diff options
Diffstat (limited to 'krebs')
45 files changed, 170 insertions, 759 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 91071ec85..655192077 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -5,6 +5,17 @@ ../../../krebs ../../../krebs/2configs ../../../krebs/2configs/nginx.nix + { + # Cherry-pick services.nginx.recommendedTlsSettings to fix: + # nginx: [emerg] "ssl_conf_command" directive is not supported on this platform + services.nginx.recommendedTlsSettings = lib.mkForce false; + services.nginx.appendHttpConfig = '' + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_prefer_server_ciphers off; + ''; + } ../../../krebs/2configs/binary-cache/nixos.nix ../../../krebs/2configs/ircd.nix diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index 8bb14d517..5deeb9923 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -8,6 +8,18 @@ <stockholm/krebs/2configs/nameserver.nix> ]; + #networking.defaultGateway6 = { + # address = "fe80::1"; + # interface = "ens3"; + #}; + #networking.interfaces.ens3.ipv6.addresses = [ + # { + # # old: address = "2a03:4000:13:4c::1"; + # address = "2a03:4000:1a:cf::1"; #/64" + # prefixLength = 64; + # } + #]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.logRefusedConnections = false; networking.firewall.logRefusedUnicastsOnly = false; diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 0c361cc42..60479fd90 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -27,11 +27,11 @@ ### shackspace ### # handle the worlddomination map via coap - ../../2configs/shack/worlddomination.nix + #../../2configs/shack/worlddomination.nix (FIXME error: python3.13-LinkHeader-0.4.3 does not configure a `format`. To build with setuptools as before, set `pyproject = true` and `build-system = [ setuptools ]`.) ../../2configs/shack/ssh-keys.nix # drivedroid.shack for shackphone - ../../2configs/shack/drivedroid.nix + #../../2configs/shack/drivedroid.nix (FIXME error: attribute 'drivedroid-gen-repo' missing) # ../../2configs/shack/nix-cacher.nix # Say if muell will be collected @@ -70,7 +70,7 @@ # ../../2configs/shack/share.nix # mobile.lounge.mpd.shack - ../../2configs/shack/mobile.mpd.nix + #../../2configs/shack/mobile.mpd.nix (FIXME Compatibility with CMake < 3.5 has been removed from CMake.) # hass.shack ../../2configs/shack/glados diff --git a/krebs/2configs/buildbot-stockholm.nix b/krebs/2configs/buildbot-stockholm.nix index 32452e010..c51d3c651 100644 --- a/krebs/2configs/buildbot-stockholm.nix +++ b/krebs/2configs/buildbot-stockholm.nix @@ -19,7 +19,6 @@ with import ../../lib/pure.nix { inherit lib; }; enable = true; repos = { disko.urls = [ - "http://cgit.gum.r/disko" "http://cgit.ni.r/disko" "http://cgit.orange.r/disko" ]; @@ -33,7 +32,6 @@ with import ../../lib/pure.nix { inherit lib; }; "http://cgit.orange.r/nix-writers" ]; stockholm.urls = [ - "http://cgit.gum.r/stockholm" "http://cgit.ni.r/stockholm" "http://cgit.orange.r/stockholm" ]; diff --git a/krebs/2configs/hw/x220.nix b/krebs/2configs/hw/x220.nix index a797673c9..937a20c29 100644 --- a/krebs/2configs/hw/x220.nix +++ b/krebs/2configs/hw/x220.nix @@ -17,8 +17,8 @@ }; hardware.opengl.extraPackages = [ - pkgs.vaapiIntel - pkgs.vaapiVdpau + pkgs.intel-vaapi-driver + pkgs.libva-vdpau-driver ]; services.xserver = { diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix index fb22dc6f9..c394f312d 100644 --- a/krebs/2configs/nameserver.nix +++ b/krebs/2configs/nameserver.nix @@ -146,10 +146,14 @@ in { ''; }; + #krebs.systemd.services.knot.restartIfCredentialsChange = true; systemd.services."knsupdate-krebsco.de" = { serviceConfig = { Type = "oneshot"; SyslogIdentifier = "knsupdate-krebsco.de"; + #LoadCredential = [ + # "keys.conf:/var/src/secrets/knot-keys.conf" + #]; ExecStart = pkgs.writeDash "knsupdate-krebsco.de" /* sh */ '' set -efu diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index e7d348d50..600f7cd6d 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -235,20 +235,20 @@ let env.TASKDATA = "${stateDir}/${name}"; commands = rec { add.filename = pkgs.writers.writeDash "${name}-task-add" '' - ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} add "$1" + ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} add "$1" ''; list.filename = pkgs.writers.writeDash "${name}-task-list" '' - ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export \ + ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} export \ | ${pkgs.jq}/bin/jq -r ' .[] | select(.id != 0) | "\(.id) \(.description)" ' ''; delete.filename = pkgs.writers.writeDash "${name}-task-delete" '' - ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} delete "$1" + ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} delete "$1" ''; del = delete; done.filename = pkgs.writers.writeDash "${name}-task-done" '' - ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} done "$1" + ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} done "$1" ''; }; }; @@ -456,7 +456,7 @@ in { printf 'HTTP/1.1 200 OK\r\n' printf 'Connection: close\r\n' printf '\r\n' - TASKDATA=/var/lib/reaktor2/agenda ${pkgs.taskwarrior}/bin/task rc:${taskRcFile} export + TASKDATA=/var/lib/reaktor2/agenda ${pkgs.taskwarrior2}/bin/task rc:${taskRcFile} export exit ;; esac diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix index a488fdfea..1c7ed4719 100644 --- a/krebs/2configs/repo-sync.nix +++ b/krebs/2configs/repo-sync.nix @@ -98,7 +98,7 @@ in { krebs.secret.files.konsens = { path = "/var/lib/konsens/.ssh/id_ed25519"; owner = konsens-user; - source-path = "${config.krebs.secret.directory}/konsens.id_ed25519>"; + source-path = "${config.krebs.secret.directory}/konsens.id_ed25519"; }; imports = [ @@ -107,9 +107,10 @@ in { desc = "take all computers hostage, they love it"; section = "configuration"; remotes = { - makefu = "http://cgit.gum.r/stockholm"; - tv = "http://cgit.ni.r/stockholm"; + krebs = "https://github.com/krebs/stockholm"; lassulus = "http://cgit.orange.r/stockholm"; + makefu = "https://cgit.euer.krebsco.de/makefu/stockholm.git"; + tv = "http://cgit.ni.r/stockholm"; }; }) ({ krebs.git = defineRepo { diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 1f029276a..18fe46a98 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -50,7 +50,7 @@ let "${url}", workdir='${name}-${elemAt(splitString "." url) 1}', branches=True, project='${name}', - pollinterval=30 + pollInterval=30 ) '') repo.urls ) cfg.repos; diff --git a/krebs/3modules/github/known-hosts.nix b/krebs/3modules/github/known-hosts.nix index 3725ff2b8..6f10452e9 100644 --- a/krebs/3modules/github/known-hosts.nix +++ b/krebs/3modules/github/known-hosts.nix @@ -8,4 +8,5 @@ ; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk="; }; + # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl } diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index 51aeefb9f..148b58d14 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -2,7 +2,6 @@ with lib; let check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; domains = attrNames (filterAttrs (_: slib.eq "hosts") config.krebs.dns.providers); - # we need this import because we have infinite recursion otherwise slib = lib.slib or (import ../../lib/pure.nix { inherit lib; }); in { diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 