summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/exim-smarthost.nix10
-rw-r--r--krebs/2configs/reaktor2.nix4
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/external/dbalan.nix50
-rw-r--r--krebs/3modules/external/mic92.nix21
-rw-r--r--krebs/3modules/github-known-hosts.nix2
-rw-r--r--krebs/3modules/iana-etc.nix2
-rw-r--r--krebs/5pkgs/override/default.nix25
-rw-r--r--krebs/5pkgs/override/flameshot/flameshot_imgur_0.10.2.patch (renamed from krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch)0
-rw-r--r--krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch34
-rw-r--r--krebs/5pkgs/simple/cidr2glob.nix5
-rw-r--r--krebs/5pkgs/simple/veroroute.nix28
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rw-r--r--lass/2configs/fysiirc.nix9
-rw-r--r--lass/2configs/radio/default.nix2
-rw-r--r--lass/2configs/radio/weather_for_ips.py6
-rw-r--r--lass/2configs/websites/domsen.nix2
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/drbd.nix118
-rw-r--r--lass/krops.nix14
-rw-r--r--tv/1systems/alnus/config.nix6
-rw-r--r--tv/1systems/mu/config.nix36
-rw-r--r--tv/1systems/querel/config.nix20
-rw-r--r--tv/1systems/xu/config.nix4
-rw-r--r--tv/2configs/default.nix3
-rw-r--r--tv/2configs/man.nix8
-rw-r--r--tv/2configs/networkd.nix4
-rw-r--r--tv/2configs/pulse.nix2
-rw-r--r--tv/2configs/xserver/default.nix4
-rw-r--r--tv/5pkgs/default.nix2
-rw-r--r--tv/5pkgs/haskell/xmonad-tv/src/main.hs8
-rw-r--r--tv/5pkgs/override/dhcpcd.nix7
-rw-r--r--tv/5pkgs/simple/ff.nix2
-rw-r--r--tv/5pkgs/simple/fzmenu/default.nix47
35 files changed, 326 insertions, 177 deletions
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index 224a38ac3..82f8ec942 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -22,13 +22,11 @@ in {
tv
];
in {
- "anmeldung@eloop.org" = eloop-ml;
"brain@krebsco.de" = brain-ml;
- "cfp2019@eloop.org" = eloop-ml;
- "eloop2019@krebsco.de" = eloop-ml;
- "kontakt@eloop.org" = eloop-ml;
- "root@eloop.org" = eloop-ml;
- "youtube@eloop.org" = eloop-ml;
+ "eloop2022@krebsco.de" = eloop-ml;
+ "root@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead
+ "spam@eloop.org" = eloop-ml;
+ "youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead
"postmaster@krebsco.de" = spam-ml; # RFC 822
"lass@krebsco.de" = lass;
"makefu@krebsco.de" = makefu;
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 205cc96f4..2ed0b08fb 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -71,12 +71,12 @@ let
${pkgs.hledger}/bin/hledger -f $state_file bal -N -O csv \
| ${pkgs.coreutils}/bin/tail +2 \
| ${pkgs.miller}/bin/mlr --icsv --opprint cat \
- | ${pkgs.gnused}/bin/sed 's/^/the_/'
+ | ${pkgs.gnused}/bin/sed 's/^\(.\)/\1‍/'
'';
};
}
{
- pattern = ''^([\H-]*):?\s+([+-][1-9][0-9]*)\s+(\S+)$'';
+ pattern = ''^([\H-]*?):?\s+([+-][1-9][0-9]*)\s+(\S+)$'';
activate = "match";
arguments = [1 2 3];
command = {
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 2d73da884..8ea727dc7 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -102,6 +102,7 @@ let
