From 54feede990f042cc75a240dab50ad2016ed4c9ec Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 7 Sep 2017 21:51:24 +0200 Subject: ma vncserver: retab --- makefu/2configs/vncserver.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/vncserver.nix b/makefu/2configs/vncserver.nix index 3d1d9fe75..e62a3f748 100644 --- a/makefu/2configs/vncserver.nix +++ b/makefu/2configs/vncserver.nix @@ -33,7 +33,7 @@ in { serviceConfig = { User = "nobody"; ExecStart = "${pkgs.novnc}/bin/launch-novnc.sh --listen ${toString web_port} --vnc localhost:${toString vnc_port}"; - PrivateTmp = true; + PrivateTmp = true; }; }; }; -- cgit v1.2.3 From 265bfe7949c7cccd80763d0b642df7b00f102a41 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 9 Sep 2017 16:27:30 +0200 Subject: wolf: add plattenschwein pubkey --- krebs/1systems/wolf/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 91aabb716..4796d26fd 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -100,6 +100,7 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.ulrich.pubkey config.krebs.users.makefu-omo.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup ]; time.timeZone = "Europe/Berlin"; -- cgit v1.2.3 From e03866490e69df3040ca3143e55ca3538aa06db1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 9 Sep 2017 20:58:36 +0200 Subject: ma steam: fix startup reference: https://github.com/NixOS/nixpkgs/issues/25957 --- makefu/2configs/steam.nix | 6 ------ makefu/2configs/tools/games.nix | 6 ++++-- makefu/2configs/tools/steam.nix | 10 ++++++++++ 3 files changed, 14 insertions(+), 8 deletions(-) delete mode 100644 makefu/2configs/steam.nix create mode 100644 makefu/2configs/tools/steam.nix diff --git a/makefu/2configs/steam.nix b/makefu/2configs/steam.nix deleted file mode 100644 index d4ec84abf..000000000 --- a/makefu/2configs/steam.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: -{ - environment.systemPackages = [ pkgs.steam ]; - hardware.opengl.driSupport32Bit = true; - hardware.pulseaudio.support32Bit = true; -} diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 47f06287b..0257e1870 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -1,8 +1,10 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ - steam + imports = [ + ../steam.nix + ]; + users.users.makefu.packages = with pkgs; [ games-user-env ]; } diff --git a/makefu/2configs/tools/steam.nix b/makefu/2configs/tools/steam.nix new file mode 100644 index 000000000..dbe51270d --- /dev/null +++ b/makefu/2configs/tools/steam.nix @@ -0,0 +1,10 @@ +{pkgs, ...}: +{ + environment.systemPackages = [ + (pkgs.steam.override { + newStdcpp = true; + }) + ]; + hardware.opengl.driSupport32Bit = true; + hardware.pulseaudio.support32Bit = true; +} -- cgit v1.2.3 From f82de12a9a235a97085b768848c97dd023285066 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 9 Sep 2017 20:58:50 +0200 Subject: ma docker: add self to docker group --- makefu/2configs/virtualisation/docker.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/virtualisation/docker.nix b/makefu/2configs/virtualisation/docker.nix index ddef9e371..951bdbf26 100644 --- a/makefu/2configs/virtualisation/docker.nix +++ b/makefu/2configs/virtualisation/docker.nix @@ -1,8 +1,9 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { virtualisation.docker.enable = true; environment.systemPackages = with pkgs;[ docker docker_compose ]; + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "docker" ]; } -- cgit v1.2.3 From 31b9df0a3b7828887ff9ee4eaddf12b26707c3bf Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 10 Sep 2017 01:32:53 +0200 Subject: wolf: add telegraf snmp --- krebs/1systems/wolf/config.nix | 53 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 4796d26fd..d89d0b0b2 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + influx-host = "127.0.0.1"; in { imports = [ @@ -23,6 +24,58 @@ in + { + systemd.services.telegraf.path = [ pkgs.net_snmp ]; # for snmptranslate + #systemd.services.telegraf.environment = { + # "MIBDIRS" : ""; # extra mibs like ADSL + #}; + services.telegraf = { + enable = true; + extraConfig = { + inputs = { + snmp = { + agents = [ "10.0.1.3:161" ]; + version = 2; + community = "shack"; + name = "snmp"; + field = [ + { + name = "hostname"; + oid = "RFC1213-MIB::sysName.0"; + is_tag = true; + } + { + name = "load-percent"; #cisco + oid = ".1.3.6.1.4.1.9.9.109.1.1.1.1.4.9"; + } + { + name = "uptime"; + oid = "DISMAN-EVENT-MIB::sysUpTimeInstance"; + } + ]; + table = [{ + name = "snmp"; + inherit_tags = [ "hostname" ]; + oid = "IF-MIB::ifXTable"; + field = [{ + name = "ifName"; + oid = "IF-MIB::ifName"; + is_tag = true; + }]; + }]; + }; + }; + outputs = { + influxdb = { + urls = [ "http://${influx-host}:8086" ]; + database = "telegraf"; + write_consistency = "any"; + timeout = "5s"; + }; + }; + }; + }; + } ]; # use your own binary cache, fallback use cache.nixos.org (which is used by -- cgit v1.2.3 From dede52e436625471e905360d4d78d5a9c5d6fe81 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 10 Sep 2017 13:05:34 +0200 Subject: ma x: steam is now a tool --- makefu/1systems/x/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index faa29f3db..892eb1095 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -56,7 +56,6 @@ with import ; - # # Hardware -- cgit v1.2.3 From 8a50e700166835c86d4339647c378c465a2970a3 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 10 Sep 2017 13:40:59 +0200 Subject: ma tools/games: fix path to steam --- makefu/2configs/tools/games.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/games.nix b/makefu/2configs/tools/games.nix index 0257e1870..8e815da5e 100644 --- a/makefu/2configs/tools/games.nix +++ b/makefu/2configs/tools/games.nix @@ -2,7 +2,7 @@ { imports = [ - ../steam.nix + ./steam.nix ]; users.users.makefu.packages = with pkgs; [ games-user-env -- cgit v1.2.3 From ffbd8c9d51753e479fb2c9f83721e0fda58c441a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:01:24 +0200 Subject: wolf.r: add copyKernels --- krebs/1systems/wolf/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index d89d0b0b2..21ae20ea0 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -139,6 +139,9 @@ in boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/vda"; + # without it `/nix/store` is not added grub paths + boot.loader.grub.copyKernels = true; + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ -- cgit v1.2.3 From 044320bfe49d822f102daf82b270e20308f9049f Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:02:10 +0200 Subject: wolf muell_caller: bump to latest version --- krebs/2configs/shack/muell_caller.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index 2d8d78e33..7e8d278f6 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -6,8 +6,8 @@ let name = "muell_caller-2017-06-01"; src = pkgs.fetchgit { url = "https://github.com/shackspace/muell_caller/"; - rev = "bbd4009"; - sha256 = "1bfnfl2vdh0p5wzyz5p48qh04vvsg2445avg86fzhzragx25fqv0"; + rev = "ee4e499"; + sha256 = "0q1v07q633sbqg4wkgf0zya2bnqrikpyjhzp05iwn2vcs8rvsi3k"; }; buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ -- cgit v1.2.3 From 2b4d7d951299d7dada001476872d809310f40810 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:02:28 +0200 Subject: ma gum.r: disable torrent --- makefu/1systems/gum/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 934bfa685..2f288e708 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,7 +40,7 @@ in { # services - + # -- cgit v1.2.3 From 4b19401a82378ef9d091c8f58da0a67b33ec8ac6 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:02:58 +0200 Subject: ma printer: add SXC-3205W network scanner --- makefu/2configs/printer.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 0865a0841..51e69d8b7 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -14,17 +14,20 @@ in { # scanners are printers just in reverse anyway services.saned.enable = true; - users.users."${mainUser}".extraGroups = [ "scanner" ]; + users.users."${mainUser}".extraGroups = [ "scanner" "lp" ]; hardware.sane = { enable = true; - extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + extraBackends = [ ]; # $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 # requires 'sane-extra', scan via: - extraConfig."magicolor" = '' - net 10.42.20.30 0x2098 - ''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + #extraConfig."magicolor" = '' + # net 10.42.20.30 0x2098 + #''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + extraConfig."xerox_mfp" = '' + tcp 192.168.1.5 + ''; #home printer SCX-3205W }; } -- cgit v1.2.3 From 4ea52583d189d2c72b0a64cf605216f8b5bbcf56 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 11 Sep 2017 23:09:47 +0200 Subject: ma tools: add scanner-tools --- makefu/2configs/tools/all.nix | 1 + makefu/2configs/tools/scanner-tools.nix | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 makefu/2configs/tools/scanner-tools.nix diff --git a/makefu/2configs/tools/all.nix b/makefu/2configs/tools/all.nix index c7a116918..7755e2872 100644 --- a/makefu/2configs/tools/all.nix +++ b/makefu/2configs/tools/all.nix @@ -7,6 +7,7 @@ ./extra-gui.nix ./games.nix ./media.nix + ./scanner-tools.nix ./sec.nix ./sec-gui.nix ./studio.nix diff --git a/makefu/2configs/tools/scanner-tools.nix b/makefu/2configs/tools/scanner-tools.nix new file mode 100644 index 000000000..ef2e913e4 --- /dev/null +++ b/makefu/2configs/tools/scanner-tools.nix @@ -0,0 +1,7 @@ +{ + # ln -s /run/current-system/sw/bin/xsane ~/.gimp-2.8/plug-ins/xsane + nixpkgs.config.packageOverrides = pkgs: { + xsaneGimp = pkgs.xsane.override { gimpSupport = true; }; + }; +} + -- cgit v1.2.3 From 3d45f25458cf0f64d509bb25fa5634c592399806 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 12 Sep 2017 21:13:37 +0200 Subject: tv charybdis: after network-online.target --- tv/3modules/charybdis/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 859dc122c..e252f2e1d 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -52,7 +52,7 @@ in { systemd.services.charybdis = { wantedBy = [ "multi-user.target" ]; requires = [ "secret.service" ]; - after = [ "network.target" "secret.service" ]; + after = [ "network-online.target" "secret.service" ]; environment = { BANDB_DBPATH = "${cfg.user.home}/ban.db"; }; -- cgit v1.2.3 From ab36abc9338b5bf2ffe0b090961ec26be5677663 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 15 Sep 2017 00:08:47 +0200 Subject: withGetopt: init --- krebs/5pkgs/simple/withGetopt.nix | 106 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 krebs/5pkgs/simple/withGetopt.nix diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix new file mode 100644 index 000000000..fd59adcaf --- /dev/null +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -0,0 +1,106 @@ +with import ; +{ utillinux, writeDash }: + +opt-spec: cmd-spec: let + + cmd = cmd-spec opts; + + cmd-script = + if typeOf cmd == "set" + then "exec ${cmd}" + else cmd; + + opts = mapAttrs (name: value: value // rec { + long = value.long or (replaceStrings ["_"] ["-"] name); + ref = value.ref or "\"\$${varname}\""; + switch = value.switch or false; + varname = value.varname or (replaceStrings ["-"] ["_"] name); + }) opt-spec; + + # true if b requires a to define its default value + opts-before = a: b: + test ".*[$]${stringAsChars (c: "[${c}]") a.varname}\\>.*" (b.default or ""); + + opts-list = let + sort-out = toposort opts-before (attrValues opts); + in + if sort-out ? result + then sort-out.result + else throw "toposort output: ${toJSON sort-out}"; + + wrapper-name = + if typeOf cmd == "set" && cmd ? name + then "${cmd.name}-getopt" + else "getopt-wrapper"; + +in writeDash wrapper-name '' + set -efu + + wrapper_name=${shell.escape wrapper-name} + + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + unset ${opt.varname} + '') opts)} + + args=$(${utillinux}/bin/getopt \ + -n "$wrapper_name" \ + -o "" \ + -l ${concatMapStringsSep "," + (opt: opt.long + optionalString (!opt.switch) ":") + (attrValues opts)} \ + -s sh \ + -- "$@") + if \test $? != 0; then exit 1; fi + eval set -- "$args" + + while :; do + case $1 in + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + --${opt.long}) + ${if opt.switch then /* sh */ '' + ${opt.varname}=true + shift + '' else /* sh */ '' + ${opt.varname}=$2 + shift 2 + ''} + ;; + '') opts)} + --) + shift + break + esac + done + + ${concatMapStringsSep "\n" + (opt: /* sh */ '' + if \test "''${${opt.varname}+1}" != 1; then + printf '%s: missing mandatory option '--%s'\n' \ + "$wrapper_name" \ + ${shell.escape opt.long} + error=1 + fi + '') + (filter + (x: ! hasAttr "default" x) + (attrValues opts))} + if test "''${error+1}" = 1; then + exit 1 + fi + + ${concatMapStringsSep "\n" + (opt: /* sh */ '' + if \test "''${${opt.varname}+1}" != 1; then + ${opt.varname}=${opt.default} + fi + '') + (filter + (hasAttr "default") + opts-list)} + + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + export ${opt.varname} + '') opts)} + + ${cmd-script} +'' -- cgit v1.2.3 From b28dabfc0720578b46fd7664b233a12666fbca0c Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 15 Sep 2017 00:33:34 +0200 Subject: shell: use withGetopt --- shell.nix | 122 ++++++++++++++++++++++++-------------------------------------- 1 file changed, 47 insertions(+), 75 deletions(-) diff --git a/shell.nix b/shell.nix index a4ccc3187..661ac81a8 100644 --- a/shell.nix +++ b/shell.nix @@ -6,43 +6,38 @@ let # high level commands # - # usage: deploy - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # [--target=TARGET] - # [--user=USER] - cmds.deploy = pkgs.writeDash "cmds.deploy" '' + cmds.deploy = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target.default = /* sh */ "$system"; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "cmds.deploy" '' set -efu - command=deploy - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${target-}" || target=$system - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} - . ${init.proxy} + . ${init.proxy opts} exec ${utils.deploy} - ''; - - # usage: install - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # --target=TARGET - # [--user=USER] - cmds.install = pkgs.writeBash "cmds.install" '' + ''); + + cmds.install = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeBash "cmds.install" '' set -efu - command=install - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} if \test "''${using_proxy-}" != true; then @@ -55,7 +50,7 @@ let # TODO inline prepare.sh? fi - . ${init.proxy} + . ${init.proxy opts} # Reset PATH because we need access to nixos-install. # TODO provide nixos-install instead of relying on prepare.sh @@ -75,30 +70,28 @@ let cd exec nixos-install - ''; - - # usage: test - # [--force-populate] - # [--quiet] - # [--source=PATH] - # --system=SYSTEM - # --target=TARGET - # [--user=USER] - cmds.test = pkgs.writeDash "cmds.test" /* sh */ '' + ''); + + cmds.test = pkgs.withGetopt { + force-populate = { default = /* sh */ "false"; switch = true; }; + quiet = { default = /* sh */ "false"; switch = true; }; + source_file = { + default = /* sh */ "$user/1systems/$system/source.nix"; + long = "source"; + }; + system = {}; + target = {}; + user.default = /* sh */ "$LOGNAME"; + } (opts: pkgs.writeDash "cmds.test" /* sh */ '' set -efu export dummy_secrets=true - command=test - . ${init.args} - \test -n "''${quiet-}" || quiet=false - \test -n "''${user-}" || user=$LOGNAME - \test -n "''${source_file}" || source_file=$user/1systems/$system/source.nix . ${init.env} - . ${init.proxy} + . ${init.proxy opts} exec ${utils.build} config.system.build.toplevel - ''; + ''); # # low level commands @@ -163,28 +156,6 @@ let echo ''; - init.args = pkgs.writeText "init.args" /* sh */ '' - args=$(${pkgs.utillinux}/bin/getopt -n "$command" -s sh \ - -o Qs:t:u: \ - -l force-populate,quiet,source:,system:,target:,user: \ - -- "$@") - if \test $? != 0; then exit 1; fi - eval set -- "$args" - force_populate=false - source_file= - while :; do case $1 in - --force-populate) force_populate=true; shift;; - -Q|--quiet) quiet=true; shift;; - --source) source_file=$2; shift 2;; - -s|--system) system=$2; shift 2;; - -t|--target) target=$2; shift 2;; - -u|--user) user=$2; shift 2;; - --) shift; break;; - esac; done - for arg; do echo "$command: bad argument: $arg" >&2; done - if \test $# != 0; then exit 2; fi - ''; - init.env = pkgs.writeText "init.env" /* sh */ '' export quiet export system @@ -201,7 +172,7 @@ let export target_local="$(echo $target_object | ${pkgs.jq}/bin/jq -r .local)" ''; - init.proxy = pkgs.writeText "init.proxy" /* sh */ '' + init.proxy = opts: pkgs.writeText "init.proxy" /* sh */ '' if \test "''${using_proxy-}" != true; then source=$(get-source "$source_file") @@ -219,11 +190,12 @@ let NIX_PATH=$(quote "$target_path") \ STOCKHOLM_VERSION=$(quote "$STOCKHOLM_VERSION") \ nix-shell --run "$(quote " - quiet=$(quote "$quiet") \ - system=$(quote "$system") \ - target=$(quote "$target") \ + ${lib.concatStringsSep " " (lib.mapAttrsToList + (name: opt: /* sh */ "${opt.varname}=\$(quote ${opt.ref})") + opts + )} \ using_proxy=true \ - $(quote "$command" "$@") + $(quote "$0" "$@") ")" fi fi -- cgit v1.2.3 From 388bed48209ad7f5c774ff005afc255c6a71934d Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 09:00:54 +0200 Subject: tv nixpkgs-overlays: init This module allows to have per-system nixpkgs-overlays and is required because at the moment of committing, only xu has an up-to-date stockholm development directory in /home/tv/stockholm. --- tv/1systems/xu/config.nix | 5 +++++ tv/2configs/default.nix | 6 +----- tv/3modules/default.nix | 1 + tv/3modules/nixpkgs-overlays.nix | 23 +++++++++++++++++++++++ 4 files changed, 30 insertions(+), 5 deletions(-) create mode 100644 tv/3modules/nixpkgs-overlays.nix diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index 0abd544ce..d4a10fe10 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -155,5 +155,10 @@ with import ; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; + tv.nixpkgs-overlays = { + krebs = "/home/tv/stockholm/krebs/5pkgs"; + tv = "/home/tv/stockholm/tv/5pkgs"; + }; + virtualisation.virtualbox.host.enable = true; } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 241a16b25..9ad0253a3 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -90,11 +90,7 @@ with import ; environment.variables = { NIX_PATH = mkForce (concatStringsSep ":" [ "secrets=/var/src/stockholm/null" - "nixpkgs-overlays=${pkgs.runCommand "nixpkgs-overlays" {} '' - mkdir $out - ln -s /home/tv/stockholm/krebs/5pkgs $out/krebs - ln -s /home/tv/stockholm/tv/5pkgs $out/tv - ''}" + "nixpkgs-overlays=${config.tv.nixpkgs-overlays}" "/var/src" ]); }; diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 83dc212a6..57ffbfab8 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -6,6 +6,7 @@ _: ./ejabberd ./hosts.nix ./iptables.nix + ./nixpkgs-overlays.nix ./x0vncserver.nix ]; } diff --git a/tv/3modules/nixpkgs-overlays.nix b/tv/3modules/nixpkgs-overlays.nix new file mode 100644 index 000000000..4eb7a86bd --- /dev/null +++ b/tv/3modules/nixpkgs-overlays.nix @@ -0,0 +1,23 @@ +with import ; +{ config, pkgs, ... }: { + + options.tv.nixpkgs-overlays = mkOption { + apply = src: + pkgs.runCommand "nixpkgs-overlays" {} '' + mkdir $out + ${concatStringsSep "\n" (mapAttrsToList (name: path: + "ln -s ${shell.escape path} $out/${shell.escape name}" + ) src)} + '' // { + inherit src; + }; + type = types.attrsOf types.absolute-pathname; + }; + + config = { + tv.nixpkgs-overlays = { + krebs = mkDefault "/var/src/stockholm/krebs/5pkgs"; + tv = mkDefault "/var/src/stockholm/tv/5pkgs"; + }; + }; +} -- cgit v1.2.3 From 21c284a2c7b4fcb330f0c90ccd773f65f78721aa Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 19 Sep 2017 16:37:46 +0200 Subject: ma telegraf: init also add europastats --- makefu/2configs/stats/telegraf/default.nix | 20 ++++++++++++ makefu/2configs/stats/telegraf/europastats.nix | 43 ++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 makefu/2configs/stats/telegraf/default.nix create mode 100644 makefu/2configs/stats/telegraf/europastats.nix diff --git a/makefu/2configs/stats/telegraf/default.nix b/makefu/2configs/stats/telegraf/default.nix new file mode 100644 index 000000000..4da6561d6 --- /dev/null +++ b/makefu/2configs/stats/telegraf/default.nix @@ -0,0 +1,20 @@ +{...}: +let + url = "http://localhost:8086"; +in { + imports = [ + ./europastats.nix + ]; + services.telegraf = { + enable = true; + extraConfig = { + agent.debug = true; + outputs = { + influxdb = [{ + urls = [ url ]; + database = "telegraf"; + }]; + }; + }; + }; +} diff --git a/makefu/2configs/stats/telegraf/europastats.nix b/makefu/2configs/stats/telegraf/europastats.nix new file mode 100644 index 000000000..9249280c5 --- /dev/null +++ b/makefu/2configs/stats/telegraf/europastats.nix @@ -0,0 +1,43 @@ +{ pkgs, ...}: +let + pkg = with pkgs.python3Packages;buildPythonPackage rec { + rev = "be31da7"; + name = "europastats-${rev}"; + propagatedBuildInputs = [ + requests2 + docopt + ]; + src = pkgs.fetchgit { + url = "http://cgit.euer.krebsco.de/europastats"; + inherit rev; + sha256 = "0qj18vgj9nm6aisyqhk3iz3rf8xp7mn5jc6sfylcaw588a9sjfvc"; + }; + }; +in { + services.telegraf.extraConfig.inputs.exec = [ + { + commands = [ "${pkg}/bin/europa-attractions"]; + timeout = "1m"; + data_format = "json"; + name_override = "europawaiting"; + interval = "1m"; + tag_keys = [ + "status" + "type" + "name" + ]; + } + { + commands = [ "${pkg}/bin/europa-weather"]; + timeout = "20s"; + data_format = "json"; + name_override = "europaweather"; + interval = "10m"; + tag_keys = [ + "type" + "name" + "offset" + ]; + } + ]; +} -- cgit v1.2.3 From ad06126dcedfd5f28a3b64f2df2f32428f933a08 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 19 Sep 2017 16:39:58 +0200 Subject: ma omo.r: enable telegraf --- makefu/1systems/omo/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 4c93a7a3e..32cd3f900 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -60,6 +60,7 @@ in { # logs to influx + # services @@ -77,6 +78,9 @@ in { ## as long as pyload is not in nixpkgs: # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload + + # Temporary: + ]; makefu.full-populate = true; makefu.server.primary-itf = primaryInterface; -- cgit v1.2.3 From 4e2e9a63c4a0c8f191940e06092e5aa2f3822993 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:16:52 +0200 Subject: tv mfcl2700dnlpr: init at 3.2.0-1 --- tv/5pkgs/simple/mfcl2700dnlpr/default.nix | 44 +++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 tv/5pkgs/simple/mfcl2700dnlpr/default.nix diff --git a/tv/5pkgs/simple/mfcl2700dnlpr/default.nix b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix new file mode 100644 index 000000000..fc11b53e9 --- /dev/null +++ b/tv/5pkgs/simple/mfcl2700dnlpr/default.nix @@ -0,0 +1,44 @@ +{ coreutils, dpkg, fetchurl, ghostscript, gnugrep, gnused, pkgsi686Linux, makeWrapper, perl, stdenv, which }: + +stdenv.mkDerivation rec { + name = "mfcl2700dnlpr-${meta.version}"; + + src = fetchurl { + url = "http://download.brother.com/welcome/dlf102085/${name}.i386.deb"; + sha256 = "170qdzxlqikzvv2wphvfb37m19mn13az4aj88md87ka3rl5knk4m"; + }; + + nativeBuildInputs = [ dpkg makeWrapper ]; + + phases = [ "installPhase" ]; + + installPhase = '' + dpkg-deb -x $src $out + + dir=$out/opt/brother/Printers/MFCL2700DN + + substituteInPlace $dir/lpd/filter_MFCL2700DN \ + --replace /usr/bin/perl ${perl}/bin/perl \ + --replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$dir\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #" + + wrapProgram $dir/lpd/filter_MFCL2700DN \ + --prefix PATH : ${stdenv.lib.makeBinPath [ + coreutils ghostscript gnugrep gnused which + ]} + + interpreter=${pkgsi686Linux.stdenv.cc.libc.out}/lib/ld-linux.so.2 + patchelf --set-interpreter "$interpreter" $dir/inf/braddprinter + patchelf --set-interpreter "$interpreter" $dir/lpd/brprintconflsr3 + patchelf --set-interpreter "$interpreter" $dir/lpd/rawtobr3 + ''; + + meta = { + description = "Brother MFC-L2700DN LPR driver"; + homepage = "http://www.brother.com/"; + license = stdenv.lib.licenses.unfree; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "3.2.0-1"; + }; +} -- cgit v1.2.3 From b2c02a186b0dba18f303c973b238e3b9c2de06b7 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:15:26 +0200 Subject: tv mfcl2700dncupswrapper: init at 3.2.0-1 --- tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix | 45 +++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix diff --git a/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix new file mode 100644 index 000000000..1ef018b33 --- /dev/null +++ b/tv/5pkgs/simple/mfcl2700dncupswrapper/default.nix @@ -0,0 +1,45 @@ +{ coreutils, dpkg, fetchurl, gnugrep, gnused, makeWrapper, mfcl2700dnlpr, +perl, stdenv }: + +stdenv.mkDerivation rec { + name = "mfcl2700dncupswrapper-${meta.version}"; + + src = fetchurl { + url = "http://download.brother.com/welcome/dlf102086/${name}.i386.deb"; + sha256 = "07w48mah0xbv4h8vsh1qd5cd4b463bx8y6gc5x9pfgsxsy6h6da1"; + }; + + nativeBuildInputs = [ dpkg makeWrapper ]; + + phases = [ "installPhase" ]; + + installPhase = '' + dpkg-deb -x $src $out + + basedir=${mfcl2700dnlpr}/opt/brother/Printers/MFCL2700DN + dir=$out/opt/brother/Printers/MFCL2700DN + + substituteInPlace $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \ + --replace /usr/bin/perl ${perl}/bin/perl \ + --replace "basedir =~" "basedir = \"$basedir\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2700DN\"; #" + + wrapProgram $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN \ + --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils gnugrep gnused ]} + + mkdir -p $out/lib/cups/filter + mkdir -p $out/share/cups/model + + ln $dir/cupswrapper/brother_lpdwrapper_MFCL2700DN $out/lib/cups/filter + ln $dir/cupswrapper/brother-MFCL2700DN-cups-en.ppd $out/share/cups/model + ''; + + meta = { + description = "Brother MFC-L2700DN CUPS wrapper driver"; + homepage = "http://www.brother.com/"; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = [ stdenv.lib.maintainers.tv ]; + platforms = stdenv.lib.platforms.linux; + version = "3.2.0-1"; + }; +} -- cgit v1.2.3 From 755e3a46682b90729be8a82026b08429cd7baea8 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:03:12 +0200 Subject: tv br config: init --- tv/2configs/br.nix | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 tv/2configs/br.nix diff --git a/tv/2configs/br.nix b/tv/2configs/br.nix new file mode 100644 index 000000000..c7eb20e90 --- /dev/null +++ b/tv/2configs/br.nix @@ -0,0 +1,49 @@ +with import ; +{ config, pkgs, ... }: { + + imports = [ + + ]; + + krebs.nixpkgs.allowUnfreePredicate = pkg: any (flip hasPrefix pkg.name) [ + "brother-udev-rule-type1-" + "brscan4-" + "mfcl2700dnlpr-" + ]; + + hardware.sane = { + enable = true; + brscan4 = { + enable = true; + netDevices = { + bra = { + model = "MFCL2700DN"; + ip = "10.23.1.214"; + }; + }; + }; + }; + + services.saned.enable = true; + + # usage: scanimage -d "$(find-scanner bra)" --batch --format=tiff --resolution 150 -x 211 -y 298 + environment.systemPackages = [ + (pkgs.writeDashBin "find-scanner" '' + set -efu + name=$1 + ${pkgs.sane-backends}/bin/scanimage -f '%m %d + ' \ + | ${pkgs.gawk}/bin/awk -v dev="*$name" '$1 == dev { print $2; exit }' \ + | ${pkgs.gnugrep}/bin/grep . + '') + ]; + + services.printing = { + enable = true; + drivers = [ + pkgs.mfcl2700dncupswrapper + ]; + }; + + systemd.services.cups.serviceConfig.PrivateTmp = true; +} -- cgit v1.2.3 From ed9a1085946589409caba6e18233c329d99c0b4b Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:04:22 +0200 Subject: tv xu: import br config --- tv/1systems/xu/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/1systems/xu/config.nix b/tv/1systems/xu/config.nix index d4a10fe10..0363c983d 100644 --- a/tv/1systems/xu/config.nix +++ b/tv/1systems/xu/config.nix @@ -16,6 +16,7 @@ with import ; + { environment.systemPackages = with pkgs; [ -- cgit v1.2.3 From 3416a45b54e092c6b9b24738aa44d3c217982c26 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:32:46 +0200 Subject: withGetopt: pass "$@" to command --- krebs/5pkgs/simple/withGetopt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index fd59adcaf..21322b783 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -102,5 +102,5 @@ in writeDash wrapper-name '' export ${opt.varname} '') opts)} - ${cmd-script} + ${cmd-script} "$@" '' -- cgit v1.2.3 From 8179f87e5a434ebb21219b657c05a11e6811525f Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:42:27 +0200 Subject: lib shell.escape: escape the empty string as '' --- lib/shell.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/shell.nix b/lib/shell.nix index f9779028e..5be8d6759 100644 --- a/lib/shell.nix +++ b/lib/shell.nix @@ -7,10 +7,13 @@ rec { let isSafeChar = testString "[-+./0-9:=A-Z_a-z]"; in - stringAsChars (c: - if isSafeChar c then c - else if c == "\n" then "'\n'" - else "\\${c}"); + x: + if x == "" then "''" + else stringAsChars (c: + if isSafeChar c then c + else if c == "\n" then "'\n'" + else "\\${c}" + ) x; # # shell script generators -- cgit v1.2.3 From 9f85824da25311ec096d748798f49d09519e16aa Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:50:00 +0200 Subject: withGetopt: make long option optional --- krebs/5pkgs/simple/withGetopt.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index 21322b783..b7bd40126 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -45,9 +45,11 @@ in writeDash wrapper-name '' args=$(${utillinux}/bin/getopt \ -n "$wrapper_name" \ -o "" \ - -l ${concatMapStringsSep "," - (opt: opt.long + optionalString (!opt.switch) ":") - (attrValues opts)} \ + -l ${shell.escape + (concatMapStringsSep "," + (opt: opt.long + optionalString (!opt.switch) ":") + (filter (opt: opt.long != null) + (attrValues opts)))} \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi @@ -65,7 +67,9 @@ in writeDash wrapper-name '' shift 2 ''} ;; - '') opts)} + '') (filterAttrs + (_: opt: opt.long != null) + opts))} --) shift break -- cgit v1.2.3 From ab7e0c879cc0657ea7e25eb95ab89473f38c5507 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:51:07 +0200 Subject: withGetopt: sort getopt arguments --- krebs/5pkgs/simple/withGetopt.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index b7bd40126..7a19ccd29 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -38,18 +38,31 @@ in writeDash wrapper-name '' wrapper_name=${shell.escape wrapper-name} + # TODO + for i in "$@"; do + case $i in + -h|--help) + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + printf ' %-16s %s\n' \ + --${shell.escape opt.long} \ + ${shell.escape (opt.description or "undocumented flag")} + '') opts)} + exit + esac + done + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' unset ${opt.varname} '') opts)} args=$(${utillinux}/bin/getopt \ - -n "$wrapper_name" \ - -o "" \ -l ${shell.escape (concatMapStringsSep "," (opt: opt.long + optionalString (!opt.switch) ":") (filter (opt: opt.long != null) (attrValues opts)))} \ + -n "$wrapper_name" \ + -o "" \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi -- cgit v1.2.3 From 16e6046544378bd5cdac73a9099b1d9d22a712cb Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:59:08 +0200 Subject: withGetopt: support short options --- krebs/5pkgs/simple/withGetopt.nix | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index 7a19ccd29..196e6765a 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -13,6 +13,7 @@ opt-spec: cmd-spec: let opts = mapAttrs (name: value: value // rec { long = value.long or (replaceStrings ["_"] ["-"] name); ref = value.ref or "\"\$${varname}\""; + short = value.short or null; switch = value.switch or false; varname = value.varname or (replaceStrings ["-"] ["_"] name); }) opt-spec; @@ -38,19 +39,6 @@ in writeDash wrapper-name '' wrapper_name=${shell.escape wrapper-name} - # TODO - for i in "$@"; do - case $i in - -h|--help) - ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' - printf ' %-16s %s\n' \ - --${shell.escape opt.long} \ - ${shell.escape (opt.description or "undocumented flag")} - '') opts)} - exit - esac - done - ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' unset ${opt.varname} '') opts)} @@ -62,7 +50,11 @@ in writeDash wrapper-name '' (filter (opt: opt.long != null) (attrValues opts)))} \ -n "$wrapper_name" \ - -o "" \ + -o ${shell.escape + (concatMapStringsSep "" + (opt: opt.short + optionalString (!opt.switch) ":") + (filter (opt: opt.short != null) + (attrValues opts)))} \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi @@ -71,7 +63,10 @@ in writeDash wrapper-name '' while :; do case $1 in ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' - --${opt.long}) + (${concatMapStringsSep "|" shell.escape (filter (x: x != "") [ + (optionalString (opt.long != null) "--${opt.long}") + (optionalString (opt.short != null) "-${opt.short}") + ])}) ${if opt.switch then /* sh */ '' ${opt.varname}=true shift @@ -81,7 +76,7 @@ in writeDash wrapper-name '' ''} ;; '') (filterAttrs - (_: opt: opt.long != null) + (_: opt: opt.long != null || opt.short != null) opts))} --) shift -- cgit v1.2.3 From 3005faecd4f1bbd7fc8d001e8f57d5ac8b38d462 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 21:00:32 +0200 Subject: shell: use withGetopts for parse-target --- shell.nix | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/shell.nix b/shell.nix index 661ac81a8..4b8abed58 100644 --- a/shell.nix +++ b/shell.nix @@ -111,19 +111,13 @@ let # usage: parse-target [--default=TARGET] TARGET # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.writeDash "cmds.parse-target" '' + cmds.parse-target = pkgs.withGetopt { + default_target = { + long = "default"; + short = "d"; + }; + } (opts: pkgs.writeDash "cmds.parse-target" '' set -efu - args=$(${pkgs.utillinux}/bin/getopt -n "$0" -s sh \ - -o d: \ - -l default: \ - -- "$@") - if \test $? != 0; then exit 1; fi - eval set -- "$args" - default_target= - while :; do case $1 in - -d|--default) default_target=$2; shift 2;; - --) shift; break;; - esac; done target=$1; shift for arg; do echo "$0: bad argument: $arg" >&2; done if \test $# != 0; then exit 2; fi @@ -142,7 +136,7 @@ let ($default_target | parse) + ($target | parse | sanitize) | . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } ''} - ''; + ''); # usage: quote [ARGS...] cmds.quote = pkgs.writeDash "cmds.quote" '' -- cgit v1.2.3 From 516603010dfba3d8e3e1d4f7df210ddb99556dfd Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 22:27:16 +0200 Subject: tv cd: final commit --- tv/1systems/cd/config.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix index 341a62e45..e7e2cdc29 100644 --- a/tv/1systems/cd/config.nix +++ b/tv/1systems/cd/config.nix @@ -10,7 +10,8 @@ in { - + # TODO see XXX below + # ]; @@ -33,3 +34,17 @@ in { tcpdump ]; } + +# XXX this should be unnecessary, but when security.wrappers isn't defined, +# then install fails with: +# +# mktemp: failed to create directory via template '/run/wrappers/wrappers.XXXXXXXXXX': No such file or directory +# chmod: missing operand after 'a+rx' +# Try 'chmod --help' for more information. +# ln: failed to create symbolic link './bin': File exists +# cp: cannot create regular file '/run/wrappers/bin/exim': No such file or directory +# chown: cannot access '/run/wrappers/bin/exim': No such file or directory +# chmod: cannot access '/run/wrappers/bin/exim': No such file or directory +# cp: cannot create regular file '/run/wrappers/bin/sendmail': No such file or directory +# chown: cannot access '/run/wrappers/bin/sendmail': No such file or directory +# chmod: cannot access '/run/wrappers/bin/sendmail': No such file or directory -- cgit v1.2.3 From 94c57badae775cb863b76a6c6cb8c11012cd4f83 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 22:28:36 +0200 Subject: tv cd: RIP, thanks for alots of no fish --- krebs/3modules/tv/default.nix | 46 --------------------------------------- tv/1systems/cd/config.nix | 50 ------------------------------------------- tv/1systems/cd/source.nix | 3 --- 3 files changed, 99 deletions(-) delete mode 100644 tv/1systems/cd/config.nix delete mode 100644 tv/1systems/cd/source.nix diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 79fa27bad..e80becfa7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,52 +32,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - cd = { - ci = true; - cores = 2; - extraZones = { - # TODO generate krebsco.de zone from nets and don't use extraZones at all - "krebsco.de" = '' - cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "45.62.237.203"; - aliases = [ - "cd.i" - "cd.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.cd.nets.internet; - ip4.addr = "10.243.113.222"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3"; - aliases = [ - "cd.r" - "cgit.cd.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ - rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 - e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN - sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v - CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 - PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V - LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk - DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW - ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK - jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 - Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; - }; ju = { external = true; nets = { diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix deleted file mode 100644 index e7e2cdc29..000000000 --- a/tv/1systems/cd/config.nix +++ /dev/null @@ -1,50 +0,0 @@ -with import ; -{ config, pkgs, ... }: let - - bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1"; - -in { - krebs.build.host = config.krebs.hosts.cd; - - imports = [ - - - - # TODO see XXX below - # - - ]; - - networking = let - address = config.krebs.build.host.nets.internet.ip4.addr; - in { - defaultGateway = bestGuessGateway address; - interfaces.enp2s1.ip4 = singleton { - inherit address; - prefixLength = 24; - }; - nameservers = ["8.8.8.8"]; - }; - - environment.systemPackages = with pkgs; [ - iftop - iotop - iptables - nethogs - tcpdump - ]; -} - -# XXX this should be unnecessary, but when security.wrappers isn't defined, -# then install fails with: -# -# mktemp: failed to create directory via template '/run/wrappers/wrappers.XXXXXXXXXX': No such file or directory -# chmod: missing operand after 'a+rx' -# Try 'chmod --help' for more information. -# ln: failed to create symbolic link './bin': File exists -# cp: cannot create regular file '/run/wrappers/bin/exim': No such file or directory -# chown: cannot access '/run/wrappers/bin/exim': No such file or directory -# chmod: cannot access '/run/wrappers/bin/exim': No such file or directory -# cp: cannot create regular file '/run/wrappers/bin/sendmail': No such file or directory -# chown: cannot access '/run/wrappers/bin/sendmail': No such file or directory -# chmod: cannot access '/run/wrappers/bin/sendmail': No such file or directory diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix deleted file mode 100644 index 019e8bc22..000000000 --- a/tv/1systems/cd/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "cd"; -} -- cgit v1.2.3 From f4a094d5d431a6f852b71e1c13cb9d8f32fcd590 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 23:18:58 +0200 Subject: tv wu: remove im config --- tv/1systems/wu/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/tv/1systems/wu/config.nix b/tv/1systems/wu/config.nix index 79b5aa269..5c593894a 100644 --- a/tv/1systems/wu/config.nix +++ b/tv/1systems/wu/config.nix @@ -8,7 +8,6 @@ with import ; - -- cgit v1.2.3 From a038ec100d480cb499366d64562369d3654895f7 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 20 Sep 2017 00:47:37 +0200 Subject: tv diff-so-fancy: init at ed8cf17 Based on nixpkgs 28dd1158ff18def37892677a9eef109ce5147b81 --- tv/5pkgs/default.nix | 4 ++++ tv/5pkgs/simple/diff-so-fancy.nix | 48 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 tv/5pkgs/simple/diff-so-fancy.nix diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 8a7a613ba..1796609a9 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -24,6 +24,10 @@ foldl' mergeAttrs {} "$@" ''; + gitAndTools = super.gitAndTools // { + inherit (self) diff-so-fancy; + }; + ff = self.writeDashBin "ff" '' exec ${self.firefoxWrapper}/bin/firefox "$@" ''; diff --git a/tv/5pkgs/simple/diff-so-fancy.nix b/tv/5pkgs/simple/diff-so-fancy.nix new file mode 100644 index 000000000..9ce6d9234 --- /dev/null +++ b/tv/5pkgs/simple/diff-so-fancy.nix @@ -0,0 +1,48 @@ +{stdenv, git, perl, ncurses, coreutils, fetchFromGitHub, makeWrapper, ...}: + +stdenv.mkDerivation rec { + name = "diff-so-fancy-${version}"; + version = "ed8cf17"; + + src = fetchFromGitHub { + owner = "so-fancy"; + repo = "diff-so-fancy"; + rev = "ed8cf1763d38bdd79ceb55a73b9ce7e30f1e184d"; + sha256 = "176qn0w2rn6mr5ymvkblyiznqq7yyibfsnnjfivcyhz69w6yr9r9"; + }; + + # Perl is needed here for patchShebangs + nativeBuildInputs = [ perl makeWrapper ]; + + buildPhase = null; + + installPhase = '' + mkdir -p $out/bin $out/lib/diff-so-fancy + + # diff-so-fancy executable searches for it's library relative to + # itself, so we are copying executable to lib, and only symlink it + # from bin/ + cp diff-so-fancy $out/lib/diff-so-fancy + cp -r lib $out/lib/diff-so-fancy + ln -s $out/lib/diff-so-fancy/diff-so-fancy $out/bin + + # ncurses is needed for `tput` + wrapProgram $out/lib/diff-so-fancy/diff-so-fancy \ + --prefix PATH : "${git}/share/git/contrib/diff-highlight" \ + --prefix PATH : "${git}/bin" \ + --prefix PATH : "${coreutils}/bin" \ + --prefix PATH : "${ncurses.out}/bin" + ''; + + meta = with stdenv.lib; { + homepage = https://github.com/so-fancy/diff-so-fancy; + description = "Good-looking diffs filter for git"; + license = licenses.mit; + platforms = platforms.all; + longDescription = '' + diff-so-fancy builds on the good-lookin' output of git contrib's + diff-highlight to upgrade your diffs' appearances. + ''; + maintainers = with maintainers; [ fpletz ]; + }; +} -- cgit v1.2.3 From 778ce898a2cc97176d26d001687403d2f7660f2a Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 20 Sep 2017 01:17:20 +0200 Subject: rsync-filter, gitignore: ignore TODO --- .gitignore | 1 + .rsync-filter | 1 + 2 files changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 1ce082113..e1c6ef949 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /.graveyard +/TODO diff --git a/.rsync-filter b/.rsync-filter index 364a79864..67ec05fc3 100644 --- a/.rsync-filter +++ b/.rsync-filter @@ -1,3 +1,4 @@ - /.git - /.graveyard +- /TODO P /.version-suffix -- cgit v1.2.3 From 6fed88c5611f71726c82af93d0df0ac4112e9814 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 20 Sep 2017 11:58:04 +0200 Subject: tv q: print just no. of entries in ~ if PWD!=HOME --- tv/5pkgs/simple/q/default.nix | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/tv/5pkgs/simple/q/default.nix b/tv/5pkgs/simple/q/default.nix index 2e7aa5cf2..655c75e1b 100644 --- a/tv/5pkgs/simple/q/default.nix +++ b/tv/5pkgs/simple/q/default.nix @@ -262,7 +262,7 @@ let ''; q-todo = '' - TODO_file=$HOME/TODO + TODO_file=$PWD/TODO if test -e "$TODO_file"; then ${pkgs.coreutils}/bin/cat "$TODO_file" \ | ${pkgs.gawk}/bin/gawk -v now=$(${pkgs.coreutils}/bin/date +%s) ' @@ -294,13 +294,7 @@ in pkgs.writeBashBin "q" '' set -eu export PATH=/var/empty - (${q-todo}) || : - if [ "$PWD" != "$HOME" ]; then - (HOME=$PWD; ${q-todo}) || : - fi - echo ${q-cal} - echo ${q-isodate} ${q-sgtdate} (${q-gitdir}) & @@ -311,4 +305,14 @@ pkgs.writeBashBin "q" '' (${q-online}) & (${q-thermal_zone}) & wait + if test "$PWD" != "$HOME" && test -e "$HOME/TODO"; then + TODO_home_entries=$(cd; (${q-todo}) | ${pkgs.coreutils}/bin/wc -l) + if test "$TODO_home_entries" = 1; then + TODO_format='There is %d entry in ~/TODO' + else + TODO_format='There are %d entries in ~/TODO' + fi + printf "\x1b[38;5;238m$TODO_format\x1b[m\n" "$TODO_home_entries" + fi + (${q-todo}) || : '' -- cgit v1.2.3 From 82f459f7aeb4bc151a998308046431dd194160f8 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 20 Sep 2017 12:38:03 +0200 Subject: tv backup: RIP cd --- tv/2configs/backup.nix | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tv/2configs/backup.nix b/tv/2configs/backup.nix index 46e3f70f2..f76fb2e01 100644 --- a/tv/2configs/backup.nix +++ b/tv/2configs/backup.nix @@ -52,12 +52,6 @@ with import ; dst = { host = config.krebs.hosts.zu; path = "/bku/xu-home"; }; startAt = "06:20"; }; - xu-pull-cd-home = { - method = "pull"; - src = { host = config.krebs.hosts.cd; path = "/home"; }; - dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; }; - startAt = "07:00"; - }; xu-pull-ni-ejabberd = { method = "pull"; src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; @@ -76,12 +70,6 @@ with import ; dst = { host = config.krebs.hosts.xu; path = "/bku/zu-home"; }; startAt = "05:00"; }; - zu-pull-cd-home = { - method = "pull"; - src = { host = config.krebs.hosts.cd; path = "/home"; }; - dst = { host = config.krebs.hosts.zu; path = "/bku/cd-home"; }; - startAt = "06:30"; - }; zu-pull-ni-ejabberd = { method = "pull"; src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; }; -- cgit v1.2.3 From 124a6a9a9ad29bf8b972cfc5c34ae6b8e0ce5c70 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Sep 2017 18:16:56 +0200 Subject: l: add termite keybinding --- lass/2configs/baseX.nix | 1 + lass/5pkgs/xmonad-lass.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 0e0273dcc..f6390ce4d 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -79,6 +79,7 @@ in { youtube-tools rxvt_unicode + termite ]; fonts.fonts = [ diff --git a/lass/5pkgs/xmonad-lass.nix b/lass/5pkgs/xmonad-lass.nix index bf737dc5e..0a2945c21 100644 --- a/lass/5pkgs/xmonad-lass.nix +++ b/lass/5pkgs/xmonad-lass.nix @@ -115,6 +115,7 @@ myKeyMap = , ("M4-", toggleWS) , ("M4-S-", spawn urxvtcPath) , ("M4-x", floatNext True >> spawn urxvtcPath) + , ("M4-c", floatNext True >> spawn "${pkgs.termite}/bin/termite") , ("M4-f", floatNext True) , ("M4-b", sendMessage ToggleStruts) -- cgit v1.2.3 From e1aa52d4d114d796ae10b3d978b0646aa67fc0b1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Sep 2017 18:17:19 +0200 Subject: l pkgs.acronym: follow redirects --- lass/5pkgs/acronym/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/5pkgs/acronym/default.nix b/lass/5pkgs/acronym/default.nix index 9f6f95587..8380b220a 100644 --- a/lass/5pkgs/acronym/default.nix +++ b/lass/5pkgs/acronym/default.nix @@ -6,7 +6,7 @@ pkgs.writeScriptBin "acronym" '' acro=$1 - curl -s http://www.acronymfinder.com/$acro.html \ + curl -L -s http://www.acronymfinder.com/$acro.html \ | grep 'class="result-list__body__rank"' \ | sed ' s/.*title="\([^"]*\)".*/\1/ -- cgit v1.2.3 From c37c568baaa369b218b7e85a48e93725f2725371 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 21 Sep 2017 02:09:17 +0200 Subject: ma pkgs.beef: init (broken state) --- makefu/5pkgs/beef/Gemfile | 97 +++++++++ makefu/5pkgs/beef/Gemfile.lock | 139 ++++++++++++ makefu/5pkgs/beef/default.nix | 37 ++++ makefu/5pkgs/beef/gemset.nix | 475 +++++++++++++++++++++++++++++++++++++++++ makefu/5pkgs/beef/shell.nix | 16 ++ 5 files changed, 764 insertions(+) create mode 100644 makefu/5pkgs/beef/Gemfile create mode 100644 makefu/5pkgs/beef/Gemfile.lock create mode 100644 makefu/5pkgs/beef/default.nix create mode 100644 makefu/5pkgs/beef/gemset.nix create mode 100644 makefu/5pkgs/beef/shell.nix diff --git a/makefu/5pkgs/beef/Gemfile b/makefu/5pkgs/beef/Gemfile new file mode 100644 index 000000000..1420feffd --- /dev/null +++ b/makefu/5pkgs/beef/Gemfile @@ -0,0 +1,97 @@ +# BeEF's Gemfile + +# +# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +gem 'eventmachine' +gem 'thin' +gem 'sinatra' +gem 'rack', '~> 1.6.5' +gem 'em-websocket' # WebSocket support +gem 'uglifier' +gem 'mime-types' +gem 'execjs' +gem 'ansi' +gem 'term-ansicolor', :require => 'term/ansicolor' +gem 'dm-core' +gem 'json' +gem 'data_objects' +gem 'rubyzip', '>= 1.2.1' +gem 'espeak-ruby', '>= 1.0.4' # Text-to-Voice +gem 'nokogiri', '>= 1.7' + +gem 'therubyracer' + +# SQLite support +group :sqlite do + gem 'dm-sqlite-adapter' +end + +# PostgreSQL support +group :postgres do + #gem dm-postgres-adapter +end + +# MySQL support +group :mysql do + #gem dm-mysql-adapter +end + +# Geolocation support +group :geoip do + gem 'geoip' +end + +gem 'parseconfig' +gem 'erubis' +gem 'dm-migrations' + +# Metasploit Integration extension +group :ext_msf do + gem 'msfrpc-client' +end + +# Twitter Notifications extension +group :ext_twitter do + #gem 'twitter', '>= 5.0.0' +end + +# DNS extension +group :ext_dns do + gem 'rubydns', '~> 0.7.3' +end + +# network extension +group :ext_network do + gem 'dm-serializer' +end + +# QRcode extension +group :ext_qrcode do + gem 'qr4r' +end + +# For running unit tests +group :test do +if ENV['BEEF_TEST'] + gem 'rake' + gem 'test-unit' + gem 'test-unit-full' + gem 'curb' + gem 'selenium' + gem 'selenium-webdriver' + gem 'rspec' + gem 'bundler-audit' + # nokogirl is needed by capybara which may require one of the below commands + # sudo apt-get install libxslt-dev libxml2-dev + # sudo port install libxml2 libxslt + gem 'capybara' + # RESTful API tests/generic command module tests + gem 'rest-client', '>= 2.0.1' +end +end + +source 'https://rubygems.org' diff --git a/makefu/5pkgs/beef/Gemfile.lock b/makefu/5pkgs/beef/Gemfile.lock new file mode 100644 index 000000000..d2e6ad45e --- /dev/null +++ b/makefu/5pkgs/beef/Gemfile.lock @@ -0,0 +1,139 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) + ansi (1.5.0) + chunky_png (1.3.8) + daemons (1.2.4) + data_objects (0.10.17) + addressable (~> 2.1) + dm-core (1.2.1) + addressable (~> 2.3) + dm-do-adapter (1.2.0) + data_objects (~> 0.10.6) + dm-core (~> 1.2.0) + dm-migrations (1.2.0) + dm-core (~> 1.2.0) + dm-serializer (1.2.2) + dm-core (~> 1.2.0) + fastercsv (~> 1.5) + json (~> 1.6) + json_pure (~> 1.6) + multi_json (~> 1.0) + dm-sqlite-adapter (1.2.0) + dm-do-adapter (~> 1.2.0) + do_sqlite3 (~> 0.10.6) + do_sqlite3 (0.10.17) + data_objects (= 0.10.17) + em-websocket (0.5.1) + eventmachine (>= 0.12.9) + http_parser.rb (~> 0.6.0) + erubis (2.7.0) + espeak-ruby (1.0.4) + eventmachine (1.0.9.1) + execjs (2.7.0) + fastercsv (1.5.5) + filesize (0.1.1) + geoip (1.6.3) + http_parser.rb (0.6.0) + jsobfu (0.4.2) + rkelly-remix + json (1.8.6) + json_pure (1.8.6) + libv8 (3.16.14.19) + metasm (1.0.3) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) + mini_portile2 (2.3.0) + mojo_magick (0.5.6) + msfrpc-client (1.1.1) + msgpack (~> 1) + rex (~> 2) + msgpack (1.1.0) + multi_json (1.12.2) + nokogiri (1.8.1) + mini_portile2 (~> 2.3.0) + parseconfig (1.0.8) + public_suffix (3.0.0) + qr4r (0.4.1) + mojo_magick + rqrcode + rack (1.6.8) + rack-protection (1.5.3) + rack + rainbow (2.2.2) + rake + rake (12.1.0) + rb-readline (0.5.5) + ref (2.0.0) + rex (2.0.11) + filesize + jsobfu (~> 0.4.1) + json + metasm (~> 1.0.2) + nokogiri + rb-readline + robots + rexec (1.6.3) + rainbow + rkelly-remix (0.0.7) + robots (0.10.1) + rqrcode (0.10.1) + chunky_png (~> 1.0) + rubydns (0.7.3) + eventmachine (~> 1.0.0) + rexec (~> 1.6.2) + rubyzip (1.2.1) + sinatra (1.4.8) + rack (~> 1.5) + rack-protection (~> 1.4) + tilt (>= 1.3, < 3) + term-ansicolor (1.6.0) + tins (~> 1.0) + therubyracer (0.12.3) + libv8 (~> 3.16.14.15) + ref + thin (1.7.2) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) + tilt (2.0.8) + tins (1.15.0) + uglifier (3.2.0) + execjs (>= 0.3.0, < 3) + +PLATFORMS + ruby + +DEPENDENCIES + ansi + data_objects + dm-core + dm-migrations + dm-serializer + dm-sqlite-adapter + em-websocket + erubis + espeak-ruby (>= 1.0.4) + eventmachine + execjs + geoip + json + mime-types + msfrpc-client + nokogiri (>= 1.7) + parseconfig + qr4r + rack (~> 1.6.5) + rubydns (~> 0.7.3) + rubyzip (>= 1.2.1) + sinatra + term-ansicolor + therubyracer + thin + uglifier + +BUNDLED WITH + 1.15.4 diff --git a/makefu/5pkgs/beef/default.nix b/makefu/5pkgs/beef/default.nix new file mode 100644 index 000000000..82540cde9 --- /dev/null +++ b/makefu/5pkgs/beef/default.nix @@ -0,0 +1,37 @@ +{ stdenv, bundlerEnv, ruby, fetchFromGitHub }: +# nix-shell --command "bundler install && bundix" in the clone, copy gemset.nix, Gemfile and Gemfile.lock +let + gems = bundlerEnv { + name = "beef-env"; + inherit ruby; + gemdir = ./.; + }; +in stdenv.mkDerivation { + name = "beef-2017-09-21"; + src = fetchFromGitHub { + owner = "beefproject"; + repo = "beef"; + rev = "69aa2a3"; + sha256 = "1rky61i0wzpwcq3kqfa0m5hf6wyz8q8jgzs7dpfh04w9qh32ic4p"; + }; + buildInputs = [gems ruby]; + installPhase = '' + mkdir -p $out/{bin,share/beef} + + cp -r * $out/share/beef + # set the default db path, unfortunately setting to /tmp does not seem to work + # sed -i 's#db_file: .*#db_file: "/tmp/beef.db"#' $out/share/beef/config.yaml + + bin=$out/bin/beef + cat > $bin < {}; +stdenv.mkDerivation { + name = "env"; + buildInputs = [ + ruby.devEnv + git + sqlite + libpcap + postgresql + libxml2 + libxslt + pkgconfig + bundix + ]; +} -- cgit v1.2.3 From 0075549f344aba535797f26c9fb1e805065973f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Sep 2017 08:43:53 +0200 Subject: l nixpkgs: d151161 -> 2d3b4fe --- lass/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/source.nix b/lass/source.nix index 01631bef1..9cc08299b 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -15,7 +15,7 @@ in # 87a4615 & 334ac4f # + acme permissions for groups # fd7a8f1 - ref = "d151161"; + ref = "2d3b4fe"; }; secrets.file = getAttr builder { buildbot = toString ; -- cgit v1.2.3 From d2c388ce3928764a78e4158162cb64ce3b5e43ce Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Sep 2017 20:59:38 +0200 Subject: iana-etc module: init --- krebs/3modules/default.nix | 1 + krebs/3modules/iana-etc.nix | 55 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 krebs/3modules/iana-etc.nix diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 42df3f053..48cf7971b 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -24,6 +24,7 @@ let ./go.nix ./hidden-ssh.nix ./htgen.nix + ./iana-etc.nix ./iptables.nix ./kapacitor.nix ./monit.nix diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix new file mode 100644 index 000000000..f6d47f27e --- /dev/null +++ b/krebs/3modules/iana-etc.nix @@ -0,0 +1,55 @@ +with import ; +{ config, pkgs, ... }: { + + options.krebs.iana-etc.services = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + port = mkOption { + default = config._module.args.name; + type = types.addCheck types.str (test "[1-9][0-9]*"); + }; + } // genAttrs ["tcp" "udp"] (protocol: mkOption { + default = null; + type = types.nullOr (types.submodule { + options = { + name = mkOption { + type = types.str; + }; + }; + }); + }); + })); + }; + + config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) { + services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} '' + exec < ${pkgs.iana_etc}/etc/services + exec > $out + awk -F '[ /]+' ' + BEGIN { + port=0 + } + ${concatMapStringsSep "\n" (entry: '' + $2 == ${entry.port} { + port=$2 + next + } + port == ${entry.port} { + ${concatMapStringsSep "\n" + (proto: let + s = "${entry.${proto}.name} ${entry.port}/${proto}"; + in + "print ${toJSON s}") + (filter (proto: entry.${proto} != null) ["tcp" "udp"])} + port=0 + } + '') (attrValues config.krebs.iana-etc.services)} + { + print $0 + } + ' + ''); + }; + +} -- cgit v1.2.3 From 43b891ef00b10a4aa574e77b58773b0f2e7d15b4 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Sep 2017 21:06:38 +0200 Subject: tv modules: s/_:// --- tv/3modules/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/tv/3modules/default.nix b/tv/3modules/default.nix index 57ffbfab8..493cc8b72 100644 --- a/tv/3modules/default.nix +++ b/tv/3modules/default.nix @@ -1,5 +1,3 @@ -_: - { imports = [ ./charybdis -- cgit v1.2.3 From 79df0635690a7e8457b3d4fa509be75b8f344146 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Sep 2017 21:08:34 +0200 Subject: shell: inline utils.deploy --- shell.nix | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/shell.nix b/shell.nix index 4b8abed58..c9b197a26 100644 --- a/shell.nix +++ b/shell.nix @@ -22,7 +22,12 @@ let . ${init.env} . ${init.proxy opts} - exec ${utils.deploy} + # Use system's nixos-rebuild, which is not self-contained + export PATH=/run/current-system/sw/bin + exec ${utils.with-whatsupnix} \ + nixos-rebuild switch \ + --show-trace \ + -I "$target_path" ''); cmds.install = pkgs.withGetopt { @@ -205,16 +210,6 @@ let -I "$target_path" \ ''; - utils.deploy = pkgs.writeDash "utils.deploy" '' - set -efu - # Use system's nixos-rebuild, which is not self-contained - export PATH=/run/current-system/sw/bin - ${utils.with-whatsupnix} \ - nixos-rebuild switch \ - --show-trace \ - -I "$target_path" - ''; - utils.with-whatsupnix = pkgs.writeDash "utils.with-whatsupnix" '' set -efu if \test "$quiet" = true; then -- cgit v1.2.3 From 457f2f134587e10e386fb76e9d8c571dfe4490ec Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 21 Sep 2017 23:36:34 +0200 Subject: git-preview: init --- krebs/5pkgs/simple/git-preview/default.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 krebs/5pkgs/simple/git-preview/default.nix diff --git a/krebs/5pkgs/simple/git-preview/default.nix b/krebs/5pkgs/simple/git-preview/default.nix new file mode 100644 index 000000000..f20f2a636 --- /dev/null +++ b/krebs/5pkgs/simple/git-preview/default.nix @@ -0,0 +1,15 @@ +{ coreutils, git, stdenv, writeDashBin }: + +writeDashBin "git-preview" '' + PATH=${stdenv.lib.makeBinPath [ + coreutils + git + ]}''${PATH+:$PATH} + hashes=$(git log --format=%h "..$1") + end=$(echo "$hashes" | head -1) + start=$(echo "$hashes" | tail -1) + # exit if no diff was found + test -z "$start" && exit 0 + shift + git diff "$start^..$end" "$@" +'' -- cgit v1.2.3 From ea0b2cca51106bc7e92f36017bb3dc3ecdcc085e Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 22 Sep 2017 00:18:15 +0200 Subject: git-preview: init --- krebs/5pkgs/simple/git-preview.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 krebs/5pkgs/simple/git-preview.nix diff --git a/krebs/5pkgs/simple/git-preview.nix b/krebs/5pkgs/simple/git-preview.nix new file mode 100644 index 000000000..d6c9579a7 --- /dev/null +++ b/krebs/5pkgs/simple/git-preview.nix @@ -0,0 +1,17 @@ +{ coreutils, git, writeDashBin }: + +writeDashBin "git-preview" '' + set -efu + head_commit=$(${git}/bin/git log -1 --format=%H) + merge_commit=$1; shift + merge_message='Merge for git-preview' + preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX) + preview_branch=$(${coreutils}/bin/basename "$preview_dir") + ${git}/bin/git worktree add -b "$preview_branch" "$preview_dir" >/dev/null + ${git}/bin/git -C "$preview_dir" checkout "$head_commit" + ${git}/bin/git -C "$preview_dir" merge -m "$merge_message" "$merge_commit" + ${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@" & + ${git}/bin/git branch -fd "$preview_branch" + ${coreutils}/bin/rm -fR "$preview_dir" + wait +'' -- cgit v1.2.3 From aa8f67903971b2786608567e63f168826122d14e Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 23 Sep 2017 15:23:15 +0200 Subject: ma urlwatch: add sqlalchemy_migrate --- makefu/2configs/urlwatch/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 47b5d7fc3..1434f1bf0 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -24,8 +24,10 @@ in { # pypi https://pypi.python.org/simple/bepasty/ - https://pypi.python.org/simple/xstatic/ https://pypi.python.org/simple/devpi-client/ + https://pypi.python.org/simple/oslo.config/ + https://pypi.python.org/simple/sqlalchemy_migrate/ + https://pypi.python.org/simple/xstatic/ # weird shit http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ -- cgit v1.2.3 From bbced2ea622d97aa14f8b9bf6a75748d7d51da53 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 25 Sep 2017 12:00:29 +0200 Subject: mv nixpkgs: 56da88a -> 3d04a55 --- mv/source.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mv/source.nix b/mv/source.nix index aa2b13fd8..5dea13e73 100644 --- a/mv/source.nix +++ b/mv/source.nix @@ -10,7 +10,7 @@ in nixos-config.symlink = "stockholm/mv/1systems/${name}/config.nix"; nixpkgs.git = { # nixos-17.03 - ref = mkDefault "56da88a298a6f549701a10bb12072804a1ebfbd5"; + ref = mkDefault "3d04a557b72aa0987d9bf079e1445280b6bfd907"; url = https://github.com/NixOS/nixpkgs; }; secrets.file = getAttr builder { -- cgit v1.2.3 From 0701b6ad80beb42ad3c93a4d191a108ff7ae61ee Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 25 Sep 2017 19:17:50 +0200 Subject: l hosts: add eddie & borg (Mic92) --- krebs/3modules/lass/default.nix | 53 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ce19c0a05..4a1fe5e8f 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -381,6 +381,59 @@ with import ; }; }; }; + eddie = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.170"; + ip6.addr = "42:4992:6a6d:700::1"; + aliases = [ "eddie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAuRQphRlSIC/aqRTfvStPdJOJCx1ACeFIDEjRdgoxuu32qoBl7i6d + j7Voh+Msditf2a5+f0fVsNDaPnjPGfk0NkZBjmn+RZQDRXk0krpTNj2Vb6W5quTm + 3yrjJMFJR9CU5khfppc47X+ir8bjn7RusWTFNEuDvUswHmRmnJHLS3Y+utOaRbCF + 2hxpyxCn423gpsaBfORPEK8X90nPbuNpFDugWPnC+R45TpNmIf4qyKvfhd9OKrua + KNanGHG30xhBW/DclUwwWi8D44d94xFnIRVcG1O+Uto93WoUWZn90lI1qywSj5Aq + iWstBK4tc7VwvAj0UzPlaRYYPfFjOEkPQzj8xC6l/leJcgxkup252uo6m1njMx3t + 6QWMgevjqosY22OZReZfIwb14aDWFKLTWs30J+zmWK4TjlRITdsOEKxlpODMbJAD + kfSoPwuwkWIzFhNOrFiD/NtKaRYmV8bTBCT3a9cvvObshJx13BP+IUFzBS1N1n/u + hJWYH5WFsQZn/8rHDwZGkS1zKPEaNoydjqCZNyJpJ5nhggyl6gpuD7wpXM/8tFay + pAjRP40+qRQLUWXmswV0hsZTOX1tvZs4f68y3WJ+GwCWw9HvvwmzYes5ayJrPsbJ + lyK301Jb42wGEsVWxu3Eo/PLtp8OdD+Wdh6o/ELcc0k/YCUGFMujUM8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + borg = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.171"; + ip6.addr = "42:4992:6a6d:700::2"; + aliases = [ "borg.r" ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bHZApTM7Hl4qqNakSwq + bt7zJoTVK9ePoC3Mue1VmJ1mCKMaxKdzlO31kPeHtkilAzgyIJdgikyKFlApGsQL + aIuU9h55X7TbikoDD6ghbSrAe3Pgc+sJ3OZ7wO7Qb8CKgJvEbkk/u68YiJgyTjYD + HNjIQzlsGdpoSke9vwC8qWanfgN7c2MMGtakqfXDjYjCgp7O43i+SMupkMSXIXMA + 5XUFh/vVp6xgPxBofcw0uQIyZ5v4PPFjnGPm4rnMbFzbhubntHjDadwGd5Niyw4O + zNNKNchTLfNiuNGqTZeYd0kJ5fNMKykhpSs+ou34MvexvpuyPlFuotnPXN/nOMml + 3nwiqzthzPuBZRLswxT0WvlA8wlbeTOKJ0wTIR4dDuAF+euDtoNocVEN5PJNc7yN + fmwAV6geESoJbZQMSCtAp1NioaBlRPp1pFfoM/GotHywuFrTIxyoIBiYhkpWyQvq + WYw5j13IKqkL7jDchhoBmcardmh+AP5bL3uQ84BgaYNwFzHp04qIRrrdpF0eMaHB + /8zaqsNLn4/zQJB5ffkelwoIqfvLPQeCMLzHGHgP5xUnWgmZZGiiDLvhuaMeNq4U + EpCKoTL178sPOgNfHfd8mEqx0qKYuPrNQEdlpa5xOZqwx56pfYpGWY+KtF2FHLhS + iO64GCJqCi1MKBYx/NhaxKMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { -- cgit v1.2.3 From 1514a6502dfeed739a4752652ca5437222110375 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Sep 2017 00:22:53 +0200 Subject: puyak.r: enable fan control --- krebs/1systems/puyak/config.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 978bd18e0..cca8850fa 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -65,7 +65,12 @@ ''; environment.systemPackages = [ pkgs.zsh ]; - boot.kernelModules = [ "kvm-intel" ]; + boot = { + kernelModules = [ "kvm-intel" ]; + extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; + } users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; -- cgit v1.2.3 From f1d2f346a3c1bf9df0dda32a5b797169dcb88620 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 26 Sep 2017 00:24:30 +0200 Subject: puyak.r: fan speed to 11 --- krebs/1systems/puyak/config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index cca8850fa..444bf383c 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -71,6 +71,10 @@ options thinkpad_acpi fan_control=1 ''; } + + system.activationScripts."disengage fancontrol" = '' + echo level disengaged > /proc/acpi/ibm/fan + ''; users.users.joerg = { openssh.authorizedKeys.keys = [ config.krebs.users.Mic92.pubkey ]; isNormalUser = true; -- cgit v1.2.3 From 39ce46938dda0a6afd57cd11843be5867c7bab66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 26 Sep 2017 23:21:56 +0200 Subject: l hosts: add inspector (Mic92) --- krebs/3modules/lass/default.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4a1fe5e8f..4bfbdea41 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -434,6 +434,32 @@ with import ; }; }; }; + inspector = { + ci = false; + external = true; + nets = { + retiolum = { + ip4.addr = "10.243.29.172"; + ip6.addr = "fd42:4992:6a6d:800::1"; + aliases = [ "inspector.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAr3l/u7qcxmFa2hUICU3oPDhB2ij2R3lKHyjSsVFVLNfl6TpOdppG + EDXOapeXL0s+PfBRHdRI3v/dibj4PG9eyKmFxsUJ2gRz4ghb1UE23aQ3pkr3x8sZ + 7GR+nJYATYf+jolFF9O1x+f0Uo5xaYWkGOMH8wVVzm6+kcsZOYuTEbJAsbTRZywF + m1MdRfk54hLiDsj2rjGRZIR+ZfUKVs2MTWOLCpBAHLJK+r3HfUiR2nAgeNkJCFLw + WIir1ftDIViT3Ly6b7enaOkVZ695FNYdPWFZCE4AJI0s9wsbMClzUqCl+0mUkumd + eRXgWXkmvBsxR4GECnxUhxs6U8Wh3kbQavvemt4vcIKNhkw32+toYc1AFK/n4G03 + OUJBbRqgJYx9wIvo8PEu4DTTdsPlQZnMwiaKsn+Gi4Ap6JAnG/iLN8sChoQf7Dau + ARZA3sf9CkKx5sZ+9dVrLbzGynKE18Z/ysvf1BLd/rVVOps1B/YRBxDwPj8MZJ0x + B7b0j+hRVV5palp3RRdcExuWaBrMQQGsXwLUZOFHJJaZUHF9XRdy+5XVJdNOArkG + q1+yGhosL1DLTQE/VwCxmBHyYTr3L7yZ2lSaeWdIeYvcRvouDROUjREVFrQjdqwj + 7vIP1cvDxSSqA07h/xEC4YZKACBYc/PI2mqYK5dvAUG3mGrEsjHktPUCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { lass = { -- cgit v1.2.3 From 18d0d7df819a82c97965cc6ab5756f0a7894f081 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Sep 2017 00:03:50 +0200 Subject: ma pkgs.drozer: remove dots --- makefu/5pkgs/drozer/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix index f91d5b984..885777be4 100644 --- a/makefu/5pkgs/drozer/default.nix +++ b/makefu/5pkgs/drozer/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7, ... }: +{ pkgs, lib, fetchFromGitHub, pythonPackages, jre7, jdk7 }: pythonPackages.buildPythonApplication rec { name = "drozer-${version}"; -- cgit v1.2.3 From 9a393c4fc049a99f42a11812f6094e95d43da905 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 28 Sep 2017 19:36:10 +0200 Subject: l hosts: fix inspector ipv6 (Mic92) --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 4bfbdea41..ca3c8b45b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -440,7 +440,7 @@ with import ; nets = { retiolum = { ip4.addr = "10.243.29.172"; - ip6.addr = "fd42:4992:6a6d:800::1"; + ip6.addr = "42:4992:6a6d:800::1"; aliases = [ "inspector.