diff options
| -rw-r--r-- | ci.nix | 8 | ||||
| -rw-r--r-- | kartei/lass/neoprism.nix | 9 | ||||
| -rw-r--r-- | kartei/lass/prism.nix | 3 | ||||
| -rw-r--r-- | kartei/makefu/default.nix | 2 | ||||
| -rw-r--r-- | kartei/tv/hosts/fu.nix | 1 | ||||
| -rw-r--r-- | kartei/tv/hosts/leg.nix | 1 | ||||
| -rw-r--r-- | kartei/tv/hosts/ne.nix | 18 | ||||
| -rw-r--r-- | kartei/tv/hosts/ni.nix | 67 | ||||
| -rw-r--r-- | kartei/tv/hosts/pi.nix | 1 | ||||
| -rw-r--r-- | kartei/tv/hosts/zoppo.nix | 1 | ||||
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 11 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 4 | ||||
| -rw-r--r-- | krebs/2configs/buildbot-stockholm.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/hw/x220.nix | 4 | ||||
| -rw-r--r-- | krebs/2configs/nameserver.nix | 9 | ||||
| -rw-r--r-- | krebs/2configs/repo-sync.nix | 5 | ||||
| -rw-r--r-- | krebs/2configs/shack/worlddomination.nix | 15 | ||||
| -rw-r--r-- | krebs/3modules/ci/default.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/repo-sync.nix | 1 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/collectd-connect-time/default.nix | 6 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/ecrypt/default.nix | 111 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/reaktor2-plugins/default.nix | 2 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/repo-sync/default.nix | 4 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/treq/default.nix | 8 |
24 files changed, 68 insertions, 227 deletions
@@ -1,6 +1,6 @@ # usage: nix-instantiate --eval --json --read-write-mode --strict ci.nix | jq . -with import ./lib; let + lib = pkgs.lib; pkgs = import <nixpkgs> { overlays = [ (import ./submodules/nix-writers/pkgs) ]; }; system = import <nixpkgs/nixos/lib/eval-config.nix> { @@ -16,9 +16,9 @@ let } ; - ci-systems = filterAttrs (_: v: v.ci) system.config.krebs.hosts; + ci-systems = lib.filterAttrs (_: v: v.ci) system.config.krebs.hosts; build = host: owner: - ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${getEnv "HOME"}/stockholm-build";}); + ((import (toString ./. + "/${owner}/krops.nix") { name = host; }).test {target = "${builtins.getEnv "HOME"}/stockholm-build";}); -in mapAttrs (n: h: build n h.owner.name) ci-systems +in lib.mapAttrs (n: h: build n h.owner.name) ci-systems diff --git a/kartei/lass/neoprism.nix b/kartei/lass/neoprism.nix index 73eda0762..086362938 100644 --- a/kartei/lass/neoprism.nix +++ b/kartei/lass/neoprism.nix @@ -1,5 +1,12 @@ { r6, w6, ... }: -{ +rec { + extraZones = { + "krebsco.de" = '' + p 60 IN A ${nets.internet.ip4.addr} + c 60 IN A ${nets.internet.ip4.addr} + paste 60 IN A ${nets.internet.ip4.addr} + ''; + }; nets = rec { internet = { ip4 = rec { diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index a44e120b2..33c662bc4 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -3,9 +3,6 @@ rec { extraZones = { "krebsco.de" = '' cache 60 IN A ${nets.internet.ip4.addr} - p 60 IN A ${nets.internet.ip4.addr} - c 60 IN A ${nets.internet.ip4.addr} - paste 60 IN A ${nets.internet.ip4.addr} prism 60 IN A ${nets.internet.ip4.addr} social 60 IN A ${nets.internet.ip4.addr} ''; diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index 9df79afbf..e92aeec93 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -251,6 +251,8 @@ in { wikisearch IN A ${nets.internet.ip4.addr} work.euer IN A ${nets.internet.ip4.addr} shop.euer IN A ${nets.internet.ip4.addr} + matrix.euer IN A ${nets.internet.ip4.addr} + element.euer IN A ${nets.internet.ip4.addr} mediengewitter IN CNAME over.dose.io. nixos.unstable IN CNAME krebscode.github.io. diff --git a/kartei/tv/hosts/fu.nix b/kartei/tv/hosts/fu.nix index f33da59c9..c3f2f9297 100644 --- a/kartei/tv/hosts/fu.nix +++ b/kartei/tv/hosts/fu.nix @@ -20,5 +20,4 @@ }; secure = true; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8T+2Oe6qCE0uEb9H7CWZengyhHK30NelmYmpI4Umpm