diff options
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/1systems/hotdog/config.nix | 11 | ||||
| -rw-r--r-- | krebs/1systems/puyak/config.nix | 4 | ||||
| -rw-r--r-- | krebs/2configs/buildbot-stockholm.nix | 2 | ||||
| -rw-r--r-- | krebs/2configs/hw/x220.nix | 4 | ||||
| -rw-r--r-- | krebs/2configs/nameserver.nix | 9 | ||||
| -rw-r--r-- | krebs/2configs/repo-sync.nix | 5 | ||||
| -rw-r--r-- | krebs/2configs/shack/worlddomination.nix | 15 | ||||
| -rw-r--r-- | krebs/3modules/ci/default.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/repo-sync.nix | 1 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/collectd-connect-time/default.nix | 6 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/ecrypt/default.nix | 111 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/reaktor2-plugins/default.nix | 2 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/repo-sync/default.nix | 4 | ||||
| -rw-r--r-- | krebs/5pkgs/simple/treq/default.nix | 8 |
14 files changed, 36 insertions, 148 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 91071ec85..655192077 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -5,6 +5,17 @@ ../../../krebs ../../../krebs/2configs ../../../krebs/2configs/nginx.nix + { + # Cherry-pick services.nginx.recommendedTlsSettings to fix: + # nginx: [emerg] "ssl_conf_command" directive is not supported on this platform + services.nginx.recommendedTlsSettings = lib.mkForce false; + services.nginx.appendHttpConfig = '' + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_prefer_server_ciphers off; + ''; + } ../../../krebs/2configs/binary-cache/nixos.nix ../../../krebs/2configs/ircd.nix diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 0c361cc42..8e03e3b52 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -31,7 +31,7 @@ ../../2configs/shack/ssh-keys.nix # drivedroid.shack for shackphone - ../../2configs/shack/drivedroid.nix + #../../2configs/shack/drivedroid.nix (FIXME error: attribute 'drivedroid-gen-repo' missing) # ../../2configs/shack/nix-cacher.nix # Say if muell will be collected @@ -70,7 +70,7 @@ # ../../2configs/shack/share.nix # mobile.lounge.mpd.shack - ../../2configs/shack/mobile.mpd.nix + #../../2configs/shack/mobile.mpd.nix (FIXME Compatibility with CMake < 3.5 has been removed from CMake.) # hass.shack ../../2configs/shack/glados diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 32452e010..c51d3c651 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -19,7 +19,6 @@ with import ../../lib/pure.nix { inherit lib; }; enable = true; repos = { disko.urls = [ - "http://cgit.gum.r/disko" "http://cgit.ni.r/disko" "http://cgit.orange.r/disko" ]; @@ -33,7 +32,6 @@ with import ../../lib/pure.nix { inherit lib; }; "http://cgit.orange.r/nix-writers" ]; stockholm.urls = [ - "http://cgit.gum.r/stockholm" "http://cgit.ni.r/stockholm" "http://cgit.orange.r/stockholm" ]; diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index a797673c9..937a20c29 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -17,8 +17,8 @@ }; hardware.opengl.extraPackages = [ - pkgs.vaapiIntel - pkgs.vaapiVdpau + pkgs.intel-vaapi-driver + pkgs.libva-vdpau-driver ]; services.xserver = { diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix index c394f312d..c61b5c1b1 100644 --- a/krebs/2configs/nameserver.nix +++ b/krebs/2configs/nameserver.nix @@ -70,10 +70,6 @@ in { address: ${config.krebs.hosts.ne.nets.internet.ip4.addr} key: krebs_transfer_notify_key - - id: krebscode_ni - address: ${config.krebs.hosts.ni.nets.internet.ip4.addr} - key: krebs_transfer_notify_key - acl: - id: acme_acl key: acme @@ -124,7 +120,6 @@ in { notify: henet_ns1 notify: hostingde_ns1 notify: krebscode_ne - notify: krebscode_ni acl: transfer_to_henet_secondary acl: transfer_to_hostingde_secondary acl: transfer_to_krebscode_secondary @@ -174,8 +169,8 @@ in { echo server krebsco.de. echo zone krebsco.de. echo origin krebsco.de. - echo add _25._tcp.ni 60 IN TLSA 3 0 1 $certificate_association_data - echo add _443._tcp.ni 60 IN TLSA 3 0 1 $certificate_association_data + echo add _25._tcp.ne 60 IN TLSA 3 0 1 $certificate_association_data + echo add _443._tcp.ne 60 IN TLSA 3 0 1 $certificate_association_data echo