summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/5pkgs/simple/ejabberd/default.nix27
-rw-r--r--krebs/5pkgs/simple/ejabberd/ejabberdctl.patch32
-rw-r--r--krebs/5pkgs/simple/font-size.nix (renamed from tv/5pkgs/simple/font-size.nix)0
-rw-r--r--krebs/5pkgs/simple/kops.nix4
-rw-r--r--krebs/5pkgs/simple/pass-otp/default.nix30
-rw-r--r--krebs/5pkgs/simple/pass/default.nix121
-rw-r--r--krebs/5pkgs/simple/pass/no-darwin-getopt.patch9
-rw-r--r--krebs/5pkgs/simple/pass/rofi-pass.nix57
-rw-r--r--krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch69
-rw-r--r--krebs/5pkgs/simple/pssh/default.nix36
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/chmod.patch15
-rw-r--r--krebs/5pkgs/simple/ucspi-tcp/default.nix86
-rw-r--r--krebs/5pkgs/simple/urlwatch/default.nix29
-rw-r--r--lass/2configs/monitoring/node-exporter.nix13
-rw-r--r--lass/2configs/monitoring/prometheus-server.nix179
15 files changed, 528 insertions, 179 deletions
diff --git a/krebs/5pkgs/simple/ejabberd/default.nix b/krebs/5pkgs/simple/ejabberd/default.nix
index 2799241fa..9e4ed3df5 100644
--- a/krebs/5pkgs/simple/ejabberd/default.nix
+++ b/krebs/5pkgs/simple/ejabberd/default.nix
@@ -1,5 +1,6 @@
{ stdenv, writeScriptBin, lib, fetchurl, git, cacert
-, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps
+, erlang, openssl, expat, libyaml, bash, gnused, gnugrep, coreutils, utillinux, procps, gd
+, flock
, withMysql ? false
, withPgsql ? false
, withSqlite ? false, sqlite
@@ -23,17 +24,17 @@ let
ctlpath = lib.makeBinPath [ bash gnused gnugrep coreutils utillinux procps ];
in stdenv.mkDerivation rec {
- version = "17.07";
+ version = "18.01";
name = "ejabberd-${version}";
src = fetchurl {
url = "http://www.process-one.net/downloads/ejabberd/${version}/${name}.tgz";
- sha256 = "1p8ppp2czjgnq8xnhyksd82npvvx99fwr0g3rrq1wvnwh2vgb8km";
+ sha256 = "01i2n8mlgw293jdf4172f9q8ca8m35vysjws791p7nynpfdb4cn6";
};
nativeBuildInputs = [ fakegit ];
- buildInputs = [ erlang openssl expat libyaml ]
+ buildInputs = [ erlang openssl expat libyaml gd ]
++ lib.optional withSqlite sqlite
++ lib.optional withPam pam
++ lib.optional withZlib zlib
@@ -50,7 +51,7 @@ in stdenv.mkDerivation rec {
configureFlags = [ "--enable-all" "--with-sqlite3=${sqlite.dev}" ];
- buildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
+ nativeBuildInputs = [ git erlang openssl expat libyaml sqlite pam zlib elixir ];
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
@@ -74,7 +75,7 @@ in stdenv.mkDerivation rec {
outputHashMode = "recursive";
outputHashAlgo = "sha256";
- outputHash = "1q9yzccn4zf5i4hibq1r0i34q4986a93ph4792l1ph07aiisc8p7";
+ outputHash = "1v3h0c7kfifb6wsfxyv5j1wc7rlxbb7r0pgd4s340wiyxnllzzhk";
};
configureFlags =
@@ -92,6 +93,10 @@ in stdenv.mkDerivation rec {
enableParallelBuilding = true;
+ patches = [
+ ./ejabberdctl.patch
+ ];
+
preBuild = ''
cp -r $deps deps
chmod -R +w deps