root@fu"; - syncthing.id = "F5B3EPT-OEOFYMV-GATESYO-727M6R4-YBXGW6Q-SG3QWC7-PPVFX4C-AY4UKAJ"; } diff --git a/kartei/tv/hosts/leg.nix b/kartei/tv/hosts/leg.nix index c09749302..5841c72d5 100644 --- a/kartei/tv/hosts/leg.nix +++ b/kartei/tv/hosts/leg.nix @@ -23,5 +23,4 @@ }; secure = true; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGiputkYYQbg8sUHu+dMVOEuqhPYwPhPdmkS6LopPx17 root@leg"; - syncthing.id = "5IB2U3K-HNQWNA4-ULYNPZF-XC3HX4D-IKQB72L-GNF6U2P-RNL4OMF-BWGDVAU"; } diff --git a/kartei/tv/hosts/ne.nix b/kartei/tv/hosts/ne.nix index 584d7c433..1191fcb71 100644 --- a/kartei/tv/hosts/ne.nix +++ b/kartei/tv/hosts/ne.nix @@ -2,8 +2,13 @@ extraZones = { "krebsco.de" = '' @ 60 IN MX 5 ne + @ 60 IN TXT "v=spf1 mx -all" ne 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr} ne 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr} + cgit 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr} + cgit 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr} + cgit.ne 60 IN A ${config.krebs.hosts.ne.nets.internet.ip4.addr} + search.ne 60 IN AAAA ${config.krebs.hosts.ne.nets.internet.ip6.addr} tv 300 IN NS ne ''; }; @@ -11,6 +16,7 @@ internet = { aliases = [ "ne.i" + "cgit.ne.i" ]; ip4 = { addr = "159.195.31.38"; @@ -26,14 +32,26 @@ "ne.m" ]; ip6.addr = "45f:fa21:4bdd:a758:8091:947d:fe84:fac3"; + via = config.krebs.hosts.ne.nets.internet; }; retiolum = { aliases = [ "ne.r" + "cgit.ne.r" + "krebs.ne.r" + "search.ne.r" + "p.ne.r" + "p.tv.r" ]; + ip4.addr = "10.243.113.224"; + via = config.krebs.hosts.ne.nets.internet; }; wiregrill = { ip4.addr = "10.244.3.2"; + via = config.krebs.hosts.ne.nets.internet; + wireguard.subnets = [ + (slib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR + ]; }; }; } diff --git a/kartei/tv/hosts/ni.nix b/kartei/tv/hosts/ni.nix deleted file mode 100644 index 3e3d81c37..000000000 --- a/kartei/tv/hosts/ni.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, slib, ... }: { - extraZones = { - "krebsco.de" = '' - ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} - ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} - cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} - cgit 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} - cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} - cgit.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} - search.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr} - search.ni 60 IN AAAA ${config.krebs.hosts.ni.nets.internet.ip6.addr} - krebsco.de. 60 IN MX 5 ni - krebsco.de. 60 IN TXT "v=spf1 mx -all" - tv 300 IN NS ni - ''; - }; - nets = { - internet = { - ip4 = { - addr = "185.162.251.237"; - }; - ip6 = { - addr = "2a03:4000:1a:cf::1"; - prefixLength = 64; - }; - aliases = [ - "ni.i" - "cgit.ni.i" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.ni.nets.internet; - ip4.addr = "10.243.113.223"; - aliases = [ - "ni.r" - "cgit.ni.r" - "krebs.ni.r" - "search.ni.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEA7NHuW8eLVhpBfL70WwcSGVmv4dijKLJs5cH/BmqK8zN2lpiLKt12 - bhaE1YEhGoGma7Kef1Fa0V9xUkJy6C1+sVlfWp/LeY8VRSX5E3u36TEl6kl/4zu6 - Ea/44BoGUSOC9ImxVEX51czA10PFjUSrGFyK0oaRlKNsTwwpNiBOY7/6i74bhn59 - OIsySRUBd2QPjYhJkiuc7gltVfwt6wteZh8R4w2rluVGYLQPsmN/XEWgJbhzI4im - W+3/bdewHVF1soZWtdocPLeXTn5HETX5g8p2V3bwYL37oIwkCcYxOeQtT7W+lNJ2 - NvIiVh4Phojl4dBUgUQGT0NApMnsaG/4LJpSC4AGiqbsznBdSPhepob7zJggPnWY - nfAs+YrUUZp1wovhSgWfYTRglRuyYvWkoGbq411H1efawyZ0gcMr+HQlSn2keQOv - lbcvdgOAxQiEcPVixPq3mTeKaSxWyIJGFceuqtnILGifRNvViX0uo9g5rLQ41PrJ - 9F3azz3gD2Uh73j5pvLU72cge7p1a7epPYWTJYf8oc5JcI3nYTKpSqH8IYaWUjv9 - q0NwOYFDhYtUcTwdbUNl/tUWKyBcovIe7f40723pHSijiPV2WDZC2M/mOc3dvWKF - Mf00uin+7uMuKtnG6+1z5nKb/AWrqN1RZu0rnG/IkZPKwa19HYsYcOkCAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "nDuK96NlNhcxzlX7G30w/706RxItb+FhkFkz/VhUgCE"; - }; - wiregrill = { - via = config.krebs.hosts.ni.nets.internet; - ip4.addr = "10.244.3.1"; - wireguard.subnets = [ - (slib.krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR - ]; - }; - }; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb"; -} diff --git a/kartei/tv/hosts/pi.nix b/kartei/tv/hosts/pi.nix index 991bc0086..cfcc71a28 100644 --- a/kartei/tv/hosts/pi.nix +++ b/kartei/tv/hosts/pi.nix @@ -1,4 +1,3 @@ { nets.wiregrill.ip4.addr = "10.244.3.102"; - syncthing.id = "NLR6FLV-2MJQSZ6-4M5QBBB-X2UM225-YGB6IYW-F2EGFV6-D7ZDCWY-27EQAAM"; } diff --git a/kartei/tv/hosts/zoppo.nix b/kartei/tv/hosts/zoppo.nix index 4d312105f..abbcc08dc 100644 --- a/kartei/tv/hosts/zoppo.nix +++ b/kartei/tv/hosts/zoppo.nix @@ -20,5 +20,4 @@ }; secure = true; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMk5DVtgzKmbJTsJs81GIMYE3YblnJJTc/FtVukKJK4J root@zoppo"; - syncthing.id = "F4GDV3I-QX6QAA5-32MXHXE-2RJDYBO-RFXGDFR-EGMN4IQ-OJDKL62-NCUWOAQ"; } diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 91071ec85..655192077 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -5,6 +5,17 @@ ../../../krebs ../../../krebs/2configs ../../../krebs/2configs/nginx.nix + { + # Cherry-pick services.nginx.recommendedTlsSettings to fix: + # nginx: [emerg] "ssl_conf_command" directive is not supported on this platform + services.nginx.recommendedTlsSettings = lib.mkForce false; + services.nginx.appendHttpConfig = '' + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_prefer_server_ciphers off; + ''; + } ../../../krebs/2configs/binary-cache/nixos.nix ../../../krebs/2configs/ircd.nix diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 0c361cc42..8e03e3b52 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -31,7 +31,7 @@ ../../2configs/shack/ssh-keys.nix # drivedroid.shack for shackphone - ../../2configs/shack/drivedroid.nix + #../../2configs/shack/drivedroid.nix (FIXME error: attribute 'drivedroid-gen-repo' missing) # ../../2configs/shack/nix-cacher.nix # Say if muell will be collected @@ -70,7 +70,7 @@ # ../../2configs/shack/share.nix # mobile.lounge.mpd.shack - ../../2configs/shack/mobile.mpd.nix + #../../2configs/shack/mobile.mpd.nix (FIXME Compatibility with CMake < 3.5 has been removed from CMake.) # hass.shack ../../2configs/shack/glados diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 32452e010..c51d3c651 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -19,7 +19,6 @@ with import ../../lib/pure.nix { inherit lib; }; enable = true; repos = { disko.urls = [ - "http://cgit.gum.r/disko" "http://cgit.ni.r/disko" "http://cgit.orange.r/disko" ]; @@ -33,7 +32,6 @@ with import ../../lib/pure.nix { inherit lib; }; "http://cgit.orange.r/nix-writers" ]; stockholm.urls = [ - "http://cgit.gum.r/stockholm" "http://cgit.ni.r/stockholm" "http://cgit.orange.r/stockholm" ]; diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index a797673c9..937a20c29 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -17,8 +17,8 @@ }; hardware.opengl.extraPackages = [ - pkgs.vaapiIntel - pkgs.vaapiVdpau + pkgs.intel-vaapi-driver + pkgs.libva-vdpau-driver ]; services.xserver = { diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix index c394f312d..c61b5c1b1 100644 --- a/krebs/2configs/nameserver.nix +++ b/krebs/2configs/nameserver.nix @@ -70,10 +70,6 @@ in { address: ${config.krebs.hosts.ne.nets.internet.ip4.addr} key: krebs_transfer_notify_key - - id: krebscode_ni - address: ${config.krebs.hosts.ni.nets.internet.ip4.addr} - key: krebs_transfer_notify_key - acl: - id: acme_acl key: acme @@ -124,7 +120,6 @@ in { notify: henet_ns1 notify: hostingde_ns1 notify: krebscode_ne - notify: krebscode_ni acl: transfer_to_henet_secondary acl: transfer_to_hostingde_secondary acl: transfer_to_krebscode_secondary @@ -174,8 +169,8 @@ in { echo server krebsco.de. echo zone krebsco.de. echo origin krebsco.de. - echo add _25._tcp.ni 60 IN TLSA 3 0 1 $certificate_association_data - echo add _443._tcp.ni 60 IN TLSA 3 0 1 $certificate_association_data + echo