16f1f3c84..1cde42dc3 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -19,6 +19,14 @@ let api = { enable = mkEnableOption "iptables"; + rules4 = mkOption { + default = buildTables "v4" cfg.tables; + }; + + rules6 = mkOption { + default = buildTables "v6" cfg.tables; + }; + #tables.filter.INPUT = { # policy = "DROP"; # rules = [ diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index c0368ee85..f83a29acb 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -28,7 +28,12 @@ in { }; }) (filterAttrs (_: per-user: per-user.packages != []) cfg); - profiles = ["/etc/per-user/$LOGNAME"]; + + # XXX this breaks /etc/pam/environment because $LOGNAME doesn't get + # replaced by @{PAM_USER} the way $USER does. + # See <nixpkgs/nixos/modules/config/system-environment.nix> + #profiles = ["/etc/per-user/$LOGNAME"]; + profiles = ["/etc/per-user/$USER"]; }; }; } diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index d65ce2a31..51f5cb752 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -73,6 +73,12 @@ with lib; { pkgs.findutils pkgs.inotify-tools ]; + # TODO + # der code könnte aber bisschen vorbereitet werden, damit man später einfach file-modes einbauen kann + # die drei finds müssten zu `find "$ROOT_PATH" -exec ${permown}` {} \;` werden + # und der while-block zu: + # ${permown} "$path" (egal ob vor oder nach dem if test -d) + # und dann müsste man danach nur das permown script bearbeiten serviceConfig = { ExecStart = pkgs.writeDash "permown" '' set -efu diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index b977df99a..d552178f9 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -69,6 +69,12 @@ with lib.slib or (import ../../lib/pure.nix { inherit lib; }); { Group = "reaktor2"; DynamicUser = true; StateDirectory = cfg.username; + #ExecStartPre = [ + # (pkgs.writeDash "test-dynamic-user" '' + # set -efux + # ${pkgs.coreutils}/bin/id + # '') + #]; ExecStart = let configFile = pkgs.writers.writeJSON configFileName configValue; configFileName = "${cfg.systemd-service-name}.config.json"; diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 13c4ecaec..ad9ceccbe 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -15,7 +15,7 @@ in { secret-file else secret-file // { - source-path = "${config.krebs.secret.directory}/secret-file.source-path"; + source-path = "${config.krebs.secret.directory}/${secret-file.source-path}"; } ); }; diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index ce41548ae..d13fcccaa 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -33,7 +33,7 @@ let }; capabilities = mkOption { default = []; - type = types.listOf types.str; + type = types.listOf types.str; # TODO }; owner = mkOption { default = "root"; @@ -52,6 +52,8 @@ let merge = mergeOneOption; }; }; + # TODO clear non-standard wrapperDirs + # TODO? allow only wrapperDirs below /run/wrappers? wrapperDir = mkOption { default = config.security.wrapperDir; type = types.absolute-pathname; @@ -73,13 +75,16 @@ let chown ${cfg.owner}:${cfg.group} ${dst} chmod ${cfg.mode} ${dst} ${optionalString (cfg.capabilities != []) /* sh */ '' + set -x ${pkgs.libcap.out}/bin/setcap ${concatMapStringsSep "," shell.escape cfg.capabilities} ${dst} + set +x ''} ''; })); }; imp = { + # run after "wrappers" so config.security.wrapperDir can be hijacked. systemd.services."krebs.setuid" = { wantedBy = [ "suid-sgid-wrappers.service" ]; after = [ "suid-sgid-wrappers.service" ]; diff --git a/krebs/3modules/ssh.nix b/krebs/3modules/ssh.nix index aba825c29..012b365fb 100644 --- a/krebs/3modules/ssh.nix +++ b/krebs/3modules/ssh.nix @@ -62,24 +62,26 @@ let } ])); - programs.ssh.extraConfig = concatMapStrings - (net: '' - Host ${toString (net.aliases ++ net.addrs)} - Port ${toString net.ssh.port} - '') - (filter - (net: net.ssh.port != 22) - (concatMap (host: attrValues host.nets) - (mapAttrsToList - (_: host: recursiveUpdate host - (optionalAttrs (cfg.dns.search-domain != null && - hasAttr cfg.dns.search-domain host.nets) { - nets."" = host.nets.