@@ -101,18 +106,18 @@ in stdenv.mkDerivation rec {
postInstall = ''
sed -i \
-e '2iexport PATH=${ctlpath}:$PATH' \
- -e 's,\(^ *FLOCK=\).*,\1${utillinux}/bin/flock,' \
+ -e 's,\(^ *FLOCK=\).*,\1${flock}/bin/flock,' \
-e 's,\(^ *JOT=\).*,\1,' \
-e 's,\(^ *CONNLOCKDIR=\).*,\1/var/lock/ejabberdctl,' \
$out/sbin/ejabberdctl
'';
- meta = {
+ meta = with stdenv.lib; {
description = "Open-source XMPP application server written in Erlang";
- license = lib.licenses.gpl2;
+ license = licenses.gpl2;
homepage = http://www.ejabberd.im;
- platforms = lib.platforms.linux;
- maintainers = [ lib.maintainers.sander lib.maintainers.abbradar ];
+ platforms = platforms.linux;
+ maintainers = with maintainers; [ sander abbradar ];
broken = withElixir;
};
}
diff --git a/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
new file mode 100644
index 000000000..f7c842b7b
--- /dev/null
+++ b/krebs/5pkgs/simple/ejabberd/ejabberdctl.patch
@@ -0,0 +1,32 @@
+--- a/ejabberdctl.template 1970-01-01 01:00:01.000000000 +0100
++++ b/ejabberdctl.template 2018-04-24 23:06:54.127715441 +0200
+@@ -42,19 +42,18 @@
+ esac
+
+ # parse command line parameters
+-for arg; do
+- case $arg in
+- -n|--node) ERLANG_NODE_ARG=$2; shift;;
+- -s|--spool) SPOOL_DIR=$2; shift;;
+- -l|--logs) LOGS_DIR=$2; shift;;
+- -f|--config) EJABBERD_CONFIG_PATH=$2; shift;;
+- -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift;;
+- -d|--config-dir) ETC_DIR=$2; shift;;
+- -t|--no-timeout) NO_TIMEOUT="--no-timeout";;
+- --) :;;
++while test $# -gt 0; do
++ case $1 in
++ -n|--node) ERLANG_NODE_ARG=$2; shift 2;;
++ -s|--spool) SPOOL_DIR=$2; shift 2;;
++ -l|--logs) LOGS_DIR=$2; shift 2;;
++ -f|--config) EJABBERD_CONFIG_PATH=$2; shift 2;;
++ -c|--ctl-config) EJABBERDCTL_CONFIG_PATH=$2; shift 2;;
++ -d|--config-dir) ETC_DIR=$2; shift 2;;
++ -t|--no-timeout) NO_TIMEOUT="--no-timeout"; shift 1;;
++ # --) :;; what is this for?
+ *) break;;
+ esac
+- shift
+ done
+
+ # define ejabberd variables if not already defined from the command line
diff --git a/tv/5pkgs/simple/font-size.nix b/krebs/5pkgs/simple/font-size.nix
index 21097ed6a..21097ed6a 100644
--- a/tv/5pkgs/simple/font-size.nix
+++ b/krebs/5pkgs/simple/font-size.nix
diff --git a/krebs/5pkgs/simple/kops.nix b/krebs/5pkgs/simple/kops.nix
index a6c82f3ca..8db4b8ddd 100644
--- a/krebs/5pkgs/simple/kops.nix
+++ b/krebs/5pkgs/simple/kops.nix
@@ -2,6 +2,6 @@
fetchgit {
url = https://cgit.krebsco.de/kops;
- rev = "refs/tags/v1.0.0";
- sha256 = "0wg8d80sxa46z4i7ir79sci2hwmv3qskzqdg0si64p6vazy8vckb";
+ rev = "refs/tags/v1.1.0";
+ sha256 = "0k3zhv2830z4bljcdvf6ciwjihk2zzcn9y23p49c6sba5hbsd6jb";
}
diff --git a/krebs/5pkgs/simple/pass-otp/default.nix b/krebs/5pkgs/simple/pass-otp/default.nix
new file mode 100644
index 000000000..33411180a
--- /dev/null
+++ b/krebs/5pkgs/simple/pass-otp/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchFromGitHub, oathToolkit }:
+stdenv.mkDerivation rec {
+ name = "pass-otp-${version}";
+ version = "1.1.0";
+
+ src = fetchFromGitHub {
+ owner = "tadfisher";
+ repo = "pass-otp";
+ rev = "v${version}";
+ sha256 = "1cgj4zc8fq88n3h6c0vkv9i5al785mdprpgpbv5m22dz9p1wqvbb";
+ };
+
+ buildInputs = [ oathToolkit ];
+
+ patchPhase = ''
+ sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash
+ '';
+
+ installPhase = ''
+ make PREFIX=$out install
+ '';
+
+ meta = with stdenv.lib; {
+ description = "A pass extension for managing one-time-password (OTP) tokens";
+ homepage = https://github.com/tadfisher/pass-otp;
+ license = licenses.gpl3;
+ maintainers = with maintainers; [ jwiegley tadfisher ];
+ platforms = platforms.unix;
+ };
+}
diff --git a/krebs/5pkgs/simple/pass/default.nix b/krebs/5pkgs/simple/pass/default.nix
new file mode 100644
index 000000000..3b6928087
--- /dev/null
+++ b/krebs/5pkgs/simple/pass/default.nix
@@ -0,0 +1,121 @@
+{ stdenv, lib, fetchurl, fetchFromGitHub
+, coreutils, gnused, getopt, git, tree, gnupg, which, procps, qrencode
+, makeWrapper
+
+, pass-otp
+
+, xclip ? null, xdotool ? null, dmenu ? null
+, x11Support ? !stdenv.isDarwin
+, tombPluginSupport ? false, tomb
+}:
+
+with lib;
+
+assert x11Support -> xclip != null
+ && xdotool != null
+ && dmenu != null;
+
+let
+ plugins = map (p: (fetchFromGitHub {
+ owner = "roddhjav";
+ repo = "pass-${p.name}";
+ inherit (p) rev sha256;
+ }))
+ ([
+ { name = "import";
+ rev = "491935bd275f29ceac2b876b3a288011d1ce31e7";
+ sha256 = "02mbh05ab8h7kc30hz718d1d1vkjz43b96c7p0xnd92610d2q66q"; }
+ { name = "update";
+ rev = "cf576c9036fd18efb9ed29e0e9f811207b556fde";
+ sha256 = "1hhbrg6a2walrvla6q4cd3pgrqbcrf9brzjkb748735shxfn52hd"; }
+ ] ++ stdenv.lib.optional tombPluginSupport {
+ name = "tomb";
+ rev = "3368134898a42c1b758fabac625ec240e125c6be";
+ sha256 = "0qqmxfg4w3r088qhlkhs44036mya82vjflsjjhw2hk8y0wd2i6ds"; }
+ );
+
+in stdenv.mkDerivation rec {
+ version = "1.7.1";
+ name = "pass-${version}";
+
+ src = fetchurl {
+ url = "http://git.zx2c4.com/password-store/snapshot/${name}.tar.xz";
+ sha256 = "0scqkpll2q8jhzcgcsh9kqz0gwdpvynivqjmmbzax2irjfaiklpn";
+ };
+
+ patches = [ ./set-correct-program-name-for-sleep.patch
+ ] ++ stdenv.lib.optional stdenv.isDarwin ./no-darwin-getopt.patch;
+
+ nativeBuildInputs = [ makeWrapper ];
+
+ installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ];
+
+ postInstall = ''
+ # plugins
+ ${stdenv.lib.concatStringsSep "\n" (map (plugin: ''
+ pushd ${plugin}
+ PREFIX=$out make install
+ popd
+ '') plugins)}
+
+ ln -s \
+ ${pass-otp}/lib/password-store/extensions/otp.bash \
+ $out/lib/password-store/extensions/
+
+ ln -s \
+ ${pass-otp}/share/man/man1/pass-otp.1.gz \
+ $out/share/man/man1/
+
+ # Install Emacs Mode. NOTE: We can't install the necessary
+ # dependencies (s.el and f.el) here. The user has to do this
+ # himself.
