summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ci.nix8
-rw-r--r--default.nix2
-rw-r--r--flake.lock52
-rw-r--r--flake.nix22
-rw-r--r--kartei/0x4A6F/default.nix26
-rw-r--r--kartei/default.nix8
-rw-r--r--kartei/kmein/default.nix25
-rw-r--r--kartei/lass/neoprism.nix9
-rw-r--r--kartei/lass/prism.nix3
-rw-r--r--kartei/lass/xerxes.nix48
-rw-r--r--kartei/makefu/default.nix10
-rw-r--r--kartei/makefu/ssh/susanne.pub1
-rw-r--r--kartei/tv/default.nix59
-rw-r--r--kartei/tv/hosts/fu.nix1
-rw-r--r--kartei/tv/hosts/leg.nix1
-rw-r--r--kartei/tv/hosts/ne.nix57
-rw-r--r--kartei/tv/hosts/ni.nix70
-rw-r--r--kartei/tv/hosts/pi.nix1
-rw-r--r--kartei/tv/hosts/zoppo.nix1
-rw-r--r--kartei/tv/ssh/mv@vod.id_ed25519.pub1
-rw-r--r--kartei/tv/ssh/tv@nomic.id_rsa.pub1
-rw-r--r--kartei/tv/ssh/tv@wu.id_rsa.pub1
-rw-r--r--kartei/tv/ssh/tv@xu.id_rsa.pub1
-rw-r--r--krebs/1systems/hotdog/config.nix11
-rw-r--r--krebs/1systems/ponte/config.nix12
-rw-r--r--krebs/1systems/puyak/config.nix9
-rw-r--r--krebs/2configs/buildbot-stockholm.nix2
-rw-r--r--krebs/2configs/exim-smarthost.nix1
-rw-r--r--krebs/2configs/hw/x220.nix4
-rw-r--r--krebs/2configs/mastodon.nix28
-rw-r--r--krebs/2configs/nameserver.nix14
-rw-r--r--krebs/2configs/reaktor2.nix14
-rw-r--r--krebs/2configs/repo-sync.nix7
-rw-r--r--krebs/2configs/shack/share.nix28
-rw-r--r--krebs/2configs/shack/ssh-keys.nix1
-rw-r--r--krebs/2configs/shack/worlddomination.nix51
-rw-r--r--krebs/3modules/airdcpp.nix2
-rw-r--r--krebs/3modules/announce-activation.nix2
-rw-r--r--krebs/3modules/backup.nix2
-rw-r--r--krebs/3modules/brockman.nix5
-rw-r--r--krebs/3modules/build.nix2
-rw-r--r--krebs/3modules/ci/default.nix4
-rw-r--r--krebs/3modules/dns.nix2
-rw-r--r--krebs/3modules/exim-retiolum.nix2
-rw-r--r--krebs/3modules/exim-smarthost.nix2
-rw-r--r--krebs/3modules/exim.nix2
-rw-r--r--krebs/3modules/git.nix2
-rw-r--r--krebs/3modules/github/known-hosts.nix1
-rw-r--r--krebs/3modules/hosts.nix3
-rw-r--r--krebs/3modules/htgen.nix2
-rw-r--r--krebs/3modules/iana-etc.nix2
-rw-r--r--krebs/3modules/iptables.nix8
-rw-r--r--krebs/3modules/konsens.nix2
-rw-r--r--krebs/3modules/on-failure.nix2
-rw-r--r--krebs/3modules/per-user.nix7
-rw-r--r--krebs/3modules/permown.nix8
-rw-r--r--krebs/3modules/reaktor2.nix8
-rw-r--r--krebs/3modules/realwallpaper.nix2
-rw-r--r--krebs/3modules/repo-sync.nix3
-rw-r--r--krebs/3modules/secret.nix4
-rw-r--r--krebs/3modules/setuid.nix9
-rw-r--r--krebs/3modules/ssh.nix38
-rw-r--r--krebs/3modules/sync-containers3.nix6
-rw-r--r--krebs/3modules/systemd.nix2
-rw-r--r--krebs/3modules/tinc.nix22
-rw-r--r--krebs/3modules/tinc_graphs.nix2
-rw-r--r--krebs/3modules/urlwatch.nix3
-rw-r--r--krebs/3modules/users.nix2
-rw-r--r--krebs/3modules/zones.nix3
-rw-r--r--krebs/5pkgs/default.nix5
-rw-r--r--krebs/5pkgs/haskell/X11-aeson.nix13
-rw-r--r--krebs/5pkgs/haskell/blessings.nix28
-rw-r--r--krebs/5pkgs/haskell/blessings/default.nix16
-rw-r--r--krebs/5pkgs/haskell/email-header.nix46
-rw-r--r--krebs/5pkgs/haskell/kirk.nix22
-rw-r--r--krebs/5pkgs/haskell/mailaids.nix21
-rw-r--r--krebs/5pkgs/haskell/nix-serve-ng.nix30
-rw-r--r--krebs/5pkgs/haskell/purebred-email/default.nix30
-rw-r--r--krebs/5pkgs/haskell/purebred-email/untweak-mime-version-header.patch65
-rw-r--r--krebs/5pkgs/haskell/reaktor2/default.nix32
-rw-r--r--krebs/5pkgs/haskell/scanner.nix13
-rw-r--r--krebs/5pkgs/haskell/xmonad-aeson.nix13
-rw-r--r--krebs/5pkgs/haskell/xmonad-stockholm.nix18
-rw-r--r--krebs/5pkgs/simple/K_belwagen.nix38
-rw-r--r--krebs/5pkgs/simple/TabFS/src.json2
-rw-r--r--krebs/5pkgs/simple/airdcpp-webclient/default.nix2
-rw-r--r--krebs/5pkgs/simple/bepasty-client-cli/default.nix23
-rw-r--r--krebs/5pkgs/simple/bling/default.nix5
-rw-r--r--krebs/5pkgs/simple/brain/default.nix35
-rw-r--r--krebs/5pkgs/simple/buildbot-classic-slave/default.nix18
-rw-r--r--krebs/5pkgs/simple/cac-panel/default.nix18
-rw-r--r--krebs/5pkgs/simple/certaids.nix109
-rw-r--r--krebs/5pkgs/simple/cgit-clear-cache.nix6
-rw-r--r--krebs/5pkgs/simple/collectd-connect-time/default.nix6
-rw-r--r--krebs/5pkgs/simple/cunicu.nix2
-rw-r--r--krebs/5pkgs/simple/default.nix13
-rw-r--r--krebs/5pkgs/simple/dic/default.nix39
-rw-r--r--krebs/5pkgs/simple/drivedroid-gen-repo/default.nix22
-rw-r--r--krebs/5pkgs/simple/ecrypt/default.nix111
-rw-r--r--krebs/5pkgs/simple/eximlog.nix28
-rw-r--r--krebs/5pkgs/simple/font-size.nix1
-rw-r--r--krebs/5pkgs/simple/fortclientsslvpn/default.nix14
-rw-r--r--krebs/5pkgs/simple/ftb/default.nix6
-rw-r--r--krebs/5pkgs/simple/games-user-env/default.nix34
-rw-r--r--krebs/5pkgs/simple/generate-secrets/default.nix49
-rw-r--r--krebs/5pkgs/simple/git-hooks/default.nix7
-rw-r--r--krebs/5pkgs/simple/gitignore.nix46
-rw-r--r--krebs/5pkgs/simple/gnokii/default.nix4
-rw-r--r--krebs/5pkgs/simple/goify/default.nix4
-rw-r--r--krebs/5pkgs/simple/hashPassword/default.nix15
-rw-r--r--krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur36
-rw-r--r--krebs/5pkgs/simple/htgen/default.nix2
-rw-r--r--krebs/5pkgs/simple/internetarchive/default.nix39
-rw-r--r--krebs/5pkgs/simple/irc-announce/default.nix4
-rw-r--r--krebs/5pkgs/simple/krebspaste/default.nix12
-rw-r--r--krebs/5pkgs/simple/logf/default.nix112
-rw-r--r--krebs/5pkgs/simple/netcup/default.nix33
-rw-r--r--krebs/5pkgs/simple/nixos-format-error.nix107
-rw-r--r--krebs/5pkgs/simple/ovh-zone/default.nix6
-rw-r--r--krebs/5pkgs/simple/python-dnsstamps.nix2
-rw-r--r--krebs/5pkgs/simple/qrscan.nix7
-rw-r--r--krebs/5pkgs/simple/reaktor2-plugins/default.nix (renamed from krebs/5pkgs/simple/reaktor2-plugins.nix)10
-rwxr-xr-xkrebs/5pkgs/simple/reaktor2-plugins/scripts/random-emoji.sh (renamed from krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh)0
-rwxr-xr-xkrebs/5pkgs/simple/reaktor2-plugins/scripts/random-issue.sh (renamed from krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh)0
-rwxr-xr-xkrebs/5pkgs/simple/reaktor2-plugins/scripts/sed-plugin.py (renamed from krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py)0
-rwxr-xr-xkrebs/5pkgs/simple/reaktor2-plugins/scripts/shack-correct.sh (renamed from krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh)0
-rwxr-xr-xkrebs/5pkgs/simple/reaktor2-plugins/scripts/tell-on_join.sh (renamed from krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh)0
-rwxr-xr-xkrebs/5pkgs/simple/reaktor2-plugins/scripts/tell-on_privmsg.sh (renamed from krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh)0
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix9
-rw-r--r--krebs/5pkgs/simple/repo-sync/default.nix8
-rw-r--r--krebs/5pkgs/simple/ssh-audit.nix2
-rw-r--r--krebs/5pkgs/simple/tinc_graphs/default.nix6
-rw-r--r--krebs/5pkgs/simple/treq/default.nix8
-rw-r--r--krebs/5pkgs/simple/ukrepl.nix6
-rw-r--r--krebs/5pkgs/simple/untilport/default.nix6
-rw-r--r--krebs/5pkgs/simple/urix.nix17
-rw-r--r--krebs/5pkgs/simple/with-tmpdir/default.nix29
-rw-r--r--lib/default.nix1
-rw-r--r--lib/eval-source.nix3
-rw-r--r--lib/impure.nix3
-rw-r--r--lib/pure.nix4
-rw-r--r--lib/types.nix24
-rw-r--r--makefu/vacation-note.md4
143 files changed, 614 insertions, 1651 deletions
diff --git a/ci.nix b/ci.nix
index 212114538..1aecc8e70 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
# usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq .
-with import ./lib;
let
+ lib = pkgs.lib;
pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; };
system =
import <nixpkgs/nixos/lib/eval-config.nix> {
@@ -16,9 +16,9 @@ let
}
;
- ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts;
+ ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts;
build = host: owner:
- ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";});
+ ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${builtins.getEnv "HOME"}/stockholm-build";});
-in mapAttrs (n: h: build n h.owner.name) ci-systems
+in lib.mapAttrs (n: h: build n h.owner.name) ci-systems
diff --git a/default.nix b/default.nix
index 9368dcd9e..45b4f03f6 100644
--- a/default.nix
+++ b/default.nix
@@ -1,7 +1,7 @@
import <nixpkgs/nixos> {} // rec {
lib = import ./lib;
systems = with lib; let
- namespace = getEnv "LOGNAME";
+ namespace = krebs;
systemsDir = <stockholm> + "/${namespace}/1systems";
in
genAttrs
diff --git a/flake.lock b/flake.lock
index 2d9489825..c7b051683 100644
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
- "lastModified": 1737857314,
- "narHash": "sha256-T9THCbnlj4CkKbTP+lisA5PUMoTXE7uh4FyDQzui+dc=",
+ "lastModified": 1768927382,
+ "narHash": "sha256-qdmb8Pm73PADLgO8Q06QfyPbEQS6el9Si+dGQc3TB1I=",
"owner": "Mic92",
"repo": "buildbot-nix",
- "rev": "c077f430f3717d41bb303d031398058665315166",
+ "rev": "eb4e904a8dc1aa12a964752e4fd9977c6aead724",
"type": "github"
},
"original": {
@@ -31,11 +31,11 @@
]
},
"locked": {
- "lastModified": 1736143030,
- "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
+ "lastModified": 1768135262,
+ "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
+ "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@@ -44,6 +44,21 @@
"type": "github"
}
},
+ "flake-utils": {
+ "locked": {
+ "lastModified": 1676283394,
+ "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
"hercules-ci-effects": {
"inputs": {
"flake-parts": [
@@ -56,11 +71,11 @@
]
},
"locked": {
- "lastModified": 1736917206,
- "narHash": "sha256-JTBWmyGf8K1Rwb+gviHIUzRJk/sITtT+72HXFkTZUjo=",
+ "lastModified": 1768476106,
+ "narHash": "sha256-V0YOJRum50gtKgwavsAfwXc9+XAsJCC7386YZx1sWGQ=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
- "rev": "afd0a42e8c61ebb56899315ee4084a8b2e4ff425",
+ "rev": "c19e263e6e22ec7379d972f19e6a322f943c73fb",
"type": "github"
},
"original": {
@@ -70,7 +85,12 @@
}
},
"nix-writers": {
- "flake": false,
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
"locked": {
"lastModified": 1677612737,
"narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=",
@@ -87,11 +107,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1737885589,
- "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
+ "lastModified": 1768886240,
+ "narHash": "sha256-C2TjvwYZ2VDxYWeqvvJ5XPPp6U7H66zeJlRaErJKoEM=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
+ "rev": "80e4adbcf8992d3fd27ad4964fbb84907f9478b0",
"type": "github"
},
"original": {
@@ -116,11 +136,11 @@
]
},
"locked": {
- "lastModified": 1737483750,
- "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=",
+ "lastModified": 1768158989,
+ "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
"owner": "numtide",
"repo": "treefmt-nix",
- "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f",
+ "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 76e47b731..527e4c8ef 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,10 +1,8 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
- nix-writers = {
- url = "git+https://cgit.krebsco.de/nix-writers";
- flake = false;
- };
+ nix-writers.url = "git+https://cgit.krebsco.de/nix-writers";
+ nix-writers.inputs.nixpkgs.follows = "nixpkgs";
# disko.url = "github:nix-community/disko";
# disko.inputs.nixpkgs.follows = "nixpkgs";
buildbot-nix.url = "github:Mic92/buildbot-nix";
@@ -42,6 +40,22 @@
users = self.nixosConfigurations.hotdog.config.krebs.users;
};
overlays.default = import ./krebs/5pkgs/default.nix;
+ packages = let
+ allNames = self.lib.attrNames (self.lib.mapNixDir (x: null) ./krebs/5pkgs/simple);
+ appliedOverlay = (system:
+ let
+ base = self.inputs.nixpkgs.legacyPackages.${system};
+ # Apply nix-writers overlay with fixpoint so its functions can find each other
+ withWriters = nixpkgs.lib.fix (final: base // nix-writers.overlays.default final base);
+ in self.overlays.default {} (withWriters // { lib = self.lib; }));
+ # Only include derivations in packages output
+ getDerivations = overlay: builtins.listToAttrs (builtins.filter (x: x != null) (map (name:
+ let val = overlay.${name} or null;
+ in if val != null && (val.type or null) == "derivation"
+ then { inherit name; value = val; }
+ else null
+ ) allNames));
+ in nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: getDerivations (appliedOverlay system));
lib = import (self.outPath + "/lib/pure.nix") { lib = nixpkgs.lib; };
};
}
diff --git a/kartei/0x4A6F/default.nix b/kartei/0x4A6F/default.nix
index eb3d08e8d..4e96c300c 100644
--- a/kartei/0x4A6F/default.nix
+++ b/kartei/0x4A6F/default.nix
@@ -199,5 +199,31 @@ in {
};
};
};
+ cyclida = {
+ owner = config.krebs.users."0x4A6F";
+ nets = {
+ retiolum = {
+ aliases = [ "cyclida.crustacea.r" ];
+ ip4.addr = "10.243.42.70";
+ ip6.addr = "42:0:4a6f::4270";
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxprJNvjDsxHHHisZARf/UELuoiebeY1HfAJmOeDRZ8Jf931zG+DW
+ tXLsTKlN96Wc2HL+Y3bx366/NfF5bN6/PmNou1HAJgyFEhUHmFfx+8oYlCNSnJUA
+ vxHHSeB3rE1fmeW+Nr+fjCrb1mMIgY/HgbN7heOx7DDzZk22INtsEXo1tMM2Dfbc
+ 83IgcFsfFHjb6HUNMHjMl12wpVzm7vwFby/i4Pyk7dpIcqLGis4YDA+GuSbFRFxA
+ YlE7VkKCGF8zDmNB4iaSD/k1gPi0oJ4DBJ4pe6l/TDOpZ9ROVvBhYwZVoHM55XVL
+ 9UV2Q+AQwZVqoVtcD9BI3WYbuDAFVI1IA8K85m0/g/5ML+d8oezYu9CXmjtUyG02
+ YkHiytMyk8kYxrBr7qBOvy/XegLiF6zf1cVLDTkgTZCDhvIJRBlae6xocWAtlygB
+ /ngMyKcizrCtZnDGc4lx0DMrkP2lrGTv9ur8NCesqxZZth+XqdecTiQyLHALhp3j
+ mmLWMkFLgpE5BlZPkUb7LrZu4Y6fH7ARWjlPUAXnBnBrsYKwNLa7RHDrXWaMf2ph
+ beUgQqFqA20aGq7Bpj8Io7AukDNOb1/JjgtncPmlVRn+0lMDU3YWBrI8g99S+k7R
+ O62hZbOeZODEHxWAF5Dok5F0rT62alAfsd9zPUJxGmmYi0knVPiA2WUCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ tinc.pubkey_ed25519 = "yl5m9xZe+8C0jnpd3YOyWdgRkJqo5sv6JQajAEskrTP";