show echo send echo answer diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index 126048625..1c7ed4719 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -107,9 +107,10 @@ in { desc = "take all computers hostage, they love it"; section = "configuration"; remotes = { - makefu = "http://cgit.gum.r/stockholm"; - tv = "http://cgit.ni.r/stockholm"; + krebs = "https://github.com/krebs/stockholm"; lassulus = "http://cgit.orange.r/stockholm"; + makefu = "https://cgit.euer.krebsco.de/makefu/stockholm.git"; + tv = "http://cgit.ni.r/stockholm"; }; }) ({ krebs.git = defineRepo { diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index 66a4095db..eba6cc83b 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -3,7 +3,7 @@ with import ../../../lib/pure.nix { inherit lib; }; let pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2020-12-01"; + name = "worlddomination-2025-04-02"; src = pkgs.fetchFromGitHub { owner = "shackspace"; repo = "worlddomination"; @@ -11,9 +11,8 @@ let sha256 = "sha256-AbRqxxY6hYNg4qkk/akuw4f+wJh4nx1hfEA4Lp5B+1E="; }; buildInputs = [ - (pkgs.python310.withPackages (pythonPackages: with pythonPackages; [ + (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ docopt - LinkHeader aiocoap grequests paramiko @@ -31,16 +30,6 @@ let pythonPackages = pkgs.python3Packages; # https://github.com/chrysn/aiocoap - LinkHeader = pythonPackages.buildPythonPackage { - name = "LinkHeader-0.4.3"; - src = pkgs.fetchurl { url = "https://files.pythonhosted.org/packages/27/d4/eb1da743b2dc825e936ef1d9e04356b5701e3a9ea022c7aaffdf4f6b0594/LinkHeader-0.4.3.tar.gz"; sha256 = "7fbbc35c0ba3fbbc530571db7e1c886e7db3d718b29b345848ac9686f21b50c3"; }; - propagatedBuildInputs = [ ]; - meta = with pkgs.lib; { - homepage = ""; - license = licenses.bsdOriginal; - description = "Parse and format link headers according to RFC 5988 \"Web Linking\""; - }; - }; wdpath = "/usr/worlddomination/wd.lst"; esphost = "10.42.24.7"; # esp8266 afrihost = "10.42.25.201"; # africa diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 1f029276a..18fe46a98 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -50,7 +50,7 @@ let "${url}", workdir='${name}-${elemAt(splitString "." url) 1}', branches=True, project='${name}', - pollinterval=30 + pollInterval=30 ) '') repo.urls ) cfg.repos; diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index 7b2be4057..62d99e160 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -17,6 +17,7 @@ let branches = mkOption { type = types.attrsOf (types.submodule ({ config, ... }: { options = { + smart = mkEnableOption "smart sync behavior"; origin = mkOption { type = types.source-types.git; }; diff --git a/krebs/5pkgs/simple/collectd-connect-time/default.nix b/krebs/5pkgs/simple/collectd-connect-time/default.nix index 525388029..abbfae40a 100644 --- a/krebs/5pkgs/simple/collectd-connect-time/default.nix +++ b/krebs/5pkgs/simple/collectd-connect-time/default.nix @@ -1,8 +1,10 @@ -{lib, pkgs, pythonPackages, fetchurl, ... }: +{lib, pkgs, python3Packages, fetchurl, ... }: -pythonPackages.buildPythonPackage rec { +python3Packages.buildPythonPackage rec { name = "collectd-connect-time-${version}"; version = "0.3.0"; + pyproject = true; + build-system = [ python3Packages.setuptools ]; src = fetchurl { url = "https://pypi.python.org/packages/source/c/collectd-connect-time/collectd-connect-time-${version}.tar.gz"; sha256 = "0vvrf9py9bwc8hk3scxwg4x2j8jlp2qva0mv4q8d9m4b4mk99c95"; diff --git a/krebs/5pkgs/simple/ecrypt/default.nix b/krebs/5pkgs/simple/ecrypt/default.nix deleted file mode 100644 index f83f8cfe7..000000000 --- a/krebs/5pkgs/simple/ecrypt/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ pkgs, lib }: - -#usage: ecrypt mount /var/crypted /var/unencrypted -pkgs.writers.writeDashBin "ecrypt" '' - set -euf - - PATH=${lib.makeBinPath (with pkgs; [ - coreutils - ecryptfs - gnused - gnugrep - jq - mount - keyutils - umount - ])} - - # turn echo back on if killed - trap 'stty echo' INT - - case "$1" in - init) - shift - mkdir -p "$1" "$2" - - # abort if src or dest are not empty - if [ -e "$1"/.cfg.json ]; then - echo 'source dir is already configured, aborting' - exit 1 - elif ls -1qA "$2" | grep -q .; then - echo 'destination dir is not empty, aborting' - exit 1 - else - # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails - echo 4 | ecryptfs-manager - stty -echo - printf "passphrase: " - read passphrase - stty echo - sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') - mount -t ecryptfs \ - -o ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ - "$1" "$2" - - # add sig to json state file - jq -n --arg sig "$sig" '{ "sig": $sig }' > "$1"/.cfg.json - fi - ;; - - mount) - shift - if ! [ -e "$1"/.cfg.json ]; then - echo '.cfg.json missing in src' - exit 1 - fi - old_sig=$(cat "$1"/.cfg.json | jq -r .sig) - - # check if key is already in keyring, otherwise add it - - if keyctl list @u | grep -q "$old_sig"; then - echo 'pw already saved' - else - # we start and exit ecryptfs-manager again to circumvent a bug where mounting the ecryptfs fails - echo 4 | ecryptfs-manager - stty -echo - printf "passphrase: " - read passphrase - stty echo - new_sig=$(echo "$passphrase" | ecryptfs-add-passphrase | grep 'Inserted auth tok' | sed 's/.*\[\(.*\)\].*/\1/') - - # check if passphrase matches sig - if [ "$old_sig" != "$new_sig" ]; then - echo 'passphrase does not match sig, bailing out' - new_keyid=$(keyctl list @u | grep "$new_sig" | sed 's/\([0-9]*\).*/\1/') - keyctl revoke "$new_keyid" - keyctl unlink "$new_keyid" - exit 1 - fi - fi - - sig=$old_sig - keyid=$(keyctl list @u | grep "$sig" | sed 's/\([0-9]*\).*/\1/') - if (ls -1qA "$2" | grep -q .); then - echo 'destination is not empty, bailing out' - exit 1 - else - mount -i -t ecryptfs \ - -o ecryptfs_passthrough=no,verbose=no,ecryptfs_unlink_sigs,ecryptfs_fnek_sig="$sig",ecryptfs_key_bytes=16,ecryptfs_cipher=aes,ecryptfs_sig="$sig" \ - "$1" "$2" - fi - ;; - - unmount) - shift - - sig=$(cat "$1"/.cfg.json | jq -r .sig) - keyid=$(keyctl list @u | grep "$sig" | sed 's/\s*\([0-9]*\).*/\1/') - - umount "$2" || : - keyctl revoke "$keyid" - keyctl unlink "$keyid" - ;; - - *) - echo 'usage: - ecrypt init /tmp/src/ /tmp/dst/ - ecrypt mount /tmp/src/ /tmp/dst/ - ecrypt unmount /tmp/src/ /tmp/dst/ - ' - esac -'' diff --git a/krebs/5pkgs/simple/reaktor2-plugins/default.nix b/krebs/5pkgs/simple/reaktor2-plugins/default.nix index 3f2f6eac2..73c46755f 100644 --- a/krebs/5pkgs/simple/reaktor2-plugins/default.nix +++ b/krebs/5pkgs/simple/reaktor2-plugins/default.nix @@ -38,7 +38,7 @@ with stockholm.lib; filename = ./scripts/random-issue.sh; env = { PATH = makeBinPath (with pkgs; [ coreutils git gnused haskellPackages.lentil ]); - origin = "http://cgit.gum/stockholm"; + origin = "https://cgit.krebsco.de/stockholm"; state_dir = "/tmp/stockholm-issue"; }; }; diff --git a/krebs/5pkgs/simple/repo-sync/default.nix b/krebs/5pkgs/simple/repo-sync/default.nix index 801e3b1ba..1c88c2e91 100644 --- a/krebs/5pkgs/simple/repo-sync/default.nix +++ b/krebs/5pkgs/simple/repo-sync/default.nix @@ -2,7 +2,7 @@ with python3Packages; buildPythonPackage rec { name = "repo-sync-${version}"; - version = "0.2.7"; + version = "1.0.0"; pyproject = true; build-system = [ python3Packages.setuptools ]; propagatedBuildInputs = [ @@ -14,7 +14,7 @@ with python3Packages; buildPythonPackage rec { owner = "krebs"; repo = "repo-sync"; rev = version; - sha256 = "1qjf1jmxf7xzwskybdys4vqncnwj9f3xwk1gv354zrla68s533cw"; + hash = "sha256-dkhPUaCL+tZn5rF7NN8A6NK/0tz669dLLYRGtRxO+fM="; }; meta = { homepage = http://github.com/makefu/repo-sync; diff --git a/krebs/5pkgs/simple/treq/default.nix b/krebs/5pkgs/simple/treq/default.nix index 7cb826a51..8689479b3 100644 --- a/krebs/5pkgs/simple/treq/default.nix +++ b/krebs/5pkgs/simple/treq/default.nix @@ -1,14 +1,16 @@ -{ stdenv, fetchurl, pythonPackages }: +{ stdenv, fetchurl, python3Packages }: -pythonPackages.buildPythonPackage rec { +python3Packages.buildPythonPackage rec { name = "${pname}-${version}"; pname = "treq"; version = "15.1.0"; + pyproject = true; + build-system = [ python3Packages.setuptools ]; src = fetchurl { url = "mirror://pypi/t/${pname}/${name}.tar.gz"; sha256= "425a47d5d52a993d51211028fb6ade252e5fbea094e878bb4b644096a7322de8"; }; - propagatedBuildInputs = with pythonPackages; [ + propagatedBuildInputs = with python3Packages; [ twisted pyopenssl requests |