+ mkdir -p "$out/share/emacs/site-lisp"
+ cp "contrib/emacs/password-store.el" "$out/share/emacs/site-lisp/"
+ '' + optionalString x11Support ''
+ cp "contrib/dmenu/passmenu" "$out/bin/"
+ '';
+
+ wrapperPath = with stdenv.lib; makeBinPath ([
+ coreutils
+ getopt
+ git
+ gnupg
+ gnused
+ tree
+ which
+ qrencode
+ ] ++ optional tombPluginSupport tomb
+ ++ optional stdenv.isLinux procps
+ ++ ifEnable x11Support [ dmenu xclip xdotool ]);
+
+ postFixup = ''
+ # Fix program name in --help
+ substituteInPlace $out/bin/pass \
+ --replace 'PROGRAM="''${0##*/}"' "PROGRAM=pass"
+
+ # Ensure all dependencies are in PATH
+ wrapProgram $out/bin/pass \
+ --prefix PATH : "${wrapperPath}"
+ '' + stdenv.lib.optionalString x11Support ''
+ # We just wrap passmenu with the same PATH as pass. It doesn't
+ # need all the tools in there but it doesn't hurt either.
+ wrapProgram $out/bin/passmenu \
+ --prefix PATH : "$out/bin:${wrapperPath}"
+ '';
+
+ meta = with stdenv.lib; {
+ description = "Stores, retrieves, generates, and synchronizes passwords securely";
+ homepage = https://www.passwordstore.org/;
+ license = licenses.gpl2Plus;
+ maintainers = with maintainers; [ lovek323 the-kenny fpletz ];
+ platforms = platforms.unix;
+
+ longDescription = ''
+ pass is a very simple password store that keeps passwords inside gpg2
+ encrypted files inside a simple directory tree residing at
+ ~/.password-store. The pass utility provides a series of commands for
+ manipulating the password store, allowing the user to add, remove, edit,
+ synchronize, generate, and manipulate passwords.
+ '';
+ };
+}
diff --git a/krebs/5pkgs/simple/pass/no-darwin-getopt.patch b/krebs/5pkgs/simple/pass/no-darwin-getopt.patch
new file mode 100644
index 000000000..e8f7e138f
--- /dev/null
+++ b/krebs/5pkgs/simple/pass/no-darwin-getopt.patch
@@ -0,0 +1,9 @@
+diff -Naur password-store-1.6.5-orig/src/platform/darwin.sh password-store-1.6.5/src/platform/darwin.sh
+--- password-store-1.6.5-orig/src/platform/darwin.sh 2015-01-28 16:43:02.000000000 +0000
++++ password-store-1.6.5/src/platform/darwin.sh 2015-02-15 16:09:02.000000000 +0000
+@@ -31,5 +31,4 @@
+ mount -t hfs -o noatime -o nobrowse "$DARWIN_RAMDISK_DEV" "$SECURE_TMPDIR" || die "Error: could not mount filesystem on ramdisk."