+ };
+ };
+ };
};
}
diff --git a/kartei/default.nix b/kartei/default.nix
index 046efdd7b..7624807a0 100644
--- a/kartei/default.nix
+++ b/kartei/default.nix
@@ -1,15 +1,15 @@
-{ config, lib, ... }: let
+{ lib, ... }@arg: let
removeTemplate =
# TODO don't remove during CI
lib.flip builtins.removeAttrs ["template"];
in {
- config =
- lib.mkMerge
+ imports =
(lib.mapAttrsToList
(name: _type: let
path = ./. + "/${name}";
in {
- krebs = import path { inherit config lib; };
+ _file = toString path;
+ krebs = import path arg;
})
(removeTemplate
(lib.filterAttrs
diff --git a/kartei/kmein/default.nix b/kartei/kmein/default.nix
index 084d796a7..61ee37823 100644
--- a/kartei/kmein/default.nix
+++ b/kartei/kmein/default.nix
@@ -32,6 +32,31 @@ in
};
};
hosts = mapAttrs hostDefaults {
+ kibbeh = {
+ nets.retiolum = {
+ aliases = [
+ "kibbeh.r"
+ "kibbeh.kmein.r"
+ ];
+ ip4.addr = "10.243.2.188";
+ tinc.pubkey_ed25519 = "4fQvL3t86kqZ6fedkfjrptiLjGsqQyvs04cXbSgyxwD";
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAlLQRY0ya5NNVAlap2R3dk5vfLySVZCIgD/CL2xfIMFpC51xLSph0
+ 1kMUqgbznYQ44rhu7VBKM/wWuITIPyT7Jd7K8OiBOyeGAyXdJacAnrUPtX3LmDwu
+ GkpeScAXz496fgHZd9mGFOgofrnrJpbyWWvpez3DGolkjzzMB5POKGYiWnuKUwLA
+ 8z5STJa5yCxwye8dnGGe0HkimfUkQgOg4/pOXPXq2sIY052yCGLOa1kemMRvFXxT
+ HAEHVVbAHC99chTj0s7uxerMDJjtWPXrda1VQJKOYB/UF58k4wbV0kspedqJ5IhQ
+ l3oIVF0Es7kvgRpUeeGTbOEL4UHd98Y9D8vaIZYaSyuGxzjcJpbdO1kqDn6iqSYw
+ vCL2Qe9dROl/h6UBt9rjab4rXablDaFdZvVBG8hsCTe1+artVj07s0JWeatM6jIf
+ BMYhduczjSqgDaIoZzeJ4MH+8RAdBHSKBOOGqIctV8+2C4uwwZdsxAXV0wI+7JZT
+ EtPCueo/yDr4a6jj6a5bG+fkzONuN2jlYTMJmYMDtlbC7UpV2ijZAXuGw43qaj8M
+ RCnNZOqzTnBmeIx21BMqExABrsei3PqGwSHpj0HSl6IrYam7hWrL/AiqH5Rmbz/3
+ FrjpTwAHxH4SbbO+KKnpdK1Bi0iy4IGLQUTDtpp6vhv41y2PgCwRubECAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
ful = {
nets.retiolum = {
aliases = [
diff --git a/kartei/lass/neoprism.nix b/kartei/lass/neoprism.nix
index 73eda0762..086362938 100644
--- a/kartei/lass/neoprism.nix
+++ b/kartei/lass/neoprism.nix
@@ -1,5 +1,12 @@
{ r6, w6, ... }:
-{
+rec {
+ extraZones = {
+ "krebsco.de" = ''
+ p 60 IN A ${nets.internet.ip4.addr}
+ c 60 IN A ${nets.internet.ip4.addr}
+ paste 60 IN A ${nets.internet.ip4.addr}
+ '';
+ };
nets = rec {
internet = {
ip4 = rec {
diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix
index a44e120b2..33c662bc4 100644
--- a/kartei/lass/prism.nix
+++ b/kartei/lass/prism.nix
@@ -3,9 +3,6 @@ rec {
extraZones = {
"krebsco.de" = ''
cache 60 IN A ${nets.internet.ip4.addr}
- p 60 IN A ${nets.internet.ip4.addr}
- c 60 IN A ${nets.internet.ip4.addr}
- paste 60 IN A ${nets.internet.ip4.addr}
prism 60 IN A ${nets.internet.ip4.addr}
social 60 IN A ${nets.internet.ip4.addr}
'';
diff --git a/kartei/lass/xerxes.nix b/kartei/lass/xerxes.nix
index 96f619a70..985bba5f5 100644
--- a/kartei/lass/xerxes.nix
+++ b/kartei/lass/xerxes.nix
@@ -1,52 +1,6 @@
{ r6, w6, ... }:
{
consul = false;
- nets = rec {
- retiolum = {
- ip4.addr = "10.243.1.3";
- ip6.addr = r6 "3";
- aliases = [
- "xerxes.r"
- ];
- tinc = {
- pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIIECgKCBAEArqEaK+m7WZe/9/Vbc+qx2TjkkRJ9lDgDMr1dvj98xb8/EveUME6U
- MZyAqNjLuKq3CKzJLo02ZmdFs4CT1Hj28p5IC0wLUWn53hrqdy8cCJDvIiKIv+Jk
- gItsxJyMnRtsdDbB6IFJ08D5ReGdAFJT5lqpN0DZuNC6UQRxzUK5fwKYVVzVX2+W
- /EZzEPe5XbE69V/Op2XJ2G6byg9KjOzNJyJxyjwVco7OXn1OBNp94NXoFrUO7kxb
- mTNnh3D+iB4c3qv8woLhmb+Uh/9MbXS14QrSf85ou4kfUjb5gdhjIlzz+jfA/6XO
- X4t86uv8L5IzrhSGb0TmhrIh5HhUmSKT4RdHJom0LB7EASMR2ZY9AqIG11XmXuhj
- +2b5INBZSj8Cotv5aoRXiPSaOd7bw7lklYe4ZxAU+avXot9K3/4XVLmi6Wa6Okim
- hz+MEYjW5gXY+YSUWXOR4o24jTmDjQJpdL83eKwLVAtbrE7TcVszHX6zfMoQZ5M9
- 3EtOkDMxhC+WfkL+DLQAURhgcPTZoaj0cAlvpb0TELZESwTBI09jh/IBMXHBZwI4
- H1gOD5YENpf0yUbLjVu4p82Qly10y58XFnUmYay0EnEgdPOOVViovGEqTiAHMmm5
- JixtwJDz7a6Prb+owIg27/eE1/E6hpfXpU8U83qDYGkIJazLnufy32MTFE4T9fI4
- hS8icFcNlsobZp+1pB3YK4GV5BnvMwOIVXVlP8yMCRTDRWZ4oYmAZ5apD7OXyNwe
- SUP2mCNNlQCqyjRsxj5S1lZQRy1sLQztU5Sff4xYNK+5aPgJACmvSi3uaJAxBloo
- 4xCCYzxhaBlvwVISJXZTq76VSPybeQ+pmSZFMleNnWOstvevLFeOoH2Is0Ioi1Fe
- vnu5r0D0VYsb746wyRooiEuOAjBmni8X/je6Vwr1gb/WZfZ23EwYpGyakJdxLNv3
- Li+LD9vUfOR80WL608sUU45tAx1RAy6QcH/YDtdClbOdK53+cQVTsYnCvDW8uGlO
- scQWgk+od3qvo6yCPO7pRlEd3nedcPSGh/KjBHao6eP+bsVERp733Vb9qrEVwmxv
- jlZ1m12V63wHVu9uMAGi9MhK+2Q/l7uLTj03OYpi4NYKL2Bu01VXfoxuauuZLdIJ
- Z3ZV+qUcjzZI0PBlGxubq6CqVFoSB7nhHUbcdPQ66WUnwoKq0cKmE7VOlJQvJ07u
- /Wsl8BIsxODVt0rTzEAx0hTd5mJCX7sCawRt+NF+1DZizl9ouebNMkNlsEAg4Ps0
- bQerZLcOmpYjGa5+lWDwJIMXVIcxwTmQR86stlP/KQm0vdOvH2ZUWTXcYvCYlHkQ
- sgVnnA2wt+7UpZnEBHy04ry+jYaSsPdYgwIDAQAB
- -----END RSA PUBLIC KEY-----
- '';
- pubkey_ed25519 = "PRtxFg/zw8dmwEGEM+u28N5GWuGNiHSNlaieplVSqQK";
- };
- };
- wiregrill = {
- ip6.addr = w6 "3";
- aliases = [
- "xerxes.w"
- ];
- wireguard.pubkey = "UTm8B8YUVvBGqwwxAUMVFsVQFQGQ6jbcXAavZ8LxYT8=";
- };
- };
secure = true;
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
- syncthing.id = "EA76ZHP-DF2I3CJ-NNTFEUH-YGPQK5S-T7FQ6JA-BNQQUNC-GF2YL46-CKOZCQM";
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP017KDMPZgXeb5pwo8sOD9R16vEaHFp523HGyeWPIIa";
}
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix
index 2baf6ef5a..e92aeec93 100644
--- a/kartei/makefu/default.nix
+++ b/kartei/makefu/default.nix
@@ -205,11 +205,13 @@ in {
gum = rec {
extraZones = {
"krebsco.de" = ''
+ abook.euer IN A ${nets.internet.ip4.addr}
admin.work.euer IN A ${nets.internet.ip4.addr}
api.work.euer IN A ${nets.internet.ip4.addr}
atuin.euer IN A ${nets.internet.ip4.addr}
board.euer IN A ${nets.internet.ip4.addr}
bookmark.euer IN A ${nets.internet.ip4.addr}
+ book.euer IN A ${nets.internet.ip4.addr}
boot IN A ${nets.internet.ip4.addr}
boot.euer IN A ${nets.internet.ip4.addr}
build.euer IN A ${nets.internet.ip4.addr}
@@ -241,12 +243,16 @@ in {
play.work.euer IN A ${nets.internet.ip4.addr}
push.work.euer IN A ${nets.internet.ip4.addr}
rss.euer IN A ${nets.internet.ip4.addr}
+ mdrss.euer IN A ${nets.internet.ip4.addr}
share.euer IN A ${nets.internet.ip4.addr}
ul.work.euer IN A ${nets.internet.ip4.addr}
wg.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
work.euer IN A ${nets.internet.ip4.addr}
+ shop.euer IN A ${nets.internet.ip4.addr}
+ matrix.euer IN A ${nets.internet.ip4.addr}
+ element.euer IN A ${nets.internet.ip4.addr}
mediengewitter IN CNAME over.dose.io.
nixos.unstable IN CNAME krebscode.github.io.
@@ -371,6 +377,10 @@ in {
pgp.pubkeys.default = builtins.readFile ./pgp/default.asc;
pgp.pubkeys.brain = builtins.readFile ./pgp/brain.asc;
};
+ susanne = {
+ mail = "susanne@shackspace.de";
+ pubkey = pub-for "susanne";
+ };
makefu-omo = {
inherit (makefu) mail pgp;
pubkey = pub-for "makefu.omo";
diff --git a/kartei/makefu/ssh/susanne.pub b/kartei/makefu/ssh/susanne.pub
new file mode 100644
index 000000000..c8ab55661
--- /dev/null
+++ b/kartei/makefu/ssh/susanne.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIm3+udjYo+7nv+Rb4GJJarQJh+ATrLdkUuIaQOst7oS1Qb5PjAYCooOuJDQdZwVKHrqm3DF5XVcn6KxA6s7RxHvjIZfhSZUBg4nxF7Md+ZReHNm84AnL6yYHRCwuuZUQ008mipJklZuaYHMIprF0sfHWvPGxjElYJQaLudP1ZcdaRvSusEpOQ6Phlbln4w+3CezbL1BgsYnZtaQzb6LISYLco/eZ5DS/uLZeSYgzhX1KorO8YtGpaE6XvuruqTuQFcT62HKJ8XT4wwp43ZdqKECY/ee7A4MFlvCl7E3TWDRbhxsh8pdL2q+4SGEWrAtDMHxjxrXMoBXlinZ35OjtV3QnCDIFm1p6p84n9OCnu2wjD1J2/CtntKwV82fI2W7kUDHndsOYiHF4v9jBcnYQaOyeWRljtWc02YVHfxIoP7toqSE7gXGDdb1Kwj6l8dGS3qGAmnRTu7tUeJOD0fgd/OUrO8M/fgUaAcU3dnn5nYNSbTMsD6eIsX6tyhKYSv7c= susi@noether
diff --git a/kartei/tv/default.nix b/kartei/tv/default.nix
index e81bdd32b..848646510 100644
--- a/kartei/tv/default.nix
+++ b/kartei/tv/default.nix
@@ -1,29 +1,22 @@
-{ config, lib, ... }@attrs: let
- inherit (builtins)
- getAttr head mapAttrs match pathExists readDir readFile typeOf;
- inherit (lib)
- const hasAttrByPath mapAttrs' mkDefault mkIf optionalAttrs removeSuffix
- toList;
- slib = import ../../lib/pure.nix { inherit lib; };
+{ config, lib, ... }: let
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
+
+ extend = x: f: {
+ lambda = lib.recursiveUpdate x (f x);
+ set = lib.recursiveUpdate x f;
+ }.${builtins.typeOf f};
in {
dns.providers = {
"viljetic.de" = "regfish";
};
hosts =
- mapAttrs
- (hostName: hostFile: let
- hostSource = import hostFile;
- hostConfig = getAttr (typeOf hostSource) {
- lambda = hostSource attrs;
- set = hostSource;
- };
- in slib.evalSubmodule slib.types.host [
- hostConfig
+ builtins.mapAttrs
+ (hostName: lib.flip (builtins.foldl' extend) [
{
name = hostName;
owner = config.krebs.users.tv;
}
- (optionalAttrs (hasAttrByPath ["nets" "retiolum"] hostConfig) {
+ (hostConfig: lib.optionalAttrs (lib.hasAttrByPath ["nets" "retiolum"] hostConfig) {
nets.retiolum = {
ip6.addr =
(slib.krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
@@ -31,29 +24,31 @@ in {
})
(let
pubkey-path = ./wiregrill + "/${hostName}.pub";
- in optionalAttrs (pathExists pubkey-path) {
+ in lib.optionalAttrs (builtins.pathExists pubkey-path) {
nets.wiregrill = {
aliases = [
"${hostName}.w"
];
ip6.addr =
(slib.krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address;
- wireguard.pubkey = readFile pubkey-path;
+ wireguard.pubkey = builtins.readFile pubkey-path;
};
})
- (host: mkIf (host.config.ssh.pubkey != null) {
- ssh.privkey = mapAttrs (const mkDefault) {
- path = "${config.krebs.secret.directory}/ssh.id_${host.config.ssh.privkey.type}";
- type = head (toList (builtins.match "ssh-([^ ]+) .*" host.config.ssh.pubkey));
+ (hostConfig: lib.optionalAttrs (hostConfig.ssh.pubkey or null != null) {
+ ssh.privkey = builtins.mapAttrs (lib.const lib.mkDefault) rec {
+ path = "${config.krebs.secret.directory}/ssh.id_${type}";
+ type = builtins.head (lib.toList (builtins.match "ssh-([^ ]+) .*" hostConfig.ssh.pubkey));
};
})
])
- (mapAttrs'
+ (lib.mapAttrs'
(name: type: {
- name = removeSuffix ".nix" name;
- value = ./hosts + "/${name}";
+ name = lib.removeSuffix ".nix" name;
+ value = lib.toFunction (import (./hosts + "/${name}")) {
+ inherit config lib slib;
+ };
})
- (readDir ./hosts));
+ (builtins.readDir ./hosts));
sitemap = {
"http://cgit.krebsco.de" = {
desc = "Git repositories";
@@ -70,21 +65,21 @@ in {
};
mv-ni = {
mail = "mv@ni.r";
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod";
+ pubkey = builtins.readFile (./ssh + "/mv@vod.id_ed25519.pub");
};
tv = {
mail = "tv@nomic.r";
- pgp.pubkeys.default = readFile ./pgp/CBF89B0B.asc;
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu";
+ pgp.pubkeys.default = builtins.readFile ./pgp/CBF89B0B.asc;
+ pubkey = builtins.readFile (./ssh + "/tv@wu.id_rsa.pub");
uid = 1337; # TODO use default and document what has to be done (for vv)
};
tv-nomic = {
inherit (config.krebs.users.tv) mail;
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2";
+ pubkey = builtins.readFile (./ssh + "/tv@nomic.id_rsa.pub");
};
tv-xu = {
inherit (config.krebs.users.tv) mail;
- pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu";
+ pubkey = builtins.readFile (./ssh + "/tv@xu.id_rsa.pub");
};
vv = {
mail = "vv@mu.r";
diff --git a/kartei/tv/hosts/fu.nix b/kartei/tv/hosts/fu.nix
index f33da59c9..c3f2f9297 100644
--- a/kartei/tv/hosts/fu.nix
+++ b/kartei/tv/hosts/fu.nix
@@ -20,5 +20,4 @@
};
secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8T+2Oe6qCE0uEb9H7CWZengyhHK30NelmYmpI4Umpm root@fu";
- syncthing.id = "F5B3EPT-OEOFYMV-GATESYO-727M6R4-YBXGW6Q-SG3QWC7-PPVFX4C-AY4UKAJ";
}
diff --git a/kartei/tv/hosts/leg.nix b/kartei/tv/hosts/leg.nix
index c09749302..5841c72d5 100644
--- a/kartei/tv/hosts/leg.nix
+++ b/kartei/tv/hosts/leg.nix
@@ -23,5 +23,4 @@
};
secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGiputkYYQbg8sUHu+dMVOEuqhPYwPhPdmkS6LopPx17 root@leg";
- syncthing.id = "5IB2U3K-HNQWNA4-ULYNPZF-XC3HX4D-IKQB72L-GNF6U2P-RNL4OMF-BWGDVAU";
}
diff --git a/kartei/tv/hosts/ne.nix b/kartei/tv/hosts/ne.nix
new file mode 100644
index 000000000..1191fcb71
--- /dev/null
+++ b/kartei/tv/hosts/ne.nix
@@ -0,0 +1,57 @@
+{ config, ... }: {
+ extraZones = {
+ "krebsco.de" = ''
+ @ 60 IN MX 5 ne
+ @ 60 IN TXT "v=spf1 mx -all"
+ ne 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr}
+ ne 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr}
+ cgit 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr}
+ cgit 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr}
+ cgit.ne 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr}
+ search.ne 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr}
+ tv 300 IN NS ne
+ '';
+ };
+ nets = {
+ internet = {
+ aliases = [
+ "ne.i"
+ "cgit.ne.i"
+ ];
+ ip4 = {
+ addr = "159.195.31.38";
+ };
+ ip6 = {
+ addr = "2a0a:4cc0:c1:5eb0::1";
+ prefixLength = 64;
+ };
+ ssh.port = 11423;
+ };
+ mycelium = {
+ aliases = [
+ "ne.m"
+ ];
+ ip6.addr = "45f:fa21:4bdd:a758:8091:947d:fe84:fac3";
+ via = config.krebs.hosts.ne.nets.internet;
+ };
+ retiolum = {
+ aliases = [
+ "ne.r"
+ "cgit.ne.r"
+ "krebs.ne.r"
+ "search.ne.r"
+ "p.ne.r"
+ "p.tv.r"
+ ];
+ ip4.addr = "10.243.113.224";
+ via = config.krebs.hosts.ne.nets.internet;
+ };
+ wiregrill = {
+ ip4.addr = "10.244.3.2";
+ via = config.krebs.hosts.ne.nets.internet;
+ wireguard.subnets = [
+ (slib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
+ ];
+ };
+ };
+}
diff --git a/kartei/tv/hosts/ni.nix b/kartei/tv/hosts/ni.nix
deleted file mode 100644
index d64874d9c..000000000
