summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/ergo.nix13
-rw-r--r--krebs/2configs/hw/x220.nix2
-rw-r--r--krebs/2configs/reaktor2.nix1
-rw-r--r--krebs/3modules/bepasty-server.nix1
-rw-r--r--krebs/3modules/brockman.nix2
-rw-r--r--krebs/3modules/buildbot/master.nix1
-rw-r--r--krebs/3modules/buildbot/slave.nix1
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/ergo.nix136
-rw-r--r--krebs/3modules/external/default.nix26
-rw-r--r--krebs/3modules/fetchWallpaper.nix1
-rw-r--r--krebs/3modules/github-hosts-sync.nix1
-rw-r--r--krebs/3modules/jeschli/default.nix1
-rw-r--r--krebs/3modules/realwallpaper.nix1
-rw-r--r--krebs/3modules/tinc_graphs.nix1
-rw-r--r--krebs/5pkgs/simple/buildbot-classic/default.nix13
-rw-r--r--krebs/5pkgs/simple/realwallpaper/default.nix3
-rw-r--r--krebs/5pkgs/simple/solanum/default.nix62
-rw-r--r--krebs/5pkgs/simple/solanum/dont-create-logdir.patch14
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rwxr-xr-xkrebs/update-nixpkgs.sh2
22 files changed, 202 insertions, 97 deletions
diff --git a/krebs/2configs/ergo.nix b/krebs/2configs/ergo.nix
new file mode 100644
index 000000000..db0bc5748
--- /dev/null
+++ b/krebs/2configs/ergo.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+ networking.firewall.allowedTCPPorts = [
+ 6667
+ ];
+
+ krebs.ergo = {
+ enable = true;
+ };
+}
+
+
diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix
index 3780e0d7d..bb273652d 100644
--- a/krebs/2configs/hw/x220.nix
+++ b/krebs/2configs/hw/x220.nix
@@ -22,8 +22,6 @@ with import <stockholm/lib>;
pkgs.vaapiVdpau
];
- security.rngd.enable = mkDefault true;
-
services.xserver = {
videoDriver = "intel";
};
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 2823aabef..14e0a3d7a 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -119,6 +119,7 @@ in {
users.users.reaktor2 = {
uid = genid_uint31 "reaktor2";
home = stateDir;
+ isSystemUser = true;
};
krebs.reaktor2 = {
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index ffa9a29e9..051646b63 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -146,6 +146,7 @@ let
uid = genid_uint31 "bepasty";
group = "bepasty";
home = "/var/lib/bepasty-server";
+ isSystemUser = true;
};
users.extraGroups.bepasty = {
gid = genid_uint31 "bepasty";
diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix
index 9b2ed4a71..7a78880ea 100644
--- a/krebs/3modules/brockman.nix
+++ b/krebs/3modules/brockman.nix
@@ -12,7 +12,7 @@ in {
users.extraUsers.brockman = {
home = "/var/lib/brockman";
createHome = true;
- isNormalUser = false;
+ isSystemUser = true;
uid = genid_uint31 "brockman";
};
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 8995753ac..a845bb281 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -322,6 +322,7 @@ let
description = "Buildbot Master";
home = cfg.workDir;
createHome = false;
+ isSystemUser = true;
};
users.extraGroups.buildbotMaster = {
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index c15169fba..d877b9911 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -131,6 +131,7 @@ let
description = "Buildbot Slave";
home = cfg.workDir;
createHome = false;
+ isSystemUser = true;
};
users.extraGroups.buildbotSlave = {
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index e75afad1d..8866e91ae 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -20,6 +20,7 @@ let
./ci.nix
./current.nix
./dns.nix
+ ./ergo.nix
./exim.nix
./exim-retiolum.nix
./exim-smarthost.nix
diff --git a/krebs/3modules/ergo.nix b/krebs/3modules/ergo.nix
new file mode 100644
index 000000000..14f85c4d7
--- /dev/null
+++ b/krebs/3modules/ergo.nix
@@ -0,0 +1,136 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkEnableOption mkIf mkOption types;
+ inherit (pkgs) coreutils ergo;
+ cfg = config.krebs.ergo;
+
+ configFile = pkgs.writeText "ergo.conf" (builtins.toJSON cfg.config);
+in
+
+{
+
+ ###### interface
+
+ options = {
+
+ krebs.ergo = {
+
+ enable = mkEnableOption "Ergo IRC daemon";
+
+ config = mkOption {
+ type = (pkgs.formats.json {}).type;
+ description = ''
+ Ergo IRC daemon configuration file.