imp = lib.mkMerge [
{ krebs = import ./external { inherit config; }; }
+ { krebs = import ./external/dbalan.nix { inherit config; }; }
{ krebs = import ./external/kmein.nix { inherit config; }; }
{ krebs = import ./external/mic92.nix { inherit config; }; }
{ krebs = import ./external/palo.nix { inherit config; }; }
diff --git a/krebs/3modules/external/dbalan.nix b/krebs/3modules/external/dbalan.nix
new file mode 100644
index 000000000..301f010d3
--- /dev/null
+++ b/krebs/3modules/external/dbalan.nix
@@ -0,0 +1,50 @@
+with import <stockholm/lib>;
+{ config, ... }:
+let
+ hostDefaults = hostName: host: flip recursiveUpdate host ({
+ ci = false;
+ external = true;
+ monitoring = false;
+ owner = config.krebs.users.dbalan;
+ } // optionalAttrs (host.nets?retiolum) {
+ nets.retiolum = {
+ ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ };
+ } // optionalAttrs (host.nets?wiregrill) {
+ nets.wiregrill = {
+ ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ };
+ });
+in
+{
+ users = rec {
+ dbalan = {
+ mail = "dbalan@thaum.space";
+ pubkey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAiWF+U3VHNfp1IPU0/TWhMioxJvmoyG1AMZMvnQjy5QAAAABHNzaDo= dj@v60";
+ };
+ };
+ hosts = mapAttrs hostDefaults {
+ v60 = {
+ nets.retiolum = {
+ aliases = [ "v60.dbalan.r" ];
+ ip4.addr = "10.243.42.12";
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxVRxcCWfjLu9cNo5ELfXyuwhpJBSfod5f9JkclSpydVHaQBfeVC6
+ RKfdknQVL6RXiCMFsSAvCvmnIohmpUCbiQWu29P/g0jzQZZ7zNx5L7JHy18x9qAr
+ 1scu7FRdVErVuWKXXNt0+j45dA+u5HE6RLsjAHGYtQbAr21VLyLF3qq11IWNrFYU
+ uqSnM/ZPbOPPHLS8XtsQRdJ2cOkccSCO4W6xBar92aPFuDImH60VuxMFEKYWY2bz
+ p6q0K0rtRqW1qANTV62SUDeA1wMPlSmvnMFY7qesSLk6tJjJ02HwwiOvK2ov1/Rm
+ bpwcrqrrbUxbCaZC6t7pBBxUOZlGfnO3woZQm63+4TEw/YDHhxD0HbhH88Wc+eHy
+ I73tuL1oc01JxL131bJV6jcHG7LrG7wTsTdDaZpjbH54adJP47QpTMb0ggsx2WkD
+ mpxFFSnTZL7ghZO5NGPvidTBp+wJiSOv5igAjA72CvjR3tOF4d5Lsq4JsQeCStjA
+ OPrIrN0AnJRg2IFDXZEGwTS9AbLWX147O9VrNimLzezOylH4Eihn7GUJ5KLIPjLy
+ AvsgIYljoJuhGbM8QoWlakwqOndMeoqhz52ORZ5CDgfybJJEbyrYF8gYFVNJOzds
+ 9gy/F+27TwfjMgcheN2+ogJp+lD754aCF0EJMwaK8ElzQLqAzbBRGAsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "dcPFpCG94cq1KHD4TH9WgOl9fpc1589YvWkmnkEZcSC";
+ };
+ };
+ };
+}
diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix
index d63a6b306..3bd2c1b7b 100644
--- a/krebs/3modules/external/mic92.nix
+++ b/krebs/3modules/external/mic92.nix
@@ -681,27 +681,6 @@ in {
};
};
};
- jarvis = {
- owner = config.krebs.users.mic92;
- nets = rec {
- internet.addrs = [ "jarvis.thalheim.io" ];
- retiolum = {
- via = internet;
- aliases = [ "jarvis.r" ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIBCgKCAQEA7PtJlYBpBr2TK5CAvAukkGvj+esC+sMPKd3mO9iDwdViBrqKdf+D
- yEy8SI80Y02dpkL97NjvnzepKpyGQWpG1ZQflJLhCTj7oFyVpWd4XsbIuzYp5ES6
- r8qKWs2xcItc1pbW0ZmrCBzdWsC1B0VAHlYkiz+7vM6pCTvg6hNQugP4c1TRCtJC
- Sr+n+EjTXN/NTaKl+f7eoHJGnT5liDO3/xZVxm8AuLnron1xPPDghXClVHfDj5mt