--- a/kartei/tv/hosts/ni.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ config, lib, ... }: let
- slib = import ../../../lib/pure.nix { inherit lib; };
-in {
- extraZones = {
- "krebsco.de" = ''
- ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
- ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
- cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
- cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
- cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
- cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
- search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
- search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr}
- krebsco.de. 60 IN MX 5 ni
- krebsco.de. 60 IN TXT "v=spf1 mx -all"
- tv 300 IN NS ni
- '';
- };
- nets = {
- internet = {
- ip4 = rec {
- addr = "185.162.251.237";
- prefix = "${addr}/32";
- };
- ip6 = rec {
- addr = "2a03:4000:1a:cf::1";
- prefix = "${addr}/64";
- };
- aliases = [
- "ni.i"
- "cgit.ni.i"
- ];
- ssh.port = 11423;
- };
- retiolum = {
- via = config.krebs.hosts.ni.nets.internet;
- ip4.addr = "10.243.113.223";
- aliases = [
- "ni.r"
- "cgit.ni.r"
- "krebs.ni.r"
- "search.ni.r"
- ];
- tinc.pubkey = ''
- -----BEGIN RSA PUBLIC KEY-----
- MIICCgKCAgEA7NHuW8eLVhpBfL70WwcSGVmv4dijKLJs5cH/BmqK8zN2lpiLKt12
- bhaE1YEhGoGma7Kef1Fa0V9xUkJy6C1+sVlfWp/LeY8VRSX5E3u36TEl6kl/4zu6
- Ea/44BoGUSOC9ImxVEX51czA10PFjUSrGFyK0oaRlKNsTwwpNiBOY7/6i74bhn59
- OIsySRUBd2QPjYhJkiuc7gltVfwt6wteZh8R4w2rluVGYLQPsmN/XEWgJbhzI4im
- W+3/bdewHVF1soZWtdocPLeXTn5HETX5g8p2V3bwYL37oIwkCcYxOeQtT7W+lNJ2
- NvIiVh4Phojl4dBUgUQGT0NApMnsaG/4LJpSC4AGiqbsznBdSPhepob7zJggPnWY
- nfAs+YrUUZp1wovhSgWfYTRglRuyYvWkoGbq411H1efawyZ0gcMr+HQlSn2keQOv
- lbcvdgOAxQiEcPVixPq3mTeKaSxWyIJGFceuqtnILGifRNvViX0uo9g5rLQ41PrJ
- 9F3azz3gD2Uh73j5pvLU72cge7p1a7epPYWTJYf8oc5JcI3nYTKpSqH8IYaWUjv9
- q0NwOYFDhYtUcTwdbUNl/tUWKyBcovIe7f40723pHSijiPV2WDZC2M/mOc3dvWKF
- Mf00uin+7uMuKtnG6+1z5nKb/AWrqN1RZu0rnG/IkZPKwa19HYsYcOkCAwEAAQ==
- -----END RSA PUBLIC KEY-----
- '';
- tinc.pubkey_ed25519 = "nDuK96NlNhcxzlX7G30w/706RxItb+FhkFkz/VhUgCE";
- };
- wiregrill = {
- via = config.krebs.hosts.ni.nets.internet;
- ip4.addr = "10.244.3.1";
- wireguard.subnets = [
- (slib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
- ];
- };
- };
- ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb";
-}
diff --git a/kartei/tv/hosts/pi.nix b/kartei/tv/hosts/pi.nix
index 991bc0086..cfcc71a28 100644
--- a/kartei/tv/hosts/pi.nix
+++ b/kartei/tv/hosts/pi.nix
@@ -1,4 +1,3 @@
{
nets.wiregrill.ip4.addr = "10.244.3.102";
- syncthing.id = "NLR6FLV-2MJQSZ6-4M5QBBB-X2UM225-YGB6IYW-F2EGFV6-D7ZDCWY-27EQAAM";
}
diff --git a/kartei/tv/hosts/zoppo.nix b/kartei/tv/hosts/zoppo.nix
index 4d312105f..abbcc08dc 100644
--- a/kartei/tv/hosts/zoppo.nix
+++ b/kartei/tv/hosts/zoppo.nix
@@ -20,5 +20,4 @@
};
secure = true;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMk5DVtgzKmbJTsJs81GIMYE3YblnJJTc/FtVukKJK4J root@zoppo";
- syncthing.id = "F4GDV3I-QX6QAA5-32MXHXE-2RJDYBO-RFXGDFR-EGMN4IQ-OJDKL62-NCUWOAQ";
}
diff --git a/kartei/tv/ssh/mv@vod.id_ed25519.pub b/kartei/tv/ssh/mv@vod.id_ed25519.pub
new file mode 100644
index 000000000..7b7d2e260
--- /dev/null
+++ b/kartei/tv/ssh/mv@vod.id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGer9e2+Lew7vnisgBbsFNECEIkpNJgEaqQqgb9inWkQ mv@vod
diff --git a/kartei/tv/ssh/tv@nomic.id_rsa.pub b/kartei/tv/ssh/tv@nomic.id_rsa.pub
new file mode 100644
index 000000000..519beb0e6
--- /dev/null
+++ b/kartei/tv/ssh/tv@nomic.id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dYR/n4Yw8OsYmfR2rSUG7o10G6AqOlSJHuHSEmANbMkqjiWl1TnpORtt5bAktyAGI4vWf9vhNEnxuIqGXWSV+3yCd7yfBHR1m0Y9QSw6blQ0xc1venl3JU0kpEyJfUn8a9cdXlnRiS0MP1gcsN7Zk8cqBELJYJajkSEnsT4eVaU5/wdnyzUO1fk8D8tFBJbF/tsWDLJPu4P18rpxq4wZgA2qmyHoVDEVlrz2OYcziXT6gpG0JGnToteaNg9ok5QavEYFpp8P+k1AacrBjc1PAb4MaMX1nfkSyaZwSqLdH35XkNRgPhVVmqZ5PlG3VeNpPSwpdcKi8P3zH1xG9g6Usx1SAyvcoAyGHdOwmFuA2tc1HgYEiQ+OsPrHZHujBOOZsKTN9+IZHScCAe+UmUcK413WEZKPs8PeFjf1gQAoDXb55JpksxLAnC/SQOl4FhkctIAXxr12ALlyt9UFPzIoj/Nj2MpFzGSlf653fTFmnMbQ8+GICc4TUpqx5GELZhfQuprBTv/55a9zKvM4B8XT3Bn9olQzMQIXEjXb3WUVFDDNWeNydToorYn1wG3ZWQ+3f0IlqRicWO7Q9BRj1Lp5rcUCb+naJ48tGY6HFUZ1Kz/0x458GDFvUd8mCJjqqmeSkUEeZd0xet5tVFg/bYoSslEqPF6pz7V3ruJMSdYxnQ== tv@nomic #2
diff --git a/kartei/tv/ssh/tv@wu.id_rsa.pub b/kartei/tv/ssh/tv@wu.id_rsa.pub
new file mode 100644
index 000000000..b6e2634e8
--- /dev/null
+++ b/kartei/tv/ssh/tv@wu.id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDFR//RnCvEZAt0F6ExDsatKZ/DDdifanuSL360mqOhaFieKI34RoOwfQT9T+Ga52Vh5V2La6esvlph686EdgzeKLvDoxEwFM9ZYFBcMrNzu4bMTlgE7YUYw5JiORyXNfznBGnme6qpuvx9ibYhUyiZo99kM8ys5YrUHrP2JXQJMezDFZHxT4GFMOuSdh/1daGoKKD6hYL/jEHX8CI4E3BSmKK6ygYr1fVX0K0Tv77lIi5mLXucjR7CytWYWYnhM6DC3Hxpv2zRkPgf3k0x/Y1hrw3V/r0Me5h90pd2C8pFaWA2ZoUT/fmyVqvx1tZPYToU/O2dMItY0zgx2kR0yD+6g7Aahz3R+KlXkV8k5c8bbTbfGnZWDR1ZlbLRM9Yt5vosfwapUD90MmVkpmR3wUkO2sUKi80QfC7b4KvSDXQ+MImbGxMaU5Bnsq1PqLN95q+uat3nlAVBAELkcx51FlE9CaIS65y4J7FEDg8BE5JeuCNshh62VSYRXVSFt8bk3f/TFGgzC8OIo14BhVmiRQQ503Z1sROyf5xLX2a/EJavMm1i2Bs2TH6ROKY9z5Pz8hT5US0r381V8oG7TZyLF9HTtoy3wCYsgWA5EmLanjAsVU2YEeAA0rxzdtYP8Y2okFiJ6u+M4HQZ3Wg3peSodyp3vxdYce2vk4EKeqEFuuS82850DYb7Et7fmp+wQQUT8Q/bMO0DreWjHoMM5lE4LJ4ME6AxksmMiFtfo/4Fe2q9D+LAqZ+ANOcv9M+8Rn6ngiYmuRNd0l/a02q1PEvO6vTfXgcl4f7Z1IULHPEaDNZHCJS1K5RXYFqYQ6OHsTmOm7hnwaRAS97+VFMo1i5uvTx9nYaAcY7yzq3Ckfb67dMBKApGOpJpkvPgfrP7bgBO5rOZXM1opXqVPb09nljAhhAhyCTh1e/8+mJrBo0cLQ/LupQzVxGDgm3awSMPxsZAN45PSWz76zzxdDa1MMo51do+VJHfs7Wl0NcXAQrniOBYL9Wqt0qNkn1gY5smkkISGeQ/vxNap4MmzeZE7b5fpOy+2fpcRVQLpc4nooQzJvSVTFz+25lgZ6iHf45K87gQFMIAri1Pf/EDDpL87az+bRWvWi+BA2kMe1kf+Ay1LyMz8r+g51H0ma0bNFh6+fbWMfUiD9JCepIObclnUJ4NlWfcgHxTf17d/4tl6z4DTcLpCCk8Da77JouSHgvtcRbRlFV1OfhWZLXUsrlfpaQTiItv6TGIr3k7+7b66o3Qw/GQVs5GmYifaIZIz8n8my4XjkaMBd0SZfBzzvFjHMq6YUP9+SbjvReqofuoO+5tW1wTYZXitFFBfwuHlXm6w77K5QDBW6olT7pat41/F5eGxLcz tv@wu
diff --git a/kartei/tv/ssh/tv@xu.id_rsa.pub b/kartei/tv/ssh/tv@xu.id_rsa.pub
new file mode 100644
index 000000000..76d4f6962
--- /dev/null
+++ b/kartei/tv/ssh/tv@xu.id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/3nkqxe8YrDVt615n96A7iC3vvwsiqgpsBYC/bhwfBHu1bAtBmTWVqSKDIdwg7p8TQpIKtAgZ3IJT3BlrnVTeR4RIviLjHjYWW1NBhm+nXi+heThgi5fLciE3lVLVsy5X9Kc1ZPLgLa1In0REOanwbueOD0ESN1yKIDwUUdczw/o3dLDMzanqFHKuSSN4o9Ex2x+MRj9eLsb706s4VSYMo3lirRCJeAOGv1C7Xg1cuepdhIeJsq9aF7vSy15c0nCkWwr8zdY7pbMPYCe5zvIEymZ0UowZ5HQ3NmIZnYDxa4E1PFjDczHdQbVmmGMI80grNwMsHzQ6bynHSPXDoLf4WodXlhS0+9Ju5QavDT6uqZ9uhDBuWC8QNgWUMIJnEaTBFyA0OI1akl8Q2RLC+qnNf5IwItSq+GDwEsB2ZJNW3kOk1kNiCUrBafRYpPaFeP97wzzP4uYlBKAr2SOLrrkf7NFEdw2ihxhDMNnps/ErRJ8U0zdpmalw8mItGyqRULpHjk/wN00rYOdBIhW3G3QJuVgtGnWtGCBG5x70EfMiSEXPD3YSsVVsgKD+v8qr+YiilRRD+N3gaHhiOWA6HgxRNul/P4llk0ktTpb9LoHk2+oooTH5ZuuT/8yF8J4stZt7EIOH+mSOAXG1z0BwnEkQu7pVKwu/oOZpGJTvBrGwww== tv@xu
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 91071ec85..655192077 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -5,6 +5,17 @@
../../../krebs
../../../krebs/2configs
../../../krebs/2configs/nginx.nix
+ {
+ # Cherry-pick services.nginx.recommendedTlsSettings to fix:
+ # nginx: [emerg] "ssl_conf_command" directive is not supported on this platform
+ services.nginx.recommendedTlsSettings = lib.mkForce false;
+ services.nginx.appendHttpConfig = ''
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_tickets off;
+ ssl_prefer_server_ciphers off;
+ '';
+ }
../../../krebs/2configs/binary-cache/nixos.nix
../../../krebs/2configs/ircd.nix
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
index 8bb14d517..5deeb9923 100644
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@@ -8,6 +8,18 @@
<stockholm/krebs/2configs/nameserver.nix>
];
+ #networking.defaultGateway6 = {
+ # address = "fe80::1";
+ # interface = "ens3";
+ #};
+ #networking.interfaces.ens3.ipv6.addresses = [
+ # {
+ # # old: address = "2a03:4000:13:4c::1";
+ # address = "2a03:4000:1a:cf::1"; #/64"
+ # prefixLength = 64;
+ # }
+ #];
+
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.logRefusedConnections = false;
networking.firewall.logRefusedUnicastsOnly = false;
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index 542106d5f..8e03e3b52 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -11,7 +11,7 @@
# brain hosts/puyak/root
../../2configs/hw/getty-for-esp.nix
- ../../2configs/buildbot/worker.nix
+ # ../../2configs/buildbot/worker.nix
## initrd unlocking
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat /crypt-ramfs/passphrase'
@@ -31,7 +31,7 @@
../../2configs/shack/ssh-keys.nix
# drivedroid.shack for shackphone
- ../../2configs/shack/drivedroid.nix
+ #../../2configs/shack/drivedroid.nix (FIXME error: attribute 'drivedroid-gen-repo' missing)
# ../../2configs/shack/nix-cacher.nix
# Say if muell will be collected
@@ -67,10 +67,10 @@
}
# create samba share for anonymous usage with the laser and 3d printer pc
- ../../2configs/shack/share.nix
+ # ../../2configs/shack/share.nix
# mobile.lounge.mpd.shack
- ../../2configs/shack/mobile.mpd.nix
+ #../../2configs/shack/mobile.mpd.nix (FIXME Compatibility with CMake < 3.5 has been removed from CMake.)
# hass.shack
../../2configs/shack/glados
@@ -159,7 +159,6 @@
services.logind.lidSwitchExternalPower = "ignore";
-
environment.systemPackages = [ pkgs.zsh ];
system.activationScripts."disengage fancontrol" = ''
diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix
index 32452e010..c51d3c651 100644
--- a/krebs/2configs/buildbot-stockholm.nix
+++ b/krebs/2configs/buildbot-stockholm.nix
@@ -19,7 +19,6 @@ with import ../../lib/pure.nix { inherit lib; };
enable = true;
repos = {
disko.urls = [
- "http://cgit.gum.r/disko"
"http://cgit.ni.r/disko"
"http://cgit.orange.r/disko"
];
@@ -33,7 +32,6 @@ with import ../../lib/pure.nix { inherit lib; };
"http://cgit.orange.r/nix-writers"
];
stockholm.urls = [
- "http://cgit.gum.r/stockholm"
"http://cgit.ni.r/stockholm"
"http://cgit.orange.r/stockholm"
];
diff --git a/krebs/2configs/exim-smarthost.nix b/krebs/2configs/exim-smarthost.nix
index ceb11ca64..11b8b3ec1 100644
--- a/krebs/2configs/exim-smarthost.nix
+++ b/krebs/2configs/exim-smarthost.nix
@@ -35,6 +35,7 @@ in {
"brain@krebsco.de" = brain-ml;
"eloop2022@krebsco.de" = eloop-ml;
"2024@eloop.org" = eloop-ml;
+ "2025@eloop.org" = eloop-ml;
"root@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead
"spam@eloop.org" = eloop-ml;
"youtube@eloop.org" = eloop-ml; # obsolete, use spam@eloop.org instead
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index a797673c9..937a20c29 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -17,8 +17,8 @@
};
hardware.opengl.extraPackages = [
- pkgs.vaapiIntel
- pkgs.vaapiVdpau
+ pkgs.intel-vaapi-driver
+ pkgs.libva-vdpau-driver
];
services.xserver = {
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
index b81c229b6..3c7205167 100644
--- a/krebs/2configs/mastodon.nix
+++ b/krebs/2configs/mastodon.nix
@@ -1,4 +1,14 @@
{ config, lib, pkgs, ... }:
+let
+ mastodon-clear-cache = pkgs.writers.writeDashBin "mastodon-clear-cache" ''
+ /run/current-system/sw/bin/mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30
+ /run/current-system/sw/bin/mastodon-tootctl media remove-orphans
+ /run/current-system/sw/bin/mastodon-tootctl preview_cards remove --days=14
+ /run/current-system/sw/bin/mastodon-tootctl accounts prune
+ /run/current-system/sw/bin/mastodon-tootctl statuses remove --days 4
+ /run/current-system/sw/bin/mastodon-tootctl media remove --days 4
+ '';
+in
{
services.postgresql = {
enable = true;
@@ -25,12 +35,20 @@
443
];
+ systemd.services.mastodon-clear-cache = {
+ description = "Mastodon Clear Cache";
+ wantedBy = [ "timers.target" ];
+ startAt = "daily";
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${mastodon-clear-cache}/bin/mastodon-clear-cache";
+ User = "mastodon";
+ WorkingDirectory = "/var/lib/mastodon";
+ };
+ };
+
environment.systemPackages = [
- (pkgs.writers.writeDashBin "clear-mastodon-cache" ''
- mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30
- mastodon-tootctl media remove-orphans
- mastodon-tootctl preview_cards remove --days=14
- '')
+ mastodon-clear-cache
(pkgs.writers.writeDashBin "create-mastodon-user" ''
set -efu
nick=$1
diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix
index 633f6f5d5..c61b5c1b1 100644
--- a/krebs/2configs/nameserver.nix
+++ b/krebs/2configs/nameserver.nix
@@ -66,8 +66,8 @@ in {
- id: hostingde_ns1
address: 134.0.30.178
- - id: krebscode_ni
- address: ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+ - id: krebscode_ne
+ address: ${config.krebs.hosts.ne.nets.internet.ip4.addr}
key: krebs_transfer_notify_key
acl:
@@ -119,7 +119,7 @@ in {
dnssec-policy: rsa2k
notify: henet_ns1
notify: hostingde_ns1
- notify: krebscode_ni
+ notify: krebscode_ne
acl: transfer_to_henet_secondary
acl: transfer_to_hostingde_secondary
acl: transfer_to_krebscode_secondary
@@ -141,10 +141,14 @@ in {
'';
};
+ #krebs.systemd.services.knot.restartIfCredentialsChange = true;
systemd.services."knsupdate-krebsco.de" = {
serviceConfig = {
Type = "oneshot";
SyslogIdentifier = "knsupdate-krebsco.de";
+ #LoadCredential = [
+ # "keys.conf:/var/src/secrets/knot-keys.conf"
+ #];
ExecStart = pkgs.writeDash "knsupdate-krebsco.de" /* sh */ ''
set -efu
@@ -165,8 +169,8 @@ in {
echo server krebsco.de.
echo zone krebsco.de.
echo origin krebsco.de.