add _25._tcp.ne 60 IN TLSA 3 0 1 $certificate_association_data + echo add _443._tcp.ne 60 IN TLSA 3 0 1 $certificate_association_data echo show echo send echo answer diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 126048625..1c7ed4719 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -107,9 +107,10 @@ in { desc = "take all computers hostage, they love it"; section = "configuration"; remotes = { - makefu = "http://cgit.gum.r/stockholm"; - tv = "http://cgit.ni.r/stockholm"; + krebs = "https://github.com/krebs/stockholm"; lassulus = "http://cgit.orange.r/stockholm"; + makefu = "https://cgit.euer.krebsco.de/makefu/stockholm.git"; + tv = "http://cgit.ni.r/stockholm"; }; }) ({ krebs.git = defineRepo { diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 66a4095db..eba6cc83b 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -3,7 +3,7 @@ with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2020-12-01"; + name = "worlddomination-2025-04-02"; src = pkgs.fetchFromGitHub { owner = "shackspace"; repo = "worlddomination"; @@ -11,9 +11,8 @@ let sha256 = "sha256-AbRqxxY6hYNg4qkk/akuw4f+wJh4nx1hfEA4Lp5B+1E="; }; buildInputs = [ - (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ docopt - LinkHeader aiocoap grequests paramiko @@ -31,16 +30,6 @@ let pythonPackages = pkgs.python3Packages; # https://github.com/chrysn/aiocoap - LinkHeader = pythonPackages.buildPythonPackage { - name = "LinkHeader-0.4.3"; - src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; - propagatedBuildInputs = [ ]; - meta = with pkgs.lib; { - homepage = ""; - license = licenses.bsdOriginal; - description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; - }; - }; wdpath = "/usr/worlddomination/wd.lst"; esphost = "10.42.24.7"; # esp8266 afrihost = "10.42.25.201"; # africa diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 1f029276a..18fe46a98 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -50,7 +50,7 @@ let "${url}", workdir='${name}-${elemAt(splitString "." url) 1}', branches=True, project='${name}', - pollinterval=30 + pollInterval=30 ) '') repo.urls ) cfg.repos; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 7b2be4057..62d99e160 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -17,6 +17,7 @@ let branches = mkOption { type = types.attrsOf (types.submodule ({ config, ... }: { options = { + smart = mkEnableOption "smart sync behavior"; origin = mkOption { type = types.source-types.git; }; diff --git a/krebs/5pkgs/simple/collectd-connect-time/default.nix b/krebs/5pkgs/simple/collectd-connect-time/default.nix index 525388029..abbfae40a 100644 --- a/krebs/5pkgs/simple/collectd-connect-time/default.nix +++ b/krebs/5pkgs/simple/collectd-connect-time/default.nix @@ -1,8 +1,10 @@ -{lib, pkgs, pythonPackages, fetchurl, ... }: +{lib, pkgs, python3Packages, fetchurl, ... }: -pythonPackages.buildPythonPackage rec { +python3Packages.buildPythonPackage rec { name = "collectd-connect-time-${version}"; version = "0.3.0"; + pyproject = true; + build-system = [ python3Packages.setuptools ]; src = fetchurl { url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz"; sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95"; diff --git a/krebs/5pkgs/simple/ecrypt/default.nix b/krebs/5pkgs/simple/ecrypt/default.nix deleted file mode 100644 index f83f8cfe7..000000000 --- a/krebs/5pkgs/simple/ecrypt/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ pkgs, lib }: - -#usage: ecrypt mount /var/crypted /var/unencrypted -pkgs.writers.writeDashBin "ecrypt" '' - set -euf - - PATH=${lib.makeBinPath (with pkgs; [ - coreutils - ecryptfs - gnused - gnugrep - jq - mount - keyutils - umount - ])} - - # turn echo back on if killed - trap 'stty echo' INT - - case "$1" in - init) - shift - mkdir -p "$1" "$2" - - # abort if src or dest are not empty - if [ -e "$1"/.cfg.json ]; then - echo 'source dir is already configured, aborting' - exit 