- f66f+CLwZhq3BrZuptwXp7TerMfrNtPyTx96b+EyuLPjrYxKeKL/+Nbr3VmmiDIV
- tsraNc+0a8OBpVsYh4MQLp55NYwqxAoetQIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "RRkMnGSg+nMkz4L2iqmdFf2fIf4wIfcTM0TlTWLLNCE";
- };
- };
- };
bernie = {
owner = config.krebs.users.mic92;
nets = rec {
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix
index 7bdf5bb7c..eec719f27 100644
--- a/krebs/3modules/github-known-hosts.nix
+++ b/krebs/3modules/github-known-hosts.nix
@@ -57,6 +57,7 @@
"20.201.28.151"
"20.205.243.166"
"102.133.202.242"
+ "20.248.137.48"
"18.181.13.223"
"54.238.117.237"
"54.168.17.15"
@@ -70,6 +71,7 @@
"20.201.28.152"
"20.205.243.160"
"102.133.202.246"
+ "20.248.137.50"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
index e8037128d..9ed5f29c5 100644
--- a/krebs/3modules/iana-etc.nix
+++ b/krebs/3modules/iana-etc.nix
@@ -34,7 +34,7 @@ with import <stockholm/lib>;
'')
(filter (proto: entry.${proto} != null) ["tcp" "udp"])}
'') (attrValues config.krebs.iana-etc.services)}
- cat ${pkgs.iana_etc}/etc/services
+ cat ${pkgs.iana-etc}/etc/services
} |
sort -b -k 2,2 -u > $out
'');
diff --git a/krebs/5pkgs/override/default.nix b/krebs/5pkgs/override/default.nix
index fe13b4309..ae42bc1a3 100644
--- a/krebs/5pkgs/override/default.nix
+++ b/krebs/5pkgs/override/default.nix
@@ -10,20 +10,17 @@ self: super: {
});
flameshot = super.flameshot.overrideAttrs (old: rec {
- patches = old.patches or [] ++ {
- "0.6.0" = [
- ./flameshot/flameshot_imgur_0.6.0.patch
- ];
- "0.9.0" = [
- ./flameshot/flameshot_imgur_0.9.0.patch
- ];
- "0.10.1" = [
- ./flameshot/flameshot_imgur_0.9.0.patch
- ];
- "0.10.2" = [
- ./flameshot/flameshot_imgur_0.9.0.patch
- ];
- }.${old.version} or [];
+ name = "flameshot-${version}";
+ version = "0.10.2";
+ src = self.fetchFromGitHub {
+ owner = "flameshot-org";
+ repo = "flameshot";
+ rev = "v${version}";
+ sha256 = "sha256-rZUiaS32C77tFJmEkw/9MGbVTVscb6LOCyWaWO5FyR4=";
+ };
+ patches = old.patches or [] ++ [
+ ./flameshot/flameshot_imgur_0.10.2.patch
+ ];
});
# https://github.com/proot-me/PRoot/issues/106
diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.10.2.patch
index c4c0bf38a..c4c0bf38a 100644
--- a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.9.0.patch
+++ b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.10.2.patch
diff --git a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch b/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch
deleted file mode 100644
index 92023554a..000000000
--- a/krebs/5pkgs/override/flameshot/flameshot_imgur_0.6.0.patch
+++ /dev/null
@@ -1,34 +0,0 @@
---- a/src/tools/imgur/imguruploader.cpp
-+++ b/src/tools/imgur/imguruploader.cpp
-@@ -40,6 +40,7 @@
- #include <QTimer>
- #include <QJsonDocument>
- #include <QJsonObject>
-+#include <stdlib.h>
-
- ImgurUploader::ImgurUploader(const QPixmap &capture, QWidget *parent) :
- QWidget(parent), m_pixmap(capture)
-@@ -74,7 +75,10 @@ void ImgurUploader::handleReply(QNetworkReply *reply) {
- QJsonObject json = response.object();