+ '';
+ default = {
+ network = {
+ name = "krebstest";
+ };
+ server = {
+ name = "${config.networking.hostName}.r";
+ listeners = {
+ ":6667" = {};
+ };
+ casemapping = "permissive";
+ enforce-utf = true;
+ lookup-hostnames = false;
+ ip-cloaking = {
+ enabled = false;
+ };
+ forward-confirm-hostnames = false;
+ check-ident = false;
+ relaymsg = {
+ enabled = false;
+ };
+ max-sendq = "1M";
+ ip-limits = {
+ count = false;
+ throttle = false;
+ };
+ };
+ datastore = {
+ path = "${cfg.statedir}/ircd.db";
+ };
+ accounts = {
+ authentication-enabled = true;
+ registration = {
+ enabled = true;
+ email-verification = {
+ enabled = false;
+ };
+ };
+ };
+ channels = {
+ default-modes = "+nt";
+ };
+ limits = {
+ nicklen = 32;
+ identlen = 20;
+ channellen = 64;
+ awaylen = 390;
+ kicklen = 390;
+ topiclen = 390;
+ };
+ };
+ };
+
+ statedir = mkOption {
+ type = types.path;
+ default = "/var/lib/ergo";
+ description = ''
+ Location of the state directory of ergo.
+ '';
+ };
+
+ user = mkOption {
+ type = types.str;
+ default = "ergo";
+ description = ''
+ Ergo IRC daemon user.
+ '';
+ };
+
+ group = mkOption {
+ type = types.str;
+ default = "ergo";
+ description = ''
+ Ergo IRC daemon group.
+ '';
+ };
+
+ };
+
+ };
+
+
+ ###### implementation
+
+ config = mkIf cfg.enable ({
+ users.users.${cfg.user} = {
+ description = "Ergo IRC daemon user";
+ uid = config.ids.uids.ircd;
+ group = cfg.group;
+ };
+
+ users.groups.${cfg.group} = {
+ gid = config.ids.gids.ircd;
+ };
+
+ systemd.tmpfiles.rules = [
+ "d ${cfg.statedir} - ${cfg.user} ${cfg.group} - -"
+ ];
+
+ systemd.services.ergo = {
+ description = "Ergo IRC daemon";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStartPre = "${ergo}/bin/ergo initdb --conf ${configFile}";
+ ExecStart = "${ergo}/bin/ergo run --conf ${configFile}";
+ Group = cfg.group;
+ User = cfg.user;
+ };
+ };
+
+ });
+}
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index 123bbac47..31cd9e2c3 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -589,6 +589,32 @@ in {
};
};
};
+ nxnv = {
+ owner = config.krebs.users.rtjure;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.122.127";
+ aliases = [
+ "nxnv.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAxEs92W/wRl3wlB6fNS2KUS+ubFAPLkgQYhk4JXeEeTpUq1H27oxB
+ ZWgWOlLMqnvn3w+aHQviWWPl5F6jXCxDOWCwyLhZU4cs45+ub9KKezCeE8IN+gAt
+ NKDqmRFzao9EXoT7sR65BblqEUR/Aqpykv7n4JdL5pGDbw1GGJ6Xf5QZo2sYm4wp
+ wdqOROn/V2Sm8NgmD1K6Sa2i6BLHSvHqunI4qoTyMfGXl8sbw6I2iclpQy8td9bt
+ 1WA7F9kVTZdhaWgfpiZ8sKQ9LoFKoy6jnoppQcl/E8V2XNnjPy8obaLX9rTJ/deT
+ eW9qmfZeYiFSaDLLWEIZjhaU2l9z72oWyUW8w8GZQD+ypGi+UDMkbAhRHiaVGOZy
+ S7AodiEL2Ebzj6XJaNYC3LYm5R8U6XlvcHwn4FDtgKkqwXz08cZsPwQLoBjXUEi/
+ 9/A5WEwrmp62TJ/ZRcRwV8/dBklrc/4FT0q0CiMuCWcbjF891d68TvcXlVU3gCwN
+ ld80CS17o2dOsBBW4nft7+9tL545p7mMjw6Oa4kRUTo2n1mYkMdTGZR+tOCD6hvW
+ 45IG7vGq5EnRwolekGoMRf8RthajU2RXcIoNWnVon0so0Rja+AU9G7dobd/2qila
+ jta1Mou2vzUSAbdwXtBwJHlV9882p1utMlU9XVEZwQXfWSt488tQqzsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
ada = {
owner = config.krebs.users.filly;
nets = {
diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix
index e89b86e32..852c8f630 100644
--- a/krebs/3modules/fetchWallpaper.nix
