diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/3modules/iptables.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/lass/default.nix | 3 | ||||
| -rw-r--r-- | krebs/3modules/nginx.nix | 2 | ||||
| -rw-r--r-- | krebs/5pkgs/builders.nix | 51 | ||||
| -rw-r--r-- | krebs/5pkgs/default.nix | 14 |
5 files changed, 60 insertions, 12 deletions
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 4b99873a1..bb06a9388 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -124,7 +124,7 @@ let buildRule = tn: cn: rule: #target validation test: - assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target; + assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target; #predicate validation test: #maybe use iptables-test diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 03e067f35..65da85ac4 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -311,5 +311,8 @@ with config.krebs.lib; pubkey = builtins.readFile ./ssh/shodan.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp; }; + fritz = { + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540"; + }; }; } diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 6af93a570..fc7fcca6f 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -119,7 +119,7 @@ let to-server = { server-names, listen, locations, extraConfig, ssl, ... }: '' server { - server_name ${toString server-names}; + server_name ${toString (unique server-names)}; ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen} ${optionalString ssl.enable (indent '' listen 443 ssl; diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 19169b186..39b91d144 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -66,7 +66,52 @@ rec { mv "$textPath" $out ''; - writeNixFromCabal = name: path: pkgs.runCommand name {} '' - ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out - ''; + writeHaskellBin = + k: + let + k' = parseDrvName k; + name = k'.name; + version = if k'.version != "" then k'.version else "0"; + in + { build-depends ? ["base"] ++ depends + , depends ? [] + , ghc-options ? ["-Wall" "-O3" "-threaded" "-rtsopts"] + , haskellPackages ? pkgs.haskellPackages + , license ? "WTFPL" + }: + main-text: + let + cabal-file = pkgs.writeText "${name}-${version}.cabal" '' + build-type: Simple + cabal-version: >= 1.2 + name: ${name} + version: ${version} + + executable ${name} + build-depends: ${concatStringsSep "," build-depends} + ghc-options: ${toString ghc-options} + main-is: ${main-file.name} + ''; + main-file = pkgs.writeText "${name}-${version}.hs" main-text; + in + haskellPackages.mkDerivation rec { + inherit license version; + executableHaskellDepends = attrVals build-depends haskellPackages; + isExecutable = true; + isLibrary = false; + pname = name; + src = pkgs.runCommand "${name}-${version}-src" {} '' + install -D ${cabal-file} $out/${cabal-file.name} + install -D ${main-file} $out/${main-file.name} + ''; + }; + + writeNixFromCabal = + trace (toString [ + "The function `writeNixFromCabal` has been deprecated in favour of" + "`writeHaskellBin'." + ]) + (name: path: pkgs.runCommand name {} '' + ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out + ''); } diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index c96e71538..53fc4de44 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -36,13 +36,13 @@ with config.krebs.lib; ReaktorPlugins = callPackage ./Reaktor/plugins.nix {}; - buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> { - inherit (pkgs.pythonPackages) twisted jinja2; - dateutil = pkgs.pythonPackages.dateutil_1_5; - sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override { - doCheck = false; - }); - }; + #buildbot = callPackage <nixpkgs/pkgs/development/tools/build-managers/buildbot> { + # inherit (pkgs.pythonPackages) twisted jinja2; + # dateutil = pkgs.pythonPackages.dateutil_1_5; + # sqlalchemy_migrate_0_7 = pkgs.pythonPackages.sqlalchemy_migrate_func (pkgs.pythonPackages.sqlalchemy7.override { + # doCheck = false; + # }); + #}; # XXX symlinkJoin changed arguments somewhere around nixpkgs d541e0d symlinkJoin = { name, paths, ... }@args: let |