- QJsonObject data = json["data"].toObject();
- m_imageURL.setUrl(data["link"].toString());
-- m_deleteImageURL.setUrl(QString("https://imgur.com/delete/%1").arg(
-+ char *deleteImageURLPattern = secure_getenv("IMGUR_DELETE_URL");
-+ if (deleteImageURLPattern == NULL)
-+ deleteImageURLPattern = "https://imgur.com/delete/%1";
-+ m_deleteImageURL.setUrl(QString(deleteImageURLPattern).arg(
- data["deletehash"].toString()));
- onUploadOk();
- } else {
-@@ -105,7 +109,10 @@ void ImgurUploader::upload() {
- QString description = FileNameHandler().parsedPattern();
- urlQuery.addQueryItem("description", description);
-
-- QUrl url("https://api.imgur.com/3/image");
-+ char *createImageURLPattern = secure_getenv("IMGUR_CREATE_URL");
-+ if (createImageURLPattern == NULL)
-+ createImageURLPattern = "https://api.imgur.com/3/image";
-+ QUrl url(createImageURLPattern);
- url.setQuery(urlQuery);
- QNetworkRequest request(url);
- request.setHeader(QNetworkRequest::ContentTypeHeader,
diff --git a/krebs/5pkgs/simple/cidr2glob.nix b/krebs/5pkgs/simple/cidr2glob.nix
index 9b0b3f86b..47a75ea41 100644
--- a/krebs/5pkgs/simple/cidr2glob.nix
+++ b/krebs/5pkgs/simple/cidr2glob.nix
@@ -1,6 +1,7 @@
-{ python, writeScriptBin, ... }:
+{ python3, writeScriptBin, ... }:
let
+ python = python3;
pythonEnv = python.withPackages (ps: [ ps.netaddr ]);
in
writeScriptBin "cidr2glob" ''
@@ -25,6 +26,6 @@ in
if __name__ == "__main__":
for cidr in sys.stdin:
for glob in cidr2glob(cidr):
- print glob
+ print(glob)
''
diff --git a/krebs/5pkgs/simple/veroroute.nix b/krebs/5pkgs/simple/veroroute.nix
new file mode 100644
index 000000000..e40c98e75
--- /dev/null
+++ b/krebs/5pkgs/simple/veroroute.nix
@@ -0,0 +1,28 @@
+{ pkgs }:
+
+pkgs.stdenv.mkDerivation rec {
+ pname = "veroroute";
+ version = "2.28";
+
+ src = pkgs.fetchurl {
+ url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz";
+ sha256 = "04dig0g4v1rz50mjj1k6jk99rqbg24hdx8kzrlwv0dlxm567lvc7";
+ };
+
+ buildInputs = [
+ pkgs.qt5.qtbase
+ ];
+ nativeBuildInputs = [
+ pkgs.qt5.wrapQtAppsHook
+ ];
+
+ buildPhase = ''
+ qmake Src/veroroute.pro
+ make
+ '';
+
+ installPhase = ''
+ sed -i 's;/usr;;g' veroroute-install.sh
+ pkgdir=$out bash ./veroroute-install.sh
+ '';
+}
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 49d65160d..9c50f9709 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060",
- "date": "2022-05-24T17:55:48+02:00",
- "path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs",
- "sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3",
+ "rev": "e4d49de45a3b5dbcb881656b4e3986e666141ea9",
+ "date": "2022-07-18T18:21:45+02:00",
+ "path": "/nix/store/665hb1ysmaadwh4axp7f9inhczq08xay-nixpkgs",
+ "sha256": "0y0c9ybkcfmjgrl93wzzlk7ii95kh2fb4v5ac5w6rmcsq2ff3yaz",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 3e20b2a87..799399ea7 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "d1086907f56c5a6c33c0c2e8dc9f42ef6988294f",
- "date": "2022-05-28T12:29:49+02:00",
