diff options
-rw-r--r-- | krebs/3modules/makefu/default.nix | 7 | ||||
-rw-r--r-- | makefu/1systems/cake/config.nix | 21 | ||||
-rw-r--r-- | makefu/1systems/cake/source.nix | 3 | ||||
-rw-r--r-- | makefu/1systems/gum/config.nix | 4 | ||||
-rw-r--r-- | makefu/1systems/x/config.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/git/cgit-retiolum.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/stats/telegraf/europastats.nix | 2 | ||||
-rw-r--r-- | makefu/2configs/tools/sec-gui.nix | 15 | ||||
-rw-r--r-- | makefu/2configs/tools/steam.nix | 4 | ||||
-rw-r--r-- | makefu/2configs/urlwatch/default.nix | 1 | ||||
-rw-r--r-- | makefu/3modules/server-config.nix | 15 | ||||
-rw-r--r-- | makefu/5pkgs/custom/inkscape/dxf_fix.patch | 11 | ||||
-rw-r--r-- | makefu/5pkgs/default.nix | 2 | ||||
-rw-r--r-- | makefu/5pkgs/drozer/default.nix | 2 | ||||
-rw-r--r-- | makefu/6tests/data/secrets/ssh_host_rsa_key | 0 | ||||
-rw-r--r-- | makefu/source.nix | 10 |
16 files changed, 64 insertions, 37 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d80935683..401cba97a 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -580,7 +580,8 @@ with import <stockholm/lib>; ''; }; }; - ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + # configured manually + # ssh.privkey.path = <secrets/ssh_host_ed25519_key>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; shoney = rec { @@ -1031,6 +1032,10 @@ with import <stockholm/lib>; inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOXG6iwvm6zUVk+OE9ZviO+WNosAHSZw4ku0RxWbXSlSG0RfzvV4IfByF3Dw+4a8yZQmjwNkQalUURh2fEqhBLBI9XNEIL7qIu17zheguyXzpE3Smy4pbI+fjdsnfFrw+WE2n/IO8N6ojdH6sMmnWwfkFZYqqofWyLB3WUN9wy2b2z0w/jc56+HxxyTl3rD7CttTs9ak67HqIn3/pNeHoOM+JQ/te8t4ageIlPi8yJJpqZgww1RUWCgPPwZ9DP6gQjo85he76x0h9jvhnFd7m9N1aGdRDcK55QyoY/9x07R24GRutohAB/KDWSkDWQv5BW7M1LCawpJcF3DDslD1i7 makefu@gum"; }; + makefu-android = { + inherit (makefu) mail pgp; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoAtBa10AbiFXfYL4Za7e0CLeXJeH6FhMqVZFqElLkJBKmQ7c7WEMlnuRhEZWSFDXBpaS7p73s5MMOZA13uYv6fI2ipOOwE9Ej1EoMsrQGegBp2VDMo0wnr/sgTL1do+uGI85E/i0uFw0DYhXqlZQk1eK8SdgXYltiVL27IA3NG2kYuoTIvJgRnaPJjTbhLBWti3m586LuO+pBKtcTt1D9EV6wp+6Jum4owPtCgVPQaZfFGYWkEiINV83WX9HoIk4S3bTPLh8Kfp0je0xsioS4T9/cxSPgUie8MjSg0irvLJXRH0JOVuG5NvZTYhAAekwNkHll9CtypPrutjbrXPXf makefu@x"; + }; makefu-bob = { inherit (makefu) mail pgp; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+fEK1bCB8cdDiBzXBXEWLFQyp/7xjNGQ5GyqHOtgxxe6Ypb0kAaWJaG3Ak/qI/nToGKwkQJLsuYNA3lZj2rFyBdoxnNO3kRFTc7NoaU5mC2BlHbpmn9dzvgiBoRAKAlzj/022u65SI19AFciKXtwqQfjuB3mPVOFOfCFB2SYjjWb8ffPnHp6PB5KKNLxaVPCbZgOdSju25/wB2lY00W8WIDOTqfbNClQnjkLsUZpTuRnvpHTemKtt1FH+WBZiMwMXRt19rm9LFSO7pvrZjdJz0l1TZVsODkbKZzQzSixoCPmdpPPAYaqrGUQpmukXk0xQtR3E2jEsk+FJv4AkIKqD"; diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index 826af24e7..e8438e50d 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -1,7 +1,8 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = [ <stockholm/makefu> + <stockholm/makefu/2configs/tools/core.nix> # configure your hw: # <stockholm/makefu/2configs/save-diskspace.nix> ]; @@ -18,6 +19,24 @@ programs.info.enable = false; programs.man.enable = false; services.nixosManual.enable = false; + boot.tmpOnTmpfs = lib.mkForce false; + + hardware.enableRedistributableFirmware = true; + hardware.firmware = [ + (pkgs.stdenv.mkDerivation { + name = "broadcom-rpi3-rest"; + src = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/54bab3d/brcm80211/brcm/brcmfmac43430-sdio.txt"; + sha256 = "19bmdd7w0xzybfassn7x4rb30l70vynnw3c80nlapna2k57xwbw7"; + }; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/lib/firmware/brcm + cp $src $out/lib/firmware/brcm/brcmfmac43430-sdio.txt + ''; + }) + ]; + networking.wireless.enable = true; # File systems configuration for using the installer's partition layout fileSystems = { diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix index 797417a1d..cd97a7c62 100644 --- a/makefu/1systems/cake/source.nix +++ b/makefu/1systems/cake/source.nix @@ -1,3 +1,4 @@ import <stockholm/makefu/source.nix> { name="cake"; -}