- echo add _25._tcp.ni 60 IN TLSA 3 0 1 $certificate_association_data
- echo add _443._tcp.ni 60 IN TLSA 3 0 1 $certificate_association_data
+ echo add _25._tcp.ne 60 IN TLSA 3 0 1 $certificate_association_data
+ echo add _443._tcp.ne 60 IN TLSA 3 0 1 $certificate_association_data
echo show
echo send
echo answer
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index faabf7677..600f7cd6d 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -235,20 +235,20 @@ let
env.TASKDATA = "${stateDir}/${name}";
commands = rec {
add.filename = pkgs.writers.writeDash "${name}-task-add" ''
- ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1"
+ ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} add "$1"
'';
list.filename = pkgs.writers.writeDash "${name}-task-list" ''
- ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export \
+ ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} export \
| ${pkgs.jq}/bin/jq -r '
.[] | select(.id != 0) | "\(.id) \(.description)"
'
'';
delete.filename = pkgs.writers.writeDash "${name}-task-delete" ''
- ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1"
+ ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} delete "$1"
'';
del = delete;
done.filename = pkgs.writers.writeDash "${name}-task-done" ''
- ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1"
+ ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} done "$1"
'';
};
};
@@ -293,7 +293,7 @@ let
{
activate = "always";
command = {
- filename = ../5pkgs/simple/Reaktor/scripts/tell-on_join.sh;
+ filename = ../5pkgs/simple/reaktor2-plugins/scripts/tell-on_join.sh;
env = {
PATH = makeBinPath [
pkgs.coreutils # XXX env, touch
@@ -415,7 +415,7 @@ let
(generators.command_hook {
inherit (commands) dance random-emoji nixos-version;
tell = {
- filename = ../5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh;
+ filename = ../5pkgs/simple/reaktor2-plugins/scripts/tell-on_privmsg.sh;
env = {
PATH = makeBinPath [
pkgs.coreutils # XXX date, env
@@ -456,7 +456,7 @@ in {
printf 'HTTP/1.1 200 OK\r\n'
printf 'Connection: close\r\n'
printf '\r\n'
- TASKDATA=/var/lib/reaktor2/agenda ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export
+ TASKDATA=/var/lib/reaktor2/agenda ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} export
exit
;;
esac
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index a488fdfea..1c7ed4719 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -98,7 +98,7 @@ in {
krebs.secret.files.konsens = {
path = "/var/lib/konsens/.ssh/id_ed25519";
owner = konsens-user;
- source-path = "${config.krebs.secret.directory}/konsens.id_ed25519>";
+ source-path = "${config.krebs.secret.directory}/konsens.id_ed25519";
};
imports = [
@@ -107,9 +107,10 @@ in {
desc = "take all computers hostage, they love it";
section = "configuration";
remotes = {
- makefu = "http://cgit.gum.r/stockholm";
- tv = "http://cgit.ni.r/stockholm";
+ krebs = "https://github.com/krebs/stockholm";
lassulus = "http://cgit.orange.r/stockholm";
+ makefu = "https://cgit.euer.krebsco.de/makefu/stockholm.git";
+ tv = "http://cgit.ni.r/stockholm";
};
})
({ krebs.git = defineRepo {
diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix
index bc483e8d0..0ba22af78 100644
--- a/krebs/2configs/shack/share.nix
+++ b/krebs/2configs/shack/share.nix
@@ -26,21 +26,17 @@
"guest ok" = "yes";
};
};
- extraConfig = ''
- guest account = smbguest
- map to guest = bad user
- # disable printing
- load printers = no
- printing = bsd
- printcap name = /dev/null
- disable spoolss = yes
-
- # for legacy systems
- client min protocol = NT1
- server min protocol = NT1
- workgroup = WORKGROUP
- server string = ${config.networking.hostName}
- netbios name = ${config.networking.hostName}
- '';
+ settings.global = {
+ "guest account" = "smbguest";
+ "map to guest" = "bad user";
+ # disable printing
+ "load printers" = "no";
+ "printing" = "bsd";
+ "printcap name" = "/dev/null";
+ "disable spoolss" = "yes";
+ "workgroup" = "WORKGROUP";
+ "server string" = config.networking.hostName;
+ "netbios name" = config.networking.hostName;
+ };
};
}
diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix
index 80957f3a5..183a81f99 100644
--- a/krebs/2configs/shack/ssh-keys.nix
+++ b/krebs/2configs/shack/ssh-keys.nix
@@ -2,6 +2,7 @@
{
users.users.root.openssh.authorizedKeys.keys = [
config.krebs.users."0x4A6F".pubkey
+ config.krebs.users.susanne.pubkey
config.krebs.users.hase.pubkey
config.krebs.users.neos.pubkey
config.krebs.users.raute.pubkey
diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix
index b7a8f18df..eba6cc83b 100644
--- a/krebs/2configs/shack/worlddomination.nix
+++ b/krebs/2configs/shack/worlddomination.nix
@@ -3,17 +3,16 @@
with import ../../../lib/pure.nix { inherit lib; };
let
pkg = pkgs.stdenv.mkDerivation {
- name = "worlddomination-2020-12-01";
+ name = "worlddomination-2025-04-02";
src = pkgs.fetchFromGitHub {
owner = "shackspace";
repo = "worlddomination";
- rev = "c7aedcde7cd1fcb870b5356a6125e1a384b0776c";
- sha256 = "0y6haz5apwa33lz64l7b2x78wrrckbw39j4wzyd1hfk46478xi2y";
+ rev = "934387c3525e819e6b5981c417a7561d70b8b61a";
+ sha256 = "sha256-AbRqxxY6hYNg4qkk/akuw4f+wJh4nx1hfEA4Lp5B+1E=";
};
buildInputs = [
(pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
docopt
- LinkHeader
aiocoap
grequests
paramiko
@@ -30,51 +29,7 @@ let
};
pythonPackages = pkgs.python3Packages;
# https://github.com/chrysn/aiocoap
- grequests = pythonPackages.buildPythonPackage rec {
- pname = "grequests";
- version = "0.3.1";
- name = "${pname}-${version}";
- src = pkgs.fetchFromGitHub {
- owner = "kennethreitz";
- repo = "grequests";
- rev = "d1e70eb";
- sha256 = "0drfx4fx65k0g5sj0pw8z3q1s0sp7idn2yz8xfb45nd6v82i37hc";
- };
-
- doCheck = false;
-
- propagatedBuildInputs = with pythonPackages; [ requests gevent ];
-
- meta = with lib;{
- description = "Asynchronous HTTP requests";
- homepage = https://github.com/kennethreitz/grequests;
- license = with licenses; [ bsd2 ];
- maintainers = with maintainers; [ matejc ];
- };
- };
-
- aiocoap = pythonPackages.buildPythonPackage {
- name = "aiocoap-0.3";
- src = pkgs.fetchurl { url = "https://pypi.python.org/packages/9c/f6/d839e4b14258d76e74a39810829c13f8dd31de2bfe0915579b2a609d1bbe/aiocoap-0.3.tar.gz"; sha256 = "402d4151db6d8d0b1d66af5b6e10e0de1521decbf12140637e5b8d2aa9c5aef6"; };
- propagatedBuildInputs = [ ];
- doCheck = false; # 2 errors, dunnolol
- meta = with pkgs.lib; {
- homepage = "";
- license = licenses.mit;
- description = "Python CoAP library";
- };
- };
- LinkHeader = pythonPackages.buildPythonPackage {
- name = "LinkHeader-0.4.3";
- src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; };
- propagatedBuildInputs = [ ];
- meta = with pkgs.lib; {
- homepage = "";
- license = licenses.bsdOriginal;
- description = "Parse and format link headers according to RFC 5988 \"Web Linking\"";
- };
- };
wdpath = "/usr/worlddomination/wd.lst";
esphost = "10.42.24.7"; # esp8266
afrihost = "10.42.25.201"; # africa
diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix
index acd007cb8..901b1eb87 100644
--- a/krebs/3modules/airdcpp.nix
+++ b/krebs/3modules/airdcpp.nix
@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
let
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
cfg = config.krebs.airdcpp;
out = {
diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix
index fa0f1530c..1c4067e7a 100644
--- a/krebs/3modules/announce-activation.nix
+++ b/krebs/3modules/announce-activation.nix
@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
let
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
cfg = config.krebs.announce-activation;
announce-activation = pkgs.writeDash "announce-activation" ''
set -efu
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 900be5139..2be3a1422 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
out = {
options.krebs.backup = api;
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 3f0dd0861..e7847aa09 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -1,11 +1,12 @@
{ pkgs, config, lib, ... }:
with lib;
let
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
cfg = config.krebs.brockman;
in {
options.krebs.brockman = {
enable = mkEnableOption "brockman";
+ package = mkPackageOption pkgs "brockman" { };
config = mkOption { type = types.attrs; }; # TODO make real config here
};
@@ -26,7 +27,7 @@ in {
serviceConfig = {
Restart = "always";
ExecStart = ''
- ${pkgs.brockman}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)}
+ ${cfg.package}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)}
'';
User = config.users.extraUsers.brockman.name;
PrivateTmp = true;
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index bf20cb099..6480c300f 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
{
options.krebs.build = {
diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix
index 5035a11a8..18fe46a98 100644
--- a/krebs/3modules/ci/default.nix
+++ b/krebs/3modules/ci/default.nix
@@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }:
-with import ../../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../../lib/pure.nix { inherit lib; });
let
cfg = config.krebs.ci;
@@ -50,7 +50,7 @@ let
"${url}",
workdir='${name}-${elemAt(splitString "." url) 1}', branches=True,
project='${name}',
- pollinterval=30
+ pollInterval=30
)
'') repo.urls
) cfg.repos;
diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix
index a268b931c..fd672a890 100644
--- a/krebs/3modules/dns.nix
+++ b/krebs/3modules/dns.nix
@@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; }; {
+with lib.slib or (import ../../lib/pure.nix { inherit lib; }); {
options = {
krebs.dns.providers = mkOption {
type = types.attrsOf types.str;
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index f78f1746c..b5f8d187a 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -1,5 +1,5 @@
{ config, pkgs, lib, ... }:
-with import ../../lib/pure.nix { inherit lib; }; let
+with lib.slib or (import ../../lib/pure.nix { inherit lib; }); let
cfg = config.krebs.exim-retiolum;
# Due to improvements to the JSON notation, braces around top-level objects
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 4e42ce72e..14963f472 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
cfg = config.krebs.exim-smarthost;
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index 583fd07b1..bb749b273 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let
+{ config, lib, pkgs, ... }: with lib.slib or (import ../../lib/pure.nix { inherit lib; }); let
cfg = config.krebs.exim;
in {
options.krebs.exim = {
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 6d666b6d6..8b8f205dc 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -6,7 +6,7 @@
# TODO when authorized_keys changes, then restart ssh
# (or kill already connected users somehow)
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
cfg = config.krebs.git;
diff --git a/krebs/3modules/github/known-hosts.nix b/krebs/3modules/github/known-hosts.nix
index 3725ff2b8..6f10452e9 100644
--- a/krebs/3modules/github/known-hosts.nix
+++ b/krebs/3modules/github/known-hosts.nix
@@ -8,4 +8,5 @@
;
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=";
};
+ # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
}
diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix
index 2333d0a8d..148b58d14 100644
--- a/krebs/3modules/hosts.nix
+++ b/krebs/3modules/hosts.nix
@@ -2,8 +2,7 @@
with lib; let
check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains;
domains = attrNames (filterAttrs (_: slib.eq "hosts") config.krebs.dns.providers);
- # we need this import because we have infinite recursion otherwise
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
in {
options = {
diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
index 334a83cb3..020b3eaea 100644
--- a/krebs/3modules/htgen.nix
+++ b/krebs/3modules/htgen.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
optionalAttr = name: value:
if name != null then
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
index dabe2f8aa..8858c6ed5 100644
--- a/krebs/3modules/iana-etc.nix
+++ b/krebs/3modules/iana-etc.nix
@@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }: let
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
in with lib; {
options.krebs.iana-etc.services = mkOption {
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 16f1f3c84..1cde42dc3 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -19,6 +19,14 @@ let
api = {
enable = mkEnableOption "iptables";
+ rules4 = mkOption {
+ default = buildTables "v4" cfg.tables;
+ };
+
+ rules6 = mkOption {
+ default = buildTables "v6" cfg.tables;
+ };
+
#tables.filter.INPUT = {
# policy = "DROP";
# rules = [
diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix
index 0463de53f..b71cb2ba9 100644
--- a/krebs/3modules/konsens.nix
+++ b/krebs/3modules/konsens.nix
@@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
cfg = config.krebs.konsens;
diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix
index 11d2b4194..d87b279a0 100644
--- a/krebs/3modules/on-failure.nix
+++ b/krebs/3modules/on-failure.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let
+{ config, lib, pkgs, ... }: with lib.slib or (import ../../lib/pure.nix { inherit lib; }); let
out = {
options.krebs.on-failure = api;
config = lib.mkIf cfg.enable imp;
diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix
index c0368ee85..f83a29acb 100644
--- a/krebs/3modules/per-user.nix
+++ b/krebs/3modules/per-user.nix
@@ -28,7 +28,12 @@ in {
};
})
(filterAttrs (_: per-user: per-user.packages != []) cfg);
- profiles = ["/etc/per-user/$LOGNAME"];
+
+ # XXX this breaks /etc/pam/environment because $LOGNAME doesn't get
+ # replaced by @{PAM_USER} the way $USER does.
+ # See <nixpkgs/nixos/modules/config/system-environment.nix>
+ #profiles = ["/etc/per-user/$LOGNAME"];
+ profiles = ["/etc/per-user/$USER"];
};
};
}
diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix
index ae8702978..51f5cb752 100644
--- a/krebs/3modules/permown.nix
+++ b/krebs/3modules/permown.nix
@@ -1,5 +1,5 @@
{ config, pkgs, lib, ... }: let
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
in
with lib; {
@@ -73,6 +73,12 @@ with lib; {
pkgs.findutils
pkgs.inotify-tools
];
+ # TODO
+ # der code könnte aber bisschen vorbereitet werden, damit man später einfach file-modes einbauen kann
+ # die drei finds müssten zu `find "$ROOT_PATH" -exec ${permown}` {} \;` werden
+ # und der while-block zu:
+ # ${permown} "$path" (egal ob vor oder nach dem if test -d)
+ # und dann müsste man danach nur das permown script bearbeiten
serviceConfig = {
ExecStart = pkgs.writeDash "permown" ''
set -efu
diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix
index aa6254786..d552178f9 100644
--- a/krebs/3modules/reaktor2.nix
+++ b/krebs/3modules/reaktor2.nix
@@ -1,5 +1,5 @@
{ config, pkgs, lib, ... }:
-with import ../../lib/pure.nix { inherit lib; }; {
+with lib.slib or (import ../../lib/pure.nix { inherit lib; }); {
options.krebs.reaktor2 = mkOption {
default = {};
@@ -69,6 +69,12 @@ with import ../../lib/pure.nix { inherit lib; }; {
Group = "reaktor2";
DynamicUser = true;
StateDirectory = cfg.username;
+ #ExecStartPre = [
+ # (pkgs.writeDash "test-dynamic-user" ''
+ # set -efux
+ # ${pkgs.coreutils}/bin/id
+ # '')
+ #];
ExecStart = let
configFile = pkgs.writers.writeJSON configFileName configValue;
configFileName = "${cfg.systemd-service-name}.config.json";
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index a65a22b29..21603d94c 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
cfg = config.krebs.realwallpaper;
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index 5208d91ae..62d99e160 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
cfg = config.krebs.repo-sync;
@@ -17,6 +17,7 @@ let
branches = mkOption {
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
+ smart = mkEnableOption "smart sync behavior";
origin = mkOption {
type = types.source-types.git;
};
diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix
index c35dceba3..ad9ceccbe 100644
--- a/krebs/3modules/secret.nix
+++ b/krebs/3modules/secret.nix
@@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; }; let
+with lib.slib or (import ../../lib/pure.nix { inherit lib; }); let
cfg = config.krebs.secret;
in {
options.krebs.secret = {
@@ -15,7 +15,7 @@ in {
secret-file
else
secret-file // {
- source-path = "${config.krebs.secret.directory}/secret-file.source-path";
+ source-path = "${config.krebs.secret.directory}/${secret-file.source-path}";
}
);
};
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix
index e3108d88e..d13fcccaa 100644
--- a/krebs/3modules/setuid.nix
+++ b/krebs/3modules/setuid.nix
@@ -1,5 +1,5 @@
{ config, pkgs, lib, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
out = {
@@ -33,7 +33,7 @@ let
};
capabilities = mkOption {
default = [];
- type = types.listOf types.str;
+ type = types.listOf types.str; # TODO
};
owner = mkOption {
default = "root";
@@ -52,6 +52,8 @@ let
merge = mergeOneOption;
};
};
+ # TODO clear non-standard wrapperDirs
+ # TODO? allow only wrapperDirs below /run/wrappers?
wrapperDir = mkOption {
default = config.security.wrapperDir;
type = types.absolute-pathname;
@@ -73,13 +75,16 @@ let
chown ${cfg.owner}:${cfg.group} ${dst}
chmod ${cfg.mode} ${dst}
${optionalString (cfg.capabilities != []) /* sh */ ''
+ set -x
${pkgs.libcap.out}/bin/setcap ${concatMapStringsSep "," shell.escape cfg.capabilities} ${dst}
+ set +x
''}
'';
}));
};
imp = {
+ # run after "wrappers" so config.security.wrapperDir can be hijacked.
systemd.services."krebs.setuid" = {
wantedBy = [ "suid-sgid-wrappers.service" ];
after = [ "suid-sgid-wrappers.service" ];
diff --git a/krebs/3modules/ssh.nix b/krebs/3modules/ssh.nix
index aba825c29..012b365fb 100644
--- a/krebs/3modules/ssh.nix
+++ b/krebs/3modules/ssh.nix
@@ -62,24 +62,26 @@ let
}
]));
- programs.ssh.extraConfig = concatMapStrings
- (net: ''
- Host ${toString (net.aliases ++ net.addrs)}
- Port ${toString net.ssh.port}
- '')
- (filter
- (net: net.ssh.port != 22)
- (concatMap (host: attrValues host.nets)
- (mapAttrsToList
- (_: host: recursiveUpdate host
- (optionalAttrs (cfg.dns.search-domain != null &&
- hasAttr cfg.dns.search-domain host.nets) {
- nets."" = host.nets.${cfg.dns.search-domain} // {
- aliases = [host.name];
- addrs = [];
- };
- }))
- config.krebs.hosts)));
+ programs.ssh.extraConfig =
+ mkBefore/*<-KILLME*/
+ (concatMapStrings
+ (net: ''
+ Host ${toString (net.aliases ++ net.addrs)}
+ Port ${toString net.ssh.port}
+ '')
+ (filter
+ (net: net.ssh.port != 22)
+ (concatMap (host: attrValues host.nets)
+ (mapAttrsToList
+ (_: host: recursiveUpdate host
+ (optionalAttrs (cfg.dns.search-domain != null &&
+ hasAttr cfg.dns.search-domain host.nets) {
+ nets."" = host.nets.${cfg.dns.search-domain} // {
+ aliases = [host.name];
+ addrs = [];
+ };
+ }))
+ config.krebs.hosts))));
}
];
diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix
index 12a5ee4e7..cbffeb6f3 100644
--- a/krebs/3modules/sync-containers3.nix
+++ b/krebs/3modules/sync-containers3.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: let
cfg = config.krebs.sync-containers3;
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
in {
options.krebs.sync-containers3 = {
inContainer = {
@@ -358,9 +358,7 @@ in {
networking.useNetworkd = true;
services.resolved = {
enable = true;
- extraConfig = ''
- Domains=~.
- '';
+ settings.Resolve.Domains = [ "~." ];
};
systemd.network = {
enable = true;
diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix
index 754b25675..c0bd4768b 100644
--- a/krebs/3modules/systemd.nix
+++ b/krebs/3modules/systemd.nix
@@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: let {
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
body.options.krebs.systemd.services = lib.mkOption {
default = {};
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index d73d5ca61..65f4f6a2b 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -1,5 +1,6 @@
-{ config, pkgs, lib, ... }:
-with import ../../lib/pure.nix { inherit lib; }; {
+{ config, pkgs, lib, ... }: let
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
+in with slib; {
options.krebs.tinc = mkOption {
default = {};
description = ''
@@ -91,7 +92,7 @@ with import ../../lib/pure.nix { inherit lib; }; {
hosts = mkOption {
type = with types; attrsOf host;
default =
- filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
+ filterAttrs (_: h: hasAttr tinc.config.netname h.nets && h.nets.${tinc.config.netname}.tinc.config or null != null) config.krebs.hosts;
defaultText = "‹all-hosts-of-‹netname››";
description = ''
Hosts to generate <literal>config.krebs.tinc.retiolum.hostsPackage</literal>.
@@ -235,13 +236,14 @@ with import ../../lib/pure.nix { inherit lib; }; {
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
/etc/tinc/${netname}/
'';
- ExecStart = "+" + toString [
- "${cfg.tincPackage}/sbin/tincd"
- "-D"
- "-U ${cfg.username}"
- "-d 0"
- "-n ${netname}"
- ];
+ ExecStart = "+" + pkgs.writers.writeDash "tinc-${netname}" ''
+ set -efu
+ exec ${cfg.tincPackage}/sbin/tincd \
+ -D \
+ -U ${cfg.username} \
+ -d 0 \
+ -n ${netname}
+ '';
SyslogIdentifier = netname;
DynamicUser = true;
User = cfg.username;
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index dd132a2de..c8c75f919 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
cfg = config.krebs.tinc_graphs;
internal_dir = "${cfg.workingDir}/internal";
diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix
index b811b6fa6..b2c264a06 100644
--- a/krebs/3modules/urlwatch.nix
+++ b/krebs/3modules/urlwatch.nix
@@ -4,7 +4,7 @@
# TODO inform about unused caches
# cache = url: "${cfg.dataDir}/.urlwatch/cache/${hashString "sha1" url}"
-with import ../../lib/pure.nix { inherit lib; };
+with lib.slib or (import ../../lib/pure.nix { inherit lib; });
let
cfg = config.krebs.urlwatch;
@@ -214,6 +214,7 @@ let
};
filter = mkOption {
default = null;
+ # TODO nullOr subtypes.filter
type =
with types;
nullOr (either str (listOf (pkgs.formats.json {}).type));
diff --git a/krebs/3modules/users.nix b/krebs/3modules/users.nix
index 614e6ab42..d41b34f7d 100644
--- a/krebs/3modules/users.nix
+++ b/krebs/3modules/users.nix
@@ -1,5 +1,5 @@
{ config, lib, pkgs, ... }: let
- slib = import ../../lib/pure.nix { inherit lib; };
+ slib = lib.slib or (import ../../lib/pure.nix { inherit lib; });
in {
options.krebs.users = lib.mkOption {
type = lib.types.attrsOf slib.types.user;
diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix
index 51e559d88..6ac2ebac2 100644
--- a/krebs/3modules/zones.nix
+++ b/krebs/3modules/zones.nix
@@ -10,7 +10,8 @@ with lib; {
default = {
"krebsco.de" = /* bindzone */ ''
$TTL 60
- @ 3600 IN SOA spam.krebsco.de. spam.krebsco.de. 0 7200 3600 86400 3600
+ @ IN SOA spam.krebsco.de. spam.krebsco.de. 0 7200 3600 86400 3600
+
@ 3600 IN NS ns1
@ 3600 IN NS ni
@ 3600 IN NS ns2.he.net.
diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix
index 866796a4e..f726475dd 100644
--- a/krebs/5pkgs/default.nix
+++ b/krebs/5pkgs/default.nix
@@ -8,7 +8,10 @@ with stockholm.lib;
fix (foldl' (flip extends) (self: super) (
[
- (self: super: { inherit stockholm; })
+ (self: super: {
+ inherit stockholm;
+ inherit (super.writers) writeBash writeBashBin writeDash writeDashBin writeJSON;
+ })
]
++
(map
diff --git a/krebs/5pkgs/haskell/X11-aeson.nix b/krebs/5pkgs/haskell/X11-aeson.nix
deleted file mode 100644
index 103d87faa..000000000
--- a/krebs/5pkgs/haskell/X11-aeson.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ mkDerivation, aeson, base, fetchgit, lib, X11 }:
-mkDerivation {
- pname = "X11-aeson";
- version = "1.0.0";
- src = fetchgit {
- url = "https://cgit.krebsco.de/X11-aeson";
- sha256 = "0y9nvssqpvqgl46g7nz9738l8jmpa7an8r3am3qaqcvmvzgwxh0d";
- rev = "c0a70a62513baf2b437db4ebe3e5a32e3cfa5905";
- fetchSubmodules = true;
- };
- libraryHaskellDepends = [ aeson base X11 ];
- license = lib.licenses.mit;
-}
diff --git a/krebs/5pkgs/haskell/blessings.nix b/krebs/5pkgs/haskell/blessings.nix
deleted file mode 100644
index 2176db2ff..000000000
--- a/krebs/5pkgs/haskell/blessings.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ mkDerivation, base, fetchgit, hspec, QuickCheck, lib, stockholm, text }:
-with stockholm.lib;
-
-let
- cfg = {
- "18.03" = {
- version = "1.1.0";
- sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
- };
- }.${versions.majorMinor version} or {
- version = "2.2.0";
- sha256 = "1pb56dgf3jj2kq3cbbppwzyg3ccgqy9xara62hkjwyxzdx20clk1";
- };
-
-in mkDerivation {
- pname = "blessings";
- version = cfg.version;
- src = fetchgit {
- url = http://cgit.ni.krebsco.de/blessings;
- rev = "refs/tags/v${cfg.version}";
- sha256 = cfg.sha256;
- };
- libraryHaskellDepends = [ base text ];
- testHaskellDepends = [ base hspec QuickCheck ];
- doHaddock = false;
- # WTFPL is the true license, which is unknown to cabal.