+ }
+
+-GETOPT="$(brew --prefix gnu-getopt 2>/dev/null || { which port &>/dev/null && echo /opt/local; } || echo /usr/local)/bin/getopt"
+ SHRED="srm -f -z"
diff --git a/krebs/5pkgs/simple/pass/rofi-pass.nix b/krebs/5pkgs/simple/pass/rofi-pass.nix
new file mode 100644
index 000000000..61f51973e
--- /dev/null
+++ b/krebs/5pkgs/simple/pass/rofi-pass.nix
@@ -0,0 +1,57 @@
+{ stdenv, fetchFromGitHub, pass, rofi, coreutils, utillinux, xdotool, gnugrep
+, libnotify, pwgen, findutils, gawk, gnused, xclip, makeWrapper
+}:
+
+stdenv.mkDerivation rec {
+ name = "rofi-pass-${version}";
+ version = "1.5.3";
+
+ src = fetchFromGitHub {
+ owner = "carnager";
+ repo = "rofi-pass";
+ rev = version;
+ sha256 = "1fn1j2rf3abc5qb44zfc8z8ffw6rva4xfp7597hwr1g3szacazpq";
+ };
+
+ buildInputs = [ makeWrapper ];
+
+ dontBuild = true;
+
+ installPhase = ''
+ mkdir -p $out/bin
+ cp -a rofi-pass $out/bin/rofi-pass
+
+ mkdir -p $out/share/doc/rofi-pass/
+ cp -a config.example $out/share/doc/rofi-pass/config.example
+ '';
+
+ wrapperPath = with stdenv.lib; makeBinPath [
+ coreutils
+ findutils
+ gawk
+ gnugrep
+ gnused
+ libnotify
+ pass
+ pwgen
+ rofi
+ utillinux
+ xclip
+ xdotool
+ ];
+
+ fixupPhase = ''
+ patchShebangs $out/bin
+
+ wrapProgram $out/bin/rofi-pass \
+ --prefix PATH : "${wrapperPath}"
+ '';
+
+ meta = {
+ description = "A script to make rofi work with password-store";
+ homepage = https://github.com/carnager/rofi-pass;
+ maintainers = with stdenv.lib.maintainers; [ the-kenny garbas ];
+ license = stdenv.lib.licenses.gpl3;
+ platforms = with stdenv.lib.platforms; linux;
+ };
+}
diff --git a/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch b/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch
new file mode 100644
index 000000000..782e06e20
--- /dev/null
+++ b/krebs/5pkgs/simple/pass/set-correct-program-name-for-sleep.patch
@@ -0,0 +1,69 @@
+From 25b44e00ed5df8ffe2782d38ad5cd9f514379599 Mon Sep 17 00:00:00 2001
+From: "Andrew R. M" <andrewmiller237@gmail.com>
+Date: Sat, 8 Apr 2017 13:50:01 -0400
+Subject: [PATCH] Patch the clip() function to work even when using
+ single-binary coreutils
+
+---
+ src/password-store.sh | 4 ++--
+ src/platform/cygwin.sh | 4 ++--
+ src/platform/darwin.sh | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/password-store.sh b/src/password-store.sh
+index 6a4172d..4dbd6b8 100755
+--- a/src/password-store.sh
++++ b/src/password-store.sh
+@@ -155,11 +155,11 @@ clip() {
+ # variable. Specifically, it cannot store nulls nor (non-trivally) store
+ # trailing new lines.
