diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index 0317d1eca..bcd9da5ea 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -17,29 +17,57 @@ let
# see `repo-sync --help`
# `ref` provides sane defaults and can be omitted
+ # you can have multiple repo-sync groups and therefore multiple @latest
+ # configuration entries.
# attrset will be converted to json and be used as config
- { repo = {
+ # each attrset defines a group of repos for syncing
+
+ { nxpkgs = {
makefu = {
origin = {
- url = http://github.com/makefu/repo ;
+ url = http://github.com/makefu/nixpkgs;
ref = "heads/dev" ;
};
mirror = {
- url = "git@internal:mirror" ;
+ url = "git@internal:nixpkgs-mirror" ;
ref = "heads/github-mirror-dev" ;
};
};
lass = {
origin = {
- url = http://github.com/lass/repo ;
+ url = http://github.com/lass/nixpkgs;
};
mirror = {
- url = "git@internal:mirror" ;
+ url = "git@internal:nixpkgs-mirror" ;
};
};
"@latest" = {
mirror = {
- url = "git@internal:mirror";
+ url = "git@internal:nixpkgs-mirror";
+ ref = "heads/master";
+ };
+ };
+ };
+ stockholm = {
+ lass = {
+ origin = {
+ url = http://cgit.prism.r/stockholm;
+ };
+ mirror = {
+ url = "git@internal:stockholm-mirror" ;
+ };
+ };
+ makefu = {
+ origin = {
+ url = http://gum.krebsco.de/stockholm;
+ };
+ mirror = {
+ url = "git@internal:stockholm-mirror" ;
+ };
+ };
+ "@latest" = {
+ mirror = {
+ url = "git@internal:stockholm-mirror";
ref = "heads/master";
};
};
diff --git a/krebs/5pkgs/passwdqc-utils/default.nix b/krebs/5pkgs/passwdqc-utils/default.nix
index 0299715ba..53e7f5482 100644
--- a/krebs/5pkgs/passwdqc-utils/default.nix
+++ b/krebs/5pkgs/passwdqc-utils/default.nix
@@ -1,13 +1,18 @@
-{stdenv,pam,fetchurl,...}:
+{ stdenv, pam,
+ fetchurl, lib,
+ wordset-file ? null, # set your own wordset-file
+ ... }:
stdenv.mkDerivation rec {
name = "passwdqc-utils-${version}";
version = "1.3.0";
buildInputs = [ pam ];
+
src = fetchurl {
url = "http://www.openwall.com/passwdqc/passwdqc-${version}.tar.gz";
sha256 = "0l3zbrp4pvah0dz33m48aqlz9nx663cc1fqhnlwr0p853b10la93";
};
+
buildTargets = "utils";
installFlags= [ "BINDIR=$(out)/bin"
"CONFDIR=$(out)/etc"
@@ -15,7 +20,12 @@ stdenv.mkDerivation rec {
"DEVEL_LIBDIR=$(out)/lib"
"SECUREDIR=$(out)/lib/security"
"INCLUDEDIR=$(out)/include"
- "MANDIR=$(out)/man"];
+ "MANDIR=$(out)/man" ];
+
+ patchPhase = lib.optionalString (wordset-file != null) ''
+ cp -f ${wordset-file} wordset_4k.c
+ '';
+
installTargets = "install_lib install_utils";
meta = {
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index ab369d192..401ec6093 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -22,6 +22,8 @@ in {
../2configs/tinc/retiolum.nix
../2configs/urlwatch.nix
../2configs/torrent.nix
+ ../2configs/sabnzbd.nix
+
../2configs/opentracker.nix
];
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 96f7be9fc..71fb85ff6 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -43,9 +43,11 @@ in {
# TODO: unlock home partition via ssh
../2configs/fs/sda-crypto-root.nix
../2configs/zsh-user.nix
+ ../2configs/urlwatch.nix
../2configs/exim-retiolum.nix
../2configs/smart-monitor.nix
../2configs/mail-client.nix
+ ../2configs/disable_v6.nix
#../2configs/graphite-standalone.nix
#../2configs/share-user-sftp.nix
../2configs/omo-share.nix
@@ -56,13 +58,11 @@ in {
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
];
makefu.full-populate = true;
- makefu.deluge.cfg = {
- max_active_seeding = 1;
- stop_seed_ratio = 1;
- natpmp = true;
- upnp = true;
- max_upload_speed = 200;
-
+ krebs.rtorrent = {
+ downloadDir = lib.mkForce "/media/crypt0/torrent";
+ extraConfig = ''
+ upload_rate = 200
+ '';
};
users.groups.share = {
gid = config.krebs.lib.genid "share";
@@ -109,6 +109,7 @@ in {
environment.systemPackages = with pkgs;[
mergerfs # hard requirement for mount
wol # wake up filepimp
+ f3
];
fileSystems = let
cryptMount = name:
diff --git a/makefu/1systems/x.nix b/makefu/1systems/x.nix
index 4829aaabd..0243856ab 100644
--- a/makefu/1systems/x.nix
+++ b/makefu/1systems/x.nix
@@ -9,6 +9,7 @@
../.
