From a5459c371efb6fad343afe7c5a8295e445b34657 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 May 2021 20:09:18 +0200 Subject: ircd: add oper:general for umode addon --- krebs/2configs/ircd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index d4ac9e42a..d26aa5962 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -61,7 +61,7 @@ }; privset "op" { - privs = oper:admin; + privs = oper:admin, oper:general; }; operator "aids" { -- cgit v1.2.3 From 1365fd2c7f435562dc194e0c0910aa3d4032d75f Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 25 May 2021 20:10:21 +0200 Subject: news: bind brockman to solanum for mutual restart --- krebs/2configs/news.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/2configs') diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 2da3e6fcc..84a39f95b 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -68,6 +68,7 @@ wantedBy = [ "multi-user.target" ]; }; + systemd.services.brockman.bindsTo = [ "solanum.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { -- cgit v1.2.3 From 24aa4fc14673adfd419e7219eebfb0eb39c19ce4 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 2 Jun 2021 00:30:39 +0200 Subject: shack/worlddomination: stdenv.lib -> lib Deprecated since nixpkgs 21.05 --- krebs/2configs/shack/worlddomination.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 61b72d9a8..4bdb095f1 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -58,7 +58,7 @@ let src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; }; propagatedBuildInputs = [ ]; doCheck = false; # 2 errors, dunnolol - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.mit; description = "Python CoAP library"; @@ -68,7 +68,7 @@ let name = "LinkHeader-0.4.3"; src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; propagatedBuildInputs = [ ]; - meta = with pkgs.stdenv.lib; { + meta = with pkgs.lib; { homepage = ""; license = licenses.bsdOriginal; description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; -- cgit v1.2.3 From 45e031cd6b9ad15881f2f69e649234337aa26e4c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 13:05:55 +0200 Subject: hw x220: disable deprecated rngd --- krebs/2configs/hw/x220.nix | 2 -- 1 file changed, 2 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index 3780e0d7d..bb273652d 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -22,8 +22,6 @@ with import ; pkgs.vaapiVdpau ]; - security.rngd.enable = mkDefault true; - services.xserver = { videoDriver = "intel"; }; -- cgit v1.2.3 From 032341bd35c6e387b7e0e0600f74a9c45dacc159 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 5 Jun 2021 14:14:56 +0200 Subject: reaktor2: isSystemUser --- krebs/2configs/reaktor2.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/2configs') diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index 2823aabef..14e0a3d7a 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -119,6 +119,7 @@ in { users.users.reaktor2 = { uid = genid_uint31 "reaktor2"; home = stateDir; + isSystemUser = true; }; krebs.reaktor2 = { -- cgit v1.2.3 From b37a74c688e272587433874cb779bdc367e127a2 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 19:13:25 +0200 Subject: puyak.r/shack: isSystemUser everything --- krebs/2configs/shack/muell_mail.nix | 1 + krebs/2configs/shack/muellshack.nix | 1 + krebs/2configs/shack/node-light.nix | 1 + krebs/2configs/shack/powerraw.nix | 5 ++++- krebs/2configs/shack/s3-power.nix | 1 + krebs/2configs/shack/shackDNS.nix | 1 + krebs/2configs/shack/share.nix | 1 + 7 files changed, 10 insertions(+), 1 deletion(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 481564719..951450200 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -12,6 +12,7 @@ let in { users.users.muell_mail = { inherit home; + isSystemUser = true; createHome = true; }; systemd.services.muell_mail = { diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index e894b9394..b032b4299 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -13,6 +13,7 @@ let in { users.users.muellshack = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."muell.shack" = { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 4a981ea87..2e69d5aaa 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -14,6 +14,7 @@ in { networking.firewall.allowedUDPPorts = [ 2342 ]; users.users.node-light = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."lounge.light.shack" = { diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index cc3692e85..43c743587 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -14,7 +14,10 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; - users.users.powermeter.extraGroups = [ "dialout" ]; + users.users.powermeter = { + extraGroups = [ "dialout" ]; + isSystemUser = true; + }; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index f3ea67f79..0ce8a8786 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -14,6 +14,7 @@ in { users.users.s3_power = { inherit home; createHome = true; + isSystemUser = true; }; systemd.services.s3-power = { startAt = "daily"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 807bb7e65..c9cdfd24b 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,6 +30,7 @@ in { users.users.shackDNS = { inherit home; createHome = true; + isSystemUser = true; }; services.nginx.virtualHosts."leases.shack" = { locations."/" = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d8d65d309..d08eb8ab5 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -4,6 +4,7 @@ uid = config.ids.uids.smbguest; group = "share"; description = "smb guest user"; + isNormalUser = true; home = "/home/share"; createHome = true; }; -- cgit v1.2.3 From f7dfc2c43ad99f5971b12a6f6a8c88cca3634f77 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 5 Jun 2021 20:06:00 +0200 Subject: ma samba: remove isNormalUser again --- krebs/2configs/shack/share.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'krebs/2configs') diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d08eb8ab5..3eb30964e 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -1,10 +1,9 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser group = "share"; description = "smb guest user"; - isNormalUser = true; home = "/home/share"; createHome = true; }; -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/31000000.lock: No such file or directory (2)