graphs/${name}.tar.gz";
- sha256 = "0f4cvb9424fhfmc0hbzmynzh9528fyhx00ayq1nbpgd1p89yw7mc";
+ sha256 = "0akvi2srwqny3cd4b9ghssq8wi4kcxd2khabnnvylzs1s9i28fpa";
};
+
preFixup = with pkgs;''
wrapProgram $out/bin/build-graphs --prefix PATH : "$out/bin"
wrapProgram $out/bin/all-the-graphs --prefix PATH : "${imagemagick}/bin:${graphviz}/bin:$out/bin"
From 4baf38fb30d416524768bb28bce5d384a96aff7c Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 14 Dec 2019 12:46:01 +0100
Subject: [PATCH 66/67] nixpkgs: 4ad6f14 -> 45ea609
---
krebs/nixpkgs.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index bb35a51b0..446f27007 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "4ad6f1404a8cd69a11f16edba09cc569e5012e42",
- "date": "2019-11-23T00:42:36+01:00",
- "sha256": "1pclh0hvma66g3yxrrh9rlzpscqk5ylypnmiczz1bwwrl8n21q3h",
+ "rev": "45ea60922036b7be302b95d107595f6eb5cd0675",
+ "date": "2019-12-10T12:38:05+01:00",
+ "sha256": "11wm7af6ab2979z8yrpcprb6d99kbrjq44a48ayi4a7c58a2xb6q",
"fetchSubmodules": false
}
From e2a43e1e30b635b85a79bedb3d40cd8a888a1d49 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 14 Dec 2019 12:47:00 +0100
Subject: [PATCH 67/67] nixpkgs-unstable: e89b215 -> 3140fa8
---
krebs/nixpkgs-unstable.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index d77432258..fa22e2747 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,7 +1,7 @@
{
"url": "https://github.com/NixOS/nixpkgs-channels",
- "rev": "e89b21504f3e61e535229afa0b121defb52d2a50",
- "date": "2019-11-19T07:59:43-05:00",
- "sha256": "0jqcv3rfki3mwda00g66d27k6q2y7ca5mslrnshfpbdm7j8ya0kj",
+ "rev": "3140fa89c51233397f496f49014f6b23216667c2",
+ "date": "2019-12-05T01:28:43+01:00",
+ "sha256": "18p0d5lnfvzsyfah02mf6bi249990pfwnylwhqdh8qi70ncrk3f8",
"fetchSubmodules": false
}