../2configs/main-laptop.nix #< base-gui + zsh
../2configs/laptop-utils.nix
+ ../2configs/laptop-backup.nix
# Krebs
#../2configs/disable_v6.nix
@@ -42,13 +43,14 @@
../2configs/tinc/retiolum.nix
# temporary modules
../2configs/temp/share-samba.nix
- ../2configs/temp/elkstack.nix
+ ../2configs/laptop-backup.nix
+ # ../2configs/temp/elkstack.nix
# ../2configs/temp/sabnzbd.nix
../2configs/tinc/siem.nix
- ../2configs/torrent.nix
+ #../2configs/torrent.nix
];
makefu.full-populate = true;
- makefu.deluge.web.enable = true;
+
krebs.nginx = {
default404 = false;
servers.default.listen = [ "80 default_server" ];
diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix
index cdaa38f27..a7c2a983e 100644
--- a/makefu/2configs/default.nix
+++ b/makefu/2configs/default.nix
@@ -22,7 +22,7 @@ with config.krebs.lib;
build = {
user = config.krebs.users.makefu;
source = let inherit (config.krebs.build) host user; in {
- nixpkgs = if config.makefu.full-populate or (getEnv "dummy_secrets" == "true") then
+ nixpkgs = if config.makefu.full-populate || (getEnv "dummy_secrets" == "true") then
{ # stable @ 2016-07-20
git = { url = https://github.com/nixos/nixpkgs; ref = "125ffff"; };
}
diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix
index d57c91ce8..ca489d073 100644
--- a/makefu/2configs/iodined.nix
+++ b/makefu/2configs/iodined.nix
@@ -7,10 +7,12 @@ let
in {
services.iodined = {
- enable = true;
- domain = domain;
- ip = "172.16.10.1/24";
- extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
+ server = {
+ enable = true;
+ domain = domain;
+ ip = "172.16.10.1/24";
+ extraConfig = "-P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
+ };
};
}
diff --git a/makefu/2configs/laptop-backup.nix b/makefu/2configs/laptop-backup.nix
new file mode 100644
index 000000000..8df7043c8
--- /dev/null
+++ b/makefu/2configs/laptop-backup.nix
@@ -0,0 +1,12 @@
+{config, lib, pkgs, ... }:
+
+{
+ systemd.user.services.duply-secrets = {
+ description = "run daily secrets backup";
+ startAt = "daily";
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "{pkgs.duply}/bin/duply omo-secrets backup";
+ };
+ };
+}
diff --git a/makefu/2configs/omo-share.nix b/makefu/2configs/omo-share.nix
index 7e9842e14..86f768662 100644
--- a/makefu/2configs/omo-share.nix
+++ b/makefu/2configs/omo-share.nix
@@ -21,7 +21,6 @@ in {
sendfile on;
sendfile_max_chunk 512k;
directio 512;
- aio threads;
mp4;
autoindex on;
root /media;
diff --git a/makefu/2configs/sabnzbd.nix b/makefu/2configs/sabnzbd.nix
new file mode 100644
index 000000000..6b0f2ac3a
--- /dev/null
+++ b/makefu/2configs/sabnzbd.nix
@@ -0,0 +1,16 @@
+{ pkgs, config, ... }:
+
+with config.krebs.lib;
+let
+ web-port = 8080;
+in {
+ services.sabnzbd.enable = true;
+ services.sabnzbd.group = "download";
+ systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+ users.users.sabnzbd.group = mkForce "download";
+
+ networking.firewall.extraCommands = ''
+ iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
+ '';
+}
diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix
index c021e66c6..34f0ab0b4 100644
--- a/makefu/2configs/temp/share-samba.nix
+++ b/makefu/2configs/temp/share-samba.nix
@@ -2,9 +2,11 @@
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
+ group = "share";
description = "smb guest user";
home = "/var/empty";
};
+ users.groups.share.members = [ "makefu" ];
networking.firewall.allowedTCPPorts = [
139 445 # samba
diff --git a/makefu/2configs/udpt.nix b/makefu/2configs/udpt.nix
index 6d55ffaf8..922743bf1 100644
--- a/makefu/2configs/udpt.nix
+++ b/makefu/2configs/udpt.nix
@@ -1,6 +1,7 @@
{pkgs, ...}:
let
+ daemon-port = 6969;
cfgfile = pkgs.writeText "udpt-config" ''
[db]
driver=sqlite3
@@ -11,7 +12,9 @@ let
port=6969
threads=5
allow_remotes=yes
- allow_iana_ips=no
+
+ # allow retiolum:
+ allow_iana_ips=yes
announce_interval=1800
cleanup_interval=120
@@ -19,7 +22,7 @@ let
enable=yes
[logging]
- filename=-
+ filename=/tmp/udpt.log
level=warning
'';
in {
@@ -27,5 +30,8 @@ in {
enable = true;
inherit cfgfile;
};
+ networking.firewall.extraCommands = ''
+ iptables -A INPUT -i retiolum -p udp --dport ${toString daemon-port} -j ACCEPT
+ '';
}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index f869f5a78..e0fbefa36 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -1,22 +1,6 @@
{ config, lib, ... }:
{
- nixpkgs.config.packageOverrides = pkgs: {
- urlwatch = with pkgs.pythonPackages; buildPythonPackage rec {
- name = "urlwatch-1.18";
-
- propagatedBuildInputs = [ futures ];
-
- src = pkgs.fetchurl {
- url = "http://thp.io/2008/urlwatch/${name}.tar.gz";
- sha256 = "090qfgx249ks7103sap6w47f8302ix2k46wxhfssxwsqcqdl25vb";
- };
-
- postFixup = ''
- wrapProgram "$out/bin/urlwatch" --prefix "PYTHONPATH" : "$PYTHONPATH"
- '';
- };
- };
krebs.urlwatch = {
enable = true;
mailto = config.krebs.users.makefu.mail;
diff --git a/makefu/3modules/udpt.nix b/makefu/3modules/udpt.nix
index 2086bd540..59602e4a9 100644
--- a/makefu/3modules/udpt.nix
+++ b/makefu/3modules/udpt.nix
@@ -40,8 +40,9 @@ let
restartIfChanged = true;
serviceConfig = {
Type = "simple";
- ExecStart = "${cfg.package}/bin/udpt -c ${shell.escape cfg.cfgfile}";
+ ExecStart = "${cfg.package}/bin/udpt -i -c ${shell.escape cfg.cfgfile}";
PrivateTmp = true;
+ WorkingDirectory = "/tmp";
User = "${cfg.user}";
};
};
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 51987c35b..6d020406d 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -2,9 +2,16 @@
let
inherit (pkgs) callPackage;
+ nixpkgs-1509 = import (pkgs.fetchFromGitHub {
+ owner = "NixOS"; repo = "nixpkgs-channels";
+ rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda";
+ sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73";
+ }) {};
+
in
{
nixpkgs.config.packageOverrides = rec {
+ cups = nixpkgs-1509.cups;
alsa-hdspconf = callPackage ./alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./alsa-tools { alsaToolTarget="hdsploader";};