- license = lib.licenses.wtfpl;
-}
diff --git a/krebs/5pkgs/haskell/blessings/default.nix b/krebs/5pkgs/haskell/blessings/default.nix
new file mode 100644
index 000000000..643f320be
--- /dev/null
+++ b/krebs/5pkgs/haskell/blessings/default.nix
@@ -0,0 +1,16 @@
+{ mkDerivation, base, bytestring, extra, fetchgit, hspec, lib
+, QuickCheck, text, wcwidth
+}:
+mkDerivation {
+ pname = "blessings";
+ version = "2.5.0";
+ src = fetchgit {
+ url = "https://cgit.krebsco.de/blessings";
+ sha256 = "1spwm4xjz72c76wkkxxxbvxpgkxam344iwq37js5lhfbb2hbjqbx";
+ rev = "8f9b20f3aa93f7fbba9d24de7732f4cca0119154";
+ fetchSubmodules = true;
+ };
+ libraryHaskellDepends = [ base bytestring extra text wcwidth ];
+ testHaskellDepends = [ base hspec QuickCheck ];
+ license = lib.licenses.mit;
+}
diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix
deleted file mode 100644
index f8ce03f39..000000000
--- a/krebs/5pkgs/haskell/email-header.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ mkDerivation, attoparsec, base, base64-bytestring, bytestring
-, case-insensitive, containers, exceptions, fetchgit, QuickCheck
-, lib, stockholm, tasty, tasty-quickcheck, text, text-icu, time
-}:
-with stockholm.lib;
-
-let
-
- cfg = {
- "18.03" = {
- version = "0.3.0";
- rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8";
- sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59";
- };
- "20.03" = {
- version = "0.4.1-tv1";
- rev = "refs/tags/v${cfg.version}";
- sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x";
- };
- }.${versions.majorMinor version} or {
- version = "0.4.2-tv1";
- rev = "refs/tags/v${cfg.version}";
- sha256 = "JZfqvkbb/1t0q1iWmZHmmCN2Vr+QKTiq4LVncrG+xMU=";
- };
-
-in mkDerivation {
- pname = "email-header";
- version = cfg.version;
- src = fetchgit {
- url = "https://github.com/4z3/email-header";
- rev = cfg.rev;
- sha256 = cfg.sha256;
- };
- buildDepends = [
- attoparsec base base64-bytestring bytestring case-insensitive
- containers exceptions text text-icu time
- ];
- testDepends = [
- base bytestring case-insensitive containers QuickCheck tasty
- tasty-quickcheck text time
- ];
- jailbreak = true;
- homepage = "http://github.com/knrafto/email-header";
- description = "Parsing and rendering of email and MIME headers";
- license = lib.licenses.bsd3;
-}
diff --git a/krebs/5pkgs/haskell/kirk.nix b/krebs/5pkgs/haskell/kirk.nix
deleted file mode 100644
index d6fdec4c9..000000000
--- a/krebs/5pkgs/haskell/kirk.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ mkDerivation, async, base, bytestring, fetchgit, lib, network
-, optparse-applicative, text
-}:
-mkDerivation {
- pname = "kirk";
- version = "1.0.1";
- src = fetchgit {
- url = "http://cgit.krebsco.de/kirk";
- sha256 = "1acsmmc485c54axpy9bd0320j18hs261vl1vdxns4n04sxzqd7k0";
- rev = "cdf3cb373af8f9b03a9487a63eb32e0226913589";
- fetchSubmodules = true;
- };
- isLibrary = true;
- isExecutable = true;
- libraryHaskellDepends = [
- base bytestring network optparse-applicative text
- ];
- executableHaskellDepends = [
- async base network optparse-applicative text
- ];
- license = lib.licenses.mit;
-}
diff --git a/krebs/5pkgs/haskell/mailaids.nix b/krebs/5pkgs/haskell/mailaids.nix
deleted file mode 100644
index 91b4cc451..000000000
--- a/krebs/5pkgs/haskell/mailaids.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ mkDerivation, aeson, aeson-pretty, base, bytestring
-, case-insensitive, fetchgit, lens, lib, optparse-applicative
-, purebred-email, text, vector, word8
-}:
-mkDerivation {
- pname = "mailaids";
- version = "1.1.0";
- src = fetchgit {
- url = "https://cgit.krebsco.de/mailaids";
- sha256 = "0mkq3b0j28h7ydg6aaqlqnvajb8nhdc9g7rmil2d4vl5fxxaqspv";
- rev = "a25fc32eceefc10a91ef77ff2763b3f1b9324aaf";
- fetchSubmodules = true;
- };
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- aeson aeson-pretty base bytestring case-insensitive lens
- optparse-applicative purebred-email text vector word8
- ];
- license = lib.licenses.mit;
-}
diff --git a/krebs/5pkgs/haskell/nix-serve-ng.nix b/krebs/5pkgs/haskell/nix-serve-ng.nix
deleted file mode 100644
index 62e02ce82..000000000
--- a/krebs/5pkgs/haskell/nix-serve-ng.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ mkDerivation, async, base, base16, base32, bytestring, charset
-, fetchgit, http-client, http-types, lib, managed, megaparsec, mtl
-, network, nix, optparse-applicative, tasty-bench, temporary, text
-, turtle, vector, wai, wai-extra, warp, warp-tls
-, boost
-}:
-mkDerivation {
- pname = "nix-serve-ng";
- version = "1.0.1";
- src = fetchgit {
- url = "https://github.com/aristanetworks/nix-serve-ng";
- sha256 = "sha256-PkzwtjUgYuqfWtCH1nRqVRaajihN1SqMVjWmoSG/CCY=";
- rev = "9b546864f4090736f3f9069a01ea5d42cf7bab7c";
- fetchSubmodules = true;
- };
- isLibrary = false;
- isExecutable = true;
- executableHaskellDepends = [
- base base16 base32 bytestring charset http-types managed megaparsec
- mtl network optparse-applicative vector wai wai-extra warp warp-tls
- ];
- executablePkgconfigDepends = [ nix ];
- executableSystemDepends = [ boost.dev ];
- benchmarkHaskellDepends = [
- async base bytestring http-client tasty-bench temporary text turtle
- vector
- ];
- description = "A drop-in replacement for nix-serve that's faster and more stable";
- license = lib.licenses.bsd3;
-}
diff --git a/krebs/5pkgs/haskell/purebred-email/default.nix b/krebs/5pkgs/haskell/purebred-email/default.nix
deleted file mode 100644
index 62fc82183..000000000
--- a/krebs/5pkgs/haskell/purebred-email/default.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ mkDerivation, attoparsec, base, base64-bytestring, bytestring
-, case-insensitive, concise, deepseq, fetchgit, hedgehog, lens, lib
-, QuickCheck, quickcheck-instances, random, semigroupoids
-, stringsearch, tasty, tasty-golden, tasty-hedgehog, tasty-hunit
-, tasty-quickcheck, text, time
-}:
-mkDerivation {
- pname = "purebred-email";
- version = "0.5.1";
- src = fetchgit {
- url = "https://github.com/purebred-mua/purebred-email";
- sha256 = "0iilyy5dkbzbiazyyfjdz585c3x8b7c2piynmycm7krkc48993vw";
- rev = "7ba346e10ad1521a923bc04a4ffeca479d8dd071";
- fetchSubmodules = true;
- };
- isLibrary = true;
- isExecutable = true;
- libraryHaskellDepends = [
- attoparsec base base64-bytestring bytestring case-insensitive
- concise deepseq lens random semigroupoids stringsearch text time
- ];
- testHaskellDepends = [
- attoparsec base bytestring case-insensitive hedgehog lens
- QuickCheck quickcheck-instances random tasty tasty-golden
- tasty-hedgehog tasty-hunit tasty-quickcheck text time
- ];
- homepage = "https://github.com/purebred-mua/purebred-email";
- description = "types and parser for email messages (including MIME)";
- license = lib.licenses.agpl3Plus;
-}
diff --git a/krebs/5pkgs/haskell/purebred-email/untweak-mime-version-header.patch b/krebs/5pkgs/haskell/purebred-email/untweak-mime-version-header.patch
deleted file mode 100644
index 97baf7ac1..000000000
--- a/krebs/5pkgs/haskell/purebred-email/untweak-mime-version-header.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-diff --git a/src/Data/MIME.hs b/src/Data/MIME.hs
-index 19af53e..be8cbd4 100644
---- a/src/Data/MIME.hs
-+++ b/src/Data/MIME.hs
-@@ -810,7 +810,6 @@ multipart takeTillEnd boundary =
- -- | Sets the @MIME-Version: 1.0@ header.
- --
- instance RenderMessage MIME where
-- tweakHeaders = set (headers . at "MIME-Version") (Just "1.0")
- buildBody h z = Just $ case z of
- Part partbody -> Builder.byteString partbody
- Encapsulated msg -> buildMessage msg
-diff --git a/tests/Generator.hs b/tests/Generator.hs
-index 9e1f166..23bd122 100644
---- a/tests/Generator.hs
-+++ b/tests/Generator.hs
-@@ -64,7 +64,7 @@ exampleMailsParseSuccessfully =
- textPlain7bit :: MIMEMessage
- textPlain7bit =
- let m = createTextPlainMessage "This is a simple mail."
-- in over headers (\(Headers xs) -> Headers $ (CI.mk "Subject", "Hello there") : xs) m
-+ in over headers (\(Headers xs) -> Headers $ (CI.mk "MIME-Version", "1.0") : (CI.mk "Subject", "Hello there") : xs) m
-
- multiPartMail :: MIMEMessage
- multiPartMail =
-@@ -72,13 +72,16 @@ multiPartMail =
- to' = Single $ Mailbox Nothing (AddrSpec "bar" (DomainDotAtom $ pure "bar.com"))
- subject = "Hello there"
- p = createTextPlainMessage "This is a simple mail."
-+ & set (headers . at "MIME-Version") (Just "1.0")
- a = createAttachment
- contentTypeApplicationOctetStream
- (Just "foo.bin")
- "fileContentsASDF"
-+ & set (headers . at "MIME-Version") (Just "1.0")
- now = UTCTime (ModifiedJulianDay 123) (secondsToDiffTime 123)
- in createMultipartMixedMessage "asdf" (fromList [p, a])
-- & set (headers . at "From") (Just $ renderMailboxes [from'])
-+ & set (headers . at "MIME-Version") (Just "1.0")
-+ . set (headers . at "From") (Just $ renderMailboxes [from'])
- . set (headers . at "To") (Just $ renderAddresses [to'])
- . set (headers . at "Date") (Just $ renderRFC5422Date now)
- . set (headers . at "Subject") (Just $ T.encodeUtf8 subject)
-diff --git a/tests/Message.hs b/tests/Message.hs
-index 6711519..3e40397 100644
---- a/tests/Message.hs
-+++ b/tests/Message.hs
-@@ -29,7 +29,7 @@ import Data.Char (isPrint)
- import Data.Foldable (fold)
- import Data.List.NonEmpty (NonEmpty(..), intersperse)
-
--import Control.Lens (set, view)
-+import Control.Lens ((&), at, set, view)
- import qualified Data.ByteString as B
- import qualified Data.Text as T
-
-@@ -99,7 +99,7 @@ genMessage = Gen.choice [ genTextPlain, genMultipart, encapsulate <$> genMessage
- prop_messageRoundTrip :: Property
- prop_messageRoundTrip = property $ do
- msg <- forAll genMessage
-- parse (message mime) (renderMessage msg) === Right msg
-+ parse (message mime) (renderMessage $ msg & set (headers . at "MIME-Version") (Just "1.0")) === Right msg
-
- prop_messageFromRoundTrip :: Property
- prop_messageFromRoundTrip = property $ do
diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix
index 7f89c0b1f..d75de3a51 100644
--- a/krebs/5pkgs/haskell/reaktor2/default.nix
+++ b/krebs/5pkgs/haskell/reaktor2/default.nix
@@ -1,28 +1,30 @@
-{ mkDerivation, aeson, async, attoparsec, base, blessings
-, bytestring, containers, data-default, filepath, hashable, lens
-, lens-aeson, lib, network, network-simple, network-simple-tls
-, network-uri, pcre-light, process, random, servant-server
-, string-conversions, stringsearch, text, time, transformers
-, unagi-chan, unix, unordered-containers, vector, wai, warp
-, fetchgit
+{ mkDerivation, aeson, async, attoparsec, base, base64, blessings
+, bytestring, containers, data-default, directory, fetchgit
+, filepath, hashable, http-types, lens, lens-aeson, lib, network
+, network-simple, network-simple-tls, network-uri, pcre-light
+, process, random, servant-server, string-conversions, stringsearch
+, text, time, transformers, unagi-chan, unix, unordered-containers
+, vector, wai, warp
}:
mkDerivation {
pname = "reaktor2";
- version = "0.4.2";
+ version = "0.4.5";
src = fetchgit {
url = "https://cgit.krebsco.de/reaktor2";
- hash = "sha256-JPQyy0hDSH5JqQGjwoO5BNsD4qk+GKP1VH+j4/2cqes";
- rev = "53a11f421fb18e8687fa06e5511cea8bd9defc36";
+ sha256 = "0arcw06k3hhmcp6kk5lxrzadin3lx6ywxrznicljr92flkgj8isc";
+ rev = "6ff1335c7c9775e1cf167b950b6de97359d3b659";
fetchSubmodules = true;
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
- aeson async attoparsec base blessings bytestring containers
- data-default filepath hashable lens lens-aeson network
- network-simple network-simple-tls network-uri pcre-light process
- random servant-server string-conversions stringsearch text time
- transformers unagi-chan unix unordered-containers vector wai warp
+ aeson async attoparsec base base64 blessings bytestring containers
+ data-default directory filepath hashable http-types lens lens-aeson
+ network network-simple network-simple-tls network-uri pcre-light
+ process random servant-server string-conversions stringsearch text
+ time transformers unagi-chan unix unordered-containers vector wai
+ warp
];
license = lib.licenses.mit;
+ mainProgram = "reaktor";
}
diff --git a/krebs/5pkgs/haskell/scanner.nix b/krebs/5pkgs/haskell/scanner.nix
deleted file mode 100644
index a317e575e..000000000
--- a/krebs/5pkgs/haskell/scanner.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ mkDerivation, base, fetchgit, lib }:
-mkDerivation {
- pname = "scanner";
- version = "1.0.1";
- src = fetchgit {
- url = "http://cgit.ni.krebsco.de/scanner";
- sha256 = "1lgl158axczsm4fx53fyq1d4116v91jsx4dbz66ka4k1ljqrmhgn";
- rev = "7f091a3bc152ad3974a1873b460fa1759bf8dcad";
- fetchSubmodules = true;
- };
- libraryHaskellDepends = [ base ];
- license = lib.licenses.mit;
-}
diff --git a/krebs/5pkgs/haskell/xmonad-aeson.nix b/krebs/5pkgs/haskell/xmonad-aeson.nix
deleted file mode 100644
index d27f9c783..000000000
--- a/krebs/5pkgs/haskell/xmonad-aeson.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ mkDerivation, aeson, base, fetchgit, lib, X11-aeson, xmonad }:
-mkDerivation {
- pname = "xmonad-aeson";
- version = "1.0.0";
- src = fetchgit {
- url = "https://cgit.krebsco.de/xmonad-aeson";
- sha256 = "0l1gna6p1498vzm6kj0ywj0i7775mz5n7k9nymwggvfb1pyxv3h9";
- rev = "a95f652b150f17db3f2439214a6346335d6d8d89";
- fetchSubmodules = true;
- };
- libraryHaskellDepends = [ aeson base X11-aeson xmonad ];
- license = lib.licenses.mit;
-}
diff --git a/krebs/5pkgs/haskell/xmonad-stockholm.nix b/krebs/5pkgs/haskell/xmonad-stockholm.nix
deleted file mode 100644
index c43dbe271..000000000
--- a/krebs/5pkgs/haskell/xmonad-stockholm.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ mkDerivation, base, containers, directory, fetchgit, filepath
-, lib, unix, X11, X11-xft, X11-xshape, xmonad, xmonad-contrib
-}:
-mkDerivation {
- pname = "xmonad-stockholm";
- version = "1.3.1";
- src = fetchgit {
- url = "https://cgit.krebsco.de/xmonad-stockholm";
- sha256 = "1m4kkppy143jvjzhy5aawh8q6sglpnqhiajxbdcr42j02ibf3vvq";
- rev = "89bae8aad73db8fe9e11da7d515f0b236e7fea51";
- fetchSubmodules = true;
- };
- libraryHaskellDepends = [
- base containers directory filepath unix X11 X11-xft X11-xshape
- xmonad xmonad-contrib
- ];
- license = lib.licenses.mit;
-}
diff --git a/krebs/5pkgs/simple/K_belwagen.nix b/krebs/5pkgs/simple/K_belwagen.nix
deleted file mode 100644
index 2f64bb09d..000000000
--- a/krebs/5pkgs/simple/K_belwagen.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ lib, pkgs, stdenv }:
-
-stdenv.mkDerivation {
- pname = "K_belwagen";
- version = "1.0";
-
- src = pkgs.painload;
- sourceRoot = "source/K_belwagen";
-
- buildInputs = [
- pkgs.jack1
- pkgs.pkg-config
- ];
-
- patchPhase = ''
- sed -i '
- s@^cd@# &@
- s@^make@# &@
- s@^jackd@# &@
- s@^trap@# &@
-
- s@^set.*@&\nPATH=${lib.makeBinPath [
- pkgs.bc
- pkgs.coreutils
- ]}; export PATH@
-
- s@\./a\.out@'"$out"'/lib/a.out@
- ' alarm
- '';
-
- installPhase = ''
- mkdir -p $out/lib
- mkdir -p $out/bin
-
- cp alarm $out/bin
- cp a.out $out/lib
- '';
-}
diff --git a/krebs/5pkgs/simple/TabFS/src.json b/krebs/5pkgs/simple/TabFS/src.json
index 24e36aef3..931c9ecb8 100644
--- a/krebs/5pkgs/simple/TabFS/src.json
+++ b/krebs/5pkgs/simple/TabFS/src.json
@@ -1,8 +1,6 @@
{
"url": "https://cgit.krebsco.de/TabFS",
"rev": "a6045e0e29b85e3e66c468f3561009ded1db6ec5",
- "date": "2021-01-14T23:56:09+01:00",
- "path": "/nix/store/mbcywm1yq5vr7awxqb533faz34minfax-TabFS",
"sha256": "1z0kj95zh0jl8laa0whra1jys8pws3199sy29vmlv2nxrkz13blv",
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/5pkgs/simple/airdcpp-webclient/default.nix b/krebs/5pkgs/simple/airdcpp-webclient/default.nix
index 754fecf9c..f4634b595 100644
