summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/buildbot-all.nix1
-rw-r--r--krebs/3modules/exim.nix12
-rw-r--r--krebs/3modules/lass/default.nix43
-rw-r--r--krebs/3modules/os-release.nix7
-rw-r--r--krebs/5pkgs/simple/electron-cash/default.nix64
-rw-r--r--krebs/source.nix2
6 files changed, 51 insertions, 78 deletions
diff --git a/krebs/2configs/buildbot-all.nix b/krebs/2configs/buildbot-all.nix
index 5ea78f227..d85cde175 100644
--- a/krebs/2configs/buildbot-all.nix
+++ b/krebs/2configs/buildbot-all.nix
@@ -5,6 +5,5 @@ with import <stockholm/lib>;
krebs.ci.enable = true;
krebs.ci.treeStableTimer = 1;
krebs.ci.hosts = filter (getAttr "ci") (attrValues config.krebs.hosts);
- krebs.ci.tests = [ "deploy" ];
}
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index cfcbbc438..274a943b1 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -50,15 +50,9 @@ in {
'';
systemPackages = [ pkgs.exim ];
};
- krebs.setuid = {
- exim = {
- filename = "${pkgs.exim}/bin/exim";
- mode = "4111";
- };
- sendmail = {
- filename = "${pkgs.exim}/bin/exim";
- mode = "4111";
- };
+ security.wrappers = {
+ exim.source = "${pkgs.exim}/bin/exim";
+ sendmail.source = "${pkgs.exim}/bin/exim";
};
systemd.services.exim = {
restartTriggers = [
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index e269d1fa1..0c3e68c39 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -89,7 +89,7 @@ with import <stockholm/lib>;
60 IN NS ns16.ovh.net.
60 IN NS dns16.ovh.net.
60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
- 60 IN TXT v=spf1 mx -all
+ 60 IN TXT v=spf1 mx a:lassul.us -all
cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
io 60 IN NS ions.lassul.us.
ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr}
@@ -618,6 +618,47 @@ with import <stockholm/lib>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HyLyaIvVH0qHIQ4ciKhDiElhSqsK+uXcA6lTvL+5n";
};
+ cabal = {
+ cores = 2;
+ nets = rec {
+ retiolum = {
+ ip4.addr = "10.243.1.4";
+ ip6.addr = "42::1:4";
+ aliases = [
+ "cabal.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIECgKCBAEAukXm8xPpC6/F+wssYqQbqt1QDwsPrF3TJ9ToLFcN1WgDlhDhjM3A
+ SuRDMNjRT1fvVTuXyplH5g16eokW/yLOpNnznMS3/VR372pLPEOqfuRf7wAy18jj
+ rZkW3EO7nyZ8KMb+SXA8Q0KIpHY50Ezh+tqGoTZDICwoK6N5dKLgAZShS55JXwwK
+ qRG3vyzV3mDjgVyT0FNfyL1/BN1qvJ+tQQ40lEbkcQauMunMzNbH058kAd6H2/0e
+ LK4JkxI9XpZHE6Pf1epXyClHW7vT7APFRp9gL9tZS/XMC18+aEMFfQrNW9jb3FIq
+ rU5MfJ7aubboe7dT6CRaRSWpduiKLVzY/JCoGvUziyvmR7qHsQWTEjtNuQX9joc3
+ 6iq1o+gmLV0G8Xwq8cEcg5USlLxNsGBQPwYnTG6iTPPHqOv7BKucekE/opnVZseE
+ fSNCGl1+tGwa3soSMI97LkpQTZxdeqf+jWZve0RbSa2Ihyod91ldFCqi1+PZx68v
+ yBI0PJamlt+dBx6WQKbPngWYeD8hXo7tg0XVRVa3ZQyX+Mq6uCCb2GM8ewMUPl+A
+ kcY1osFt6+sdkFGdiv3FMyijAiZumPoPprXC/4SGIsMnkoI4JfSAbTpHi2QuesqR
+ KMeairdB7XGUYlMvWpDLKN2dbMdRc+l3kDUKT7hALjKeyWS/27WYeK/STxvZXEXi
+ TZGHopvOFv6wcrb6nI49vIJo5mDLFamAPN3ZjeR20wP95UP7cUUSaTYX49M4lX6U
+ oL5BaFrcLn2PTvS84pUxcXKAp70FgTpvGJbaWwETgDjW+H+qlGmI/BTejpL7flVs
+ TOtaP/uCMxhVZSFv9bzo0ih10o+4gtU8lqxfJsVxlf2K7LVZ++LQba/u+XxRY+xw
+ 3IFBfg34tnO6zYlV8XgAiJ6IUOHUZANsuBD4iMoFSVOig6t5eIOkgXR6GEkP8FBD
+ rkroRMmxcu4lTCOzWIuAVOxCd4XXguoGQ4HAzpGd5ccdcb8Ev4RYEvNJY7B5tIQZ
+ 4J0F9ECzJuSu1HvWTL+T6a36d2MDTkXU2IJ2tSHciXqiP+QMMF7p9Ux0tiAq4mtf
+ luA94uKWg3cSyTyEM/jF66CgO6Ts3AivNE0MRNupV6AbUdr+TjzotGn9rxi168py
+ w/49OVbpR9EIGC2wxx7qcSEk5chFOcgvNQMRqgIx51bbOL7JYb0f4XuA38GUqLkG
+ 09PXmPeyqGzR9HsV2XZDprZdD3Dy4ojdexw0+YILg9bHaAxLHYs6WFZvzfaLLsf1