- "path": "/nix/store/56gsa390lyiik6jdapnj98a2ww8af8ig-nixpkgs",
- "sha256": "009dc0njvdn5pzcyd8bp4sc9byf70w4msdkv6q2zfdlnh36im1jl",
+ "rev": "e732e1fdbf79bec59f7ade4a3675b091b4a9f6d6",
+ "date": "2022-07-19T15:32:15+02:00",
+ "path": "/nix/store/4dcxnk4xplx79xrwxg2m6pqh8b5k6ya0-nixpkgs",
+ "sha256": "1j73j17g852zfc75b7ll4avp30pnyvm37pgm66cz844phkv5ywfg",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/lass/2configs/fysiirc.nix b/lass/2configs/fysiirc.nix
index e12eda42e..809298df4 100644
--- a/lass/2configs/fysiirc.nix
+++ b/lass/2configs/fysiirc.nix
@@ -10,8 +10,7 @@
${write_to_irc} "$(echo "$INPUT" | jq -r '
"\(.action): " +
"[\(.issue.title // .pull_request.title)] " +
- "\(.comment.html_url // .issue.html_url // .pull_request.html_url) " +
- "by \(.comment.user.login // .issue.user.login // .pull_request.user.login)"
+ "\(.comment.html_url // .issue.html_url // .pull_request.html_url) "
')"
fi
'';
@@ -58,16 +57,16 @@ in {
case "$Method $Request_URI" in
"POST /")
payload=$(head -c "$req_content_length")
- echo "$payload" >&2
+ raw=$(printf '%s' "$payload" | ${pkgs.curl}/bin/curl --data-binary @- http://p.krebsco.de | tail -1)
payload2=$payload
- payload2=$(echo "$payload" | tr '\n' ' ' | tr -d '\r')
+ payload2=$(printf '%s' "$payload" | tr '\n' ' ' | tr -d '\r')
if [ "$payload" != "$payload2" ]; then
echo "payload has been mangled" >&2
else
echo "payload not mangled" >&2
fi
- echo "$payload2" > /tmp/last_fysi_payload
echo "$payload2" | ${format-github-message}/bin/format-github-message
+ ${write_to_irc} "$raw"
printf 'HTTP/1.1 200 OK\r\n'
printf 'Connection: close\r\n'
printf '\r\n'
diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix
index b8d958865..2f503eae9 100644
--- a/lass/2configs/radio/default.nix
+++ b/lass/2configs/radio/default.nix
@@ -168,7 +168,7 @@ in {
output.icecast(mount = '/music.mp3', password = 'hackme', %mp3.vbr(), source)
output.icecast(mount = '/music.opus', password = 'hackme', %opus(bitrate = 96), source)
- extra_input = audio_to_stereo(input.harbor("live", port=1338))
+ extra_input = amplify(1.4, audio_to_stereo(input.harbor("live", port=1338)))
o = smooth_add(normal = source, special = extra_input)
output.icecast(mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), o)
diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py
index f7cc2dace..587cc1f28 100644
--- a/lass/2configs/radio/weather_for_ips.py
+++ b/lass/2configs/radio/weather_for_ips.py
@@ -25,9 +25,9 @@ for ip in fileinput.input():
output.append(
f'Weather report for {location.city.name}, {location.country.name}. '
f'Currently it is {weather["current"]["weather"][0]["description"]} outside '
- f'with a temperature of {weather["current"]["temp"]} degrees, '
- f'and a wind speed of {weather["current"]["wind_speed"]} meters per second. '
- f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100} percent. '
+ f'with a temperature of {weather["current"]["temp"]:.1f} degrees, '