+ local sleep_argv0="password store sleep on display $DISPLAY"
+- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
+ local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | base64)"
+ echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard"
+ (
+- ( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" )
++ ( exec -a "$sleep_argv0" bash <(echo trap 'kill %1' TERM\; sleep "$CLIP_TIME & wait") )
+ local now="$(xclip -o -selection "$X_SELECTION" | base64)"
+ [[ $now != $(echo -n "$1" | base64) ]] && before="$now"
+
+diff --git a/src/platform/cygwin.sh b/src/platform/cygwin.sh
+index 6e5dd86..f3574c4 100644
+--- a/src/platform/cygwin.sh
++++ b/src/platform/cygwin.sh
+@@ -3,11 +3,11 @@
+
+ clip() {
+ local sleep_argv0="password store sleep on display $DISPLAY"
+- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
+ local before="$(base64 < /dev/clipboard)"
+ echo -n "$1" > /dev/clipboard
+ (
+- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
+ local now="$(base64 < /dev/clipboard)"
+ [[ $now != $(echo -n "$1" | base64) ]] && before="$now"
+ echo "$before" | base64 -d > /dev/clipboard
+diff --git a/src/platform/darwin.sh b/src/platform/darwin.sh
+index 86eb325..deb04c4 100644
+--- a/src/platform/darwin.sh
++++ b/src/platform/darwin.sh
+@@ -3,11 +3,11 @@
+
+ clip() {
+ local sleep_argv0="password store sleep for user $(id -u)"
+- pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
++ pkill -P $(pgrep -f "^$sleep_argv0") 2>/dev/null && sleep 0.5
+ local before="$(pbpaste | openssl base64)"
+ echo -n "$1" | pbcopy
+ (
+- ( exec -a "$sleep_argv0" sleep "$CLIP_TIME" )
++ ( exec -a "$sleep_argv0" bash <(echo sleep "$CLIP_TIME") )
+ local now="$(pbpaste | openssl base64)"
+ [[ $now != $(echo -n "$1" | openssl base64) ]] && before="$now"
+ echo "$before" | openssl base64 -d | pbcopy
+--
+2.12.2
+
diff --git a/krebs/5pkgs/simple/pssh/default.nix b/krebs/5pkgs/simple/pssh/default.nix
deleted file mode 100644
index 2676af0cf..000000000
--- a/krebs/5pkgs/simple/pssh/default.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ writeDashBin }:
-
-writeDashBin "pssh" ''
- set -efu
- case ''${1-} in
-
- # TODO create plog with -o json | jq ... | map date
-
- # usage: pssh {-j,--journal} host...
- # Follow journal at each host.
- -j|--journal)
- shift
- "$0" journalctl -n0 -ocat --follow --all ::: "$@" \
- | while read line; do
- printf '%s %s\n' "$(date --rfc-3339=s)" "$line"
- done
- ;;
-
- -*)
- echo $0: unknown option: $1 >&2
- exit 1
- ;;
-
- # usage: pssh command [arg...] ::: host...
- # Run command at each host.
- *)
- exec parallel \
- --line-buffer \
- -j0 \
- --no-notice \
- --tagstring {} \
- ssh -T {} "$@"
- ;;
-
- esac
-''
diff --git a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch b/krebs/5pkgs/simple/ucspi-tcp/chmod.patch
deleted file mode 100644
index dd6933208..000000000
--- a/krebs/5pkgs/simple/ucspi-tcp/chmod.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/hier.c b/hier.c
-index 5663ada..1d73b84 100644
---- a/hier.c
-+++ b/hier.c
-@@ -2,8 +2,8 @@
-
- void hier()
- {
-- h(auto_home,-1,-1,02755);
-- d(auto_home,"bin",-1,-1,02755);
-+ h(auto_home,-1,-1,0755);
-+ d(auto_home,"bin",-1,-1,0755);
-
- c(auto_home,"bin","tcpserver",-1,-1,0755);
- c(auto_home,"bin","tcprules",-1,-1,0755);
diff --git a/krebs/5pkgs/simple/ucspi-tcp/default.nix b/krebs/5pkgs/simple/ucspi-tcp/default.nix
deleted file mode 100644
index 3b043be06..000000000
--- a/krebs/5pkgs/simple/ucspi-tcp/default.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{ stdenv, fetchurl }:
-
-stdenv.mkDerivation rec {
- name = "ucspi-tcp-0.88";
-
- src = fetchurl {
- url = "http://cr.yp.to/ucspi-tcp/${name}.tar.gz";
- sha256 = "171yl9kfm8w7l17dfxild99mbf877a9k5zg8yysgb1j8nz51a1ja";
- };
-
- # Plain upstream tarball doesn't build, get patches from Debian
- patches = [
- (fetchurl {
- url = "http://ftp.de.debian.org/debian/pool/main/u/ucspi-tcp/ucspi-tcp_0.88-3.diff.gz";
- sha256 = "0mzmhz8hjkrs0khmkzs5i0s1kgmgaqz07h493bd5jj5fm5njxln6";
- })
- ./chmod.patch
- ];
-
- # Apply Debian patches
- postPatch = ''
- for fname in debian/diff/*.diff; do
- echo "Applying patch $fname"
- patch < "$fname"
- done
- '';
-
- # The build system is weird; 'make install' doesn't install anything, instead
- # it builds an executable called ./install (from C code) which installs
- # binaries to the directory given on line 1 in ./conf-home.