@@ -18,6 +25,13 @@ in
mycube-flask = callPackage ./mycube-flask {};
nodemcu-uploader = callPackage ./nodemcu-uploader {};
ps3netsrv = callPackage ./ps3netsrv {};
+ pwqgen-ger = callPackage ../../krebs/5pkgs/passwdqc-utils {
+ wordset-file = pkgs.fetchurl {
+ url = https://gist.githubusercontent.com/makefu/b56f5554c9ef03fe6e09878962e6fd8d/raw/1f147efec51325bc9f80c823bad8381d5b7252f6/wordset_4k.c ;
+ sha256 = "18ddzyh11bywrhzdkzvrl7nvgp5gdb4k1s0zxbz2bkhd14vi72bb";
+ };
+ };
+ qcma = pkgs.qt5.callPackage ./qcma {};
tw-upload-plugin = callPackage ./tw-upload-plugin {};
skytraq-logger = callPackage ./skytraq-logger {};
taskserver = callPackage ./taskserver {};
diff --git a/makefu/5pkgs/qcma/default.nix b/makefu/5pkgs/qcma/default.nix
new file mode 100644
index 000000000..6eb1a971d
--- /dev/null
+++ b/makefu/5pkgs/qcma/default.nix
@@ -0,0 +1,64 @@
+{ lib, stdenv, fetchFromGitHub, fetchgit, libusb, libtool, autoconf, pkgconfig, git,
+gettext, automake, libxml2 , qmakeHook, makeQtWrapper,
+qtbase, qttools, qtmultimedia, libnotify, ffmpeg, gdk_pixbuf }:
+let
+ libvitamtp = stdenv.mkDerivation rec {
+ name = "libvitamtp-${version}";
+ version = "2.5.9";
+
+ src = fetchFromGitHub {
+ owner = "codestation";
+ repo = "vitamtp";
+ rev = "v"+version;
+ sha256 = "09c9f7gqpyicfpnhrfb4r67s2hci6hh31bzmqlpds4fywv5mzaf8";
+ };
+
+ buildInputs = [ libusb libxml2 libtool autoconf automake gettext pkgconfig ];
+ preConfigure = "sh ./autogen.sh";
+
+ meta = {
+ description = "Content Manager Assistant for the PS Vita";
+ homepage = https://github.com/codestation/qcma;
+ license = stdenv.lib.licenses.gpl2;
+ platforms = stdenv.lib.platforms.linux;
+ maintainers = with stdenv.lib.maintainers; [ makefu ];
+ };
+ };
+in stdenv.mkDerivation rec {
+ name = "qcma-${version}";
+ version = "0.3.13";
+
+ src = fetchgit {
+ url = "git://github.com/codestation/qcma.git";
+ rev = "refs/tags/v"+version;
+ leaveDotGit = true;
+ sha256 = "164abjwlw2nw2i30wlwpsavz1zjkp6a14yprvinma5hflkw4yj6i";
+ };
+
+ preConfigure = ''
+ lrelease common/resources/translations/*.ts
+ '';
+
+ # TODO: manually adding qtbase and qtmultimedia to the library path is shit,
+ # this should be done somewhere before when building the project, idk.
+ installPhase = ''
+ make INSTALL_ROOT="$(out)" install
+ for i in qcma qcma_cli; do
+ wrapQtProgram $out/bin/$i --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [
+ qtbase qtmultimedia ]}
+ done
+ '';
+
+ enableParallelBuilding = true;
+
+ buildInputs = [ gdk_pixbuf ffmpeg libnotify libvitamtp git qtmultimedia qtbase ];
+ nativeBuildInputs = [ qmakeHook qttools pkgconfig makeQtWrapper ];
+
+ meta = {
+ description = "Content Manager Assistant for the PS Vita";
+ homepage = https://github.com/codestation/qcma;
+ license = stdenv.lib.licenses.gpl2;
+ platforms = stdenv.lib.platforms.linux;
+ maintainers = with stdenv.lib.maintainers; [ makefu ];
+ };
+}