${cfg.dns.search-domain} // { - aliases = [host.name]; - addrs = []; - }; - })) - config.krebs.hosts))); + programs.ssh.extraConfig = + mkBefore/*<-KILLME*/ + (concatMapStrings + (net: '' + Host ${toString (net.aliases ++ net.addrs)} + Port ${toString net.ssh.port} + '') + (filter + (net: net.ssh.port != 22) + (concatMap (host: attrValues host.nets) + (mapAttrsToList + (_: host: recursiveUpdate host + (optionalAttrs (cfg.dns.search-domain != null && + hasAttr cfg.dns.search-domain host.nets) { + nets."" = host.nets.${cfg.dns.search-domain} // { + aliases = [host.name]; + addrs = []; + }; + })) + config.krebs.hosts)))); } ]; diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix index 872f04db2..cbffeb6f3 100644 --- a/krebs/3modules/sync-containers3.nix +++ b/krebs/3modules/sync-containers3.nix @@ -358,9 +358,7 @@ in { networking.useNetworkd = true; services.resolved = { enable = true; - extraConfig = '' - Domains=~. - ''; + settings.Resolve.Domains = [ "~." ]; }; systemd.network = { enable = true; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 02b3eeb9d..65f4f6a2b 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -1,5 +1,6 @@ -{ config, pkgs, lib, ... }: -with lib.slib or (import ../../lib/pure.nix { inherit lib; }); { +{ config, pkgs, lib, ... }: let + slib = lib.slib or (import ../../lib/pure.nix { inherit lib; }); +in with slib; { options.krebs.tinc = mkOption { default = {}; description = '' @@ -235,13 +236,14 @@ with lib.slib or (import ../../lib/pure.nix { inherit lib; }); { "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ /etc/tinc/${netname}/ ''; - ExecStart = "+" + toString [ - "${cfg.tincPackage}/sbin/tincd" - "-D" - "-U ${cfg.username}" - "-d 0" - "-n ${netname}" - ]; + ExecStart = "+" + pkgs.writers.writeDash "tinc-${netname}" '' + set -efu + exec ${cfg.tincPackage}/sbin/tincd \ + -D \ + -U ${cfg.username} \ + -d 0 \ + -n ${netname} + ''; SyslogIdentifier = netname; DynamicUser = true; User = cfg.username; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 8d3bdfbe0..b2c264a06 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -214,6 +214,7 @@ let }; filter = mkOption { default = null; + # TODO nullOr subtypes.filter type = with types; nullOr (either str (listOf (pkgs.formats.json {}).type)); diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix index 51e559d88..6ac2ebac2 100644 --- a/krebs/3modules/zones.nix +++ b/krebs/3modules/zones.nix @@ -10,7 +10,8 @@ with lib; { default = { "krebsco.de" = /* bindzone */ '' $TTL 60 - @ 3600 IN SOA spam.krebsco.de. spam.krebsco.de. 0 7200 3600 86400 3600 + @ IN SOA spam.krebsco.de. spam.krebsco.de. 0 7200 3600 86400 3600 + @ 3600 IN NS ns1 @ 3600 IN NS ni @ 3600 IN NS ns2.he.net. diff --git a/krebs/5pkgs/haskell/reaktor2/default.nix b/krebs/5pkgs/haskell/reaktor2/default.nix index f40b3cc89..d75de3a51 100644 --- a/krebs/5pkgs/haskell/reaktor2/default.nix +++ b/krebs/5pkgs/haskell/reaktor2/default.nix @@ -1,28 +1,29 @@ { mkDerivation, aeson, async, attoparsec, base, base64, blessings -, bytestring, containers, data-default, fetchgit, filepath -, hashable, lens, lens-aeson, lib, network, network-simple -, network-simple-tls, network-uri, pcre-light, process, random -, servant-server, string-conversions, stringsearch, text, time -, transformers, unagi-chan, unix, unordered-containers, vector, wai -, warp +, bytestring, containers, data-default, directory, fetchgit +, filepath, hashable, http-types, lens, lens-aeson, lib, network +, network-simple, network-simple-tls, network-uri, pcre-light +, process, random, servant-server, string-conversions, stringsearch +, text, time, transformers, unagi-chan, unix, unordered-containers +, vector, wai, warp }: mkDerivation { pname = "reaktor2"; - version = "0.4.4"; + version = "0.4.5"; src = fetchgit { url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "1r0dbhniq81z2akb3lxng92y288d7pffj5byyq9mbry241np7631"; - rev = "f50e8b2186042f40392c823845eb3a184d0278de"; + sha256 = "0arcw06k3hhmcp6kk5lxrzadin3lx6ywxrznicljr92flkgj8isc"; + rev = "6ff1335c7c9775e1cf167b950b6de97359d3b659"; fetchSubmodules = true; }; isLibrary = false; isExecutable = true; executableHaskellDepends = [ aeson async attoparsec base base64 blessings bytestring containers - data-default filepath hashable lens lens-aeson network - network-simple network-simple-tls network-uri pcre-light process - random servant-server string-conversions stringsearch text time - transformers unagi-chan unix unordered-containers vector wai warp + data-default directory filepath hashable http-types lens lens-aeson + network network-simple network-simple-tls network-uri pcre-light + process random servant-server string-conversions stringsearch text + time transformers unagi-chan unix unordered-containers vector wai + warp ]; license = lib.licenses.mit; mainProgram = "reaktor"; diff --git a/krebs/5pkgs/simple/K_belwagen.nix b/krebs/5pkgs/simple/K_belwagen.nix deleted file mode 100644 index 2f64bb09d..000000000 --- a/krebs/5pkgs/simple/K_belwagen.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, pkgs, stdenv }: - -stdenv.mkDerivation { - pname = "K_belwagen"; - version = "1.0"; - - src = pkgs.painload; - sourceRoot = "source/K_belwagen"; - - buildInputs = [ - pkgs.jack1 - pkgs.pkg-config - ]; - - patchPhase = '' - sed -i ' - s@^cd@# &@ - s@^make@# &@ - s@^jackd@# &@ - s@^trap@# &@ - - s@^set.*@&\nPATH=${lib.makeBinPath [ - pkgs.bc - pkgs.coreutils - ]}; export PATH@ - - s@\./a\.out@'"$out"'/lib/a.out@ - ' alarm - ''; - - installPhase = '' - mkdir -p $out/lib - mkdir -p $out/bin - - cp alarm $out/bin - cp a.out $out/lib - ''; -} diff --git a/krebs/5pkgs/simple/TabFS/src.json b/krebs/5pkgs/simple/TabFS/src.json index 24e36aef3..931c9ecb8 100644 --- a/krebs/5pkgs/simple/TabFS/src.json +++ b/krebs/5pkgs/simple/TabFS/src.json @@ -1,8 +1,6 @@ { "url": "https://cgit.krebsco.de/TabFS", "rev": "a6045e0e29b85e3e66c468f3561009ded1db6ec5", - "date": "2021-01-14T23:56:09+01:00", - "path": "/nix/store/mbcywm1yq5vr7awxqb533faz34minfax-TabFS", "sha256": "1z0kj95zh0jl8laa0whra1jys8pws3199sy29vmlv2nxrkz13blv", "fetchSubmodules": false, "deepClone": false, diff --git a/krebs/5pkgs/simple/airdcpp-webclient/default.nix b/krebs/5pkgs/simple/airdcpp-webclient/default.nix index 754fecf9c..f4634b595 100644 --- a/krebs/5pkgs/simple/airdcpp-webclient/default.nix +++ b/krebs/5pkgs/simple/airdcpp-webclient/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation rec { name = "airdcpp-webclient-${version}"; version = "2.3.0"; - + src = fetchurl { url = http://web-builds.airdcpp.net/stable/airdcpp_2.3.0_webui-2.3.0_64-bit_portable.tar.gz; sha256 = "0yvcl0nc70fghc7vfsgvbpryi5q97arld8adql4way4qa0mdnyv1"; diff --git a/krebs/5pkgs/simple/certaids.nix b/krebs/5pkgs/simple/certaids.nix deleted file mode 100644 index 094868680..000000000 --- a/krebs/5pkgs/simple/certaids.nix |