- #
- # Also, assume getgroups and setgroups work, instead of doing a build time
- # test that breaks on NixOS (I think because nixbld users lack CAP_SETGID
- # capability).
- preBuild = ''
- echo "$out" > conf-home
-
- echo "main() { return 0; }" > chkshsgr.c
- '';
-
- installPhase = ''
- mkdir -p "$out/bin"
- mkdir -p "$out/share/man/man1"
-
- # run the newly built installer
- ./install
-
- # Install Debian man pages (upstream has none)
- cp debian/ucspi-tcp-man/*.1 "$out/share/man/man1"
- '';
-
- meta = with stdenv.lib; {
- description = "Command-line tools for building TCP client-server applications";
- longDescription = ''
- tcpserver waits for incoming connections and, for each connection, runs a
- program of your choice. Your program receives environment variables
- showing the local and remote host names, IP addresses, and port numbers.
-
- tcpserver offers a concurrency limit to protect you from running out of
- processes and memory. When you are handling 40 (by default) simultaneous
- connections, tcpserver smoothly defers acceptance of new connections.
-
- tcpserver also provides TCP access control features, similar to
- tcp-wrappers/tcpd's hosts.allow but much faster. Its access control rules
- are compiled into a hashed format with cdb, so it can easily deal with
- thousands of different hosts.
-
- This package includes a recordio tool that monitors all the input and
- output of a server.
-
- tcpclient makes a TCP connection and runs a program of your choice. It
- sets up the same environment variables as tcpserver.
-
- This package includes several sample clients built on top of tcpclient:
- who@, date@, finger@, http@, tcpcat, and mconnect.
-
- tcpserver and tcpclient conform to UCSPI, the UNIX Client-Server Program
- Interface, using the TCP protocol. UCSPI tools are available for several
- different networks.
- '';
- homepage = http://cr.yp.to/ucspi-tcp.html;
- license = licenses.publicDomain;
- platforms = platforms.linux;
- maintainers = [ maintainers.bjornfor ];
- };
-}
diff --git a/krebs/5pkgs/simple/urlwatch/default.nix b/krebs/5pkgs/simple/urlwatch/default.nix
deleted file mode 100644
index 64f3ad1ac..000000000
--- a/krebs/5pkgs/simple/urlwatch/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ stdenv, fetchFromGitHub, python3Packages }:
-
-python3Packages.buildPythonApplication rec {
- name = "urlwatch-${version}";
- version = "2.8";
-
- src = fetchFromGitHub {
- owner = "thp";
- repo = "urlwatch";
- rev = version;
- sha256 = "1nja7n6pc45azd3l1xyvav89855lvcgwabrvf34rps81dbl8cnl4";
- };
-
- propagatedBuildInputs = with python3Packages; [
- appdirs
- keyring
- minidb
- pycodestyle
- pyyaml
- requests
- ];
-
- meta = with stdenv.lib; {
- description = "A tool for monitoring webpages for updates";
- homepage = https://thp.io/2008/urlwatch/;
- license = licenses.bsd3;
- maintainers = with maintainers; [ tv ];
- };
-}
diff --git a/lass/2configs/monitoring/node-exporter.nix b/lass/2configs/monitoring/node-exporter.nix
new file mode 100644
index 000000000..8c27e90d4
--- /dev/null
+++ b/lass/2configs/monitoring/node-exporter.nix
@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+{
+ networking.firewall.allowedTCPPorts = [ 9100 ];
+
+ services.prometheus.exporters = {
+ node = {
+ enable = true;
+ enabledCollectors = [
+ "systemd"
+ ];
+ };
+ };
+}
diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix
new file mode 100644
index 000000000..d56d7e552
--- /dev/null
+++ b/lass/2configs/monitoring/prometheus-server.nix
@@ -0,0 +1,179 @@
+{ pkgs, lib, config, ... }:
+{
+ #networking = {
+ # firewall.allowedTCPPorts = [
+ # 3000 # grafana