+ f'and a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second. '
+ f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. '
)
print('\n'.join(output))
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index fe4d78a3b..90a0a5a72 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -104,7 +104,7 @@ in {
services.nextcloud = {
enable = true;
hostName = "o.xanf.org";
- package = pkgs.nextcloud23;
+ package = pkgs.nextcloud24;
config = {
adminpassFile = "/run/nextcloud.pw";
overwriteProtocol = "https";
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 570bb45be..3a0b1306c 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -2,6 +2,7 @@ _:
{
imports = [
./dnsmasq.nix
+ ./drbd.nix
./folderPerms.nix
./hosts.nix
./klem.nix
diff --git a/lass/3modules/drbd.nix b/lass/3modules/drbd.nix
new file mode 100644
index 000000000..816e58f0a
--- /dev/null
+++ b/lass/3modules/drbd.nix
@@ -0,0 +1,118 @@
+{ config, lib, pkgs, ... }: let
+ cfg = config.lass.drbd;
+ slib = import <stockholm/lib>;
+in {
+ options = {
+ lass.drbd = lib.mkOption {
+ default = {};
+ type = lib.types.attrsOf (lib.types.submodule ({ config, ... }: {
+ options = {
+ name = lib.mkOption {
+ type = lib.types.str;
+ default = config._module.args.name;
+ };
+ blockMinor = lib.mkOption {
+ type = lib.types.int;
+ default = lib.mod (slib.genid config.name) 16000; # TODO get max_id fron drbd
+ };
+ port = lib.mkOption {
+ type = lib.types.int;
+ default = 20000 + config.blockMinor;
+ };
+ peers = lib.mkOption {
+ type = lib.types.listOf slib.types.host;
+ };
+ disk = lib.mkOption {
+ type = lib.types.str;
+ default = "/dev/loop${toString config.blockMinor}";
+ };
+ drbdConfig = lib.mkOption {
+ type = lib.types.path;
+ internal = true;
+ default = pkgs.writeText "drbd-${config.name}.conf" ''
+ resource ${config.name} {
+ net {
+ protocol a;
+ ping-int 10;
+ }
+ device minor ${toString config.blockMinor};
+ disk ${config.disk};
+ meta-disk internal;
+ ${slib.indent (lib.concatStrings (lib.imap1 (i: peer: /* shell */ ''
+ on ${peer.name} {
+ address ${peer.nets.retiolum.ip4.addr}:${toString config.port};
+ node-id ${toString i};
+ }
+ '') config.peers))}
+ connection-mesh {
+ hosts ${lib.concatMapStringsSep " " (peer: peer.name) config.peers};
+ }
+ }
+ '';
+ };
+ };
+ }));
+ };
+ };
+ config = lib.mkIf (cfg != {}) {
+ boot.extraModulePackages = [
+ (pkgs.linuxPackages.callPackage ../5pkgs/drbd9/default.nix {})
+ ];
+ boot.extraModprobeConfig = ''
+ options drbd usermode_helper=/run/current-system/sw/bin/drbdadm
+ '';
+ services.udev.packages = [ pkgs.drbd ];
+ boot.kernelModules = [ "drbd" ];
+
+ environment.systemPackages = [ pkgs.drbd ];
+
+
+ networking.firewall.allowedTCPPorts = map (device: device.port) (lib.attrValues cfg);
+ systemd.services = lib.mapAttrs' (_: device:
+ lib.nameValuePair "drbd-${device.name}" {
+ after = [ "systemd-udev.settle.service" "network.target" ];
+ wants = [ "systemd-udev.settle.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ RemainAfterExit = true;