1 - elif ls -1qA "$2" | grep -q .; then - echo 'destination dir is not empty, aborting' - exit 1 - else - # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails - echo 4 | ecryptfs-manager - stty -echo - printf "passphrase: " - read passphrase - stty echo - sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') - mount -t ecryptfs \ - -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ - "$1" "$2" - - # add sig to json state file - jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json - fi - ;; - - mount) - shift - if ! [ -e "$1"/.cfg.json ]; then - echo '.cfg.json missing in src' - exit 1 - fi - old_sig=$(cat "$1"/.cfg.json | jq -r .sig) - - # check if key is already in keyring, otherwise add it - - if keyctl list @u | grep -q "$old_sig"; then - echo 'pw already saved' - else - # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails - echo 4 | ecryptfs-manager - stty -echo - printf "passphrase: " - read passphrase - stty echo - new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') - - # check if passphrase matches sig - if [ "$old_sig" != "$new_sig" ]; then - echo 'passphrase does not match sig, bailing out' - new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/') - keyctl revoke "$new_keyid" - keyctl unlink "$new_keyid" - exit 1 - fi - fi - - sig=$old_sig - keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/') - if (ls -1qA "$2" | grep -q .); then - echo 'destination is not empty, bailing out' - exit 1 - else - mount -i -t ecryptfs \ - -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ - "$1" "$2" - fi - ;; - - unmount) - shift - - sig=$(cat "$1"/.cfg.json | jq -r .sig) - keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/') - - umount "$2" || : - keyctl revoke "$keyid" - keyctl unlink "$keyid" - ;; - - *) - echo 'usage: - ecrypt init /tmp/src/ /tmp/dst/ - ecrypt mount /tmp/src/ /tmp/dst/ - ecrypt unmount /tmp/src/ /tmp/dst/ - ' - esac -'' diff --git a/krebs/5pkgs/simple/reaktor2-plugins/default.nix b/krebs/5pkgs/simple/reaktor2-plugins/default.nix index 3f2f6eac2..73c46755f 100644 --- a/krebs/5pkgs/simple/reaktor2-plugins/default.nix +++ b/krebs/5pkgs/simple/reaktor2-plugins/default.nix @@ -38,7 +38,7 @@ with stockholm.lib; filename = ./scripts/random-issue.sh; env = { PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]); - origin = "http://cgit.gum/stockholm"; + origin = "https://cgit.krebsco.de/stockholm"; state_dir = "/tmp/stockholm-issue"; }; }; diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 801e3b1ba..1c88c2e91 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -2,7 +2,7 @@ with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; - version = "0.2.7"; + version = "1.0.0"; pyproject = true; build-system = [ python3Packages.setuptools ]; propagatedBuildInputs = [ @@ -14,7 +14,7 @@ with python3Packages; buildPythonPackage rec { owner = "krebs"; repo = "repo-sync"; rev = version; - sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw"; + hash = "sha256-dkhPUaCL+tZn5rF7NN8A6NK/0tz669dLLYRGtRxO+fM="; }; meta = { homepage = http://github.com/makefu/repo-sync; diff --git a/krebs/5pkgs/simple/treq/default.nix b/krebs/5pkgs/simple/treq/default.nix index 7cb826a51..8689479b3 100644 --- a/krebs/5pkgs/simple/treq/default.nix +++ b/krebs/5pkgs/simple/treq/default.nix @@ -1,14 +1,16 @@ -{ stdenv, fetchurl, pythonPackages }: +{ stdenv, fetchurl, python3Packages }: -pythonPackages.buildPythonPackage rec { +python3Packages.buildPythonPackage rec { name = "${pname}-${version}"; pname = "treq"; version = "15.1.0"; + pyproject = true; + build-system = [ python3Packages.setuptools ]; src = fetchurl { url = "mirror://pypi/t/${pname}/${name}.tar.gz"; sha256= "425a47d5d52a993d51211028fb6ade252e5fbea094e878bb4b644096a7322de8"; }; - propagatedBuildInputs = with pythonPackages; [ + propagatedBuildInputs = with python3Packages; [ twisted pyopenssl requests |