+++ b/krebs/3modules/fetchWallpaper.nix
@@ -57,6 +57,7 @@ let
description = "fetchWallpaper user";
home = cfg.stateDir;
createHome = true;
+ isSystemUser = true;
};
systemd.timers.fetchWallpaper = {
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 7d618ebfd..d385ec355 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -65,6 +65,7 @@ let
users.users.${user.name} = {
inherit (user) uid;
home = cfg.dataDir;
+ isSystemUser = true;
};
};
diff --git a/krebs/3modules/jeschli/default.nix b/krebs/3modules/jeschli/default.nix
index 390f7585f..41743612a 100644
--- a/krebs/3modules/jeschli/default.nix
+++ b/krebs/3modules/jeschli/default.nix
@@ -49,6 +49,7 @@ in {
};
};
enklave = {
+ ci = false;
nets = rec {
internet = {
ip4.addr = "88.198.164.182";
diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix
index 86b74a8ca..76f333963 100644
--- a/krebs/3modules/realwallpaper.nix
+++ b/krebs/3modules/realwallpaper.nix
@@ -60,6 +60,7 @@ let
uid = genid "realwallpaper";
home = cfg.workingDir;
createHome = true;
+ isSystemUser = true;
};
};
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 33a24871f..19cce8aa4 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -127,6 +127,7 @@ let
users.extraUsers.tinc_graphs = {
uid = genid_uint31 "tinc_graphs";
home = "/var/spool/tinc_graphs";
+ isSystemUser = true;
};
services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true;
diff --git a/krebs/5pkgs/simple/buildbot-classic/default.nix b/krebs/5pkgs/simple/buildbot-classic/default.nix
index c127d2987..49d6ff322 100644
--- a/krebs/5pkgs/simple/buildbot-classic/default.nix
+++ b/krebs/5pkgs/simple/buildbot-classic/default.nix
@@ -1,6 +1,6 @@
-{ pkgs, fetchFromGitHub, python2Packages, git, ... }:
+{ pkgs, fetchFromGitHub, python3Packages, git, ... }:
-python2Packages.buildPythonApplication rec {
+python3Packages.buildPythonApplication rec {
name = "buildbot-classic-${version}";
version = "0.8.18";
namePrefix = "";
@@ -15,11 +15,10 @@ python2Packages.buildPythonApplication rec {
postUnpack = "sourceRoot=\${sourceRoot}/master";
propagatedBuildInputs = [
- python2Packages.jinja2
- python2Packages.twisted
- python2Packages.dateutil
- python2Packages.sqlalchemy_migrate
- python2Packages.pysqlite
+ python3Packages.jinja2
+ python3Packages.twisted
+ python3Packages.dateutil
+ python3Packages.sqlalchemy_migrate
pkgs.coreutils
];
doCheck = false;
diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix
index 8728c0ae7..2fbc7ff86 100644
--- a/krebs/5pkgs/simple/realwallpaper/default.nix
+++ b/krebs/5pkgs/simple/realwallpaper/default.nix
@@ -9,8 +9,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
gnused
file
findutils
- grib2json
- imagemagick
+ imagemagick6
inkscape
jq
nomads-cloud
diff --git a/krebs/5pkgs/simple/solanum/default.nix b/krebs/5pkgs/simple/solanum/default.nix
deleted file mode 100644
index 3fa765c94..000000000
--- a/krebs/5pkgs/simple/solanum/default.nix
+++ /dev/null
@@ -1,62 +0,0 @@
-{ lib, stdenv
-, fetchFromGitHub
-, autoreconfHook
-, pkg-config
-, bison
-, flex
-, openssl
-, sqlite
-, lksctp-tools
-}:
-
-stdenv.mkDerivation rec {
- pname = "solanum";
- version = "unstable-2021-04-27";
-