\ No newline at end of file + full = true; +} diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index e1357ff01..e769b1e22 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -81,7 +81,9 @@ in { ]; makefu.dl-dir = "/var/download"; - + services.openssh.hostKeys = [ + { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; } + { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ]; ###### stable services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ]; krebs.build.host = config.krebs.hosts.gum; diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 443f912d8..f7db75564 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -57,7 +57,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/tor.nix> <stockholm/makefu/2configs/vpn/vpngate.nix> # <stockholm/makefu/2configs/buildbot-standalone.nix> - <stockholm/makefu/2configs/remote-build/master.nix> + # <stockholm/makefu/2configs/remote-build/master.nix> # Hardware <stockholm/makefu/2configs/hw/tp-x230.nix> diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index ed890fe40..da246f66a 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -68,7 +68,7 @@ let # TODO: get the list of all krebsministers krebsminister = with config.krebs.users; [ lass tv ]; - all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob makefu-tempx ]; + all-makefu = with config.krebs.users; [ makefu makefu-omo makefu-tsp makefu-vbob makefu-tempx makefu-android ]; all-exco = with config.krebs.users; [ exco ]; priv-rules = repo: set-owners repo all-makefu; diff --git a/makefu/2configs/stats/telegraf/europastats.nix b/makefu/2configs/stats/telegraf/europastats.nix index 9249280c5..2ab62766a 100644 --- a/makefu/2configs/stats/telegraf/europastats.nix +++ b/makefu/2configs/stats/telegraf/europastats.nix @@ -4,7 +4,7 @@ let rev = "be31da7"; name = "europastats-${rev}"; propagatedBuildInputs = [ - requests2 + requests docopt ]; src = pkgs.fetchgit { diff --git a/makefu/2configs/tools/sec-gui.nix b/makefu/2configs/tools/sec-gui.nix index 2db3e4391..95f130ae8 100644 --- a/makefu/2configs/tools/sec-gui.nix +++ b/makefu/2configs/tools/sec-gui.nix @@ -1,8 +1,15 @@ { pkgs, ... }: { - krebs.per-user.makefu.packages = with pkgs; [ - tpmmanager - wireshark - ]; + users.users.makefu = { + extraGroups = [ "wireshark" ]; + packages = with pkgs; [ + tpmmanager + ]; + }; + + programs.wireshark = { + enable = true; + package = pkgs.wireshark; + }; } diff --git a/makefu/2configs/tools/steam.nix b/makefu/2configs/tools/steam.nix index 200ea4719..048c1d1a3 100644 --- a/makefu/2configs/tools/steam.nix +++ b/makefu/2configs/tools/steam.nix @@ -1,9 +1,7 @@ {pkgs, ...}: { users.users.makefu.packages = [ - (pkgs.steam.override { - newStdcpp = true; - }) + pkgs.steam ]; hardware.opengl.driSupport32Bit = true; hardware.pulseaudio.support32Bit = true; diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 2eecd6428..677950f43 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -35,6 +35,7 @@ in { http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack https://git.tasktools.org/TM/taskd/info/refs?service=git-upload-pack + http://www.iozone.org/src/current/ { url = https://newellrubbermaid.secure.force.com/dymopkb/articles/en_US/FAQ/Dymo-Drivers-and-Downloads/?l=en_US&c=Segment:Dymo&fs=Search&pn=1 ; diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix index 846642580..9cac59205 100644 --- a/makefu/3modules/server-config.nix +++ b/makefu/3modules/server-config.nix @@ -1,15 +1,14 @@ {config, lib, pkgs, ... }: -with import <stockholm/lib>; -{ +with lib;{ options.makefu.server.primary-itf = lib.mkOption { - type = types.str; - description = "Primary interface of the server"; - }; + type = types.str; + description = "Primary interface of the server"; + }; options.makefu.gui.user = lib.mkOption { - type = types.str; - description = "GUI user"; + type = types.str; + description = "GUI user"; default = config.krebs.build.user.name; - }; + }; } diff --git a/makefu/5pkgs/custom/inkscape/dxf_fix.patch b/makefu/5pkgs/custom/inkscape/dxf_fix.patch index 5ea0a073e..b7b491d4e 100644 --- a/makefu/5pkgs/custom/inkscape/dxf_fix.patch +++ b/makefu/5pkgs/custom/inkscape/dxf_fix.patch @@ -1,13 +1,12 @@ ---- ./share/extensions/dxf_outlines.py 2017-02-14 00:46:57.000000000 +0100 -+++ ./share/extensions/dxf_outlines.py.new 2017-05-10 04:15:03.000000000 +0200 -@@ -340,7 +340,7 @@ - scale = eval(self.options.units) +--- ./share/extensions/dxf_outlines.py 2017-10-08 17:28:45.553368917 +0200 ++++ ./share/extensions/dxf_outlines.py.new 2017-10-08 17:29:20.172554152 +0200 +@@ -341,7 +341,7 @@ if not scale: scale = 25.4/96 # if no scale is specified, assume inch as baseunit + scale /= self.unittouu('1px') - h = self.unittouu(self.document.getroot().xpath('@height', namespaces=inkex.NSS)[0]) -+ h = self.unittouu(self.getDocumentHeight()) ++ h = self.unittouu(self.documentHeight()) self.groupmat = [[[scale, 0.0, 0.0], [0.0, -scale, h*scale]]] doc = self.document.getroot() self.process_group(doc) - diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix index 96975e54f..e99aa696b 100644 --- a/makefu/5pkgs/default.nix +++ b/makefu/5pkgs/default.nix @@ -24,7 +24,7 @@ in { alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";}; alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";}; qcma = super.pkgs.libsForQt5.callPackage ./custom/qcma { }; - inherit (callPackage ./devpi {}) devpi-web devpi-server devpi-client; + inherit (callPackage ./devpi {}) devpi-web devpi-server; nodemcu-uploader = super.pkgs.callPackage ./nodemcu-uploader {}; inkscape = super.pkgs.stdenv.lib.overrideDerivation super.inkscape (old: { patches = [ ./custom/inkscape/dxf_fix.patch ]; diff --git a/makefu/5pkgs/drozer/default.nix b/makefu/5pkgs/drozer/default.nix index 885777be4..3df67d07e 100644 --- a/makefu/5pkgs/drozer/default.nix +++ b/makefu/5pkgs/drozer/default.nix @@ -5,7 +5,7 @@ pythonPackages.buildPythonApplication rec { version = "2.4.3"; buildInputs = [ jdk7 ]; propagatedBuildInputs = with pythonPackages; [ - protobuf3_2 + protobuf pyopenssl pyyaml ] ++ [ diff --git a/makefu/6tests/data/secrets/ssh_host_rsa_key b/makefu/6tests/data/secrets/ssh_host_rsa_key new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/6tests/data/secrets/ssh_host_rsa_key diff --git a/makefu/source.nix b/makefu/source.nix index a29d09008..013426195 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -11,14 +11,10 @@ let then "buildbot" else "makefu"; _file = <stockholm> + "/makefu/1systems/${name}/source.nix"; - ref = "59e7765"; # unstable @ 2017-09-04 - # + graceful requests2 (a772c3a) - # + mitmproxy fix (eee2d17) - # + tpm-tools fix (5cb9987) - # + dnscrypt-wrapper (25703c3) - # + lass wvstream fix (76f4910,37cc2bc,0d48837) + ref = "727a3a3"; # unstable @ 2017-10-07 + # + revert wvdial (76f4910) # + ruby stuff (2f0b17e4be9,55a952be5b5) - # + proot aarch64 fix (05d2603173d) + # + mitmproxy fix (360a5efd,ef52c95b) in evalSource (toString _file) [ |