+ # 9090 # prometheus
+ # 9093 # alertmanager
+ # ];
+ # useDHCP = true;
+ #};
+
+ services = {
+ prometheus = {
+ enable = true;
+ extraFlags = [
+ "-storage.local.retention 8760h"
+ "-storage.local.series-file-shrink-ratio 0.3"
+ "-storage.local.memory-chunks 2097152"
+ "-storage.local.max-chunks-to-persist 1048576"
+ "-storage.local.index-cache-size.fingerprint-to-metric 2097152"
+ "-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
+ "-storage.local.index-cache-size.label-name-to-label-values 2097152"
+ "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
+ ];
+ alertmanagerURL = [ "http://localhost:9093" ];
+ rules = [
+ ''
+ ALERT node_down
+ IF up == 0
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Node is down.",
+ description = "{{$labels.alias}} has been down for more than 5 minutes."
+ }
+ ALERT node_systemd_service_failed
+ IF node_systemd_unit_state{state="failed"} == 1
+ FOR 4m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
+ description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
+ }
+ ALERT node_filesystem_full_90percent
+ IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
+ }
+ ALERT node_filesystem_full_in_4h
+ IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
+ }
+ ALERT node_filedescriptors_full_in_3h
+ IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
+ FOR 20m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
+ description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
+ }
+ ALERT node_load1_90percent
+ IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
+ FOR 1h
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Running on high load.",
+ description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
+ }
+ ALERT node_cpu_util_90percent
+ IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
+ FOR 1h
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: High CPU utilization.",
+ description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
+ }
+ ALERT node_ram_using_90percent
+ IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
+ FOR 30m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary="{{$labels.alias}}: Using lots of RAM.",
+ description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
+ }
+ ALERT node_swap_using_80percent
+ IF node_memory_SwapTotal - (node_memory_SwapFree + node_memory_SwapCached) > node_memory_SwapTotal * 0.8
+ FOR 10m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary="{{$labels.alias}}: Running out of swap soon.",
+ description="{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."
+ }
+ ''
+ ];
+ scrapeConfigs = [
+ {
+ job_name = "node";
+ scrape_interval = "10s";
+ static_configs = [
+ {
+ targets = [
+ "localhost:9100"
+ ];
+ labels = {
+ alias = "prometheus.example.com";
+ };
+ }
+ ];
+ }
+ ];
+ alertmanager = {
+ enable = true;
+ listenAddress = "0.0.0.0";
+ configuration = {
+ "global" = {
+ "smtp_smarthost" = "smtp.example.com:587";
+ "smtp_from" = "alertmanager@example.com";
+ };
+ "route" = {
+ "group_by" = [ "alertname" "alias" ];
+ "group_wait" = "30s";
+ "group_interval" = "2m";
+ "repeat_interval" = "4h";
+ "receiver" = "team-admins";
+ };
+ "receivers" = [
+ {
+ "name" = "team-admins";
+ "email_configs" = [
+ {
+ "to" = "devnull@example.com";
+ "send_resolved" = true;
+ }
+ ];
+ "webhook_configs" = [
+ {
+ "url" = "https://example.com/prometheus-alerts";
+ "send_resolved" = true;
+ }
+ ];
+ }
+ ];
+ };
+ };
+ };
+ grafana = {
+ enable = true;
+ addr = "0.0.0.0";
+ domain = "grafana.example.com";
+ rootUrl = "https://grafana.example.com/";
+ security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ };
+ };
+}