+ K2I39vvrEEOy8tHi4jvMk7oVX6RWG+DOZMeXTvyUCaBHyYkA0eDlC6NeKOHxnW/g
+ ZtN1W93UdklEqc5okM0/ZIke1HDRt3ZLdQIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ secure = true;
+ ssh.privkey.path = <secrets/ssh.id_ed25519>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTeSAedrbp7/KmZX8Mvka702fIUy77Mvqo9HwzCbym";
+ };
};
users = {
lass = {
diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix
index 8f71a357f..5fbfe6614 100644
--- a/krebs/3modules/os-release.nix
+++ b/krebs/3modules/os-release.nix
@@ -1,8 +1,11 @@
{ config, ... }:
with import <stockholm/lib>;
let
- nixos-version-id = "${config.system.nixosVersion}";
- nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})";
+ nixos-version-id = if (hasAttr "nixos" config.system) then
+ "${config.system.nixos.version}" else "${config.system.nixosVersion}";
+ nixos-codeName = if (hasAttr "nixos" config.system) then
+ "${config.system.nixos.codeName}" else "${config.system.nixosCodeName}";
+ nixos-version = "${nixos-version-id} (${nixos-codeName})";
nixos-pretty-name = "NixOS ${nixos-version}";
stockholm-version-id = let
diff --git a/krebs/5pkgs/simple/electron-cash/default.nix b/krebs/5pkgs/simple/electron-cash/default.nix
deleted file mode 100644
index e51136c60..000000000
--- a/krebs/5pkgs/simple/electron-cash/default.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{ stdenv, fetchFromGitHub, python2Packages }:
-
-python2Packages.buildPythonApplication rec {
- name = "electron-cash-${src.rev}";
-
- src = fetchFromGitHub {
- owner = "fyookball";
- repo = "electrum";
- rev = "a2245ea";
- sha256 = "1a0ym94azfd1yn97n2jcky344ajbj2amr9l6jpx30pqxndffpbgv";
- };
-
- propagatedBuildInputs = with python2Packages; [
- dns
- ecdsa
- jsonrpclib
- pbkdf2
- pyaes
- pycrypto
- pyqt4
- pysocks
- qrcode
- requests
- tlslite
-
- # plugins
- keepkey
- trezor
- ];
-
- preBuild = ''
- sed -i 's,usr_share = .*,usr_share = "'$out'/share",g' setup.py
- pyrcc4 icons.qrc -o gui/qt/icons_rc.py
- # Recording the creation timestamps introduces indeterminism to the build
- sed -i '/Created: .*/d' gui/qt/icons_rc.py
- '';
-
- postInstall = ''
- # Despite setting usr_share above, these files are installed under
- # $out/nix ...
- mv $out/lib/python2.7/site-packages/nix/store"/"*/share $out
- rm -rf $out/lib/python2.7/site-packages/nix
-
- substituteInPlace $out/share/applications/electron.desktop \
- --replace "Exec=electrum %u" "Exec=$out/bin/electrum %u"
- '';
-
- doInstallCheck = true;
- installCheckPhase = ''
- $out/bin/electrum help >/dev/null
- '';
-
- meta = with stdenv.lib; {
- description = "A lightweight Bitcoin wallet";
- longDescription = ''
- An easy-to-use Bitcoin client featuring wallets generated from
- mnemonic seeds (in addition to other, more advanced, wallet options)
- and the ability to perform transactions without downloading a copy
- of the blockchain.
- '';
- homepage = https://electrum.org/;
- license = licenses.mit;
- };
-}
diff --git a/krebs/source.nix b/krebs/source.nix
index 7e0ea7e47..0bd797a16 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -24,7 +24,7 @@ in
stockholm-version.pipe = "${pkgs.stockholm}/bin/get-version";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
- ref = "c5bc83b503dfb29eb27c1deb0268f15c1858e7ce"; # nixos-17.09 @ 2018-02-27
+ ref = "48856a91c02b456c80c37c863d8610090b38707a"; # nixos-18.03 # 2018-03-24
};
}
override