+ ExecStart = pkgs.writers.writeDash "start-drbd-${device.name}" ''
+ set -efux
+ mkdir -p /var/lib/sync-containers2
+ ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") ''
+ if ! test -e /var/lib/sync-containers2/${device.name}.disk; then
+ truncate -s 10G /var/lib/sync-containers2/${device.name}.disk
+ fi
+ if ! ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor}; then
+ ${pkgs.util-linux}/bin/losetup /dev/loop${toString device.blockMinor} /var/lib/sync-containers2/${device.name}.disk
+ fi
+ ''}
+ if ! ${pkgs.drbd}/bin/drbdadm adjust ${device.name}; then
+ ${pkgs.drbd}/bin/drbdadm down ${device.name}
+ ${pkgs.drbd}/bin/drbdadm create-md ${device.name}
+ ${pkgs.drbd}/bin/drbdadm up ${device.name}
+ fi
+ '';
+ ExecStop = pkgs.writers.writeDash "stop-drbd-${device.name}" ''
+ set -efux
+ ${pkgs.drbd}/bin/drbdadm -c ${device.drbdConfig} down ${device.name}
+ ${lib.optionalString (device.disk == "/dev/loop${toString device.blockMinor}") ''
+ ${pkgs.util-linux}/bin/losetup -d /dev/loop${toString device.blockMinor}
+ ''}
+ '';
+ };
+ }
+ ) cfg;
+
+
+ environment.etc."drbd.conf".text = ''
+ global {
+ usage-count yes;
+ }
+
+ ${lib.concatMapStrings (device: /* shell */ ''
+ include ${device.drbdConfig};
+ '') (lib.attrValues cfg)}
+ '';
+ };
+}
+
diff --git a/lass/krops.nix b/lass/krops.nix
index ace37888f..c8a5b94b7 100644
--- a/lass/krops.nix
+++ b/lass/krops.nix
@@ -37,18 +37,22 @@
in {
- deploy = { target ? "root@${name}/var/src" }: pkgs.krops.writeCommand "deploy" {
+ deploy = { target ? "root@${name}/var/src", offline ? false }: pkgs.krops.writeCommand "deploy" {
command = targetPath: ''
- set -fu
+ set -xfu
outDir=$(mktemp -d)
trap "rm -rf $outDir;" INT TERM EXIT
- nix build \
+ build=$(command -v nom-build || echo "nix-build")
+
+ $build \
-I "${targetPath}" \
- -f '<nixpkgs/nixos>' config.system.build.toplevel \
- -o "$outDir/out"
+ '<nixpkgs/nixos>' -A config.system.build.toplevel \
+ -o "$outDir/out" \
+ ${lib.optionalString offline "--option substitute false"} \
+ # -vvvvv --show-trace
nix-env -p /nix/var/nix/profiles/system --set "$outDir/out"
diff --git a/tv/1systems/alnus/config.nix b/tv/1systems/alnus/config.nix
index 54f845ec2..c09e7f9b1 100644
--- a/tv/1systems/alnus/config.nix
+++ b/tv/1systems/alnus/config.nix
@@ -15,9 +15,9 @@ with import <stockholm/lib>;
};
};
- environment.systemPackages = with pkgs; [
- firefoxWrapper
- networkmanagerapplet
+ environment.systemPackages = [
+ pkgs.firefox
+ pkgs.networkmanagerapplet
(pkgs.pidgin-with-plugins.override {
plugins = [ pkgs.pidginotr ];
})
diff --git a/tv/1systems/mu/config.nix b/tv/1systems/mu/config.nix
index 7c3f8cfdb..21be25766 100644
--- a/tv/1systems/mu/config.nix
+++ b/tv/1systems/mu/config.nix
@@ -56,26 +56,26 @@ with import <stockholm/lib>;
${pkgs.kmod}/bin/modprobe -v iwlwifi
'';
- environment.systemPackages = with pkgs; [
- chromium
- firefoxWrapper
- gimp
- iptables
- libreoffice