--- a/krebs/5pkgs/simple/airdcpp-webclient/default.nix
+++ b/krebs/5pkgs/simple/airdcpp-webclient/default.nix
@@ -4,7 +4,7 @@
stdenv.mkDerivation rec {
name = "airdcpp-webclient-${version}";
version = "2.3.0";
-
+
src = fetchurl {
url = http://web-builds.airdcpp.net/stable/airdcpp_2.3.0_webui-2.3.0_64-bit_portable.tar.gz;
sha256 = "0yvcl0nc70fghc7vfsgvbpryi5q97arld8adql4way4qa0mdnyv1";
diff --git a/krebs/5pkgs/simple/bepasty-client-cli/default.nix b/krebs/5pkgs/simple/bepasty-client-cli/default.nix
deleted file mode 100644
index 7811ef5fc..000000000
--- a/krebs/5pkgs/simple/bepasty-client-cli/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ lib, pkgs, pythonPackages, fetchFromGitHub, ... }:
-
-with pythonPackages; buildPythonPackage rec {
- name = "bepasty-client-cli";
- propagatedBuildInputs = [
- python_magic
- click
- requests
- ];
-
- src = fetchFromGitHub {
- owner = "bepasty";
- repo = "bepasty-client-cli";
- rev = "4b7135ba8ba1e17501de08ad7b6aca73c0d949d2";
- sha256 = "1svchyk9zai1vip9ppm12jm7wfjbdr9ijhgcd2n10xh73jrn9cnc";
- };
-
- meta = {
- homepage = https://github.com/bepasty/bepasty-client-cli;
- description = "CLI client for bepasty-server";
- license = lib.licenses.bsd2;
- };
-}
diff --git a/krebs/5pkgs/simple/bling/default.nix b/krebs/5pkgs/simple/bling/default.nix
index 1c8610325..186aaa85e 100644
--- a/krebs/5pkgs/simple/bling/default.nix
+++ b/krebs/5pkgs/simple/bling/default.nix
@@ -1,4 +1,7 @@
-{ imagemagick, runCommand, stockholm, ... }:
+{ imagemagick, runCommand, lib, ... }:
+let
+ stockholm.lib = import ../../../../lib/pure.nix { inherit lib; };
+in
with stockholm.lib;
let
diff --git a/krebs/5pkgs/simple/brain/default.nix b/krebs/5pkgs/simple/brain/default.nix
index d7e36a527..9f183cfe9 100644
--- a/krebs/5pkgs/simple/brain/default.nix
+++ b/krebs/5pkgs/simple/brain/default.nix
@@ -4,25 +4,30 @@ let
pass = pkgs.pass.withExtensions (ext: [
ext.pass-otp
]);
-in
-pkgs.write "brain" {
- "/bin/brain".link = pkgs.writeDash "brain" ''
+ brain = pkgs.writeDash "brain" ''
PASSWORD_STORE_DIR=$HOME/brain \
exec ${pass}/bin/pass "$@"
'';
- "/bin/brainmenu".link = pkgs.writeDash "brainmenu" ''
+
+ brainmenu = pkgs.writeDash "brainmenu" ''
PASSWORD_STORE_DIR=$HOME/brain \
exec ${pass}/bin/passmenu "$@"
'';
- "/share/bash-completion/completions/brain".link =
- pkgs.runCommand "brain-completions" {
- } /* sh */ ''
- sed -r '
- s/\<_pass?(_|\>)/_brain\1/g
- s/\<__password_store/_brain/g
- s/\<pass\>/brain/
- s/\$HOME\/\.password-store/$HOME\/brain/
- ' < ${pass}/share/bash-completion/completions/pass > $out
- '';
-}
+
+ completions = pkgs.runCommand "brain-completions" {} ''
+ sed -r '
+ s/\<_pass?(_|\>)/_brain\1/g
+ s/\<__password_store/_brain/g
+ s/\<pass\>/brain/
+ s/\$HOME\/\.password-store/$HOME\/brain/
+ ' < ${pass}/share/bash-completion/completions/pass > $out
+ '';
+in
+
+pkgs.runCommand "brain" {} ''
+ mkdir -p $out/bin $out/share/bash-completion/completions
+ ln -s ${brain} $out/bin/brain
+ ln -s ${brainmenu} $out/bin/brainmenu
+ ln -s ${completions} $out/share/bash-completion/completions/brain
+''
diff --git a/krebs/5pkgs/simple/buildbot-classic-slave/default.nix b/krebs/5pkgs/simple/buildbot-classic-slave/default.nix
deleted file mode 100644
index a48c45ae0..000000000
--- a/krebs/5pkgs/simple/buildbot-classic-slave/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ coreutils, fetchgit, git, buildbot-classic, python2Packages, ... }:
-
-python2Packages.buildPythonApplication {
- name = "buildbot-classic-slave-${buildbot-classic.version}";
- namePrefix = "";
-
- src = buildbot-classic.src;
- postUnpack = "sourceRoot=\${sourceRoot}/slave";
-
- nativeBuildInputs = [ git ];
- propagatedBuildInputs = [ python2Packages.twisted ];
- doCheck = false;
-
- postInstall = ''
- mkdir -p "$out/share/man/man1"
- cp docs/buildslave.1 "$out/share/man/man1"
- '';
-}
diff --git a/krebs/5pkgs/simple/cac-panel/default.nix b/krebs/5pkgs/simple/cac-panel/default.nix
deleted file mode 100644
index 57f58f4de..000000000
--- a/krebs/5pkgs/simple/cac-panel/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{pkgs, python3Packages, ...}:
-
-python3Packages.buildPythonPackage rec {
- name = "cac-panel-${version}";
- version = "0.4.4";
-
- src = pkgs.fetchurl {
- url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz";
- sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8";
- };
-
- propagatedBuildInputs = with python3Packages; [
- docopt
- requests
- beautifulsoup4
- ];
-}
-
diff --git a/krebs/5pkgs/simple/certaids.nix b/krebs/5pkgs/simple/certaids.nix
deleted file mode 100644
index 34f4c3e14..000000000
--- a/krebs/5pkgs/simple/certaids.nix
+++ /dev/null
@@ -1,109 +0,0 @@
-{ pkgs }:
-
-pkgs.write "certaids" {
- "/bin/cert2json".link = pkgs.writeDash "cert2json" ''
- # usage: cert2json < CERT > JSON
- set -efu
-
- ${pkgs.openssl}/bin/openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
- ${pkgs.openssl}/bin/openssl pkcs7 -print_certs -text |
- ${pkgs.gawk}/bin/awk -F, -f ${pkgs.writeText "cert2json.awk" ''
- function abort(msg) {
- print(msg) > "/dev/stderr"
- exit 1
- }
-
- function toJSON(x, type, ret) {
- type = typeof(x)
- switch (type) {
- case "array":
- if (isArray(x)) return arrayToJSON(x)
- if (isObject(x)) return objectToJSON(x)
- abort("cannot render array to JSON", x)
- case "number":
- return numberToJSON(x)
- case "string":
- return stringToJSON(x)
- case "strnum":
- case "unassigned":
- case "regexp":
- case "untyped":
- default:
- abort("cannot render type: " type)
- }
- }
-
- function isArray(x, i, k) {
- i = 1
- for (k in x) {
- if (k != i++) return 0
- i++
- }
- return 1
- }
-
- function isObject(x, k) {
- for (k in x) {
- if (typeof(k) != "string") return 0
- }
- return 1
- }
-
- function arrayToJSON(x, k, ret) {
- ret = "["
- for (k in x) {
- ret=ret toJSON(x[k]) ","
- }
- sub(/,$/,"",ret)
- ret=ret "]"
- return ret
- }
-
- function objectToJSON(x, k,ret) {
- ret = "{"
- for (k in x) {
- ret = ret toJSON(k) ":" toJSON(x[k]) ","
- }
- sub(/,$/, "", ret)
- ret = ret "}"
- return ret
- }
-
- function numberToJSON(x) {
- return x
- }
-
- function stringToJSON(x) {
- gsub(/\\/, "&&",x)
- gsub(/\n/, "\\n", x)
- return "\"" x "\""
- }
-
- $1 ~ /^ *(Subject|Issuer):/ {
- sub(/^ */, "")
- sub(/: */, ",")
- key=tolower($1)
- sub(/[^,]*,/, "")
-
- # Normalize separators between relative distinguished names.
- # [1]: RFC2253, 3. Parsing a String back to a Distinguished Name
- # TODO support any distinguished name
- gsub(/ *[;,] */, ",")
-
- for(i = 0; i <= NF; i++) {
- split($i, a, "=")
- cache[key][a[1]] = a[2]
- }
- }
-
- /BEGIN CERTIFICATE/,/END CERTIFICATE/{
- cache["certificate"] = cache["certificate"] $0 "\n"
- }
-
- /END CERTIFICATE/{
- print toJSON(cache)
- delete cache
- }
- ''}
- '';
-}
diff --git a/krebs/5pkgs/simple/cgit-clear-cache.nix b/krebs/5pkgs/simple/cgit-clear-cache.nix
index 31a2eccb3..e630a4066 100644
--- a/krebs/5pkgs/simple/cgit-clear-cache.nix
+++ b/krebs/5pkgs/simple/cgit-clear-cache.nix
@@ -1,4 +1,8 @@
-{ cache-root ? "/tmp/cgit", findutils, stockholm, writeDashBin }:
+{ cache-root ? "/tmp/cgit", findutils, lib, writeDashBin }:
+
+let
+ stockholm.lib = import ../../../lib/pure.nix { inherit lib; };
+in
writeDashBin "cgit-clear-cache" ''
set -efu
diff --git a/krebs/5pkgs/simple/collectd-connect-time/default.nix b/krebs/5pkgs/simple/collectd-connect-time/default.nix
index 525388029..abbfae40a 100644
--- a/krebs/5pkgs/simple/collectd-connect-time/default.nix
+++ b/krebs/5pkgs/simple/collectd-connect-time/default.nix
@@ -1,8 +1,10 @@
-{lib, pkgs, pythonPackages, fetchurl, ... }:
+{lib, pkgs, python3Packages, fetchurl, ... }:
-pythonPackages.buildPythonPackage rec {
+python3Packages.buildPythonPackage rec {
name = "collectd-connect-time-${version}";
version = "0.3.0";
+ pyproject = true;
+ build-system = [ python3Packages.setuptools ];
src = fetchurl {
url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz";
sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95";
diff --git a/krebs/5pkgs/simple/cunicu.nix b/krebs/5pkgs/simple/cunicu.nix
index 4375a760c..8e193d455 100644
--- a/krebs/5pkgs/simple/cunicu.nix
+++ b/krebs/5pkgs/simple/cunicu.nix
@@ -1,6 +1,6 @@
{ lib, pkgs }:
-pkgs.buildGo120Module rec {
+pkgs.buildGoModule rec {
pname = "cunicu";
version = "g${lib.substring 0 7 src.rev}";
diff --git a/krebs/5pkgs/simple/default.nix b/krebs/5pkgs/simple/default.nix
index 76ad6ff10..e0b9ffdae 100644
--- a/krebs/5pkgs/simple/default.nix
+++ b/krebs/5pkgs/simple/default.nix
@@ -3,8 +3,9 @@ self: super:
let
# This callPackage will try to detect obsolete overrides.
lib = super.stockholm.lib;
+ callPackage' = lib.callPackageWith self;
callPackage = path: args: let
- override = self.callPackage path args;
+ override = callPackage' path args;
upstream = lib.optionalAttrs (override ? "name")
(super.${(lib.parseDrvName override.name).name} or {});
in if upstream ? "name" &&
@@ -12,5 +13,15 @@ let
lib.compareVersions upstream.name override.name != -1
then lib.trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override
else override;
+
+ ## This callPackage will try to detect obsolete overrides.
+ #callPackage = path: args: let
+ # pname = (parseDrvName override.name).name;
+ # override = self.callPackage path args;
+ # upstream = super.${pname} or { name = ""; };
+ #in
+ # override.overrideAttrs (old: {
+ # name = warnOldVersion upstream.name old.name;
+ # });
in
lib.mapNixDir (path: callPackage path {}) ./.
diff --git a/krebs/5pkgs/simple/dic/default.nix b/krebs/5pkgs/simple/dic/default.nix
deleted file mode 100644
index 39402c012..000000000
--- a/krebs/5pkgs/simple/dic/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ fetchgit, lib, stdenv
-, coreutils, curl, gnugrep, gnused, util-linux
-}:
-
-stdenv.mkDerivation {
- name = "dic";
-
- src = fetchgit {
- url = https://cgit.ni.krebsco.de/dic;
- rev = "refs/tags/v1.1.1";
- sha256 = "1gbj967a5hj53fdkkxijqgwnl9hb8kskz0cmpjq7v65ffz3v6vag";
- };
-
- phases = [
- "unpackPhase"
- "installPhase"
- ];
-
- installPhase =
- let
- path = lib.makeBinPath [
- coreutils
- curl
- gnused
- gnugrep
- util-linux
- ];
- in
- ''
- mkdir -p $out/bin
-
- sed \
- 's,^main() {$,&\n PATH=${path}; export PATH,' \
- < ./dic \
- > $out/bin/dic
-
- chmod +x $out/bin/dic
- '';
-}
diff --git a/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix b/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix
deleted file mode 100644
index dee96d784..000000000
--- a/krebs/5pkgs/simple/drivedroid-gen-repo/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ fetchurl, lib, stdenv, python3Packages }:
-
-python3Packages.buildPythonPackage rec {
- name = "drivedroid-gen-repo-${version}";
- version = "0.4.4";
-
- propagatedBuildInputs = [
- python3Packages.docopt
- ];
-
- src = fetchurl {
- url = "https://pypi.python.org/packages/source/d/drivedroid-gen-repo/drivedroid-gen-repo-${version}.tar.gz";
- sha256 = "09p58hzp61r5fp025lak9z52y0aakmaqpi59p9w5xq42dvy2hnvl";
- };
-
- meta = {
- homepage = http://krebsco.de/;
- description = "Generate Drivedroid repos";
- license = lib.licenses.wtfpl;
- };
-}
-
diff --git a/krebs/5pkgs/simple/ecrypt/default.nix b/krebs/5pkgs/simple/ecrypt/default.nix
deleted file mode 100644
index f83f8cfe7..000000000
--- a/krebs/5pkgs/simple/ecrypt/default.nix
+++ /dev/null
@@ -1,111 +0,0 @@
-{ pkgs, lib }:
-
-#usage: ecrypt mount /var/crypted /var/unencrypted
-pkgs.writers.writeDashBin "ecrypt" ''
- set -euf
-
- PATH=${lib.makeBinPath (with pkgs; [
- coreutils
- ecryptfs
- gnused
- gnugrep
- jq
- mount
- keyutils
- umount
- ])}
-
- # turn echo back on if killed
- trap 'stty echo' INT
-
- case "$1" in
- init)
- shift
- mkdir -p "$1" "$2"
-
- # abort if src or dest are not empty
- if [ -e "$1"/.cfg.json ]; then
- echo 'source dir is already configured, aborting'
- exit 1
- elif ls -1qA "$2" | grep -q .; then
- echo 'destination dir is not empty, aborting'
- exit 1
- else
- # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails
- echo 4 | ecryptfs-manager
- stty -echo
- printf "passphrase: "
- read passphrase
- stty echo
- sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/')
- mount -t ecryptfs \
- -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \
- "$1" "$2"
-
- # add sig to json state file
- jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json
- fi
- ;;
-
- mount)
- shift
- if ! [ -e "$1"/.cfg.json ]; then
- echo '.cfg.json missing in src'
- exit 1
- fi
- old_sig=$(cat "$1"/.cfg.json | jq -r .sig)
-
- # check if key is already in keyring, otherwise add it
-
- if keyctl list @u | grep -q "$old_sig"; then
- echo 'pw already saved'
- else
- # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails
- echo 4 | ecryptfs-manager
- stty -echo
- printf "passphrase: "
- read passphrase
- stty echo
- new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/')
-
- # check if passphrase matches sig
- if [ "$old_sig" != "$new_sig" ]; then
- echo 'passphrase does not match sig, bailing out'
- new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/')
- keyctl revoke "$new_keyid"
- keyctl unlink "$new_keyid"
- exit 1
- fi
- fi
-
- sig=$old_sig
- keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/')
- if (ls -1qA "$2" | grep -q .); then
- echo 'destination is not empty, bailing out'
- exit 1
- else
- mount -i -t ecryptfs \
- -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \
- "$1" "$2"
- fi
- ;;
-
- unmount)
- shift
-
- sig=$(cat "$1"/.cfg.json | jq -r .sig)
- keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/')
-
- umount "$2" || :
- keyctl revoke "$keyid"
- keyctl unlink "$keyid"
- ;;
-
- *)
- echo 'usage:
- ecrypt init /tmp/src/ /tmp/dst/
- ecrypt mount /tmp/src/ /tmp/dst/
- ecrypt unmount /tmp/src/ /tmp/dst/
- '
- esac
-''
diff --git a/krebs/5pkgs/simple/eximlog.nix b/krebs/5pkgs/simple/eximlog.nix
deleted file mode 100644
index 9e5ae8d63..000000000
--- a/krebs/5pkgs/simple/eximlog.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ jq, stockholm, systemd, writeDashBin }:
-
-let
- lib = stockholm.lib;
- user = "exim"; # TODO make this configurable
-in
-
-# TODO execute eximlog only if journalctl doesn't fail
-# bash's set -o pipefail isn't enough
-
-writeDashBin "eximlog" ''
- ${systemd}/bin/journalctl \
- -u ${lib.shell.escape user} \
- -o short-unix \
- "$@" \
- |
- ${jq}/bin/jq -Rr '
- # Only select lines that start with a timestamp
- select(test("^[0-9]")) |
-
- split(" ") |
- (.[0] | tonumber) as $time |
- (.[3:] | join(" ")) as $message |
-
- "\($time | strftime("%Y-%m-%d %H:%M:%S %z")) \($message)"
-
- '
-''
diff --git a/krebs/5pkgs/simple/font-size.nix b/krebs/5pkgs/simple/font-size.nix
index 21097ed6a..829325192 100644
--- a/krebs/5pkgs/simple/font-size.nix
+++ b/krebs/5pkgs/simple/font-size.nix
@@ -1,3 +1,4 @@
+# TODO kill me in favor of urxvt-resize-font
{ writeDashBin }:
writeDashBin "font-size" ''
set -efu
diff --git a/krebs/5pkgs/simple/fortclientsslvpn/default.nix b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
index 1f86d6fe4..b895eef89 100644
--- a/krebs/5pkgs/simple/fortclientsslvpn/default.nix
+++ b/krebs/5pkgs/simple/fortclientsslvpn/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl, gnome3, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute,
+{ stdenv, lib, fetchurl, gtk3, glib, xorg, gdk-pixbuf, iproute2,
makeWrapper, libredirect, ppp, coreutils, gawk, pango }:
stdenv.mkDerivation rec {
name = "forticlientsslvpn";
@@ -31,12 +31,12 @@ stdenv.mkDerivation rec {
];
guiLibPath = lib.makeLibraryPath [
- gnome3.gtk
+ gtk3
glib
- libSM
- gdk_pixbuf
- libX11
- libXinerama
+ xorg.libSM