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From ba907218ef263c3f0653ceac657796389709bc12 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 00:16:36 +0200 Subject: ma pkgs.esptool: 2.0 -> 2.1 --- makefu/5pkgs/esptool/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix index 84bb232cd..4e0d29e19 100644 --- a/makefu/5pkgs/esptool/default.nix +++ b/makefu/5pkgs/esptool/default.nix @@ -13,20 +13,19 @@ let doCheck = false; }; in -buildPythonPackage rec { - name = "esptool-${version}"; - version = "2.0beta2"; + buildPythonPackage rec { + name = "${pname}-${version}"; + pname = "esptool"; + version = "2.1"; propagatedBuildInputs = [ pyserial flake8 ecdsa pyaes ]; - src = fetchFromGitHub { - owner = "themadinventor"; - repo = "esptool"; - rev = "v${version}"; - sha256 = "0n96pyi1k4qlyfqk5k7xpgq8726wz74qvd3gqjg0bpsl3wr7l94i"; + src = fetchPypi { + inherit pname version; + sha256 = "08g393fiqhanixzjbs54pqr6xk1a4dsfaddw7gdwfvp3kvwdn2fp"; }; doCheck = false; -} + } -- cgit v1.2.3 From f7b367e96d5ed1ee76b1f9d048a7915e3da4e653 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 10:04:56 +0200 Subject: ma udpt,esptool: now in upstream --- makefu/5pkgs/esptool/default.nix | 31 ------------------------------- makefu/5pkgs/udpt/default.nix | 29 ----------------------------- 2 files changed, 60 deletions(-) delete mode 100644 makefu/5pkgs/esptool/default.nix delete mode 100644 makefu/5pkgs/udpt/default.nix diff --git a/makefu/5pkgs/esptool/default.nix b/makefu/5pkgs/esptool/default.nix deleted file mode 100644 index 4e0d29e19..000000000 --- a/makefu/5pkgs/esptool/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, fetchFromGitHub, ... }: -with pkgs.python2Packages; -let - pyaes = buildPythonPackage rec { - name = "pyaes-${version}"; - version = "1.6.0"; - src = fetchFromGitHub { - owner = "ricmoo"; - repo = "pyaes"; - rev = "v${version}"; - sha256 = "04934a9zgwc8g3qhfrkcfv0bs557paigllnkrnfhp9m1azr3bfqb"; - }; - doCheck = false; - }; -in - buildPythonPackage rec { - name = "${pname}-${version}"; - pname = "esptool"; - version = "2.1"; - propagatedBuildInputs = [ - pyserial - flake8 - ecdsa - pyaes - ]; - src = fetchPypi { - inherit pname version; - sha256 = "08g393fiqhanixzjbs54pqr6xk1a4dsfaddw7gdwfvp3kvwdn2fp"; - }; - doCheck = false; - } diff --git a/makefu/5pkgs/udpt/default.nix b/makefu/5pkgs/udpt/default.nix deleted file mode 100644 index 99bcac18b..000000000 --- a/makefu/5pkgs/udpt/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ stdenv, boost, sqlite, fetchFromGitHub }: - -stdenv.mkDerivation rec { - proj = "udpt"; - name = "udpt-${rev}"; - rev = "0790558"; - - enableParallelBuilding = true; - - src = fetchFromGitHub { - owner = "naim94a"; - repo = "udpt"; - inherit rev; - sha256 = "0rgkjwvnqwbnqy7pm3dk176d3plb5lypaf12533yr0yfzcp6gnzk"; - }; - buildInputs = [ boost sqlite ]; - installPhase = '' - mkdir -p $out/bin $out/etc/ - cp udpt $out/bin - cp udpt.conf $out/etc/ - ''; - meta = { - description = "udp tracker"; - homepage = https://github.com/naim94a/udpt; - license = stdenv.lib.licenses.gpl3; - platforms = stdenv.lib.platforms.linux; - maintainers = with stdenv.lib.maintainers; [ makefu ]; - }; -} -- cgit v1.2.3 From 6dfe071664136790b7d62bf062e090722997372f Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Sep 2017 11:07:07 +0200 Subject: pkgs.weechat: RIP --- krebs/5pkgs/simple/weechat/default.nix | 80 ---------------------------------- 1 file changed, 80 deletions(-) delete mode 100644 krebs/5pkgs/simple/weechat/default.nix diff --git a/krebs/5pkgs/simple/weechat/default.nix b/krebs/5pkgs/simple/weechat/default.nix deleted file mode 100644 index c703ca8bf..000000000 --- a/krebs/5pkgs/simple/weechat/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ stdenv, fetchurl, ncurses, openssl, aspell, gnutls -, zlib, curl , pkgconfig, libgcrypt -, cmake, makeWrapper, libiconv -, asciidoctor # manpages -, guileSupport ? true, guile -, luaSupport ? true, lua5 -, perlSupport ? true, perl -, pythonPackages -, rubySupport ? true, ruby -, tclSupport ? true, tcl -, extraBuildInputs ? [] }: - -assert guileSupport -> guile != null; -assert luaSupport -> lua5 != null; -assert perlSupport -> perl != null; -assert rubySupport -> ruby != null; -assert tclSupport -> tcl != null; - -let - inherit (pythonPackages) python pycrypto pync; -in - -stdenv.mkDerivation rec { - version = "1.8"; - name = "weechat-${version}"; - - src = fetchurl { - url = "http://weechat.org/files/src/weechat-${version}.tar.bz2"; - sha256 = "10km0437lg9ms6f16h20s89l2w9f9g597rykybxb16s95ql48z08"; - }; - - outputs = [ "out" "doc" ]; - - enableParallelBuilding = true; - cmakeFlags = with stdenv.lib; [ - "-DENABLE_MAN=ON" - "-DENABLE_DOC=ON" - ] - ++ optionals stdenv.isDarwin ["-DICONV_LIBRARY=${libiconv}/lib/libiconv.dylib" "-DCMAKE_FIND_FRAMEWORK=LAST"] - ++ optional (!guileSupport) "-DENABLE_GUILE=OFF" - ++ optional (!luaSupport) "-DENABLE_LUA=OFF" - ++ optional (!perlSupport) "-DENABLE_PERL=OFF" - ++ optional (!rubySupport) "-DENABLE_RUBY=OFF" - ++ optional (!tclSupport) "-DENABLE_TCL=OFF" - ; - - buildInputs = with stdenv.lib; [ - ncurses python openssl aspell gnutls zlib curl pkgconfig - libgcrypt pycrypto makeWrapper - cmake - asciidoctor - ] - ++ optional guileSupport guile - ++ optional luaSupport lua5 - ++ optional perlSupport perl - ++ optional rubySupport ruby - ++ optional tclSupport tcl - ++ extraBuildInputs; - - NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix}" - # Fix '_res_9_init: undefined symbol' error - + (stdenv.lib.optionalString stdenv.isDarwin "-DBIND_8_COMPAT=1 -lresolv"); - - postInstall = with stdenv.lib; '' - NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages" - wrapProgram "$out/bin/weechat" \ - ${optionalString perlSupport "--prefix PATH : ${perl}/bin"} \ - --prefix PATH : ${pythonPackages.python}/bin \ - --prefix PYTHONPATH : "$PYTHONPATH" \ - --prefix PYTHONPATH : "$NIX_PYTHONPATH" - ''; - - meta = { - homepage = http://www.weechat.org/; - description = "A fast, light and extensible chat client"; - license = stdenv.lib.licenses.gpl3; - maintainers = with stdenv.lib.maintainers; [ lovek323 garbas the-kenny ]; - platforms = stdenv.lib.platforms.unix; - }; -} -- cgit v1.2.3 From 9d9e9bc3d8087974370e3d62bc05d2332b2efab2 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 14:59:56 +0200 Subject: ma urlwatch: add pyserial,semantic_version --- makefu/2configs/urlwatch/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 1434f1bf0..2eecd6428 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -28,6 +28,8 @@ in { https://pypi.python.org/simple/oslo.config/ https://pypi.python.org/simple/sqlalchemy_migrate/ https://pypi.python.org/simple/xstatic/ + https://pypi.python.org/simple/pyserial/ + https://pypi.python.org/simple/semantic_version/ # weird shit http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/ http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ -- cgit v1.2.3 From 37951eed3dd7806f73c40c47ec9cd047ad76c15d Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 29 Sep 2017 20:05:13 +0200 Subject: hw/x220: enable opengl --- krebs/2configs/hw/x220.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index c85bac0d4..44743b87d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -8,6 +8,8 @@ with import ; hardware.cpu.intel.updateMicrocode = true; + hardware.opengl.enable = true; + services.tlp.enable = true; boot = { -- cgit v1.2.3 From 7db4c634fc266d25ac80f2545c6c77d5b4d28708 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:29:26 +0200 Subject: ma latte.r: init --- krebs/3modules/makefu/default.nix | 33 ++++++++++++++++++++++++ makefu/1systems/latte/config.nix | 53 +++++++++++++++++++++++++++++++++++++++ makefu/1systems/latte/source.nix | 3 +++ 3 files changed, 89 insertions(+) create mode 100644 makefu/1systems/latte/config.nix create mode 100644 makefu/1systems/latte/source.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 6e0e876b8..a34c8cd97 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -78,6 +78,37 @@ with import ; }; }; }; + latte = rec { + ci = true; + cores = 1; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrkK1mWfPvfZ9ALC1irGLuzOtMefaGAmGY1VD4dj7K1 latte"; + nets = { + internet = { + ip4.addr = "185.215.224.160"; + aliases = [ + "latte.i" + ]; + }; + retiolum = { + ip4.addr = "10.243.80.249"; + ip6.addr = "42:ecb0:376:b37d:cf47:1ecf:f32b:a3b9"; + aliases = [ + "latte.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU + 5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo + r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf + 43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4 + GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6 + vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; pnp = { ci = true; @@ -460,6 +491,8 @@ with import ; ''; }; }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ZmJSypW3LXIJ67DdbxMxCfLtORFkl5jEuD131S5Tr"; }; gum = rec { diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix new file mode 100644 index 000000000..d532f216f --- /dev/null +++ b/makefu/1systems/latte/config.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: +let + + # external-ip = config.krebs.build.host.nets.internet.ip4.addr; + # internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + # default-gw = "185.215.224.1"; + # prefixLength = 24; + # external-mac = "46:5b:fc:f4:44:c9"; + # ext-if = "et0"; +in { + + imports = [ + + # configure your hw: + + + + + # Security + + + + # Tools + + + + # Services + + + ]; + krebs = { + enable = true; + build.host = config.krebs.hosts.latte; + }; + boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; + + boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.copyKernels = true; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; + networking = { + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedTCPPorts = [ ]; + allowedUDPPorts = [ 655 ]; + }; + # network interface receives dhcp address + nameservers = [ "8.8.8.8" ]; + }; +} diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix new file mode 100644 index 000000000..d997fb3f0 --- /dev/null +++ b/makefu/1systems/latte/source.nix @@ -0,0 +1,3 @@ +import { + name="latte"; +} -- cgit v1.2.3 From d52d28d5d9e96d167490b45e7c96c668d86451c7 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:30:09 +0200 Subject: ma source: bump rev --- makefu/source.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/makefu/source.nix b/makefu/source.nix index fdd367cba..1a5d4a5d7 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,10 +11,13 @@ let then "buildbot" else "makefu"; _file = + "/makefu/1systems/${name}/source.nix"; - ref = "c91346e"; # unstable @ 2017-09-04 - # + graceful requests2 (a772c3aa) - # + mitmproxy fix (eee2d174) + ref = "46cfb36"; # unstable @ 2017-09-04 + # + graceful requests2 (a772c3a) + # + mitmproxy fix (eee2d17) # + tpm-tools fix (5cb9987) + # + dnscrypt-wrapper (25703c3) + # + lass wvstream fix (76f4910,37cc2bc,0d48837) + # + ruby stuff (2f0b17e4be9,55a952be5b5) in evalSource (toString _file) [ -- cgit v1.2.3 From 1e635e4d49ba73e83ce09e25f1f11343f1eb8fc9 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:30:28 +0200 Subject: ma remote-build: init config --- makefu/2configs/remote-build/master.nix | 14 ++++++++++++++ makefu/2configs/remote-build/slave.nix | 11 +++++++++++ 2 files changed, 25 insertions(+) create mode 100644 makefu/2configs/remote-build/master.nix create mode 100644 makefu/2configs/remote-build/slave.nix diff --git a/makefu/2configs/remote-build/master.nix b/makefu/2configs/remote-build/master.nix new file mode 100644 index 000000000..4ad2c5ed8 --- /dev/null +++ b/makefu/2configs/remote-build/master.nix @@ -0,0 +1,14 @@ +{ pkgs, ...}: +let + sshKey = (toString ) + "/id_nixBuild"; +in { + nix.distributedBuilds = true; + # TODO: iterate over krebs.hosts + nix.buildMachines = map ( hostName: + { inherit hostName sshKey; + sshUser = "nixBuild"; + system = "x86_64-linux"; + maxJobs = 1; + }) [ "omo.r" "gum.r" "latte.r" ]; + # puyak.r "wbob.r" +} diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix new file mode 100644 index 000000000..b6e000a34 --- /dev/null +++ b/makefu/2configs/remote-build/slave.nix @@ -0,0 +1,11 @@ +{ + nix.trustedUsers = [ "nixBuild" ]; + users.users.nixBuild = { + name = "nixBuild"; + useDefaultShell = true; + # TODO: put this somewhere else + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" + ]; + }; +} -- cgit v1.2.3 From d0d8d1bb645e28803b43e4e902141d3a4a858ecf Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:30:55 +0200 Subject: ma modules.wvdial: remove (cherry-picked module from lass --- makefu/3modules/default.nix | 1 - makefu/3modules/wvdial.nix | 70 --------------------------------------------- 2 files changed, 71 deletions(-) delete mode 100644 makefu/3modules/wvdial.nix diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index af0e81df5..00df56bee 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -15,7 +15,6 @@ _: ./torrent.nix ./udpt.nix ./umts.nix - ./wvdial.nix ]; } diff --git a/makefu/3modules/wvdial.nix b/makefu/3modules/wvdial.nix deleted file mode 100644 index 982f4a7db..000000000 --- a/makefu/3modules/wvdial.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ config, lib, pkgs, ... }: -# from 17.03/nixos/modules/programs/wvdial.nix - -with lib; - -let - - configFile = '' - [Dialer Defaults] - PPPD PATH = ${pkgs.ppp}/sbin/pppd - ${config.environment.wvdial.dialerDefaults} - ''; - - cfg = config.environment.wvdial; - -in -{ - ###### interface - - options = { - - environment.wvdial = { - - dialerDefaults = mkOption { - default = ""; - type = types.str; - example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''; - description = '' - Contents of the "Dialer Defaults" section of - /etc/wvdial.conf. - ''; - }; - - pppDefaults = mkOption { - default = '' - noipdefault - usepeerdns - defaultroute - persist - noauth - ''; - type = types.str; - description = "Default ppp settings for wvdial."; - }; - - }; - - }; - - ###### implementation - - config = mkIf (cfg.dialerDefaults != "") { - - environment = { - - etc = - [ - { source = pkgs.writeText "wvdial.conf" configFile; - target = "wvdial.conf"; - } - { source = pkgs.writeText "wvdial" cfg.pppDefaults; - target = "ppp/peers/wvdial"; - } - ]; - - }; - - }; - -} -- cgit v1.2.3 From 4875a39aebc2e430bff85e0cb07d76f8d8f77763 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:32:01 +0200 Subject: ma vpn/openvpn-server: retab --- makefu/2configs/vpn/openvpn-server.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/makefu/2configs/vpn/openvpn-server.nix b/makefu/2configs/vpn/openvpn-server.nix index 1e7edbf78..79754264f 100644 --- a/makefu/2configs/vpn/openvpn-server.nix +++ b/makefu/2configs/vpn/openvpn-server.nix @@ -1,13 +1,13 @@ { config, pkgs, ... }: let - out-itf = config.makefu.server.primary-itf; - # generate via openvpn --genkey --secret static.key - client-key = (toString ) + "/openvpn-laptop.key"; + out-itf = config.makefu.server.primary-itf; + # generate via openvpn --genkey --secret static.key + client-key = (toString ) + "/openvpn-laptop.key"; # domain = "vpn.euer.krebsco.de"; domain = "gum.krebsco.de"; dev = "tun0"; port = 1194; - tcp-port = 3306; + tcp-port = 3306; in { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.nat = { -- cgit v1.2.3 From c83e5ad0d5588e733b860daf3506ae44482020bc Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:33:50 +0200 Subject: ma vim: add remarks about vim-nix --- makefu/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/vim.nix b/makefu/2configs/vim.nix index 9f3a59717..43d362ed9 100644 --- a/makefu/2configs/vim.nix +++ b/makefu/2configs/vim.nix @@ -127,6 +127,7 @@ in { { names = [ "undotree" # "YouCompleteMe" "vim-better-whitespace" ]; } + # vim-nix handles indentation better but does not perform sanity { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } ]; -- cgit v1.2.3 From 8962c8f1fc8c37d5f5f55bb2394f8f6e673a87f8 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:34:12 +0200 Subject: ma tools/steam: install steam for makefu, not all users --- makefu/2configs/tools/steam.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/tools/steam.nix b/makefu/2configs/tools/steam.nix index dbe51270d..200ea4719 100644 --- a/makefu/2configs/tools/steam.nix +++ b/makefu/2configs/tools/steam.