summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authornin <nineinchnade@gmail.com>2017-07-06 20:36:05 +0200
committernin <nineinchnade@gmail.com>2017-07-06 20:36:05 +0200
commitde8baa21bf122242c4ad6a4c17405259037149c8 (patch)
tree85e34f8040799313fa73a23eddb41ab5eec1d9e9 /krebs
parent060ae725c32e6490d47bc3153de076ace26b59fd (diff)
parent438fdd2bd8e363567f544966e49d00f728921301 (diff)
Merge branch 'master' of prism:stockholm
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/build.nix2
-rw-r--r--krebs/3modules/makefu/default.nix2
-rw-r--r--krebs/3modules/urlwatch.nix17
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/chmod.patch15
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/default.nix86
-rw-r--r--krebs/5pkgs/simple/whatsupnix/whatsupnix.bash9
6 files changed, 112 insertions, 19 deletions
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 51f192703..976d378f9 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -24,4 +24,6 @@ with import <stockholm/lib>;
type = types.user;
};
};
+
+ config.krebs.build.source.stockholm.file = mkDefault (toString <stockholm>);
}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 4c0ce0fe3..c517ac1d8 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -308,7 +308,6 @@ with import <stockholm/lib>;
extraZones = {
"krebsco.de" = ''
wry IN A ${nets.internet.ip4.addr}
- io IN NS wry.krebsco.de.
tinc IN A ${nets.internet.ip4.addr}
'';
};
@@ -470,6 +469,7 @@ with import <stockholm/lib>;
wiki.euer IN A ${nets.internet.ip4.addr}
graph IN A ${nets.internet.ip4.addr}
ghook IN A ${nets.internet.ip4.addr}
+ io IN NS gum.krebsco.de.
'';
};
nets = rec {
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index c06e5ddb1..463fa26ba 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -60,6 +60,7 @@ let
description = "URL to watch.";
example = [
https://nixos.org/channels/nixos-unstable/git-revision
+ { url = http://localhost ; filter = "grep:important.*stuff"; }
];
apply = map (x: getAttr (typeOf x) {
set = x;
@@ -79,7 +80,8 @@ let
};
urlsFile = pkgs.writeText "urls"
- (concatMapStringsSep "\n---\n" toJSON cfg.urls);
+ (concatMapStringsSep "\n---\n"
+ (x: toJSON (filterAttrs (n: v: n != "_module") x)) cfg.urls);
hooksFile = cfg.hooksFile;
@@ -142,17 +144,6 @@ let
PrivateTmp = "true";
SyslogIdentifier = "urlwatch";
Type = "oneshot";
- ExecStartPre =
- pkgs.writeDash "urlwatch-prestart" ''
- set -euf
-
- dataDir=$HOME
-
- if ! test -e "$dataDir"; then
- mkdir -m 0700 -p "$dataDir"
- chown ${user.name}: "$dataDir"
- fi
- '';
ExecStart = pkgs.writeDash "urlwatch" ''
set -euf
@@ -185,6 +176,8 @@ let
};
users.extraUsers = singleton {
inherit (user) name uid;
+ home = cfg.dataDir;
+ createHome = true;
};
};
diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch
new file mode 100644
index 000000000..dd6933208
--- /dev/null
+++ b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch
@@ -0,0 +1,15 @@
+diff --git a/hier.c b/hier.c
+index 5663ada..1d73b84 100644
+--- a/hier.c
++++ b/hier.c
+@@ -2,8 +2,8 @@
+
+ void hier()
+ {
+- h(auto_home,-1,-1,02755);
+- d(auto_home,"bin",-1,-1,02755);
++ h(auto_home,-1,-1,0755);
++ d(auto_home,"bin",-1,-1,0755);
+
+ c(auto_home,"bin","tcpserver",-1,-1,0755);
+ c(auto_home,"bin","tcprules",-1,-1,0755);
diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix
new file mode 100644
index 000000000..3b043be06
--- /dev/null
+++ b/krebs/5pkgs/simple/ucspi-tcp/default.nix
@@ -0,0 +1,86 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+ name = "ucspi-tcp-0.88";
+
+ src = fetchurl {
+ url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz";
+ sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja";
+ };
+
+ # Plain upstream tarball doesn't build, get patches from Debian
+ patches = [
+ (fetchurl {
+ url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz";
+ sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6";
+ })
+ ./chmod.patch
+ ];
+
+ # Apply Debian patches
+ postPatch = ''
+ for fname in debian/diff/*.diff; do
+ echo "Applying patch $fname"
+ patch < "$fname"
+ done
+ '';
+
+ # The build system is weird; 'make install' doesn't install anything, instead
+ # it builds an executable called ./install (from C code) which installs
+ # binaries to the directory given on line 1 in ./conf-home.
+ #
+ # Also, assume getgroups and setgroups work, instead of doing a build time
+ # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID
+ # capability).
+ preBuild = ''
+ echo "$out" > conf-home
+
+ echo "main() { return 0; }" > chkshsgr.c
+ '';
+
+ installPhase = ''
+ mkdir -p "$out/bin"
+ mkdir -p "$out/share/man/man1"
+
+ # run the newly built installer
+ ./install
+
+ # Install Debian man pages (upstream has none)
+ cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1"
+ '';
+
+ meta = with stdenv.lib; {
+ description = "Command-line tools for building TCP client-server applications";
+ longDescription = ''
+ tcpserver waits for incoming connections and, for each connection, runs a
+ program of your choice. Your program receives environment variables
+ showing the local and remote host names, IP addresses, and port numbers.
+
+ tcpserver offers a concurrency limit to protect you from running out of
+ processes and memory. When you are handling 40 (by default) simultaneous
+ connections, tcpserver smoothly defers acceptance of new connections.
+
+ tcpserver also provides TCP access control features, similar to
+ tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules
+ are compiled into a hashed format with cdb, so it can easily deal with
+ thousands of different hosts.
+
+ This package includes a recordio tool that monitors all the input and
+ output of a server.
+
+ tcpclient makes a TCP connection and runs a program of your choice. It
+ sets up the same environment variables as tcpserver.
+
+ This package includes several sample clients built on top of tcpclient:
+ who@, date@, finger@, http@, tcpcat, and mconnect.
+
+ tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program
+ Interface, using the TCP protocol. UCSPI tools are available for several
+ different networks.
+ '';
+ homepage = http://cr.yp.to/ucspi-tcp.html;
+ license = licenses.publicDomain;
+ platforms = platforms.linux;
+ maintainers = [ maintainers.bjornfor ];
+ };
+}
diff --git a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
index 042763048..2ad9aadc9 100644
--- a/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
+++ b/krebs/5pkgs/simple/whatsupnix/whatsupnix.bash
@@ -17,25 +17,22 @@
# 2 Build error; at least one failed derivation could be found.
#
-GAWK=${GAWK:-gawk}
-NIX_STORE=${NIX_STORE:-nix-store}
-
failed_drvs=$(mktemp --tmpdir whatsupnix.XXXXXXXX)
trap 'rm -f -- "$failed_drvs"' EXIT
exec >&2
-$GAWK -v failed_drvs="$failed_drvs" '
+gawk -v failed_drvs="$failed_drvs" '
match($0, /^builder for ‘(\/nix\/store\/[^’]+\.drv)’ failed/, m) {
print m[1] >> failed_drvs
}
- { print $0 }
+ { print $0; fflush("/dev/stdout") }
'
case $# in
0)
print_log() {
- NIX_PAGER= $NIX_STORE -l "$1"
+ NIX_PAGER= nix-store -l "$1"
}
;;
1)