+ gdk-pixbuf
+ xorg.libX11
+ xorg.libXinerama
pango
];
@@ -63,7 +63,7 @@ stdenv.mkDerivation rec {
cp -r 64bit/. "$out/opt/fortinet"
wrapProgram $out/opt/fortinet/forticlientsslvpn \
--set LD_PRELOAD "${libredirect}/lib/libredirect.so" \
- --set NIX_REDIRECTS /usr/bin/tail=${coreutils}/bin/tail:/usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/pppd=${ppp}/bin/pppd
+ --set NIX_REDIRECTS /usr/bin/tail=${coreutils}/bin/tail:/usr/sbin/ip=${iproute2}/bin/ip:/usr/sbin/pppd=${ppp}/bin/pppd
mkdir -p "$out/bin/"
diff --git a/krebs/5pkgs/simple/ftb/default.nix b/krebs/5pkgs/simple/ftb/default.nix
index 8007eaa52..1509961cd 100644
--- a/krebs/5pkgs/simple/ftb/default.nix
+++ b/krebs/5pkgs/simple/ftb/default.nix
@@ -1,7 +1,7 @@
{ fetchurl, lib, stdenv
-, jre, libX11, libXext, libXcursor, libXrandr, libXxf86vm
+, jre, xorg
, openjdk
-, mesa_glu, openal
+, libGLU, openal
, useAlsa ? false, alsaOss ? null }:
with lib;
@@ -26,7 +26,7 @@ stdenv.mkDerivation {
#!${stdenv.shell}
export _JAVA_AWT_WM_NONREPARENTING=1
- export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ libX11 libXext libXcursor libXrandr libXxf86vm mesa_glu openal ]}
+ export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:${makeLibraryPath [ xorg.libX11 xorg.libXext xorg.libXcursor xorg.libXrandr xorg.libXxf86vm libGLU openal ]}
${if useAlsa then "${alsaOss}/bin/aoss" else "" } \
${jre}/bin/java -jar $out/ftb.jar
EOF
diff --git a/krebs/5pkgs/simple/games-user-env/default.nix b/krebs/5pkgs/simple/games-user-env/default.nix
deleted file mode 100644
index abe770ed1..000000000
--- a/krebs/5pkgs/simple/games-user-env/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ lib, pkgs, ... }: let
-
-#TODO: make sure env exists prior to running
-env_nix = pkgs.writeText "env.nix" ''
- { pkgs ? import <nixpkgs> {} }:
-
- (pkgs.buildFHSUserEnv {
- name = "simple-x11-env";
- targetPkgs = pkgs: with pkgs; [
- coreutils
- ];
- multiPkgs = pkgs: with pkgs; [
- alsaLib
- zlib
- xorg.libXxf86vm
- curl
- openal
- openssl_1_0_2
- xorg.libXext
- xorg.libX11
- xorg.libXrandr
- xorg.libXcursor
- xorg.libXinerama
- xorg.libXi
- mesa_glu
- ];
- runScript = "bash";
- }).env
-'';
-
-
-in pkgs.writeDashBin "games-user-env" ''
- nix-shell ${env_nix}
-''
diff --git a/krebs/5pkgs/simple/generate-secrets/default.nix b/krebs/5pkgs/simple/generate-secrets/default.nix
deleted file mode 100644
index 8522b5dda..000000000
--- a/krebs/5pkgs/simple/generate-secrets/default.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ pkgs }:
-pkgs.writers.writeDashBin "generate-secrets" ''
- set -eu
- HOSTNAME="$1"
- TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
- cd $TMPDIR
-
- PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
- HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
-
- ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
- ${pkgs.tinc_pre}/bin/tinc --config "$TMPDIR" generate-keys 4096 >/dev/null
- cat <<EOF > $TMPDIR/hashedPasswords.nix
- {
- root = "$HASHED_PASSWORD";
- }
- EOF
-
- for x in *; do
- ${pkgs.coreutils}/bin/cat $x | ${pkgs.brain}/bin/brain insert -m krebs-secrets/$HOSTNAME/$x > /dev/null
- done
- echo $PASSWORD | ${pkgs.brain}/bin/brain insert -m hosts/$HOSTNAME/root > /dev/null
-
- cat <<EOF
- $HOSTNAME = {
- owner = config.krebs.users.krebs;
- nets = {
- retiolum = {
- ip4.addr = "10.243.0.changeme";
- ip6.addr = "42:0:0:0:0:0:0:changeme";
- aliases = [
- "$HOSTNAME.r"
- ];
- tinc = {
- pubkey = ${"''"}
- $(cat $TMPDIR/rsa_key.pub)
- ${"''"};
- pubkey_ed25519 = "$(cut -d ' ' -f 3 $TMPDIR/ed25519_key.pub)";
- };
- };
- };
- ssh.privkey.path = "\''${config.krebs.secret.directory}/ssh.id_ed25519";
- ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
- };
- EOF
-
- rm -rf $TMPDIR
-''
-
diff --git a/krebs/5pkgs/simple/git-hooks/default.nix b/krebs/5pkgs/simple/git-hooks/default.nix
index 3ec43739c..fe159c833 100644
--- a/krebs/5pkgs/simple/git-hooks/default.nix
+++ b/krebs/5pkgs/simple/git-hooks/default.nix
@@ -1,5 +1,7 @@
-{ pkgs, stockholm, ... }:
-
+{ pkgs, lib, ... }:
+let
+ stockholm.lib = import ../../../../lib/pure.nix { inherit lib; };
+in
with stockholm.lib;
{
@@ -112,6 +114,7 @@ with stockholm.lib;
git diff --stat $id2..$id \
| sed '$!s/\(+*\)\(-*\)$/'$(green '\1')$(red '\2')'/'
)"
+ echo "$(red "$message")"
''}
done
diff --git a/krebs/5pkgs/simple/gitignore.nix b/krebs/5pkgs/simple/gitignore.nix
deleted file mode 100644
index b3c750a08..000000000
--- a/krebs/5pkgs/simple/gitignore.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ pkgs }:
-
-/* gitignore - Filter for intentionally untracked lines or blocks of code
-
-This is a filter that allows specifying intentionally untracked lines and
-blocks of code that Git should ignore.
-
-Example:
-
- int main(void) {
- printf("I would never say derp.\n");
- //#gitignore-begin
- printf("DERP!\n");
- //#gitignore-end
- printf("DERP!\n"); //#gitignore
- return 0;
- }
-
-Installation:
-
- Define a filter, e.g. in ~/.config/git/config[1]:
-
- [filter "gitignore"]
- clean = gitignore
- smudge = cat
-
- Assing that filter to some paths, e.g. in ~/.config/git/attributes[2]:
-
- *.hs filter=gitignore
- *.c filter=gitignore
- ...
-
- [1]: For more information about defining filters see git-config(1).
- [2]: For more information about assigning filters see gitattributes(5).
-*/
-
-pkgs.execBin "gitignore" {
- filename = "${pkgs.gnused}/bin/sed";
- argv = [
- "gitignore"
- /* sed */ ''
- /#gitignore-begin/,/#gitignore-end/d
- /#gitignore/d
- ''
- ];
-}
diff --git a/krebs/5pkgs/simple/gnokii/default.nix b/krebs/5pkgs/simple/gnokii/default.nix
index 995de3468..c11a6be6d 100644
--- a/krebs/5pkgs/simple/gnokii/default.nix
+++ b/krebs/5pkgs/simple/gnokii/default.nix
@@ -1,5 +1,5 @@
{ lib, stdenv, fetchurl, intltool, perl, gettext, libusb-compat-0_1, pkg-config, bluez
-, readline, pcsclite, libical, gtk2, glib, libXpm
+, readline, pcsclite, libical, gtk2, glib, libxpm
, fetchpatch
}:
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
buildInputs = [
perl intltool gettext libusb-compat-0_1
glib gtk2 pkg-config bluez readline
- libXpm pcsclite libical
+ libxpm pcsclite libical
];
meta = {
diff --git a/krebs/5pkgs/simple/goify/default.nix b/krebs/5pkgs/simple/goify/default.nix
index 9c44aaeeb..7cc3d1b86 100644
--- a/krebs/5pkgs/simple/goify/default.nix
+++ b/krebs/5pkgs/simple/goify/default.nix
@@ -1,6 +1,6 @@
-{ pkgs, ... }:
+{ pkgs, writeBashBin, ... }:
-pkgs.writeBashBin "goify" ''
+writeBashBin "goify" ''
set -euf
GO_HOST=''${GO_HOST:-go}
diff --git a/krebs/5pkgs/simple/hashPassword/default.nix b/krebs/5pkgs/simple/hashPassword/default.nix
deleted file mode 100644
index 8d3ba2525..000000000
--- a/krebs/5pkgs/simple/hashPassword/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ lib, pkgs, ... }:
-
-pkgs.writers.writeDashBin "hashPassword" ''
- # usage: hashPassword [...]
- set -euf
-
- export PATH=${lib.makeBinPath (with pkgs; [
- coreutils
- mkpasswd
- openssl
- ])}
-
- salt=$(openssl rand -base64 16 | tr -d '+=' | head -c 16)
- exec mkpasswd -m sha-512 -S "$salt" "$@"
-''
diff --git a/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur b/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur
index 696d1c00d..bdfb3eb61 100644
--- a/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur
+++ b/krebs/5pkgs/simple/htgen-imgur/src/htgen-imgur
@@ -1,3 +1,4 @@
+# TODO dedup with paste
find_item() {
if test ${#1} -ge 7; then
set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \
@@ -58,6 +59,9 @@ read_uri() {
$uri |
capture("^((?<scheme>[^:]*):)?(//(?<authority>[^/]*))?(?<path>[^?#]*)([?](?<query>[^#]*))?([#](?<fragment>.*))?$") |
. + {
+ #authority: (.authority | if . != null then
+ # capture("^((?<userinfo>[^@]*)@)?(?<host>[^:]*)(:(?<port>.*))?$")
+ #else . end),
query: (.query | if . != null then
split("&") |
map(split("=") | {key:.[0],value:.[1]}) |
@@ -141,26 +145,26 @@ case "$Method $path" in
description: $uri.query.description,
datetime: now,
type: $info["MIME type"],
- animated: false,
+ animated: false, # TODO
width: $info.width,
height: $info.height,
size: $info.size,
- views: 0,
- bandwidth: 0,
- vote: null,
- favorite: false,
- nsfw: null,
- section: null,
- account_url: null,
- acount_id: 0,
- is_ad: false,
- is_most_viral: false,
- tags: [],
- ad_type: 0,
- ad_url: "",
- in_gallery: false,
+ views: 0, # TODO
+ bandwidth: 0, # TODO
+ vote: null, # TODO
+ favorite: false, # TODO
+ nsfw: null, # TODO
+ section: null, # TODO
+ account_url: null, # TODO
+ acount_id: 0, # TODO
+ is_ad: false, # TODO
+ is_most_viral: false, # TODO
+ tags: [], # TODO
+ ad_type: 0, # TODO
+ ad_url: "", # TODO
+ in_gallery: false, # TODO
deletehash: @uri "\($id)?deletehash=\($deletehash)",
- name: "",
+ name: "", # TODO
link: $link,
}
')
diff --git a/krebs/5pkgs/simple/htgen/default.nix b/krebs/5pkgs/simple/htgen/default.nix
index 1ee13783b..945801bfe 100644
--- a/krebs/5pkgs/simple/htgen/default.nix
+++ b/krebs/5pkgs/simple/htgen/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
installPhase = ''
mkdir -p $out/bin
{
- echo '#! ${pkgs.dash}/bin/dash'
+ echo '#! ${pkgs.busybox}/bin/sh'
echo 'export PATH=${lib.makeBinPath [
pkgs.coreutils
pkgs.jq
diff --git a/krebs/5pkgs/simple/internetarchive/default.nix b/krebs/5pkgs/simple/internetarchive/default.nix
deleted file mode 100644
index dfe93befd..000000000
--- a/krebs/5pkgs/simple/internetarchive/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ lib, pkgs, stdenv, pkgs }:
-with pkgs.python3Packages;
-buildPythonPackage rec {
- pname = "internetarchive";
- version = "1.7.3";
- name = "${pname}-${version}";
-
- src = fetchPypi {
- inherit pname version;
- sha256 = "0x3saklabdx7qrr11h5bjfd75hfbih7pw5gvl2784zvvvrqrz45g";
- };
-
- propagatedBuildInputs = [
- requests
- jsonpatch
- docopt
- clint
- six
- schema
- backports_csv
- ];
-
- # check only works when cloned from git repo
- doCheck = false;
-
- checkInputs = [
- pytest
- responses
- ];
-
- prePatch = ''
- sed -i "s/'schema.*'/'schema>=0.4.0'/" setup.py
- '';
-
- meta = with lib; {
- description = "python library and cli for uploading files to internet archive";
- license = licenses.agpl3;
- };
-}
diff --git a/krebs/5pkgs/simple/irc-announce/default.nix b/krebs/5pkgs/simple/irc-announce/default.nix
index 75036d41c..d5eae30c5 100644
--- a/krebs/5pkgs/simple/irc-announce/default.nix
+++ b/krebs/5pkgs/simple/irc-announce/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ pkgs, ircaids, ... }:
pkgs.writers.writeDashBin "irc-announce" ''
set -euf
@@ -15,7 +15,7 @@ pkgs.writers.writeDashBin "irc-announce" ''
fi
printf %s "$message" |
- ${pkgs.ircaids}/bin/ircsink \
+ ${ircaids}/bin/ircsink \
--nick="$IRC_NICK" \
--port="$IRC_PORT" \
--server="$IRC_SERVER" \
diff --git a/krebs/5pkgs/simple/krebspaste/default.nix b/krebs/5pkgs/simple/krebspaste/default.nix
deleted file mode 100644
index d97b6a053..000000000
--- a/krebs/5pkgs/simple/krebspaste/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ bepasty-client-cli, gnused, writeDashBin }:
-
-writeDashBin "krebspaste" ''
- ${bepasty-client-cli}/bin/bepasty-cli -L 1m --url http://paste.r "$@" |
- ${gnused}/bin/sed '
- $ {
- s/$/\/+inline/
- p
- s/\<r\>/krebsco.de/
- }
- '
-''
diff --git a/krebs/5pkgs/simple/logf/default.nix b/krebs/5pkgs/simple/logf/default.nix
deleted file mode 100644
index 36a7fed2f..000000000
--- a/krebs/5pkgs/simple/logf/default.nix
+++ /dev/null
@@ -1,112 +0,0 @@
-{ lib, pkgs, ... }:
-
-let
- default-host-colors = pkgs.writeJSON "logf.default-host-colors.json" {
- };
- default-prio-colors = pkgs.writeJSON "logf.default-prio-colors.json" {
- "0" = 196; # emerg
- "1" = 160; # alert
- "2" = 124; # crit
- "3" = 009; # err
- "4" = 011; # warning
- "5" = 255; # notice
- "6" = 250; # info
- "7" = 139; # debug
- "-" = 005; # undefined priority
- };
- default-urgent = pkgs.writeJSON "logf.default-urgent.json" [
- ];
-in
-
-pkgs.writeDashBin "logf" ''
- export LOGF_HOST_COLORS LOGF_PRIO_COLORS LOGF_URGENT
- LOGF_HOST_COLORS=$(cat "''${LOGF_HOST_COLORS-${default-host-colors}}")
- LOGF_PRIO_COLORS=$(cat "''${LOGF_PRIO_COLORS-${default-prio-colors}}")
- LOGF_URGENT=$(cat "''${LOGF_URGENT-${default-urgent}}")
- printf '%s\0' "$@" \
- | ${pkgs.findutils}/bin/xargs -0 -P 0 -n 1 ${pkgs.writeDash "logf-remote" ''
- target=$1
- target_host=$(echo "$1" | sed 's/^.*@//;s/\..*//')
- exec 3>&1
- 2>&1 1>&3 ssh "$target" -T \
- -o PreferredAuthentications=publickey \
- -o StrictHostKeyChecking=yes \
- exec journalctl -af -n 0 -o json \
- | stdbuf -oL jq -Rcf ${pkgs.writeJq "logf-remote-error.jq" ''
- {
- PRIORITY: "4",
- MESSAGE: .,
- SYSLOG_IDENTIFIER: env.target_host,
- }
- ''}
- sleep 10m
- exec "$0" "$@"
- ''} \
- | ${pkgs.jq}/bin/jq -Rrf ${pkgs.writeJq "logf-filter.jq" ''
- (env.LOGF_HOST_COLORS | fromjson) as $host_colors |
- (env.LOGF_PRIO_COLORS | fromjson) as $prio_colors |
- (env.LOGF_URGENT | fromjson | map("(\(.))") | join("|"))
- as $urgent_regex |
-
- def when(c; f): if c then f else . end;
-
- # anaphoric gsub
- def agsub(re; f):
- # Don't try empty regex: https://github.com/stedolan/jq/issues/1206
- when(re != ""; gsub("(?<it>\(re))"; .it | f));
-
- # :: [int] -> sgr
- def sgr: "\u001b[\(map(tostring) | join(";"))m";
-
- # :: sgr
- def rst: [] | sgr;
-
- # :: int -> sgr
- def fg(i): [38,5,i]|sgr;
- # TODO def fg(r;g;b): [38,2,r,g,b]|sgr;
- # http://cvs.schmorp.de/rxvt-unicode/src/command.C?revision=1.570&view=markup&sortby=log&sortdir=down
-
- # (sgr; sgr) | (null; any) :: str -> str
- def col(a; b): when(a != null; a + . + b);
- def col(a): col(a; rst);
-
-
- def p_time:
- ._SOURCE_REALTIME_TIMESTAMP
- | if . != null then . | fromjson | . / 1000000 else now end
- | gmtime
- | todateiso8601
- | col(fg(237));
-
- def p_host:
- ._HOSTNAME
- | if . != null then . else "-" end
- | col($host_colors[.]|when(. != null; fg(.)));
-
- def p_ident:
- if .SYSLOG_IDENTIFIER != null then .SYSLOG_IDENTIFIER
- else ._COMM end
- | col(fg(244));
-
- def p_message:
- fg($prio_colors[if has("PRIORITY") then .PRIORITY else "-" end])
- as $prio_c |
- .MESSAGE
- | sub("\r$"; "")
- | agsub($urgent_regex; "\(.)\u0007" | col(fg(219); $prio_c))
- | col($prio_c);
-
- try fromjson catch {
- _SOURCE_REALTIME_TIMESTAMP: now | tostring | sub("[.]"; ""),
- SYSLOG_IDENTIFIER: "logf/journalctl",
- MESSAGE: .,
- } |
-
- [ p_time
- , p_host
- , p_ident
- , p_message
- ]
- | join(" ")
- ''}
-''
diff --git a/krebs/5pkgs/simple/netcup/default.nix b/krebs/5pkgs/simple/netcup/default.nix
deleted file mode 100644
index 750e9cfa9..000000000
--- a/krebs/5pkgs/simple/netcup/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ coreutils, curl, fetchgit, gawk, gnugrep, gnused, jq, stdenv, stockholm, w3m, ... }:
-with stockholm.lib;
-
-let
- readJSON = path: fromJSON (readFile path);
- sed.escape = replaceStrings ["/"] ["\\/"]; # close enough
- PATH = makeBinPath [
- coreutils
- curl
- gawk
- gnugrep
- gnused
- jq
- w3m
- ];
-in
-stdenv.mkDerivation {
- name = "netcup-1.0.0";
- src = fetchgit {
- url = "http://cgit.ni.krebsco.de/netcup";
- rev = "refs/tags/v1.0.0";
- sha256 = "1rn7bncfhjw0bqjbvj38m7lks4nyf5qcvkj9dg0zr99ba6dylzx5";
- };
- phases = [ "unpackPhase" "patchPhase" "installPhase" ];
- patchPhase = ''
- path=${shell.escape (sed.escape PATH)}
- sed -i "1s/.*/&\nPATH=$path/" vcp
- '';
- installPhase = ''
- mkdir -p $out/bin
- cp vcp $out/bin
- '';
-}
diff --git a/krebs/5pkgs/simple/nixos-format-error.nix b/krebs/5pkgs/simple/nixos-format-error.nix
deleted file mode 100644
index a28f7245f..000000000
--- a/krebs/5pkgs/simple/nixos-format-error.nix
+++ /dev/null
@@ -1,107 +0,0 @@
-{ pkgs }:
-
-pkgs.writeGawkBin "nixos-format-error" ''
- # usage: nixos-rebuild ... 2>&1 | nixos-format-error
-
- function out() {
- print
- next
- }
-
- BEGIN {
- IDLE = 0
- ACTIVE = 1
- PASSIVE = 2
- ERROR = 3
-
- start_state = IDLE
-
- state = start_state
- }
-
- END {
- if (trace_count)
- for (i = trace_count - 1; i >= 0; i--)
- print trace[i]
- }
-
- state == PASSIVE {
- out()
- }
-
- state == IDLE {
- if ($0 ~ /^building the system configuration\.\.\. ?$/) {
- state = ACTIVE
- }
- out()
- }
-
- state == ACTIVE {
- if ($1 ~ /(\[[0-9;]+m)?error:(\[[0-9;]m)?/) {
- state = ERROR
- sub(/^/,"\x1b[31;1m"); sub(/$/,"\x1b[m")
- trace[trace_count++] = $0
-
- "stty -F /dev/tty size" |& getline
- COLUMNS = gensub(/.* ([0-9]+)$/, "\\1", "1")
-
- next
- }
- if ($0 ~ /^these [0-9]+ derivations will be built:/) {
- state = PASSIVE
- }
- if ($0 == "activating the configuration...") {
- state = PASSIVE
- }
- out()
- }
-
- state == ERROR {
- sub(/ $/, "")
- gsub(/\[[0-9;]*m/, "")
-
- if ($0 ~ /^\s*at /) {
- location = gensub(/^\s*at (.*):$/,"\\1","1")
- content = ""
- lnumcol = gensub(/^.*:([0-9]+:[0-9]+)$/,"\\1","1",location)
- lnum = gensub(/:.*/,"","1",lnumcol)
- col = gensub(/.*:/,"","1",lnumcol)
- next
- }
-
- if ($1 == lnum "|") {
- content = gensub(/^\s*[0-9]+\|(.*)/,"\\1","1")
-
- location = sprintf("%50s", location)
-
- preview_size = COLUMNS - length(location " ")
-
- prefix = gensub(/^\s*/,"","1",substr(content, 1, col))
- infix = gensub(/^([0-9a-zA-Z]+|.).*$/, "\\1", "1", substr(content, col + 1))
- suffix = substr(content, col + length(infix) + 1)
-
- if (length(prefix infix suffix) > preview_size) {
- n = (preview_size - length(infix)) / 2 - length(" ")
- prefix = substr(prefix, length(prefix) - n + 1)
- if (prefix != "") { prefix = "…" prefix }
- suffix = substr(suffix, 1, n)
- if (suffix != "") { suffix = suffix "…" }
- }
-
- preview = \
- "\x1b[38;5;244m" prefix "\x1b[m" \
- "\x1b[38;5;230m" infix "\x1b[m" \
- "\x1b[38;5;244m" suffix "\x1b[m"
-
- trace[trace_count++] = location " " preview
- next
- }
-
- if ($0 == "") next
- if ($0 ~ /^\s*… (from|while)/) next
- if ($0 ~ /^\s*([0-9]*)\|/) next
-
- trace[trace_count++] = $0
- next
- }
-''
diff --git a/krebs/5pkgs/simple/ovh-zone/default.nix b/krebs/5pkgs/simple/ovh-zone/default.nix
index bc0e45cb9..a31611ea2 100644
--- a/krebs/5pkgs/simple/ovh-zone/default.nix
+++ b/krebs/5pkgs/simple/ovh-zone/default.nix
@@ -6,9 +6,11 @@
## diff future.sorted current.sorted
python3Packages.buildPythonPackage rec {
- name = "ovh-zone-${version}";
+ pname = "ovh-zone";
version = "0.4.4";
- propagatedBuildInputs = with pkgs.python3Packages;[
+ pyproject = true;
+ build-system = [ python3Packages.setuptools ];
+ dependencies = with pkgs.python3Packages;[
ovh
docopt
];
diff --git a/krebs/5pkgs/simple/python-dnsstamps.nix b/krebs/5pkgs/simple/python-dnsstamps.nix
index 18d08fec8..314e11610 100644
--- a/krebs/5pkgs/simple/python-dnsstamps.nix
+++ b/krebs/5pkgs/simple/python-dnsstamps.nix
@@ -3,6 +3,8 @@
python3Packages.buildPythonPackage rec {
pname = "dnsstamps";
version = "1.3.0";
+ pyproject = true;
+ build-system = [ python3Packages.setuptools ];
src = python3Packages.fetchPypi {
inherit pname version;
diff --git a/krebs/5pkgs/simple/qrscan.nix b/krebs/5pkgs/simple/qrscan.nix
deleted file mode 100644
index df9a98053..000000000
--- a/krebs/5pkgs/simple/qrscan.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ pkgs }:
-
-pkgs.writeDashBin "qrscan" ''
- set -efu
-
- ${pkgs.zbar}/bin/zbarcam -1 | ${pkgs.gnused}/bin/sed -n 's/^QR-Code://p'
-''
diff --git a/krebs/5pkgs/simple/reaktor2-plugins.nix b/krebs/5pkgs/simple/reaktor2-plugins/default.nix
index 5b7be5d33..73c46755f 100644
--- a/krebs/5pkgs/simple/reaktor2-plugins.nix
+++ b/krebs/5pkgs/simple/reaktor2-plugins/default.nix
@@ -15,7 +15,7 @@ with stockholm.lib;
commands = {
random-emoji = {
- filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh";
+ filename = ./scripts/random-emoji.sh;
env = {
PATH = makeBinPath (with pkgs; [ coreutils gnused gnugrep xmlstarlet wget ]);
};
@@ -35,10 +35,10 @@ with stockholm.lib;
};
stockholm-issue = {
- filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh";
+ filename = ./scripts/random-issue.sh;
env = {
PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]);
- origin = "http://cgit.gum/stockholm";
+ origin = "https://cgit.krebsco.de/stockholm";
state_dir = "/tmp/stockholm-issue";
};
};
@@ -59,7 +59,7 @@ with stockholm.lib;
filename = pkgs.writers.writeDash "sed-plugin" ''
set -efu
exec ${pkgs.python3}/bin/python \
- ${./Reaktor/scripts/sed-plugin.py} "$@"
+ ${./scripts/sed-plugin.py} "$@"
'';
};
};
@@ -68,7 +68,7 @@ with stockholm.lib;
activate = "match";
pattern = "^(.*Shack.*)$";
arguments = [1];
- command.filename = stockholm.outPath + "/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh";
+ command.filename = ./scripts/shack-correct.sh;
};
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh b/krebs/5pkgs/simple/reaktor2-plugins/scripts/random-emoji.sh
index 6f3dd4a3f..6f3dd4a3f 100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/random-emoji.sh
+++ b/krebs/5pkgs/simple/reaktor2-plugins/scripts/random-emoji.sh
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh b/krebs/5pkgs/simple/reaktor2-plugins/scripts/random-issue.sh
index 5c47c6156..5c47c6156 100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/random-issue.sh
+++ b/krebs/5pkgs/simple/reaktor2-plugins/scripts/random-issue.sh
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/simple/reaktor2-plugins/scripts/sed-plugin.py
index 4925b25bb..4925b25bb 100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/sed-plugin.py
+++ b/krebs/5pkgs/simple/reaktor2-plugins/scripts/sed-plugin.py
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh b/krebs/5pkgs/simple/reaktor2-plugins/scripts/shack-correct.sh
index d500b3cb3..d500b3cb3 100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/shack-correct.sh
+++ b/krebs/5pkgs/simple/reaktor2-plugins/scripts/shack-correct.sh
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh b/krebs/5pkgs/simple/reaktor2-plugins/scripts/tell-on_join.sh
index 6978e38c6..6978e38c6 100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/tell-on_join.sh
+++ b/krebs/5pkgs/simple/reaktor2-plugins/scripts/tell-on_join.sh
diff --git a/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh b/krebs/5pkgs/simple/reaktor2-plugins/scripts/tell-on_privmsg.sh
index fc05bdefb..fc05bdefb 100755
--- a/krebs/5pkgs/simple/Reaktor/scripts/tell-on_privmsg.sh
+++ b/krebs/5pkgs/simple/reaktor2-plugins/scripts/tell-on_privmsg.sh
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 5364a37dc..44e888879 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -1,8 +1,10 @@
-{ pkgs, ... }:
+{ pkgs, nomads-cloud, ... }:
pkgs.writers.writeDashBin "generate-wallpaper" ''
set -euf
- export PATH=${with pkgs; lib.makeBinPath [
+ export PATH=${pkgs.lib.makeBinPath ([
+ nomads-cloud
+ ] ++ (with pkgs; [
coreutils
curl
gnugrep
@@ -12,9 +14,8 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
imagemagick
inkscape
jq
- nomads-cloud
xplanet
- ]}
+ ]))}
# usage: getimg FILENAME URL
fetch() {
diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix
index 66f220ba6..1c88c2e91 100644
--- a/krebs/5pkgs/simple/repo-sync/default.nix
+++ b/krebs/5pkgs/simple/repo-sync/default.nix
@@ -2,17 +2,19 @@
with python3Packages; buildPythonPackage rec {
name = "repo-sync-${version}";
- version = "0.2.7";
+ version = "1.0.0";
+ pyproject = true;
+ build-system = [ python3Packages.setuptools ];
propagatedBuildInputs = [
docopt
- GitPython
+ gitpython
pkgs.git
];
src = fetchFromGitHub {
owner = "krebs";
repo = "repo-sync";
rev = version;
- sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw";
+ hash = "sha256-dkhPUaCL+tZn5rF7NN8A6NK/0tz669dLLYRGtRxO+fM=";
};
meta = {
homepage = http://github.com/makefu/repo-sync;
diff --git a/krebs/5pkgs/simple/ssh-audit.nix b/krebs/5pkgs/simple/ssh-audit.nix
index 4574eb644..286282107 100644
--- a/krebs/5pkgs/simple/ssh-audit.nix
+++ b/krebs/5pkgs/simple/ssh-audit.nix
@@ -4,6 +4,8 @@ python3Packages.buildPythonPackage rec {
inherit (meta) version;
pname = "ssh-audit";
+ pyproject = true;
+ build-system = [ python3Packages.setuptools ];
src = fetchFromGitHub {
owner = "arthepsy";
diff --git a/krebs/5pkgs/simple/tinc_graphs/default.nix b/krebs/5pkgs/simple/tinc_graphs/default.nix
index 953804dd0..11079a9a3 100644
--- a/krebs/5pkgs/simple/tinc_graphs/default.nix
+++ b/krebs/5pkgs/simple/tinc_graphs/default.nix
@@ -1,10 +1,12 @@
{ fetchFromGitHub, lib, pkgs, python3Packages, stdenv }:
python3Packages.buildPythonPackage rec {
- name = "tinc_graphs-${version}";
+ pname = "tinc_graphs";
version = "0.4.0";
+ pyproject = true;
+ build-system = [ python3Packages.setuptools ];
- propagatedBuildInputs = with pkgs;[
+ dependencies = with pkgs;[
python3Packages.pygeoip
## ${geolite-legacy}/share/GeoIP/GeoIPCity.dat
];
diff --git a/krebs/5pkgs/simple/treq/default.nix b/krebs/5pkgs/simple/treq/default.nix
index 7cb826a51..8689479b3 100644
--- a/krebs/5pkgs/simple/treq/default.nix
+++ b/krebs/5pkgs/simple/treq/default.nix
@@ -1,14 +1,16 @@
-{ stdenv, fetchurl, pythonPackages }:
+{ stdenv, fetchurl, python3Packages }:
-pythonPackages.buildPythonPackage rec {
+python3Packages.buildPythonPackage rec {
name = "${pname}-${version}";
pname = "treq";
version = "15.1.0";
+ pyproject = true;
+ build-system = [ python3Packages.setuptools ];
src = fetchurl {
url = "mirror://pypi/t/${pname}/${name}.tar.gz";
sha256= "425a47d5d52a993d51211028fb6ade252e5fbea094e878bb4b644096a7322de8";
};
- propagatedBuildInputs = with pythonPackages; [
+ propagatedBuildInputs = with python3Packages; [
twisted
pyopenssl
requests
diff --git a/krebs/5pkgs/simple/ukrepl.nix b/krebs/5pkgs/simple/ukrepl.nix
index bdea4181f..da1c05c92 100644
--- a/krebs/5pkgs/simple/ukrepl.nix
+++ b/krebs/5pkgs/simple/ukrepl.nix
@@ -1,5 +1,5 @@
-{ lib, pkgs,stdenv }:
-let
+{ lib, pkgs, stdenv }:
+let
src = pkgs.fetchFromGitHub {
owner = "makefu";
repo = "ukrepl";
@@ -7,5 +7,5 @@ let
hash = "sha256:1lnhkf02f18fvf3l2fcszvs4x115lql17akabd5ph9ff9z33k8rv";
};
in
- pkgs.writers.writePython3Bin "ukrepl" {} (builtins.readFile (src + "/ukrepl"))
+ pkgs.writers.writePython3Bin "ukrepl" {} (src + "/ukrepl")
diff --git a/krebs/5pkgs/simple/untilport/default.nix b/krebs/5pkgs/simple/untilport/default.nix
index 2930fd1eb..d299ec807 100644
--- a/krebs/5pkgs/simple/untilport/default.nix
+++ b/krebs/5pkgs/simple/untilport/default.nix
@@ -1,6 +1,6 @@
-{ pkgs, ... }:
+{ libressl, writeDashBin, ... }:
-pkgs.writeDashBin "untilport" ''
+writeDashBin "untilport" ''
set -euf
usage() {
@@ -13,6 +13,6 @@ pkgs.writeDashBin "untilport" ''
if [ $# -ne 2 ]; then
usage
else
- until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done
+ until ${libressl.nc}/bin/nc -z "$@"; do sleep 1; done
fi
''
diff --git a/krebs/5pkgs/simple/urix.nix b/krebs/5pkgs/simple/urix.nix
index 73ea3e665..9ac3a115c 100644
--- a/krebs/5pkgs/simple/urix.nix
+++ b/krebs/5pkgs/simple/urix.nix
@@ -1,14 +1,13 @@
-{ pkgs, stockholm }:
+{ pkgs, lib, writeDash }:
+
+let
+ stockholm.lib = import ../../../lib/pure.nix { inherit lib; };
+in
# urix - URI eXtractor
# Extract all the URIs from standard input and write them to standard output!
# usage: urix < SOMEFILE
-pkgs.execBin "urix" {
- filename = "${pkgs.gnugrep}/bin/grep";
- argv = [
- "urix"
- "-Eo"
- "\\b${stockholm.lib.uri.posix-extended-regex}\\b"
- ];
-}
+writeDash "urix" ''
+ exec ${pkgs.gnugrep}/bin/grep -Eo '\b${stockholm.lib.uri.posix-extended-regex}\b'
+''
diff --git a/krebs/5pkgs/simple/with-tmpdir/default.nix b/krebs/5pkgs/simple/with-tmpdir/default.nix
deleted file mode 100644
index 9862671f8..000000000
--- a/krebs/5pkgs/simple/with-tmpdir/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ stdenv, fetchgit, coreutils, dash, ... }:
-
-stdenv.mkDerivation {
- name = "with-tmpdir-1";
-
- src = fetchgit {
- url = http://cgit.ni.krebsco.de/with-tmpdir;
- rev = "3243c02ed8cd27a04c080bd39560204980f6c16a";
- sha256 = "80ee6cafb2c337999ddcd1e41747d6256b7cfcea605358c2046eb7e3729555c6";
- };
-
- phases = [
- "unpackPhase"
- "installPhase"
- ];
-
- installPhase = ''
- mkdir -p $out/bin
-
- { echo '#! ${dash}/bin/dash'
- echo 'OLDPATH=$PATH'
- echo 'PATH=${coreutils}/bin'
- sed '$s/^/#/' ./with-tmpdir
- echo '(PATH=$OLDPATH; exec "$@")'
- } > $out/bin/with-tmpdir
-
- chmod +x $out/bin/with-tmpdir
- '';
-}
diff --git a/lib/default.nix b/lib/default.nix
deleted file mode 100644
index f9f2f1579..000000000
--- a/lib/default.nix
+++ /dev/null
@@ -1 +0,0 @@
-import ./impure.nix
diff --git a/lib/eval-source.nix b/lib/eval-source.nix
index ff853185b..93320a218 100644
--- a/lib/eval-source.nix
+++ b/lib/eval-source.nix
@@ -1,4 +1,5 @@
-with import <stockholm/lib>;
+{ lib }:
+with lib;
let
eval = _file: source: evalModules {
modules = singleton {
diff --git a/lib/impure.nix b/lib/impure.nix
deleted file mode 100644
index 3f95c375f..000000000
--- a/lib/impure.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-import ./pure.nix {
- lib = import <nixpkgs/lib>;
-}
diff --git a/lib/pure.nix b/lib/pure.nix
index 3fe51cd54..6b5f229e6 100644
--- a/lib/pure.nix
+++ b/lib/pure.nix
@@ -9,7 +9,7 @@ let
};
in filterAttrsRecursive (name: _: !hasPrefix "_" name) eval.config;
- evalSource = import ./eval-source.nix;
+ evalSource = import ./eval-source.nix { lib = stockholm.lib; };
evalSubmodule = submodule: modules: let
prefix = ["evalSubmodule"];
@@ -37,7 +37,7 @@ let
eq = x: y: x == y;
ne = x: y: x != y;
- mod = x: y: x - y * (x / y);
+ #mod = x: y: x - y * (x / y);
on = b: u: x: y: b (u x) (u y);
diff --git a/lib/types.nix b/lib/types.nix
index ad8421b18..f0165c523 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -1,5 +1,4 @@
{ lib, ... }:
-
let
inherit (lib)
all any attrNames concatMapStringsSep concatStringsSep const filter flip
@@ -198,9 +197,32 @@ rec {
};
tinc = mkOption {
type = let net = config; in nullOr (submodule ({ config, ... }: {
+ config = {
+ config =
+ #assert (with builtins; trace "xxxxxx ${toJSON config.subnets}" true);
+ concatStringsSep "\n" (
+ (optionals (net.via != null)
+ (map (a: "Address = ${a} ${toString config.port}") net.via.addrs))
+ ++
+ (map (a: "Subnet = ${a}") config.subnets)
+ ++
+ (map (a: "Subnet = ${a}") net.addrs)
+ ++
+ [config.extraConfig]
+ ++
+ [config.pubkey]
+ ++
+ optional (config.pubkey_ed25519 != null) ''
+ Ed25519PublicKey = ${config.pubkey_ed25519}
+ ''
+ ++
+ optional (config.weight != null) "Weight = ${toString config.weight}"
+ );
+ };
options = {
config = mkOption {
type = str;
+ # TODO: readOnly = true;
default = concatStringsSep "\n" (
(optionals (net.via != null)
(map (a: "Address = ${a} ${toString config.port}") net.via.addrs))
diff --git a/makefu/vacation-note.md b/makefu/vacation-note.md
index 3cdc190b2..7bd5c3234 100644
--- a/makefu/vacation-note.md
+++ b/makefu/vacation-note.md
@@ -2,8 +2,8 @@ From 2015-07-28 until 2023-07-28 here lived the configuration of makefu.
# New Location
All configutation can now be found at [Github: makefu/nixos-config](
-https://github.com/makefu/nixos-config ) or [cgit: nixos-config](
-https://cgit.euer.krebsco.de/nixos-config ) respectively.
+https://github.com/makefu/nixos-config ) and [forgejo: nixos-config](
+https://cgit.euer.krebsco.de/makefu/nixos-config ) respectively.
# Background
With nix flakes it became possible to finally split the configuration up
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-31 01:51:15 +0000
[cgit] Unable to lock slot /tmp/cgit/2e300000.lock: No such file or directory (2)