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { - environment.systemPackages = [ + users.users.makefu.packages = [ (pkgs.steam.override { newStdcpp = true; }) -- cgit v1.2.3 From ff5e7c0dcb7d102c9881212a3286faa7412e97d0 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:34:38 +0200 Subject: ma stats/server: announce errors into #noise --- makefu/2configs/stats/server.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 8f9935658..bb91b4478 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,6 +2,8 @@ with import ; let + irc-server = "ni.r"; + irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; grafana-port = 3000; # TODO nginx forward @@ -37,9 +39,9 @@ in { echoToIrc = pkgs.writeDash "echo_irc" '' set -euf data="$(${pkgs.jq}/bin/jq -r .message)" - export LOGNAME=malarm + export LOGNAME=${irc-nick} ${pkgs.irc-announce}/bin/irc-announce \ - irc.freenode.org 6667 malarm \#krebs-bots "$data" >/dev/null + ${irc-server} 6667 ${irc-nick} \#noise "$data" >/dev/null ''; in { enable = true; -- cgit v1.2.3 From e1fb8de2d0facadc57f17e052fc7809b3993c28e Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:35:17 +0200 Subject: ma gui: do not run pulseaudio system-wide required for pacmd --- makefu/2configs/gui/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/gui/base.nix b/makefu/2configs/gui/base.nix index 0247010b1..daa0282b8 100644 --- a/makefu/2configs/gui/base.nix +++ b/makefu/2configs/gui/base.nix @@ -58,7 +58,7 @@ in hardware.pulseaudio = { enable = true; - systemWide = true; + # systemWide = true; }; services.xserver.displayManager.sessionCommands = let xdefaultsfile = pkgs.writeText "Xdefaults" '' -- cgit v1.2.3 From a4ffb72c5ccb7e81c9aa60125aeb71f16644ef47 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:35:35 +0200 Subject: ma git: init europastats --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 30c0b0b87..5604383e7 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -24,6 +24,7 @@ let cac-api = { }; euer_blog = { }; ampel = { }; + europastats = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; -- cgit v1.2.3 From 00bdcff9012b0369c1c2cb22e4cacbdf50d20b72 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:36:01 +0200 Subject: ma led-fader: wait for mosquitto --- makefu/2configs/deployment/led-fader.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/deployment/led-fader.nix b/makefu/2configs/deployment/led-fader.nix index 678370c69..4c17a1d50 100644 --- a/makefu/2configs/deployment/led-fader.nix +++ b/makefu/2configs/deployment/led-fader.nix @@ -29,11 +29,11 @@ in { environment = { NIX_PATH = "/var/src"; }; - # after = [ (lib.optional config.services.mosqitto.enable "mosquitto.service") ]; + after = [ "network-online.target" ] ++ (lib.optional config.services.mosquitto.enable "mosquitto.service"); wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; serviceConfig = { # User = "nobody"; # need a user with permissions to run nix-shell + ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; PrivateTmp = true; }; -- cgit v1.2.3 From e2a8aab44294584d185b6501cede7857c0529d36 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:37:24 +0200 Subject: ma: enable remote-build on gum,omo - x is master --- makefu/1systems/gum/config.nix | 8 +++++++- makefu/1systems/omo/config.nix | 2 ++ makefu/1systems/x/config.nix | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 2f288e708..e1357ff01 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -40,10 +40,11 @@ in { # services - # + + ## Web @@ -74,6 +75,9 @@ in { # + # Temporary: + + ]; makefu.dl-dir = "/var/download"; @@ -143,6 +147,8 @@ in { 53589 # temp vnc 18001 + # temp reverseshell + 31337 ]; allowedUDPPorts = [ # tinc diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 32cd3f900..a22ff10bd 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -65,6 +65,8 @@ in { # services + + # security diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 892eb1095..443f912d8 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -57,6 +57,7 @@ with import ; # + # Hardware -- cgit v1.2.3 From aa273ee8802c7de6283e0bea2a7624bf099d251d Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:38:08 +0200 Subject: ma wbob: enable extended logging --- makefu/1systems/wbob/config.nix | 106 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 104 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index b776b49d6..3a53b70cb 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -25,7 +25,9 @@ in { # # - ]; + # Services + + ]; krebs = { enable = true; @@ -33,10 +35,48 @@ in { }; swapDevices = [ { device = "/var/swap"; } ]; + services.collectd.extraConfig = lib.mkAfter '' + #LoadPlugin ping + # does not work because it requires privileges + # + # Host "google.de" + # Host "heise.de" + # + + LoadPlugin curl + + TotalTime true + NamelookupTime true + ConnectTime true + + + MeasureResponseTime true + MeasureResponseCode true + URL "https://google.de" + + + + MeasureResponseTime true + MeasureResponseCode true + URL "http://web.de" + + + + #LoadPlugin netlink + # + # Interface "enp0s25" + # Interface "wlp2s0" + # IgnoreSelected false + # + ''; networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 655 49152 ]; + networking.firewall.allowedTCPPorts = [ + 655 + 8081 #smokeping + 49152 + ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; #services.tinc.networks.siem = { # name = "display"; @@ -90,4 +130,66 @@ in { serverAddress = "x.r"; }; }; + security.wrappers.fping = { + source = "${pkgs.fping}/bin/fping"; + setuid = true; + }; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = Top + title = Network Latency Grapher + remark = Welcome to this SmokePing website. + + + network + menu = Net latency + title = Network latency (ICMP pings) + + ++ google + probe = FPing + host = google.de + ++ webde + probe = FPing + host = web.de + + + services + menu = Service latency + title = Service latency (DNS, HTTP) + + ++ HTTP + menu = HTTP latency + title = Service latency (HTTP) + + +++ webdeping + probe = EchoPingHttp + host = web.de + + +++ googwebping + probe = EchoPingHttp + host = google.de + + #+++ webwww + #probe = Curl + #host = web.de + + #+++ googwebwww + #probe = Curl + #host = google.de + ''; + probeConfig = '' + + FPing + binary = /run/wrappers/bin/fping + + EchoPingHttp + pings = 5 + url = / + + #+ Curl + ## probe-specific variables + #binary = ${pkgs.curl}/bin/curl + #step = 60 + ## a default for this target-specific variable + #urlformat = http://%host%/ + ''; + }; } -- cgit v1.2.3 From 6d083f03b76f6dfbe1810f8408301d0c916c3b34 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 29 Sep 2017 21:38:35 +0200 Subject: ma pkgs.logstash-input-rss: init --- makefu/5pkgs/logstash-input-rss/default.nix | 31 +++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 makefu/5pkgs/logstash-input-rss/default.nix diff --git a/makefu/5pkgs/logstash-input-rss/default.nix b/makefu/5pkgs/logstash-input-rss/default.nix new file mode 100644 index 000000000..af66359ef --- /dev/null +++ b/makefu/5pkgs/logstash-input-rss/default.nix @@ -0,0 +1,31 @@ +{ pkgs, stdenv, lib, fetchFromGitHub }: + + +stdenv.mkDerivation rec { + name = "logstash-input-rss-${version}"; + version = "3.0.3"; + + src = fetchFromGitHub { + owner = "logstash-plugins"; + repo = "logstash-input-rss"; + rev = "v${version}"; + sha256 = "026902g256385dx3qkbknz10vsp9dm2ymjdx6s6rkh3krs67w09l"; + }; + + dontBuild = true; + dontPatchELF = true; + dontStrip = true; + dontPatchShebangs = true; + installPhase = '' + mkdir -p $out/logstash + cp -r lib/* $out/ + ''; + + meta = with lib; { + description = "logstash output plugin"; + homepage = https://github.com/logstash-plugins/logstash-input-rss; + license = stdenv.lib.licenses.asl20; + platforms = stdenv.lib.platforms.unix; + maintainers = with maintainers; [ makefu ]; + }; +} -- cgit v1.2.3 From deb717fda416de23b32f73180ae4a248990d2a85 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 17:59:44 +0200 Subject: l: add archprism.r --- krebs/3modules/lass/default.nix | 38 ++++- lass/1systems/archprism/config.nix | 333 +++++++++++++++++++++++++++++++++++++ lass/1systems/archprism/source.nix | 3 + 3 files changed, 373 insertions(+), 1 deletion(-) create mode 100644 lass/1systems/archprism/config.nix create mode 100644 lass/1systems/archprism/source.nix diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index ca3c8b45b..69cc36346 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -116,6 +116,38 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; + archprism = rec { + cores = 4; + nets = rec { + retiolum = { + via = internet; + ip4.addr = "10.243.0.104"; + ip6.addr = "42::fa17"; + aliases = [ + "archprism.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl + kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl + JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I + AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5 + jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j + anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + internet = { + ip4.addr = "213.239.205.240"; + aliases = [ + "archprism.i" + ]; + ssh.port = 45621; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + }; domsen-nas = { ci = false; external = true; @@ -487,10 +519,14 @@ with import ; fritz = { pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; }; - prism-repo-sync = { + archprism-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR9oL/OPHjjKjQ+IyRqWpgrXdZrKKAwFKIte8gYml6C"; mail = "lass@prism.r"; }; + prism-repo-sync = { + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhpCKTnSq6VDJPB+0NiHu2ZxSKEIxHN6uPAPnbXYNCe"; + mail = "lass@prism.r"; + }; mors-repo-sync = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGv6N/UjFnX5vUicT9Sw0+3x4mR0760iaVWZ/JDtdV4h"; mail = "lass@mors.r"; diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix new file mode 100644 index 000000000..56f72aced --- /dev/null +++ b/lass/1systems/archprism/config.nix @@ -0,0 +1,333 @@ +{ config, lib, pkgs, ... }: +with import ; + +let + ip = config.krebs.build.host.nets.internet.ip4.addr; + +in { + imports = [ + + { + networking.interfaces.et0.ip4 = [ + { + address = ip; + prefixLength = 24; + } + ]; + networking.defaultGateway = "213.239.205.225"; + networking.nameservers = [ + "8.8.8.8" + ]; + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + ''; + } + + + # + + + + + + + + + + + + + + + + + + + #{ + # lass.pyload.enable = true; + #} + { + imports = [ + + ]; + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; + } + { + users.extraGroups = { + # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories + # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) + # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago + # Docs: man:tmpfiles.d(5) + # man:systemd-tmpfiles(8) + # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) + # Main PID: 19272 (code=exited, status=1/FAILURE) + # + # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. + # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE + # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. + # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. + # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. + # warning: error(s) occured while switching to the new configuration + lock.gid = 10001; + }; + } + { + boot.loader.grub = { + devices = [ + "/dev/sda" + "/dev/sdb" + ]; + splashImage = null; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "vmw_pvscsi" + ]; + + fileSystems."/" = { + device = "/dev/pool/nix"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + }; + + fileSystems."/var/download" = { + device = "/dev/pool/download"; + }; + + fileSystems."/srv/http" = { + device = "/dev/pool/http"; + }; + + fileSystems."/srv/o.ubikmedia.de-data" = { + device = "/dev/pool/owncloud-ubik-data"; + }; + + fileSystems."/bku" = { + device = "/dev/pool/bku"; + }; + + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; + }; + + } + { + sound.enable = false; + } + { + nixpkgs.config.allowUnfree = true; + } + { + #stuff for juhulian + users.extraUsers.juhulian = { + name = "juhulian"; + uid = 1339; + home = "/home/juhulian"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" + ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } + { + environment.systemPackages = [ + pkgs.perlPackages.Plack + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} + ]; + } + { + users.users.chat.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" + ]; + } + { + time.timeZone = "Europe/Berlin"; + } + { + imports = [ + + + ]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport http"; target = "ACCEPT"; } + { predicate = "-p tcp --dport https"; target = "ACCEPT"; } + ]; + } + { + services.tor = { + enable = true; + }; + } + { + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } + { + imports = [ + + ]; + services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper.png; + ''; + } + { + environment.systemPackages = with pkgs; [ + mk_sql_pair + ]; + } + { + users.users.tv = { + uid = genid "tv"; + inherit (config.krebs.users.tv) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.tv.pubkey + ]; + }; + users.users.makefu = { + uid = genid "makefu"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.makefu.pubkey + ]; + }; + users.users.nin = { + uid = genid "nin"; + inherit (config.krebs.users.nin) home; + group = "users"; + createHome = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.nin.pubkey + ]; + extraGroups = [ + "libvirtd" + ]; + }; + } + { + krebs.repo-sync.timerConfig = { + OnBootSec = "15min"; + OnUnitInactiveSec = "90min"; + RandomizedDelaySec = "30min"; + }; + krebs.repo-sync.repos.stockholm.timerConfig = { + OnBootSec = "5min"; + OnUnitInactiveSec = "2min"; + RandomizedDelaySec = "2min"; + }; + } + { + lass.usershadow = { + enable = true; + }; + } + { + krebs.Reaktor.prism = { + nickname = "Reaktor|lass"; + channels = [ "#retiolum" ]; + extraEnviron = { + REAKTOR_HOST = "ni.r"; + }; + plugins = with pkgs.ReaktorPlugins; [ + sed-plugin + ]; + }; + } + { + #stuff for dritter + users.extraUsers.dritter = { + name = "dritter"; + uid = genid "dritter"; + home = "/home/dritter"; + group = "users"; + createHome = true; + useDefaultShell = true; + extraGroups = [ + "download" + ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" + ]; + }; + } + { + #hotdog + containers.hotdog = { + config = { ... }: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.1"; + localAddress = "10.233.2.2"; + }; + } + { + #kaepsele + containers.kaepsele = { + config = { ... }: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + tv.pubkey + ]; + }; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.3"; + localAddress = "10.233.2.4"; + }; + } + { + #onondaga + containers.onondaga = { + config = { ... }: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + config.krebs.users.nin.pubkey + ]; + }; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.4"; + localAddress = "10.233.2.5"; + }; + } + ]; + + krebs.build.host = config.krebs.hosts.archprism; +} diff --git a/lass/1systems/archprism/source.nix b/lass/1systems/archprism/source.nix new file mode 100644 index 000000000..3e96c1d38 --- /dev/null +++ b/lass/1systems/archprism/source.nix @@ -0,0 +1,3 @@ +import { + name = "archprism"; +} -- cgit v1.2.3 From dda93e30e0ab3746841fa851361ddb55f7d24102 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 18:03:58 +0200 Subject: l prism.r: cleanup & adapt to new HW --- krebs/3modules/lass/default.nix | 38 +++-- lass/1systems/prism/config.nix | 302 ++++++++++++++++------------------------ lass/1systems/prism/source.nix | 1 + 3 files changed, 147 insertions(+), 194 deletions(-) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 69cc36346..364c02d1d 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -83,7 +83,7 @@ with import ; }; nets = rec { internet = { - ip4.addr = "213.239.205.240"; + ip4.addr = "46.4.114.247"; aliases = [ "prism.i" "paste.i" @@ -103,18 +103,34 @@ with import ; ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAvzhoBsxUaEwm7ctiw3xvLFP2RoVaiHnF+Sm4J8E4DOerPToXxlyl - kxvMPaRnhtiO6MK0Vv2+VswKIeRkMm5YuD5MG7wni4vUKcRx9cCgKji/s0vGqLhl - JKK9i23q7epvQ32Is/e3P+fQ5KM50EO+TWACNaroCNoyJvZ/G8BWXw6WnIOsuX0I - AoPW2ol8/sdZxeK4hCe/aQz6y0AEvigpvPkHx+TE5fkBeIeqhiKTIWpEqjU4wXx5 - jP2izYuaIsHAihU8mm03xRxT4+4IHYt6ddrhNeBuJBsATLkDgULdQyOoEzmXCm2j - anGRBZoYVazxn7d8mKBdE09ZNc1ijULZgwIDAQAB + MIIECgKCBAEAtpI0+jz2deUiH18T/+JcRshQi7lq8zlRvaXpvyuxJlYCz+o5cLje + fxrKn67JbDb0cTAiDkI88alHBd8xeq2I6+CY90NT6PNVfsQBFx2v5YXafELXJWlo + rBvPFrR7nt1VzmG/hzkY8RwgC8hC6jRn7cvWWPCkvm2ZnNtYqAjiYMcUcWv6Vn9Z + ytPgkebDF9KpD8bL4vQu9iPZGNZpwncCw/Ix66oyTM6e24j/fTYgp7xn28wVUzUB + wWDH0uMQOxyBGFutEvAQ48XZ+QQxZv+2ZGqWJ+MeXreUPNP5wTxFCQOrkR1EXNio + /jgdHXtU5wVvqPwziukwwnfGJYUUHw7mjdo6ps5rch/aDxs0lahNc2TMbhr3rqgA + BkXVfwDTt8W/PB6Z0Y/djXOlUmQKO39OgZuhsYzqM4Uj17up7CDY77SiQYrV901C + 9CR5oFsAvV+WIMFUBc7ZZGPotJ9nZ2yyLQh+fT3sXuqFpGlyaI2SAm2edZUXKWQ5 + Q6AIyQRPkTNRCDuvXxIMdmOE++tBnyCI/Psn/Qet5gFcSsUMPhto8Yaka4SgJfyu + 3iIojFUzskowLWt6dBOGm5brI/OaKz0gyw5K3Hb4T7Jz+EwoeJfhbdZYA6NIY+qH + TGGl+47ffT+8e+1hvcAnO+bN5Br8WPN3+VD4FQD5yTb6pCFdZuL3QEyoKc9eugDb + g/+rFOsI8bfVeH5zZrl6B6XJBLGeKEECf3zwE2JObO3IuwxATSkahx1jAEy+hFyZ + kPwooGj03tkgVGc2AxgdHbfmNUbSVkO+m+ouBojikSrnFNKRTS/wZ69RVg3tl4qg + 7F4Vs/aMQ9bSWycvRBZQXITPQ1Y6mCEUj2mSKVHmgy/5rqwz2va/Yc1zhUptcINo + 7ztGiEzFMPGagkTs/Ntuqh2VbC/MwTao0BKl+gyCNwrACnNW87X4og2gtG3ukduz + cnSupO84hdTrclthsSEH/rLUauBsuIch58S/F7KCz9hwK45+Btky7Kz4mf/pE451 + k88QfDHw/cTSzlESPnEnthrRnhxn0fW7FRwJpieKm2AmyEEjSiiYt8mUdD3teKj0 + dgYrcGQkCnhmKDawgcw46wstBG/sAKT8qnZPRmlzKpcCS186ffuobQvj42LSmuMu + ToANi5pw2yEfzwLxNG/3whozB9rqwbqV/YAR/mthMxD0IXpLDKXlV1IeD7MfpV8i + jx6SghnkX/s2F7UTOlwJYe/Gl1biLRB8EPnOZKadHR0BRWFd+Qz6pJDp0B13jT3/ + AEPNGXLwVjmdhy2TVec3OGL/CukPEdiW1Urw5lfOc9dacTXjTNTXzod7Ub6s7ZOE + T7Y4dsVeW4OM7NmE/riqS3cG9obGWO7gIQIDAQAB -----END RSA PUBLIC KEY----- ''; }; }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; }; archprism = rec { cores = 4; @@ -145,8 +161,8 @@ with import ; ssh.port = 45621; }; }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; + ssh.privkey.path = ; + ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChm4sqQ2bUZj+2YnTf6G5HHRTpSe1jTUhJRnwcYPYZKF+CBqBncipRpuGlGXEsptNa+7ZMcQC0ySsz5SUOMt3Ih+NehVe/qt3VtRz0l0MgOWmH2qBwKK9Y4IuxrJQzUmP4UGlOGlFj9DORssSMOyFIG4eZ9k2qMn3xal0NVRfGTShKlouWsiUILZ8I+sDNE00z8DAYesgc1yazvRnjzvLkRxdNdpYiAFBbmXMpPKK95McRJaWsuNSeal9kd5p5PagWcgN4DZ6+ebzz3NKnmzk4j+vuHX0U9lTXBqKMlzzmM2YNLRtDPfrtJNyHqLpZUpFhJKqZCD+4/0zdrzRfC7Th+5czzUCSvHiKPVsqw5eOdiQX6EyzNAF5zpkpRp//QdUNNXC5/Ku6GKCO491+TuA8VCha0fOwBONccTLUI/hGNmCh88mLbukVoeGJrbYNCOA/6kEz7ZLEveU4i+TT7okhDElMsNk+AWCZ8/NdJQNX3/K6+JJ9qAn+/yC8LdjgYYJ2oU/aw5/HyOgiQ0z4n9UfQ7j+nHysY9CQb1b3guX7yjJoc3KpNXCXEztuIRHjFD1EP8NRTSmGjsa/VjLmTLSsqjD+7IE5mT0tO5RJvmagDgdJSr/iR5D9zjW7hx7ttvektrlp9g0v3CiCFVaW4l95hGYT0HaNBLJ5R0YHm0lD+Q=="; }; domsen-nas = { ci = false; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 5983456b3..a4d67afc4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -11,73 +11,20 @@ in { networking.interfaces.et0.ip4 = [ { address = ip; - prefixLength = 24; + prefixLength = 27; } ]; - networking.defaultGateway = "213.239.205.225"; + networking.defaultGateway = "46.4.114.225"; networking.nameservers = [ "8.8.8.8" ]; services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="54:04:a6:7e:f4:06", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="08:60:6e:e7:87:04", NAME="et0" ''; } - - - - - - - - - - - - - - - - - - - - - - { - lass.pyload.enable = true; - } - { - imports = [ - - ]; - krebs.bepasty.servers."paste.r".nginx.extraConfig = '' - if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { - return 403; - } - ''; - } - { - users.extraGroups = { - # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories - # Loaded: loaded (/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/example/systemd/system/systemd-tmpfiles-setup.service) - # Active: failed (Result: exit-code) since Mon 2015-03-16 10:29:18 UTC; 4s ago - # Docs: man:tmpfiles.d(5) - # man:systemd-tmpfiles(8) - # Process: 19272 ExecStart=/nix/store/2l33gg7nmncqkpysq9f5fxyhlw6ncm2j-systemd-217/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=1/FAILURE) - # Main PID: 19272 (code=exited, status=1/FAILURE) - # - # Mar 16 10:29:17 cd systemd-tmpfiles[19272]: [/usr/lib/tmpfiles.d/legacy.conf:26] Unknown group 'lock'. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal configured, ignoring. - # Mar 16 10:29:18 cd systemd-tmpfiles[19272]: Two or more conflicting lines for /var/log/journal/7b35116927d74ea58785e00b47ac0f0d configured, ignoring. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service: main process exited, code=exited, status=1/FAILURE - # Mar 16 10:29:18 cd systemd[1]: Failed to start Create Volatile Files and Directories. - # Mar 16 10:29:18 cd systemd[1]: Unit systemd-tmpfiles-setup.service entered failed state. - # Mar 16 10:29:18 cd systemd[1]: systemd-tmpfiles-setup.service failed. - # warning: error(s) occured while switching to the new configuration - lock.gid = 10001; - }; - } { + imports = [ ]; + boot.loader.grub = { devices = [ "/dev/sda" @@ -89,126 +36,98 @@ in { boot.initrd.availableKernelModules = [ "ata_piix" "vmw_pvscsi" + "ahci" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + fileSystems."/" = { - device = "/dev/pool/nix"; + device = "/dev/pool/nix_root"; fsType = "ext4"; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7ca12d8c-606d-41ce-b10d-62b654e50e36"; + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["nosuid" "nodev" "noatime"]; }; fileSystems."/var/download" = { device = "/dev/pool/download"; + fsType = "ext4"; }; fileSystems."/srv/http" = { device = "/dev/pool/http"; + fsType = "ext4"; }; - fileSystems."/srv/o.ubikmedia.de-data" = { - device = "/dev/pool/owncloud-ubik-data"; - }; - - fileSystems."/bku" = { - device = "/dev/pool/bku"; + fileSystems."/home" = { + device = "/dev/pool/home"; + fsType = "ext4"; }; - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["nosuid" "nodev" "noatime"]; - }; + swapDevices = [ + { label = "swap1"; } + { label = "swap2"; } + ]; - } - { sound.enable = false; - } - { nixpkgs.config.allowUnfree = true; - } - { - #stuff for juhulian - users.extraUsers.juhulian = { - name = "juhulian"; - uid = 1339; - home = "/home/juhulian"; - group = "users"; - createHome = true; - useDefaultShell = true; - extraGroups = [ - ]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" - ]; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} - ]; - } - { - environment.systemPackages = [ - pkgs.perlPackages.Plack - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8080"; target = "ACCEPT";} - ]; - } - { - users.users.chat.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjesiOnhpT9XgWZqw/64M5lVQg3q0k22BtMyCv+33sGX8VmfTyD11GuwSjNGf5WiswKLqFvYBQsHfDDtS3k0ZNTDncGw3Pbilm6QoCuHEyDPaQYin0P+JmkocrL/6QF5uhZVFnsXCH5wntwOa00VFGwpMgQYSfRlReRx42Pu9Jk+iJduZMRBbOMvJI68Z7iJ4DgW/1U9J4MQdCsk7QlFgUstQQfV1zk4VfVfXuxDP3hjx6Q05nDChjpmzJbFunzb7aiy/1/Sl0QhROTpvxrQLksg7yYLw4BRs9ptjehX45A2Sxi8WKOb/g5u3xJNy0X07rE+N+o5v2hS7wF0DLQdK5+4TGtO+Y+ABUCqqA+T1ynAjNBWvsgY5uD4PZjuPgCMSw0JBmIy/P0THi3v5/8Cohvfnspl7Jpf80qENMu3unvvE9EePzgSRZY1PvDjPQfkWy0yBX1yQMhHuVGke9QgaletitwuahRujml37waeUuOl8Rpz+2iV+6OIS4tfO368uLFHKWbobXTbTDXODBgxZ/IyvO7vxM2uDX/kIWaeYKrip3nSyWBYnixwrcS4vm6ZQcoejwp2KCfGQwIE4MnGYRlwcOEYjvyjLkZHDiZEivUQ0rThMYBzec8bQ08QW8oxF+NXkFKG3awt3f7TKTRkYqQcOMpFKmV24KDiwgwm0miQ== JuiceSSH" - ]; - } - { time.timeZone = "Europe/Berlin"; } + + { + services.nginx.enable = true; imports = [ ]; + # needed by domsen.nix ^^ + lass.usershadow = { + enable = true; + }; + krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport http"; target = "ACCEPT"; } { predicate = "-p tcp --dport https"; target = "ACCEPT"; } ]; } - { - services.tor = { - enable = true; + { # TODO make new hfos.nix out of this vv + users.users.riot = { + uid = genid "riot"; + isNormalUser = true; + extraGroups = [ "libvirtd" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" + ]; }; - } - { - lass.ejabberd = { - enable = true; - hosts = [ "lassul.us" ]; + + # TODO write function for proxy_pass (ssl/nonssl) + services.nginx.virtualHosts."hackerfleet.de" = { + serverAliases = [ + "*.hackerfleet.de" + ]; + locations."/".extraConfig = '' + proxy_pass http://192.168.122.92:80; + ''; + }; + services.nginx.virtualHosts."hackerfleet.de-s" = { + serverName = "hackerfleet.de"; + port = 443; + serverAliases = [ + "*.hackerfleet.de" + ]; + locations."/".extraConfig = '' + proxy_pass http://192.168.122.92:443; + ''; }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } - { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } - ]; - } - { - imports = [ - - ]; - services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' - alias /var/realwallpaper/realwallpaper.png; - ''; - } - { - environment.systemPackages = with pkgs; [ - mk_sql_pair - ]; } { users.users.tv = { uid = genid "tv"; - inherit (config.krebs.users.tv) home; - group = "users"; - createHome = true; - useDefaultShell = true; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.tv.pubkey ]; @@ -222,56 +141,14 @@ in { }; users.users.nin = { uid = genid "nin"; - inherit (config.krebs.users.nin) home; - group = "users"; - createHome = true; - useDefaultShell = true; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.nin.pubkey ]; - extraGroups = [ - "libvirtd" - ]; }; - } - { - krebs.repo-sync.timerConfig = { - OnBootSec = "15min"; - OnUnitInactiveSec = "90min"; - RandomizedDelaySec = "30min"; - }; - krebs.repo-sync.repos.stockholm.timerConfig = { - OnBootSec = "5min"; - OnUnitInactiveSec = "2min"; - RandomizedDelaySec = "2min"; - }; - } - { - lass.usershadow = { - enable = true; - }; - } - { - krebs.Reaktor.prism = { - nickname = "Reaktor|lass"; - channels = [ "#retiolum" ]; - extraEnviron = { - REAKTOR_HOST = "ni.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ]; - }; - } - { - #stuff for dritter users.extraUsers.dritter = { - name = "dritter"; uid = genid "dritter"; - home = "/home/dritter"; - group = "users"; - createHome = true; - useDefaultShell = true; + isNormalUser = true; extraGroups = [ "download" ]; @@ -279,6 +156,13 @@ in { "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOWDDk7QkSAvrSLkEoz7dY22+xPyv5JDn2zlfUndfavmTMfZvPx9REMjgULbcCSM4m3Ncf40yUjciDpVleGoEz82+p/ObHAkVWPQyXRS3ZRM2IJJultBHEFc61+61Pi8k3p5pBhPPaig6VncJ4uUuuNqen9jqLesSTVXNtdntU2IvnC8B8k1Kq6fu9q1T2yEOMxkD31D5hVHlqAly0LdRiYvtsRIoCSmRvlpGl70uvPprhQxhtoiEUeDqmIL7BG9x7gU0Swdl7R0/HtFXlFuOwSlNYDmOf/Zrb1jhOpj4AlCliGUkM0iKIJhgH0tnJna6kfkGKHDwuzITGIh6SpZ dritter@Janeway" ]; }; + users.extraUsers.juhulian = { + uid = 1339; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBQhLGvfv4hyQ/nqJGy1YgHXPSVl6igeWTroJSvAhUFgoh+rG+zvqY0EahKXNb3sq0/OYDCTJVuucc0hgCg7T2KqTqMtTb9EEkRmCFbD7F7DWZojCrh/an6sHneqT5eFvzAPZ8E5hup7oVQnj5P5M3I9keRHBWt1rq6q0IcOEhsFvne4qJc73aLASTJkxzlo5U8ju3JQOl6474ECuSn0lb1fTrQ/SR1NgF7jV11eBldkS8SHEB+2GXjn4Yrn+QUKOnDp+B85vZmVlJSI+7XR1/U/xIbtAjGTEmNwB6cTbBv9NCG9jloDDOZG4ZvzzHYrlBXjaigtQh2/4mrHoKa5eV juhulian@juhulian" + ]; + }; } { #hotdog @@ -327,7 +211,59 @@ in { localAddress = "10.233.2.5"; }; } + + + + + + + + + + + + + + # + # + + + { # quasi bepasty.nix + imports = [ + + ]; + krebs.bepasty.servers."paste.r".nginx.extraConfig = '' + if ( $server_addr = "${config.krebs.build.host.nets.internet.ip4.addr}" ) { + return 403; + } + ''; + } + { + services.tor = { + enable = true; + }; + } + { + lass.ejabberd = { + enable = true; + hosts = [ "lassul.us" ]; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; } + { predicate = "-p tcp --dport xmpp-server"; target = "ACCEPT"; } + ]; + } + { + imports = [ + + ]; + services.nginx.virtualHosts."lassul.us".locations."/wallpaper.png".extraConfig = '' + alias /var/realwallpaper/realwallpaper.png; + ''; + } ]; krebs.build.host = config.krebs.hosts.prism; + # workaround because grub store paths are broken + boot.copyKernels = true; } diff --git a/lass/1systems/prism/source.nix b/lass/1systems/prism/source.nix index 557fbf509..3dbd6c52b 100644 --- a/lass/1systems/prism/source.nix +++ b/lass/1systems/prism/source.nix @@ -1,3 +1,4 @@ +with import ; import { name = "prism"; } -- cgit v1.2.3 From 8bd9894a2af5a0db91c0cb7943a34f60e2252c32 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 18:06:21 +0200 Subject: add new prism.r binary-cache key --- krebs/2configs/binary-cache/prism.nix | 1 + lass/2configs/binary-cache/client.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/krebs/2configs/binary-cache/prism.nix b/krebs/2configs/binary-cache/prism.nix index 4813eeb0f..46b386e14 100644 --- a/krebs/2configs/binary-cache/prism.nix +++ b/krebs/2configs/binary-cache/prism.nix @@ -7,6 +7,7 @@ ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" ]; }; } diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix index 9dba5fbfb..b0e0a8b88 100644 --- a/lass/2configs/binary-cache/client.nix +++ b/lass/2configs/binary-cache/client.nix @@ -8,6 +8,7 @@ ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" + "cache.prism-2:YwmCm3/s/D+SxrPKN/ETjlpw/219pNUbpnluatp6FKI=" "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; }; -- cgit v1.2.3 From 524456acdb76c17a2027ea92670513213c5e59fe Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 19:09:46 +0200 Subject: l helios.r: enable redis --- lass/1systems/helios/config.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 37bdc0290..271f1a7cf 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -11,7 +11,6 @@ with import ; - { # automatic hardware detection boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.kernelModules = [ "kvm-intel" ]; @@ -47,6 +46,16 @@ with import ; fonts.fontconfig.dpi = 200; lass.myFont = "-schumacher-clean-*-*-*-*-25-*-*-*-*-*-iso10646-1"; } + { #TAPIR, AGATIS, sentral, a3 - foo + services.redis.enable = true; + } + { + krebs.fetchWallpaper = { + enable = true; + url = "http://i.imgur.com/0ktqxSg.png"; + maxTime = 9001; + }; + } ]; krebs.build.host = config.krebs.hosts.helios; -- cgit v1.2.3 From 0a9137e5bbd7ac34dadd7806b9ab829a09cf8625 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 19:10:12 +0200 Subject: l helios.r: add pkgs.ag --- lass/1systems/helios/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/helios/config.nix b/lass/1systems/helios/config.nix index 271f1a7cf..6ff3fbb86 100644 --- a/lass/1systems/helios/config.nix +++ b/lass/1systems/helios/config.nix @@ -75,6 +75,7 @@ with import ; hardware.enableRedistributableFirmware = true; environment.systemPackages = with pkgs; [ + ag vim rxvt_unicode git -- cgit v1.2.3 From cad6fa36cb5d50ba7debd642258f37d1ba7aa4b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 19:11:08 +0200 Subject: l exim-smarthost: add aplle & coinbase mail --- lass/2configs/exim-smarthost.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index c9d7a369a..0b56f6f47 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -43,6 +43,8 @@ with import ; { from = "radio@lassul.us"; to = lass.mail; } { from = "btce@lassul.us"; to = lass.mail; } { from = "raf@lassul.us"; to = lass.mail; } + { from = "apple@lassul.us"; to = lass.mail; } + { from = "coinbase@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From ea21ba775c11a5ff4b79c18445895cf95956220c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 19:11:44 +0200 Subject: l git: add nix-user-chroot repo --- lass/2configs/git.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 3991acadc..920da98c7 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -53,6 +53,10 @@ let cgit.desc = "Good Music collection + tools"; cgit.section = "art"; }; + nix-user-chroot = { + cgit.desc = "Fork of nix-user-chroot my lethalman"; + cgit.section = "software"; + }; } // mapAttrs make-public-repo-silent { }; -- cgit v1.2.3 From 0971a0709b976b0f86651d2635709569f15adc12 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 19:12:12 +0200 Subject: l vim: use python3.5 flake8 --- lass/2configs/vim.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 7f36fcd90..6e2717117 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -5,7 +5,7 @@ let out = { environment.systemPackages = [ (hiPrio vim) - pkgs.pythonPackages.flake8 + pkgs.python35Packages.flake8 ]; environment.etc.vimrc.source = vimrc; -- cgit v1.2.3 From 2cca99fadc19f81c52beb71d1d0ad8ea97380f97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 19:12:30 +0200 Subject: l vim: add vimPlugins.vim-go --- lass/2configs/vim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index 6e2717117..71c3aaada 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -104,6 +104,7 @@ let pkgs.vimPlugins.Gundo pkgs.vimPlugins.Syntastic pkgs.vimPlugins.undotree + pkgs.vimPlugins.vim-go (pkgs.vimUtils.buildVimPlugin { name = "file-line-1.0"; src = pkgs.fetchFromGitHub { -- cgit v1.2.3 From ec1482b0bf98a551348d6f0de6d966d81dbd663e Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 19:36:54 +0200 Subject: l Reaktors: archprism.r -> prism.r --- lass/1systems/archprism/config.nix | 28 ++++++++++++++-------------- lass/1systems/prism/config.nix | 5 +++-- lass/2configs/reaktor-retiolum.nix | 15 +++++++++++++++ 3 files changed, 32 insertions(+), 16 deletions(-) create mode 100644 lass/2configs/reaktor-retiolum.nix diff --git a/lass/1systems/archprism/config.nix b/lass/1systems/archprism/config.nix index 56f72aced..69a0476fb 100644 --- a/lass/1systems/archprism/config.nix +++ b/lass/1systems/archprism/config.nix @@ -39,10 +39,10 @@ in { - + # - + # #{ # lass.pyload.enable = true; #} @@ -251,18 +251,18 @@ in { enable = true; }; } - { - krebs.Reaktor.prism = { - nickname = "Reaktor|lass"; - channels = [ "#retiolum" ]; - extraEnviron = { - REAKTOR_HOST = "ni.r"; - }; - plugins = with pkgs.ReaktorPlugins; [ - sed-plugin - ]; - }; - } + #{ + # krebs.Reaktor.prism = { + # nickname = "Reaktor|lass"; + # channels = [ "#retiolum" ]; + # extraEnviron = { + # REAKTOR_HOST = "ni.r"; + # }; + # plugins = with pkgs.ReaktorPlugins; [ + # sed-plugin + # ]; + # }; + #} { #stuff for dritter users.extraUsers.dritter = { diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a4d67afc4..5b3091a39 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -224,8 +224,9 @@ in { - # - # + + + { # quasi bepasty.nix diff --git a/lass/2configs/reaktor-retiolum.nix b/lass/2configs/reaktor-retiolum.nix new file mode 100644 index 000000000..b2a21f802 --- /dev/null +++ b/lass/2configs/reaktor-retiolum.