diff options
41 files changed, 574 insertions, 73 deletions
diff --git a/doc/Issues.md b/doc/Issues.md new file mode 100644 index 000000000..42e36b97a --- /dev/null +++ b/doc/Issues.md @@ -0,0 +1,9 @@ +# Issue usage + +We have an issue tracker on a seperate repository `stockholm-issues' +installation is easy: + install gi (nix-shell -p gi) + clone stockholm-issues repo (gi clone git@prism:stockholm-issues ~/stockholm) + now you can list issues with gi list + +check out the documentation: https://github.com/dspinellis/gi diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 3eb7b9aa1..4807307ff 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -10,6 +10,7 @@ <stockholm/krebs/2configs> <stockholm/krebs/2configs/buildbot-all.nix> + <stockholm/krebs/2configs/binary-cache/nixos.nix> ]; krebs.build.host = config.krebs.hosts.hotdog; @@ -21,4 +22,5 @@ OnUnitInactiveSec = "2min"; RandomizedDelaySec = "2min"; }; + krebs.ci.stockholmSrc = "http://cgit.prism.r/stockholm"; } diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index deede4493..d4a4941ca 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -9,6 +9,7 @@ <stockholm/krebs/2configs/buildbot-krebs.nix> <stockholm/krebs/2configs/stats/puyak-client.nix> + <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> ]; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index ec9c78db5..91aabb716 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -13,6 +13,7 @@ in <stockholm/krebs/2configs/graphite.nix> <stockholm/krebs/2configs/buildbot-krebs.nix> + <stockholm/krebs/2configs/binary-cache/nixos.nix> <stockholm/krebs/2configs/binary-cache/prism.nix> <stockholm/krebs/2configs/shack/worlddomination.nix> diff --git a/krebs/2configs/binary-cache/nixos.nix b/krebs/2configs/binary-cache/nixos.nix new file mode 100644 index 000000000..2ff5e1307 --- /dev/null +++ b/krebs/2configs/binary-cache/nixos.nix @@ -0,0 +1,12 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = [ + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + }; +} diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a7624c8f2..a02f3645d 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -341,8 +341,6 @@ let secretsdir = shell.escape (toString <secrets>); in { PermissionsStartOnly = true; - Type = "forking"; - PIDFile = "${workdir}/twistd.pid"; # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeDash "buildbot-master-init" '' set -efux @@ -366,9 +364,7 @@ let chmod 700 -R ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; - ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start ${workdir}"; - ExecStop = "${pkgs.buildbot-classic}/bin/buildbot stop ${workdir}"; - ExecReload = "${pkgs.buildbot-classic}/bin/buildbot reconfig ${workdir}"; + ExecStart = "${pkgs.buildbot-classic}/bin/buildbot start --nodaemon ${workdir}"; PrivateTmp = "true"; User = "buildbotMaster"; Restart = "always"; diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 71e7d4aeb..b55827e3a 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -8,6 +8,10 @@ in { options.krebs.ci = { enable = mkEnableOption "krebs continous integration"; + stockholmSrc = mkOption { + type = types.str; + default = "http://cgit.${hostname}.r/stockholm"; + }; treeStableTimer = mkOption { type = types.int; default = 10; @@ -58,7 +62,7 @@ in testslave = "lasspass"; }; change_source.stockholm = '' - stockholm_repo = 'http://cgit.${hostname}.r/stockholm' + stockholm_repo = '${cfg.stockholmSrc}' cs.append( changes.GitPoller( stockholm_repo, diff --git a/krebs/5pkgs/simple/buildbot-classic-slave/default.nix b/krebs/5pkgs/simple/buildbot-classic-slave/default.nix index bbc824a6a..a48c45ae0 100644 --- a/krebs/5pkgs/simple/buildbot-classic-slave/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic-slave/default.nix @@ -1,14 +1,12 @@ { coreutils, fetchgit, git, buildbot-classic, python2Packages, ... }: python2Packages.buildPythonApplication { - name = "buildbot-classic-slave-0.8.13"; + name = "buildbot-classic-slave-${buildbot-classic.version}"; namePrefix = ""; src = buildbot-classic.src; postUnpack = "sourceRoot=\${sourceRoot}/slave"; - patchPhase = ":"; - nativeBuildInputs = [ git ]; propagatedBuildInputs = [ python2Packages.twisted ]; doCheck = false; diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix index 353972109..9eeccee64 100644 --- a/krebs/5pkgs/simple/buildbot-classic/default.nix +++ b/krebs/5pkgs/simple/buildbot-classic/default.nix @@ -1,43 +1,27 @@ -{ fetchgit, fetchFromGitHub, python2Packages, git, ... }: -let - # https://github.com/NixOS/nixpkgs/issues/14026 - nixpkgs-fix = import (fetchgit { - url = https://github.com/nixos/nixpkgs; - rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; - sha256 = "11lqd480bi6xbi7xbh4krrxmbp6a6iafv1d0q3sj461al0x0has8"; - }) {}; +{ pkgs, fetchFromGitHub, python2Packages, git, ... }: -in nixpkgs-fix.buildPythonApplication { - name = "buildbot-classic-0.8.13"; +python2Packages.buildPythonApplication rec { + name = "buildbot-classic-${version}"; + version = "0.8.14"; namePrefix = ""; patches = []; - src = fetchgit { - url = "https://github.com/krebscode/buildbot-classic"; - rev = "211ec7815"; - sha256 = "0cyn406r31qdqhpsih7w83x47b443svpgfhxqd6w3iryv0y1z95i"; - leaveDotGit = true; - + src = fetchFromGitHub { + owner = "krebscode"; + repo = "buildbot-classic"; + # rev = "v${version}"; + rev = "843463911"; + sha256 = "1ybl52ybjw5p09yik6bck9i1pvnvg94i0d32zqrwy67s77yx1mfd"; }; postUnpack = "sourceRoot=\${sourceRoot}/master"; - buildInputs = [ git ]; - patchPhase = - # The code insists on /usr/bin/tail, /usr/bin/make, etc. - '' echo "patching erroneous absolute path references..." - for i in $(find -name \*.py) - do - sed -i "$i" \ - -e "s|/usr/bin/python|$(type -P python)|g ; s|/usr/bin/||g" - done - - sed -i 's/==/>=/' setup.py - ''; - propagatedBuildInputs = with nixpkgs-fix.pythonPackages; [ - jinja2 - twisted - dateutil_1_5 - sqlalchemy_migrate_0_7 + propagatedBuildInputs = [ + python2Packages.jinja2 + python2Packages.twisted + python2Packages.dateutil_1_5 + python2Packages.sqlalchemy_migrate + python2Packages.pysqlite + pkgs.coreutils ]; doCheck = false; postInstall = '' diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix new file mode 100644 index 000000000..e51136c60 --- /dev/null +++ b/krebs/5pkgs/simple/electron-cash/default.nix @@ -0,0 +1,64 @@ +{ stdenv, fetchFromGitHub, python2Packages }: + +python2Packages.buildPythonApplication rec { + name = "electron-cash-${src.rev}"; + + src = fetchFromGitHub { + owner = "fyookball"; + repo = "electrum"; + rev = "a2245ea"; + sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv"; + }; + + propagatedBuildInputs = with python2Packages; [ + dns + ecdsa + jsonrpclib + pbkdf2 + pyaes + pycrypto + pyqt4 + pysocks + qrcode + requests + tlslite + + # plugins + keepkey + trezor + ]; + + preBuild = '' + sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py + pyrcc4 icons.qrc -o gui/qt/icons_rc.py + # Recording the creation timestamps introduces indeterminism to the build + sed -i '/Created: .*/d' gui/qt/icons_rc.py + ''; + + postInstall = '' + # Despite setting usr_share above, these files are installed under + # $out/nix ... + mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out + rm -rf $out/lib/python2.7/site-packages/nix + + substituteInPlace $out/share/applications/electron.desktop \ + --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u" + ''; + + doInstallCheck = true; + installCheckPhase = '' + $out/bin/electrum help >/dev/null + ''; + + meta = with stdenv.lib; { + description = "A lightweight Bitcoin wallet"; + longDescription = '' + An easy-to-use Bitcoin client featuring wallets generated from + mnemonic seeds (in addition to other, more advanced, wallet options) + and the ability to perform transactions without downloading a copy + of the blockchain. + ''; + homepage = https://electrum.org/; + license = licenses.mit; + }; +} diff --git a/krebs/5pkgs/simple/gi/default.nix b/krebs/5pkgs/simple/gi/default.nix new file mode 100644 index 000000000..88f518ea9 --- /dev/null +++ b/krebs/5pkgs/simple/gi/default.nix @@ -0,0 +1,30 @@ +{ fetchFromGitHub, lib, stdenv, ... }: + +stdenv.mkDerivation rec { + name = "gi"; + version = "master"; + + src = fetchFromGitHub { + owner = "dspinellis"; + repo = "gi"; + rev = "684051e"; + sha256 = "14jgfg0bpzhy7dyq3ff45syd3c324l1z6d3q14izvwk6cs11qs8m"; + }; + + phases = [ + "unpackPhase" + "installPhase" + ]; + + installPhase = '' + mkdir -p $out/bin + cp ./gi.sh $out/bin/gi + ''; + + meta = { + description = "a minimalist distributed issue management system based on Git."; + url = https://github.com/dspinellis/gi; + license = lib.licenses.gpl3; + platforms = lib.platforms.unix; + }; +} diff --git a/krebs/5pkgs/writers.nix b/krebs/5pkgs/writers.nix index 850ee6f1a..6e67ed699 100644 --- a/krebs/5pkgs/writers.nix +++ b/krebs/5pkgs/writers.nix @@ -43,9 +43,6 @@ with import <stockholm/lib>; assert (with types; either absolute-pathname filename).check name; pkgs.writeOut (baseNameOf name) { ${optionalString (types.absolute-pathname.check name) name} = { - check = pkgs.writeDash "shellcheck.sh" '' - ${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || : - ''; executable = true; text = "#! ${pkgs.bash}/bin/bash\n${text}"; }; diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 8afd97977..46dc5e873 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -16,6 +16,7 @@ <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/backups.nix> <stockholm/lass/2configs/games.nix> + <stockholm/lass/2configs/bitcoin.nix> ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 00ea82671..b6d49d6e4 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/backups.nix> <stockholm/lass/2configs/wine.nix> + <stockholm/lass/2configs/bitcoin.nix> ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index 2f4cd5710..a405addfc 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -3,11 +3,24 @@ let mainUser = config.users.extraUsers.mainUser; in { - environment.systemPackages = with pkgs; [ - electrum - ]; + krebs.per-user.bch.packages = [ + pkgs.electron-cash + ]; + krebs.per-user.bitcoin.packages = [ + pkgs.electrum + ]; + krebs.per-user.ethereum.packages = [ + pkgs.go-ethereum + ]; users.extraUsers = { + bch = { + name = "bch"; + description = "user for bch stuff"; + home = "/home/bch"; + useDefaultShell = true; + createHome = true; + }; bitcoin = { name = "bitcoin"; description = "user for bitcoin stuff"; @@ -15,8 +28,16 @@ in { useDefaultShell = true; createHome = true; }; + ethereum = { + name = "ethereum"; + description = "user for ethereum stuff"; + home = "/home/ethereum"; + useDefaultShell = true; + createHome = true; + }; }; security.sudo.extraConfig = '' ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL + ${mainUser.name} ALL=(bch) NOPASSWD: ALL ''; } diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index a43dfa215..728e265f6 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -39,6 +39,7 @@ with import <stockholm/lib>; { from = "paypal@lassul.us"; to = lass.mail; } { from = "patreon@lassul.us"; to = lass.mail; } { from = "steam@lassul.us"; to = lass.mail; } + { from = "securityfocus@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index a66d08927..d3f5d1f39 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -38,6 +38,10 @@ let cgit.desc = "take all the computers hostage, they'll love you!"; cgit.section = "configuration"; }; + stockholm-issues = { + cgit.desc = "stockholm issues"; + cgit.section = "issues"; + }; the_playlist = { cgit.desc = "Good Music collection + tools"; cgit.section = "art"; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index a90890aab..ee0c3f938 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -76,10 +76,12 @@ let and NOT tag:killed \ and NOT to:shackspace \ and NOT to:c-base \ + and NOT from:security-alert@hpe.com \ and NOT to:nix-devel"\ "Unread" "notmuch://?query=tag:unread"\ "shack" "notmuch://?query=to:shackspace"\ "c-base" "notmuch://?query=to:c-base"\ + "security" "notmuch://?query=to:securityfocus or from:security-alert@hpe.com"\ "nix" "notmuch://?query=to:nix-devel"\ "TODO" "notmuch://?query=tag:TODO"\ "Starred" "notmuch://?query=tag:*"\ diff --git a/lass/2configs/vim.nix b/lass/2configs/vim.nix index b2b0c309a..29800dbeb 100644 --- a/lass/2configs/vim.nix +++ b/lass/2configs/vim.nix @@ -210,12 +210,12 @@ let vim = pkgs.symlinkJoin { name = "vim"; paths = [ - pkgs.vim (pkgs.writeDashBin "vim" '' set -efu (umask 0077; exec ${pkgs.coreutils}/bin/mkdir -p ${toString mkdirs}) exec ${pkgs.vim}/bin/vim "$@" '') + pkgs.vim ]; }; diff --git a/lass/5pkgs/init/default.nix b/lass/5pkgs/init/default.nix index 679187531..b386fa94b 100644 --- a/lass/5pkgs/init/default.nix +++ b/lass/5pkgs/init/default.nix @@ -46,7 +46,7 @@ pkgs.writeText "init" '' # dd if=/dev/zero bs=512 count=34 of=/dev/sda # TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda) if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then - parted -a optimal "$disk" \ + parted -s -a optimal "$disk" \ mklabel gpt \ mkpart no-fs 0 1024KiB \ set 1 bios_grub on \ diff --git a/lass/source.nix b/lass/source.nix index 1d64e3059..7d60730f1 100644 --- a/lass/source.nix +++ b/lass/source.nix @@ -19,6 +19,6 @@ in # 87a4615 & 334ac4f # + acme permissions for groups # fd7a8f1 - ref = "a732dcf"; + ref = "d9c85b3"; }; } diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index e43b203b4..0df2ba6e6 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -57,7 +57,7 @@ in { # Logging #influx + grafana <stockholm/makefu/2configs/stats/server.nix> - <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/stats/nodisk-client.nix> # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 969e78bee..368655575 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -54,7 +54,7 @@ with import <stockholm/lib>; <stockholm/makefu/2configs/hw/rtl8812au.nix> <stockholm/makefu/2configs/hw/exfat-nofuse.nix> <stockholm/makefu/2configs/hw/wwan.nix> - # <stockholm/makefu/2configs/hw/stk1160.nix> + <stockholm/makefu/2configs/hw/stk1160.nix> # <stockholm/makefu/2configs/rad1o.nix> # Filesystem @@ -62,6 +62,9 @@ with import <stockholm/lib>; # Security <stockholm/makefu/2configs/sshd-totp.nix> + { + programs.adb.enable = true; + } ]; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 96b6c303d..b89bfadfd 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -12,6 +12,9 @@ let stockholm = { cgit.desc = "Make all the systems into 1systems!"; }; + stockholm-issues = { + cgit.desc = "Issue tracker"; + }; tinc_graphs = { cgit.desc = "Tinc Advanced Graph Generation"; }; diff --git a/makefu/2configs/hw/stk1160.nix b/makefu/2configs/hw/stk1160.nix index e73741e26..b3a9e1a5a 100644 --- a/makefu/2configs/hw/stk1160.nix +++ b/makefu/2configs/hw/stk1160.nix @@ -1,8 +1,9 @@ { pkgs, ... }: { # TODO: un-pin linuxPackages somehow + boot.kernelPackages = builtins.trace "Warning: overriding kernel Packages with 4.9" pkgs.linuxPackages; nixpkgs.config.packageOverrides = pkgs: { - linux_latest = pkgs.linux_latest.override { + linux_4_9 = pkgs.linux_4_9.override { extraConfig = '' MEDIA_ANALOG_TV_SUPPORT y VIDEO_STK1160_COMMON m diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 509ed512d..0865a0841 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -1,15 +1,30 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: -{ +let + mainUser = config.krebs.build.user.name; +in { services.printing = { enable = true; drivers = [ pkgs.samsungUnifiedLinuxDriver - pkgs.cups-dymo + pkgs.cups-dymo # dymo labelwriter + pkgs.foo2zjs # magicolor 1690mf ]; }; # scanners are printers just in reverse anyway - hardware.sane.enable = true; - hardware.sane.extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + services.saned.enable = true; + users.users."${mainUser}".extraGroups = [ "scanner" ]; + + hardware.sane = { + enable = true; + extraBackends = [ pkgs.samsungUnifiedLinuxDriver ]; + + # $ scanimage -p --format=jpg --mode=Gray --source="Automatic Document Feeder" -v --batch="lol%d.jpg" --resolution=150 + + # requires 'sane-extra', scan via: + extraConfig."magicolor" = '' + net 10.42.20.30 0x2098 + ''; # 10.42.20.30: uhrenkind.shack magicolor 1690mf + }; } diff --git a/makefu/2configs/stats/nodisk-client.nix b/makefu/2configs/stats/nodisk-client.nix new file mode 100644 index 000000000..fc8a268ce --- /dev/null +++ b/makefu/2configs/stats/nodisk-client.nix @@ -0,0 +1,60 @@ +{pkgs, config, ...}: +{ + # disk module wakes up parked disks + services.collectd = { + enable = true; + aut |