- src = fetchFromGitHub {
- owner = "solanum-ircd";
- repo = pname;
- rev = "3ff5a12e75662e9a642f2a4364797bd361eb0925";
- sha256 = "14ywmfdv8cncbyg08y2qdis00kwg8lvhkcgj185is67smh0qf88f";
- };
-
- patches = [
- ./dont-create-logdir.patch
- ];
-
- configureFlags = [
- "--enable-epoll"
- "--enable-ipv6"
- "--enable-openssl=${openssl.dev}"
- "--with-program-prefix=solanum-"
- "--localstatedir=/var/lib"
- "--with-rundir=/run"
- "--with-logdir=/var/log"
- ] ++ lib.optionals (stdenv.isLinux) [
- "--enable-sctp=${lksctp-tools.out}/lib"
- ];
-
- nativeBuildInputs = [
- autoreconfHook
- bison
- flex
- pkg-config
- ];
-
- buildInputs = [
- openssl
- sqlite
- ];
-
- doCheck = !stdenv.isDarwin;
-
- enableParallelBuilding = true;
-
- meta = with lib; {
- description = "An IRCd for unified networks";
- homepage = "https://github.com/solanum-ircd/solanum";
- license = licenses.gpl2Only;
- maintainers = with maintainers; [ hexa ];
- platforms = platforms.unix;
- };
-}
diff --git a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch b/krebs/5pkgs/simple/solanum/dont-create-logdir.patch
deleted file mode 100644
index e348dd7b8..000000000
--- a/krebs/5pkgs/simple/solanum/dont-create-logdir.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/Makefile.am b/Makefile.am
-index 19e7b396..21093521 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -35,9 +35,6 @@ include/serno.h:
- echo '#define DATECODE 0UL' >>include/serno.h; \
- fi
-
--install-data-hook:
-- test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir}
--
- install-exec-hook:
- rm -f ${DESTDIR}${libdir}/*.la
- rm -f ${DESTDIR}${moduledir}/*.la
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index fe46ec022..aaf66e428 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "7a1fbc38a4b538450ac0d42aec8a3e513b4d723e",
- "date": "2021-05-16T12:16:31+02:00",
- "path": "/nix/store/iq2sy65gmwad2prm8lcdh6k5f7ywxci5-nixpkgs",
- "sha256": "0jg8dilsw0gr4jfshkk3wd50gddd11hvd836fxkw43m6m47885p7",
+ "rev": "fbfb79400a08bf754e32b4d4fc3f7d8f8055cf94",
+ "date": "2021-06-06T04:54:09-03:00",
+ "path": "/nix/store/51dsmanfc179xy70kn2rl0qvg45cn6qr-nixpkgs",
+ "sha256": "0pgyx1l1gj33g5i9kwjar7dc3sal2g14mhfljcajj8bqzzrbc3za",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 06b865cc8..5b1cbe781 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "33824cdf8e4fec30c5b9ddc91b18991c3c375227",
- "date": "2021-05-18T19:08:44-04:00",
- "path": "/nix/store/s3f1q2a5hn60jdnz8h66z7yahrmzifin-nixpkgs",
- "sha256": "1sad0x998k3iid2vp57kv4skvf90yh4gbs61dv3p45c2qi3sql46",
+ "rev": "5de44c15758465f8ddf84d541ba300b48e56eda4",
+ "date": "2021-06-05T20:40:48+01:00",
+ "path": "/nix/store/p5mhp3syp0aqkcrwmf8zi3ik7mgxrlgx-nixpkgs",
+ "sha256": "05darjv3zc5lfqx9ck7by6p90xgbgs1ni6193pw5zvi7xp2qlg4x",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh
index 9a0ea7ed4..368a3ecb3 100755
--- a/krebs/update-nixpkgs.sh
+++ b/krebs/update-nixpkgs.sh
@@ -3,7 +3,7 @@ dir=$(dirname $0)
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
--url https://github.com/NixOS/nixpkgs \
- --rev refs/heads/nixos-20.09' \
+ --rev refs/heads/nixos-21.05' \
> $dir/nixpkgs.json
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"