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: +with import ; + +{ + krebs.Reaktor.retiolum = { + nickname = "Reaktor|lass"; + channels = [ "#retiolum" ]; + extraEnviron = { + REAKTOR_HOST = "ni.r"; + }; + plugins = with pkgs.ReaktorPlugins; [ + sed-plugin + ]; + }; +} -- cgit v1.2.3 From c159128c2cb4eb247cdbbacbea2aed4961dbc28d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 30 Sep 2017 23:13:49 +0200 Subject: puyak.r: fix syntax --- krebs/1systems/puyak/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 444bf383c..ba578512e 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -70,7 +70,7 @@ extraModprobeConfig = '' options thinkpad_acpi fan_control=1 ''; - } + }; system.activationScripts."disengage fancontrol" = '' echo level disengaged > /proc/acpi/ibm/fan -- cgit v1.2.3 From c404a21d1bd03595292ce28e48f13621a5fcc7fb Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 01:32:36 +0200 Subject: puyak.r: merge multiple boot configs --- krebs/1systems/puyak/config.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index ba578512e..d2664ef84 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -27,6 +27,11 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda3"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + + kernelModules = [ "kvm-intel" ]; + extraModprobeConfig = '' + options thinkpad_acpi fan_control=1 + ''; }; fileSystems = { @@ -65,12 +70,6 @@ ''; environment.systemPackages = [ pkgs.zsh ]; - boot = { - kernelModules = [ "kvm-intel" ]; - extraModprobeConfig = '' - options thinkpad_acpi fan_control=1 - ''; - }; system.activationScripts."disengage fancontrol" = '' echo level disengaged > /proc/acpi/ibm/fan -- cgit v1.2.3 From a43efa33f60d36f22f3ea49084d5b7b3ec01828f Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 13:01:55 +0200 Subject: htodog.r: add irc.r --- krebs/1systems/hotdog/config.nix | 1 + krebs/3modules/krebs/default.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 2ad22f49c..7f49f9485 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -12,6 +12,7 @@ + ]; krebs.build.host = config.krebs.hosts.hotdog; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 2fe3e5115..1e626f0a0 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -74,6 +74,7 @@ in { "build.r" "build.hotdog.r" "cgit.hotdog.r" + "irc.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- -- cgit v1.2.3 From e1842266b3787337cac76b6d7297fd3186978fd2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 13:35:30 +0200 Subject: l: #retiolum@ni.r -> #krebs@irc.r --- lass/2configs/git.nix | 8 ++++---- lass/2configs/monitoring/monit-alarms.nix | 2 +- lass/2configs/monitoring/server.nix | 2 +- lass/2configs/reaktor-retiolum.nix | 4 ++-- lass/2configs/repo-sync.nix | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 920da98c7..91318b530 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -77,8 +77,8 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; + channel = "#krebs"; + server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; @@ -98,8 +98,8 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#retiolum"; - server = "ni.r"; + channel = "#krebs"; + server = "irc.r"; verbose = true; # TODO define branches in some kind of option per repo branches = [ "master" "staging*" ]; diff --git a/lass/2configs/monitoring/monit-alarms.nix b/lass/2configs/monitoring/monit-alarms.nix index 65b91a745..2cfc292e5 100644 --- a/lass/2configs/monitoring/monit-alarms.nix +++ b/lass/2configs/monitoring/monit-alarms.nix @@ -6,7 +6,7 @@ let set -euf export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null + irc.r 6667 ${config.networking.hostName}-alarm \#noise "${msg}" >/dev/null ''; in { diff --git a/lass/2configs/monitoring/server.nix b/lass/2configs/monitoring/server.nix index d1ff234ee..adaecde2c 100644 --- a/lass/2configs/monitoring/server.nix +++ b/lass/2configs/monitoring/server.nix @@ -29,7 +29,7 @@ with import ; data="$(${pkgs.jq}/bin/jq -r .message)" export LOGNAME=prism-alarm ${pkgs.irc-announce}/bin/irc-announce \ - ni.r 6667 prism-alarm \#noise "$data" >/dev/null + irc.r 6667 prism-alarm \#noise "$data" >/dev/null ''; in { enable = true; diff --git a/lass/2configs/reaktor-retiolum.nix b/lass/2configs/reaktor-retiolum.nix index b2a21f802..0ec825522 100644 --- a/lass/2configs/reaktor-retiolum.nix +++ b/lass/2configs/reaktor-retiolum.nix @@ -4,9 +4,9 @@ with import ; { krebs.Reaktor.retiolum = { nickname = "Reaktor|lass"; - channels = [ "#retiolum" ]; + channels = [ "#krebs" ]; extraEnviron = { - REAKTOR_HOST = "ni.r"; + REAKTOR_HOST = "irc.r"; }; plugins = with pkgs.ReaktorPlugins; [ sed-plugin diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index f0c0ebfee..12a2c0fe8 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -15,8 +15,8 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#retiolum"; - server = "ni.r"; + channel = "#krebs"; + server = "irc.r"; branches = [ "newest" ]; }; }); -- cgit v1.2.3 From 7cdf5705d91e3710ae82bd9cc9843c70130698ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 13:41:41 +0200 Subject: #retiolum@ni.r -> #krebs@irc.r --- krebs/2configs/repo-sync.nix | 4 ++-- krebs/3modules/announce-activation.nix | 4 ++-- krebs/3modules/ci.nix | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index b0b0b2f62..9b60dc552 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -15,8 +15,8 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#retiolum"; - server = "ni.r"; + channel = "#krebs"; + server = "irc.r"; branches = [ "master" ]; }; }); diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 5a3a788c2..73704ae27 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -35,7 +35,7 @@ in { irc = { # TODO rename channel to target? channel = mkOption { - default = "#retiolum"; + default = "#krebs"; type = types.str; # TODO types.irc-channel }; nick = mkOption { @@ -47,7 +47,7 @@ in { type = types.int; }; server = mkOption { - default = "ni.r"; + default = "irc.r"; type = types.hostname; }; }; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index dab87792e..49d5bbc93 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -133,8 +133,8 @@ in irc = { enable = true; nick = "build|${hostname}"; - server = "ni.r"; - channels = [ "retiolum" "noise" ]; + server = "irc.r"; + channels = [ "krebs" "noise" ]; allowForce = true; }; extraConfig = '' -- cgit v1.2.3 From 144b18a15c8713314dfce32f719c63dae5fc37bd Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 1 Oct 2017 13:43:00 +0200 Subject: tv gitrepos: ni.r/#retiolum -> irc.r/#krebs --- tv/2configs/gitrepos.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index b6480f356..bbb1d4128 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -100,10 +100,10 @@ let { ); irc-announce = args: pkgs.git-hooks.irc-announce (recursiveUpdate { - channel = "#retiolum"; + channel = "#krebs"; # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - server = "ni.r"; + server = "irc.r"; verbose = true; } args); -- cgit v1.2.3 From 5b536e2d311ae6beea7f7e73115c3a061d523a59 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:01:19 +0200 Subject: ma irc: ni.r -> irc.r --- makefu/1systems/pnp/config.nix | 3 ++- makefu/2configs/git/brain-retiolum.nix | 2 +- makefu/2configs/git/cgit-retiolum.nix | 2 +- makefu/2configs/stats/server.nix | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix index 5fbaaabc7..47fa74c00 100644 --- a/makefu/1systems/pnp/config.nix +++ b/makefu/1systems/pnp/config.nix @@ -34,7 +34,8 @@ krebs.Reaktor.debug = { debug = true; extraEnviron = { - REAKTOR_HOST = "ni.r"; + # TODO: remove hard-coded server + REAKTOR_HOST = "irc.r"; }; plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; channels = [ "#retiolum" ]; diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index 05754dc7f..b913f3056 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -21,7 +21,7 @@ let verbose = true; channel = "#retiolum"; # TODO remove the hardcoded hostname - server = "ni.r"; + server = "irc.r"; }; }; }; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 5604383e7..5d46cabb3 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -59,7 +59,7 @@ let verbose = config.krebs.build.host.name == "gum"; channel = "#retiolum"; # TODO remove the hardcoded hostname - server = "ni.r"; + server = "irc.r"; }; }; }; diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index bb91b4478..7548c733e 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,7 +2,7 @@ with import ; let - irc-server = "ni.r"; + irc-server = "rc.r"; irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; -- cgit v1.2.3 From 0fe3f562d7dc66dc4dcf39522fc17ccce6ee30b4 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:01:48 +0200 Subject: ma cake.r: init --- krebs/3modules/makefu/default.nix | 25 +++++++++++++++++++++++++ makefu/1systems/cake/config.nix | 20 ++++++++++++++++++++ makefu/1systems/cake/source.nix | 3 +++ 3 files changed, 48 insertions(+) create mode 100644 makefu/1systems/cake/config.nix create mode 100644 makefu/1systems/cake/source.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index a34c8cd97..d80935683 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -4,6 +4,31 @@ with import ; { hosts = mapAttrs (_: setAttr "owner" config.krebs.users.makefu) { + cake = rec { + cores = 1; + ci = false; + nets = { + retiolum = { + ip4.addr = "10.243.136.236"; + ip6.addr = "42:b3b2:9552:eef0:ee67:f3b3:8d33:eee1"; + aliases = [ + "cake.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA0khdelSrOV/ZI9vvbV5aT1wVn2IfUfIdDCQIOnF2mZsrnIcuaedu + jRfZnJST1vOfL7JksF1+8pYwSn34CjJCGhyFf25lc6mARXmZe/araNrVpTntCy2+ + MqG8KZe4mIda/WPTXRYGtFVQZeClM5SCZ7EECtw8sEkwt2QtOv43p/hiMXAkOQsq + 6xc9/b4Bry7d+IjJs3waKfFQllF+C+GuK8yF0YnCEb6GZw7xkxHIO1QV4KSQ4CH7 + 36kEAdCSQ5rgaygRanUlUl+duQn1MLQ+lRlerAEcFfKrr3MKNz2jmGth8iUURdyP + MHjSWe+RkLQ6zzBaVgoKKuI9MbIbhenJWwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGyJlI0YpIh/LiiPMseD2IBHg+uVGrkSy0MPNeD+Jv8Y cake"; + }; drop = rec { ci = true; cores = 1; diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix new file mode 100644 index 000000000..0630d19ad --- /dev/null +++ b/makefu/1systems/cake/config.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: +{ + imports = [ + + # configure your hw: + # + # + # { + name="cake"; +} \ No newline at end of file -- cgit v1.2.3 From f0053f2dca7b5089aa7f22fb09d9cf2109b5835a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 14:21:34 +0200 Subject: l #krebs@irc.r -> #xxx@irc.r --- lass/2configs/git.nix | 4 ++-- lass/2configs/reaktor-retiolum.nix | 2 +- lass/2configs/repo-sync.nix | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index 91318b530..4a2199b39 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -77,7 +77,7 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#krebs"; + channel = "#xxx"; server = "irc.r"; verbose = config.krebs.build.host.name == "prism"; # TODO define branches in some kind of option per repo @@ -98,7 +98,7 @@ let post-receive = pkgs.git-hooks.irc-announce { # TODO make nick = config.krebs.build.host.name the default nick = config.krebs.build.host.name; - channel = "#krebs"; + channel = "#xxx"; server = "irc.r"; verbose = true; # TODO define branches in some kind of option per repo diff --git a/lass/2configs/reaktor-retiolum.nix b/lass/2configs/reaktor-retiolum.nix index 0ec825522..144b7d484 100644 --- a/lass/2configs/reaktor-retiolum.nix +++ b/lass/2configs/reaktor-retiolum.nix @@ -4,7 +4,7 @@ with import ; { krebs.Reaktor.retiolum = { nickname = "Reaktor|lass"; - channels = [ "#krebs" ]; + channels = [ "#xxx" ]; extraEnviron = { REAKTOR_HOST = "irc.r"; }; diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index 12a2c0fe8..f3ef23e67 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -15,7 +15,7 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#krebs"; + channel = "#xxx"; server = "irc.r"; branches = [ "newest" ]; }; -- cgit v1.2.3 From cf62603b129ff4afad5fac4789ee98d1beddda3b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 1 Oct 2017 14:26:12 +0200 Subject: #krebs@irc.r -> #xxx@irc.r --- krebs/2configs/repo-sync.nix | 2 +- krebs/3modules/announce-activation.nix | 2 +- krebs/3modules/ci.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 9b60dc552..84b7d9c0e 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -15,7 +15,7 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = false; - channel = "#krebs"; + channel = "#xxx"; server = "irc.r"; branches = [ "master" ]; }; diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index 73704ae27..8f8440eb7 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -35,7 +35,7 @@ in { irc = { # TODO rename channel to target? channel = mkOption { - default = "#krebs"; + default = "#xxx"; type = types.str; # TODO types.irc-channel }; nick = mkOption { diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 49d5bbc93..adbc1ebe1 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -134,7 +134,7 @@ in enable = true; nick = "build|${hostname}"; server = "irc.r"; - channels = [ "krebs" "noise" ]; + channels = [ "xxx" "noise" ]; allowForce = true; }; extraConfig = '' -- cgit v1.2.3 From b01385c974dd3f4a9cbf0e7e992e960cd9ebf295 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:28:34 +0200 Subject: ma: #retiolum -> #xxx --- makefu/1systems/pnp/config.nix | 2 +- makefu/2configs/git/brain-retiolum.nix | 2 +- makefu/2configs/git/cgit-retiolum.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/pnp/config.nix b/makefu/1systems/pnp/config.nix index 47fa74c00..6c9fc0606 100644 --- a/makefu/1systems/pnp/config.nix +++ b/makefu/1systems/pnp/config.nix @@ -38,7 +38,7 @@ REAKTOR_HOST = "irc.r"; }; plugins = with pkgs.ReaktorPlugins; [ stockholm-issue nixos-version sed-plugin ]; - channels = [ "#retiolum" ]; + channels = [ "#xxx" ]; }; krebs.build.host = config.krebs.hosts.pnp; diff --git a/makefu/2configs/git/brain-retiolum.nix b/makefu/2configs/git/brain-retiolum.nix index b913f3056..3be3fccef 100644 --- a/makefu/2configs/git/brain-retiolum.nix +++ b/makefu/2configs/git/brain-retiolum.nix @@ -19,7 +19,7 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = true; - channel = "#retiolum"; + channel = "#xxx"; # TODO remove the hardcoded hostname server = "irc.r"; }; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 5d46cabb3..ed890fe40 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -57,7 +57,7 @@ let post-receive = pkgs.git-hooks.irc-announce { nick = config.networking.hostName; verbose = config.krebs.build.host.name == "gum"; - channel = "#retiolum"; + channel = "#xxx"; # TODO remove the hardcoded hostname server = "irc.r"; }; -- cgit v1.2.3 From e62f376e6177f3efb0e0bcd3aad97a991c3b6d60 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 1 Oct 2017 14:42:20 +0200 Subject: ma tools: disable skype --- makefu/2configs/tools/core-gui.nix | 1 - makefu/2configs/tools/extra-gui.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 0538647ae..2f80b08c9 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -13,7 +13,6 @@ keepassx pcmanfm evince - skype mirage tightvnc gnome3.dconf diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index b2d616764..bcc068d82 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -6,7 +6,7 @@ gimp inkscape libreoffice - skype + # skype synergy tdesktop virtmanager -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/b3000000.lock: No such file or directory (2)